feat: add authz skipped trace

2024-07-29 17:24:01 +08:00 · 2024-07-29 17:24:01 +08:00 · d7cac74bed
parent 2d6b2bff8e
commit d7cac74bed
2 changed files with 7 additions and 1 deletions
--- a/apps/emqx_auth/src/emqx_authz/emqx_authz.erl
+++ b/apps/emqx_auth/src/emqx_authz/emqx_authz.erl
@ -477,9 +477,14 @@ authorize_deny(
    sources()
 ) ->
    authz_result().
-authorize(Client, PubSub, Topic, _DefaultResult, Sources) ->
+authorize(#{username := Username} = Client, PubSub, Topic, _DefaultResult, Sources) ->
    case maps:get(is_superuser, Client, false) of
        true ->
+            ?TRACE("AUTHZ", "authorization_skipped_as_superuser", #{
+                username => Username,
+                topic => Topic,
+                action => emqx_access_control:format_action(PubSub)
+            }),
            emqx_metrics:inc(?METRIC_SUPERUSER),
            {stop, #{result => allow, from => superuser}};
        false ->
--- a/changes/ce/feat-13534.en.md
+++ b/changes/ce/feat-13534.en.md
@ -0,0 +1 @@
+Add trace logging when superuser skipped authz check.
				`@ -0,0 +1 @@`
				`Add trace logging when superuser skipped authz check.`