yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: make authz's logs easier to understand

This commit is contained in:
zhongwencool 2024-05-29 16:57:28 +08:00
parent ec7ec7261e
commit fda365a87b
3 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
apps/emqx_auth/src/emqx_authz/emqx_authz.erl
View File

@ -486,8 +486,8 @@ source_for_logging(Type, _) ->
do_authorize(_Client, _PubSub, _Topic, []) ->
nomatch;
do_authorize(Client, PubSub, Topic, [#{enable := false} | Rest]) ->
do_authorize(Client, PubSub, Topic, Rest);
do_authorize(Client, PubSub, Topic, [#{enable := false} | Tail]) ->
do_authorize(Client, PubSub, Topic, Tail);
do_authorize(
#{
username := Username
@ -501,16 +501,8 @@ do_authorize(
try Module:authorize(Client, PubSub, Topic, Connector) of
nomatch ->
emqx_metrics_worker:inc(authz_metrics, Type, nomatch),
?TRACE("AUTHZ", "authorization_module_nomatch", #{
module => Module,
username => Username,
topic => Topic,
action => emqx_access_control:format_action(PubSub)
}),
do_authorize(Client, PubSub, Topic, Tail);
%% {matched, allow | deny | ignore}
{matched, ignore} ->
?TRACE("AUTHZ", "authorization_module_match_ignore", #{
?TRACE("AUTHZ", "authorization_nomatch", #{
authorize_type => Type,
module => Module,
username => Username,
topic => Topic,
@ -518,15 +510,40 @@ do_authorize(
}),
do_authorize(Client, PubSub, Topic, Tail);
ignore ->
?TRACE("AUTHZ", "authorization_module_ignore", #{
?TRACE("AUTHZ", "authorization_ignore", #{
authorize_type => Type,
module => Module,
username => Username,
topic => Topic,
action => emqx_access_control:format_action(PubSub)
}),
do_authorize(Client, PubSub, Topic, Tail);
%% {matched, allow | deny}
Matched ->
{matched, ignore} ->
?TRACE("AUTHZ", "authorization_matched_ignore", #{
authorize_type => Type,
module => Module,
username => Username,
topic => Topic,
action => emqx_access_control:format_action(PubSub)
}),
do_authorize(Client, PubSub, Topic, Tail);
{matched, allow} = Matched ->
?TRACE("AUTHZ", "authorization_matched_allow", #{
authorize_type => Type,
module => Module,
username => Username,
topic => Topic,
action => emqx_access_control:format_action(PubSub)
}),
{Matched, Type};
{matched, deny} = Matched ->
?TRACE("AUTHZ", "authorization_matched_deny", #{
authorize_type => Type,
module => Module,
username => Username,
topic => Topic,
action => emqx_access_control:format_action(PubSub)
}),
{Matched, Type}
catch
Class:Reason:Stacktrace ->

2
apps/emqx_auth/src/emqx_authz/emqx_authz_source.erl
View File

@ -19,7 +19,7 @@
-type source_type() :: atom().
-type source() :: #{type => source_type(), _ => _}.
-type raw_source() :: map().
-type match_result() :: {matched, allow} | {matched, deny} | nomatch.
-type match_result() :: {matched, allow | deny | ignore} | nomatch | ignore.
-export_type([
source_type/0,

6
apps/emqx_auth/src/emqx_authz/sources/emqx_authz_client_info.erl
View File

@ -59,10 +59,10 @@ update(Source) ->
destroy(_Source) -> ok.
%% @doc Authorize based on cllientinfo enriched with `acl' data.
%% @doc Authorize based on client info enriched with `acl' data.
%% e.g. From JWT.
%%
%% Supproted rules formats are:
%% Supported rules formats are:
%%
%% v1: (always deny when no match)
%%
@ -116,7 +116,7 @@ authorize(#{acl := Acl} = Client, PubSub, Topic, _Source) ->
MatchResult
end;
authorize(_Client, _PubSub, _Topic, _Source) ->
nomatch.
ignore.
%%--------------------------------------------------------------------
%% Internal functions