diff --git a/lib-ce/emqx_modules/src/emqx_mod_acl_internal.erl b/lib-ce/emqx_modules/src/emqx_mod_acl_internal.erl index 8956229ea..0f999848e 100644 --- a/lib-ce/emqx_modules/src/emqx_mod_acl_internal.erl +++ b/lib-ce/emqx_modules/src/emqx_mod_acl_internal.erl @@ -38,12 +38,26 @@ -type(acl_rules() :: #{publish => [emqx_access_rule:rule()], subscribe => [emqx_access_rule:rule()]}). +-record(acl_metrics, { + allow = 'client.acl.allow', + deny = 'client.acl.deny', + ignore = 'client.acl.ignore' + }). + +-define(METRICS(Type), tl(tuple_to_list(#Type{}))). +-define(METRICS(Type, K), #Type{}#Type.K). + +-define(ACL_METRICS, ?METRICS(acl_metrics)). +-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)). + + %%-------------------------------------------------------------------- %% API %%-------------------------------------------------------------------- load(Env) -> Rules = rules_from_file(proplists:get_value(acl_file, Env)), + register_metrics(), emqx_hooks:add('client.check_acl', {?MODULE, check_acl, [Rules]}, -1). unload(_Env) -> @@ -68,9 +82,15 @@ description() -> -> {ok, allow} | {ok, deny} | ok). check_acl(Client, PubSub, Topic, _AclResult, Rules) -> case match(Client, Topic, lookup(PubSub, Rules)) of - {matched, allow} -> {ok, allow}; - {matched, deny} -> {ok, deny}; - nomatch -> ok + {matched, allow} -> + emqx_metrics:inc(?ACL_METRICS(allow)), + {ok, allow}; + {matched, deny} -> + emqx_metrics:inc(?ACL_METRICS(deny)), + {ok, deny}; + nomatch -> + emqx_metrics:inc(?ACL_METRICS(ignore)), + ok end. %%-------------------------------------------------------------------- @@ -107,6 +127,9 @@ rules_from_file(AclFile) -> #{} end. +register_metrics() -> + lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS). + filter(_PubSub, {allow, all}) -> true; filter(_PubSub, {deny, all}) -> @@ -119,4 +142,3 @@ filter(subscribe, {_AllowDeny, _Who, subscribe, _Topics}) -> true; filter(_PubSub, {_AllowDeny, _Who, _, _Topics}) -> false. - diff --git a/lib-ce/emqx_modules/src/emqx_modules.app.src b/lib-ce/emqx_modules/src/emqx_modules.app.src index bcb05fe31..47a3d8888 100644 --- a/lib-ce/emqx_modules/src/emqx_modules.app.src +++ b/lib-ce/emqx_modules/src/emqx_modules.app.src @@ -1,6 +1,6 @@ {application, emqx_modules, [{description, "EMQ X Module Management"}, - {vsn, "4.3.3"}, + {vsn, "4.3.4"}, {modules, []}, {applications, [kernel,stdlib]}, {mod, {emqx_modules_app, []}}, diff --git a/lib-ce/emqx_modules/src/emqx_modules.appup.src b/lib-ce/emqx_modules/src/emqx_modules.appup.src index f52ba1a61..8ea2c5ebe 100644 --- a/lib-ce/emqx_modules/src/emqx_modules.appup.src +++ b/lib-ce/emqx_modules/src/emqx_modules.appup.src @@ -1,32 +1,45 @@ %% -*-: erlang -*- {VSN, [ + {"4.3.3", [ + {apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} + ]}, {"4.3.2", [ - {load_module, emqx_mod_presence, brutal_purge, soft_purge, []} + {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, + {apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {"4.3.1", [ {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, - {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []} + {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}, + {apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {"4.3.0", [ {update, emqx_mod_delayed, {advanced, []}}, {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, - {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []} + {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}, + {apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} ], [ {"4.3.2", [ - {load_module, emqx_mod_presence, brutal_purge, soft_purge, []} + {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {"4.3.1", [ {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, - {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []} + {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {"4.3.0", [ {update, emqx_mod_delayed, {advanced, []}}, {load_module, emqx_mod_presence, brutal_purge, soft_purge, []}, - {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []} + {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}, + {load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []} ]}, {<<".*">>, []} ] diff --git a/lib-ce/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl b/lib-ce/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl index 3edcd31fa..858badc53 100644 --- a/lib-ce/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl +++ b/lib-ce/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl @@ -38,10 +38,12 @@ t_load_unload(_) -> ?assertEqual({error,already_exists}, emqx_mod_acl_internal:load([])). t_check_acl(_) -> + emqx_mod_acl_internal:load([]), Rules=#{publish => [{allow,all}], subscribe => [{deny, all}]}, ?assertEqual({ok, allow}, emqx_mod_acl_internal:check_acl(clientinfo(), publish, <<"t">>, [], Rules)), ?assertEqual({ok, deny}, emqx_mod_acl_internal:check_acl(clientinfo(), subscribe, <<"t">>, [], Rules)), - ?assertEqual(ok, emqx_mod_acl_internal:check_acl(clientinfo(), connect, <<"t">>, [], Rules)). + ?assertEqual(ok, emqx_mod_acl_internal:check_acl(clientinfo(), connect, <<"t">>, [], Rules)), + emqx_mod_acl_internal:unload([]). t_reload_acl(_) -> ?assertEqual(ok, emqx_mod_acl_internal:reload([])).