Skip to content

feat(emqx_auth): implement API to re-order all authenticators/authz sources #12509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 14, 2024
Merged

feat(emqx_auth): implement API to re-order all authenticators/authz sources #12509

merged 1 commit into from
Feb 14, 2024

Conversation

SergeTupchiy
Copy link
Contributor

@SergeTupchiy SergeTupchiy commented Feb 13, 2024
edited by zmstone
Loading

Fixes EMQX-11770

Release version: v/e5.6.0

Summary

PR Checklist

Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:

  • Added tests for the changes
  • Added property-based tests for code which performs user input validation
  • Changed lines covered in coverage report
  • Change log has been added to changes/(ce|ee)/(feat|perf|fix|breaking)-<PR-id>.en.md files
  • For internal contributor: there is a jira ticket to track this change
  • Created PR to emqx-docs if documentation update is required, or link to a follow-up jira ticket
  • Schema changes are backward compatible

Checklist for CI (.github/workflows) changes

  • If changed package build workflow, pass this action (manual trigger)
  • Change log has been added to changes/ dir for user-facing artifacts update

@SergeTupchiy SergeTupchiy requested review from JimMoen, savonarola and a team as code owners February 13, 2024 20:12
@SergeTupchiy SergeTupchiy force-pushed the EMQX-11770-auth-batch-reorder branch from bc60f2d to fbed936 Compare February 13, 2024 20:16
@SergeTupchiy
Copy link
Contributor Author

API:

PUT /authentication​/order
[
  {"id": "password_based:built_in_database"},
  {"id": "password_based:postgresql"}
]

PUT /authorization/sources/order
[
  {"type": "file"},
  {"type": "built_in_database"}
]

@SergeTupchiy SergeTupchiy force-pushed the EMQX-11770-auth-batch-reorder branch from fbed936 to 7c4abb6 Compare February 14, 2024 08:50
zmstone
zmstone reviewed Feb 14, 2024
View reviewed changes
apps/emqx_auth/src/emqx_authz/emqx_authz.erl Outdated
Comment on lines 268 to 280
{NewSources, NotFoundTypes, RemOldSources} =
lists:foldr(
fun(Type, {NewSourcesAcc, NotFoundTypesAcc, RemOldSourcesAcc}) ->
case lists:keytake(Type, 1, RemOldSourcesAcc) of
{value, {_Type, Source}, RemOldSourcesAcc1} ->
{[Source | NewSourcesAcc], NotFoundTypesAcc, RemOldSourcesAcc1};
false ->
{NewSourcesAcc, [Type | NotFoundTypesAcc], RemOldSourcesAcc}
end
end,
{[], [], OldSourcesWithTypes},
NewSourcesOrder1
),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: impl a loop function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

apps/emqx_auth/src/emqx_authn/emqx_authn_api.erl Outdated
@@ -1253,6 +1292,19 @@ serialize_error({unknown_authn_type, Type}) ->
code => <<"BAD_REQUEST">>,
message => binfmt("Unknown type '~p'", [Type])
}};
serialize_error(#{not_found := NotFound, not_reordered := NotReordered}) ->
NotFoundFmt = "Authenticators: ~p are not found",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will it produce [<<"redis">>, <<"mysql">>]?
if yes, maybe better to use [~ts] for a lists:join(",", NotFound)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

apps/emqx_auth/test/emqx_authz/emqx_authz_api_sources_SUITE.erl
@@ -582,6 +582,121 @@ t_source_move(_) ->

ok.

t_sources_reorder(_) ->
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: for regression purpose, maybe add a disabled source (the enable/disable state should not affect ordering).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done for both authz and authn.

rel/i18n/emqx_authz_api_sources.hocon Outdated
authorization_sources_order_put.desc:
"""Reorder all authorization sources."""
authorization_sources_order_put.label:
"""Reorder authorization sources"""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Reorder authorization sources"""
"""Reorder Authorization Sources"""

rel/i18n/emqx_authn_api.hocon Outdated
authentication_order_put.desc:
"""Reorder all authenticators in global authentication chain."""
authentication_order_put.label:
"""Reorder authenticators"""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Reorder authenticators"""
"""Reorder Authenticators"""

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

apps/emqx_auth/src/emqx_authn/emqx_authn_config.erl Outdated
do_pre_config_update(_ConfPath, {reorder_authenticators, NewOrder}, OldConfig) ->
OldConfigWithIds = [{authenticator_id(Auth), Auth} || Auth <- OldConfig],
{NewConfig, NotFoundIds, RemOldConfig} =
lists:foldr(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: implement a loop function

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@zmstone
Copy link
Member

zmstone commented Feb 14, 2024

API:

PUT /authentication​/order
[
  {"id": "password_based:built_in_database"},
  {"id": "password_based:postgresql"}
]

PUT /authorization/sources/order
[
  {"type": "file"},
  {"type": "built_in_database"}
]

Is this based on what's returned in the GET APIs ?

@SergeTupchiy
Copy link
Contributor Author

SergeTupchiy commented Feb 14, 2024
edited by zmstone
Loading

It's not possible to send the exact object returned from GET to PUT ../order, since the latter expects only one field (id for authn, type for authz).

Should it be changed?

I was asking if the id and type keys where according to the GET responses.
Seems to be the case. Thanks.

@SergeTupchiy SergeTupchiy force-pushed the EMQX-11770-auth-batch-reorder branch from 7c4abb6 to 7272ef2 Compare February 14, 2024 12:35
@SergeTupchiy SergeTupchiy merged commit fa35924 into emqx:master Feb 14, 2024
@BrewTestBot BrewTestBot mentioned this pull request Mar 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmstone zmstone zmstone approved these changes

@JimMoen JimMoen Awaiting requested review from JimMoen JimMoen is a code owner

@savonarola savonarola Awaiting requested review from savonarola

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SergeTupchiy @zmstone