chore(authn): fix raw authn configs

apps/emqx_authn/test/emqx_authn_http_SUITE.erl

@@ -84,8 +84,8 @@ t_create_invalid(_Config) ->
 
     InvalidConfigs =
         [
-            AuthConfig#{headers => []},
-            AuthConfig#{method => delete}
+            AuthConfig#{<<"headers">> => []},
+            AuthConfig#{<<"method">> => <<"delete">>}
         ],
 
     lists:foreach(
@@ -181,7 +181,7 @@ t_destroy(_Config) ->
 t_update(_Config) ->
     CorrectConfig = raw_http_auth_config(),
     IncorrectConfig =
-        CorrectConfig#{url => <<"http://127.0.0.1:32333/invalid">>},
+        CorrectConfig#{<<"url">> => <<"http://127.0.0.1:32333/invalid">>},
 
     {ok, _} = emqx:update_config(
         ?PATH,
@@ -265,14 +265,14 @@ test_is_superuser({Kind, Value, ExpectedValue}) ->
 
 raw_http_auth_config() ->
     #{
-        mechanism => <<"password_based">>,
-        enable => <<"true">>,
-
-        backend => <<"http">>,
-        method => <<"get">>,
-        url => <<"http://127.0.0.1:32333/auth">>,
-        body => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
-        headers => #{<<"X-Test-Header">> => <<"Test Value">>}
+        <<"mechanism">> => <<"password_based">>,
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"http">>,
+        <<"method">> => <<"get">>,
+        <<"url">> => <<"http://127.0.0.1:32333/auth">>,
+        <<"body">> => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
+        <<"headers">> => #{<<"X-Test-Header">> => <<"Test Value">>}
     }.
 
 samples() ->
@@ -355,8 +355,8 @@ samples() ->
                 {ok, Req, State}
             end,
             config_params => #{
-                method => post,
-                headers => #{<<"content-type">> => <<"application/json">>}
+                <<"method">> => <<"post">>,
+                <<"headers">> => #{<<"content-type">> => <<"application/json">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -373,8 +373,8 @@ samples() ->
                 {ok, Req, State}
             end,
             config_params => #{
-                method => post,
-                headers => #{
+                <<"method">> => <<"post">>,
+                <<"headers">> => #{
                     <<"content-type">> =>
                         <<"application/x-www-form-urlencoded">>
                 }

apps/emqx_authn/test/emqx_authn_https_SUITE.erl

@@ -140,18 +140,18 @@ create_https_auth_with_ssl_opts(SpecificSSLOpts) ->
 raw_https_auth_config(SpecificSSLOpts) ->
     SSLOpts = maps:merge(
         emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{enable => <<"true">>}
+        #{<<"enable">> => <<"true">>}
     ),
     #{
-        mechanism => <<"password_based">>,
-        enable => <<"true">>,
-
-        backend => <<"http">>,
-        method => <<"get">>,
-        url => <<"https://127.0.0.1:32334/auth">>,
-        body => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
-        headers => #{<<"X-Test-Header">> => <<"Test Value">>},
-        ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+        <<"mechanism">> => <<"password_based">>,
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"http">>,
+        <<"method">> => <<"get">>,
+        <<"url">> => <<"https://127.0.0.1:32334/auth">>,
+        <<"body">> => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
+        <<"headers">> => #{<<"X-Test-Header">> => <<"Test Value">>},
+        <<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
     }.
 
 start_apps(Apps) ->

apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl

@@ -492,14 +492,14 @@ generate_jws('public-key', Payload, PrivateKey) ->
     JWS.
 
 client_ssl_opts() ->
-    maps:merge(
-        emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{
-            enable => true,
-            verify => verify_peer,
-            server_name_indication => "authn-server"
-        }
-    ).
+    #{
+        keyfile => cert_file("client.key"),
+        certfile => cert_file("client.crt"),
+        cacertfile => cert_file("ca.crt"),
+        enable => true,
+        verify => verify_peer,
+        server_name_indication => "authn-server"
+    }.
 
 server_ssl_opts() ->
     [

apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl

@@ -83,9 +83,9 @@ t_create_invalid(_Config) ->
 
     InvalidConfigs =
         [
-            AuthConfig#{mongo_type => <<"unknown">>},
-            AuthConfig#{filter => <<"{ \"username\": \"${username}\" }">>},
-            AuthConfig#{w_mode => <<"unknown">>}
+            AuthConfig#{<<"mongo_type">> => <<"unknown">>},
+            AuthConfig#{<<"filter">> => <<"{ \"username\": \"${username}\" }">>},
+            AuthConfig#{<<"w_mode">> => <<"unknown">>}
         ],
 
     lists:foreach(
@@ -180,7 +180,7 @@ t_update(_Config) ->
     ok = init_seeds(),
     CorrectConfig = raw_mongo_auth_config(),
     IncorrectConfig =
-        CorrectConfig#{filter => #{<<"wrongfield">> => <<"wrongvalue">>}},
+        CorrectConfig#{<<"filter">> => #{<<"wrongfield">> => <<"wrongvalue">>}},
 
     {ok, _} = emqx:update_config(
         ?PATH,
@@ -265,24 +265,24 @@ test_is_superuser({Value, ExpectedValue}) ->
 
 raw_mongo_auth_config() ->
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
-
-        backend => <<"mongodb">>,
-        mongo_type => <<"single">>,
-        database => <<"mqtt">>,
-        collection => <<"users">>,
-        server => mongo_server(),
-        w_mode => <<"unsafe">>,
-
-        filter => #{<<"username">> => <<"${username}">>},
-        password_hash_field => <<"password_hash">>,
-        salt_field => <<"salt">>,
-        is_superuser_field => <<"is_superuser">>
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"mongodb">>,
+        <<"mongo_type">> => <<"single">>,
+        <<"database">> => <<"mqtt">>,
+        <<"collection">> => <<"users">>,
+        <<"server">> => mongo_server(),
+        <<"w_mode">> => <<"unsafe">>,
+
+        <<"filter">> => #{<<"username">> => <<"${username}">>},
+        <<"password_hash_field">> => <<"password_hash">>,
+        <<"salt_field">> => <<"salt">>,
+        <<"is_superuser_field">> => <<"is_superuser">>
     }.
 
 user_seeds() ->
@@ -314,9 +314,9 @@ user_seeds() ->
                 password => <<"md5">>
             },
             config_params => #{
-                password_hash_algorithm => #{
-                    name => <<"md5">>,
-                    salt_position => <<"suffix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"md5">>,
+                    <<"salt_position">> => <<"suffix">>
                 }
             },
             result => {ok, #{is_superuser => false}}
@@ -335,10 +335,10 @@ user_seeds() ->
                 password => <<"sha256">>
             },
             config_params => #{
-                filter => #{<<"username">> => <<"${clientid}">>},
-                password_hash_algorithm => #{
-                    name => <<"sha256">>,
-                    salt_position => <<"prefix">>
+                <<"filter">> => #{<<"username">> => <<"${clientid}">>},
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
                 }
             },
             result => {ok, #{is_superuser => true}}
@@ -357,7 +357,7 @@ user_seeds() ->
                 password => <<"bcrypt">>
             },
             config_params => #{
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -376,8 +376,8 @@ user_seeds() ->
             },
             config_params => #{
                 % clientid variable & username credentials
-                filter => #{<<"username">> => <<"${clientid}">>},
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"filter">> => #{<<"username">> => <<"${clientid}">>},
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -395,8 +395,8 @@ user_seeds() ->
                 password => <<"bcrypt">>
             },
             config_params => #{
-                filter => #{<<"userid">> => <<"${clientid}">>},
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"filter">> => #{<<"userid">> => <<"${clientid}">>},
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -415,7 +415,7 @@ user_seeds() ->
                 password => <<"wrongpass">>
             },
             config_params => #{
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, bad_username_or_password}
         }

apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl

@@ -171,33 +171,33 @@ create_mongo_auth_with_ssl_opts(SpecificSSLOpts) ->
 raw_mongo_auth_config(SpecificSSLOpts) ->
     SSLOpts = maps:merge(
         emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{enable => <<"true">>}
+        #{<<"enable">> => <<"true">>}
     ),
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
-
-        backend => <<"mongodb">>,
-        pool_size => 2,
-        mongo_type => <<"single">>,
-        database => <<"mqtt">>,
-        collection => <<"users">>,
-        server => mongo_server(),
-        w_mode => <<"unsafe">>,
-
-        filter => #{<<"username">> => <<"${username}">>},
-        password_hash_field => <<"password_hash">>,
-        salt_field => <<"salt">>,
-        is_superuser_field => <<"is_superuser">>,
-        topology => #{
-            server_selection_timeout_ms => <<"10000ms">>
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"mongodb">>,
+        <<"pool_size">> => 2,
+        <<"mongo_type">> => <<"single">>,
+        <<"database">> => <<"mqtt">>,
+        <<"collection">> => <<"users">>,
+        <<"server">> => mongo_server(),
+        <<"w_mode">> => <<"unsafe">>,
+
+        <<"filter">> => #{<<"username">> => <<"${username}">>},
+        <<"password_hash_field">> => <<"password_hash">>,
+        <<"salt_field">> => <<"salt">>,
+        <<"is_superuser_field">> => <<"is_superuser">>,
+        <<"topology">> => #{
+            <<"server_selection_timeout_ms">> => <<"10000ms">>
         },
 
-        ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+        <<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
     }.
 
 mongo_server() ->

apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl

@@ -100,10 +100,10 @@ t_create_invalid(_Config) ->
 
     InvalidConfigs =
         [
-            maps:without([server], AuthConfig),
-            AuthConfig#{server => <<"unknownhost:3333">>},
-            AuthConfig#{password => <<"wrongpass">>},
-            AuthConfig#{database => <<"wrongdatabase">>}
+            maps:without([<<"server">>], AuthConfig),
+            AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
+            AuthConfig#{<<"password">> => <<"wrongpass">>},
+            AuthConfig#{<<"database">> => <<"wrongdatabase">>}
         ],
 
     lists:foreach(
@@ -194,7 +194,7 @@ t_update(_Config) ->
     CorrectConfig = raw_mysql_auth_config(),
     IncorrectConfig =
         CorrectConfig#{
-            query =>
+            <<"query">> =>
                 <<
                     "SELECT password_hash, salt, is_superuser_str as is_superuser\n"
                     "                          FROM wrong_table where username = ${username} LIMIT 1"
@@ -236,24 +236,24 @@ t_update(_Config) ->
 
 raw_mysql_auth_config() ->
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
+        <<"enable">> => <<"true">>,
 
-        backend => <<"mysql">>,
-        database => <<"mqtt">>,
-        username => <<"root">>,
-        password => <<"public">>,
+        <<"backend">> => <<"mysql">>,
+        <<"database">> => <<"mqtt">>,
+        <<"username">> => <<"root">>,
+        <<"password">> => <<"public">>,
 
-        query =>
+        <<"query">> =>
             <<
                 "SELECT password_hash, salt, is_superuser_str as is_superuser\n"
                 "                      FROM users where username = ${username} LIMIT 1"
             >>,
-        server => mysql_server()
+        <<"server">> => mysql_server()
     }.
 
 user_seeds() ->
@@ -285,9 +285,9 @@ user_seeds() ->
                 password => <<"md5">>
             },
             config_params => #{
-                password_hash_algorithm => #{
-                    name => <<"md5">>,
-                    salt_position => <<"suffix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"md5">>,
+                    <<"salt_position">> => <<"suffix">>
                 }
             },
             result => {ok, #{is_superuser => false}}
@@ -305,14 +305,14 @@ user_seeds() ->
                 password => <<"sha256">>
             },
             config_params => #{
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${clientid} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{
-                    name => <<"sha256">>,
-                    salt_position => <<"prefix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
                 }
             },
             result => {ok, #{is_superuser => true}}
@@ -330,12 +330,12 @@ user_seeds() ->
                 password => <<"bcrypt">>
             },
             config_params => #{
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${username} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -351,12 +351,12 @@ user_seeds() ->
                 password => <<"bcrypt">>
             },
             config_params => #{
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${username} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -374,12 +374,12 @@ user_seeds() ->
             },
             config_params => #{
                 % clientid variable & username credentials
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${clientid} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -397,12 +397,12 @@ user_seeds() ->
             },
             config_params => #{
                 % Bad keys in query
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT 1 AS unknown_field\n"
                         "                            FROM users where username = ${username} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -420,7 +420,7 @@ user_seeds() ->
                 password => <<"wrongpass">>
             },
             config_params => #{
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, bad_username_or_password}
         }

apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl

@@ -131,28 +131,28 @@ create_mysql_auth_with_ssl_opts(SpecificSSLOpts) ->
 raw_mysql_auth_config(SpecificSSLOpts) ->
     SSLOpts = maps:merge(
         emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{enable => <<"true">>}
+        #{<<"enable">> => <<"true">>}
     ),
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
+        <<"enable">> => <<"true">>,
 
-        backend => <<"mysql">>,
-        database => <<"mqtt">>,
-        username => <<"root">>,
-        password => <<"public">>,
+        <<"backend">> => <<"mysql">>,
+        <<"database">> => <<"mqtt">>,
+        <<"username">> => <<"root">>,
+        <<"password">> => <<"public">>,
 
-        query =>
+        <<"query">> =>
             <<
                 "SELECT password_hash, salt, is_superuser_str as is_superuser\n"
                 "                      FROM users where username = ${username} LIMIT 1"
             >>,
-        server => mysql_server(),
-        ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+        <<"server">> => mysql_server(),
+        <<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
     }.
 
 mysql_server() ->

apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl

@@ -101,10 +101,10 @@ t_create_invalid(_Config) ->
 
     InvalidConfigs =
         [
-            maps:without([server], AuthConfig),
-            AuthConfig#{server => <<"unknownhost:3333">>},
-            AuthConfig#{password => <<"wrongpass">>},
-            AuthConfig#{database => <<"wrongdatabase">>}
+            maps:without([<<"server">>], AuthConfig),
+            AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
+            AuthConfig#{<<"password">> => <<"wrongpass">>},
+            AuthConfig#{<<"database">> => <<"wrongdatabase">>}
         ],
 
     lists:foreach(
@@ -195,7 +195,7 @@ t_update(_Config) ->
     CorrectConfig = raw_pgsql_auth_config(),
     IncorrectConfig =
         CorrectConfig#{
-            query =>
+            <<"query">> =>
                 <<
                     "SELECT password_hash, salt, is_superuser_str as is_superuser\n"
                     "                          FROM users where username = ${username} LIMIT 0"
@@ -274,7 +274,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
             " as is_superuser "
             "FROM users where username = ${username} LIMIT 1",
 
-    Config = maps:put(query, Query, raw_pgsql_auth_config()),
+    Config = maps:put(<<"query">>, Query, raw_pgsql_auth_config()),
     {ok, _} = emqx:update_config(
         ?PATH,
         {update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, Config}
@@ -298,24 +298,24 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
 
 raw_pgsql_auth_config() ->
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
+        <<"enable">> => <<"true">>,
 
-        backend => <<"postgresql">>,
-        database => <<"mqtt">>,
-        username => <<"root">>,
-        password => <<"public">>,
+        <<"backend">> => <<"postgresql">>,
+        <<"database">> => <<"mqtt">>,
+        <<"username">> => <<"root">>,
+        <<"password">> => <<"public">>,
 
-        query =>
+        <<"query">> =>
             <<
                 "SELECT password_hash, salt, is_superuser_str as is_superuser\n"
                 "                      FROM users where username = ${username} LIMIT 1"
             >>,
-        server => pgsql_server()
+        <<"server">> => pgsql_server()
     }.
 
 user_seeds() ->
@@ -347,9 +347,9 @@ user_seeds() ->
                 password => <<"md5">>
             },
             config_params => #{
-                password_hash_algorithm => #{
-                    name => <<"md5">>,
-                    salt_position => <<"suffix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"md5">>,
+                    <<"salt_position">> => <<"suffix">>
                 }
             },
             result => {ok, #{is_superuser => false}}
@@ -367,14 +367,14 @@ user_seeds() ->
                 password => <<"sha256">>
             },
             config_params => #{
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${clientid} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{
-                    name => <<"sha256">>,
-                    salt_position => <<"prefix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
                 }
             },
             result => {ok, #{is_superuser => true}}
@@ -392,12 +392,12 @@ user_seeds() ->
                 password => <<"bcrypt">>
             },
             config_params => #{
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${username} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -415,12 +415,12 @@ user_seeds() ->
             },
             config_params => #{
                 % clientid variable & username credentials
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
                         "                            FROM users where username = ${clientid} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -438,12 +438,12 @@ user_seeds() ->
             },
             config_params => #{
                 % Bad keys in query
-                query =>
+                <<"query">> =>
                     <<
                         "SELECT 1 AS unknown_field\n"
                         "                            FROM users where username = ${username} LIMIT 1"
                     >>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -461,7 +461,7 @@ user_seeds() ->
                 password => <<"wrongpass">>
             },
             config_params => #{
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, bad_username_or_password}
         }

apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl

@@ -131,24 +131,24 @@ create_pgsql_auth_with_ssl_opts(SpecificSSLOpts) ->
 raw_pgsql_auth_config(SpecificSSLOpts) ->
     SSLOpts = maps:merge(
         emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{enable => <<"true">>}
+        #{<<"enable">> => <<"true">>}
     ),
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
+        <<"enable">> => <<"true">>,
 
-        backend => <<"postgresql">>,
-        database => <<"mqtt">>,
-        username => <<"root">>,
-        password => <<"public">>,
+        <<"backend">> => <<"postgresql">>,
+        <<"database">> => <<"mqtt">>,
+        <<"username">> => <<"root">>,
+        <<"password">> => <<"public">>,
 
-        query => <<"SELECT 1">>,
-        server => pgsql_server(),
-        ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+        <<"query">> => <<"SELECT 1">>,
+        <<"server">> => pgsql_server(),
+        <<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
     }.
 
 pgsql_server() ->

apps/emqx_authn/test/emqx_authn_redis_SUITE.erl

@@ -102,16 +102,16 @@ t_create_invalid(_Config) ->
     InvalidConfigs =
         [
             AuthConfig#{
-                cmd => <<"MGET password_hash:${username} salt:${username}">>
+                <<"cmd">> => <<"MGET password_hash:${username} salt:${username}">>
             },
             AuthConfig#{
-                cmd => <<"HMGET mqtt_user:${username} password_hash invalid_field">>
+                <<"cmd">> => <<"HMGET mqtt_user:${username} password_hash invalid_field">>
             },
             AuthConfig#{
-                cmd => <<"HMGET mqtt_user:${username} salt is_superuser">>
+                <<"cmd">> => <<"HMGET mqtt_user:${username} salt is_superuser">>
             },
             AuthConfig#{
-                cmd => <<"HGETALL mqtt_user:${username} salt is_superuser">>
+                <<"cmd">> => <<"HGETALL mqtt_user:${username} salt is_superuser">>
             }
         ],
     lists:foreach(
@@ -131,10 +131,10 @@ t_create_invalid(_Config) ->
 
     InvalidConfigs1 =
         [
-            maps:without([server], AuthConfig),
-            AuthConfig#{server => <<"unknownhost:3333">>},
-            AuthConfig#{password => <<"wrongpass">>},
-            AuthConfig#{database => <<"5678">>}
+            maps:without([<<"server">>], AuthConfig),
+            AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
+            AuthConfig#{<<"password">> => <<"wrongpass">>},
+            AuthConfig#{<<"database">> => <<"5678">>}
         ],
 
     lists:foreach(
@@ -225,7 +225,7 @@ t_update(_Config) ->
     CorrectConfig = raw_redis_auth_config(),
     IncorrectConfig =
         CorrectConfig#{
-            cmd => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>
+            <<"cmd">> => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>
         },
 
     {ok, _} = emqx:update_config(
@@ -263,19 +263,19 @@ t_update(_Config) ->
 
 raw_redis_auth_config() ->
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
-
-        backend => <<"redis">>,
-        cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
-        database => <<"1">>,
-        password => <<"public">>,
-        redis_type => <<"single">>,
-        server => redis_server()
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"redis">>,
+        <<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
+        <<"database">> => <<"1">>,
+        <<"password">> => <<"public">>,
+        <<"redis_type">> => <<"single">>,
+        <<"server">> => redis_server()
     }.
 
 user_seeds() ->
@@ -307,9 +307,9 @@ user_seeds() ->
             },
             key => <<"mqtt_user:md5">>,
             config_params => #{
-                password_hash_algorithm => #{
-                    name => <<"md5">>,
-                    salt_position => <<"suffix">>
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"md5">>,
+                    <<"salt_position">> => <<"suffix">>
                 }
             },
             result => {ok, #{is_superuser => false}}
@@ -328,10 +328,10 @@ user_seeds() ->
             },
             key => <<"mqtt_user:sha256">>,
             config_params => #{
-                cmd => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
-                password_hash_algorithm => #{
-                    name => <<"sha256">>,
-                    salt_position => <<"prefix">>
+                <<"cmd">> => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
                 }
             },
             result => {ok, #{is_superuser => true}}
@@ -349,10 +349,10 @@ user_seeds() ->
             },
             key => <<"mqtt_user:sha256_no_salt">>,
             config_params => #{
-                cmd => <<"HMGET mqtt_user:${clientid} password_hash is_superuser">>,
-                password_hash_algorithm => #{
-                    name => <<"sha256">>,
-                    salt_position => <<"disable">>
+                <<"cmd">> => <<"HMGET mqtt_user:${clientid} password_hash is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"disable">>
                 }
             },
             result => {ok, #{is_superuser => true}}
@@ -371,7 +371,7 @@ user_seeds() ->
             },
             key => <<"mqtt_user:bcrypt">>,
             config_params => #{
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {ok, #{is_superuser => false}}
         },
@@ -387,10 +387,10 @@ user_seeds() ->
             },
             key => <<"mqtt_user:pbkdf2">>,
             config_params => #{
-                password_hash_algorithm => #{
-                    name => <<"pbkdf2">>,
-                    iterations => 2,
-                    mac_fun => sha
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"pbkdf2">>,
+                    <<"iterations">> => <<"2">>,
+                    <<"mac_fun">> => <<"sha">>
                 }
             },
             result => {ok, #{is_superuser => false}}
@@ -409,8 +409,8 @@ user_seeds() ->
             key => <<"mqtt_user:bcrypt0">>,
             config_params => #{
                 % clientid variable & username credentials
-                cmd => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"cmd">> => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -429,8 +429,8 @@ user_seeds() ->
             key => <<"mqtt_user:bcrypt1">>,
             config_params => #{
                 % Bad key in cmd
-                cmd => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"cmd">> => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, not_authorized}
         },
@@ -449,8 +449,8 @@ user_seeds() ->
             },
             key => <<"mqtt_user:bcrypt2">>,
             config_params => #{
-                cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
-                password_hash_algorithm => #{name => <<"bcrypt">>}
+                <<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
+                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, bad_username_or_password}
         }

apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl

@@ -130,23 +130,23 @@ create_redis_auth_with_ssl_opts(SpecificSSLOpts) ->
 raw_redis_auth_config(SpecificSSLOpts) ->
     SSLOpts = maps:merge(
         emqx_authn_test_lib:client_ssl_cert_opts(),
-        #{enable => <<"true">>}
+        #{<<"enable">> => <<"true">>}
     ),
     #{
-        mechanism => <<"password_based">>,
-        password_hash_algorithm => #{
-            name => <<"plain">>,
-            salt_position => <<"suffix">>
+        <<"mechanism">> => <<"password_based">>,
+        <<"password_hash_algorithm">> => #{
+            <<"name">> => <<"plain">>,
+            <<"salt_position">> => <<"suffix">>
         },
-        enable => <<"true">>,
-
-        backend => <<"redis">>,
-        cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
-        database => <<"1">>,
-        password => <<"public">>,
-        server => redis_server(),
-        redis_type => <<"single">>,
-        ssl => maps:merge(SSLOpts, SpecificSSLOpts)
+        <<"enable">> => <<"true">>,
+
+        <<"backend">> => <<"redis">>,
+        <<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
+        <<"database">> => <<"1">>,
+        <<"password">> => <<"public">>,
+        <<"server">> => redis_server(),
+        <<"redis_type">> => <<"single">>,
+        <<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
     }.
 
 redis_server() ->

apps/emqx_authn/test/emqx_authn_test_lib.erl

@@ -62,7 +62,7 @@ delete_config(ID) ->
 client_ssl_cert_opts() ->
     Dir = code:lib_dir(emqx_authn, test),
     #{
-        keyfile => filename:join([Dir, "data/certs", "client.key"]),
-        certfile => filename:join([Dir, "data/certs", "client.crt"]),
-        cacertfile => filename:join([Dir, "data/certs", "ca.crt"])
+        <<"keyfile">> => filename:join([Dir, <<"data/certs">>, <<"client.key">>]),
+        <<"certfile">> => filename:join([Dir, <<"data/certs">>, <<"client.crt">>]),
+        <<"cacertfile">> => filename:join([Dir, <<"data/certs">>, <<"ca.crt">>])
     }.