Add config to adjust MQTT whether disconnect when publish or subscribe non-authorized topic

[iamdrq]

Proposed Changes

Thanks all works.

In MQTT spec, not clear descipe client whether disconnect when publish or subscribe non-authorized topic,

So implement has diffrent action:

HiveMQ: 

subscribe non-authorized topic:
MQTT3.1 → disconnect 
MQTT3.1.1 → SUBACK failure no disconnect
MQTT5 → reason codes no disconnect

publish non-authorized topic:
disconnect client (but MQTT5 can send reason code then disconnect)

EMQX:

subscribe non-authorized topic:
SUBACK deny (MQTT5 not authorized, MQTT3 fail) no disconnect

publish non-authorized topic:
Reject publish, no disconnect by default

Rabbitmq MQTT:

subscribe non-authorized topic:
disconnect

publish non-authorized topic:
disconnect

In AMQP spec, disconnect client when touch non-authorized topic, so Rabbitmq MQTT keep this action now.

In MQTT spec,this is not clear.
Someone hope touch non-authorized topic disconnect and someone hope not, #12902
So let's add config to adjust Rabbitmq MQTT whether disconnect when publish or subscribe non-authorized topic,
give control to the user.

rabbitmq.conf

mqtt.ignore_unauthorized=false|true (false defualt)

mqtt.ignore_unauthorized=false

disconnect client when publish or subscribe non-authorized topic, keep Rabbitmq MQTT action now

mqtt.ignore_unauthorized=true

subscribe: 
reply SUBACK(ok,non-authorized) and send retained messages for the successfully subscribed topics
and keep connection

publish: 
MQTT v5 + QoS1: reply with PUBACK including an error reason code and keep connection.
MQTT v3 or QoS0 : drop silently and keep connection.

Types of Changes

What types of changes does your code introduce to this project?

• New feature (non-breaking change which adds functionality)

Checklist

• Mandatory: I (or my employer/client) have have signed the CA (see https://github.com/rabbitmq/cla)
• I have read the CONTRIBUTING.md document
• All tests pass locally with my changes

[ansd]

The rationale of this PR makes sense because the MQTT 5.0 spec states:

Errors other than Malformed Packet and Protocol Errors cannot be anticipated by the sender because the receiver might have constraints which it has not communicated to the sender. A receiving Client or Server might encounter a transient error, such as a shortage of memory, that prevents successful processing of an individual MQTT Control Packet. Acknowledgment packets PUBACK, PUBREC, PUBREL, PUBCOMP, SUBACK, UNSUBACK with a Reason Code of 0x80 or greater indicate that the received packet, identified by a Packet Identifier, was in error. There are no consequences for other Sessions or other Packets flowing on the same Session.

EMQX also has a config option to toggle this disconnect on authz failure behaviour.

I find maintain_connection_on_authorization_failures is too long.

Let's name it disconnect_on_unauthorized (defaulting to true since that's today's behaviour).

@iamdrq tests are missing. Please add tests.

[michaelklishin]

mqtt.disconnect_on_unauthorized sounds reasonable.

[michaelklishin]

@iamdrq this was not forgotten but chances are, it will now be reviewed after Jan 2.

[iamdrq]

@michaelklishin Thanks for the update! That’s totally fine, I appreciate you letting me know.

[ansd]

Thank you @iamdrq. I don't have permission to push to your branch. So, I created a new PR in #15201 and cherry-picked your commits and did some small refactor on top.