Merge pull request #7407 from EMQ-YangM/add_client_check_acl_complete

feat: add rule events: 'client.connack', 'client.check_acl_complete'
2022-03-28 10:31:27 +08:00 · 2022-03-28 10:31:27 +08:00 · c0da7bcee0
parent 1d6b7bbeae 059fc6e3c7
commit c0da7bcee0
6 changed files with 195 additions and 13 deletions
--- a/CHANGES-4.4.md
+++ b/CHANGES-4.4.md
@ -1,5 +1,10 @@
 # EMQ X 4.4 Changes

+### Enhancements
+* Add rule events: client.connack, client.check_acl_complete
+- client.connack The rule event is triggered when the server sends a CONNACK packet to the client. reason_code contains the error reason code.
+- client.check_acl_complete The rule event is triggered when the client check acl complete.
+
 ## v4.4.2

 **NOTE**: v4.4.2 is in sync with: v4.3.13
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
@ -2,7 +2,8 @@
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
  [{"4.4.1",
-    [{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
+     {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
@ -18,7 +19,8 @@
     {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
  [{"4.4.1",
-    [{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
+     {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
     {load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
--- a/apps/emqx_rule_engine/src/emqx_rule_events.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_events.erl
@ -31,6 +31,7 @@

 -export([ on_client_connected/3
        , on_client_disconnected/4
+        , on_client_connack/4
        , on_session_subscribed/4
        , on_session_unsubscribed/4
        , on_message_publish/2
@ -38,6 +39,7 @@
        , on_message_delivered/3
        , on_message_acked/3
        , on_delivery_dropped/4
+        , on_client_check_acl_complete/6
        ]).

 -export([ event_info/0
@ -48,6 +50,7 @@
 -define(SUPPORTED_HOOK,
        [ 'client.connected'
        , 'client.disconnected'
+        , 'client.connack'
        , 'session.subscribed'
        , 'session.unsubscribed'
        , 'message.publish'
@ -55,6 +58,7 @@
        , 'message.acked'
        , 'message.dropped'
        , 'delivery.dropped'
+        , 'client.check_acl_complete'
        ]).

 -ifdef(TEST).
@ -106,6 +110,18 @@ on_client_disconnected(ClientInfo, Reason, ConnInfo, Env) ->
    may_publish_and_apply('client.disconnected',
        fun() -> eventmsg_disconnected(ClientInfo, ConnInfo, Reason) end, Env).

+on_client_connack(ConnInfo, Reason, _, Env) ->
+    may_publish_and_apply('client.connack',
+                          fun() -> eventmsg_connack(ConnInfo, Reason) end, Env).
+
+on_client_check_acl_complete(ClientInfo, PubSub, Topic, Result, IsCache, Env) ->
+    may_publish_and_apply('client.check_acl_complete',
+                          fun() -> eventmsg_check_acl_complete(ClientInfo,
+                                                               PubSub,
+                                                               Topic,
+                                                               Result,
+                                                               IsCache) end, Env).
+
 on_session_subscribed(ClientInfo, Topic, SubOpts, Env) ->
    may_publish_and_apply('session.subscribed',
        fun() -> eventmsg_sub_or_unsub('session.subscribed', ClientInfo, Topic, SubOpts) end, Env).
@ -220,6 +236,48 @@ eventmsg_disconnected(_ClientInfo = #{
          disconnected_at => DisconnectedAt
        }).

+eventmsg_connack(_ConnInfo = #{
+                    clientid := ClientId,
+                    clean_start := CleanStart,
+                    username := Username,
+                    peername := PeerName,
+                    sockname := SockName,
+                    proto_name := ProtoName,
+                    proto_ver := ProtoVer,
+                    keepalive := Keepalive,
+                    connected_at := ConnectedAt,
+                    conn_props := ConnProps,
+                    expiry_interval := ExpiryInterval
+                   }, Reason) ->
+    with_basic_columns('client.connack',
+        #{reason_code => reason(Reason),
+          clientid => ClientId,
+          clean_start => CleanStart,
+          username => Username,
+          peername => ntoa(PeerName),
+          sockname => ntoa(SockName),
+          proto_name => ProtoName,
+          proto_ver => ProtoVer,
+          keepalive => Keepalive,
+          expiry_interval => ExpiryInterval,
+          connected_at => ConnectedAt,
+          conn_props => printable_maps(ConnProps)
+        }).
+eventmsg_check_acl_complete(_ClientInfo = #{
+                                            clientid := ClientId,
+                                            username := Username,
+                                            peerhost := PeerHost
+                                           }, PubSub, Topic, Result, IsCache) ->
+    with_basic_columns('client.check_acl_complete',
+                       #{clientid => ClientId,
+                         username => Username,
+                         peerhost => ntoa(PeerHost),
+                         topic    => Topic,
+                         action   => PubSub,
+                         is_cache => IsCache,
+                         result   => Result
+                        }).
+
 eventmsg_sub_or_unsub(Event, _ClientInfo = #{
                    clientid := ClientId,
                    username := Username,
@ -372,8 +430,10 @@ event_info() ->
    , event_info_delivery_dropped()
    , event_info_client_connected()
    , event_info_client_disconnected()
+    , event_info_client_connack()
    , event_info_session_subscribed()
    , event_info_session_unsubscribed()
+    , event_info_client_check_acl_complete()
    ].

 event_info_message_publish() ->
@ -427,6 +487,13 @@ event_info_client_disconnected() ->
        {<<"client disconnected">>, <<"连接断开"/utf8>>},
        <<"SELECT * FROM \"$events/client_disconnected\" WHERE topic =~ 't/#'">>
    ).
+event_info_client_connack() ->
+    event_info_common(
+      'client.connack',
+      {<<"client connack">>, <<"连接确认"/utf8>>},
+      {<<"client connack">>, <<"连接确认"/utf8>>},
+      <<"SELECT * FROM \"$events/client_connack\"">>
+     ).
 event_info_session_subscribed() ->
    event_info_common(
        'session.subscribed',
@ -441,6 +508,13 @@ event_info_session_unsubscribed() ->
        {<<"session unsubscribed">>, <<"会话取消订阅完成"/utf8>>},
        <<"SELECT * FROM \"$events/session_unsubscribed\" WHERE topic =~ 't/#'">>
    ).
+event_info_client_check_acl_complete() ->
+    event_info_common(
+      'client.check_acl_complete',
+      {<<"client check acl complete">>, <<"鉴权结果"/utf8>>},
+      {<<"client check acl complete">>, <<"鉴权结果"/utf8>>},
+      <<"SELECT * FROM \"$events/client_check_acl_complete\"">>
+     ).

 event_info_common(Event, {TitleEN, TitleZH}, {DescrEN, DescrZH}, SqlExam) ->
    #{event => event_topic(Event),
@ -485,6 +559,11 @@ test_columns('client.disconnected') ->
    , {<<"username">>, <<"u_emqx">>}
    , {<<"reason">>, <<"normal">>}
    ];
+test_columns('client.connack') ->
+    [ {<<"clientid">>, <<"c_emqx">>}
+    , {<<"username">>, <<"u_emqx">>}
+    , {<<"reason_code">>, <<"sucess">>}
+    ];
 test_columns('session.unsubscribed') ->
    test_columns('session.subscribed');
 test_columns('session.subscribed') ->
@ -492,6 +571,13 @@ test_columns('session.subscribed') ->
    , {<<"username">>, <<"u_emqx">>}
    , {<<"topic">>, <<"t/a">>}
    , {<<"qos">>, 1}
+    ];
+test_columns('client.check_acl_complete') ->
+    [ {<<"clientid">>, <<"c_emqx">>}
+    , {<<"username">>, <<"u_emqx">>}
+    , {<<"topic">>, <<"t/1">>}
+    , {<<"action">>, <<"publish">>}
+    , {<<"result">>, <<"allow">>}
    ].

 columns_with_exam('message.publish') ->
@ -607,6 +693,23 @@ columns_with_exam('client.disconnected') ->
    , {<<"timestamp">>, erlang:system_time(millisecond)}
    , {<<"node">>, node()}
    ];
+columns_with_exam('client.connack') ->
+    [ {<<"event">>, 'client.connected'}
+    , {<<"reason_code">>, success}
+    , {<<"clientid">>, <<"c_emqx">>}
+    , {<<"username">>, <<"u_emqx">>}
+    , {<<"peername">>, <<"192.168.0.10:56431">>}
+    , {<<"sockname">>, <<"0.0.0.0:1883">>}
+    , {<<"proto_name">>, <<"MQTT">>}
+    , {<<"proto_ver">>, 5}
+    , {<<"keepalive">>, 60}
+    , {<<"clean_start">>, true}
+    , {<<"expiry_interval">>, 3600}
+    , {<<"connected_at">>, erlang:system_time(millisecond)}
+    , columns_example_props(conn_props)
+    , {<<"timestamp">>, erlang:system_time(millisecond)}
+    , {<<"node">>, node()}
+    ];
 columns_with_exam('session.subscribed') ->
    [ {<<"event">>, 'session.subscribed'}
    , {<<"clientid">>, <<"c_emqx">>}
@ -628,6 +731,18 @@ columns_with_exam('session.unsubscribed') ->
    , columns_example_props(unsub_props)
    , {<<"timestamp">>, erlang:system_time(millisecond)}
    , {<<"node">>, node()}
+    ];
+columns_with_exam('client.check_acl_complete') ->
+    [ {<<"event">>, 'client.check_acl_complete'}
+    , {<<"clientid">>, <<"c_emqx">>}
+    , {<<"username">>, <<"u_emqx">>}
+    , {<<"peerhost">>, <<"192.168.0.10">>}
+    , {<<"topic">>, <<"t/a">>}
+    , {<<"action">>, <<"publish">>}
+    , {<<"is_cache">>, <<"false">>}
+    , {<<"result">>, <<"allow">>}
+    , {<<"timestamp">>, erlang:system_time(millisecond)}
+    , {<<"node">>, node()}
    ].

 columns_example_props(PropType) ->
@ -694,6 +809,7 @@ ntoa(IpAddr) ->

 event_name(<<"$events/client_connected", _/binary>>) -> 'client.connected';
 event_name(<<"$events/client_disconnected", _/binary>>) -> 'client.disconnected';
+event_name(<<"$events/client_connack", _/binary>>) -> 'client.connack';
 event_name(<<"$events/session_subscribed", _/binary>>) -> 'session.subscribed';
 event_name(<<"$events/session_unsubscribed", _/binary>>) ->
    'session.unsubscribed';
@ -701,17 +817,20 @@ event_name(<<"$events/message_delivered", _/binary>>) -> 'message.delivered';
 event_name(<<"$events/message_acked", _/binary>>) -> 'message.acked';
 event_name(<<"$events/message_dropped", _/binary>>) -> 'message.dropped';
 event_name(<<"$events/delivery_dropped", _/binary>>) -> 'delivery.dropped';
+event_name(<<"$events/client_check_acl_complete", _/binary>>) -> 'client.check_acl_complete';
 event_name(_) -> 'message.publish'.

 event_topic('client.connected') -> <<"$events/client_connected">>;
 event_topic('client.disconnected') -> <<"$events/client_disconnected">>;
+event_topic('client.connack') -> <<"$events/client_connack">>;
 event_topic('session.subscribed') -> <<"$events/session_subscribed">>;
 event_topic('session.unsubscribed') -> <<"$events/session_unsubscribed">>;
 event_topic('message.delivered') -> <<"$events/message_delivered">>;
 event_topic('message.acked') -> <<"$events/message_acked">>;
 event_topic('message.dropped') -> <<"$events/message_dropped">>;
 event_topic('delivery.dropped') -> <<"$events/delivery_dropped">>;
-event_topic('message.publish') -> <<"$events/message_publish">>.
+event_topic('message.publish') -> <<"$events/message_publish">>;
+event_topic('client.check_acl_complete') -> <<"$events/client_check_acl_complete">>.

 printable_maps(undefined) -> #{};
 printable_maps(Headers) ->
--- a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
+++ b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
@ -197,6 +197,8 @@ init_per_testcase(t_events, Config) ->
                    description = #{en => <<"Hook metrics action">>}}),
    SQL = "SELECT * FROM \"$events/client_connected\", "
                        "\"$events/client_disconnected\", "
+                        "\"$events/client_connack\", "
+                        "\"$events/client_check_acl_complete\", "
                        "\"$events/session_subscribed\", "
                        "\"$events/session_unsubscribed\", "
                        "\"$events/message_acked\", "
@ -1013,9 +1015,9 @@ t_events(_Config) ->
        , {proto_ver, v5}
        , {properties, #{'Session-Expiry-Interval' => 60}}
        ]),
-    ct:pal("====== verify $events/client_connected"),
+    ct:pal("====== verify $events/client_connected, $events/client_connack"),
    client_connected(Client, Client2),
-    ct:pal("====== verify $events/session_subscribed"),
+    ct:pal("====== verify $events/session_subscribed, $events/client_check_acl_complete"),
    session_subscribed(Client2),
    ct:pal("====== verify t1"),
    message_publish(Client),
@ -1039,6 +1041,7 @@ message_publish(Client) ->
 client_connected(Client, Client2) ->
    {ok, _} = emqtt:connect(Client),
    {ok, _} = emqtt:connect(Client2),
+    verify_event('client.connack'),
    verify_event('client.connected'),
    ok.
 client_disconnected(Client, Client2) ->
@ -1053,6 +1056,7 @@ session_subscribed(Client2) ->
                                , 1
                                ),
    verify_event('session.subscribed'),
+    verify_event('client.check_acl_complete'),
    ok.
 session_unsubscribed(Client2) ->
    {ok, _, _} = emqtt:unsubscribe( Client2
@ -2644,6 +2648,37 @@ verify_event_fields('client.disconnected', Fields) ->
    ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000),
    ?assert(EventAt =< Timestamp);

+verify_event_fields('client.connack', Fields) ->
+    #{clientid := ClientId,
+      clean_start := CleanStart,
+      username := Username,
+      peername := PeerName,
+      sockname := SockName,
+      proto_name := ProtoName,
+      proto_ver := ProtoVer,
+      keepalive := Keepalive,
+      expiry_interval := ExpiryInterval,
+      conn_props := Properties,
+      timestamp := Timestamp,
+      connected_at := EventAt
+    } = Fields,
+    Now = erlang:system_time(millisecond),
+    TimestampElapse = Now - Timestamp,
+    RcvdAtElapse = Now - EventAt,
+    ?assert(lists:member(ClientId, [<<"c_event">>, <<"c_event2">>])),
+    ?assert(lists:member(Username, [<<"u_event">>, <<"u_event2">>])),
+    verify_peername(PeerName),
+    verify_peername(SockName),
+    ?assertEqual(<<"MQTT">>, ProtoName),
+    ?assertEqual(5, ProtoVer),
+    ?assert(is_integer(Keepalive)),
+    ?assert(is_boolean(CleanStart)),
+    ?assertEqual(60, ExpiryInterval),
+    ?assertMatch(#{'Session-Expiry-Interval' := 60}, Properties),
+    ?assert(0 =< TimestampElapse andalso TimestampElapse =< 60*1000),
+    ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000),
+    ?assert(EventAt =< Timestamp);
+
 verify_event_fields(SubUnsub, Fields) when SubUnsub == 'session.subscribed'
                                         ; SubUnsub == 'session.unsubscribed' ->
    #{clientid := ClientId,
@ -2767,7 +2802,22 @@ verify_event_fields('message.acked', Fields) ->
    ?assert(is_map(PubAckProps)),
    ?assert(0 =< TimestampElapse andalso TimestampElapse =< 60*1000),
    ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000),
-    ?assert(EventAt =< Timestamp).
+    ?assert(EventAt =< Timestamp);
+
+verify_event_fields('client.check_acl_complete', Fields) ->
+    #{clientid := ClientId,
+      action := Action,
+      result := Result,
+      topic := Topic,
+      is_cache := IsCache,
+      username := Username
+    } = Fields,
+    ?assertEqual(<<"t1">>, Topic),
+    ?assert(lists:member(Action, [subscribe, publish])),
+    ?assert(lists:member(Result, [allow, deny])),
+    ?assert(lists:member(IsCache, [true, false])),
+    ?assert(lists:member(ClientId, [<<"c_event">>, <<"c_event2">>])),
+    ?assert(lists:member(Username, [<<"u_event">>, <<"u_event2">>])).

 verify_peername(PeerName) ->
    case string:split(PeerName, ":") of
--- a/src/emqx.appup.src
+++ b/src/emqx.appup.src
@ -2,7 +2,8 @@
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
  [{"4.4.1",
-    [{load_module,emqx_frame,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
+     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
     {load_module,emqx_misc,brutal_purge,soft_purge,[]},
     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
     {load_module,emqx_session,brutal_purge,soft_purge,[]},
@ -44,7 +45,8 @@
     {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
  [{"4.4.1",
-    [{load_module,emqx_frame,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
+     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
     {load_module,emqx_misc,brutal_purge,soft_purge,[]},
     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
     {load_module,emqx_session,brutal_purge,soft_purge,[]},
--- a/src/emqx_access_control.erl
+++ b/src/emqx_access_control.erl
@ -49,7 +49,8 @@ check_acl(ClientInfo, PubSub, Topic) ->
        true  -> check_acl_cache(ClientInfo, PubSub, Topic);
        false -> do_check_acl(ClientInfo, PubSub, Topic)
    end,
-    inc_acl_metrics(Result), Result.
+    inc_acl_metrics(Result),
+    Result.

 check_acl_cache(ClientInfo, PubSub, Topic) ->
    case emqx_acl_cache:get_acl_cache(PubSub, Topic) of
@ -59,15 +60,18 @@ check_acl_cache(ClientInfo, PubSub, Topic) ->
            AclResult;
        AclResult ->
            inc_acl_metrics(cache_hit),
+            emqx:run_hook('client.check_acl_complete', [ClientInfo, PubSub, Topic, AclResult, true]),
            AclResult
    end.

 do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) ->
    Default = emqx_zone:get_env(Zone, acl_nomatch, deny),
-    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of
-        allow  -> allow;
-        _Other -> deny
-    end.
+    Result = case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of
+                 allow  -> allow;
+                 _Other -> deny
+             end,
+    emqx:run_hook('client.check_acl_complete', [ClientInfo, PubSub, Topic, Result, false]),
+    Result.

 default_auth_result(Zone) ->
    case emqx_zone:get_env(Zone, allow_anonymous, false) of