fix: don't allow `rules` to be set from `/rule_engine`

apps/emqx_rule_engine/src/emqx_rule_api_schema.erl

@@ -56,7 +56,7 @@ roots() ->
     ].
 
 fields("rule_engine") ->
-    emqx_rule_engine_schema:fields("rule_engine");
+    emqx_rule_engine_schema:fields("rule_engine_api");
 fields("rule_creation") ->
     emqx_rule_engine_schema:fields("rules");
 fields("rule_info") ->

apps/emqx_rule_engine/src/emqx_rule_engine_api.erl

@@ -447,6 +447,9 @@ param_path_id() ->
 '/rule_engine'(get, _Params) ->
     {200, format_rule_engine_resp(emqx_conf:get([rule_engine]))};
 '/rule_engine'(put, #{body := Params}) ->
+    ?CHECK_PARAMS(
+        Params,
+        rule_engine,
         case emqx_conf:update([rule_engine], Params, #{override_to => cluster}) of
             {ok, #{config := Config}} ->
                 {200, format_rule_engine_resp(Config)};
@@ -456,7 +459,8 @@ param_path_id() ->
                     reason => Reason
                 }),
                 {400, #{code => 'BAD_REQUEST', message => ?ERR_BADARGS(Reason)}}
-    end.
+        end
+    ).
 
 %%------------------------------------------------------------------------------
 %% Internal functions
@@ -507,22 +511,29 @@ format_rule_info_resp(#{
 format_rule_engine_resp(#{rules := Rules} = Config) ->
     Config#{rules => maps:map(fun format_rule_resp/2, Rules)}.
 
-format_rule_resp(_Id, #{
+format_rule_resp(
+    _Id,
+    #{
         name := Name,
-    metadata := MetaData = #{created_at := CreatedAt},
         actions := Action,
         sql := SQL,
         enable := Enable,
         description := Descr
-}) ->
-    #{
+    } = Rule
+) ->
+    Format = #{
         name => Name,
         actions => format_action(Action),
         sql => SQL,
         enable => Enable,
-        metadata => MetaData#{created_at => format_datetime(CreatedAt, millisecond)},
         description => Descr
-    }.
+    },
+    case Rule of
+        #{metadata := MetaData = #{created_at := CreatedAt}} ->
+            Format#{metadata => MetaData#{created_at => format_datetime(CreatedAt, millisecond)}};
+        _ ->
+            Format
+    end.
 
 format_datetime(Timestamp, Unit) ->
     list_to_binary(calendar:system_time_to_rfc3339(Timestamp, [{unit, Unit}])).

apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl

@@ -40,13 +40,17 @@ tags() ->
 roots() -> ["rule_engine"].
 
 fields("rule_engine") ->
+    fields("rule_engine_api") ++
         [
-        {ignore_sys_message,
-            ?HOCON(boolean(), #{default => true, desc => ?DESC("rule_engine_ignore_sys_message")})},
             {rules,
                 ?HOCON(hoconsc:map("id", ?R_REF("rules")), #{
                     desc => ?DESC("rule_engine_rules"), default => #{}
-            })},
+                })}
+        ];
+fields("rule_engine_api") ->
+    [
+        {ignore_sys_message,
+            ?HOCON(boolean(), #{default => true, desc => ?DESC("rule_engine_ignore_sys_message")})},
         {jq_function_default_timeout,
             ?HOCON(
                 emqx_schema:duration_ms(),

apps/emqx_rule_engine/test/emqx_rule_engine_api_SUITE.erl

@@ -285,12 +285,17 @@ test_rule_params(Sql, Payload) ->
 t_rule_engine(_) ->
     {200, _} = emqx_rule_engine_api:'/rule_engine'(get, foo),
     {200, #{
-        jq_function_default_timeout := 12000,
-        jq_implementation_module := jq_port
+        %,
+        jq_function_default_timeout := 12000
+        % hidden! jq_implementation_module := jq_port
     }} = emqx_rule_engine_api:'/rule_engine'(put, #{
         body => #{
             <<"jq_function_default_timeout">> => <<"12s">>,
             <<"jq_implementation_module">> => <<"jq_port">>
         }
     }),
+    SomeRule = #{<<"sql">> => <<"SELECT * FROM \"t/#\"">>},
+    {400, _} = emqx_rule_engine_api:'/rule_engine'(put, #{
+        body => #{<<"rules">> => #{<<"some_rule">> => SomeRule}}
+    }),
     {400, _} = emqx_rule_engine_api:'/rule_engine'(put, #{body => #{<<"something">> => <<"weird">>}}).