Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep ACL conditions as maps #3501

Merged
merged 13 commits into from
Jan 17, 2022
Merged

Keep ACL conditions as maps #3501

merged 13 commits into from
Jan 17, 2022

Commits on Jan 14, 2022

  1. Update ACL logic, changing the conditions to maps 

    Functional changes:
- More possibilities to combine rules
- Domain check is now explicit with #{match => all}
- Domain can't be 'global' anymore,
  because user's one can be passed instead with the same effect
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    b5f32b3 View commit details
    Browse the repository at this point in the history

  2. Do not convert configured ACL conditions from maps to tuples 

    Maps are now handled in acl.erl
'nodeprep' for all values is kept as it seems to be good enough.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    58379a2 View commit details
    Browse the repository at this point in the history

  3. Use 'acl:match_rule' instead of 'acl:match_rule_for_host_type' 

    The name was updated as the functions were unified.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    0354274 View commit details
    Browse the repository at this point in the history

  4. Pass host type from pubsub to acl:match_rule 

    The  module does not support dynamic domains yet,
but the host type can be safely obtained from the server host.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    cbd264e View commit details
    Browse the repository at this point in the history

  5. Pass host type from c2s and commands to acl:match_rule 

    The host type can be safely obtained here.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    23497b4 View commit details
    Browse the repository at this point in the history

  6. Add a version of 'match_rule' without the check for 'current_domain' 

    This is now used:
- By s2s when the "user" is actually another server.
- By components when the "server" is a component.

In both cases the 'current_domain' check would never succeed,
so the user would always have to add 'match = "all"' to the ACL.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    36f2894 View commit details
    Browse the repository at this point in the history

  7. Update ACL tests with maps and 'match => current_domain'

    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    c4c6429 View commit details
    Browse the repository at this point in the history

  8. Update config parser tests with the new ACL format 

    Expect the default 'match => current_domain' condition as well.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    1b16bc6 View commit details
    Browse the repository at this point in the history

  9. Update small tests with the new ACL format 

    s2s tests need domain to host type resolution now
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    9f503b1 View commit details
    Browse the repository at this point in the history

  10. Update big tests with the new ACL format

    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    c349533 View commit details
    Browse the repository at this point in the history

  11. Remove the empty regexp from the 'local' ACL 

    It is not needed, the pattern is valid without it.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    7abeeef View commit details
    Browse the repository at this point in the history

  12. Document the new ACL options 

    The main change is the default condition 'match = "current_domain"',
which was implicit and hard to control before the changes.
    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    971e1c5 View commit details
    Browse the repository at this point in the history

  13. Update migration guide for acl

    @chrzaszcz
    chrzaszcz committed Jan 14, 2022
    Configuration menu
    Copy the full SHA
    85bb20b View commit details
    Browse the repository at this point in the history