diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 8335d69b8..8073e19b5 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -164,7 +164,7 @@ roots(high) ->
}
)},
{?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(global)},
- %% NOTE: authorization schema here is only to keep emqx app prue
+ %% NOTE: authorization schema here is only to keep emqx app pure
%% the full schema for EMQX node is injected in emqx_conf_schema.
{?EMQX_AUTHORIZATION_CONFIG_ROOT_NAME,
sc(
@@ -2762,10 +2762,16 @@ str(S) when is_list(S) ->
S.
authentication(Which) ->
- Desc =
+ {Importance, Desc} =
case Which of
- global -> ?DESC(global_authentication);
- listener -> ?DESC(listener_authentication)
+ global ->
+ %% For root level authentication, it is recommended to configure
+ %% from the dashboard or API.
+ %% Hence it's considered a low-importance when it comes to
+ %% configuration importance.
+ {?IMPORTANCE_LOW, ?DESC(global_authentication)};
+ listener ->
+ {?IMPORTANCE_HIDDEN, ?DESC(listener_authentication)}
end,
%% poor man's dependency injection
%% this is due to the fact that authn is implemented outside of 'emqx' app.
@@ -2781,7 +2787,7 @@ authentication(Which) ->
hoconsc:mk(Type, #{
desc => Desc,
converter => fun ensure_array/2,
- importance => ?IMPORTANCE_HIDDEN
+ importance => Importance
}).
%% the older version schema allows individual element (instead of a chain) in config
diff --git a/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
index 84f2c9525..b11b89081 100644
--- a/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
+++ b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
@@ -105,14 +105,16 @@ mnesia(boot) ->
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-scram-builtin_db".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+ [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, scram))}].
-fields(?CONF_NS) ->
+fields(scram) ->
[
{mechanism, emqx_authn_schema:mechanism(scram)},
{backend, emqx_authn_schema:backend(built_in_database)},
@@ -120,7 +122,7 @@ fields(?CONF_NS) ->
{iteration_count, fun iteration_count/1}
] ++ emqx_authn_schema:common_fields().
-desc(?CONF_NS) ->
+desc(scram) ->
"Settings for Salted Challenge Response Authentication Mechanism\n"
"(SCRAM) authentication.";
desc(_) ->
@@ -141,7 +143,7 @@ iteration_count(_) -> undefined.
%%------------------------------------------------------------------------------
refs() ->
- [hoconsc:ref(?MODULE, ?CONF_NS)].
+ [hoconsc:ref(?MODULE, scram)].
create(
AuthenticatorID,
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
index 3c34d878e..27eb8cc6e 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
@@ -51,34 +51,35 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-http".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
+%% used for config check when the schema module is resolved
roots() ->
[
{?CONF_NS,
hoconsc:mk(
- hoconsc:union(fun union_member_selector/1),
+ hoconsc:union(fun ?MODULE:union_member_selector/1),
#{}
)}
].
-fields(get) ->
+fields(http_get) ->
[
{method, #{type => get, required => true, desc => ?DESC(method)}},
{headers, fun headers_no_content_type/1}
] ++ common_fields();
-fields(post) ->
+fields(http_post) ->
[
{method, #{type => post, required => true, desc => ?DESC(method)}},
{headers, fun headers/1}
] ++ common_fields().
-desc(get) ->
+desc(http_get) ->
?DESC(get);
-desc(post) ->
+desc(http_post) ->
?DESC(post);
desc(_) ->
undefined.
@@ -156,8 +157,8 @@ request_timeout(_) -> undefined.
refs() ->
[
- hoconsc:ref(?MODULE, get),
- hoconsc:ref(?MODULE, post)
+ hoconsc:ref(?MODULE, http_get),
+ hoconsc:ref(?MODULE, http_post)
].
union_member_selector(all_union_members) ->
@@ -166,9 +167,9 @@ union_member_selector({value, Value}) ->
refs(Value).
refs(#{<<"method">> := <<"get">>}) ->
- [hoconsc:ref(?MODULE, get)];
+ [hoconsc:ref(?MODULE, http_get)];
refs(#{<<"method">> := <<"post">>}) ->
- [hoconsc:ref(?MODULE, post)];
+ [hoconsc:ref(?MODULE, http_post)];
refs(_) ->
throw(#{
field_name => method,
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
index a891a55e2..0df9014b8 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
@@ -43,36 +43,57 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-jwt".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
+%% used for config check when the schema module is resolved
roots() ->
[
{?CONF_NS,
hoconsc:mk(
- hoconsc:union(fun union_member_selector/1),
+ hoconsc:union(fun ?MODULE:union_member_selector/1),
#{}
)}
].
-fields('hmac-based') ->
+fields(jwt_hmac) ->
[
- {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
+ %% for hmac, it's the 'algorithm' field which selects this type
+ %% use_jwks field can be ignored (kept for backward compatibility)
+ {use_jwks,
+ sc(
+ hoconsc:enum([false]),
+ #{
+ required => false,
+ desc => ?DESC(use_jwks),
+ importance => ?IMPORTANCE_HIDDEN
+ }
+ )},
{algorithm,
sc(hoconsc:enum(['hmac-based']), #{required => true, desc => ?DESC(algorithm)})},
{secret, fun secret/1},
{secret_base64_encoded, fun secret_base64_encoded/1}
] ++ common_fields();
-fields('public-key') ->
+fields(jwt_public_key) ->
[
- {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
+ %% for public-key, it's the 'algorithm' field which selects this type
+ %% use_jwks field can be ignored (kept for backward compatibility)
+ {use_jwks,
+ sc(
+ hoconsc:enum([false]),
+ #{
+ required => false,
+ desc => ?DESC(use_jwks),
+ importance => ?IMPORTANCE_HIDDEN
+ }
+ )},
{algorithm,
sc(hoconsc:enum(['public-key']), #{required => true, desc => ?DESC(algorithm)})},
{public_key, fun public_key/1}
] ++ common_fields();
-fields('jwks') ->
+fields(jwt_jwks) ->
[
{use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ?DESC(use_jwks)})},
{endpoint, fun endpoint/1},
@@ -85,12 +106,12 @@ fields('jwks') ->
}}
] ++ common_fields().
-desc('hmac-based') ->
- ?DESC('hmac-based');
-desc('public-key') ->
- ?DESC('public-key');
-desc('jwks') ->
- ?DESC('jwks');
+desc(jwt_hmac) ->
+ ?DESC(jwt_hmac);
+desc(jwt_public_key) ->
+ ?DESC(jwt_public_key);
+desc(jwt_jwks) ->
+ ?DESC(jwt_jwks);
desc(undefined) ->
undefined.
@@ -160,9 +181,9 @@ from(_) -> undefined.
refs() ->
[
- hoconsc:ref(?MODULE, 'hmac-based'),
- hoconsc:ref(?MODULE, 'public-key'),
- hoconsc:ref(?MODULE, 'jwks')
+ hoconsc:ref(?MODULE, jwt_hmac),
+ hoconsc:ref(?MODULE, jwt_public_key),
+ hoconsc:ref(?MODULE, jwt_jwks)
].
union_member_selector(all_union_members) ->
@@ -179,11 +200,11 @@ boolean(<<"false">>) -> false;
boolean(Other) -> Other.
select_ref(true, _) ->
- [hoconsc:ref(?MODULE, 'jwks')];
+ [hoconsc:ref(?MODULE, 'jwt_jwks')];
select_ref(false, #{<<"public_key">> := _}) ->
- [hoconsc:ref(?MODULE, 'public-key')];
+ [hoconsc:ref(?MODULE, jwt_public_key)];
select_ref(false, _) ->
- [hoconsc:ref(?MODULE, 'hmac-based')];
+ [hoconsc:ref(?MODULE, jwt_hmac)];
select_ref(_, _) ->
throw(#{
field_name => use_jwks,
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
index 20b604e70..d57e9e00e 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
@@ -107,14 +107,16 @@ mnesia(boot) ->
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-builtin_db".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+ [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, builtin_db))}].
-fields(?CONF_NS) ->
+fields(builtin_db) ->
[
{mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(built_in_database)},
@@ -122,8 +124,8 @@ fields(?CONF_NS) ->
{password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
] ++ emqx_authn_schema:common_fields().
-desc(?CONF_NS) ->
- ?DESC(?CONF_NS);
+desc(builtin_db) ->
+ ?DESC(builtin_db);
desc(_) ->
undefined.
@@ -138,7 +140,7 @@ user_id_type(_) -> undefined.
%%------------------------------------------------------------------------------
refs() ->
- [hoconsc:ref(?MODULE, ?CONF_NS)].
+ [hoconsc:ref(?MODULE, builtin_db)].
create(_AuthenticatorID, Config) ->
create(Config).
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
index 22b930485..1a766b975 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
@@ -44,32 +44,33 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-mongodb".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
+%% used for config check when the schema module is resolved
roots() ->
[
{?CONF_NS,
hoconsc:mk(
- hoconsc:union(fun union_member_selector/1),
+ hoconsc:union(fun ?MODULE:union_member_selector/1),
#{}
)}
].
-fields(standalone) ->
+fields(mongo_single) ->
common_fields() ++ emqx_connector_mongo:fields(single);
-fields('replica-set') ->
+fields(mongo_rs) ->
common_fields() ++ emqx_connector_mongo:fields(rs);
-fields('sharded-cluster') ->
+fields(mongo_sharded) ->
common_fields() ++ emqx_connector_mongo:fields(sharded).
-desc(standalone) ->
- ?DESC(standalone);
-desc('replica-set') ->
+desc(mongo_single) ->
+ ?DESC(single);
+desc(mongo_rs) ->
?DESC('replica-set');
-desc('sharded-cluster') ->
+desc(mongo_sharded) ->
?DESC('sharded-cluster');
desc(_) ->
undefined.
@@ -126,9 +127,9 @@ is_superuser_field(_) -> undefined.
refs() ->
[
- hoconsc:ref(?MODULE, standalone),
- hoconsc:ref(?MODULE, 'replica-set'),
- hoconsc:ref(?MODULE, 'sharded-cluster')
+ hoconsc:ref(?MODULE, mongo_single),
+ hoconsc:ref(?MODULE, mongo_rs),
+ hoconsc:ref(?MODULE, mongo_sharded)
].
create(_AuthenticatorID, Config) ->
@@ -254,11 +255,11 @@ union_member_selector({value, Value}) ->
refs(Value).
refs(#{<<"mongo_type">> := <<"single">>}) ->
- [hoconsc:ref(?MODULE, standalone)];
+ [hoconsc:ref(?MODULE, mongo_single)];
refs(#{<<"mongo_type">> := <<"rs">>}) ->
- [hoconsc:ref(?MODULE, 'replica-set')];
+ [hoconsc:ref(?MODULE, mongo_rs)];
refs(#{<<"mongo_type">> := <<"sharded">>}) ->
- [hoconsc:ref(?MODULE, 'sharded-cluster')];
+ [hoconsc:ref(?MODULE, mongo_sharded)];
refs(_) ->
throw(#{
field_name => mongo_type,
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
index bedd169e2..d8e631885 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
@@ -45,14 +45,16 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-mysql".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+ [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, mysql))}].
-fields(?CONF_NS) ->
+fields(mysql) ->
[
{mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(mysql)},
@@ -62,8 +64,8 @@ fields(?CONF_NS) ->
] ++ emqx_authn_schema:common_fields() ++
proplists:delete(prepare_statement, emqx_connector_mysql:fields(config)).
-desc(?CONF_NS) ->
- ?DESC(?CONF_NS);
+desc(mysql) ->
+ ?DESC(mysql);
desc(_) ->
undefined.
@@ -82,7 +84,7 @@ query_timeout(_) -> undefined.
%%------------------------------------------------------------------------------
refs() ->
- [hoconsc:ref(?MODULE, ?CONF_NS)].
+ [hoconsc:ref(?MODULE, mysql)].
create(_AuthenticatorID, Config) ->
create(Config).
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
index 3d9e1e08f..d9526cc7b 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
@@ -49,14 +49,16 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-postgresql".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+ [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, postgresql))}].
-fields(?CONF_NS) ->
+fields(postgresql) ->
[
{mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(postgresql)},
@@ -66,8 +68,8 @@ fields(?CONF_NS) ->
emqx_authn_schema:common_fields() ++
proplists:delete(prepare_statement, emqx_connector_pgsql:fields(config)).
-desc(?CONF_NS) ->
- ?DESC(?CONF_NS);
+desc(postgresql) ->
+ ?DESC(postgresql);
desc(_) ->
undefined.
@@ -81,7 +83,7 @@ query(_) -> undefined.
%%------------------------------------------------------------------------------
refs() ->
- [hoconsc:ref(?MODULE, ?CONF_NS)].
+ [hoconsc:ref(?MODULE, postgresql)].
create(_AuthenticatorID, Config) ->
create(Config).
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
index ff81fd4ca..27d8c540a 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
@@ -44,32 +44,33 @@
%% Hocon Schema
%%------------------------------------------------------------------------------
-namespace() -> "authn-redis".
+namespace() -> "authn".
tags() ->
[<<"Authentication">>].
+%% used for config check when the schema module is resolved
roots() ->
[
{?CONF_NS,
hoconsc:mk(
- hoconsc:union(fun union_member_selector/1),
+ hoconsc:union(fun ?MODULE:union_member_selector/1),
#{}
)}
].
-fields(standalone) ->
+fields(redis_single) ->
common_fields() ++ emqx_connector_redis:fields(single);
-fields(cluster) ->
+fields(redis_cluster) ->
common_fields() ++ emqx_connector_redis:fields(cluster);
-fields(sentinel) ->
+fields(redis_sentinel) ->
common_fields() ++ emqx_connector_redis:fields(sentinel).
-desc(standalone) ->
- ?DESC(standalone);
-desc(cluster) ->
+desc(redis_single) ->
+ ?DESC(single);
+desc(redis_cluster) ->
?DESC(cluster);
-desc(sentinel) ->
+desc(redis_sentinel) ->
?DESC(sentinel);
desc(_) ->
"".
@@ -93,9 +94,9 @@ cmd(_) -> undefined.
refs() ->
[
- hoconsc:ref(?MODULE, standalone),
- hoconsc:ref(?MODULE, cluster),
- hoconsc:ref(?MODULE, sentinel)
+ hoconsc:ref(?MODULE, redis_single),
+ hoconsc:ref(?MODULE, redis_cluster),
+ hoconsc:ref(?MODULE, redis_sentinel)
].
union_member_selector(all_union_members) ->
@@ -104,11 +105,11 @@ union_member_selector({value, Value}) ->
refs(Value).
refs(#{<<"redis_type">> := <<"single">>}) ->
- [hoconsc:ref(?MODULE, standalone)];
+ [hoconsc:ref(?MODULE, redis_single)];
refs(#{<<"redis_type">> := <<"cluster">>}) ->
- [hoconsc:ref(?MODULE, cluster)];
+ [hoconsc:ref(?MODULE, redis_cluster)];
refs(#{<<"redis_type">> := <<"sentinel">>}) ->
- [hoconsc:ref(?MODULE, sentinel)];
+ [hoconsc:ref(?MODULE, redis_sentinel)];
refs(_) ->
throw(#{
field_name => redis_type,
diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
index 65c783298..075ae5cb7 100644
--- a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
@@ -107,7 +107,7 @@ t_update_with_invalid_config(_Config) ->
?assertMatch(
{error, #{
kind := validation_error,
- matched_type := "authn-postgresql:authentication",
+ matched_type := "authn:postgresql",
path := "authentication.1.server",
reason := required_field
}},
diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
index 4f95bef93..1354e06cc 100644
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@@ -162,7 +162,7 @@ t_create_invalid_config(_Config) ->
?assertMatch(
{error, #{
kind := validation_error,
- matched_type := "authn-redis:standalone",
+ matched_type := "authn:redis_single",
path := "authentication.1.server",
reason := required_field
}},
diff --git a/apps/emqx_authn/test/emqx_authn_schema_SUITE.erl b/apps/emqx_authn/test/emqx_authn_schema_SUITE.erl
index 7e67584ac..7a766281b 100644
--- a/apps/emqx_authn/test/emqx_authn_schema_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_schema_SUITE.erl
@@ -53,7 +53,7 @@ t_check_schema(_Config) ->
?assertThrow(
#{
path := "authentication.1.password_hash_algorithm.name",
- matched_type := "authn-builtin_db:authentication/authn-hash:simple",
+ matched_type := "authn:builtin_db/authn-hash:simple",
reason := unable_to_convert_to_enum_symbol
},
Check(ConfigNotOk)
@@ -72,7 +72,7 @@ t_check_schema(_Config) ->
#{
path := "authentication.1.password_hash_algorithm",
reason := "algorithm_name_missing",
- matched_type := "authn-builtin_db:authentication"
+ matched_type := "authn:builtin_db"
},
Check(ConfigMissingAlgoName)
).
diff --git a/apps/emqx_authn/test/emqx_authn_schema_tests.erl b/apps/emqx_authn/test/emqx_authn_schema_tests.erl
index 25fcd28e4..622655b2d 100644
--- a/apps/emqx_authn/test/emqx_authn_schema_tests.erl
+++ b/apps/emqx_authn/test/emqx_authn_schema_tests.erl
@@ -32,19 +32,19 @@ union_member_selector_mongo_test_() ->
end},
{"single", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-mongodb:standalone"}),
+ ?ERR(#{matched_type := "authn:mongo_single"}),
Check("{mongo_type: single}")
)
end},
{"replica-set", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-mongodb:replica-set"}),
+ ?ERR(#{matched_type := "authn:mongo_rs"}),
Check("{mongo_type: rs}")
)
end},
{"sharded", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-mongodb:sharded-cluster"}),
+ ?ERR(#{matched_type := "authn:mongo_sharded"}),
Check("{mongo_type: sharded}")
)
end}
@@ -61,19 +61,19 @@ union_member_selector_jwt_test_() ->
end},
{"jwks", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-jwt:jwks"}),
+ ?ERR(#{matched_type := "authn:jwt_jwks"}),
Check("{use_jwks = true}")
)
end},
{"publick-key", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-jwt:public-key"}),
+ ?ERR(#{matched_type := "authn:jwt_public_key"}),
Check("{use_jwks = false, public_key = 1}")
)
end},
{"hmac-based", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-jwt:hmac-based"}),
+ ?ERR(#{matched_type := "authn:jwt_hmac"}),
Check("{use_jwks = false}")
)
end}
@@ -90,19 +90,19 @@ union_member_selector_redis_test_() ->
end},
{"single", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-redis:standalone"}),
+ ?ERR(#{matched_type := "authn:redis_single"}),
Check("{redis_type = single}")
)
end},
{"cluster", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-redis:cluster"}),
+ ?ERR(#{matched_type := "authn:redis_cluster"}),
Check("{redis_type = cluster}")
)
end},
{"sentinel", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-redis:sentinel"}),
+ ?ERR(#{matched_type := "authn:redis_sentinel"}),
Check("{redis_type = sentinel}")
)
end}
@@ -119,13 +119,13 @@ union_member_selector_http_test_() ->
end},
{"get", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-http:get"}),
+ ?ERR(#{matched_type := "authn:http_get"}),
Check("{method = get}")
)
end},
{"post", fun() ->
?assertMatch(
- ?ERR(#{matched_type := "authn-http:post"}),
+ ?ERR(#{matched_type := "authn:http_post"}),
Check("{method = post}")
)
end}
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index f03ae52a8..7aaa68b62 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -54,7 +54,7 @@ type_names() ->
file,
http_get,
http_post,
- mnesia,
+ builtin_db,
mongo_single,
mongo_rs,
mongo_sharded,
@@ -93,7 +93,7 @@ fields(http_post) ->
{method, method(post)},
{headers, fun headers/1}
];
-fields(mnesia) ->
+fields(builtin_db) ->
authz_common_fields(built_in_database);
fields(mongo_single) ->
authz_common_fields(mongodb) ++
@@ -191,8 +191,8 @@ desc(http_get) ->
?DESC(http_get);
desc(http_post) ->
?DESC(http_post);
-desc(mnesia) ->
- ?DESC(mnesia);
+desc(builtin_db) ->
+ ?DESC(builtin_db);
desc(mongo_single) ->
?DESC(mongo_single);
desc(mongo_rs) ->
@@ -459,7 +459,7 @@ select_union_member(#{<<"type">> := <<"http">>} = Value) ->
})
end;
select_union_member(#{<<"type">> := <<"built_in_database">>}) ->
- ?R_REF(mnesia);
+ ?R_REF(builtin_db);
select_union_member(#{<<"type">> := Type}) ->
select_union_member_loop(Type, type_names());
select_union_member(_) ->
@@ -494,7 +494,10 @@ authz_fields() ->
default => [],
desc => ?DESC(sources),
%% doc_lift is force a root level reference instead of nesting sub-structs
- extra => #{doc_lift => true}
+ extra => #{doc_lift => true},
+ %% it is recommended to configure authz sources from dashboard
+ %% hance the importance level for config is low
+ importance => ?IMPORTANCE_LOW
}
)}
].
diff --git a/apps/emqx_conf/src/emqx_conf_schema.erl b/apps/emqx_conf/src/emqx_conf_schema.erl
index ae3691682..f3f014321 100644
--- a/apps/emqx_conf/src/emqx_conf_schema.erl
+++ b/apps/emqx_conf/src/emqx_conf_schema.erl
@@ -100,7 +100,7 @@ roots() ->
?R_REF("rpc"),
#{
translate_to => ["gen_rpc"],
- importance => ?IMPORTANCE_HIDDEN
+ importance => ?IMPORTANCE_LOW
}
)}
] ++
@@ -1288,7 +1288,7 @@ emqx_schema_high_prio_roots() ->
?R_REF("authorization"),
#{
desc => ?DESC(authorization),
- importance => ?IMPORTANCE_HIDDEN
+ importance => ?IMPORTANCE_HIGH
}
)},
lists:keyreplace("authorization", 1, Roots, Authz).
diff --git a/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_influxdb_tests.erl b/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_influxdb_tests.erl
index ce3a0b06f..1e065f6c8 100644
--- a/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_influxdb_tests.erl
+++ b/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_influxdb_tests.erl
@@ -5,8 +5,6 @@
-include_lib("eunit/include/eunit.hrl").
--import(emqx_ee_bridge_influxdb, [to_influx_lines/1]).
-
-define(INVALID_LINES, [
" ",
" \n",
@@ -326,3 +324,13 @@ test_pairs(PairsList) ->
join(Sep, LinesList) ->
lists:flatten(lists:join(Sep, LinesList)).
+
+to_influx_lines(RawLines) ->
+ OldLevel = emqx_logger:get_primary_log_level(),
+ try
+ %% mute error logs from this call
+ emqx_logger:set_primary_log_level(none),
+ emqx_ee_bridge_influxdb:to_influx_lines(RawLines)
+ after
+ emqx_logger:set_primary_log_level(OldLevel)
+ end.
diff --git a/rel/i18n/emqx_authn_jwt.hocon b/rel/i18n/emqx_authn_jwt.hocon
index e28213e37..f947dcf5d 100644
--- a/rel/i18n/emqx_authn_jwt.hocon
+++ b/rel/i18n/emqx_authn_jwt.hocon
@@ -42,10 +42,10 @@ from.desc:
from.label:
"""From Field"""
-hmac-based.desc:
+jwt_hmac.desc:
"""Configuration when the JWT for authentication is issued using the HMAC algorithm."""
-jwks.desc:
+jwt_jwks.desc:
"""Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""
keyfile.desc:
@@ -54,7 +54,7 @@ keyfile.desc:
keyfile.label:
"""Key File"""
-public-key.desc:
+jwt_public_key.desc:
"""Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""
public_key.desc:
diff --git a/rel/i18n/emqx_authn_mnesia.hocon b/rel/i18n/emqx_authn_mnesia.hocon
index 4cfab9493..6770df090 100644
--- a/rel/i18n/emqx_authn_mnesia.hocon
+++ b/rel/i18n/emqx_authn_mnesia.hocon
@@ -1,6 +1,6 @@
emqx_authn_mnesia {
-authentication.desc:
+builtin_db.desc:
"""Configuration of authenticator using built-in database as data source."""
user_id_type.desc:
diff --git a/rel/i18n/emqx_authn_mongodb.hocon b/rel/i18n/emqx_authn_mongodb.hocon
index 97311f751..6d851f58f 100644
--- a/rel/i18n/emqx_authn_mongodb.hocon
+++ b/rel/i18n/emqx_authn_mongodb.hocon
@@ -39,7 +39,7 @@ salt_field.label:
sharded-cluster.desc:
"""Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source."""
-standalone.desc:
+single.desc:
"""Configuration of authenticator using MongoDB (Standalone) as authentication data source."""
}
diff --git a/rel/i18n/emqx_authn_mysql.hocon b/rel/i18n/emqx_authn_mysql.hocon
index 45634a4ad..5eb2d23e9 100644
--- a/rel/i18n/emqx_authn_mysql.hocon
+++ b/rel/i18n/emqx_authn_mysql.hocon
@@ -1,6 +1,6 @@
emqx_authn_mysql {
-authentication.desc:
+mysql.desc:
"""Configuration of authenticator using MySQL as authentication data source."""
query.desc:
diff --git a/rel/i18n/emqx_authn_pgsql.hocon b/rel/i18n/emqx_authn_pgsql.hocon
index a9d727785..696a17861 100644
--- a/rel/i18n/emqx_authn_pgsql.hocon
+++ b/rel/i18n/emqx_authn_pgsql.hocon
@@ -1,6 +1,6 @@
emqx_authn_pgsql {
-authentication.desc:
+postgresql.desc:
"""Configuration of authenticator using PostgreSQL as authentication data source."""
query.desc:
diff --git a/rel/i18n/emqx_authn_redis.hocon b/rel/i18n/emqx_authn_redis.hocon
index f39d54061..e8d98b9a1 100644
--- a/rel/i18n/emqx_authn_redis.hocon
+++ b/rel/i18n/emqx_authn_redis.hocon
@@ -12,7 +12,7 @@ cmd.label:
sentinel.desc:
"""Configuration of authenticator using Redis (Sentinel) as authentication data source."""
-standalone.desc:
+single.desc:
"""Configuration of authenticator using Redis (Standalone) as authentication data source."""
}
diff --git a/rel/i18n/emqx_authz_schema.hocon b/rel/i18n/emqx_authz_schema.hocon
index 9e5339b2c..5318eb769 100644
--- a/rel/i18n/emqx_authz_schema.hocon
+++ b/rel/i18n/emqx_authz_schema.hocon
@@ -120,11 +120,11 @@ node_error.desc:
node_error.label:
"""Error in Node"""
-mnesia.desc:
+builtin_db.desc:
"""Authorization using a built-in database (mnesia)."""
-mnesia.label:
-"""mnesia"""
+builtin_db.label:
+"""Builtin Database"""
enable.desc:
"""Set to true or false to disable this ACL provider"""
diff --git a/rel/i18n/zh/emqx_authn_jwt.hocon b/rel/i18n/zh/emqx_authn_jwt.hocon
index 2aa27c1de..76b999101 100644
--- a/rel/i18n/zh/emqx_authn_jwt.hocon
+++ b/rel/i18n/zh/emqx_authn_jwt.hocon
@@ -42,10 +42,10 @@ from.desc:
from.label:
"""源字段"""
-hmac-based.desc:
+jwt_hmac.desc:
"""用于认证的 JWT 使用 HMAC 算法签发时的配置。"""
-jwks.desc:
+jwt_jwks.desc:
"""用于认证的 JWTs 需要从 JWKS 端点获取时的配置。"""
keyfile.desc:
@@ -54,7 +54,7 @@ keyfile.desc:
keyfile.label:
"""私钥文件"""
-public-key.desc:
+jwt_public_key.desc:
"""用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。"""
public_key.desc:
diff --git a/rel/i18n/zh/emqx_authn_mnesia.hocon b/rel/i18n/zh/emqx_authn_mnesia.hocon
index 1ba394627..78fc96c75 100644
--- a/rel/i18n/zh/emqx_authn_mnesia.hocon
+++ b/rel/i18n/zh/emqx_authn_mnesia.hocon
@@ -1,6 +1,6 @@
emqx_authn_mnesia {
-authentication.desc:
+builtin_db.desc:
"""使用内置数据库作为认证数据源的认证器的配置项。"""
user_id_type.desc:
diff --git a/rel/i18n/zh/emqx_authn_mongodb.hocon b/rel/i18n/zh/emqx_authn_mongodb.hocon
index 01419e2b9..949322a76 100644
--- a/rel/i18n/zh/emqx_authn_mongodb.hocon
+++ b/rel/i18n/zh/emqx_authn_mongodb.hocon
@@ -39,7 +39,7 @@ salt_field.label:
sharded-cluster.desc:
"""使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。"""
-standalone.desc:
+single.desc:
"""使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。"""
}
diff --git a/rel/i18n/zh/emqx_authn_mysql.hocon b/rel/i18n/zh/emqx_authn_mysql.hocon
index e718ad723..c8b72d720 100644
--- a/rel/i18n/zh/emqx_authn_mysql.hocon
+++ b/rel/i18n/zh/emqx_authn_mysql.hocon
@@ -1,6 +1,6 @@
emqx_authn_mysql {
-authentication.desc:
+mysql.desc:
"""使用 MySQL 作为认证数据源的认证器的配置项。"""
query.desc:
diff --git a/rel/i18n/zh/emqx_authn_pgsql.hocon b/rel/i18n/zh/emqx_authn_pgsql.hocon
index 97bf608d2..b9d47828b 100644
--- a/rel/i18n/zh/emqx_authn_pgsql.hocon
+++ b/rel/i18n/zh/emqx_authn_pgsql.hocon
@@ -1,6 +1,6 @@
emqx_authn_pgsql {
-authentication.desc:
+postgresql.desc:
"""使用 PostgreSQL 作为认证数据源的认证器的配置项。"""
query.desc:
diff --git a/rel/i18n/zh/emqx_authn_redis.hocon b/rel/i18n/zh/emqx_authn_redis.hocon
index e3d6b9d96..58137f195 100644
--- a/rel/i18n/zh/emqx_authn_redis.hocon
+++ b/rel/i18n/zh/emqx_authn_redis.hocon
@@ -12,7 +12,7 @@ cmd.label:
sentinel.desc:
"""使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。"""
-standalone.desc:
+single.desc:
"""使用 Redis (Standalone) 作为认证数据源的认证器的配置项。"""
}
diff --git a/rel/i18n/zh/emqx_authz_schema.hocon b/rel/i18n/zh/emqx_authz_schema.hocon
index 3dd6d1c01..f0f973a55 100644
--- a/rel/i18n/zh/emqx_authz_schema.hocon
+++ b/rel/i18n/zh/emqx_authz_schema.hocon
@@ -120,11 +120,11 @@ node_error.desc:
node_error.label:
"""节点产生的错误"""
-mnesia.desc:
+builtin_db.desc:
"""使用内部数据库授权(mnesia)。"""
-mnesia.label:
-"""mnesia"""
+builtin_db.label:
+"""Buitin Database"""
enable.desc:
"""设为 true 或 false 以启用或禁用此访问控制数据源"""