feat: hide zone/authn in listeners and remove /listeners/:id/authentication api

apps/emqx/src/emqx_listeners.erl

@@ -117,7 +117,7 @@ format_raw_listeners({Type0, Conf}) ->
             ({LName, LConf0}) when is_map(LConf0) ->
                 Bind = parse_bind(LConf0),
                 Running = is_running(Type, listener_id(Type, LName), LConf0#{bind => Bind}),
-                LConf1 = maps:remove(<<"authentication">>, LConf0),
+                LConf1 = maps:without([<<"authentication">>, <<"zone">>], LConf0),
                 LConf2 = maps:put(<<"running">>, Running, LConf1),
                 CurrConn =
                     case Running of

apps/emqx/src/emqx_schema.erl

@@ -209,7 +209,7 @@ roots(high) ->
                 map("name", ref("zone")),
                 #{
                     desc => ?DESC(zones),
-                    importance => ?IMPORTANCE_LOW
+                    importance => ?IMPORTANCE_HIDDEN
                 }
             )},
         {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(global)},
@@ -1794,7 +1794,8 @@ base_listener(Bind) ->
                 atom(),
                 #{
                     desc => ?DESC(base_listener_zone),
-                    default => 'default'
+                    default => 'default',
+                    importance => ?IMPORTANCE_HIDDEN
                 }
             )},
         {"limiter",
@@ -3409,7 +3410,7 @@ mqtt_general() ->
             )},
         {"server_keepalive",
             sc(
-                hoconsc:union([integer(), disabled]),
+                hoconsc:union([pos_integer(), disabled]),
                 #{
                     default => disabled,
                     desc => ?DESC(mqtt_server_keepalive)
@@ -3481,7 +3482,7 @@ mqtt_session() ->
             )},
         {"max_awaiting_rel",
             sc(
-                hoconsc:union([integer(), infinity]),
+                hoconsc:union([non_neg_integer(), infinity]),
                 #{
                     default => 100,
                     desc => ?DESC(mqtt_max_awaiting_rel),

apps/emqx_authn/src/emqx_authn_api.erl

@@ -103,14 +103,15 @@ paths() ->
         "/authentication/:id/status",
         "/authentication/:id/position/:position",
         "/authentication/:id/users",
-        "/authentication/:id/users/:user_id",
-
-        "/listeners/:listener_id/authentication",
-        "/listeners/:listener_id/authentication/:id",
-        "/listeners/:listener_id/authentication/:id/status",
-        "/listeners/:listener_id/authentication/:id/position/:position",
-        "/listeners/:listener_id/authentication/:id/users",
-        "/listeners/:listener_id/authentication/:id/users/:user_id"
+        "/authentication/:id/users/:user_id"
+
+        %% hide listener authn api since 5.1.0
+        %% "/listeners/:listener_id/authentication",
+        %% "/listeners/:listener_id/authentication/:id",
+        %% "/listeners/:listener_id/authentication/:id/status",
+        %% "/listeners/:listener_id/authentication/:id/position/:position",
+        %% "/listeners/:listener_id/authentication/:id/users",
+        %% "/listeners/:listener_id/authentication/:id/users/:user_id"
     ].
 
 roots() ->

apps/emqx_authn/src/emqx_authn_user_import_api.erl

@@ -48,8 +48,9 @@ api_spec() ->
 
 paths() ->
     [
-        "/authentication/:id/import_users",
-        "/listeners/:listener_id/authentication/:id/import_users"
+        "/authentication/:id/import_users"
+        %% hide the deprecated api since 5.1.0
+        %% "/listeners/:listener_id/authentication/:id/import_users"
     ].
 
 schema("/authentication/:id/import_users") ->

apps/emqx_authn/test/emqx_authn_api_SUITE.erl

@@ -120,23 +120,23 @@ t_authenticator_position(_) ->
 t_authenticator_import_users(_) ->
     test_authenticator_import_users([]).
 
-t_listener_authenticators(_) ->
-    test_authenticators(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticators(_) ->
+%    test_authenticators(["listeners", ?TCP_DEFAULT]).
 
-t_listener_authenticator(_) ->
-    test_authenticator(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticator(_) ->
+%    test_authenticator(["listeners", ?TCP_DEFAULT]).
 
-t_listener_authenticator_users(_) ->
-    test_authenticator_users(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticator_users(_) ->
+%    test_authenticator_users(["listeners", ?TCP_DEFAULT]).
 
-t_listener_authenticator_user(_) ->
-    test_authenticator_user(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticator_user(_) ->
+%    test_authenticator_user(["listeners", ?TCP_DEFAULT]).
 
-t_listener_authenticator_position(_) ->
-    test_authenticator_position(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticator_position(_) ->
+%    test_authenticator_position(["listeners", ?TCP_DEFAULT]).
 
-t_listener_authenticator_import_users(_) ->
-    test_authenticator_import_users(["listeners", ?TCP_DEFAULT]).
+%t_listener_authenticator_import_users(_) ->
+%    test_authenticator_import_users(["listeners", ?TCP_DEFAULT]).
 
 t_aggregate_metrics(_) ->
     Metrics = #{
@@ -683,7 +683,9 @@ test_authenticator_import_users(PathPrefix) ->
         {filename, "user-credentials.csv", CSVData}
     ]).
 
-t_switch_to_global_chain(_) ->
+%% listener authn api is not supported since 5.1.0
+%% Don't support listener switch to global chain.
+ignore_switch_to_global_chain(_) ->
     {ok, 200, _} = request(
         post,
         uri([?CONF_NS]),

apps/emqx_management/src/emqx_mgmt_api_configs.erl

@@ -43,9 +43,8 @@
     <<"alarm">>,
     <<"sys_topics">>,
     <<"sysmon">>,
-    <<"log">>,
-    <<"persistent_session_store">>,
-    <<"zones">>
+    <<"log">>
+    %% <<"zones">>
 ]).
 
 api_spec() ->

apps/emqx_management/src/emqx_mgmt_api_listeners.erl

@@ -825,8 +825,7 @@ tcp_schema_example() ->
             send_timeout => <<"15s">>,
             send_timeout_close => true
         },
-        type => tcp,
-        zone => default
+        type => tcp
     }.
 
 create_listener(Body) ->

apps/emqx_management/test/emqx_mgmt_api_configs_SUITE.erl

@@ -199,18 +199,19 @@ get_global_zone() ->
 update_global_zone(Change) ->
     update_config("global_zone", Change).
 
-t_zones(_Config) ->
-    {ok, Zones} = get_config("zones"),
-    {ok, #{<<"mqtt">> := OldMqtt} = Zone1} = get_global_zone(),
-    Mqtt1 = maps:remove(<<"max_subscriptions">>, OldMqtt),
-    {ok, #{}} = update_config("zones", Zones#{<<"new_zone">> => Zone1#{<<"mqtt">> => Mqtt1}}),
-    NewMqtt = emqx_config:get_raw([zones, new_zone, mqtt]),
-    %% we remove max_subscription from global zone, so the new zone should not have it.
-    ?assertEqual(Mqtt1, NewMqtt),
-    %% delete the new zones
-    {ok, #{}} = update_config("zones", Zones),
-    ?assertEqual(undefined, emqx_config:get_raw([zones, new_zone], undefined)),
-    ok.
+%% hide /configs/zones api in 5.1.0, so we comment this test.
+%t_zones(_Config) ->
+%    {ok, Zones} = get_config("zones"),
+%    {ok, #{<<"mqtt">> := OldMqtt} = Zone1} = get_global_zone(),
+%    Mqtt1 = maps:remove(<<"max_subscriptions">>, OldMqtt),
+%    {ok, #{}} = update_config("zones", Zones#{<<"new_zone">> => Zone1#{<<"mqtt">> => Mqtt1}}),
+%     NewMqtt = emqx_config:get_raw([zones, new_zone, mqtt]),
+%    %% we remove max_subscription from global zone, so the new zone should not have it.
+%    ?assertEqual(Mqtt1, NewMqtt),
+%    %% delete the new zones
+%    {ok, #{}} = update_config("zones", Zones),
+%    ?assertEqual(undefined, emqx_config:get_raw([zones, new_zone], undefined)),
+%    ok.
 
 t_dashboard(_Config) ->
     {ok, Dashboard = #{<<"listeners">> := Listeners}} = get_config("dashboard"),