Mnesia ACL

Mnesia ACL 使用 EMQ X 内置的 Mnesia 数据库存储 ACL 规则,可以存储数据、动态管理 ACL,方便与外部设备管理系统集成

插件:

  1. emqx_auth_mnesia

ACL 规则结构体

  1. {
  2. "clientid":"emqx",
  3. "topic":"testtopic/1",
  4. "action":"pub",
  5. "access": "allow"
  6. }

规则字段说明:

  • clientid / username:客户端的 Username 或 Client ID.
  • topic:控制的主题,可以使用通配符,并且可以在主题中加入占位符来匹配客户端信息,例如 t/%c 则在匹配时主题将会替换为当前客户端的 Client ID
    • %u:用户名
    • %c:Client ID
  • action:操作行为,可选值:pub | sub | pubsub
  • Access:是否允许,可选值:allow | deny

Mnesia ACL 默认不设规则,你可以使用 HTTP API 和 emqx_ctl 管理 ACL 规则。

使用 HTTP API 管理 ACL 规则

添加 ACL 规则

  • Clinetid ACL:

    1. # Request
    2. POST api/v4/acl
    3. {
    4. "clientid":"emqx_c",
    5. "topic":"Topic/A",
    6. "action":"pub",
    7. "access": "allow"
    8. }
    9. # Response
    10. {
    11. "data": {
    12. "clientid":"emqx_c",
    13. "topic":"Topic/A",
    14. "action":"pub",
    15. "access": "allow"
    16. "result": "ok"
    17. },
    18. "code": 0
    19. }
  • Username ACL:

    1. # Request
    2. POST api/v4/acl
    3. {
    4. "username":"emqx_u",
    5. "topic":"Topic/A",
    6. "action":"pub",
    7. "access": "allow"
    8. }
    9. # Response
    10. {
    11. "data": {
    12. "username":"emqx_u",
    13. "topic":"Topic/A",
    14. "action":"pub",
    15. "access": "allow"
    16. "result": "ok"
    17. },
    18. "code": 0
    19. }
  • $all ACL:

    1. # Request
    2. POST api/v4/acl
    3. {
    4. "topic":"Topic/A",
    5. "action":"pub",
    6. "access": "allow"
    7. }
    8. # Response
    9. {
    10. "data": {
    11. "all": "$all",
    12. "topic":"Topic/A",
    13. "action":"pub",
    14. "access": "allow"
    15. "result": "ok"
    16. },
    17. "code": 0
    18. }

批量添加 ACL 规则

  1. # Request
  2. POST api/v4/acl
  3. [
  4. {
  5. "clientid":"emqx_c_1",
  6. "topic":"Topic/A",
  7. "action":"pub",
  8. "access": "allow"
  9. },
  10. {
  11. "username":"emqx_u_1",
  12. "topic":"Topic/A",
  13. "action":"sub",
  14. "access": "allow"
  15. },
  16. {
  17. "topic":"Topic/+",
  18. "action":"pubsub",
  19. "access": "deny"
  20. }
  21. ]
  22. # Response
  23. {
  24. "data": [
  25. {
  26. "clientid":"emqx_c_1",
  27. "topic":"Topic/A",
  28. "action":"pub",
  29. "access": "allow",
  30. "result": "ok"
  31. },
  32. {
  33. "username":"emqx_u_1",
  34. "topic":"Topic/A",
  35. "action":"pub",
  36. "access": "allow"
  37. "result": "ok"
  38. },
  39. {
  40. "all": "$all",
  41. "topic":"Topic/+",
  42. "action":"pubsub",
  43. "access": "deny"
  44. },
  45. ],
  46. "code": 0
  47. }

查看已经添加的 ACL 规则

  • Clinetid ACL:

    1. # Request
    2. GET api/v4/acl/clinetid
    3. # Response
    4. {
    5. "meta": {
    6. "page": 1,
    7. "limit": 10,
    8. "count": 1
    9. },
    10. "data": [
    11. {
    12. "clientid": "emqx_c",
    13. "topic": "Topic/A",
    14. "action": "pub",
    15. "access": "allow"
    16. },
    17. {
    18. "clientid": "emqx_c_1",
    19. "topic": "Topic/A",
    20. "action": "pub",
    21. "access": "allow"
    22. },
    23. {
    24. "clientid": "emqx_c_2",
    25. "topic": "Topic/A",
    26. "action": "pub",
    27. "access": "allow"
    28. }
    29. ],
    30. "code": 0
    31. }
  • Username ACL:

    1. # Request
    2. GET api/v4/acl/username
    3. # Response
    4. {
    5. "meta": {
    6. "page": 1,
    7. "limit": 10,
    8. "count": 1
    9. },
    10. "data": [
    11. {
    12. "username": "emqx_u",
    13. "topic": "Topic/A",
    14. "action": "pub",
    15. "access": "allow"
    16. },
    17. {
    18. "username": "emqx_u_1",
    19. "topic": "Topic/A",
    20. "action": "pub",
    21. "access": "allow"
    22. },
    23. {
    24. "username": "emqx_u_2",
    25. "topic": "Topic/A",
    26. "action": "pub",
    27. "access": "allow"
    28. }
    29. ],
    30. "code": 0
    31. }
  • $all ACL:

    1. # Request
    2. GET api/v4/acl/$all
    3. # Response
    4. {
    5. "meta": {
    6. "page": 1,
    7. "limit": 10,
    8. "count": 1
    9. },
    10. "data": [
    11. {
    12. "all": "$all",
    13. "topic": "Topic/A",
    14. "action": "pub",
    15. "access": "allow"
    16. },
    17. {
    18. "all": "$all",
    19. "topic": "Topic/+",
    20. "action": "pubsub",
    21. "access": "deny"
    22. }
    23. ],
    24. "code": 0
    25. }

查看指定 ACL 规则

  • Clientid ACL

    1. # Request
    2. GET api/v4/acl/clientid/${clientid}
    3. # Response
    4. {
    5. "data": {
    6. "topic": "Topic/A",
    7. "clientid": "emqx_c",
    8. "allow": true,
    9. "action": "pub"
    10. },
    11. "code": 0
    12. }
  • Username ACL

    1. # Request
    2. GET api/v4/acl/username/${username}
    3. # Response
    4. {
    5. "data": {
    6. "topic": "Topic/A",
    7. "username": "emqx_u",
    8. "allow": true,
    9. "action": "pub"
    10. },
    11. "code": 0
    12. }

删除 ACL 规则

  • Clinet ACL

    1. # Request
    2. # 请注意 ${topic} 需要使用 UrlEncode 编码
    3. DELETE api/v4/acl/clinetid/${clientid}/topic/${topic}
    4. # Response
    5. {
    6. "code": 0
    7. }
  • Username ACL

    1. # Request
    2. # 请注意 ${topic} 需要使用 UrlEncode 编码
    3. DELETE api/v4/acl/username/${username}/topic/${topic}
    4. # Response
    5. {
    6. "code": 0
    7. }
  • Clinet ACL

    ```bash

    Request

    请注意 ${topic} 需要使用 UrlEncode 编码

    DELETE api/v4/acl/$all/topic/${topic}

    Response

    {

    1. "code": 0

    } ```