chore(config): rename acl to authorize in emqx.conf

Signed-off-by: zhanghongtong <rory-z@outlook.com>

apps/emqx/etc/emqx.conf

@@ -813,7 +813,7 @@ broker {
 ##   - `auth.*`
 ##   - `stats.*`
 ##   - `mqtt.*`
-##   - `acl.*`
+##   - `authorization.*`
 ##   - `flapping_detect.*`
 ##   - `force_shutdown.*`
 ##   - `conn_congestion.*`
@@ -1095,18 +1095,18 @@ zones.default {
 
   }
 
-  acl {
+  authorization {
 
     ## Enable ACL check.
     ##
-    ## @doc zones.<name>.acl.enable
+    ## @doc zones.<name>.authorization.enable
     ## ValueType: Boolean
-    ## Default: false
-    enable: false
+    ## Default: true
+    enable: true
 
-    ## The action when acl check reject current operation
+    ## The action when authorization check reject current operation
     ##
-    ## @doc zones.<name>.acl.deny_action
+    ## @doc zones.<name>.authorization.deny_action
     ## ValueType: ignore | disconnect
     ## Default: ignore
     deny_action: ignore
@@ -1115,14 +1115,14 @@ zones.default {
     ##
     ## If enabled, ACLs roles for each client will be cached in the memory
     ##
-    ## @doc zones.<name>.acl.cache.enable
+    ## @doc zones.<name>.authorization.cache.enable
     ## ValueType: Boolean
     ## Default: true
     cache.enable: true
 
     ## The maximum count of ACL entries can be cached for a client.
     ##
-    ## @doc zones.<name>.acl.cache.max_size
+    ## @doc zones.<name>.authorization.cache.max_size
     ## ValueType: Integer
     ## Range: [0, 1048576]
     ## Default: 32
@@ -1130,7 +1130,7 @@ zones.default {
 
     ## The time after which an ACL cache entry will be deleted
     ##
-    ## @doc zones.<name>.acl.cache.ttl
+    ## @doc zones.<name>.authorization.cache.ttl
     ## ValueType: Duration
     ## Default: 1m
     cache.ttl: 1m
@@ -1857,7 +1857,7 @@ zones.default {
 #This is an example zone which has less "strict" settings.
 #It's useful to clients connecting the broker from trusted networks.
 zones.internal {
-  acl.enable: false
+  authorization.enable: true
   auth.enable: false
   listeners.mqtt_internal: {
     type: tcp

apps/emqx/src/emqx_acl_cache.erl

@@ -52,15 +52,15 @@ drain_k() -> {?MODULE, drain_timestamp}.
 
 -spec(is_enabled(atom()) -> boolean()).
 is_enabled(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, enable]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, enable]).
 
 -spec(get_cache_max_size(atom()) -> integer()).
 get_cache_max_size(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, max_size]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, max_size]).
 
 -spec(get_cache_ttl(atom()) -> integer()).
 get_cache_ttl(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, ttl]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, ttl]).
 
 -spec(list_acl_cache(atom()) -> [acl_cache_entry()]).
 list_acl_cache(Zone) ->

apps/emqx/src/emqx_channel.erl

@@ -435,7 +435,7 @@ handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters),
             HasAclDeny = lists:any(fun({_TopicFilter, ReasonCode}) ->
                     ReasonCode =:= ?RC_NOT_AUTHORIZED
                 end, TupleTopicFilters0),
-            DenyAction = emqx_config:get_zone_conf(Zone, [acl, deny_action]),
+            DenyAction = emqx_config:get_zone_conf(Zone, [authorization, deny_action]),
             case DenyAction =:= disconnect andalso HasAclDeny of
                 true -> handle_out(disconnect, ?RC_NOT_AUTHORIZED, Channel);
                 false ->
@@ -551,7 +551,7 @@ process_publish(Packet = ?PUBLISH_PACKET(QoS, Topic, PacketId),
         {error, Rc = ?RC_NOT_AUTHORIZED, NChannel} ->
             ?LOG(warning, "Cannot publish message to ~s due to ~s.",
                  [Topic, emqx_reason_codes:text(Rc)]),
-            case emqx_config:get_zone_conf(Zone, [acl_deny_action]) of
+            case emqx_config:get_zone_conf(Zone, [authorization, deny_action]) of
                 ignore ->
                     case QoS of
                        ?QOS_0 -> {ok, NChannel};
@@ -1622,7 +1622,7 @@ maybe_shutdown(Reason, Channel = #channel{conninfo = ConnInfo}) ->
 %%--------------------------------------------------------------------
 %% Is ACL enabled?
 is_acl_enabled(#{zone := Zone, is_superuser := IsSuperuser}) ->
-    (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [acl, enable]).
+    (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [authorization, enable]).
 
 %%--------------------------------------------------------------------
 %% Parse Topic Filters

apps/emqx/src/emqx_schema.erl

@@ -257,13 +257,13 @@ fields("auth") ->
     [ {"enable", t(boolean(), undefined, false)}
     ];
 
-fields("acl") ->
-    [ {"enable", t(boolean(), undefined, false)}
-    , {"cache", ref("acl_cache")}
+fields("authorization") ->
+    [ {"enable", t(boolean(), undefined, true)}
+    , {"cache", ref("authorization_cache")}
     , {"deny_action", t(union(ignore, disconnect), undefined, ignore)}
     ];
 
-fields("acl_cache") ->
+fields("authorization_cache") ->
     [ {"enable", t(boolean(), undefined, true)}
     , {"max_size", t(range(1, 1048576), undefined, 32)}
     , {"ttl", t(duration(), undefined, "1m")}
@@ -306,7 +306,7 @@ fields("zones") ->
 
 fields("zone_settings") ->
     [ {"mqtt", ref("mqtt")}
-    , {"acl", ref("acl")}
+    , {"authorization", ref("authorization")}
     , {"auth", ref("auth")}
     , {"stats", ref("stats")}
     , {"flapping_detect", ref("flapping_detect")}

apps/emqx/test/emqx_acl_cache_SUITE.erl

@@ -80,4 +80,4 @@ t_drain_acl_cache(_) ->
     emqtt:stop(Client).
 
 toggle_acl(Bool) when is_boolean(Bool) ->
-    emqx_config:put_zone_conf(default, [acl, enable], Bool).
+    emqx_config:put_zone_conf(default, [authorization, enable], Bool).

apps/emqx/test/emqx_channel_SUITE.erl

@@ -140,7 +140,7 @@ listener_mqtt_ws_conf() ->
 default_zone_conf() ->
     #{zones =>
         #{default =>
-            #{  acl => #{
+            #{  authorization => #{
                     cache => #{enable => true,max_size => 32, ttl => 60000},
                     deny_action => ignore,
                     enable => false
@@ -863,7 +863,7 @@ t_packing_alias(_) ->
                    channel())).
 
 t_check_pub_acl(_) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
     Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
     ok = emqx_channel:check_pub_acl(Publish, channel()).
 
@@ -873,7 +873,7 @@ t_check_pub_alias(_) ->
     ok = emqx_channel:check_pub_alias(#mqtt_packet{variable = Publish}, Channel).
 
 t_check_sub_acls(_) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
     TopicFilter = {<<"t">>, ?DEFAULT_SUBOPTS},
     [{TopicFilter, 0}] = emqx_channel:check_sub_acls([TopicFilter], channel()).
 

apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl

@@ -217,14 +217,12 @@ t_connect_will_message(Config) ->
     ok = emqtt:disconnect(Client4).
 
 t_batch_subscribe(init, Config) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
     Config;
 t_batch_subscribe('end', _Config) ->
-    emqx_config:put_zone_conf(default, [acl, enable], false),
-    emqx_config:put_zone_conf(default, [acl, enable], false),
+    emqx_config:put_zone_conf(default, [authorization, enable], false),
     meck:unload(emqx_access_control).
 
 t_batch_subscribe(Config) ->

apps/emqx_authz/test/emqx_authz_SUITE.erl

@@ -30,8 +30,8 @@ groups() ->
 
 init_per_suite(Config) ->
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     emqx_authz:update(replace, []),
     Config.
 

apps/emqx_authz/test/emqx_authz_http_SUITE.erl

@@ -36,8 +36,8 @@ init_per_suite(Config) ->
     meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     Rules = [#{ <<"config">> => #{
                     <<"url">> => <<"https://fake.com:443/">>,
                     <<"headers">> => #{},

apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl

@@ -38,8 +38,8 @@ init_per_suite(Config) ->
 
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
     ct:pal("---- emqx_hooks: ~p", [ets:tab2list(emqx_hooks)]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     Rules = [#{ <<"config">> => #{
                         <<"mongo_type">> => <<"single">>,
                         <<"server">> => <<"127.0.0.1:27017">>,

apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl

@@ -36,8 +36,8 @@ init_per_suite(Config) ->
     meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     Rules = [#{ <<"config">> => #{
                     <<"server">> => <<"127.0.0.1:27017">>,
                     <<"pool_size">> => 1,

apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl

@@ -36,8 +36,8 @@ init_per_suite(Config) ->
     meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     Rules = [#{ <<"config">> => #{
                     <<"server">> => <<"127.0.0.1:27017">>,
                     <<"pool_size">> => 1,

apps/emqx_authz/test/emqx_authz_redis_SUITE.erl

@@ -36,8 +36,8 @@ init_per_suite(Config) ->
     meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
     ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
     Rules = [#{ <<"config">> => #{
                     <<"server">> => <<"127.0.0.1:27017">>,
                     <<"pool_size">> => 1,

apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl

@@ -456,7 +456,7 @@ parse_topic_filters(TopicFilters) ->
     lists:map(fun emqx_topic:parse/1, TopicFilters).
 
 is_acl_enabled(#{zone := Zone, listener := Listener, is_superuser := IsSuperuser}) ->
-    (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [acl, enable]).
+    (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [authorization, enable]).
 
 %%--------------------------------------------------------------------
 %% Ensure & Hooks