Merge branch 'dev/v5.0' of private:emqx/emqx into merge430

.ci/fvt_tests/docker-compose.yaml

@@ -8,7 +8,7 @@ services:
     - "EMQX_NAME=emqx"
     - "EMQX_HOST=node1.emqx.io"
     - "EMQX_CLUSTER__DISCOVERY=static"
-    - "EMQX_CLUSTER__STATIC__SEEDS=emqx@node1.emqx.io, emqx@node2.emqx.io"
+    - "EMQX_CLUSTER__STATIC__SEEDS=\"emqx@node1.emqx.io, emqx@node2.emqx.io\""
     - "EMQX_ZONE__EXTERNAL__RETRY_INTERVAL=2s"
     - "EMQX_MQTT__MAX_TOPIC_ALIAS=10"
     command:
@@ -35,7 +35,7 @@ services:
     - "EMQX_NAME=emqx"
     - "EMQX_HOST=node2.emqx.io"
     - "EMQX_CLUSTER__DISCOVERY=static"
-    - "EMQX_CLUSTER__STATIC__SEEDS=emqx@node1.emqx.io, emqx@node2.emqx.io"
+    - "EMQX_CLUSTER__STATIC__SEEDS=\"emqx@node1.emqx.io, emqx@node2.emqx.io\""
     - "EMQX_ZONE__EXTERNAL__RETRY_INTERVAL=2s"
     - "EMQX_MQTT__MAX_TOPIC_ALIAS=10"
     command:

.github/workflows/run_cts_tests.yaml

@@ -37,12 +37,12 @@ jobs:
         if: matrix.network_type == 'ipv4'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap)
-          sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = $server_address|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+          sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = \"$server_address\"|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
       - name: setup
         if: matrix.network_type == 'ipv6'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' ldap)
-          sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = $server_address|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+          sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = \"$server_address\"|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
       - name: run test cases
         run: |
           docker exec -i erlang sh -c "make ensure-rebar3"
@@ -78,10 +78,10 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           docker-compose -f .ci/compatibility_tests/docker-compose-mongo-tls.yaml up -d
-          sed -i 's|^[#[:space:]]*auth.mongo.ssl[[:space:]]*=.*|auth.mongo.ssl = on|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          sed -i 's|^[#[:space:]]*auth.mongo.cacertfile[[:space:]]*=.*|auth.mongo.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          sed -i 's|^[#[:space:]]*auth.mongo.certfile[[:space:]]*=.*|auth.mongo.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          sed -i 's|^[#[:space:]]*auth.mongo.keyfile[[:space:]]*=.*|auth.mongo.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i 's|^[#[:space:]]*auth.mongo.ssl[[:space:]]*=.*|auth.mongo.ssl.enable = on|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i 's|^[#[:space:]]*auth.mongo.cacertfile[[:space:]]*=.*|auth.mongo.cacertfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i 's|^[#[:space:]]*auth.mongo.certfile[[:space:]]*=.*|auth.mongo.certfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i 's|^[#[:space:]]*auth.mongo.keyfile[[:space:]]*=.*|auth.mongo.keyfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
       - name: setup
         env:
           MONGO_TAG: ${{ matrix.mongo_tag }}
@@ -91,12 +91,12 @@ jobs:
         if: matrix.network_type == 'ipv4'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongo)
-          sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = $server_address:27017|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = \"$server_address:27017\"|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
       - name: setup
         if: matrix.network_type == 'ipv6'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mongo)
-          sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = $server_address:27017|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = \"$server_address:27017\"|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
       - name: run test cases
         run: |
           docker exec -i erlang sh -c "make ensure-rebar3"
@@ -132,7 +132,7 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           docker-compose -f .ci/compatibility_tests/docker-compose-mysql-tls.yaml up -d
-          sed -i 's|^[#[:space:]]*auth.mysql.ssl[[:space:]]*=.*|auth.mysql.ssl = on|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          sed -i 's|^[#[:space:]]*auth.mysql.ssl[[:space:]]*=.*|auth.mysql.ssl.enable = on|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
           sed -i 's|^[#[:space:]]*auth.mysql.ssl.cacertfile[[:space:]]*=.*|auth.mysql.ssl.cacertfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
           sed -i 's|^[#[:space:]]*auth.mysql.ssl.certfile[[:space:]]*=.*|auth.mysql.ssl.certfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
           sed -i 's|^[#[:space:]]*auth.mysql.ssl.keyfile[[:space:]]*=.*|auth.mysql.ssl.keyfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
@@ -145,12 +145,12 @@ jobs:
         if: matrix.network_type == 'ipv4'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql)
-          sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          sed -i "/auth.mysql.server/c auth.mysql.server = \"$server_address:3306\"" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
       - name: setup
         if: matrix.network_type == 'ipv6'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mysql)
-          sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          sed -i "/auth.mysql.server/c auth.mysql.server = \"$server_address:3306\"" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
       - name: setup
         run: |
           sed -i 's|^[#[:space:]]*auth.mysql.username[[:space:]]*=.*|auth.mysql.username = root|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
@@ -195,15 +195,15 @@ jobs:
           docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache
           docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
           if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then
-              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = "tlsv1.3,tlsv1.2"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           else
-              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = "tlsv1.2,tlsv1.1"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           fi
 
           sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
-          sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i 's|^[#[:space:]]*auth.pgsql.ssl.enable[ \t]*=.*|auth.pgsql.ssl.enable = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
       - name: setup
         env:
@@ -218,12 +218,12 @@ jobs:
         if: matrix.network_type == 'ipv4'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql)
-          sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = $server_address:5432|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = \"$server_address:5432\"|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
       - name: setup
         if: matrix.network_type == 'ipv6'
         run: |
           server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' pgsql)
-          sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = $server_address:5432|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = \"$server_address:5432\"|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
       - name: run test cases
         run: |
           docker exec -i erlang sh -c "make ensure-rebar3"
@@ -263,10 +263,10 @@ jobs:
         run: |
           set -exu
           docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}-tls.yaml up -d
-          sed -i 's|^[#[:space:]]*auth.redis.ssl[[:space:]]*=.*|auth.redis.ssl = on|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          sed -i 's|^[#[:space:]]*auth.redis.ssl.cacertfile[[:space:]]*=.*|auth.redis.ssl.cacertfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          sed -i 's|^[#[:space:]]*auth.redis.ssl.certfile[[:space:]]*=.*|auth.redis.ssl.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          sed -i 's|^[#[:space:]]*auth.redis.ssl.keyfile[[:space:]]*=.*|auth.redis.ssl.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i 's|^[#[:space:]]*auth.redis.ssl.enable[[:space:]]*=.*|auth.redis.ssl.enable = on|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i 's|^[#[:space:]]*auth.redis.ssl.cacertfile[[:space:]]*=.*|auth.redis.ssl.cacertfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i 's|^[#[:space:]]*auth.redis.ssl.certfile[[:space:]]*=.*|auth.redis.ssl.certfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i 's|^[#[:space:]]*auth.redis.ssl.keyfile[[:space:]]*=.*|auth.redis.ssl.keyfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: setup
         env:
           REDIS_TAG: ${{ matrix.redis_tag }}
@@ -284,24 +284,24 @@ jobs:
         if: matrix.node_type == 'single' && matrix.connect_type == 'tcp'
         run: |
           set -exu
-          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6379|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:6379\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: setup
         if: matrix.node_type == 'single' && matrix.connect_type == 'tls' && matrix.redis_tag != '5'
         run: |
           set -exu
-          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6380|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:6380\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: setup
         if: matrix.node_type == 'cluster' && matrix.connect_type == 'tcp'
         run: |
           set -exu
           sed -i 's|^[#[:space:]]*auth.redis.type[[:space:]]*=.*|auth.redis.type = cluster|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:7000, ${redis_${{ matrix.network_type }}_address}:7001, ${redis_${{ matrix.network_type }}_address}:7002|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:7000, ${redis_${{ matrix.network_type }}_address}:7001, ${redis_${{ matrix.network_type }}_address}:7002\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: setup
         if: matrix.node_type == 'cluster' && matrix.connect_type == 'tls' && matrix.redis_tag != '5'
         run: |
           set -exu
           sed -i 's|^[#[:space:]]*auth.redis.type[[:space:]]*=.*|auth.redis.type = cluster|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:8000, ${redis_${{ matrix.network_type }}_address}:8001, ${redis_${{ matrix.network_type }}_address}:8002|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:8000, ${redis_${{ matrix.network_type }}_address}:8001, ${redis_${{ matrix.network_type }}_address}:8002\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: run test cases
         if: matrix.connect_type == 'tcp' || (matrix.connect_type == 'tls' && matrix.redis_tag != '5')
         run: |

.github/workflows/run_test_cases.yaml

@@ -30,16 +30,16 @@ jobs:
             docker-compose -f .ci/apps_tests/docker-compose.yaml up -d
         - name: set config files
           run: |
-            sed -i 's|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = ldap_server|g' apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
-            sed -i 's|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = mongo_server:27017|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-            sed -i 's|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = redis_server:6379|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+            sed -i 's|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = "ldap_server"|g' apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+            sed -i 's|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = "mongo_server:27017"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+            sed -i 's|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = "redis_server:6379"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf
 
-            sed -i 's|^[#[:space:]]*auth.mysql.server[[:space:]]*=.*|auth.mysql.server = mysql_server:3306|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+            sed -i 's|^[#[:space:]]*auth.mysql.server[[:space:]]*=.*|auth.mysql.server = "mysql_server:3306"|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
             sed -i 's|^[#[:space:]]*auth.mysql.username[[:space:]]*=.*|auth.mysql.username = root|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
             sed -i 's|^[#[:space:]]*auth.mysql.password[[:space:]]*=.*|auth.mysql.password = public|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
             sed -i 's|^[#[:space:]]*auth.mysql.database[[:space:]]*=.*|auth.mysql.database = mqtt|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
 
-            sed -i 's|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = pgsql_server:5432|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+            sed -i 's|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = "pgsql_server:5432"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
             sed -i 's|^[#[:space:]]*auth.pgsql.username[[:space:]]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
             sed -i 's|^[#[:space:]]*auth.pgsql.password[[:space:]]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
             sed -i 's|^[#[:space:]]*auth.pgsql.database[[:space:]]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf

apps/emqx_auth_http/etc/emqx_auth_http.conf

@@ -7,7 +7,7 @@
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:80/mqtt/auth, https://[::1]:80/mqtt/auth
-auth.http.auth_req.url = http://127.0.0.1:80/mqtt/auth
+auth.http.auth_req.url = "http://127.0.0.1:80/mqtt/auth"
 
 ## HTTP Request Method for Auth Request
 ##
@@ -18,7 +18,7 @@ auth.http.auth_req.method = post
 ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
 ## 
 ## Examples: auth.http.auth_req.headers.accept = */*
-auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
+auth.http.auth_req.headers.content-type = "application/x-www-form-urlencoded"
 
 ## Parameters used to construct the request body or query string parameters
 ## When the request method is GET, these parameters will be converted into query string parameters
@@ -35,14 +35,14 @@ auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
 ##  - %d: subject of client TLS cert
 ##
 ## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.auth_req.params = clientid=%c,username=%u,password=%P
+auth.http.auth_req.params = "clientid=%c,username=%u,password=%P"
 
 ## HTTP URL API path for SuperUser Request
 ##
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:80/mqtt/superuser, https://[::1]:80/mqtt/superuser
-auth.http.super_req.url = http://127.0.0.1:80/mqtt/superuser
+auth.http.super_req.url = "http://127.0.0.1:80/mqtt/superuser"
 
 ## HTTP Request Method for SuperUser Request
 ##
@@ -53,7 +53,7 @@ auth.http.super_req.method = post
 ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
 ##
 ## Examples: auth.http.super_req.headers.accept = */*
-auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
+auth.http.super_req.headers.content-type = "application/x-www-form-urlencoded"
 
 ## Parameters used to construct the request body or query string parameters
 ## When the request method is GET, these parameters will be converted into query string parameters
@@ -70,14 +70,14 @@ auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
 ##  - %d: subject of client TLS cert
 ##
 ## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.super_req.params = clientid=%c,username=%u
+auth.http.super_req.params = "clientid=%c,username=%u"
 
 ## HTTP URL API path for ACL Request
 ##
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:80/mqtt/acl, https://[::1]:80/mqtt/acl
-auth.http.acl_req.url = http://127.0.0.1:80/mqtt/acl
+auth.http.acl_req.url = "http://127.0.0.1:80/mqtt/acl"
 
 ## HTTP Request Method for ACL Request
 ##
@@ -88,7 +88,7 @@ auth.http.acl_req.method = post
 ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
 ##
 ## Examples: auth.http.acl_req.headers.accept = */*
-auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded
+auth.http.acl_req.headers.content-type = "application/x-www-form-urlencoded"
 
 ## Parameters used to construct the request body or query string parameters
 ## When the request method is GET, these parameters will be converted into query string parameters
@@ -105,7 +105,7 @@ auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded
 ##  - %d: subject of client TLS cert
 ##
 ## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
+auth.http.acl_req.params = "access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m"
 
 ## Time-out time for the request.
 ##
@@ -140,14 +140,14 @@ auth.http.pool_size = 32
 ## are used during server authentication and when building the client certificate chain.
 ##
 ## Value: File
-## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
+## auth.http.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
 
 ## The path to a file containing the client's certificate.
 ##
 ## Value: File
-## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
+## auth.http.ssl.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
 
 ## Path to a file containing the client's private PEM-encoded key.
 ##
 ## Value: File
-## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
+## auth.http.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"

apps/emqx_auth_http/rebar.config

@@ -21,7 +21,7 @@
 {profiles,
  [{test,
    [{deps,
-     [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
+     [
       {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "v1.2.2"}}}
      ]}
    ]}

apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf

@@ -10,13 +10,13 @@ auth.jwt.secret = emqxsecret
 ## RSA or ECDSA public key file.
 ##
 ## Value: File
-#auth.jwt.pubkey = etc/certs/jwt_public_key.pem
+#auth.jwt.pubkey = "etc/certs/jwt_public_key.pem"
 
 ## The JWKs server address
 ##
 ## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
 ##
-#auth.jwt.jwks = https://127.0.0.1:8080/jwks
+#auth.jwt.jwks.endpoint = "https://127.0.0.1:8080/jwks"
 
 ## The JWKs refresh interval
 ##
@@ -32,7 +32,7 @@ auth.jwt.from = password
 ## Enable to verify claims fields
 ##
 ## Value: on | off
-auth.jwt.verify_claims = off
+auth.jwt.verify_claims.enable = off
 
 ## The checklist of claims to validate
 ##
@@ -42,4 +42,4 @@ auth.jwt.verify_claims = off
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
-#auth.jwt.verify_claims.username = %u
+#auth.jwt.verify_claims.username = "%u"

apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema

@@ -4,7 +4,7 @@
   {datatype, string}
 ]}.
 
-{mapping, "auth.jwt.jwks", "emqx_auth_jwt.jwks", [
+{mapping, "auth.jwt.jwks.endpoint", "emqx_auth_jwt.jwks", [
   {datatype, string}
 ]}.
 
@@ -26,7 +26,7 @@
   {datatype, {enum, [raw, der]}}
 ]}.
 
-{mapping, "auth.jwt.verify_claims", "emqx_auth_jwt.verify_claims", [
+{mapping, "auth.jwt.verify_claims.enable", "emqx_auth_jwt.verify_claims", [
   {default, off},
   {datatype, flag}
 ]}.
@@ -36,7 +36,7 @@
 ]}.
 
 {translation, "emqx_auth_jwt.verify_claims", fun(Conf) ->
-    case cuttlefish:conf_get("auth.jwt.verify_claims", Conf) of
+    case cuttlefish:conf_get("auth.jwt.verify_claims.enable", Conf) of
         false -> cuttlefish:unset();
         true ->
             lists:foldr(

apps/emqx_auth_jwt/rebar.config

@@ -20,6 +20,6 @@
 
 {profiles,
  [{test,
-   [{deps, [{emqx_ct_helpers, {git, "http://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]}
+   [{deps, []}
    ]}
  ]}.

apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf

@@ -5,7 +5,7 @@
 ## LDAP server list, seperated by ','.
 ##
 ## Value: String
-auth.ldap.servers = 127.0.0.1
+auth.ldap.servers = "127.0.0.1"
 
 ## LDAP server port.
 ##
@@ -20,7 +20,7 @@ auth.ldap.pool = 8
 ## LDAP Bind DN.
 ##
 ## Value: DN
-auth.ldap.bind_dn = cn=root,dc=emqx,dc=io
+auth.ldap.bind_dn = "cn=root,dc=emqx,dc=io"
 
 ## LDAP Bind Password.
 ##
@@ -37,7 +37,7 @@ auth.ldap.timeout = 30s
 ## Variables:
 ##
 ## Value: DN
-auth.ldap.device_dn = ou=device,dc=emqx,dc=io
+auth.ldap.device_dn = "ou=device,dc=emqx,dc=io"
 
 ## Specified ObjectClass
 ##
@@ -63,15 +63,15 @@ auth.ldap.password.attributetype = userPassword
 ## Whether to enable SSL.
 ##
 ## Value: true | false
-auth.ldap.ssl = false
+auth.ldap.ssl.enable = false
 
-#auth.ldap.ssl.certfile = etc/certs/cert.pem
+#auth.ldap.ssl.certfile = "etc/certs/cert.pem"
 
-#auth.ldap.ssl.keyfile = etc/certs/key.pem
+#auth.ldap.ssl.keyfile = "etc/certs/key.pem"
 
-#auth.ldap.ssl.cacertfile = etc/certs/cacert.pem
+#auth.ldap.ssl.cacertfile = "etc/certs/cacert.pem"
 
-#auth.ldap.ssl.verify = verify_peer
+#auth.ldap.ssl.verify = "verify_peer"
 
 #auth.ldap.ssl.fail_if_no_peer_cert = true
 

apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema

@@ -31,7 +31,7 @@
   {datatype, {duration, ms}}
 ]}.
 
-{mapping, "auth.ldap.ssl", "emqx_auth_ldap.ldap", [
+{mapping, "auth.ldap.ssl.enable", "emqx_auth_ldap.ldap", [
   {default, false},
   {datatype, {enum, [true, false]}}
 ]}.
@@ -85,7 +85,7 @@
             {bind_password, BindPassword},
             {pool, Pool},
             {auto_reconnect, 2}],
-    case cuttlefish:conf_get("auth.ldap.ssl", Conf) of
+    case cuttlefish:conf_get("auth.ldap.ssl.enable", Conf) of
         true  -> [{ssl, true}, {sslopts, Filter(SslOpts())}|Opts];
         false -> [{ssl, false}|Opts]
     end

apps/emqx_auth_ldap/rebar.config

@@ -4,7 +4,7 @@
 
 {profiles,
  [{test,
-   [{deps, [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]}
+   [{deps, []}
    ]}
  ]}.
 

apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf

@@ -10,12 +10,12 @@ auth.mnesia.password_hash = sha256
 ## Examples
 ##auth.client.1.clientid = id
 ##auth.client.1.password = passwd
-##auth.client.2.clientid = dev:devid
+##auth.client.2.clientid = "dev:devid"
 ##auth.client.2.password = passwd2
-##auth.client.3.clientid = app:appid
+##auth.client.3.clientid = "app:appid"
 ##auth.client.3.password = passwd3
-##auth.client.4.clientid = client~!@#$%^&*()_+
-##auth.client.4.password = passwd~!@#$%^&*()_+
+##auth.client.4.clientid = "client~!@#$%^&*()_+"
+##auth.client.4.password = "passwd~!@#$%^&*()_+"
 
 ##--------------------------------------------------------------------
 ## Username Authentication
@@ -26,5 +26,5 @@ auth.mnesia.password_hash = sha256
 ##auth.user.1.password = public
 ##auth.user.2.username = feng@emqtt.io
 ##auth.user.2.password = public
-##auth.user.3.username = name~!@#$%^&*()_+
-##auth.user.3.password = pwsswd~!@#$%^&*()_+
+##auth.user.3.username = "name~!@#$%^&*()_+"
+##auth.user.3.password = "pwsswd~!@#$%^&*()_+"

apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf

@@ -17,7 +17,7 @@ auth.mongo.type = single
 ## Value: String
 ##
 ## Examples: 127.0.0.1:27017,127.0.0.2:27017...
-auth.mongo.server = 127.0.0.1:27017
+auth.mongo.server = "127.0.0.1:27017"
 
 ## MongoDB pool size
 ##
@@ -102,17 +102,17 @@ auth.mongo.topology.max_overflow = 0
 auth.mongo.auth_query.password_hash = sha256
 
 ## sha256 with salt suffix
-## auth.mongo.auth_query.password_hash = sha256,salt
+## auth.mongo.auth_query.password_hash = "sha256,salt"
 
 ## sha256 with salt prefix
-## auth.mongo.auth_query.password_hash = salt,sha256
+## auth.mongo.auth_query.password_hash = "salt,sha256"
 
 ## bcrypt with salt prefix
-## auth.mongo.auth_query.password_hash = salt,bcrypt
+## auth.mongo.auth_query.password_hash = "salt,bcrypt"
 
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
+## auth.mongo.auth_query.password_hash = "pbkdf2,sha256,1000,20"
 
 ## Authentication query.
 auth.mongo.auth_query.collection = mqtt_user
@@ -131,15 +131,15 @@ auth.mongo.auth_query.password_field = password
 ##  - %d: subject of client TLS cert
 ##
 ## auth.mongo.auth_query.selector = {Field}={Placeholder}
-auth.mongo.auth_query.selector = username=%u
+auth.mongo.auth_query.selector = "username=%u"
 
 ## -------------------------------------------------
 ## Super User Query
 ## -------------------------------------------------
 auth.mongo.super_query.collection = mqtt_user
 auth.mongo.super_query.super_field = is_superuser
-#auth.mongo.super_query.selector = username=%u, clientid=%c
-auth.mongo.super_query.selector = username=%u
+#auth.mongo.super_query.selector.1 = username=%u, clientid=%c
+auth.mongo.super_query.selector = "username=%u"
 
 ## ACL Selector.
 ##
@@ -150,8 +150,8 @@ auth.mongo.super_query.selector = username=%u
 ##
 ## With following 2 selectors configured:
 ##
-## auth.mongo.acl_query.selector.1 = username=%u
-## auth.mongo.acl_query.selector.2 = username=$all
+## auth.mongo.acl_query.selector.1 = "username=%u"
+## auth.mongo.acl_query.selector.2 = "username=$all"
 ##
 ## And if a client connected using username 'ilyas',
 ##   then the following mongo command will be used to
@@ -165,8 +165,8 @@ auth.mongo.super_query.selector = username=%u
 ##
 ## Examples:
 ##
-## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c
-## auth.mongo.acl_query.selector.2 = username=$all
-## auth.mongo.acl_query.selector.3 = clientid=$all
+## auth.mongo.acl_query.selector.1 = "username=%u,clientid=%c"
+## auth.mongo.acl_query.selector.2 = "username=$all"
+## auth.mongo.acl_query.selector.3 = "clientid=$all"
 auth.mongo.acl_query.collection = mqtt_acl
-auth.mongo.acl_query.selector = username=%u
+auth.mongo.acl_query.selector = "username=%u"

apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema

@@ -45,7 +45,7 @@
   {datatype, string}
 ]}.
 
-{mapping, "auth.mongo.ssl", "emqx_auth_mongo.server", [
+{mapping, "auth.mongo.ssl.enable", "emqx_auth_mongo.server", [
   {default, off},
   {datatype, {enum, [on, off, true, false]}} %% FIXME: ture/false is compatible with 4.0-4.2 version format, plan to delete in 5.0
 ]}.
@@ -121,7 +121,6 @@
     true -> [];
     false -> [{r_mode, R}]
   end,
-
   Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
   SslOpts = fun(Prefix) ->
                 Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
@@ -130,8 +129,14 @@
             end,
 
   %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.mongo.ssl", Conf) of
-          on -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}];
+  GenSsl = case cuttlefish:conf_get("auth.mongo.ssl.cacertfile", Conf, undefined) of
+               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
+               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}]
+           end,
+
+  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
+  Ssl = case cuttlefish:conf_get("auth.mongo.ssl.enable", Conf) of
+          on -> GenSsl;
           off -> [];
           true -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
           false -> []

apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf

@@ -7,7 +7,7 @@
 ## Value: Port | IP:Port
 ##
 ## Examples: 3306, 127.0.0.1:3306, localhost:3306
-auth.mysql.server = 127.0.0.1:3306
+auth.mysql.server = "127.0.0.1:3306"
 
 ## MySQL pool size.
 ##
@@ -50,7 +50,7 @@ auth.mysql.database = mqtt
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
-auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
+auth.mysql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
 ## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
 
 ## Password hash.
@@ -59,17 +59,17 @@ auth.mysql.auth_query = select password from mqtt_user where username = '%u' lim
 auth.mysql.password_hash = sha256
 
 ## sha256 with salt prefix
-## auth.mysql.password_hash = salt,sha256
+## auth.mysql.password_hash = "salt,sha256"
 
 ## bcrypt with salt only prefix
-## auth.mysql.password_hash = salt,bcrypt
+## auth.mysql.password_hash = "salt,bcrypt"
 
 ## sha256 with salt suffix
-## auth.mysql.password_hash = sha256,salt
+## auth.mysql.password_hash = "sha256,salt"
 
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mysql.password_hash = pbkdf2,sha256,1000,20
+## auth.mysql.password_hash = "pbkdf2,sha256,1000,20"
 
 ## Superuser query.
 ##
@@ -81,7 +81,7 @@ auth.mysql.password_hash = sha256
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
-auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
+auth.mysql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
 
 ## ACL query.
 ##
@@ -93,12 +93,12 @@ auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u
 ##  - %c: clientid
 ##
 ## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
+auth.mysql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
 
 ## Mysql ssl configuration.
 ##
 ## Value: on | off
-#auth.mysql.ssl = off
+## auth.mysql.ssl.enable = off
 
 ## CA certificate.
 ##

apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema

@@ -30,7 +30,7 @@
   {datatype, string}
 ]}.
 
-{mapping, "auth.mysql.ssl", "emqx_auth_mysql.server", [
+{mapping, "auth.mysql.ssl.enable", "emqx_auth_mysql.server", [
   {default, off},
   {datatype, flag}
 ]}.
@@ -85,7 +85,7 @@
              {keep_alive, true}],
   Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
   Options1 =
-      case cuttlefish:conf_get("auth.mysql.ssl", Conf) of
+      case cuttlefish:conf_get("auth.mysql.ssl.enable", Conf) of
             true ->
                 %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
                 CA = cuttlefish:conf_get(

apps/emqx_auth_pgsql/README.md

@@ -49,7 +49,7 @@ auth.pgsql.encoding = utf8
 ## Whether to enable SSL connection.
 ##
 ## Value: true | false
-auth.pgsql.ssl = false
+auth.pgsql.ssl.enable = false
 
 ## SSL keyfile.
 ##

apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf

@@ -6,8 +6,8 @@
 ##
 ## Value: Port | IP:Port
 ##
-## Examples: 5432, 127.0.0.1:5432, localhost:5432
-auth.pgsql.server = 127.0.0.1:5432
+## Examples: 5432, "127.0.0.1:5432", "localhost:5432"
+auth.pgsql.server = "127.0.0.1:5432"
 
 ## PostgreSQL pool size.
 ##
@@ -37,7 +37,7 @@ auth.pgsql.encoding = utf8
 ## Whether to enable SSL connection.
 ##
 ## Value: on | off
-auth.pgsql.ssl = off
+auth.pgsql.ssl.enable = off
 
 ## TLS version
 ## You can configure multi-version use "," split,
@@ -72,7 +72,7 @@ auth.pgsql.ssl = off
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
-auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
+auth.pgsql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
 
 ## Password hash.
 ##
@@ -80,17 +80,17 @@ auth.pgsql.auth_query = select password from mqtt_user where username = '%u' lim
 auth.pgsql.password_hash = sha256
 
 ## sha256 with salt prefix
-## auth.pgsql.password_hash = salt,sha256
+## auth.pgsql.password_hash = "salt,sha256"
 
 ## sha256 with salt suffix
-## auth.pgsql.password_hash = sha256,salt
+## auth.pgsql.password_hash = "sha256,salt"
 
 ## bcrypt with salt prefix
-## auth.pgsql.password_hash = salt,bcrypt
+## auth.pgsql.password_hash = "salt,bcrypt"
 
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
+## auth.pgsql.password_hash = "pbkdf2,sha256,1000,20"
 
 ## Superuser query.
 ##
@@ -102,7 +102,7 @@ auth.pgsql.password_hash = sha256
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
-auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
+auth.pgsql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
 
 ## ACL query. Comment this query, the ACL will be disabled.
 ##
@@ -114,4 +114,4 @@ auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u
 ##  - %c: clientid
 ##
 ## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
+auth.pgsql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"

apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema

@@ -30,7 +30,7 @@
   {datatype, atom}
 ]}.
 
-{mapping, "auth.pgsql.ssl", "emqx_auth_pgsql.server", [
+{mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [
   {default, off},
   {datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0
 ]}.
@@ -98,8 +98,14 @@
             end,
 
   %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.pgsql.ssl", Conf) of
-          on -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}];
+  GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of
+               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
+               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]
+           end,
+
+  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
+  Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of
+          on -> GenSsl;
           off -> [];
           true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
           false -> []

apps/emqx_auth_redis/etc/emqx_auth_redis.conf

@@ -12,9 +12,9 @@ auth.redis.type = single
 ## Value: Port | IP:Port
 ##
 ## Single Redis Server: 127.0.0.1:6379, localhost:6379
-## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
-## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
-auth.redis.server = 127.0.0.1:6379
+## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379"
+## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379"
+auth.redis.server = "127.0.0.1:6379"
 
 ## Redis sentinel cluster name.
 ##
@@ -52,10 +52,10 @@ auth.redis.database = 0
 ##  - %d: subject of client TLS cert
 ##
 ## Examples:
-##  - HGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password salt
-auth.redis.auth_cmd = HMGET mqtt_user:%u password
+##  - "HGET mqtt_user:%u password"
+##  - "HMGET mqtt_user:%u password"
+##  - "HMGET mqtt_user:%u password salt"
+auth.redis.auth_cmd = "HMGET mqtt_user:%u password"
 
 ## Password hash.
 ##
@@ -63,17 +63,17 @@ auth.redis.auth_cmd = HMGET mqtt_user:%u password
 auth.redis.password_hash = plain
 
 ## sha256 with salt prefix
-## auth.redis.password_hash = salt,sha256
+## auth.redis.password_hash = "salt,sha256"
 
 ## sha256 with salt suffix
-## auth.redis.password_hash = sha256,salt
+## auth.redis.password_hash = "sha256,salt"
 
 ## bcrypt with salt prefix
-## auth.redis.password_hash = salt,bcrypt
+## auth.redis.password_hash = "salt,bcrypt"
 
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.redis.password_hash = pbkdf2,sha256,1000,20
+## auth.redis.password_hash = "pbkdf2,sha256,1000,20"
 
 ## Superuser query command.
 ##
@@ -84,7 +84,7 @@ auth.redis.password_hash = plain
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
-auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
+auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser"
 
 ## ACL query command.
 ##
@@ -93,12 +93,12 @@ auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
-auth.redis.acl_cmd = HGETALL mqtt_acl:%u
+auth.redis.acl_cmd = "HGETALL mqtt_acl:%u"
 
 ## Redis ssl configuration.
 ##
 ## Value: on | off
-#auth.redis.ssl = off
+# auth.redis.ssl.enable = off
 
 ## CA certificate.
 ##
@@ -108,10 +108,10 @@ auth.redis.acl_cmd = HGETALL mqtt_acl:%u
 ## Client ssl certificate.
 ##
 ## Value: File
-#auth.redis.ssl.certfile = path/to/your/certfile
+# auth.redis.ssl.certfile = path/to/your/certfile
 
 ## Client ssl keyfile.
 ##
 ## Value: File
-#auth.redis.ssl.keyfile = path/to/your/keyfile
+# auth.redis.ssl.keyfile = path/to/your/keyfile
 

apps/emqx_auth_redis/priv/emqx_auth_redis.schema

@@ -33,7 +33,7 @@
   hidden
 ]}.
 
-{mapping, "auth.redis.ssl", "emqx_auth_redis.options", [
+{mapping, "auth.redis.ssl.enable", "emqx_auth_redis.options", [
   {default, off},
   {datatype, flag}
 ]}.
@@ -50,26 +50,8 @@
   {datatype, string}
 ]}.
 
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [
-  {default, ""},
-  {datatype, string}
-]}.
-
 {translation, "emqx_auth_redis.options", fun(Conf) ->
-   Ssl = cuttlefish:conf_get("auth.redis.ssl", Conf, false),
+   Ssl = cuttlefish:conf_get("auth.redis.ssl.enable", Conf, false),
    Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
    case Ssl of
        true ->

apps/emqx_coap/rebar.config

@@ -21,8 +21,6 @@
 {profiles,
  [{test,
    [{deps,
-     [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}},
-      {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}
-     ]}
+     [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}}]}
    ]}
  ]}.

apps/emqx_dashboard/priv/emqx_dashboard.schema

@@ -9,7 +9,7 @@
   {datatype, string}
 ]}.
 
-{mapping, "dashboard.listener.http", "emqx_dashboard.listeners", [
+{mapping, "dashboard.listener.http.port", "emqx_dashboard.listeners", [
   {datatype, integer}
 ]}.
 
@@ -37,7 +37,7 @@
   {datatype, {enum, [true, false]}}
 ]}.
 
-{mapping, "dashboard.listener.https", "emqx_dashboard.listeners", [
+{mapping, "dashboard.listener.https.port", "emqx_dashboard.listeners", [
   {datatype, integer}
 ]}.
 
@@ -138,7 +138,7 @@
     lists:map(
       fun(Proto) ->
         Prefix = "dashboard.listener." ++ atom_to_list(Proto),
-        case cuttlefish:conf_get(Prefix, Conf, undefined) of
+        case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of
             undefined -> [];
             Port      ->
                 [{Proto, Port, case Proto of

apps/emqx_exhook/etc/emqx_exhook.conf

@@ -8,8 +8,8 @@
 ## The gRPC server url
 ##
 ## exhook.server.$name.url = url()
-exhook.server.default.url = http://127.0.0.1:9000
+exhook.server.default.url = "http://127.0.0.1:9000"
 
-#exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
-#exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem
-#exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem
+#exhook.server.default.ssl.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
+#exhook.server.default.ssl.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+#exhook.server.default.ssl.keyfile = "{{ platform_etc_dir }}/certs/key.pem"

apps/emqx_exhook/rebar.config

@@ -41,7 +41,6 @@
 {profiles,
  [{test,
    [{deps,
-      [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.1"}}}
-      ]}
+      []}
     ]}
 ]}.

apps/emqx_exproto/priv/emqx_exproto.schema

@@ -44,7 +44,7 @@ end}.
 %%--------------------------------------------------------------------
 %% Listeners
 
-{mapping, "exproto.listener.$proto", "emqx_exproto.listeners", [
+{mapping, "exproto.listener.$proto.endpoint", "emqx_exproto.listeners", [
   {datatype, string}
 ]}.
 
@@ -340,7 +340,7 @@ end}.
     Listeners = fun(Proto) ->
                     Prefix = string:join(["exproto","listener", Proto], "."),
                     Opts = HandlerOpts(Prefix) ++ ConnOpts(Prefix) ++ LisOpts(Prefix),
-                    case cuttlefish:conf_get(Prefix, Conf, undefined) of
+                    case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
                         undefined -> [];
                         ListenOn0 ->
                             case ParseListenOn(ListenOn0) of
@@ -359,6 +359,6 @@ end}.
                             end
                     end
                 end,
-    lists:flatten([Listeners(Proto) || {[_, "listener", Proto], ListenOn}
+    lists:flatten([Listeners(Proto) || {[_, "listener", Proto, "endpoint"], ListenOn}
                                    <- cuttlefish_variable:filter_by_prefix("exproto.listener", Conf)])
 end}.

apps/emqx_exproto/rebar.config

@@ -44,7 +44,6 @@
 {profiles,
  [{test,
    [{deps,
-     [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.0"}}}
-     ]}
+     []}
    ]}
 ]}.

apps/emqx_lwm2m/rebar.config

@@ -5,7 +5,6 @@
 {profiles,
  [{test,
    [{deps, [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}},
-            {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
             {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.0"}}}
            ]}
    ]}

apps/emqx_management/priv/emqx_management.schema

@@ -21,7 +21,7 @@
   {datatype, string}
 ]}.
 
-{mapping, "management.listener.http", "emqx_management.listeners", [
+{mapping, "management.listener.http.port", "emqx_management.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -85,7 +85,7 @@
   {datatype, {enum, [true, false]}}
 ]}.
 
-{mapping, "management.listener.https", "emqx_management.listeners", [
+{mapping, "management.listener.https.port", "emqx_management.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -225,7 +225,7 @@ end}.
     lists:foldl(
       fun(Proto, Acc) ->
           Prefix = "management.listener." ++ atom_to_list(Proto),
-          case cuttlefish:conf_get(Prefix, Conf, undefined) of
+          case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of
               undefined -> Acc;
               Port ->
                   [{Proto, Port, TcpOpts(Prefix) ++ Opts(Prefix)

apps/emqx_prometheus/etc/emqx_prometheus.conf

@@ -5,7 +5,7 @@
 ## The Prometheus Push Gateway URL address
 ##
 ## Note: You can comment out this line to disable it
-prometheus.push.gateway.server = http://127.0.0.1:9091
+prometheus.push.gateway.server = "http://127.0.0.1:9091"
 
 ## The metrics data push interval (millisecond)
 ##

apps/emqx_psk_file/etc/emqx_psk_file.conf

@@ -1,2 +1,2 @@
-psk.file.path = {{ platform_etc_dir }}/psk.txt
-psk.file.delimiter = :
+psk.file.path = "{{ platform_etc_dir }}/psk.txt"
+psk.file.delimiter = ":"

apps/emqx_retainer/etc/emqx_retainer.conf

@@ -37,5 +37,5 @@ retainer.max_payload_size = 1MB
 ##  - 30m: 30 minutes
 ##  - 20s: 20 seconds
 ##
-## Defaut: 0
+## Default: 0
 retainer.expiry_interval = 0

apps/emqx_retainer/rebar.config

@@ -18,7 +18,7 @@
 {profiles,
  [{test,
    [{deps,
-     [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}},
+     [
       {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3"}}}]}
    ]}
  ]}.

apps/emqx_rule_engine/etc/emqx_rule_engine.conf

@@ -32,7 +32,7 @@ rule_engine.ignore_sys_message = on
 ##
 ## QoS-Level: qos0/qos1/qos2
 
-#rule_engine.events.client_connected = on, qos1
+#rule_engine.events.client_connected = "on, qos1"
 rule_engine.events.client_connected = off
 rule_engine.events.client_disconnected = off
 rule_engine.events.session_subscribed = off

apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl

@@ -2438,7 +2438,7 @@ start_apps() ->
     [start_apps(App, SchemaFile, ConfigFile) ||
         {App, SchemaFile, ConfigFile}
             <- [{emqx, deps_path(emqx, "priv/emqx.schema"),
-                       deps_path(emqx, "etc/emqx.conf")},
+                       deps_path(emqx, "etc/emqx.conf.rendered")},
                 {emqx_rule_engine, local_path("priv/emqx_rule_engine.schema"),
                                    local_path("etc/emqx_rule_engine.conf")}]].
 
@@ -2450,7 +2450,7 @@ start_apps(App, SchemaFile, ConfigFile) ->
 read_schema_configs(App, SchemaFile, ConfigFile) ->
     ct:pal("Read configs - SchemaFile: ~p, ConfigFile: ~p", [SchemaFile, ConfigFile]),
     Schema = cuttlefish_schema:files([SchemaFile]),
-    Conf = conf_parse:file(ConfigFile),
+    {ok, Conf} = hocon:load(ConfigFile, #{format => proplists}),
     NewConfig = cuttlefish_generator:map(Schema, Conf),
     Vals = proplists:get_value(App, NewConfig, []),
     [application:set_env(App, Par, Value) || {Par, Value} <- Vals].

apps/emqx_sn/etc/emqx_sn.conf

@@ -6,7 +6,7 @@
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 1884, 127.0.0.1:1884, ::1:1884
+## Examples: 1884, "127.0.0.1:1884", "::1:1884"
 mqtt.sn.port = 1884
 
 ## The duration that emqx-sn broadcast ADVERTISE message through.
@@ -37,8 +37,8 @@ mqtt.sn.idle_timeout = 30s
 ## The pre-defined topic name corresponding to the pre-defined topic id of N.
 ## Note that the pre-defined topic id of 0 is reserved.
 mqtt.sn.predefined.topic.0 = reserved
-mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
-mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice
+mqtt.sn.predefined.topic.1 = "/predefined/topic/name/hello"
+mqtt.sn.predefined.topic.2 = "/predefined/topic/name/nice"
 
 ## Default username for MQTT-SN. This parameter is optional. If specified,
 ## emq-sn will connect EMQ core with this username. It is useful if any auth

apps/emqx_sn/priv/emqx_sn.schema

@@ -1,23 +1,19 @@
 %%-*- mode: erlang -*-
 %% emqx_sn config mapping
 {mapping, "mqtt.sn.port", "emqx_sn.port", [
-  {default, "1884"},
-  {datatype, string}
+  {default, 1884},
+  {datatype, [integer, ip]}
 ]}.
 
 {translation, "emqx_sn.port", fun(Conf) ->
-  case re:split(cuttlefish:conf_get("mqtt.sn.port", Conf, ""), ":", [{return, list}]) of
-      [Port] ->
-          {{0,0,0,0}, list_to_integer(Port)};
-      Tokens ->
-          Port = lists:last(Tokens),
-          IP = case inet:parse_address(lists:flatten(lists:join(":", Tokens -- [Port]))) of
-                   {error, Reason} ->
-                       throw({invalid_ip_address, Reason});
-                   {ok, X} -> X
-               end,
-          Port1 = list_to_integer(Port),
-          {IP, Port1}
+  case cuttlefish:conf_get("mqtt.sn.port", Conf, undefined) of
+      Port when is_integer(Port) ->
+          {{0,0,0,0}, Port};
+      {Ip, Port} ->
+          case inet:parse_address(Ip) of
+              {ok ,R} -> {R, Port};
+              _ -> {Ip, Port}
+          end
   end
 end}.
 

apps/emqx_sn/rebar.config

@@ -2,8 +2,7 @@
 {plugins, [rebar3_proper]}.
 
 {deps,
- [{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}},
-  {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}
+ [{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}}
  ]}.
 
 {edoc_opts, [{preprocess, true}]}.

apps/emqx_stomp/priv/emqx_stomp.schema

@@ -1,7 +1,7 @@
 %%-*- mode: erlang -*-
 %% emqx_stomp config mapping
 
-{mapping, "stomp.listener", "emqx_stomp.listener", [
+{mapping, "stomp.listener.port", "emqx_stomp.listener", [
   {default, 61613},
   {datatype, [integer, ip]}
 ]}.
@@ -72,7 +72,7 @@
 ]}.
 
 {translation, "emqx_stomp.listener", fun(Conf) ->
-  Port = cuttlefish:conf_get("stomp.listener", Conf),
+  Port = cuttlefish:conf_get("stomp.listener.port", Conf),
   Acceptors = cuttlefish:conf_get("stomp.listener.acceptors", Conf),
   MaxConnections = cuttlefish:conf_get("stomp.listener.max_connections", Conf),
   Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,

apps/emqx_telemetry/etc/emqx_telemetry.conf

@@ -13,8 +13,8 @@ telemetry.enabled = true
 ##
 ## Value: String
 ##
-## Default: https://telemetry.emqx.io/api/telemetry
-telemetry.url = https://telemetry.emqx.io/api/telemetry
+## Default: "https://telemetry.emqx.io/api/telemetry"
+telemetry.url = "https://telemetry.emqx.io/api/telemetry"
 
 ## Interval for reporting telemetry data
 ##
@@ -25,4 +25,4 @@ telemetry.url = https://telemetry.emqx.io/api/telemetry
 ## -s: second
 ##
 ## Default: 7d
-telemetry.report_interval = 7d
+telemetry.report_interval = 7d

apps/emqx_web_hook/etc/emqx_web_hook.conf

@@ -5,16 +5,16 @@
 ## Webhook URL
 ##
 ## Value: String
-web.hook.url = http://127.0.0.1:80
+web.hook.url = "http://127.0.0.1:80"
 
 ## HTTP Headers
-## 
+##
 ## Example:
-## 1. web.hook.headers.content-type = application/json
-## 2. web.hook.headers.accept = *
+## 1. web.hook.headers.content-type = "application/json"
+## 2. web.hook.headers.accept = "*"
 ##
 ## Value: String
-web.hook.headers.content-type = application/json
+web.hook.headers.content-type = "application/json"
 
 ## The encoding format of the payload field in the HTTP body
 ## The payload field only appears in the on_message_publish and on_message_delivered actions
@@ -54,15 +54,15 @@ web.hook.pool_size = 32
 ##
 ## Format:
 ##   web.hook.rule.<HookName>.<No> = <Spec>
-#web.hook.rule.client.connect.1       = {"action": "on_client_connect"}
-#web.hook.rule.client.connack.1       = {"action": "on_client_connack"}
-#web.hook.rule.client.connected.1     = {"action": "on_client_connected"}
-#web.hook.rule.client.disconnected.1  = {"action": "on_client_disconnected"}
-#web.hook.rule.client.subscribe.1     = {"action": "on_client_subscribe"}
-#web.hook.rule.client.unsubscribe.1   = {"action": "on_client_unsubscribe"}
-#web.hook.rule.session.subscribed.1   = {"action": "on_session_subscribed"}
-#web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
-#web.hook.rule.session.terminated.1   = {"action": "on_session_terminated"}
-#web.hook.rule.message.publish.1      = {"action": "on_message_publish"}
-#web.hook.rule.message.delivered.1    = {"action": "on_message_delivered"}
-#web.hook.rule.message.acked.1        = {"action": "on_message_acked"}
+#web.hook.rule.client.connect.1       = "{"action": "on_client_connect"}"
+#web.hook.rule.client.connack.1       = "{"action": "on_client_connack"}"
+#web.hook.rule.client.connected.1     = "{"action": "on_client_connected"}"
+#web.hook.rule.client.disconnected.1  = "{"action": "on_client_disconnected"}"
+#web.hook.rule.client.subscribe.1     = "{"action": "on_client_subscribe"}"
+#web.hook.rule.client.unsubscribe.1   = "{"action": "on_client_unsubscribe"}"
+#web.hook.rule.session.subscribed.1   = "{"action": "on_session_subscribed"}"
+#web.hook.rule.session.unsubscribed.1 = "{"action": "on_session_unsubscribed"}"
+#web.hook.rule.session.terminated.1   = "{"action": "on_session_terminated"}"
+#web.hook.rule.message.publish.1      = "{"action": "on_message_publish"}"
+#web.hook.rule.message.delivered.1    = "{"action": "on_message_delivered"}"
+#web.hook.rule.message.acked.1        = ""{"action": "on_message_acked"}"

apps/emqx_web_hook/rebar.config

@@ -23,8 +23,7 @@
  [{test,
    [{erl_opts, [export_all, nowarn_export_all]},
     {deps,
-     [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.3.0"}}},
-      {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}},
+     [
       {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3"}}}
      ]}
    ]}

deploy/charts/emqx/values.yaml

@@ -42,7 +42,7 @@ initContainers: {}
 
 ## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
 emqxConfig:
-  EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc:443"
+  EMQX_CLUSTER__K8S__APISERVER: \"https://kubernetes.default.svc:443\"
   ## The address type is used to extract host from k8s service.
   ## Value: ip | dns | hostname
   ## Note：Hostname is only supported after v4.0-rc.2

priv/emqx.schema

@@ -482,7 +482,7 @@ end}.
   {datatype, integer}
 ]}.
 
-{mapping, "log.rotation", "kernel.logger", [
+{mapping, "log.rotation.enable", "kernel.logger", [
   {default, on},
   {datatype, flag}
 ]}.
@@ -576,7 +576,7 @@ end}.
 {translation, "kernel.logger", fun(Conf) ->
     LogTo = cuttlefish:conf_get("log.to", Conf),
     LogLevel = cuttlefish:conf_get("log.level", Conf),
-    LogType = case cuttlefish:conf_get("log.rotation", Conf) of
+    LogType = case cuttlefish:conf_get("log.rotation.enable", Conf) of
                   true -> wrap;
                   false -> halt
               end,
@@ -1166,7 +1166,7 @@ end}.
 %%--------------------------------------------------------------------
 %% TCP Listeners
 
-{mapping, "listener.tcp.$name", "emqx.listeners", [
+{mapping, "listener.tcp.$name.endpoint", "emqx.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -1267,7 +1267,7 @@ end}.
 %%--------------------------------------------------------------------
 %% SSL Listeners
 
-{mapping, "listener.ssl.$name", "emqx.listeners", [
+{mapping, "listener.ssl.$name.endpoint", "emqx.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -1431,7 +1431,7 @@ end}.
 %%--------------------------------------------------------------------
 %% MQTT/WebSocket Listeners
 
-{mapping, "listener.ws.$name", "emqx.listeners", [
+{mapping, "listener.ws.$name.endpoint", "emqx.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -1607,7 +1607,7 @@ end}.
 %%--------------------------------------------------------------------
 %% MQTT/WebSocket/SSL Listeners
 
-{mapping, "listener.wss.$name", "emqx.listeners", [
+{mapping, "listener.wss.$name.endpoint", "emqx.listeners", [
   {datatype, [integer, ip]}
 ]}.
 
@@ -1845,7 +1845,6 @@ end}.
 ]}.
 
 {translation, "emqx.listeners", fun(Conf) ->
-
     Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
 
     Atom = fun(undefined) -> undefined; (S) -> list_to_atom(S) end,
@@ -1984,7 +1983,7 @@ end}.
 
     TcpListeners = fun(Type, Name) ->
                       Prefix = string:join(["listener", Type, Name], "."),
-                      ListenOnN = case cuttlefish:conf_get(Prefix, Conf, undefined) of
+                      ListenOnN = case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
                           undefined -> [];
                           ListenOn  ->
                               case ListenOn of
@@ -2001,7 +2000,7 @@ end}.
                    end,
     SslListeners = fun(Type, Name) ->
                        Prefix = string:join(["listener", Type, Name], "."),
-                       case cuttlefish:conf_get(Prefix, Conf, undefined) of
+                       case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of
                            undefined ->
                                [];
                            ListenOn ->
@@ -2010,12 +2009,11 @@ end}.
                                                         {ssl_options, SslOpts(Prefix)} | LisOpts(Prefix)]}]
                        end
                    end,
-
-    lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name], ListenOn}
+    lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn}
                                                <- cuttlefish_variable:filter_by_prefix("listener.tcp", Conf)
                                                ++ cuttlefish_variable:filter_by_prefix("listener.ws", Conf)]
                   ++
-                  [SslListeners(Type, Name) || {["listener", Type, Name], ListenOn}
+                  [SslListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn}
                                                <- cuttlefish_variable:filter_by_prefix("listener.ssl", Conf)
                                                ++ cuttlefish_variable:filter_by_prefix("listener.wss", Conf)])
 end}.

rebar.config

@@ -47,7 +47,7 @@
     , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}}
     , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.8.0"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.0"}}}
-    , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}
+    , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {branch, "hocon"}}}
     , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.3"}}}
     , {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.0"}}}
     , {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.1"}}}

rebar.config.erl

@@ -29,7 +29,7 @@ plugins() ->
 
 test_deps() ->
     [ {bbmustache, "1.10.0"}
-    , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.3.4"}}}
+    , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {branch, "hocon"}}}
     , meck
     ].
 

test/emqx_listeners_SUITE.erl

@@ -67,14 +67,16 @@ mustache_vars() ->
 generate_config() ->
     Schema = cuttlefish_schema:files([local_path(["priv", "emqx.schema"])]),
     ConfFile = render_config_file(),
-    Conf = conf_parse:file(ConfFile),
+    {ok, Conf} = hocon:load(ConfFile, #{format => proplists}),
     cuttlefish_generator:map(Schema, Conf).
 
 set_app_env({App, Lists}) ->
     lists:foreach(fun({acl_file, _Var}) ->
                       application:set_env(App, acl_file, local_path(["etc", "acl.conf"]));
                      ({plugins_loaded_file, _Var}) ->
-                      application:set_env(App, plugins_loaded_file, local_path(["test", "emqx_SUITE_data","loaded_plugins"]));
+                      application:set_env(App,
+                                          plugins_loaded_file,
+                                          local_path(["test", "emqx_SUITE_data","loaded_plugins"]));
                      ({Par, Var}) ->
                       application:set_env(App, Par, Var)
                   end, Lists).
@@ -91,4 +93,4 @@ get_base_dir(Module) ->
 
 get_base_dir() ->
     get_base_dir(?MODULE).
-    
+

test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config

@@ -15,11 +15,3 @@
 {cover_enabled, true}.
 {cover_opts, [verbose]}.
 {cover_export_enabled, true}.
-
-{profiles,
-    [{test, [
-        {deps, [ {emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.1.4"}}}
-               , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}
-               ]}
-    ]}
-]}.