ACL can exclusively done through HTTP if HTTP auth is enabled
Hello,
I am not sure this qualify as a bug but at least it would be nice to clarify the behaviour. I try to dig in the docs and github but I have not found anything about this.
Describe the bug As soon as I enable authentication of client through HTTP, ACL can exclusively be done through HTTP as well. nanomq_acl.conf and other param about ACL are ignored.
Expected behavior What I expected is that if I comment out the ACL part of the http auth and that I define the following conf:
- no_match = allow
- deny_action = ignore
- {"permit": "allow"} in the ACL rules
This should not try to perform the ACL query through HTTP and allow publish and subscribe to any topic.
Actual Behavior
The actual behaviour is that I can connect fine to the broker but as soon as I publish or subscribe I get disconnected. In the logs I get either:
handle_pub: Auth failed! publish packet!
OR
sub_ctx_handle: topic: [#] HTTP AUTH fail, set SUBACK reason_code: [135]
To Reproduce Start the broker with the following auth conf:
auth {
allow_anonymous = false # Allow clients to connect without providing username/password
no_match = allow # Default action if no ACL rules match
deny_action = ignore # Action to take if an ACL check rejects an operation
cache = {
max_size = 32 # Maximum number of ACL entries to cache for a client
ttl = 1m # Time after which an ACL cache entry will be deleted
}
acl = {include "./nanomq_acl.conf"} # Path to the ACL configuration file
http_auth = {
auth_req {
url = "http://127.0.0.1:8000/api/login" # HTTP URL API path for Auth Request
method = "POST" # HTTP Request Method for Auth Request
headers.content-type = "application/json" # HTTP Request Headers for Auth Request
params = {login = "%u", password = "%P"} # Parameters to construct request body
}
timeout = 5s # Time-out time for the request
connect_timeout = 5s # Connection time-out time
pool_size = 4 # Connection process pool size
}
}
And inside nanomq_acl.conf:
rules = [
{"permit": "allow"}
]
Environment Details
- NanoMQ version 0.21.10
- Ubuntu 22.04
Client SDK I am using mqtt explorer 0.4.0
Cheers!