From 14a97d777dc79ddd8f495437d8949b0e83de0b02 Mon Sep 17 00:00:00 2001
From: JimMoen <LnJimMoen@outlook.com>
Date: Mon, 11 Apr 2022 18:20:45 +0800
Subject: [PATCH] fix(authz): api required fields

---
 apps/emqx/src/emqx_schema.erl                 |  2 +
 apps/emqx_authz/src/emqx_authz_api_schema.erl | 38 +++++++++++++------
 apps/emqx_authz/src/emqx_authz_schema.erl     | 23 +++++++----
 3 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 1079443f3..3595fd999 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -315,6 +315,7 @@ fields("authorization") ->
                 hoconsc:enum([allow, deny]),
                 #{
                     default => allow,
+                    required => true,
                     %% TODO: make sources a reference link
                     desc =>
                         "Default access control action if the user or client matches no ACL rules,\n"
@@ -328,6 +329,7 @@ fields("authorization") ->
                 hoconsc:enum([ignore, disconnect]),
                 #{
                     default => ignore,
+                    required => true,
                     desc => "The action when the authorization check rejects an operation."
                 }
             )},
diff --git a/apps/emqx_authz/src/emqx_authz_api_schema.erl b/apps/emqx_authz/src/emqx_authz_api_schema.erl
index 78c8539ae..badf029b0 100644
--- a/apps/emqx_authz/src/emqx_authz_api_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_api_schema.erl
@@ -30,7 +30,8 @@ fields(http) ->
             {url, fun url/1},
             {method, #{
                 type => enum([get, post]),
-                default => get
+                default => get,
+                required => true
             }},
             {headers, fun headers/1},
             {body, map([{fuzzy, term(), binary()}])},
@@ -45,8 +46,8 @@ fields(http) ->
                 maps:from_list(emqx_connector_http:fields(config))
             )
         );
-fields('built_in_database') ->
-    authz_common_fields('built_in_database');
+fields(built_in_database) ->
+    authz_common_fields(built_in_database);
 fields(mongo_single) ->
     authz_mongo_common_fields() ++
         emqx_connector_mongo:fields(single);
@@ -58,11 +59,11 @@ fields(mongo_sharded) ->
         emqx_connector_mongo:fields(sharded);
 fields(mysql) ->
     authz_common_fields(mysql) ++
-        [{query, #{type => binary()}}] ++
+        [{query, mk(binary(), #{required => true})}] ++
         emqx_connector_mysql:fields(config);
 fields(postgresql) ->
     authz_common_fields(postgresql) ++
-        [{query, #{type => binary()}}] ++
+        [{query, mk(binary(), #{required => true})}] ++
         proplists:delete(named_queries, emqx_connector_pgsql:fields(config));
 fields(redis_single) ->
     authz_redis_common_fields() ++
@@ -107,6 +108,8 @@ url(_) -> undefined.
 
 headers(type) ->
     map();
+headers(desc) ->
+    "List of HTTP headers.";
 headers(converter) ->
     fun(Headers) ->
         maps:merge(default_headers(), transform_header_name(Headers))
@@ -153,10 +156,19 @@ authz_mongo_common_fields() ->
         ].
 
 collection(type) -> binary();
+collection(desc) -> "Collection used to store authentication data.";
+collection(required) -> true;
 collection(_) -> undefined.
 
-selector(type) -> map();
-selector(_) -> undefined.
+selector(type) ->
+    map();
+selector(desc) ->
+    "Statement that is executed during the authentication process. "
+    "Commands can support following wildcards:\n"
+    " - `${username}`: substituted with client's username\n"
+    " - `${clientid}`: substituted with the clientid";
+selector(_) ->
+    undefined.
 
 %%------------------------------------------------------------------------------
 %% Redis type funcs
@@ -164,10 +176,11 @@ selector(_) -> undefined.
 authz_redis_common_fields() ->
     authz_common_fields(redis) ++
         [
-            {cmd, #{
-                type => binary(),
-                example => <<"HGETALL mqtt_authz">>
-            }}
+            {cmd,
+                mk(binary(), #{
+                    required => true,
+                    example => <<"HGETALL mqtt_authz">>
+                })}
         ].
 
 %%------------------------------------------------------------------------------
@@ -179,6 +192,7 @@ authz_common_fields(Type) when is_atom(Type) ->
         {type, #{
             type => enum([Type]),
             default => Type,
+            required => true,
             in => body
         }}
     ].
@@ -207,7 +221,7 @@ authz_sources_types(Type) ->
     end ++
         [
             http,
-            'built_in_database',
+            built_in_database,
             mysql,
             postgresql,
             file
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index 0123ee951..936a9c74f 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -96,7 +96,7 @@ fields("authorization") ->
     ];
 fields(file) ->
     [
-        {type, #{type => file, desc => "Backend type."}},
+        {type, #{type => file, required => true, desc => "Backend type."}},
         {enable, #{
             type => boolean(),
             default => true,
@@ -118,17 +118,17 @@ fields(file) ->
     ];
 fields(http_get) ->
     [
-        {method, #{type => get, default => get, desc => "HTTP method."}},
+        {method, #{type => get, default => get, required => true, desc => "HTTP method."}},
         {headers, fun headers_no_content_type/1}
     ] ++ http_common_fields();
 fields(http_post) ->
     [
-        {method, #{type => post, default => post, desc => "HTTP method."}},
+        {method, #{type => post, default => post, required => true, desc => "HTTP method."}},
         {headers, fun headers/1}
     ] ++ http_common_fields();
 fields(mnesia) ->
     [
-        {type, #{type => 'built_in_database', desc => "Backend type."}},
+        {type, #{type => 'built_in_database', required => true, desc => "Backend type."}},
         {enable, #{
             type => boolean(),
             default => true,
@@ -147,7 +147,7 @@ fields(mysql) ->
 fields(postgresql) ->
     [
         {query, query()},
-        {type, #{type => postgresql, desc => "Backend type."}},
+        {type, #{type => postgresql, required => true, desc => "Backend type."}},
         {enable, #{
             type => boolean(),
             desc => "Enable this backend.",
@@ -213,10 +213,16 @@ http_common_fields() ->
 mongo_common_fields() ->
     [
         {collection, #{
-            type => atom(), desc => "`MongoDB` collection containing the authorization data."
+            type => atom(),
+            required => true,
+            desc => "`MongoDB` collection containing the authorization data."
         }},
-        {selector, #{type => map(), desc => "MQL query used to select the authorization record."}},
-        {type, #{type => mongodb, desc => "Database backend."}},
+        {selector, #{
+            type => map(),
+            required => true,
+            desc => "MQL query used to select the authorization record."
+        }},
+        {type, #{type => mongodb, required => true, desc => "Database backend."}},
         {enable, #{
             type => boolean(),
             default => true,
@@ -335,6 +341,7 @@ query() ->
     #{
         type => binary(),
         desc => "Database query used to retrieve authorization data.",
+        required => true,
         validator => fun(S) ->
             case size(S) > 0 of
                 true -> ok;