chore(acl): delete acl nomatch config item

apps/emqx/src/emqx_access_control.erl

@@ -59,9 +59,8 @@ check_acl_cache(ClientInfo, PubSub, Topic) ->
         AclResult -> AclResult
     end.
 
-do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) ->
-    Default = emqx_zone:get_env(Zone, acl_nomatch, deny),
-    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of
+do_check_acl(ClientInfo, PubSub, Topic) ->
+    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], allow) of
         allow  -> allow;
         _Other -> deny
     end.

apps/emqx/test/emqx_access_control_SUITE.erl

@@ -39,13 +39,6 @@ t_authenticate(_) ->
     ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
 
 t_check_acl(_) ->
-    emqx_zone:set_env(zone, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
-    ?assertEqual(deny, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)),
-
-    emqx_zone:set_env(zone, acl_nomatch, allow),
-    application:set_env(emqx, enable_acl_cache, true),
     Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
     ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).
 

apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl

@@ -197,8 +197,8 @@ t_connect_will_message(_) ->
 t_batch_subscribe(_) ->
     {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
     {ok, _} = emqtt:connect(Client),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
+    ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end),
     {ok, _, [?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
@@ -209,7 +209,7 @@ t_batch_subscribe(_) ->
              ?RC_NO_SUBSCRIPTION_EXISTED]} = emqtt:unsubscribe(Client, [<<"t1">>,
                                                                         <<"t2">>,
                                                                         <<"t3">>]),
-    application:set_env(emqx, acl_nomatch, allow),
+    meck:unload(emqx_access_control),
     emqtt:disconnect(Client).
 
 t_connect_will_retain(_) ->

apps/emqx_authz/src/emqx_authz.erl

@@ -150,22 +150,22 @@ b2l(B) when is_binary(B) -> binary_to_list(B).
 
 %% @doc Check ACL
 -spec(check_authz(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
-      -> {ok, allow} | {ok, deny} | deny).
+      -> {stop, allow} | {ok, deny}).
 check_authz(#{username := Username,
               peerhost := IpAddress
-             } = Client, PubSub, Topic, DefaultResult, Rules) ->
+             } = Client, PubSub, Topic, _DefaultResult, Rules) ->
     case do_check_authz(Client, PubSub, Topic, Rules) of
         {matched, allow} ->
-            ?LOG(info, "Client succeeded authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
             emqx_metrics:inc(?ACL_METRICS(allow)),
             {stop, allow};
         {matched, deny} ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
             emqx_metrics:inc(?ACL_METRICS(deny)),
             {stop, deny};
         nomatch ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
-            DefaultResult
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
+            {stop, deny}
     end.
 
 do_check_authz(Client, PubSub, Topic,

apps/emqx_authz/test/emqx_authz_SUITE.erl

@@ -39,7 +39,6 @@ end_per_suite(_Config) ->
 set_special_configs(emqx) ->
     application:set_env(emqx, allow_anonymous, true),
     application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
     ok;
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
@@ -145,7 +144,7 @@ t_authz(_) ->
     Rules3 = [emqx_authz:compile(Rule) || Rule <- [?RULE3, ?RULE4]],
     Rules4 = [emqx_authz:compile(Rule) || Rule <- [?RULE4, ?RULE1]],
 
-    ?assertEqual(deny,
+    ?assertEqual({stop, deny},
         emqx_authz:check_authz(ClientInfo1, subscribe, <<"#">>, deny, [])),
     ?assertEqual({stop, deny},
         emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),

apps/emqx_coap/test/emqx_coap_SUITE.erl

@@ -289,6 +289,7 @@ t_acl(Config) ->
         ok
     end,
 
+    ok = emqx_hooks:del('client.check_acl', {emqx_authz, check_authz}),
     file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
     application:set_env(emqx, plugins_etc_dir, OldPath),
     application:stop(emqx_authz).