From fda365a87b76db0a29b7073519f26fa7885c1926 Mon Sep 17 00:00:00 2001
From: zhongwencool <zhongwencool@gmail.com>
Date: Wed, 29 May 2024 16:57:28 +0800
Subject: [PATCH] chore: make authz's logs easier to understand

---
 apps/emqx_auth/src/emqx_authz/emqx_authz.erl  | 47 +++++++++++++------
 .../src/emqx_authz/emqx_authz_source.erl      |  2 +-
 .../sources/emqx_authz_client_info.erl        |  6 +--
 3 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/apps/emqx_auth/src/emqx_authz/emqx_authz.erl b/apps/emqx_auth/src/emqx_authz/emqx_authz.erl
index 9745078a0..b6ece054b 100644
--- a/apps/emqx_auth/src/emqx_authz/emqx_authz.erl
+++ b/apps/emqx_auth/src/emqx_authz/emqx_authz.erl
@@ -486,8 +486,8 @@ source_for_logging(Type, _) ->
 
 do_authorize(_Client, _PubSub, _Topic, []) ->
     nomatch;
-do_authorize(Client, PubSub, Topic, [#{enable := false} | Rest]) ->
-    do_authorize(Client, PubSub, Topic, Rest);
+do_authorize(Client, PubSub, Topic, [#{enable := false} | Tail]) ->
+    do_authorize(Client, PubSub, Topic, Tail);
 do_authorize(
     #{
         username := Username
@@ -501,16 +501,8 @@ do_authorize(
     try Module:authorize(Client, PubSub, Topic, Connector) of
         nomatch ->
             emqx_metrics_worker:inc(authz_metrics, Type, nomatch),
-            ?TRACE("AUTHZ", "authorization_module_nomatch", #{
-                module => Module,
-                username => Username,
-                topic => Topic,
-                action => emqx_access_control:format_action(PubSub)
-            }),
-            do_authorize(Client, PubSub, Topic, Tail);
-        %% {matched, allow | deny | ignore}
-        {matched, ignore} ->
-            ?TRACE("AUTHZ", "authorization_module_match_ignore", #{
+            ?TRACE("AUTHZ", "authorization_nomatch", #{
+                authorize_type => Type,
                 module => Module,
                 username => Username,
                 topic => Topic,
@@ -518,15 +510,40 @@ do_authorize(
             }),
             do_authorize(Client, PubSub, Topic, Tail);
         ignore ->
-            ?TRACE("AUTHZ", "authorization_module_ignore", #{
+            ?TRACE("AUTHZ", "authorization_ignore", #{
+                authorize_type => Type,
                 module => Module,
                 username => Username,
                 topic => Topic,
                 action => emqx_access_control:format_action(PubSub)
             }),
             do_authorize(Client, PubSub, Topic, Tail);
-        %% {matched, allow | deny}
-        Matched ->
+        {matched, ignore} ->
+            ?TRACE("AUTHZ", "authorization_matched_ignore", #{
+                authorize_type => Type,
+                module => Module,
+                username => Username,
+                topic => Topic,
+                action => emqx_access_control:format_action(PubSub)
+            }),
+            do_authorize(Client, PubSub, Topic, Tail);
+        {matched, allow} = Matched ->
+            ?TRACE("AUTHZ", "authorization_matched_allow", #{
+                authorize_type => Type,
+                module => Module,
+                username => Username,
+                topic => Topic,
+                action => emqx_access_control:format_action(PubSub)
+            }),
+            {Matched, Type};
+        {matched, deny} = Matched ->
+            ?TRACE("AUTHZ", "authorization_matched_deny", #{
+                authorize_type => Type,
+                module => Module,
+                username => Username,
+                topic => Topic,
+                action => emqx_access_control:format_action(PubSub)
+            }),
             {Matched, Type}
     catch
         Class:Reason:Stacktrace ->
diff --git a/apps/emqx_auth/src/emqx_authz/emqx_authz_source.erl b/apps/emqx_auth/src/emqx_authz/emqx_authz_source.erl
index 0bb48417e..bb4c3b1b6 100644
--- a/apps/emqx_auth/src/emqx_authz/emqx_authz_source.erl
+++ b/apps/emqx_auth/src/emqx_authz/emqx_authz_source.erl
@@ -19,7 +19,7 @@
 -type source_type() :: atom().
 -type source() :: #{type => source_type(), _ => _}.
 -type raw_source() :: map().
--type match_result() :: {matched, allow} | {matched, deny} | nomatch.
+-type match_result() :: {matched, allow | deny | ignore} | nomatch | ignore.
 
 -export_type([
     source_type/0,
diff --git a/apps/emqx_auth/src/emqx_authz/sources/emqx_authz_client_info.erl b/apps/emqx_auth/src/emqx_authz/sources/emqx_authz_client_info.erl
index 4451b9e03..aa867fcd7 100644
--- a/apps/emqx_auth/src/emqx_authz/sources/emqx_authz_client_info.erl
+++ b/apps/emqx_auth/src/emqx_authz/sources/emqx_authz_client_info.erl
@@ -59,10 +59,10 @@ update(Source) ->
 
 destroy(_Source) -> ok.
 
-%% @doc Authorize based on cllientinfo enriched with `acl' data.
+%% @doc Authorize based on client info enriched with `acl' data.
 %% e.g. From JWT.
 %%
-%% Supproted rules formats are:
+%% Supported rules formats are:
 %%
 %% v1: (always deny when no match)
 %%
@@ -116,7 +116,7 @@ authorize(#{acl := Acl} = Client, PubSub, Topic, _Source) ->
             MatchResult
     end;
 authorize(_Client, _PubSub, _Topic, _Source) ->
-    nomatch.
+    ignore.
 
 %%--------------------------------------------------------------------
 %% Internal functions