Merge pull request #10421 from zmstone/0417-refine-authn-schema-namespace

0417 refine authn schema namespace

apps/emqx/src/emqx_schema.erl

@@ -164,7 +164,7 @@ roots(high) ->
                 }
             )},
         {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(global)},
-        %% NOTE: authorization schema here is only to keep emqx app prue
+        %% NOTE: authorization schema here is only to keep emqx app pure
         %% the full schema for EMQX node is injected in emqx_conf_schema.
         {?EMQX_AUTHORIZATION_CONFIG_ROOT_NAME,
             sc(
@@ -2762,10 +2762,16 @@ str(S) when is_list(S) ->
     S.
 
 authentication(Which) ->
-    Desc =
+    {Importance, Desc} =
         case Which of
-            global -> ?DESC(global_authentication);
+            global ->
-            listener -> ?DESC(listener_authentication)
+                %% For root level authentication, it is recommended to configure
+                %% from the dashboard or API.
+                %% Hence it's considered a low-importance when it comes to
+                %% configuration importance.
+                {?IMPORTANCE_LOW, ?DESC(global_authentication)};
+            listener ->
+                {?IMPORTANCE_HIDDEN, ?DESC(listener_authentication)}
         end,
     %% poor man's dependency injection
     %% this is due to the fact that authn is implemented outside of 'emqx' app.
@@ -2781,7 +2787,7 @@ authentication(Which) ->
     hoconsc:mk(Type, #{
         desc => Desc,
         converter => fun ensure_array/2,
-        importance => ?IMPORTANCE_HIDDEN
+        importance => Importance
     }).
 
 %% the older version schema allows individual element (instead of a chain) in config

apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl

@@ -105,14 +105,16 @@ mnesia(boot) ->
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-scram-builtin_db".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+    [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, scram))}].
 
-fields(?CONF_NS) ->
+fields(scram) ->
     [
         {mechanism, emqx_authn_schema:mechanism(scram)},
         {backend, emqx_authn_schema:backend(built_in_database)},
@@ -120,7 +122,7 @@ fields(?CONF_NS) ->
         {iteration_count, fun iteration_count/1}
     ] ++ emqx_authn_schema:common_fields().
 
-desc(?CONF_NS) ->
+desc(scram) ->
     "Settings for Salted Challenge Response Authentication Mechanism\n"
     "(SCRAM) authentication.";
 desc(_) ->
@@ -141,7 +143,7 @@ iteration_count(_) -> undefined.
 %%------------------------------------------------------------------------------
 
 refs() ->
-    [hoconsc:ref(?MODULE, ?CONF_NS)].
+    [hoconsc:ref(?MODULE, scram)].
 
 create(
     AuthenticatorID,

apps/emqx_authn/src/simple_authn/emqx_authn_http.erl

@@ -51,34 +51,35 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-http".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
+%% used for config check when the schema module is resolved
 roots() ->
     [
         {?CONF_NS,
             hoconsc:mk(
-                hoconsc:union(fun union_member_selector/1),
+                hoconsc:union(fun ?MODULE:union_member_selector/1),
                 #{}
             )}
     ].
 
-fields(get) ->
+fields(http_get) ->
     [
         {method, #{type => get, required => true, desc => ?DESC(method)}},
         {headers, fun headers_no_content_type/1}
     ] ++ common_fields();
-fields(post) ->
+fields(http_post) ->
     [
         {method, #{type => post, required => true, desc => ?DESC(method)}},
         {headers, fun headers/1}
     ] ++ common_fields().
 
-desc(get) ->
+desc(http_get) ->
     ?DESC(get);
-desc(post) ->
+desc(http_post) ->
     ?DESC(post);
 desc(_) ->
     undefined.
@@ -156,8 +157,8 @@ request_timeout(_) -> undefined.
 
 refs() ->
     [
-        hoconsc:ref(?MODULE, get),
+        hoconsc:ref(?MODULE, http_get),
-        hoconsc:ref(?MODULE, post)
+        hoconsc:ref(?MODULE, http_post)
     ].
 
 union_member_selector(all_union_members) ->
@@ -166,9 +167,9 @@ union_member_selector({value, Value}) ->
     refs(Value).
 
 refs(#{<<"method">> := <<"get">>}) ->
-    [hoconsc:ref(?MODULE, get)];
+    [hoconsc:ref(?MODULE, http_get)];
 refs(#{<<"method">> := <<"post">>}) ->
-    [hoconsc:ref(?MODULE, post)];
+    [hoconsc:ref(?MODULE, http_post)];
 refs(_) ->
     throw(#{
         field_name => method,

apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl

@@ -43,36 +43,57 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-jwt".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
+%% used for config check when the schema module is resolved
 roots() ->
     [
         {?CONF_NS,
             hoconsc:mk(
-                hoconsc:union(fun union_member_selector/1),
+                hoconsc:union(fun ?MODULE:union_member_selector/1),
                 #{}
             )}
     ].
 
-fields('hmac-based') ->
+fields(jwt_hmac) ->
     [
-        {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
+        %% for hmac, it's the 'algorithm' field which selects this type
+        %% use_jwks field can be ignored (kept for backward compatibility)
+        {use_jwks,
+            sc(
+                hoconsc:enum([false]),
+                #{
+                    required => false,
+                    desc => ?DESC(use_jwks),
+                    importance => ?IMPORTANCE_HIDDEN
+                }
+            )},
         {algorithm,
             sc(hoconsc:enum(['hmac-based']), #{required => true, desc => ?DESC(algorithm)})},
         {secret, fun secret/1},
         {secret_base64_encoded, fun secret_base64_encoded/1}
     ] ++ common_fields();
-fields('public-key') ->
+fields(jwt_public_key) ->
     [
-        {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
+        %% for public-key, it's the 'algorithm' field which selects this type
+        %% use_jwks field can be ignored (kept for backward compatibility)
+        {use_jwks,
+            sc(
+                hoconsc:enum([false]),
+                #{
+                    required => false,
+                    desc => ?DESC(use_jwks),
+                    importance => ?IMPORTANCE_HIDDEN
+                }
+            )},
         {algorithm,
             sc(hoconsc:enum(['public-key']), #{required => true, desc => ?DESC(algorithm)})},
         {public_key, fun public_key/1}
     ] ++ common_fields();
-fields('jwks') ->
+fields(jwt_jwks) ->
     [
         {use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ?DESC(use_jwks)})},
         {endpoint, fun endpoint/1},
@@ -85,12 +106,12 @@ fields('jwks') ->
         }}
     ] ++ common_fields().
 
-desc('hmac-based') ->
+desc(jwt_hmac) ->
-    ?DESC('hmac-based');
+    ?DESC(jwt_hmac);
-desc('public-key') ->
+desc(jwt_public_key) ->
-    ?DESC('public-key');
+    ?DESC(jwt_public_key);
-desc('jwks') ->
+desc(jwt_jwks) ->
-    ?DESC('jwks');
+    ?DESC(jwt_jwks);
 desc(undefined) ->
     undefined.
 
@@ -160,9 +181,9 @@ from(_) -> undefined.
 
 refs() ->
     [
-        hoconsc:ref(?MODULE, 'hmac-based'),
+        hoconsc:ref(?MODULE, jwt_hmac),
-        hoconsc:ref(?MODULE, 'public-key'),
+        hoconsc:ref(?MODULE, jwt_public_key),
-        hoconsc:ref(?MODULE, 'jwks')
+        hoconsc:ref(?MODULE, jwt_jwks)
     ].
 
 union_member_selector(all_union_members) ->
@@ -179,11 +200,11 @@ boolean(<<"false">>) -> false;
 boolean(Other) -> Other.
 
 select_ref(true, _) ->
-    [hoconsc:ref(?MODULE, 'jwks')];
+    [hoconsc:ref(?MODULE, 'jwt_jwks')];
 select_ref(false, #{<<"public_key">> := _}) ->
-    [hoconsc:ref(?MODULE, 'public-key')];
+    [hoconsc:ref(?MODULE, jwt_public_key)];
 select_ref(false, _) ->
-    [hoconsc:ref(?MODULE, 'hmac-based')];
+    [hoconsc:ref(?MODULE, jwt_hmac)];
 select_ref(_, _) ->
     throw(#{
         field_name => use_jwks,

apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl

@@ -107,14 +107,16 @@ mnesia(boot) ->
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-builtin_db".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+    [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, builtin_db))}].
 
-fields(?CONF_NS) ->
+fields(builtin_db) ->
     [
         {mechanism, emqx_authn_schema:mechanism(password_based)},
         {backend, emqx_authn_schema:backend(built_in_database)},
@@ -122,8 +124,8 @@ fields(?CONF_NS) ->
         {password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
     ] ++ emqx_authn_schema:common_fields().
 
-desc(?CONF_NS) ->
+desc(builtin_db) ->
-    ?DESC(?CONF_NS);
+    ?DESC(builtin_db);
 desc(_) ->
     undefined.
 
@@ -138,7 +140,7 @@ user_id_type(_) -> undefined.
 %%------------------------------------------------------------------------------
 
 refs() ->
-    [hoconsc:ref(?MODULE, ?CONF_NS)].
+    [hoconsc:ref(?MODULE, builtin_db)].
 
 create(_AuthenticatorID, Config) ->
     create(Config).

apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl

@@ -44,32 +44,33 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-mongodb".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
+%% used for config check when the schema module is resolved
 roots() ->
     [
         {?CONF_NS,
             hoconsc:mk(
-                hoconsc:union(fun union_member_selector/1),
+                hoconsc:union(fun ?MODULE:union_member_selector/1),
                 #{}
             )}
     ].
 
-fields(standalone) ->
+fields(mongo_single) ->
     common_fields() ++ emqx_connector_mongo:fields(single);
-fields('replica-set') ->
+fields(mongo_rs) ->
     common_fields() ++ emqx_connector_mongo:fields(rs);
-fields('sharded-cluster') ->
+fields(mongo_sharded) ->
     common_fields() ++ emqx_connector_mongo:fields(sharded).
 
-desc(standalone) ->
+desc(mongo_single) ->
-    ?DESC(standalone);
+    ?DESC(single);
-desc('replica-set') ->
+desc(mongo_rs) ->
     ?DESC('replica-set');
-desc('sharded-cluster') ->
+desc(mongo_sharded) ->
     ?DESC('sharded-cluster');
 desc(_) ->
     undefined.
@@ -126,9 +127,9 @@ is_superuser_field(_) -> undefined.
 
 refs() ->
     [
-        hoconsc:ref(?MODULE, standalone),
+        hoconsc:ref(?MODULE, mongo_single),
-        hoconsc:ref(?MODULE, 'replica-set'),
+        hoconsc:ref(?MODULE, mongo_rs),
-        hoconsc:ref(?MODULE, 'sharded-cluster')
+        hoconsc:ref(?MODULE, mongo_sharded)
     ].
 
 create(_AuthenticatorID, Config) ->
@@ -254,11 +255,11 @@ union_member_selector({value, Value}) ->
     refs(Value).
 
 refs(#{<<"mongo_type">> := <<"single">>}) ->
-    [hoconsc:ref(?MODULE, standalone)];
+    [hoconsc:ref(?MODULE, mongo_single)];
 refs(#{<<"mongo_type">> := <<"rs">>}) ->
-    [hoconsc:ref(?MODULE, 'replica-set')];
+    [hoconsc:ref(?MODULE, mongo_rs)];
 refs(#{<<"mongo_type">> := <<"sharded">>}) ->
-    [hoconsc:ref(?MODULE, 'sharded-cluster')];
+    [hoconsc:ref(?MODULE, mongo_sharded)];
 refs(_) ->
     throw(#{
         field_name => mongo_type,

apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl

@@ -45,14 +45,16 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-mysql".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+    [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, mysql))}].
 
-fields(?CONF_NS) ->
+fields(mysql) ->
     [
         {mechanism, emqx_authn_schema:mechanism(password_based)},
         {backend, emqx_authn_schema:backend(mysql)},
@@ -62,8 +64,8 @@ fields(?CONF_NS) ->
     ] ++ emqx_authn_schema:common_fields() ++
         proplists:delete(prepare_statement, emqx_connector_mysql:fields(config)).
 
-desc(?CONF_NS) ->
+desc(mysql) ->
-    ?DESC(?CONF_NS);
+    ?DESC(mysql);
 desc(_) ->
     undefined.
 
@@ -82,7 +84,7 @@ query_timeout(_) -> undefined.
 %%------------------------------------------------------------------------------
 
 refs() ->
-    [hoconsc:ref(?MODULE, ?CONF_NS)].
+    [hoconsc:ref(?MODULE, mysql)].
 
 create(_AuthenticatorID, Config) ->
     create(Config).

apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl

@@ -49,14 +49,16 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-postgresql".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
-roots() -> [?CONF_NS].
+%% used for config check when the schema module is resolved
+roots() ->
+    [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, postgresql))}].
 
-fields(?CONF_NS) ->
+fields(postgresql) ->
     [
         {mechanism, emqx_authn_schema:mechanism(password_based)},
         {backend, emqx_authn_schema:backend(postgresql)},
@@ -66,8 +68,8 @@ fields(?CONF_NS) ->
         emqx_authn_schema:common_fields() ++
         proplists:delete(prepare_statement, emqx_connector_pgsql:fields(config)).
 
-desc(?CONF_NS) ->
+desc(postgresql) ->
-    ?DESC(?CONF_NS);
+    ?DESC(postgresql);
 desc(_) ->
     undefined.
 
@@ -81,7 +83,7 @@ query(_) -> undefined.
 %%------------------------------------------------------------------------------
 
 refs() ->
-    [hoconsc:ref(?MODULE, ?CONF_NS)].
+    [hoconsc:ref(?MODULE, postgresql)].
 
 create(_AuthenticatorID, Config) ->
     create(Config).

apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl

@@ -44,32 +44,33 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-namespace() -> "authn-redis".
+namespace() -> "authn".
 
 tags() ->
     [<<"Authentication">>].
 
+%% used for config check when the schema module is resolved
 roots() ->
     [
         {?CONF_NS,
             hoconsc:mk(
-                hoconsc:union(fun union_member_selector/1),
+                hoconsc:union(fun ?MODULE:union_member_selector/1),
                 #{}
             )}
     ].
 
-fields(standalone) ->
+fields(redis_single) ->
     common_fields() ++ emqx_connector_redis:fields(single);
-fields(cluster) ->
+fields(redis_cluster) ->
     common_fields() ++ emqx_connector_redis:fields(cluster);
-fields(sentinel) ->
+fields(redis_sentinel) ->
     common_fields() ++ emqx_connector_redis:fields(sentinel).
 
-desc(standalone) ->
+desc(redis_single) ->
-    ?DESC(standalone);
+    ?DESC(single);
-desc(cluster) ->
+desc(redis_cluster) ->
     ?DESC(cluster);
-desc(sentinel) ->
+desc(redis_sentinel) ->
     ?DESC(sentinel);
 desc(_) ->
     "".
@@ -93,9 +94,9 @@ cmd(_) -> undefined.
 
 refs() ->
     [
-        hoconsc:ref(?MODULE, standalone),
+        hoconsc:ref(?MODULE, redis_single),
-        hoconsc:ref(?MODULE, cluster),
+        hoconsc:ref(?MODULE, redis_cluster),
-        hoconsc:ref(?MODULE, sentinel)
+        hoconsc:ref(?MODULE, redis_sentinel)
     ].
 
 union_member_selector(all_union_members) ->
@@ -104,11 +105,11 @@ union_member_selector({value, Value}) ->
     refs(Value).
 
 refs(#{<<"redis_type">> := <<"single">>}) ->
-    [hoconsc:ref(?MODULE, standalone)];
+    [hoconsc:ref(?MODULE, redis_single)];
 refs(#{<<"redis_type">> := <<"cluster">>}) ->
-    [hoconsc:ref(?MODULE, cluster)];
+    [hoconsc:ref(?MODULE, redis_cluster)];
 refs(#{<<"redis_type">> := <<"sentinel">>}) ->
-    [hoconsc:ref(?MODULE, sentinel)];
+    [hoconsc:ref(?MODULE, redis_sentinel)];
 refs(_) ->
     throw(#{
         field_name => redis_type,

apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl

@@ -107,7 +107,7 @@ t_update_with_invalid_config(_Config) ->
     ?assertMatch(
         {error, #{
             kind := validation_error,
-            matched_type := "authn-postgresql:authentication",
+            matched_type := "authn:postgresql",
             path := "authentication.1.server",
             reason := required_field
         }},

apps/emqx_authn/test/emqx_authn_redis_SUITE.erl

@@ -162,7 +162,7 @@ t_create_invalid_config(_Config) ->
     ?assertMatch(
         {error, #{
             kind := validation_error,
-            matched_type := "authn-redis:standalone",
+            matched_type := "authn:redis_single",
             path := "authentication.1.server",
             reason := required_field
         }},

apps/emqx_authn/test/emqx_authn_schema_SUITE.erl

@@ -53,7 +53,7 @@ t_check_schema(_Config) ->
     ?assertThrow(
         #{
             path := "authentication.1.password_hash_algorithm.name",
-            matched_type := "authn-builtin_db:authentication/authn-hash:simple",
+            matched_type := "authn:builtin_db/authn-hash:simple",
             reason := unable_to_convert_to_enum_symbol
         },
         Check(ConfigNotOk)
@@ -72,7 +72,7 @@ t_check_schema(_Config) ->
         #{
             path := "authentication.1.password_hash_algorithm",
             reason := "algorithm_name_missing",
-            matched_type := "authn-builtin_db:authentication"
+            matched_type := "authn:builtin_db"
         },
         Check(ConfigMissingAlgoName)
     ).

apps/emqx_authn/test/emqx_authn_schema_tests.erl

@@ -32,19 +32,19 @@ union_member_selector_mongo_test_() ->
         end},
         {"single", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-mongodb:standalone"}),
+                ?ERR(#{matched_type := "authn:mongo_single"}),
                 Check("{mongo_type: single}")
             )
         end},
         {"replica-set", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-mongodb:replica-set"}),
+                ?ERR(#{matched_type := "authn:mongo_rs"}),
                 Check("{mongo_type: rs}")
             )
         end},
         {"sharded", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-mongodb:sharded-cluster"}),
+                ?ERR(#{matched_type := "authn:mongo_sharded"}),
                 Check("{mongo_type: sharded}")
             )
         end}
@@ -61,19 +61,19 @@ union_member_selector_jwt_test_() ->
         end},
         {"jwks", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-jwt:jwks"}),
+                ?ERR(#{matched_type := "authn:jwt_jwks"}),
                 Check("{use_jwks = true}")
             )
         end},
         {"publick-key", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-jwt:public-key"}),
+                ?ERR(#{matched_type := "authn:jwt_public_key"}),
                 Check("{use_jwks = false, public_key = 1}")
             )
         end},
         {"hmac-based", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-jwt:hmac-based"}),
+                ?ERR(#{matched_type := "authn:jwt_hmac"}),
                 Check("{use_jwks = false}")
             )
         end}
@@ -90,19 +90,19 @@ union_member_selector_redis_test_() ->
         end},
         {"single", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-redis:standalone"}),
+                ?ERR(#{matched_type := "authn:redis_single"}),
                 Check("{redis_type = single}")
             )
         end},
         {"cluster", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-redis:cluster"}),
+                ?ERR(#{matched_type := "authn:redis_cluster"}),
                 Check("{redis_type = cluster}")
             )
         end},
         {"sentinel", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-redis:sentinel"}),
+                ?ERR(#{matched_type := "authn:redis_sentinel"}),
                 Check("{redis_type = sentinel}")
             )
         end}
@@ -119,13 +119,13 @@ union_member_selector_http_test_() ->
         end},
         {"get", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-http:get"}),
+                ?ERR(#{matched_type := "authn:http_get"}),
                 Check("{method = get}")
             )
         end},
         {"post", fun() ->
             ?assertMatch(
-                ?ERR(#{matched_type := "authn-http:post"}),
+                ?ERR(#{matched_type := "authn:http_post"}),
                 Check("{method = post}")
             )
         end}

apps/emqx_authz/src/emqx_authz_schema.erl

@@ -54,7 +54,7 @@ type_names() ->
         file,
         http_get,
         http_post,
-        mnesia,
+        builtin_db,
         mongo_single,
         mongo_rs,
         mongo_sharded,
@@ -93,7 +93,7 @@ fields(http_post) ->
             {method, method(post)},
             {headers, fun headers/1}
         ];
-fields(mnesia) ->
+fields(builtin_db) ->
     authz_common_fields(built_in_database);
 fields(mongo_single) ->
     authz_common_fields(mongodb) ++
@@ -191,8 +191,8 @@ desc(http_get) ->
     ?DESC(http_get);
 desc(http_post) ->
     ?DESC(http_post);
-desc(mnesia) ->
+desc(builtin_db) ->
-    ?DESC(mnesia);
+    ?DESC(builtin_db);
 desc(mongo_single) ->
     ?DESC(mongo_single);
 desc(mongo_rs) ->
@@ -459,7 +459,7 @@ select_union_member(#{<<"type">> := <<"http">>} = Value) ->
             })
     end;
 select_union_member(#{<<"type">> := <<"built_in_database">>}) ->
-    ?R_REF(mnesia);
+    ?R_REF(builtin_db);
 select_union_member(#{<<"type">> := Type}) ->
     select_union_member_loop(Type, type_names());
 select_union_member(_) ->
@@ -494,7 +494,10 @@ authz_fields() ->
                     default => [],
                     desc => ?DESC(sources),
                     %% doc_lift is force a root level reference instead of nesting sub-structs
-                    extra => #{doc_lift => true}
+                    extra => #{doc_lift => true},
+                    %% it is recommended to configure authz sources from dashboard
+                    %% hance the importance level for config is low
+                    importance => ?IMPORTANCE_LOW
                 }
             )}
     ].

apps/emqx_conf/src/emqx_conf_schema.erl

@@ -100,7 +100,7 @@ roots() ->
                     ?R_REF("rpc"),
                     #{
                         translate_to => ["gen_rpc"],
-                        importance => ?IMPORTANCE_HIDDEN
+                        importance => ?IMPORTANCE_LOW
                     }
                 )}
         ] ++
@@ -1288,7 +1288,7 @@ emqx_schema_high_prio_roots() ->
                 ?R_REF("authorization"),
                 #{
                     desc => ?DESC(authorization),
-                    importance => ?IMPORTANCE_HIDDEN
+                    importance => ?IMPORTANCE_HIGH
                 }
             )},
     lists:keyreplace("authorization", 1, Roots, Authz).

lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_influxdb_tests.erl

@@ -5,8 +5,6 @@
 
 -include_lib("eunit/include/eunit.hrl").
 
--import(emqx_ee_bridge_influxdb, [to_influx_lines/1]).
-
 -define(INVALID_LINES, [
     "   ",
     " \n",
@@ -326,3 +324,13 @@ test_pairs(PairsList) ->
 
 join(Sep, LinesList) ->
     lists:flatten(lists:join(Sep, LinesList)).
+
+to_influx_lines(RawLines) ->
+    OldLevel = emqx_logger:get_primary_log_level(),
+    try
+        %% mute error logs from this call
+        emqx_logger:set_primary_log_level(none),
+        emqx_ee_bridge_influxdb:to_influx_lines(RawLines)
+    after
+        emqx_logger:set_primary_log_level(OldLevel)
+    end.

rel/i18n/emqx_authn_jwt.hocon

@@ -42,10 +42,10 @@ from.desc:
 from.label:
 """From Field"""
 
-hmac-based.desc:
+jwt_hmac.desc:
 """Configuration when the JWT for authentication is issued using the HMAC algorithm."""
 
-jwks.desc:
+jwt_jwks.desc:
 """Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""
 
 keyfile.desc:
@@ -54,7 +54,7 @@ keyfile.desc:
 keyfile.label:
 """Key File"""
 
-public-key.desc:
+jwt_public_key.desc:
 """Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""
 
 public_key.desc:

rel/i18n/emqx_authn_mnesia.hocon

@@ -1,6 +1,6 @@
 emqx_authn_mnesia {
 
-authentication.desc:
+builtin_db.desc:
 """Configuration of authenticator using built-in database as data source."""
 
 user_id_type.desc:

rel/i18n/emqx_authn_mongodb.hocon

@@ -39,7 +39,7 @@ salt_field.label:
 sharded-cluster.desc:
 """Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source."""
 
-standalone.desc:
+single.desc:
 """Configuration of authenticator using MongoDB (Standalone) as authentication data source."""
 
 }

rel/i18n/emqx_authn_mysql.hocon

@@ -1,6 +1,6 @@
 emqx_authn_mysql {
 
-authentication.desc:
+mysql.desc:
 """Configuration of authenticator using MySQL as authentication data source."""
 
 query.desc:

rel/i18n/emqx_authn_pgsql.hocon

@@ -1,6 +1,6 @@
 emqx_authn_pgsql {
 
-authentication.desc:
+postgresql.desc:
 """Configuration of authenticator using PostgreSQL as authentication data source."""
 
 query.desc:

rel/i18n/emqx_authn_redis.hocon

@@ -12,7 +12,7 @@ cmd.label:
 sentinel.desc:
 """Configuration of authenticator using Redis (Sentinel) as authentication data source."""
 
-standalone.desc:
+single.desc:
 """Configuration of authenticator using Redis (Standalone) as authentication data source."""
 
 }

rel/i18n/emqx_authz_schema.hocon

@@ -120,11 +120,11 @@ node_error.desc:
 node_error.label:
 """Error in Node"""
 
-mnesia.desc:
+builtin_db.desc:
 """Authorization using a built-in database (mnesia)."""
 
-mnesia.label:
+builtin_db.label:
-"""mnesia"""
+"""Builtin Database"""
 
 enable.desc:
 """Set to <code>true</code> or <code>false</code> to disable this ACL provider"""

rel/i18n/zh/emqx_authn_jwt.hocon

@@ -42,10 +42,10 @@ from.desc:
 from.label:
 """源字段"""
 
-hmac-based.desc:
+jwt_hmac.desc:
 """用于认证的 JWT 使用 HMAC 算法签发时的配置。"""
 
-jwks.desc:
+jwt_jwks.desc:
 """用于认证的 JWTs 需要从 JWKS 端点获取时的配置。"""
 
 keyfile.desc:
@@ -54,7 +54,7 @@ keyfile.desc:
 keyfile.label:
 """私钥文件"""
 
-public-key.desc:
+jwt_public_key.desc:
 """用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。"""
 
 public_key.desc:

rel/i18n/zh/emqx_authn_mnesia.hocon

@@ -1,6 +1,6 @@
 emqx_authn_mnesia {
 
-authentication.desc:
+builtin_db.desc:
 """使用内置数据库作为认证数据源的认证器的配置项。"""
 
 user_id_type.desc:

rel/i18n/zh/emqx_authn_mongodb.hocon

@@ -39,7 +39,7 @@ salt_field.label:
 sharded-cluster.desc:
 """使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。"""
 
-standalone.desc:
+single.desc:
 """使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。"""
 
 }

rel/i18n/zh/emqx_authn_mysql.hocon

@@ -1,6 +1,6 @@
 emqx_authn_mysql {
 
-authentication.desc:
+mysql.desc:
 """使用 MySQL 作为认证数据源的认证器的配置项。"""
 
 query.desc:

rel/i18n/zh/emqx_authn_pgsql.hocon

@@ -1,6 +1,6 @@
 emqx_authn_pgsql {
 
-authentication.desc:
+postgresql.desc:
 """使用 PostgreSQL 作为认证数据源的认证器的配置项。"""
 
 query.desc:

rel/i18n/zh/emqx_authn_redis.hocon

@@ -12,7 +12,7 @@ cmd.label:
 sentinel.desc:
 """使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。"""
 
-standalone.desc:
+single.desc:
 """使用 Redis (Standalone) 作为认证数据源的认证器的配置项。"""
 
 }

rel/i18n/zh/emqx_authz_schema.hocon

@@ -120,11 +120,11 @@ node_error.desc:
 node_error.label:
 """节点产生的错误"""
 
-mnesia.desc:
+builtin_db.desc:
 """使用内部数据库授权（mnesia）。"""
 
-mnesia.label:
+builtin_db.label:
-"""mnesia"""
+"""Buitin Database"""
 
 enable.desc:
 """设为 <code>true</code> 或 <code>false</code> 以启用或禁用此访问控制数据源"""