Merge pull request #6811 from HJianBo/acl-metrics-fixes
refactor(metrics): more clear for acl metrics
This commit is contained in:
JianBo He
GitHub
commit
c5f9bfc305
|
|
@ -7,17 +7,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -29,26 +29,17 @@
|
|||
]).
|
||||
|
||||
%% ACL callbacks
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
%% ACL callbacks
|
||||
%%--------------------------------------------------------------------
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, AclResult, Params) ->
|
||||
return_with(fun inc_metrics/1,
|
||||
do_check_acl(ClientInfo, PubSub, Topic, AclResult, Params)).
|
||||
|
||||
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Params) ->
|
||||
check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Params) ->
|
||||
ok;
|
||||
do_check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := Path}}) ->
|
||||
check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := Path}}) ->
|
||||
ClientInfo1 = ClientInfo#{access => access(PubSub), topic => Topic},
|
||||
case check_acl_request(ACLParams, ClientInfo1) of
|
||||
{ok, 200, <<"ignore">>} -> ok;
|
||||
|
|
@ -65,16 +56,6 @@ description() -> "ACL with HTTP API".
|
|||
%% Internal functions
|
||||
%%--------------------------------------------------------------------
|
||||
|
||||
inc_metrics(ok) ->
|
||||
emqx_metrics:inc(?ACL_METRICS(ignore));
|
||||
inc_metrics({stop, allow}) ->
|
||||
emqx_metrics:inc(?ACL_METRICS(allow));
|
||||
inc_metrics({stop, deny}) ->
|
||||
emqx_metrics:inc(?ACL_METRICS(deny)).
|
||||
|
||||
return_with(Fun, Result) ->
|
||||
Fun(Result), Result.
|
||||
|
||||
check_acl_request(#{pool_name := PoolName,
|
||||
path := Path,
|
||||
method := Method,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_http,
|
||||
[{description, "EMQ X Authentication/ACL with HTTP API"},
|
||||
{vsn, "4.3.3"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.4"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_http_sup]},
|
||||
{applications, [kernel,stdlib,ehttpc]},
|
||||
|
|
|
|||
|
|
@ -1,15 +1,23 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.2",
|
||||
[{"4.3.3",
|
||||
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.2",
|
||||
[{apply,{application,stop,[emqx_auth_http]}},
|
||||
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]},
|
||||
{<<"4.3.[0-1]">>,
|
||||
[{restart_application,emqx_auth_http}]},
|
||||
{<<".*">>,[]}],
|
||||
[{"4.3.2",
|
||||
[{"4.3.3",
|
||||
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.2",
|
||||
[{apply,{application,stop,[emqx_auth_http]}},
|
||||
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]},
|
||||
{<<"4.3.[0-1]">>,
|
||||
[{restart_application,emqx_auth_http}]},
|
||||
|
|
|
|||
|
|
@ -130,7 +130,6 @@ load_hooks() ->
|
|||
case application:get_env(?APP, acl_req) of
|
||||
undefined -> ok;
|
||||
{ok, ACLReq} ->
|
||||
ok = emqx_acl_http:register_metrics(),
|
||||
PoolOpts2 = proplists:get_value(pool_opts, ACLReq),
|
||||
PoolName2 = proplists:get_value(pool_name, ACLReq),
|
||||
{ok, _} = ehttpc_sup:start_pool(PoolName2, PoolOpts2),
|
||||
|
|
|
|||
|
|
@ -7,17 +7,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -22,20 +22,15 @@
|
|||
-include_lib("eldap/include/eldap.hrl").
|
||||
-include_lib("emqx/include/logger.hrl").
|
||||
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
|
||||
case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
||||
ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
|
||||
{stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
|
||||
{stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
|
||||
ok -> ok;
|
||||
{stop, allow} -> {stop, allow};
|
||||
{stop, deny} -> {stop, deny}
|
||||
end.
|
||||
|
||||
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_ldap,
|
||||
[{description, "EMQ X Authentication/ACL with LDAP"},
|
||||
{vsn, "4.3.2"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.3"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_ldap_sup]},
|
||||
{applications, [kernel,stdlib,eldap2,ecpool]},
|
||||
|
|
|
|||
|
|
@ -3,9 +3,16 @@
|
|||
[ {"4.3.0",
|
||||
[ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.1",
|
||||
[ {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.2",
|
||||
[ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{<<".*">>, []}
|
||||
],
|
||||
|
|
@ -13,9 +20,16 @@
|
|||
{"4.3.0",
|
||||
[ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.1",
|
||||
[ {load_module, emqx_auth_ldap_cli, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.2",
|
||||
[ {load_module, emqx_acl_ldap, brutal_purge, soft_purge, []}
|
||||
, {load_module, emqx_auth_ldap_app, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{<<".*">>, []}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -54,7 +54,6 @@ load_auth_hook(DeviceDn) ->
|
|||
emqx:hook('client.authenticate', fun emqx_auth_ldap:check/3, [Params#{pool => ?APP}]).
|
||||
|
||||
load_acl_hook(DeviceDn) ->
|
||||
ok = emqx_acl_ldap:register_metrics(),
|
||||
Params = maps:from_list(DeviceDn),
|
||||
emqx:hook('client.check_acl', fun emqx_acl_ldap:check_acl/5 , [Params#{pool => ?APP}]).
|
||||
|
||||
|
|
|
|||
|
|
@ -48,17 +48,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@
|
|||
|
||||
%% ACL Callbacks
|
||||
-export([ init/0
|
||||
, register_metrics/0
|
||||
, check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
|
@ -29,10 +28,6 @@ init() ->
|
|||
ok = emqx_acl_mnesia_db:create_table(),
|
||||
ok = emqx_acl_mnesia_db:create_table2().
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction, _Params) ->
|
||||
Username = maps:get(username, ClientInfo, undefined),
|
||||
|
||||
|
|
@ -48,13 +43,10 @@ check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction,
|
|||
|
||||
case match(ClientInfo, PubSub, Topic, Acls) of
|
||||
allow ->
|
||||
emqx_metrics:inc(?ACL_METRICS(allow)),
|
||||
{stop, allow};
|
||||
deny ->
|
||||
emqx_metrics:inc(?ACL_METRICS(deny)),
|
||||
{stop, deny};
|
||||
_ ->
|
||||
emqx_metrics:inc(?ACL_METRICS(ignore)),
|
||||
ok
|
||||
end.
|
||||
|
||||
|
|
|
|||
|
|
@ -8,12 +8,15 @@
|
|||
{apply, {emqx_acl_mnesia_migrator, start_supervised, []}},
|
||||
{load_module,emqx_auth_mnesia_api, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_app, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia_api, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia_cli, brutal_purge,soft_purge,[]}
|
||||
]},
|
||||
{<<"4.3.4">>, [
|
||||
{load_module,emqx_auth_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_cli, brutal_purge,soft_purge,[]}
|
||||
{load_module,emqx_auth_mnesia_cli, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_app, brutal_purge,soft_purge,[]}
|
||||
]},
|
||||
{<<".*">>, [
|
||||
]}
|
||||
|
|
@ -26,12 +29,15 @@
|
|||
{load_module,emqx_acl_mnesia_api, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_api, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_app, brutal_purge,soft_purge,[]},
|
||||
{delete_module,emqx_acl_mnesia_migrator},
|
||||
{delete_module,emqx_acl_mnesia_db}
|
||||
]},
|
||||
{<<"4.3.4">>, [
|
||||
{load_module,emqx_auth_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_cli, brutal_purge,soft_purge,[]}
|
||||
{load_module,emqx_auth_mnesia_cli, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mnesia, brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_auth_mnesia_app, brutal_purge,soft_purge,[]}
|
||||
]},
|
||||
{<<".*">>, [
|
||||
]}
|
||||
|
|
|
|||
|
|
@ -64,5 +64,4 @@ load_auth_hook() ->
|
|||
|
||||
load_acl_hook() ->
|
||||
ok = emqx_acl_mnesia:init(),
|
||||
ok = emqx_acl_mnesia:register_metrics(),
|
||||
emqx:hook('client.check_acl', fun emqx_acl_mnesia:check_acl/5, [#{}]).
|
||||
|
|
|
|||
|
|
@ -21,17 +21,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -21,17 +21,12 @@
|
|||
-include_lib("emqx/include/logger.hrl").
|
||||
|
||||
%% ACL callbacks
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _State) ->
|
||||
ok;
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery}) ->
|
||||
#aclquery{collection = Coll, selector = SelectorList} = AclQuery,
|
||||
Pool = maps:get(pool, Env, ?APP),
|
||||
|
|
@ -43,20 +38,16 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery})
|
|||
[] -> ok;
|
||||
Rows ->
|
||||
try match(ClientInfo, Topic, topics(PubSub, Rows)) of
|
||||
matched -> emqx_metrics:inc(?ACL_METRICS(allow)),
|
||||
{stop, allow};
|
||||
nomatch -> emqx_metrics:inc(?ACL_METRICS(deny)),
|
||||
{stop, deny}
|
||||
matched -> {stop, allow};
|
||||
nomatch -> {stop, deny}
|
||||
catch
|
||||
_Err:Reason->
|
||||
?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",
|
||||
[PubSub, Rows, Reason]),
|
||||
emqx_metrics:inc(?ACL_METRICS(ignore)),
|
||||
ignore
|
||||
end
|
||||
end.
|
||||
|
||||
|
||||
match(_ClientInfo, _Topic, []) ->
|
||||
nomatch;
|
||||
match(ClientInfo, Topic, [TopicFilter|More]) ->
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_mongo,
|
||||
[{description, "EMQ X Authentication/ACL with MongoDB"},
|
||||
{vsn, "4.3.0"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.1"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_mongo_sup]},
|
||||
{applications, [kernel,stdlib,mongodb,ecpool]},
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}],
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}]
|
||||
}.
|
||||
|
|
@ -55,7 +55,6 @@ reg_authmod(AuthQuery) ->
|
|||
[#{authquery => AuthQuery, superquery => SuperQuery, pool => ?APP}]).
|
||||
|
||||
reg_aclmod(AclQuery) ->
|
||||
emqx_acl_mongo:register_metrics(),
|
||||
ok = emqx:hook('client.check_acl', fun emqx_acl_mongo:check_acl/5, [#{aclquery => AclQuery, pool => ?APP}]).
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -7,17 +7,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -22,20 +22,15 @@
|
|||
-include_lib("emqx/include/logger.hrl").
|
||||
|
||||
%% ACL Callbacks
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
|
||||
case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
||||
ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
|
||||
{stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
|
||||
{stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
|
||||
ok -> ok;
|
||||
{stop, allow} -> {stop, allow};
|
||||
{stop, deny} -> {stop, deny}
|
||||
end.
|
||||
|
||||
do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_mysql,
|
||||
[{description, "EMQ X Authentication/ACL with MySQL"},
|
||||
{vsn, "4.3.0"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.1"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_mysql_sup]},
|
||||
{applications, [kernel,stdlib,mysql,ecpool]},
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}],
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}]
|
||||
}.
|
||||
|
|
@ -60,7 +60,6 @@ load_auth_hook(AuthQuery) ->
|
|||
emqx:hook('client.authenticate', fun emqx_auth_mysql:check/3, [Params]).
|
||||
|
||||
load_acl_hook(AclQuery) ->
|
||||
ok = emqx_acl_mysql:register_metrics(),
|
||||
emqx:hook('client.check_acl', fun emqx_acl_mysql:check_acl/5, [#{acl_query => AclQuery, pool =>?APP}]).
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -6,18 +6,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
||||
|
|
|
|||
|
|
@ -21,21 +21,12 @@
|
|||
-include_lib("emqx/include/logger.hrl").
|
||||
|
||||
%% ACL callbacks
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
|
||||
case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
||||
ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
|
||||
{stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
|
||||
{stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
|
||||
end.
|
||||
do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State).
|
||||
|
||||
do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
||||
ok;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_pgsql,
|
||||
[{description, "EMQ X Authentication/ACL with PostgreSQL"},
|
||||
{vsn, "4.3.0"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.1"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_pgsql_sup]},
|
||||
{applications, [kernel,stdlib,epgsql,ecpool]},
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}],
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}]
|
||||
}.
|
||||
|
|
@ -46,7 +46,6 @@ start(_StartType, _StartArgs) ->
|
|||
ok = emqx:hook('client.authenticate', fun emqx_auth_pgsql:check/3, [AuthEnv])
|
||||
end),
|
||||
if_enabled(acl_query, fun(AclQuery) ->
|
||||
ok = emqx_acl_pgsql:register_metrics(),
|
||||
ok = emqx:hook('client.check_acl', fun emqx_acl_pgsql:check_acl/5, [#{acl_query => AclQuery, pool => ?APP}])
|
||||
end),
|
||||
{ok, Sup}.
|
||||
|
|
|
|||
|
|
@ -7,17 +7,8 @@
|
|||
ignore = 'client.auth.ignore'
|
||||
}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(AUTH_METRICS, ?METRICS(auth_metrics)).
|
||||
-define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
|
|
|||
|
|
@ -21,26 +21,14 @@
|
|||
-include_lib("emqx/include/emqx.hrl").
|
||||
-include_lib("emqx/include/logger.hrl").
|
||||
|
||||
-export([ register_metrics/0
|
||||
, check_acl/5
|
||||
-export([ check_acl/5
|
||||
, description/0
|
||||
]).
|
||||
|
||||
-spec(register_metrics() -> ok).
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
check_acl(ClientInfo, PubSub, Topic, AclResult, Config) ->
|
||||
case do_check_acl(ClientInfo, PubSub, Topic, AclResult, Config) of
|
||||
ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
|
||||
{stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
|
||||
{stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
|
||||
end.
|
||||
|
||||
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Config) ->
|
||||
check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Config) ->
|
||||
ok;
|
||||
do_check_acl(ClientInfo, PubSub, Topic, _AclResult,
|
||||
#{acl_cmd := AclCmd, timeout := Timeout, type := Type, pool := Pool}) ->
|
||||
check_acl(ClientInfo, PubSub, Topic, _AclResult,
|
||||
#{acl_cmd := AclCmd, timeout := Timeout, type := Type, pool := Pool}) ->
|
||||
case emqx_auth_redis_cli:q(Pool, Type, AclCmd, ClientInfo, Timeout) of
|
||||
{ok, []} -> ok;
|
||||
{ok, Rules} ->
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_auth_redis,
|
||||
[{description, "EMQ X Authentication/ACL with Redis"},
|
||||
{vsn, "4.3.0"}, % strict semver, bump manually!
|
||||
{vsn, "4.3.1"}, % strict semver, bump manually!
|
||||
{modules, []},
|
||||
{registered, [emqx_auth_redis_sup]},
|
||||
{applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}],
|
||||
[{"4.3.0",
|
||||
[{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
||||
{<<".*">>,[]}]
|
||||
}.
|
||||
|
|
@ -59,7 +59,6 @@ load_acl_hook(AclCmd) ->
|
|||
timeout => Timeout,
|
||||
type => Type,
|
||||
pool => ?APP},
|
||||
ok = emqx_acl_redis:register_metrics(),
|
||||
emqx:hook('client.check_acl', fun emqx_acl_redis:check_acl/5, [Config]).
|
||||
|
||||
if_cmd_enabled(Par, Fun) ->
|
||||
|
|
|
|||
|
|
@ -38,26 +38,12 @@
|
|||
-type(acl_rules() :: #{publish => [emqx_access_rule:rule()],
|
||||
subscribe => [emqx_access_rule:rule()]}).
|
||||
|
||||
-record(acl_metrics, {
|
||||
allow = 'client.acl.allow',
|
||||
deny = 'client.acl.deny',
|
||||
ignore = 'client.acl.ignore'
|
||||
}).
|
||||
|
||||
-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
|
||||
-define(METRICS(Type, K), #Type{}#Type.K).
|
||||
|
||||
-define(ACL_METRICS, ?METRICS(acl_metrics)).
|
||||
-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
|
||||
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
%% API
|
||||
%%--------------------------------------------------------------------
|
||||
|
||||
load(Env) ->
|
||||
Rules = rules_from_file(proplists:get_value(acl_file, Env)),
|
||||
register_metrics(),
|
||||
emqx_hooks:add('client.check_acl', {?MODULE, check_acl, [Rules]}, -1).
|
||||
|
||||
unload(_Env) ->
|
||||
|
|
@ -82,15 +68,9 @@ description() ->
|
|||
-> {ok, allow} | {ok, deny} | ok).
|
||||
check_acl(Client, PubSub, Topic, _AclResult, Rules) ->
|
||||
case match(Client, Topic, lookup(PubSub, Rules)) of
|
||||
{matched, allow} ->
|
||||
emqx_metrics:inc(?ACL_METRICS(allow)),
|
||||
{ok, allow};
|
||||
{matched, deny} ->
|
||||
emqx_metrics:inc(?ACL_METRICS(deny)),
|
||||
{ok, deny};
|
||||
nomatch ->
|
||||
emqx_metrics:inc(?ACL_METRICS(ignore)),
|
||||
ok
|
||||
{matched, allow} -> {ok, allow};
|
||||
{matched, deny} -> {ok, deny};
|
||||
nomatch -> ok
|
||||
end.
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
|
|
@ -127,9 +107,6 @@ rules_from_file(AclFile) ->
|
|||
#{}
|
||||
end.
|
||||
|
||||
register_metrics() ->
|
||||
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
|
||||
|
||||
filter(_PubSub, {allow, all}) ->
|
||||
true;
|
||||
filter(_PubSub, {deny, all}) ->
|
||||
|
|
@ -142,3 +119,4 @@ filter(subscribe, {_AllowDeny, _Who, subscribe, _Topics}) ->
|
|||
true;
|
||||
filter(_PubSub, {_AllowDeny, _Who, _, _Topics}) ->
|
||||
false.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{application, emqx_modules,
|
||||
[{description, "EMQ X Module Management"},
|
||||
{vsn, "4.3.4"},
|
||||
{vsn, "4.3.3"},
|
||||
{modules, []},
|
||||
{applications, [kernel,stdlib]},
|
||||
{mod, {emqx_modules_app, []}},
|
||||
|
|
|
|||
|
|
@ -1,45 +1,32 @@
|
|||
%% -*-: erlang -*-
|
||||
{VSN,
|
||||
[
|
||||
{"4.3.3", [
|
||||
{apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.2", [
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.1", [
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []},
|
||||
{apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.0", [
|
||||
{update, emqx_mod_delayed, {advanced, []}},
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []},
|
||||
{apply, {emqx_metrics, ensure, [['client.acl.allow', 'client.acl.ignore', 'client.acl.deny']]}},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{<<".*">>, []}
|
||||
],
|
||||
[
|
||||
{"4.3.2", [
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.1", [
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{"4.3.0", [
|
||||
{update, emqx_mod_delayed, {advanced, []}},
|
||||
{load_module, emqx_mod_presence, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []},
|
||||
{load_module, emqx_mod_acl_internal, brutal_purge, soft_purge, []}
|
||||
{load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
|
||||
]},
|
||||
{<<".*">>, []}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,16 +1,20 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{VSN,
|
||||
[{"4.3.12",
|
||||
[ {load_module,emqx_channel,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_metrics,brutal_purge,soft_purge,[]}
|
||||
[ {load_module,emqx_metrics,brutal_purge,soft_purge,[]}
|
||||
, {apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}}
|
||||
, {load_module,emqx_access_control,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_channel,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_session,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_alarm,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_limiter,brutal_purge,soft_purge,[]}
|
||||
]},
|
||||
{"4.3.11",
|
||||
[{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -19,8 +23,10 @@
|
|||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.10",
|
||||
[{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -31,12 +37,14 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.9",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -48,12 +56,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.8",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -65,12 +75,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.7",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -84,12 +96,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.6",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -104,12 +118,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.5",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -125,12 +141,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.4",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -147,12 +165,14 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.3",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_misc,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -170,7 +190,10 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.2",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_misc,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -179,7 +202,6 @@
|
|||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -193,7 +215,10 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.1",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_misc,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -206,7 +231,6 @@
|
|||
{load_module,emqx_congestion,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -220,7 +244,11 @@
|
|||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||
{"4.3.0",
|
||||
[{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
[{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,assign_acl_stats_from_ets_to_counter,[]}},
|
||||
{apply,{emqx_metrics,upgrade_retained_delayed_counter_type,[]}},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_pqueue,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_mqueue,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -240,8 +268,6 @@
|
|||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{apply,{emqx_metrics,upgrade_retained_delayed_counter_type,[]}},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -252,6 +278,7 @@
|
|||
{<<".*">>,[]}],
|
||||
[{"4.3.12",
|
||||
[ {load_module,emqx_channel,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_access_control,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_metrics,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_session,brutal_purge,soft_purge,[]}
|
||||
, {load_module,emqx_alarm,brutal_purge,soft_purge,[]}
|
||||
|
|
@ -261,6 +288,7 @@
|
|||
[{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -271,6 +299,7 @@
|
|||
{"4.3.10",
|
||||
[{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_vm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_sys_mon,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -287,6 +316,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -304,6 +334,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -321,6 +352,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -340,6 +372,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -360,6 +393,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_pqueue,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -381,6 +415,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_pqueue,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -403,6 +438,7 @@
|
|||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_pqueue,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_mqueue,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -432,6 +468,7 @@
|
|||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_cm,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -459,6 +496,7 @@
|
|||
{load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_session,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||
|
|
@ -489,6 +527,7 @@
|
|||
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||
|
|
|
|||
|
|
@ -45,10 +45,11 @@ authenticate(ClientInfo = #{zone := Zone}) ->
|
|||
-spec(check_acl(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic())
|
||||
-> allow | deny).
|
||||
check_acl(ClientInfo, PubSub, Topic) ->
|
||||
case emqx_acl_cache:is_enabled() of
|
||||
Result = case emqx_acl_cache:is_enabled() of
|
||||
true -> check_acl_cache(ClientInfo, PubSub, Topic);
|
||||
false -> do_check_acl(ClientInfo, PubSub, Topic)
|
||||
end.
|
||||
end,
|
||||
inc_acl_metrics(Result), Result.
|
||||
|
||||
check_acl_cache(ClientInfo, PubSub, Topic) ->
|
||||
case emqx_acl_cache:get_acl_cache(PubSub, Topic) of
|
||||
|
|
@ -56,7 +57,9 @@ check_acl_cache(ClientInfo, PubSub, Topic) ->
|
|||
AclResult = do_check_acl(ClientInfo, PubSub, Topic),
|
||||
emqx_acl_cache:put_acl_cache(PubSub, Topic, AclResult),
|
||||
AclResult;
|
||||
AclResult -> AclResult
|
||||
AclResult ->
|
||||
inc_acl_metrics(cache_hit),
|
||||
AclResult
|
||||
end.
|
||||
|
||||
do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) ->
|
||||
|
|
@ -76,6 +79,14 @@ default_auth_result(Zone) ->
|
|||
run_hooks(Name, Args, Acc) ->
|
||||
ok = emqx_metrics:inc(Name), emqx_hooks:run_fold(Name, Args, Acc).
|
||||
|
||||
-compile({inline, [inc_acl_metrics/1]}).
|
||||
inc_acl_metrics(allow) ->
|
||||
emqx_metrics:inc('client.acl.allow');
|
||||
inc_acl_metrics(deny) ->
|
||||
emqx_metrics:inc('client.acl.deny');
|
||||
inc_acl_metrics(cache_hit) ->
|
||||
emqx_metrics:inc('client.acl.cache_hit').
|
||||
|
||||
-compile({inline, [return_auth_result/1]}).
|
||||
return_auth_result(Result = #{auth_result := success}) ->
|
||||
{ok, Result};
|
||||
|
|
|
|||
|
|
@ -65,8 +65,11 @@
|
|||
, code_change/3
|
||||
]).
|
||||
|
||||
%% BACKW: v4.3.0
|
||||
-export([ upgrade_retained_delayed_counter_type/0
|
||||
%% BACKW
|
||||
-export([%% v4.3.0
|
||||
upgrade_retained_delayed_counter_type/0,
|
||||
%% e4.4.0, e4.3.0-e4.3.6, v4.3.0-v4.3.11
|
||||
assign_acl_stats_from_ets_to_counter/0
|
||||
]).
|
||||
|
||||
-export_type([metric_idx/0]).
|
||||
|
|
@ -186,6 +189,12 @@
|
|||
{counter, 'session.discarded'},
|
||||
{counter, 'session.terminated'}
|
||||
]).
|
||||
%% Statistic metrics for ACL checking
|
||||
-define(STASTS_ACL_METRICS,
|
||||
[ {counter, 'client.acl.allow'},
|
||||
{counter, 'client.acl.deny'},
|
||||
{counter, 'client.acl.cache_hit'}
|
||||
]).
|
||||
|
||||
-record(state, {next_idx = 1}).
|
||||
|
||||
|
|
@ -204,6 +213,21 @@ upgrade_retained_delayed_counter_type() ->
|
|||
Ks = ['messages.retained', 'messages.delayed'],
|
||||
gen_server:call(?SERVER, {set_type_to_counter, Ks}, infinity).
|
||||
|
||||
%% BACKW: %% e4.4.0, e4.3.0-e4.3.6, v4.3.0-v4.3.11
|
||||
assign_acl_stats_from_ets_to_counter() ->
|
||||
CRef = persistent_term:get(?MODULE),
|
||||
Names = ['client.acl.allow', 'client.acl.deny', 'client.acl.cache_hit'],
|
||||
lists:foreach(fun(Name) ->
|
||||
Val = case emqx_metrics:val(Name) of
|
||||
undefined -> 0;
|
||||
Val0 -> Val0
|
||||
end,
|
||||
Idx = reserved_idx(Name),
|
||||
Metric = #metric{name = Name, type = counter, idx = Idx},
|
||||
ok = gen_server:call(?SERVER, {set, Metric}),
|
||||
ok = counters:put(CRef, Idx, Val)
|
||||
end, Names).
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
%% Metrics API
|
||||
%%--------------------------------------------------------------------
|
||||
|
|
@ -433,7 +457,8 @@ init([]) ->
|
|||
?MESSAGE_METRICS,
|
||||
?DELIVERY_METRICS,
|
||||
?CLIENT_METRICS,
|
||||
?SESSION_METRICS
|
||||
?SESSION_METRICS,
|
||||
?STASTS_ACL_METRICS
|
||||
]),
|
||||
% Store reserved indices
|
||||
ok = lists:foreach(fun({Type, Name}) ->
|
||||
|
|
@ -466,6 +491,10 @@ handle_call({set_type_to_counter, Keys}, _From, State) ->
|
|||
end, Keys),
|
||||
{reply, ok, State};
|
||||
|
||||
handle_call({set, Metric}, _From, State) ->
|
||||
true = ets:insert(?TAB, Metric),
|
||||
{reply, ok, State};
|
||||
|
||||
handle_call(Req, _From, State) ->
|
||||
?LOG(error, "Unexpected call: ~p", [Req]),
|
||||
{reply, ignored, State}.
|
||||
|
|
@ -574,6 +603,10 @@ reserved_idx('session.resumed') -> 221;
|
|||
reserved_idx('session.takeovered') -> 222;
|
||||
reserved_idx('session.discarded') -> 223;
|
||||
reserved_idx('session.terminated') -> 224;
|
||||
%% Stats metrics
|
||||
reserved_idx('client.acl.allow') -> 300;
|
||||
reserved_idx('client.acl.deny') -> 301;
|
||||
reserved_idx('client.acl.cache_hit') -> 302;
|
||||
|
||||
reserved_idx(_) -> undefined.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue