fix: don't allow `rules` to be set from `/rule_engine`

apps/emqx_rule_engine/src/emqx_rule_api_schema.erl

@@ -56,7 +56,7 @@ roots() ->
     ].
 
 fields("rule_engine") ->
-    emqx_rule_engine_schema:fields("rule_engine");
+    emqx_rule_engine_schema:fields("rule_engine_api");
 fields("rule_creation") ->
     emqx_rule_engine_schema:fields("rules");
 fields("rule_info") ->

apps/emqx_rule_engine/src/emqx_rule_engine_api.erl

@@ -447,16 +447,20 @@ param_path_id() ->
 '/rule_engine'(get, _Params) ->
     {200, format_rule_engine_resp(emqx_conf:get([rule_engine]))};
 '/rule_engine'(put, #{body := Params}) ->
-    case emqx_conf:update([rule_engine], Params, #{override_to => cluster}) of
-        {ok, #{config := Config}} ->
-            {200, format_rule_engine_resp(Config)};
-        {error, Reason} ->
-            ?SLOG(error, #{
-                msg => "update_rule_engine_failed",
-                reason => Reason
-            }),
-            {400, #{code => 'BAD_REQUEST', message => ?ERR_BADARGS(Reason)}}
-    end.
+    ?CHECK_PARAMS(
+        Params,
+        rule_engine,
+        case emqx_conf:update([rule_engine], Params, #{override_to => cluster}) of
+            {ok, #{config := Config}} ->
+                {200, format_rule_engine_resp(Config)};
+            {error, Reason} ->
+                ?SLOG(error, #{
+                    msg => "update_rule_engine_failed",
+                    reason => Reason
+                }),
+                {400, #{code => 'BAD_REQUEST', message => ?ERR_BADARGS(Reason)}}
+        end
+    ).
 
 %%------------------------------------------------------------------------------
 %% Internal functions
@@ -507,22 +511,29 @@ format_rule_info_resp(#{
 format_rule_engine_resp(#{rules := Rules} = Config) ->
     Config#{rules => maps:map(fun format_rule_resp/2, Rules)}.
 
-format_rule_resp(_Id, #{
-    name := Name,
-    metadata := MetaData = #{created_at := CreatedAt},
-    actions := Action,
-    sql := SQL,
-    enable := Enable,
-    description := Descr
-}) ->
+format_rule_resp(
+    _Id,
     #{
+        name := Name,
+        actions := Action,
+        sql := SQL,
+        enable := Enable,
+        description := Descr
+    } = Rule
+) ->
+    Format = #{
         name => Name,
         actions => format_action(Action),
         sql => SQL,
         enable => Enable,
-        metadata => MetaData#{created_at => format_datetime(CreatedAt, millisecond)},
         description => Descr
-    }.
+    },
+    case Rule of
+        #{metadata := MetaData = #{created_at := CreatedAt}} ->
+            Format#{metadata => MetaData#{created_at => format_datetime(CreatedAt, millisecond)}};
+        _ ->
+            Format
+    end.
 
 format_datetime(Timestamp, Unit) ->
     list_to_binary(calendar:system_time_to_rfc3339(Timestamp, [{unit, Unit}])).

apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl

@@ -40,13 +40,17 @@ tags() ->
 roots() -> ["rule_engine"].
 
 fields("rule_engine") ->
+    fields("rule_engine_api") ++
+        [
+            {rules,
+                ?HOCON(hoconsc:map("id", ?R_REF("rules")), #{
+                    desc => ?DESC("rule_engine_rules"), default => #{}
+                })}
+        ];
+fields("rule_engine_api") ->
     [
         {ignore_sys_message,
             ?HOCON(boolean(), #{default => true, desc => ?DESC("rule_engine_ignore_sys_message")})},
-        {rules,
-            ?HOCON(hoconsc:map("id", ?R_REF("rules")), #{
-                desc => ?DESC("rule_engine_rules"), default => #{}
-            })},
         {jq_function_default_timeout,
             ?HOCON(
                 emqx_schema:duration_ms(),

apps/emqx_rule_engine/test/emqx_rule_engine_api_SUITE.erl

@@ -285,12 +285,17 @@ test_rule_params(Sql, Payload) ->
 t_rule_engine(_) ->
     {200, _} = emqx_rule_engine_api:'/rule_engine'(get, foo),
     {200, #{
-        jq_function_default_timeout := 12000,
-        jq_implementation_module := jq_port
+        %,
+        jq_function_default_timeout := 12000
+        % hidden! jq_implementation_module := jq_port
     }} = emqx_rule_engine_api:'/rule_engine'(put, #{
         body => #{
             <<"jq_function_default_timeout">> => <<"12s">>,
             <<"jq_implementation_module">> => <<"jq_port">>
         }
     }),
+    SomeRule = #{<<"sql">> => <<"SELECT * FROM \"t/#\"">>},
+    {400, _} = emqx_rule_engine_api:'/rule_engine'(put, #{
+        body => #{<<"rules">> => #{<<"some_rule">> => SomeRule}}
+    }),
     {400, _} = emqx_rule_engine_api:'/rule_engine'(put, #{body => #{<<"something">> => <<"weird">>}}).