diff --git a/CHANGES-4.4.md b/CHANGES-4.4.md index 59c62d9c5..3b1c4c911 100644 --- a/CHANGES-4.4.md +++ b/CHANGES-4.4.md @@ -1,5 +1,10 @@ # EMQ X 4.4 Changes +### Enhancements +* Add rule events: client.connack, client.check_acl_complete +- client.connack The rule event is triggered when the server sends a CONNACK packet to the client. reason_code contains the error reason code. +- client.check_acl_complete The rule event is triggered when the client check acl complete. + ## v4.4.2 **NOTE**: v4.4.2 is in sync with: v4.3.13 diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src index 0028cc988..d5b2c6319 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src @@ -2,7 +2,8 @@ %% Unless you know what you are doing, DO NOT edit manually!! {VSN, [{"4.4.1", - [{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}, + [{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, + {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]}, @@ -18,7 +19,8 @@ {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], [{"4.4.1", - [{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}, + [{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, + {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]}, diff --git a/apps/emqx_rule_engine/src/emqx_rule_events.erl b/apps/emqx_rule_engine/src/emqx_rule_events.erl index 540b1cbbd..1cef282c8 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_events.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_events.erl @@ -31,6 +31,7 @@ -export([ on_client_connected/3 , on_client_disconnected/4 + , on_client_connack/4 , on_session_subscribed/4 , on_session_unsubscribed/4 , on_message_publish/2 @@ -38,6 +39,7 @@ , on_message_delivered/3 , on_message_acked/3 , on_delivery_dropped/4 + , on_client_check_acl_complete/6 ]). -export([ event_info/0 @@ -48,6 +50,7 @@ -define(SUPPORTED_HOOK, [ 'client.connected' , 'client.disconnected' + , 'client.connack' , 'session.subscribed' , 'session.unsubscribed' , 'message.publish' @@ -55,6 +58,7 @@ , 'message.acked' , 'message.dropped' , 'delivery.dropped' + , 'client.check_acl_complete' ]). -ifdef(TEST). @@ -106,6 +110,18 @@ on_client_disconnected(ClientInfo, Reason, ConnInfo, Env) -> may_publish_and_apply('client.disconnected', fun() -> eventmsg_disconnected(ClientInfo, ConnInfo, Reason) end, Env). +on_client_connack(ConnInfo, Reason, _, Env) -> + may_publish_and_apply('client.connack', + fun() -> eventmsg_connack(ConnInfo, Reason) end, Env). + +on_client_check_acl_complete(ClientInfo, PubSub, Topic, Result, IsCache, Env) -> + may_publish_and_apply('client.check_acl_complete', + fun() -> eventmsg_check_acl_complete(ClientInfo, + PubSub, + Topic, + Result, + IsCache) end, Env). + on_session_subscribed(ClientInfo, Topic, SubOpts, Env) -> may_publish_and_apply('session.subscribed', fun() -> eventmsg_sub_or_unsub('session.subscribed', ClientInfo, Topic, SubOpts) end, Env). @@ -220,6 +236,48 @@ eventmsg_disconnected(_ClientInfo = #{ disconnected_at => DisconnectedAt }). +eventmsg_connack(_ConnInfo = #{ + clientid := ClientId, + clean_start := CleanStart, + username := Username, + peername := PeerName, + sockname := SockName, + proto_name := ProtoName, + proto_ver := ProtoVer, + keepalive := Keepalive, + connected_at := ConnectedAt, + conn_props := ConnProps, + expiry_interval := ExpiryInterval + }, Reason) -> + with_basic_columns('client.connack', + #{reason_code => reason(Reason), + clientid => ClientId, + clean_start => CleanStart, + username => Username, + peername => ntoa(PeerName), + sockname => ntoa(SockName), + proto_name => ProtoName, + proto_ver => ProtoVer, + keepalive => Keepalive, + expiry_interval => ExpiryInterval, + connected_at => ConnectedAt, + conn_props => printable_maps(ConnProps) + }). +eventmsg_check_acl_complete(_ClientInfo = #{ + clientid := ClientId, + username := Username, + peerhost := PeerHost + }, PubSub, Topic, Result, IsCache) -> + with_basic_columns('client.check_acl_complete', + #{clientid => ClientId, + username => Username, + peerhost => ntoa(PeerHost), + topic => Topic, + action => PubSub, + is_cache => IsCache, + result => Result + }). + eventmsg_sub_or_unsub(Event, _ClientInfo = #{ clientid := ClientId, username := Username, @@ -372,8 +430,10 @@ event_info() -> , event_info_delivery_dropped() , event_info_client_connected() , event_info_client_disconnected() + , event_info_client_connack() , event_info_session_subscribed() , event_info_session_unsubscribed() + , event_info_client_check_acl_complete() ]. event_info_message_publish() -> @@ -427,6 +487,13 @@ event_info_client_disconnected() -> {<<"client disconnected">>, <<"连接断开"/utf8>>}, <<"SELECT * FROM \"$events/client_disconnected\" WHERE topic =~ 't/#'">> ). +event_info_client_connack() -> + event_info_common( + 'client.connack', + {<<"client connack">>, <<"连接确认"/utf8>>}, + {<<"client connack">>, <<"连接确认"/utf8>>}, + <<"SELECT * FROM \"$events/client_connack\"">> + ). event_info_session_subscribed() -> event_info_common( 'session.subscribed', @@ -441,6 +508,13 @@ event_info_session_unsubscribed() -> {<<"session unsubscribed">>, <<"会话取消订阅完成"/utf8>>}, <<"SELECT * FROM \"$events/session_unsubscribed\" WHERE topic =~ 't/#'">> ). +event_info_client_check_acl_complete() -> + event_info_common( + 'client.check_acl_complete', + {<<"client check acl complete">>, <<"鉴权结果"/utf8>>}, + {<<"client check acl complete">>, <<"鉴权结果"/utf8>>}, + <<"SELECT * FROM \"$events/client_check_acl_complete\"">> + ). event_info_common(Event, {TitleEN, TitleZH}, {DescrEN, DescrZH}, SqlExam) -> #{event => event_topic(Event), @@ -485,6 +559,11 @@ test_columns('client.disconnected') -> , {<<"username">>, <<"u_emqx">>} , {<<"reason">>, <<"normal">>} ]; +test_columns('client.connack') -> + [ {<<"clientid">>, <<"c_emqx">>} + , {<<"username">>, <<"u_emqx">>} + , {<<"reason_code">>, <<"sucess">>} + ]; test_columns('session.unsubscribed') -> test_columns('session.subscribed'); test_columns('session.subscribed') -> @@ -492,6 +571,13 @@ test_columns('session.subscribed') -> , {<<"username">>, <<"u_emqx">>} , {<<"topic">>, <<"t/a">>} , {<<"qos">>, 1} + ]; +test_columns('client.check_acl_complete') -> + [ {<<"clientid">>, <<"c_emqx">>} + , {<<"username">>, <<"u_emqx">>} + , {<<"topic">>, <<"t/1">>} + , {<<"action">>, <<"publish">>} + , {<<"result">>, <<"allow">>} ]. columns_with_exam('message.publish') -> @@ -607,6 +693,23 @@ columns_with_exam('client.disconnected') -> , {<<"timestamp">>, erlang:system_time(millisecond)} , {<<"node">>, node()} ]; +columns_with_exam('client.connack') -> + [ {<<"event">>, 'client.connected'} + , {<<"reason_code">>, success} + , {<<"clientid">>, <<"c_emqx">>} + , {<<"username">>, <<"u_emqx">>} + , {<<"peername">>, <<"192.168.0.10:56431">>} + , {<<"sockname">>, <<"0.0.0.0:1883">>} + , {<<"proto_name">>, <<"MQTT">>} + , {<<"proto_ver">>, 5} + , {<<"keepalive">>, 60} + , {<<"clean_start">>, true} + , {<<"expiry_interval">>, 3600} + , {<<"connected_at">>, erlang:system_time(millisecond)} + , columns_example_props(conn_props) + , {<<"timestamp">>, erlang:system_time(millisecond)} + , {<<"node">>, node()} + ]; columns_with_exam('session.subscribed') -> [ {<<"event">>, 'session.subscribed'} , {<<"clientid">>, <<"c_emqx">>} @@ -628,6 +731,18 @@ columns_with_exam('session.unsubscribed') -> , columns_example_props(unsub_props) , {<<"timestamp">>, erlang:system_time(millisecond)} , {<<"node">>, node()} + ]; +columns_with_exam('client.check_acl_complete') -> + [ {<<"event">>, 'client.check_acl_complete'} + , {<<"clientid">>, <<"c_emqx">>} + , {<<"username">>, <<"u_emqx">>} + , {<<"peerhost">>, <<"192.168.0.10">>} + , {<<"topic">>, <<"t/a">>} + , {<<"action">>, <<"publish">>} + , {<<"is_cache">>, <<"false">>} + , {<<"result">>, <<"allow">>} + , {<<"timestamp">>, erlang:system_time(millisecond)} + , {<<"node">>, node()} ]. columns_example_props(PropType) -> @@ -694,6 +809,7 @@ ntoa(IpAddr) -> event_name(<<"$events/client_connected", _/binary>>) -> 'client.connected'; event_name(<<"$events/client_disconnected", _/binary>>) -> 'client.disconnected'; +event_name(<<"$events/client_connack", _/binary>>) -> 'client.connack'; event_name(<<"$events/session_subscribed", _/binary>>) -> 'session.subscribed'; event_name(<<"$events/session_unsubscribed", _/binary>>) -> 'session.unsubscribed'; @@ -701,17 +817,20 @@ event_name(<<"$events/message_delivered", _/binary>>) -> 'message.delivered'; event_name(<<"$events/message_acked", _/binary>>) -> 'message.acked'; event_name(<<"$events/message_dropped", _/binary>>) -> 'message.dropped'; event_name(<<"$events/delivery_dropped", _/binary>>) -> 'delivery.dropped'; +event_name(<<"$events/client_check_acl_complete", _/binary>>) -> 'client.check_acl_complete'; event_name(_) -> 'message.publish'. event_topic('client.connected') -> <<"$events/client_connected">>; event_topic('client.disconnected') -> <<"$events/client_disconnected">>; +event_topic('client.connack') -> <<"$events/client_connack">>; event_topic('session.subscribed') -> <<"$events/session_subscribed">>; event_topic('session.unsubscribed') -> <<"$events/session_unsubscribed">>; event_topic('message.delivered') -> <<"$events/message_delivered">>; event_topic('message.acked') -> <<"$events/message_acked">>; event_topic('message.dropped') -> <<"$events/message_dropped">>; event_topic('delivery.dropped') -> <<"$events/delivery_dropped">>; -event_topic('message.publish') -> <<"$events/message_publish">>. +event_topic('message.publish') -> <<"$events/message_publish">>; +event_topic('client.check_acl_complete') -> <<"$events/client_check_acl_complete">>. printable_maps(undefined) -> #{}; printable_maps(Headers) -> diff --git a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl index 02e0f607c..2a0498d2f 100644 --- a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl +++ b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl @@ -197,6 +197,8 @@ init_per_testcase(t_events, Config) -> description = #{en => <<"Hook metrics action">>}}), SQL = "SELECT * FROM \"$events/client_connected\", " "\"$events/client_disconnected\", " + "\"$events/client_connack\", " + "\"$events/client_check_acl_complete\", " "\"$events/session_subscribed\", " "\"$events/session_unsubscribed\", " "\"$events/message_acked\", " @@ -1013,9 +1015,9 @@ t_events(_Config) -> , {proto_ver, v5} , {properties, #{'Session-Expiry-Interval' => 60}} ]), - ct:pal("====== verify $events/client_connected"), + ct:pal("====== verify $events/client_connected, $events/client_connack"), client_connected(Client, Client2), - ct:pal("====== verify $events/session_subscribed"), + ct:pal("====== verify $events/session_subscribed, $events/client_check_acl_complete"), session_subscribed(Client2), ct:pal("====== verify t1"), message_publish(Client), @@ -1039,6 +1041,7 @@ message_publish(Client) -> client_connected(Client, Client2) -> {ok, _} = emqtt:connect(Client), {ok, _} = emqtt:connect(Client2), + verify_event('client.connack'), verify_event('client.connected'), ok. client_disconnected(Client, Client2) -> @@ -1053,6 +1056,7 @@ session_subscribed(Client2) -> , 1 ), verify_event('session.subscribed'), + verify_event('client.check_acl_complete'), ok. session_unsubscribed(Client2) -> {ok, _, _} = emqtt:unsubscribe( Client2 @@ -2644,6 +2648,37 @@ verify_event_fields('client.disconnected', Fields) -> ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000), ?assert(EventAt =< Timestamp); +verify_event_fields('client.connack', Fields) -> + #{clientid := ClientId, + clean_start := CleanStart, + username := Username, + peername := PeerName, + sockname := SockName, + proto_name := ProtoName, + proto_ver := ProtoVer, + keepalive := Keepalive, + expiry_interval := ExpiryInterval, + conn_props := Properties, + timestamp := Timestamp, + connected_at := EventAt + } = Fields, + Now = erlang:system_time(millisecond), + TimestampElapse = Now - Timestamp, + RcvdAtElapse = Now - EventAt, + ?assert(lists:member(ClientId, [<<"c_event">>, <<"c_event2">>])), + ?assert(lists:member(Username, [<<"u_event">>, <<"u_event2">>])), + verify_peername(PeerName), + verify_peername(SockName), + ?assertEqual(<<"MQTT">>, ProtoName), + ?assertEqual(5, ProtoVer), + ?assert(is_integer(Keepalive)), + ?assert(is_boolean(CleanStart)), + ?assertEqual(60, ExpiryInterval), + ?assertMatch(#{'Session-Expiry-Interval' := 60}, Properties), + ?assert(0 =< TimestampElapse andalso TimestampElapse =< 60*1000), + ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000), + ?assert(EventAt =< Timestamp); + verify_event_fields(SubUnsub, Fields) when SubUnsub == 'session.subscribed' ; SubUnsub == 'session.unsubscribed' -> #{clientid := ClientId, @@ -2767,7 +2802,22 @@ verify_event_fields('message.acked', Fields) -> ?assert(is_map(PubAckProps)), ?assert(0 =< TimestampElapse andalso TimestampElapse =< 60*1000), ?assert(0 =< RcvdAtElapse andalso RcvdAtElapse =< 60*1000), - ?assert(EventAt =< Timestamp). + ?assert(EventAt =< Timestamp); + +verify_event_fields('client.check_acl_complete', Fields) -> + #{clientid := ClientId, + action := Action, + result := Result, + topic := Topic, + is_cache := IsCache, + username := Username + } = Fields, + ?assertEqual(<<"t1">>, Topic), + ?assert(lists:member(Action, [subscribe, publish])), + ?assert(lists:member(Result, [allow, deny])), + ?assert(lists:member(IsCache, [true, false])), + ?assert(lists:member(ClientId, [<<"c_event">>, <<"c_event2">>])), + ?assert(lists:member(Username, [<<"u_event">>, <<"u_event2">>])). verify_peername(PeerName) -> case string:split(PeerName, ":") of diff --git a/src/emqx.appup.src b/src/emqx.appup.src index 383db43f1..372e26df7 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -2,7 +2,8 @@ %% Unless you know what you are doing, DO NOT edit manually!! {VSN, [{"4.4.1", - [{load_module,emqx_frame,brutal_purge,soft_purge,[]}, + [{load_module,emqx_access_control,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_plugins,brutal_purge,soft_purge,[]}, {load_module,emqx_session,brutal_purge,soft_purge,[]}, @@ -44,7 +45,8 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], [{"4.4.1", - [{load_module,emqx_frame,brutal_purge,soft_purge,[]}, + [{load_module,emqx_access_control,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_plugins,brutal_purge,soft_purge,[]}, {load_module,emqx_session,brutal_purge,soft_purge,[]}, diff --git a/src/emqx_access_control.erl b/src/emqx_access_control.erl index fb0741c0c..11eb5efb2 100644 --- a/src/emqx_access_control.erl +++ b/src/emqx_access_control.erl @@ -49,7 +49,8 @@ check_acl(ClientInfo, PubSub, Topic) -> true -> check_acl_cache(ClientInfo, PubSub, Topic); false -> do_check_acl(ClientInfo, PubSub, Topic) end, - inc_acl_metrics(Result), Result. + inc_acl_metrics(Result), + Result. check_acl_cache(ClientInfo, PubSub, Topic) -> case emqx_acl_cache:get_acl_cache(PubSub, Topic) of @@ -59,15 +60,18 @@ check_acl_cache(ClientInfo, PubSub, Topic) -> AclResult; AclResult -> inc_acl_metrics(cache_hit), + emqx:run_hook('client.check_acl_complete', [ClientInfo, PubSub, Topic, AclResult, true]), AclResult end. do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) -> Default = emqx_zone:get_env(Zone, acl_nomatch, deny), - case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of - allow -> allow; - _Other -> deny - end. + Result = case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of + allow -> allow; + _Other -> deny + end, + emqx:run_hook('client.check_acl_complete', [ClientInfo, PubSub, Topic, Result, false]), + Result. default_auth_result(Zone) -> case emqx_zone:get_env(Zone, allow_anonymous, false) of