fix(authz): schema fields used directly.

apps/emqx/src/emqx_schema.erl

@@ -93,7 +93,8 @@ roots() ->
      "plugins",
      "stats",
      "sysmon",
-     "alarm"
+     "alarm",
+     "authorization"
     ].
 
 fields("stats") ->
@@ -113,13 +114,13 @@ fields("authorization") ->
           #{ default => ignore
            })}
     , {"cache",
-       sc(ref("authorization_cache"),
+       sc(ref(?MODULE, "cache"),
           #{
            })
        }
     ];
 
-fields("authorization_cache") ->
+fields("cache") ->
     [ {"enable",
        sc(boolean(),
           #{ default => true
@@ -276,7 +277,7 @@ fields("zones") ->
          )}];
 
 fields("zone_settings") ->
-    Fields = ["mqtt", "stats", "authorization", "flapping_detect", "force_shutdown",
+    Fields = ["mqtt", "stats", "flapping_detect", "force_shutdown",
               "conn_congestion", "rate_limit", "quota", "force_gc"],
     [{F, ref(emqx_zone_schema, F)} || F <- Fields];
 

apps/emqx_authz/src/emqx_authz.erl

@@ -350,9 +350,9 @@ do_authorize(Client, PubSub, Topic,
 %%--------------------------------------------------------------------
 
 check_sources(RawSources) ->
-    {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}),
-    CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}),
-    #{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf),
+    Schema = #{roots => emqx_authz_schema:fields("authorization"), fields => #{}},
+    Conf = #{<<"sources">> => RawSources},
+    #{sources := Sources} = hocon_schema:check_plain(Schema, Conf, #{atom_key => true}),
     Sources.
 
 find_source_by_type(Type) -> find_source_by_type(Type, lookup()).

apps/emqx_authz/src/emqx_authz_schema.erl

@@ -20,6 +20,8 @@
 
 namespace() -> authz.
 
+%% @doc authorization schema is not exported
+%% but directly used by emqx_schema
 roots() -> [].
 
 fields("authorization") ->

apps/emqx_connector/src/emqx_connector_mongo.erl

@@ -82,7 +82,8 @@ mongo_fields() ->
     , {auth_source, #{type => binary(),
                       nullable => true}}
     , {database, fun emqx_connector_schema_lib:database/1}
-    , {topology, #{type => hoconsc:ref(?MODULE, topology)}}
+    , {topology, #{type => hoconsc:ref(?MODULE, topology),
+                   nullable => true}}
     ] ++
     emqx_connector_schema_lib:ssl_fields().
 

apps/emqx_machine/src/emqx_machine_schema.erl

@@ -61,7 +61,13 @@
 namespace() -> undefined.
 
 roots() ->
-    ["cluster", "node", "rpc", "log"] ++ lists:flatmap(fun roots/1, ?MERGED_CONFIGS).
+    %% This is a temp workaround to define part of authorization config
+    %% in emqx_schema and part of it in emqx_authz_schema but then
+    %% merged here in this module
+    %% The proper fix should be to make connection (channel, session) state
+    %% extendable by e.g. allow hooks be stateful.
+    ["cluster", "node", "rpc", "log", "authorization"] ++
+    lists:keydelete("authorization", 1, lists:flatmap(fun roots/1, ?MERGED_CONFIGS)).
 
 fields("cluster") ->
     [ {"name",