docs: add more schema docs for authz

2021-10-19 17:22:41 +02:00 · 2021-10-19 17:22:41 +02:00 · 0fcb3a1e93
parent 0cf5aa5611
commit 0fcb3a1e93
2 changed files with 18 additions and 3 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -165,6 +165,13 @@ fields("authorization") ->
    [ {"no_match",
       sc(hoconsc:enum([allow, deny]),
          #{ default => allow
+             %% TODO: make sources a reference link
+           , desc => """
+Default access control action if the user or client matches no ACL rules,
+or if no such user or client is found by the configurable authorization
+sources such as built-in-database, an HTTP API, or a query against PostgreSQL.
+Find more details in 'authorization.sources' config.
+"""
           })}
    , {"deny_action",
       sc(hoconsc:enum([ignore, disconnect]),
--- a/apps/emqx_machine/src/emqx_machine_schema.erl
+++ b/apps/emqx_machine/src/emqx_machine_schema.erl
@ -88,9 +88,17 @@ roots() ->
           })}
    , {"authorization",
       sc(hoconsc:ref("authorization"),
-          #{ desc => "In EMQ X, MQTT client access control can be just a few "
-                     "lines of text based rules, or delegated to an external "
-                     "HTTP API, or base externa database query results."
+          #{ desc => """
+Authorization a.k.a ACL.<br>
+In EMQ X, MQTT client access control is extremly flexible.<br>
+A an out of the box set of authorization data sources are supported.
+For example,<br>
+'file' source is to support concise and yet generic ACL rules in a file;<br>
+'built-in-database' source can be used to store per-client customisable rule sets,
+natively in the EMQ X node;<br>
+'http' source to make EMQ X call an external HTTP API to make the decision;<br>
+'postgresql' etc. to look up clients or rules from external databases;<br>
+"""
           })}
    ] ++
    emqx_schema:roots(medium) ++