Add config to adjust MQTT whether disconnect when publish or subscribe non-authorized topic

[iamdrq]

Proposed Changes

Thanks all works.

In MQTT spec, not clear descipe client whether disconnect when publish or subscribe non-authorized topic,

So implement has diffrent action:

HiveMQ: 

subscribe non-authorized topic:
MQTT3.1 → disconnect 
MQTT3.1.1 → SUBACK failure no disconnect
MQTT5 → reason codes no disconnect

publish non-authorized topic:
disconnect client (but MQTT5 can send reason code then disconnect)

EMQX:

subscribe non-authorized topic:
SUBACK deny (MQTT5 not authorized, MQTT3 fail) no disconnect

publish non-authorized topic:
Reject publish, no disconnect by default

Rabbitmq MQTT:

subscribe non-authorized topic:
disconnect

publish non-authorized topic:
disconnect

In AMQP spec, disconnect client when touch non-authorized topic, so Rabbitmq MQTT keep this action now.

In MQTT spec,this is not clear.
Someone hope touch non-authorized topic disconnect and someone hope not, #12902
So let's add config to adjust Rabbitmq MQTT whether disconnect when publish or subscribe non-authorized topic,
give control to the user.

rabbitmq.conf

mqtt.ignore_unauthorized=false|true (false defualt)

mqtt.ignore_unauthorized=false

disconnect client when publish or subscribe non-authorized topic, keep Rabbitmq MQTT action now

mqtt.ignore_unauthorized=true

subscribe: 
reply SUBACK(ok,non-authorized) and send retained messages for the successfully subscribed topics
and keep connection

publish: 
MQTT v5 + QoS1: reply with PUBACK including an error reason code and keep connection.
MQTT v3 or QoS0 : drop silently and keep connection.

Types of Changes

What types of changes does your code introduce to this project?

• New feature (non-breaking change which adds functionality)

Checklist

• Mandatory: I (or my employer/client) have have signed the CA (see https://github.com/rabbitmq/cla)
• I have read the CONTRIBUTING.md document
• All tests pass locally with my changes

[michaelklishin]

I have a problem with this name. Ignore authorized what specifically?

This could be mqtt.ignore_authorization_failures but that would not explain when exactly and the name can be misleading.

mqtt.maintain_connection_on_authorization_failures is slightly more specific and is the best suggestion I have.

[ansd]

I find maintain_connection_on_authorization_failures is too long.

Let's name it disconnect_on_unauthorized (defaulting to true since that's today's behaviour).

[ansd]

The rationale of this PR makes sense because the MQTT 5.0 spec states:

Errors other than Malformed Packet and Protocol Errors cannot be anticipated by the sender because the receiver might have constraints which it has not communicated to the sender. A receiving Client or Server might encounter a transient error, such as a shortage of memory, that prevents successful processing of an individual MQTT Control Packet. Acknowledgment packets PUBACK, PUBREC, PUBREL, PUBCOMP, SUBACK, UNSUBACK with a Reason Code of 0x80 or greater indicate that the received packet, identified by a Packet Identifier, was in error. There are no consequences for other Sessions or other Packets flowing on the same Session.

EMQX also has a config option to toggle this disconnect on authz failure behaviour.

I find maintain_connection_on_authorization_failures is too long.

Let's name it disconnect_on_unauthorized (defaulting to true since that's today's behaviour).

@iamdrq tests are missing. Please add tests.