Merge branch master into main-v4.3

.ci/build_packages/tests.sh

@@ -44,8 +44,7 @@ emqx_test(){
                 echo "running ${packagename} start"
                 "${PACKAGE_PATH}"/emqx/bin/emqx start || ( tail "${PACKAGE_PATH}"/emqx/log/emqx.log.1 && exit 1 )
                 IDLE_TIME=0
-                while ! "${PACKAGE_PATH}"/emqx/bin/emqx_ctl status | grep -qE 'Node\s.*@.*\sis\sstarted'
-                do
+                while ! curl http://localhost:8081/status >/dev/null 2>&1; do
                     if [ $IDLE_TIME -gt 10 ]
                     then
                         echo "emqx running error"
@@ -116,8 +115,7 @@ running_test(){
 
     emqx start || ( tail /var/log/emqx/emqx.log.1 && exit 1 )
     IDLE_TIME=0
-    while ! emqx_ctl status | grep -qE 'Node\s.*@.*\sis\sstarted'
-    do
+   while ! curl http://localhost:8081/status >/dev/null 2>&1; do
         if [ $IDLE_TIME -gt 10 ]
         then
             echo "emqx running error"
@@ -134,8 +132,7 @@ running_test(){
     || [ "$(sed -n '/^ID=/p' /etc/os-release | sed -r 's/ID=(.*)/\1/g' | sed 's/"//g')" = debian ] ;then
         service emqx start || ( tail /var/log/emqx/emqx.log.1 && exit 1 )
         IDLE_TIME=0
-        while ! emqx_ctl status | grep -E 'Node\s.*@.*\sis\sstarted'
-        do
+        while ! curl http://localhost:8081/status >/dev/null 2>&1; do
             if [ $IDLE_TIME -gt 10 ]
             then
                 echo "emqx service error"

.ci/docker-compose-file/conf.env

@@ -11,3 +11,4 @@ EMQX_AUTH__PGSQL__DATABASE=mqtt
 EMQX_AUTH__REDIS__SERVER=redis_server:6379
 EMQX_AUTH__REDIS__PASSWORD=public
 CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
+HOCON_ENV_OVERRIDE_PREFIX=EMQX_

.ci/docker-compose-file/docker-compose-emqx-cluster.yaml

@@ -9,7 +9,7 @@ services:
       - emqx2
     volumes:
       - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
-      - ../../etc/certs:/usr/local/etc/haproxy/certs
+      - ../../apps/emqx/etc/certs:/usr/local/etc/haproxy/certs
     ports:
       - "18083:18083"
 #     - "1883:1883"

.github/workflows/run_cts_tests.yaml

@@ -48,7 +48,7 @@ jobs:
           export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_ldap"
+          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_ldap"
           docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_ldap"
       - uses: actions/upload-artifact@v1
         if: failure()
@@ -86,7 +86,7 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__MONGO__SSL=on
+          EMQX_AUTH__MONGO__SSL__ENABLE=on
           EMQX_AUTH__MONGO__SSL__CACERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
           EMQX_AUTH__MONGO__SSL__CERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
           EMQX_AUTH__MONGO__SSL__KEYFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
@@ -98,7 +98,7 @@ jobs:
           MONGO_TAG: ${{ matrix.mongo_tag }}
         if: matrix.connect_type == 'tcp'
         run: |
-          echo EMQX_AUTH__MONGO__SSL=off >> "$GITHUB_ENV"
+          echo EMQX_AUTH__MONGO__SSL__ENABLE=off >> "$GITHUB_ENV"
       - name: setup
         if: matrix.network_type == 'ipv4'
         run: |
@@ -117,7 +117,7 @@ jobs:
           export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mongo"
+          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mongo"
           docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_mongo"
       - uses: actions/upload-artifact@v1
         if: failure()
@@ -160,10 +160,10 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           cat <<-EOF >> "$GITHUB_ENV"
+            EMQX_AUTH__MYSQL__SSL__ENABLE=on
             EMQX_AUTH__MYSQL__USERNAME=ssluser
             EMQX_AUTH__MYSQL__PASSWORD=public
             EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL=on
             EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
             EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
             EMQX_AUTH__MYSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
@@ -179,7 +179,7 @@ jobs:
             EMQX_AUTH__MYSQL__USERNAME=root
             EMQX_AUTH__MYSQL__PASSWORD=public
             EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL=off
+            EMQX_AUTH__MYSQL__SSL__ENABLE=off
           EOF
       - name: setup
         if: matrix.network_type == 'ipv4'
@@ -199,7 +199,7 @@ jobs:
           export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mysql"
+          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mysql"
           docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_mysql"
       - uses: actions/upload-artifact@v1
         if: failure()
@@ -239,7 +239,7 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__PGSQL__SSL=on
+          EMQX_AUTH__PGSQL__SSL__ENABLE=on
           EMQX_AUTH__PGSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
           EMQX_AUTH__PGSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
           EMQX_AUTH__PGSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
@@ -251,7 +251,7 @@ jobs:
           PGSQL_TAG: ${{ matrix.pgsql_tag }}
         if: matrix.connect_type == 'tcp'
         run: |
-          echo EMQX_AUTH__PGSQL__SSL=off >> "$GITHUB_ENV"
+          echo EMQX_AUTH__PGSQL__SSL__ENABLE=off >> "$GITHUB_ENV"
       - name: setup
         if: matrix.network_type == 'ipv4'
         run: |
@@ -273,7 +273,7 @@ jobs:
                  CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_pgsql"
+          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_pgsql"
           docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_pgsql"
       - uses: actions/upload-artifact@v1
         if: failure()
@@ -318,7 +318,7 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__SSL=on
+          EMQX_AUTH__REDIS__SSL__ENABLE=on
           EMQX_AUTH__REDIS__SSL__CACERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
           EMQX_AUTH__REDIS__SSL__CERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
           EMQX_AUTH__REDIS__SSL__KEYFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
@@ -330,7 +330,7 @@ jobs:
           REDIS_TAG: ${{ matrix.redis_tag }}
         if: matrix.connect_type == 'tcp'
         run: |
-          echo EMQX_AUTH__REDIS__SSL=off >> "$GITHUB_ENV"
+          echo EMQX_AUTH__REDIS__SSL__ENABLE=off >> "$GITHUB_ENV"
       - name: get server address
         run: |
           ipv4_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redis)
@@ -394,7 +394,7 @@ jobs:
           export EMQX_AUTH__REIDS__PASSWORD=public
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_redis"
+          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_redis"
           docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_redis"
       - uses: actions/upload-artifact@v1
         if: failure()

.github/workflows/run_emqx_app_tests.yaml

@@ -0,0 +1,26 @@
+name: Check emqx app standalone
+
+on:
+  push:
+    tags:
+      - v*
+      - e*
+  pull_request:
+
+jobs:
+    check_all:
+        runs-on: ubuntu-20.04
+        container: emqx/build-env:erl23.2.7.2-emqx-2-ubuntu20.04
+
+        steps:
+        - uses: actions/checkout@v2
+        - name: run
+          run: |
+            make ensure-rebar3
+            cp rebar3 apps/emqx/
+            cd apps/emqx
+            ./rebar3 xref
+            ./rebar3 dialyzer
+            ./rebar3 eunit -v
+            ./rebar3 ct -v
+            ./rebar3 proper -d test/props

apps/emqx/etc/emqx.conf

@@ -56,7 +56,7 @@ cluster.autoclean = 5m
 ## Node list of the cluster.
 ##
 ## Value: String
-## cluster.static.seeds = emqx1@127.0.0.1,emqx2@127.0.0.1
+## cluster.static.seeds = "emqx1@127.0.0.1,emqx2@127.0.0.1"
 
 ##--------------------------------------------------------------------
 ## Cluster using IP Multicast.
@@ -64,19 +64,19 @@ cluster.autoclean = 5m
 ## IP Multicast Address.
 ##
 ## Value: IP Address
-## cluster.mcast.addr = 239.192.0.1
+## cluster.mcast.addr = "239.192.0.1"
 
 ## Multicast Ports.
 ##
 ## Value: Port List
-## cluster.mcast.ports = 4369,4370
+## cluster.mcast.ports = "4369,4370"
 
 ## Multicast Iface.
 ##
 ## Value: Iface Address
 ##
-## Default: 0.0.0.0
-## cluster.mcast.iface = 0.0.0.0
+## Default: "0.0.0.0"
+## cluster.mcast.iface = "0.0.0.0"
 
 ## Multicast Ttl.
 ##
@@ -107,7 +107,14 @@ cluster.autoclean = 5m
 ## Etcd server list, seperated by ','.
 ##
 ## Value: String
-## cluster.etcd.server = http://127.0.0.1:2379
+## cluster.etcd.server = "http://127.0.0.1:2379"
+
+## Etcd api version
+##
+## Value: Enum
+## - v2
+## - v3
+## cluster.etcd.version = v3
 
 ## The prefix helps build nodes path in etcd. Each node in the cluster
 ## will create a path in etcd: v2/keys/<prefix>/<cluster.name>/<node.name>
@@ -125,18 +132,18 @@ cluster.autoclean = 5m
 ## Path to a file containing the client's private PEM-encoded key.
 ##
 ## Value: File
-## cluster.etcd.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
+## cluster.etcd.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
 
 ## The path to a file containing the client's certificate.
 ##
 ## Value: File
-## cluster.etcd.ssl.certfile = {{ platform_etc_dir }}/certs/client.pem
+## cluster.etcd.ssl.certfile = "{{ platform_etc_dir }}/certs/client.pem"
 
 ## Path to the file containing PEM-encoded CA certificates. The CA certificates
 ## are used during server authentication and when building the client certificate chain.
 ##
 ## Value: File
-## cluster.etcd.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
+## cluster.etcd.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
 
 ##--------------------------------------------------------------------
 ## Cluster using Kubernetes
@@ -144,7 +151,7 @@ cluster.autoclean = 5m
 ## Kubernetes API server list, seperated by ','.
 ##
 ## Value: String
-## cluster.k8s.apiserver = http://10.110.111.204:8080
+## cluster.k8s.apiserver = "http://10.110.111.204:8080"
 
 ## The service name helps lookup EMQ nodes in the cluster.
 ##
@@ -184,17 +191,17 @@ cluster.autoclean = 5m
 ## Value: <name>@<host>
 ##
 ## Default: emqx@127.0.0.1
-node.name = emqx@127.0.0.1
+node.name = "emqx@127.0.0.1"
 
 ## Cookie for distributed node communication.
 ##
 ## Value: String
-node.cookie = emqxsecretcookie
+node.cookie = "emqxsecretcookie"
 
 ## Data dir for the node
 ##
 ## Value: Folder
-node.data_dir = {{ platform_data_dir }}
+node.data_dir = "{{ platform_data_dir }}"
 
 ## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
 ## heartbeat, or set the value as 'on'
@@ -271,14 +278,14 @@ node.global_gc_interval = 15m
 ## Crash dump log file.
 ##
 ## Value: Log file
-node.crash_dump = {{ platform_log_dir }}/crash.dump
+node.crash_dump = "{{ platform_log_dir }}/crash.dump"
 
 ## Specify SSL Options in the file if using SSL for Erlang Distribution.
 ##
 ## Value: File
 ##
 ## vm.args: -ssl_dist_optfile <File>
-## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf
+## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf"
 
 ## Sets the net_kernel tick time. TickTime is specified in seconds.
 ## Notice that all communicating nodes are to have the same TickTime
@@ -419,10 +426,17 @@ log.to = file
 ## Default: warning
 log.level = warning
 
+## Timezone offset to display in logs
+## Value:
+##  - "system" use system zone
+##  - "utc" for Universal Coordinated Time (UTC)
+##  - "+hh:mm" or "-hh:mm" for a specified offset
+log.time_offset = system
+
 ## The dir for log files.
 ##
 ## Value: Folder
-log.dir = {{ platform_log_dir }}
+log.dir = "{{ platform_log_dir }}"
 
 ## The log filename for logs of level specified in "log.level".
 ##
@@ -460,7 +474,7 @@ log.file = emqx.log
 ##
 ## Value: on | off
 ## Default: on
-log.rotation = on
+log.rotation.enable = on
 
 ## Maximum size of each log file.
 ##
@@ -579,7 +593,7 @@ log.rotation.count = 5
 ## Value: MaxBurstCount,TimeWindow
 ## Default: disabled
 ##
-#log.burst_limit = 20000, 1s
+#log.burst_limit = "20000, 1s"
 
 ## CONFIG_SECTION_END=logger ===================================================
 
@@ -591,42 +605,42 @@ log.rotation.count = 5
 ## Notice: Disable the option in production deployment!
 ##
 ## Value: true | false
-allow_anonymous = true
+acl.allow_anonymous = true
 
 ## Allow or deny if no ACL rules matched.
 ##
 ## Value: allow | deny
-acl_nomatch = allow
+acl.acl_nomatch = allow
 
 ## Default ACL File.
 ##
 ## Value: File Name
-acl_file = {{ platform_etc_dir }}/acl.conf
+acl.acl_file = "{{ platform_etc_dir }}/acl.conf"
 
 ## Whether to enable ACL cache.
 ##
 ## If enabled, ACLs roles for each client will be cached in the memory
 ##
 ## Value: on | off
-enable_acl_cache = on
+acl.enable_acl_cache = on
 
 ## The maximum count of ACL entries can be cached for a client.
 ##
 ## Value: Integer greater than 0
 ## Default: 32
-acl_cache_max_size = 32
+acl.acl_cache_max_size = 32
 
 ## The time after which an ACL cache entry will be deleted
 ##
 ## Value: Duration
 ## Default: 1 minute
-acl_cache_ttl = 1m
+acl.acl_cache_ttl = 1m
 
 ## The action when acl check reject current operation
 ##
 ## Value: ignore | disconnect
 ## Default: ignore
-acl_deny_action = ignore
+acl.acl_deny_action = ignore
 
 ## Specify the global flapping detect policy.
 ## The value is a string composed of flapping threshold, duration and banned interval.
@@ -635,7 +649,7 @@ acl_deny_action = ignore
 ## 3. banned interval: the banned interval if a flapping is detected.
 ##
 ## Value: Integer,Duration,Duration
-flapping_detect_policy = 30, 1m, 5m
+acl.flapping_detect_policy = "30, 1m, 5m"
 
 ##--------------------------------------------------------------------
 ## MQTT Protocol
@@ -732,7 +746,7 @@ zone.external.acl_deny_action = ignore
 ## messages | bytes passed through.
 ##
 ## Numbers delimited by `|'. Zero or negative is to disable.
-zone.external.force_gc_policy = 16000|16MB
+zone.external.force_gc_policy = "16000|16MB"
 
 ## Max message queue length and total heap size to force shutdown
 ## connection/session process.
@@ -742,9 +756,9 @@ zone.external.force_gc_policy = 16000|16MB
 ## Numbers delimited by `|'. Zero or negative is to disable.
 ##
 ## Default:
-##   - 10000|64MB on ARCH_64 system
-##   - 1000|32MB  on ARCH_32 sytem
-#zone.external.force_shutdown_policy = 10000|64MB
+##   - "10000|64MB" on ARCH_64 system
+##   - "1000|32MB"  on ARCH_32 sytem
+#zone.external.force_shutdown_policy = "10000|64MB"
 
 ## Maximum MQTT packet size allowed.
 ##
@@ -850,7 +864,7 @@ zone.external.max_mqueue_len = 1000
 ## are treated equal
 ##
 ## Priority number [1-255]
-## Example: topic/1=10,topic/2=8
+## Example: "topic/1=10,topic/2=8"
 ## NOTE: comma and equal signs are not allowed for priority topic names
 ## NOTE: messages for topics not in the priority table are treated as
 ##       either highest or lowest priority depending on the configured
@@ -877,13 +891,13 @@ zone.external.enable_flapping_detect = off
 ##
 ## Value: Number,Duration
 ## Example: 100 messages per 10 seconds.
-#zone.external.rate_limit.conn_messages_in = 100,10s
+#zone.external.rate_limit.conn_messages_in = "100,10s"
 
 ## Bytes limit for a external MQTT connections.
 ##
 ## Value: Number,Duration
 ## Example: 100KB incoming per 10 seconds.
-#zone.external.rate_limit.conn_bytes_in = 100KB,10s
+#zone.external.rate_limit.conn_bytes_in = "100KB,10s"
 
 ## Whether to alarm the congested connections.
 ##
@@ -914,16 +928,16 @@ zone.external.enable_flapping_detect = off
 ##
 ## Value: Number, Duration
 ##
-## Example: 100 messaegs per 1s
-#zone.external.quota.conn_messages_routing = 100,1s
+## Example: 100 messages per 1s
+#zone.external.quota.conn_messages_routing = "100,1s"
 
 ## Messages quota for the all of external MQTT connections.
 ## This value consumed by the number of recipient on a message.
 ##
 ## Value: Number, Duration
 ##
-## Example: 200000 messaegs per 1s
-#zone.external.quota.overall_messages_routing = 200000,1s
+## Example: 200000 messages per 1s
+#zone.external.quota.overall_messages_routing = "200000,1s"
 
 ## All the topics will be prefixed with the mountpoint path if this option is enabled.
 ##
@@ -932,7 +946,7 @@ zone.external.enable_flapping_detect = off
 ##  - %u: username
 ##
 ## Value: String
-## zone.external.mountpoint = devicebound/
+## zone.external.mountpoint = "devicebound/"
 
 ## Whether use username replace client id
 ##
@@ -977,7 +991,7 @@ zone.internal.enable_acl = off
 zone.internal.acl_deny_action = ignore
 
 ## See zone.$name.force_gc_policy
-## zone.internal.force_gc_policy = 128000|128MB
+## zone.internal.force_gc_policy = "128000|128MB"
 
 ## See zone.$name.wildcard_subscription.
 ##
@@ -1022,8 +1036,8 @@ zone.internal.enable_flapping_detect = off
 ## See zone.$name.force_shutdown_policy
 ##
 ## Default:
-##   - 10000|64MB on ARCH_64 system
-##   - 1000|32MB  on ARCH_32 sytem
+##   - "10000|64MB" on ARCH_64 system
+##   - "1000|32MB"  on ARCH_32 sytem
 #zone.internal.force_shutdown_policy = 10000|64MB
 
 ## All the topics will be prefixed with the mountpoint path if this option is enabled.
@@ -1033,7 +1047,7 @@ zone.internal.enable_flapping_detect = off
 ##  - %u: username
 ##
 ## Value: String
-## zone.internal.mountpoint = cloudbound/
+## zone.internal.mountpoint = "cloudbound/"
 
 ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
 ##
@@ -1067,8 +1081,8 @@ zone.internal.bypass_auth_plugins = true
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 1883, 127.0.0.1:1883, ::1:1883
-listener.tcp.external = 0.0.0.0:1883
+## Examples: 1883, "127.0.0.1:1883", "::1:1883"
+listener.tcp.external.endpoint = "0.0.0.0:1883"
 
 ## The acceptor pool for external MQTT/TCP listener.
 ##
@@ -1103,8 +1117,8 @@ listener.tcp.external.zone = external
 ##
 ## Value: ACL Rule
 ##
-## Example: allow 192.168.0.0/24
-listener.tcp.external.access.1 = allow all
+## Example: "allow 192.168.0.0/24"
+listener.tcp.external.access.1 = "allow all"
 
 ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
 ## behind HAProxy or Nginx.
@@ -1207,8 +1221,8 @@ listener.tcp.external.reuseaddr = true
 ##
 ## Value: IP:Port, Port
 ##
-## Examples: 11883, 127.0.0.1:11883, ::1:11883
-listener.tcp.internal = 127.0.0.1:11883
+## Examples: 11883, "127.0.0.1:11883", "::1:11883"
+listener.tcp.internal.endpoint = "127.0.0.1:11883"
 
 ## The acceptor pool for internal MQTT/TCP listener.
 ##
@@ -1304,8 +1318,8 @@ listener.tcp.internal.reuseaddr = true
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 8883, 127.0.0.1:8883, ::1:8883
-listener.ssl.external = 8883
+## Examples: 8883, "127.0.0.1:8883", "::1:8883"
+listener.ssl.external.endpoint = 8883
 
 ## The acceptor pool for external MQTT/SSL listener.
 ##
@@ -1337,7 +1351,7 @@ listener.ssl.external.zone = external
 ## See: listener.tcp.$name.access
 ##
 ## Value: ACL Rule
-listener.ssl.external.access.1 = allow all
+listener.ssl.external.access.1 = "allow all"
 
 ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
 ## HAProxy or Nginx.
@@ -1360,7 +1374,7 @@ listener.ssl.external.access.1 = allow all
 ##
 ## Value: String, seperated by ','
 ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## listener.ssl.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+## listener.ssl.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
 ## TLS Handshake timeout.
 ##
@@ -1384,20 +1398,20 @@ listener.ssl.external.handshake_timeout = 15s
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
-listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+listener.ssl.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
-listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+listener.ssl.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
 ## Path to the file containing PEM-encoded CA certificates. The CA certificates
 ## are used during server authentication and when building the client certificate chain.
 ##
 ## Value: File
-## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+## listener.ssl.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
 
 ## The Ephemeral Diffie-Helman key exchange is a very effective way of
 ## ensuring Forward Secrecy by exchanging a set of keys that never hit
@@ -1414,7 +1428,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## openssl dhparam -out dh-params.pem 2048
 ##
 ## Value: File
-## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
 
 ## A server only does x509-path validation in mode verify_peer,
 ## as it then sends a certificate request to the client (this
@@ -1449,14 +1463,13 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Most of it was copied from Mozilla’s Server Side TLS article
 ##
 ## Value: Ciphers
-listener.ssl.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
-
+listener.ssl.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
 ## Ciphers for TLS PSK.
 ## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
 ## be configured at the same time.
 ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-#listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+#listener.ssl.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
 ## SSL parameter renegotiation is a feature that allows a client and a server
 ## to renegotiate the parameters of the SSL connection on the fly.
@@ -1566,13 +1579,13 @@ listener.ssl.external.reuseaddr = true
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 8083, 127.0.0.1:8083, ::1:8083
-listener.ws.external = 8083
+## Examples: 8083, "127.0.0.1:8083", "::1:8083"
+listener.ws.external.endpoint = 8083
 
 ## The path of WebSocket MQTT endpoint
 ##
 ## Value: URL Path
-listener.ws.external.mqtt_path = /mqtt
+listener.ws.external.mqtt_path = "/mqtt"
 
 ## The acceptor pool for external MQTT/WebSocket listener.
 ##
@@ -1604,7 +1617,7 @@ listener.ws.external.zone = external
 ## See: listener.ws.$name.access
 ##
 ## Value: ACL Rule
-listener.ws.external.access.1 = allow all
+listener.ws.external.access.1 = "allow all"
 
 ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
 ## Set to false for WeChat MiniApp.
@@ -1615,7 +1628,7 @@ listener.ws.external.access.1 = allow all
 ## Supported subprotocols
 ##
 ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-## listener.ws.external.supported_subprotocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+## listener.ws.external.supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
 ## Specify which HTTP header for real source IP if the EMQ X cluster is
 ## deployed behind NGINX or HAProxy.
@@ -1823,7 +1836,7 @@ listener.ws.external.allow_origin_absence = true
 ## Comma separated list of allowed origin in header for websocket connection
 ##
 ## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083
-listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18083
+listener.ws.external.check_origins = "http://localhost:18083, http://127.0.0.1:18083"
 
 ##--------------------------------------------------------------------
 ## External WebSocket/SSL listener for MQTT Protocol
@@ -1833,13 +1846,13 @@ listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 8084, 127.0.0.1:8084, ::1:8084
-listener.wss.external = 8084
+## Examples: 8084, "127.0.0.1:8084", "::1:8084"
+listener.wss.external.endpoint = 8084
 
 ## The path of WebSocket MQTT endpoint
 ##
 ## Value: URL Path
-listener.wss.external.mqtt_path = /mqtt
+listener.wss.external.mqtt_path = "/mqtt"
 
 ## The acceptor pool for external MQTT/WebSocket/SSL listener.
 ##
@@ -1873,7 +1886,7 @@ listener.wss.external.zone = external
 ## See: listener.tcp.$name.access.<no>
 ##
 ## Value: ACL Rule
-listener.wss.external.access.1 = allow all
+listener.wss.external.access.1 = "allow all"
 
 ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
 ## Set to false for WeChat MiniApp.
@@ -1884,7 +1897,7 @@ listener.wss.external.access.1 = allow all
 ## Supported subprotocols
 ##
 ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-## listener.wss.external.supported_subprotocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+## listener.wss.external.supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
 ## Specify which HTTP header for real source IP if the EMQ X cluster is
 ## deployed behind NGINX or HAProxy.
@@ -1918,28 +1931,28 @@ listener.wss.external.access.1 = allow all
 ##
 ## Value: String, seperated by ','
 ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## listener.wss.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+## listener.wss.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: listener.ssl.$name.keyfile
 ##
 ## Value: File
-listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+listener.wss.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
 ##
 ## See: listener.ssl.$name.certfile
 ##
 ## Value: File
-listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+listener.wss.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
 ## Path to the file containing PEM-encoded CA certificates.
 ##
 ## See: listener.ssl.$name.cacert
 ##
 ## Value: File
-## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+## listener.wss.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
 
 ## Maximum number of non-self-issued intermediate certificates that
 ## can follow the peer certificate in a valid certification path.
@@ -1960,7 +1973,7 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## See: listener.ssl.$name.dhfile
 ##
 ## Value: File
-## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
 
 ## See: listener.ssl.$name.verify
 ##
@@ -1975,13 +1988,13 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## See: listener.ssl.$name.ciphers
 ##
 ## Value: Ciphers
-listener.wss.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+listener.wss.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
 ## Ciphers for TLS PSK.
 ## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot
 ## be configured at the same time.
 ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+## listener.wss.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
 ## See: listener.ssl.$name.secure_renegotiate
 ##
@@ -2140,7 +2153,7 @@ listener.wss.external.allow_origin_absence = true
 ## Comma separated list of allowed origin in header for secure websocket connection
 ##
 ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1:8084
+listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
 
 ## CONFIG_SECTION_END=listeners ================================================
 
@@ -2149,7 +2162,7 @@ listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1:
 ## The file to store loaded module names.
 ##
 ## Value: File
-modules.loaded_file = {{ platform_data_dir }}/loaded_modules
+module.loaded_file = "{{ platform_data_dir }}/loaded_modules"
 
 ##--------------------------------------------------------------------
 ## Presence Module
@@ -2165,7 +2178,7 @@ module.presence.qos = 1
 ## Subscribe the Topics automatically when client connected.
 ##
 ## Value: String
-## module.subscription.1.topic = connected/%c/%u
+## module.subscription.1.topic = "connected/%c/%u"
 
 ## Qos of the proxy subscription.
 ##
@@ -2198,8 +2211,8 @@ module.presence.qos = 1
 ## Rewrite Module
 
 ## {rewrite, Topic, Re, Dest}
-## module.rewrite.pub.rule.1 = x/# ^x/y/(.+)$ z/y/$1
-## module.rewrite.sub.rule.1 = y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2
+## module.rewrite.pub_rule.1 = "x/# ^x/y/(.+)$ z/y/$1"
+## module.rewrite.sub_rule.1 = "y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2"
 
 ## CONFIG_SECTION_END=modules ==================================================
 
@@ -2210,17 +2223,17 @@ module.presence.qos = 1
 ## The etc dir for plugins' config.
 ##
 ## Value: Folder
-plugins.etc_dir = {{ platform_etc_dir }}/plugins/
+plugins.etc_dir = "{{ platform_etc_dir }}/plugins/"
 
 ## The file to store loaded plugin names.
 ##
 ## Value: File
-plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins
+plugins.loaded_file = "{{ platform_data_dir }}/loaded_plugins"
 
 ## The directory of extension plugins.
 ##
 ## Value: File
-plugins.expand_plugins_dir = {{ platform_plugins_dir }}/
+plugins.expand_plugins_dir = "{{ platform_plugins_dir }}/"
 
 ##--------------------------------------------------------------------
 ## Broker
@@ -2334,7 +2347,6 @@ sysmon.long_gc = 0
 ## Examples:
 ##  - 2h:  2 hours
 ##  - 30m: 30 minutes
-##  - 0.1s: 0.1 seconds
 ##  - 100ms: 100 milliseconds
 ##
 ## Default: 0ms
@@ -2426,8 +2438,8 @@ vm_mon.process_low_watermark = 60%
 ##  - log
 ##  - publish
 ##
-## Default: log,publish
-alarm.actions = log,publish
+## Default: "log,publish"
+alarm.actions = "log,publish"
 
 ## The maximum number of deactivated alarms
 ##

apps/emqx/include/emqx_release.hrl

@@ -29,7 +29,7 @@
 
 -ifndef(EMQX_ENTERPRISE).
 
--define(EMQX_RELEASE, {opensource, "4.3.3"}).
+-define(EMQX_RELEASE, {opensource, "5.0-pre"}).
 
 -else.
 

apps/emqx/rebar.config

@@ -0,0 +1,47 @@
+{erl_opts, [warn_unused_vars,warn_shadow_vars,warn_unused_import,
+            warn_obsolete_guard,compressed]}.
+
+{xref_checks,[undefined_function_calls,undefined_functions,locals_not_used,
+              deprecated_function_calls,warnings_as_errors,deprecated_functions]}.
+
+%% Deps here may duplicate with emqx.git root level rebar.config
+%% but there not be any descrpancy.
+%% This rebar.config is necessary because the app may be used as a
+%% `git_subdir` dependency in other projects.
+{deps,
+    [ {gproc, {git, "https://github.com/uwiger/gproc", {tag, "0.8.0"}}}
+    , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
+    , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}
+    , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}}
+    , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.9.0"}}}
+    , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
+    , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} %% todo delete when plugins use hocon
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.0"}}}
+    , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
+    , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
+    , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
+    ]}.
+
+{plugins, [rebar3_proper]}.
+{extra_src_dirs, [{"etc", [recursive]}]}.
+{profiles, [
+   {test,
+       [{deps,
+           [ meck
+           , {bbmustache,"1.10.0"}
+           , {emqx_ct_helpers, {git,"https://github.com/zmstone/emqx-ct-helpers", {branch,"hocon"}}}
+           , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3.1"}}}
+           ]},
+         {extra_src_dirs, [{"test",[recursive]}]}
+       ]}
+]}.
+
+{dialyzer, [
+    {warnings, [unmatched_returns, error_handling, race_conditions]},
+    {plt_location, "."},
+    {plt_prefix, "emqx_dialyzer"},
+    {plt_apps, all_apps},
+    {plt_extra_apps, [hocon]},
+    {statistics, true}
+   ]
+}.

apps/emqx/rebar.config.script

@@ -0,0 +1,11 @@
+Bcrypt = {bcrypt, {git, "https://github.com/emqx/erlang-bcrypt.git", {branch, "0.6.0"}}},
+AddBcrypt = fun(C) ->
+    {deps, Deps0} = lists:keyfind(deps, 1, C),
+    Deps = [Bcrypt | Deps0],
+    lists:keystore(deps, 1, C, {deps, Deps})
+end,
+
+case os:type() of
+    {win32, _} -> CONFIG;
+    _ -> AddBcrypt(CONFIG)
+end.

apps/emqx/src/emqx.app.src

@@ -1,7 +1,7 @@
 {application, emqx,
  [{id, "emqx"},
   {description, "EMQ X"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, []},
   {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon]},

apps/emqx/src/emqx_logger_jsonfmt.erl

@@ -32,6 +32,9 @@
 -export([format/2]).
 
 -ifdef(TEST).
+-include_lib("proper/include/proper.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
 -export([report_cb_1/1, report_cb_2/2, report_cb_crash/2]).
 -endif.
 
@@ -220,8 +223,6 @@ json_key(Term) ->
     end.
 
 -ifdef(TEST).
--include_lib("proper/include/proper.hrl").
--include_lib("eunit/include/eunit.hrl").
 
 no_crash_test_() ->
     Opts = [{numtests, 1000}, {to_file, user}],