From 4ecd5e17a2e715a742d22b26152fadef4935f325 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Mon, 24 Jul 2023 18:58:34 +0300 Subject: [PATCH] chore(authz): trace non-resultative authz calls to backend modules --- apps/emqx_auth/src/emqx_authz/emqx_authz.erl | 26 +++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/apps/emqx_auth/src/emqx_authz/emqx_authz.erl b/apps/emqx_auth/src/emqx_authz/emqx_authz.erl index 30210ff72..0ec300406 100644 --- a/apps/emqx_auth/src/emqx_authz/emqx_authz.erl +++ b/apps/emqx_auth/src/emqx_authz/emqx_authz.erl @@ -498,7 +498,10 @@ do_authorize(_Client, _PubSub, _Topic, []) -> do_authorize(Client, PubSub, Topic, [#{enable := false} | Rest]) -> do_authorize(Client, PubSub, Topic, Rest); do_authorize( - Client, + #{ + username := Username, + peerhost := IpAddress + } = Client, PubSub, Topic, [Connector = #{type := Type} | Tail] @@ -508,11 +511,32 @@ do_authorize( try Module:authorize(Client, PubSub, Topic, Connector) of nomatch -> emqx_metrics_worker:inc(authz_metrics, Type, nomatch), + ?TRACE("AUTHZ", "authorization_module_nomatch", #{ + module => Module, + username => Username, + ipaddr => IpAddress, + topic => Topic, + pub_sub => PubSub + }), do_authorize(Client, PubSub, Topic, Tail); %% {matched, allow | deny | ignore} {matched, ignore} -> + ?TRACE("AUTHZ", "authorization_module_match_ignore", #{ + module => Module, + username => Username, + ipaddr => IpAddress, + topic => Topic, + pub_sub => PubSub + }), do_authorize(Client, PubSub, Topic, Tail); ignore -> + ?TRACE("AUTHZ", "authorization_module_ignore", #{ + module => Module, + username => Username, + ipaddr => IpAddress, + topic => Topic, + pub_sub => PubSub + }), do_authorize(Client, PubSub, Topic, Tail); %% {matched, allow | deny} Matched ->