refactor(api): unified api name style

apps/emqx/src/emqx_authentication.erl

@@ -59,7 +59,7 @@
         , move_authenticator/3
         ]).
 
-%% APIs for observer built-in-database
+%% APIs for observer built_in_database
 -export([ import_users/3
         , add_user/3
         , delete_user/3
@@ -266,7 +266,7 @@ stop() ->
 %% @doc Register authentication providers.
 %% A provider is a tuple of `AuthNType' the module which implements
 %% the authenticator callbacks.
-%% For example, ``[{{'password-based', redis}, emqx_authn_redis}]''
+%% For example, ``[{{'password_based', redis}, emqx_authn_redis}]''
 %% NOTE: Later registered provider may override earlier registered if they
 %% happen to clash the same `AuthNType'.
 -spec register_providers([{authn_type(), module()}]) -> ok.

apps/emqx/src/emqx_schema.erl

@@ -124,7 +124,7 @@ EMQX can be configured with:
 <br>
 <ul>
 <li><code>[]</code>: The default value, it allows *ALL* logins</li>
-<li>one: For example <code>{enable:true,backend:\"built-in-database\",mechanism=\"password-based\"}
+<li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
 </code></li>
 <li>chain: An array of structs.</li>
 </ul>
@@ -255,7 +255,7 @@ fields("authorization") ->
            , desc => """
 Default access control action if the user or client matches no ACL rules,
 or if no such user or client is found by the configurable authorization
-sources such as built-in-database, an HTTP API, or a query against PostgreSQL.
+sources such as built_in_database, an HTTP API, or a query against PostgreSQL.
 Find more details in 'authorization.sources' config.
 """
            })}

apps/emqx/test/emqx_authentication_SUITE.erl

@@ -40,13 +40,13 @@ roots() -> [{config, #{type => hoconsc:union([
                                               hoconsc:ref(?MODULE, type2)])}}].
 
 fields(type1) ->
-    [ {mechanism,               {enum, ['password-based']}}
-    , {backend,                 {enum, ['built-in-database']}}
+    [ {mechanism,               {enum, ['password_based']}}
+    , {backend,                 {enum, ['built_in_database']}}
     , {enable,                  fun enable/1}
     ];
 
 fields(type2) ->
-    [ {mechanism,               {enum, ['password-based']}}
+    [ {mechanism,               {enum, ['password_based']}}
     , {backend,                 {enum, ['mysql']}}
     , {enable,                  fun enable/1}
     ].
@@ -117,13 +117,13 @@ t_chain(Config) when is_list(Config) ->
 
 
 t_authenticator({'init', Config}) ->
-    [{"auth1", {'password-based', 'built-in-database'}},
-     {"auth2", {'password-based', mysql}} | Config];
+    [{"auth1", {'password_based', 'built_in_database'}},
+     {"auth2", {'password_based', mysql}} | Config];
 
 t_authenticator(Config) when is_list(Config) ->
     ChainName = 'test',
-    AuthenticatorConfig1 = #{mechanism => 'password-based',
-                             backend => 'built-in-database',
+    AuthenticatorConfig1 = #{mechanism => 'password_based',
+                             backend => 'built_in_database',
                              enable => true},
 
     % Create an authenticator when the authentication chain does not exist
@@ -140,7 +140,7 @@ t_authenticator(Config) when is_list(Config) ->
 
     AuthNType1 = ?config("auth1"),
     register_provider(AuthNType1, ?MODULE),
-    ID1 = <<"password-based:built-in-database">>,
+    ID1 = <<"password_based:built_in_database">>,
 
     % CRUD of authencaticator
     ?assertMatch(
@@ -169,8 +169,8 @@ t_authenticator(Config) when is_list(Config) ->
     % Multiple authenticators exist at the same time
     AuthNType2 = ?config("auth2"),
     register_provider(AuthNType2, ?MODULE),
-    ID2 = <<"password-based:mysql">>,
-    AuthenticatorConfig2 = #{mechanism => 'password-based',
+    ID2 = <<"password_based:mysql">>,
+    AuthenticatorConfig2 = #{mechanism => 'password_based',
                              backend => mysql,
                              enable => true},
 
@@ -202,7 +202,7 @@ t_authenticator({'end', Config}) ->
 
 t_authenticate({init, Config}) ->
     [{listener_id, 'tcp:default'},
-     {authn_type, {'password-based', 'built-in-database'}} | Config];
+     {authn_type, {'password_based', 'built_in_database'}} | Config];
 
 t_authenticate(Config) when is_list(Config) ->
     ListenerID = ?config(listener_id),
@@ -216,8 +216,8 @@ t_authenticate(Config) when is_list(Config) ->
 
     register_provider(AuthNType, ?MODULE),
 
-    AuthenticatorConfig = #{mechanism => 'password-based',
-                            backend => 'built-in-database',
+    AuthenticatorConfig = #{mechanism => 'password_based',
+                            backend => 'built_in_database',
                             enable => true},
     ?AUTHN:create_chain(ListenerID),
     ?assertMatch({ok, _}, ?AUTHN:create_authenticator(ListenerID, AuthenticatorConfig)),
@@ -238,8 +238,8 @@ t_authenticate({'end', Config}) ->
 
 t_update_config({init, Config}) ->
     Global = 'mqtt:global',
-    AuthNType1 = {'password-based', 'built-in-database'},
-    AuthNType2 = {'password-based', mysql},
+    AuthNType1 = {'password_based', 'built_in_database'},
+    AuthNType2 = {'password_based', mysql},
     [{global, Global},
      {"auth1", AuthNType1},
      {"auth2", AuthNType2} | Config];
@@ -249,14 +249,14 @@ t_update_config(Config) when is_list(Config) ->
     ok = register_provider(?config("auth1"), ?MODULE),
     ok = register_provider(?config("auth2"), ?MODULE),
     Global = ?config(global),
-    AuthenticatorConfig1 = #{<<"mechanism">> => <<"password-based">>,
-                             <<"backend">> => <<"built-in-database">>,
+    AuthenticatorConfig1 = #{<<"mechanism">> => <<"password_based">>,
+                             <<"backend">> => <<"built_in_database">>,
                              <<"enable">> => true},
-    AuthenticatorConfig2 = #{<<"mechanism">> => <<"password-based">>,
+    AuthenticatorConfig2 = #{<<"mechanism">> => <<"password_based">>,
                              <<"backend">> => <<"mysql">>,
                              <<"enable">> => true},
-    ID1 = <<"password-based:built-in-database">>,
-    ID2 = <<"password-based:mysql">>,
+    ID1 = <<"password_based:built_in_database">>,
+    ID2 = <<"password_based:mysql">>,
 
     ?assertMatch({ok, []}, ?AUTHN:list_chains()),
 
@@ -391,7 +391,7 @@ t_convert_certs(Config) when is_list(Config) ->
                   , {<<"cacertfile">>, "cacert.pem"}
                   ]),
 
-    CertsDir = certs_dir(Config, [Global, <<"password-based:built-in-database">>]),
+    CertsDir = certs_dir(Config, [Global, <<"password_based:built_in_database">>]),
     #{<<"ssl">> := NCerts} = convert_certs(CertsDir, #{<<"ssl">> => Certs}),
 
     Certs2 = certs([ {<<"keyfile">>, "key.pem"}

apps/emqx_authn/src/emqx_authn.erl

@@ -25,14 +25,14 @@
 -include("emqx_authn.hrl").
 
 providers() ->
-    [ {{'password-based', 'built-in-database'}, emqx_authn_mnesia}
-    , {{'password-based', mysql}, emqx_authn_mysql}
-    , {{'password-based', postgresql}, emqx_authn_pgsql}
-    , {{'password-based', mongodb}, emqx_authn_mongodb}
-    , {{'password-based', redis}, emqx_authn_redis}
-    , {{'password-based', 'http'}, emqx_authn_http}
+    [ {{'password_based', 'built_in_database'}, emqx_authn_mnesia}
+    , {{'password_based', mysql}, emqx_authn_mysql}
+    , {{'password_based', postgresql}, emqx_authn_pgsql}
+    , {{'password_based', mongodb}, emqx_authn_mongodb}
+    , {{'password_based', redis}, emqx_authn_redis}
+    , {{'password_based', 'http'}, emqx_authn_http}
     , {jwt, emqx_authn_jwt}
-    , {{scram, 'built-in-database'}, emqx_enhanced_authn_scram_mnesia}
+    , {{scram, 'built_in_database'}, emqx_enhanced_authn_scram_mnesia}
     ].
 
 check_configs(C) when is_map(C) ->

apps/emqx_authn/src/emqx_authn_api.erl

@@ -964,21 +964,21 @@ authenticator_array_example() ->
 
 authenticator_examples() ->
     #{
-        'password-based:built-in-database' => #{
-            summary => <<"Built-in password-based authentication">>,
+        'password_based:built_in_database' => #{
+            summary => <<"Built-in password_based authentication">>,
             value => #{
-                mechanism => <<"password-based">>,
-                backend => <<"built-in-database">>,
+                mechanism => <<"password_based">>,
+                backend => <<"built_in_database">>,
                 user_id_type => <<"username">>,
                 password_hash_algorithm => #{
                     name => <<"sha256">>
                 }
             }
         },
-        'password-based:http' => #{
-            summary => <<"Password-based authentication through external HTTP API">>,
+        'password_based:http' => #{
+            summary => <<"password_based authentication through external HTTP API">>,
             value => #{
-                mechanism => <<"password-based">>,
+                mechanism => <<"password_based">>,
                 backend => <<"http">>,
                 method => <<"post">>,
                 url => <<"http://127.0.0.1:18083">>,
@@ -1009,10 +1009,10 @@ authenticator_examples() ->
                 }
             }
         },
-        'password-based:mongodb' => #{
-            summary => <<"Password-based authentication with MongoDB backend">>,
+        'password_based:mongodb' => #{
+            summary => <<"password_based authentication with MongoDB backend">>,
             value => #{
-                mechanism => <<"password-based">>,
+                mechanism => <<"password_based">>,
                 backend => <<"mongodb">>,
                 server => <<"127.0.0.1:27017">>,
                 database => example,
@@ -1027,10 +1027,10 @@ authenticator_examples() ->
                 salt_position => <<"prefix">>
             }
         },
-        'password-based:redis' => #{
-            summary => <<"Password-based authentication with Redis backend">>,
+        'password_based:redis' => #{
+            summary => <<"password_based authentication with Redis backend">>,
             value => #{
-                mechanism => <<"password-based">>,
+                mechanism => <<"password_based">>,
                 backend => <<"redis">>,
                 server => <<"127.0.0.1:6379">>,
                 database => 0,
@@ -1091,10 +1091,10 @@ request_move_examples() ->
                 position => <<"bottom">>
             }
         },
-        'move_before_password-based:built-in-database' => #{
+        'move_before_password_based:built_in_database' => #{
             summary => <<"Move authenticator to the position preceding some other authenticator">>,
             value => #{
-                position => <<"before:password-based:built-in-database">>
+                position => <<"before:password_based:built_in_database">>
             }
         }
     }.

apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl

@@ -87,7 +87,7 @@ roots() -> [?CONF_NS].
 
 fields(?CONF_NS) ->
     [ {mechanism, emqx_authn_schema:mechanism('scram')}
-    , {backend, emqx_authn_schema:backend('built-in-database')}
+    , {backend, emqx_authn_schema:backend('built_in_database')}
     , {algorithm, fun algorithm/1}
     , {iteration_count, fun iteration_count/1}
     ] ++ emqx_authn_schema:common_fields().

apps/emqx_authn/src/simple_authn/emqx_authn_http.erl

@@ -60,7 +60,7 @@ fields(post) ->
     ] ++ common_fields().
 
 common_fields() ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
     , {backend, emqx_authn_schema:backend(http)}
     , {url, fun url/1}
     , {body, map([{fuzzy, term(), binary()}])}

apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl

@@ -93,8 +93,8 @@ namespace() -> "authn-builtin_db".
 roots() -> [?CONF_NS].
 
 fields(?CONF_NS) ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
-    , {backend, emqx_authn_schema:backend('built-in-database')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
+    , {backend, emqx_authn_schema:backend('built_in_database')}
     , {user_id_type, fun user_id_type/1}
     , {password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
     ] ++ emqx_authn_schema:common_fields().

apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl

@@ -56,7 +56,7 @@ fields('sharded-cluster') ->
     common_fields() ++ emqx_connector_mongo:fields(sharded).
 
 common_fields() ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
     , {backend, emqx_authn_schema:backend(mongodb)}
     , {collection, fun collection/1}
     , {selector, fun selector/1}

apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl

@@ -44,7 +44,7 @@ namespace() -> "authn-mysql".
 roots() -> [?CONF_NS].
 
 fields(?CONF_NS) ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
     , {backend, emqx_authn_schema:backend(mysql)}
     , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
     , {query, fun query/1}

apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl

@@ -50,7 +50,7 @@ namespace() -> "authn-postgresql".
 roots() -> [?CONF_NS].
 
 fields(?CONF_NS) ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
     , {backend, emqx_authn_schema:backend(postgresql)}
     , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
     , {query, fun query/1}

apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl

@@ -56,7 +56,7 @@ fields(sentinel) ->
     common_fields() ++ emqx_connector_redis:fields(sentinel).
 
 common_fields() ->
-    [ {mechanism, emqx_authn_schema:mechanism('password-based')}
+    [ {mechanism, emqx_authn_schema:mechanism('password_based')}
     , {backend, emqx_authn_schema:backend(redis)}
     , {cmd, fun cmd/1}
     , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}

apps/emqx_authn/test/emqx_authn_api_SUITE.erl

@@ -155,7 +155,7 @@ test_authenticators(PathPrefix) ->
                      InvalidConfig1),
 
     ?assertAuthenticatorsMatch(
-       [#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}],
+       [#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>}],
        PathPrefix ++ [?CONF_NS]).
 
 test_authenticator(PathPrefix) ->
@@ -166,49 +166,49 @@ test_authenticator(PathPrefix) ->
                      ValidConfig0),
     {ok, 200, _} = request(
                      get,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:http"])),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
 
     {ok, 404, _} = request(
                      get,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
 
 
     {ok, 404, _} = request(
                      put,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database"]),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database"]),
                      emqx_authn_test_lib:built_in_database_example()),
 
     InvalidConfig0 = ValidConfig0#{method => <<"delete">>},
     {ok, 400, _} = request(
                      put,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
                      InvalidConfig0),
 
     InvalidConfig1 = ValidConfig0#{method => <<"get">>,
                                   headers => #{<<"content-type">> => <<"application/json">>}},
     {ok, 400, _} = request(
                      put,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
                      InvalidConfig1),
 
     ValidConfig1 = ValidConfig0#{pool_size => 9},
     {ok, 200, _} = request(
                      put,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
                      ValidConfig1),
 
     {ok, 404, _} = request(
                      delete,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
 
     {ok, 204, _} = request(
                      delete,
-                     uri(PathPrefix ++ [?CONF_NS, "password-based:http"])),
+                     uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
 
     ?assertAuthenticatorsMatch([], PathPrefix ++ [?CONF_NS]).
 
 test_authenticator_users(PathPrefix) ->
-    UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]),
+    UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
 
     {ok, 200, _} = request(
                      post,
@@ -263,7 +263,7 @@ test_authenticator_users(PathPrefix) ->
        lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])).
 
 test_authenticator_user(PathPrefix) ->
-    UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]),
+    UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
 
     {ok, 200, _} = request(
                      post,
@@ -318,9 +318,9 @@ test_authenticator_move(PathPrefix) ->
 
     ?assertAuthenticatorsMatch(
        [
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
         #{<<"mechanism">> := <<"jwt">>},
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
        ],
        PathPrefix ++ [?CONF_NS]),
 
@@ -344,12 +344,12 @@ test_authenticator_move(PathPrefix) ->
     {ok, 404, _} = request(
                      post,
                      uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
-                     #{position => <<"before:password-based:redis">>}),
+                     #{position => <<"before:password_based:redis">>}),
 
     {ok, 404, _} = request(
                      post,
                      uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
-                     #{position => <<"before:password-based:redis">>}),
+                     #{position => <<"before:password_based:redis">>}),
 
     % Valid moves
 
@@ -361,8 +361,8 @@ test_authenticator_move(PathPrefix) ->
     ?assertAuthenticatorsMatch(
        [
         #{<<"mechanism">> := <<"jwt">>},
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
        ],
        PathPrefix ++ [?CONF_NS]),
 
@@ -373,8 +373,8 @@ test_authenticator_move(PathPrefix) ->
 
     ?assertAuthenticatorsMatch(
        [
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>},
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>},
         #{<<"mechanism">> := <<"jwt">>}
        ],
        PathPrefix ++ [?CONF_NS]),
@@ -382,20 +382,20 @@ test_authenticator_move(PathPrefix) ->
     {ok, 204, _} = request(
                      post,
                      uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
-                     #{position => <<"before:password-based:built-in-database">>}),
+                     #{position => <<"before:password_based:built_in_database">>}),
 
     ?assertAuthenticatorsMatch(
        [
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
         #{<<"mechanism">> := <<"jwt">>},
-        #{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
+        #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
        ],
        PathPrefix ++ [?CONF_NS]).
 
 test_authenticator_import_users(PathPrefix) ->
     ImportUri = uri(
                   PathPrefix ++
-                  [?CONF_NS, "password-based:built-in-database", "import_users"]),
+                  [?CONF_NS, "password_based:built_in_database", "import_users"]),
 
 
     {ok, 200, _} = request(

apps/emqx_authn/test/emqx_authn_http_SUITE.erl

@@ -179,7 +179,7 @@ t_update(_Config) ->
     % We update with config with correct query, provider should update and work properly
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:http">>, CorrectConfig}),
+                {update_authenticator, ?GLOBAL, <<"password_based:http">>, CorrectConfig}),
 
     {ok,_} = emqx_access_control:authenticate(?CREDENTIALS).
 
@@ -240,7 +240,7 @@ test_is_superuser({Kind, Value, ExpectedValue}) ->
 
 raw_http_auth_config() ->
     #{
-        mechanism => <<"password-based">>,
+        mechanism => <<"password_based">>,
         enable => <<"true">>,
 
         backend => <<"http">>,

apps/emqx_authn/test/emqx_authn_https_SUITE.erl

@@ -124,7 +124,7 @@ raw_https_auth_config(SpecificSSLOpts) ->
                 emqx_authn_test_lib:client_ssl_cert_opts(),
                 #{enable => <<"true">>}),
     #{
-        mechanism => <<"password-based">>,
+        mechanism => <<"password_based">>,
         enable => <<"true">>,
 
         backend => <<"http">>,

apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl

@@ -53,8 +53,8 @@ end_per_testcase(_Case, Config) ->
 
 t_check_schema(_Config) ->
     ConfigOk = #{
-        <<"mechanism">> => <<"password-based">>,
-        <<"backend">> => <<"built-in-database">>,
+        <<"mechanism">> => <<"password_based">>,
+        <<"backend">> => <<"built_in_database">>,
         <<"user_id_type">> => <<"username">>,
         <<"password_hash_algorithm">> => #{
             <<"name">> => <<"bcrypt">>,
@@ -65,8 +65,8 @@ t_check_schema(_Config) ->
     hocon_tconf:check_plain(emqx_authn_mnesia, ?CONF(ConfigOk)),
 
     ConfigNotOk = #{
-        <<"mechanism">> => <<"password-based">>,
-        <<"backend">> => <<"built-in-database">>,
+        <<"mechanism">> => <<"password_based">>,
+        <<"backend">> => <<"built_in_database">>,
         <<"user_id_type">> => <<"username">>,
         <<"password_hash_algorithm">> => #{
             <<"name">> => <<"md6">>

apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl

@@ -177,7 +177,7 @@ t_update(_Config) ->
     % We update with config with correct selector, provider should update and work properly
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:mongodb">>, CorrectConfig}),
+                {update_authenticator, ?GLOBAL, <<"password_based:mongodb">>, CorrectConfig}),
 
     {ok,_} = emqx_access_control:authenticate(
                #{username => <<"plain">>,
@@ -238,7 +238,7 @@ test_is_superuser({Value, ExpectedValue}) ->
 
 raw_mongo_auth_config() ->
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,
@@ -309,7 +309,8 @@ user_seeds() ->
 
      #{data => #{
                  username => <<"bcrypt">>,
-                 password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
+                 password_hash =>
+                     <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
                  salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
                  is_superuser => 0
                 },
@@ -325,7 +326,8 @@ user_seeds() ->
 
      #{data => #{
                  username => <<"bcrypt0">>,
-                 password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
+                 password_hash =>
+                     <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
                  salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
                  is_superuser => <<"0">>
                 },
@@ -343,7 +345,8 @@ user_seeds() ->
 
      #{data => #{
                  username => <<"bcrypt1">>,
-                 password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
+                 password_hash =>
+                     <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
                  salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
                  is_superuser => <<"0">>
                 },
@@ -360,7 +363,8 @@ user_seeds() ->
 
      #{data => #{
                  username => <<"bcrypt2">>,
-                 password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
+                 password_hash =>
+                     <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
                  salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
                  is_superuser => <<"0">>
                 },

apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl

@@ -151,7 +151,7 @@ raw_mongo_auth_config(SpecificSSLOpts) ->
                 emqx_authn_test_lib:client_ssl_cert_opts(),
                 #{enable => <<"true">>}),
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl

@@ -28,7 +28,7 @@
 -define(MYSQL_RESOURCE, <<"emqx_authn_mysql_SUITE">>).
 
 -define(PATH, [authentication]).
--define(ResourceID, <<"password-based:mysql">>).
+-define(ResourceID, <<"password_based:mysql">>).
 
 all() ->
     [{group, require_seeds}, t_create, t_create_invalid].
@@ -190,7 +190,7 @@ t_update(_Config) ->
     % We update with config with correct query, provider should update and work properly
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:mysql">>, CorrectConfig}),
+                {update_authenticator, ?GLOBAL, <<"password_based:mysql">>, CorrectConfig}),
 
     {ok,_} = emqx_access_control:authenticate(
                #{username => <<"plain">>,
@@ -205,7 +205,7 @@ t_update(_Config) ->
 
 raw_mysql_auth_config() ->
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl

@@ -27,7 +27,7 @@
 -define(MYSQL_HOST, "mysql-tls").
 
 -define(PATH, [authentication]).
--define(ResourceID, <<"password-based:mysql">>).
+-define(ResourceID, <<"password_based:mysql">>).
 
 all() ->
     emqx_common_test_helpers:all(?MODULE).
@@ -116,7 +116,7 @@ raw_mysql_auth_config(SpecificSSLOpts) ->
                 emqx_authn_test_lib:client_ssl_cert_opts(),
                 #{enable => <<"true">>}),
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl

@@ -27,7 +27,7 @@
 
 -define(PGSQL_HOST, "pgsql").
 -define(PGSQL_RESOURCE, <<"emqx_authn_pgsql_SUITE">>).
--define(ResourceID, <<"password-based:postgresql">>).
+-define(ResourceID, <<"password_based:postgresql">>).
 
 -define(PATH, [authentication]).
 
@@ -191,7 +191,7 @@ t_update(_Config) ->
     % We update with config with correct query, provider should update and work properly
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, CorrectConfig}),
+                {update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, CorrectConfig}),
 
     {ok,_} = emqx_access_control:authenticate(
                #{username => <<"plain">>,
@@ -243,7 +243,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
     Config = maps:put(query, Query, raw_pgsql_auth_config()),
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, Config}),
+                {update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, Config}),
 
     Credentials = #{
                     listener => 'tcp:default',
@@ -262,7 +262,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
 
 raw_pgsql_auth_config() ->
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl

@@ -27,7 +27,7 @@
 -define(PGSQL_HOST, "pgsql-tls").
 
 -define(PATH, [authentication]).
--define(ResourceID, <<"password-based:postgresql">>).
+-define(ResourceID, <<"password_based:postgresql">>).
 
 all() ->
     emqx_common_test_helpers:all(?MODULE).
@@ -116,7 +116,7 @@ raw_pgsql_auth_config(SpecificSSLOpts) ->
                 emqx_authn_test_lib:client_ssl_cert_opts(),
                 #{enable => <<"true">>}),
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_redis_SUITE.erl

@@ -28,7 +28,7 @@
 -define(REDIS_RESOURCE, <<"emqx_authn_redis_SUITE">>).
 
 -define(PATH, [authentication]).
--define(ResourceID, <<"password-based:redis">>).
+-define(ResourceID, <<"password_based:redis">>).
 
 all() ->
     [{group, require_seeds}, t_create, t_create_invalid].
@@ -207,7 +207,7 @@ t_update(_Config) ->
     % We update with config with correct query, provider should update and work properly
     {ok, _} = emqx:update_config(
                 ?PATH,
-                {update_authenticator, ?GLOBAL, <<"password-based:redis">>, CorrectConfig}),
+                {update_authenticator, ?GLOBAL, <<"password_based:redis">>, CorrectConfig}),
 
     {ok,_} = emqx_access_control:authenticate(
                #{username => <<"plain">>,
@@ -222,7 +222,7 @@ t_update(_Config) ->
 
 raw_redis_auth_config() ->
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl

@@ -114,7 +114,7 @@ raw_redis_auth_config(SpecificSSLOpts) ->
                 emqx_authn_test_lib:client_ssl_cert_opts(),
                 #{enable => <<"true">>}),
     #{
-      mechanism => <<"password-based">>,
+      mechanism => <<"password_based">>,
       password_hash_algorithm => #{name => <<"plain">>,
                                    salt_position => <<"suffix">>},
       enable => <<"true">>,

apps/emqx_authn/test/emqx_authn_test_lib.erl

@@ -26,10 +26,10 @@ authenticator_example(Id) ->
     Example.
 
 http_example() ->
-    authenticator_example('password-based:http').
+    authenticator_example('password_based:http').
 
 built_in_database_example() ->
-    authenticator_example('password-based:built-in-database').
+    authenticator_example('password_based:built_in_database').
 
 jwt_example() ->
     authenticator_example(jwt).

apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl

@@ -58,7 +58,7 @@ end_per_testcase(_Case, Config) ->
 t_create(_Config) ->
     ValidConfig = #{
         <<"mechanism">> => <<"scram">>,
-        <<"backend">> => <<"built-in-database">>,
+        <<"backend">> => <<"built_in_database">>,
         <<"algorithm">> => <<"sha512">>,
         <<"iteration_count">> => <<"4096">>
     },
@@ -73,7 +73,7 @@ t_create(_Config) ->
 t_create_invalid(_Config) ->
     InvalidConfig = #{
                       <<"mechanism">> => <<"scram">>,
-                      <<"backend">> => <<"built-in-database">>,
+                      <<"backend">> => <<"built_in_database">>,
                       <<"algorithm">> => <<"sha271828">>,
                       <<"iteration_count">> => <<"4096">>
                      },
@@ -339,7 +339,7 @@ test_is_superuser(UserInfo, ExpectedIsSuperuser) ->
 config() ->
     #{
       mechanism => <<"scram">>,
-      backend => <<"built-in-database">>,
+      backend => <<"built_in_database">>,
       algorithm => sha512,
       iteration_count => 4096
      }.
@@ -347,7 +347,7 @@ config() ->
 raw_config(Algorithm) ->
     #{
         <<"mechanism">> => <<"scram">>,
-        <<"backend">> => <<"built-in-database">>,
+        <<"backend">> => <<"built_in_database">>,
         <<"algorithm">> => atom_to_binary(Algorithm),
         <<"iteration_count">> => <<"4096">>
     }.

apps/emqx_authz/etc/emqx_authz.conf

@@ -56,7 +56,7 @@ authorization {
        #     selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] }
        # },
        {
-            type: built-in-database
+            type: built_in_database
        },
        {
             type: file

apps/emqx_authz/src/emqx_authz.erl

@@ -111,11 +111,14 @@ lookup(Type) ->
     Source.
 
 move(Type, #{<<"before">> := Before}) ->
-    emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))});
+    emqx_authz_utils:update_config(
+      ?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))});
 move(Type, #{<<"after">> := After}) ->
-    emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))});
+    emqx_authz_utils:update_config(
+      ?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))});
 move(Type, Position) ->
-    emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}).
+    emqx_authz_utils:update_config(
+      ?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}).
 
 update({?CMD_REPLACE, Type}, Sources) ->
     emqx_authz_utils:update_config(?CONF_KEY_PATH, {{?CMD_REPLACE, type(Type)}, Sources});
@@ -341,7 +344,7 @@ find_action_in_hooks() ->
     [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
     Action.
 
-authz_module('built-in-database') ->
+authz_module('built_in_database') ->
     emqx_authz_mnesia;
 authz_module(Type) ->
     list_to_existing_atom("emqx_authz_" ++ atom_to_list(Type)).
@@ -360,8 +363,8 @@ type(redis) -> redis;
 type(<<"redis">>) -> redis;
 type(postgresql) -> postgresql;
 type(<<"postgresql">>) -> postgresql;
-type('built-in-database') -> 'built-in-database';
-type(<<"built-in-database">>) -> 'built-in-database';
+type('built_in_database') -> 'built_in_database';
+type(<<"built_in_database">>) -> 'built_in_database';
 %% should never happen if the input is type-checked by hocon schema
 type(Unknown) -> error({unknown_authz_source_type, Unknown}).
 

apps/emqx_authz/src/emqx_authz_api_mnesia.erl

@@ -65,18 +65,18 @@ api_spec() ->
     emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}).
 
 paths() ->
-    [ "/authorization/sources/built-in-database/username"
-    , "/authorization/sources/built-in-database/clientid"
-    , "/authorization/sources/built-in-database/username/:username"
-    , "/authorization/sources/built-in-database/clientid/:clientid"
-    , "/authorization/sources/built-in-database/all"
-    , "/authorization/sources/built-in-database/purge-all"].
+    [ "/authorization/sources/built_in_database/username"
+    , "/authorization/sources/built_in_database/clientid"
+    , "/authorization/sources/built_in_database/username/:username"
+    , "/authorization/sources/built_in_database/clientid/:clientid"
+    , "/authorization/sources/built_in_database/all"
+    , "/authorization/sources/built_in_database/purge-all"].
 
 %%--------------------------------------------------------------------
 %% Schema for each URI
 %%--------------------------------------------------------------------
 
-schema("/authorization/sources/built-in-database/username") ->
+schema("/authorization/sources/built_in_database/username") ->
     #{ 'operationId' => users
      , get =>
            #{ tags => [<<"authorization">>]
@@ -106,7 +106,7 @@ schema("/authorization/sources/built-in-database/username") ->
             }
         }
     };
-schema("/authorization/sources/built-in-database/clientid") ->
+schema("/authorization/sources/built_in_database/clientid") ->
     #{ 'operationId' => clients
      , get =>
            #{ tags => [<<"authorization">>]
@@ -138,7 +138,7 @@ schema("/authorization/sources/built-in-database/clientid") ->
                    }
             }
      };
-schema("/authorization/sources/built-in-database/username/:username") ->
+schema("/authorization/sources/built_in_database/username/:username") ->
     #{ 'operationId' => user
      , get =>
            #{ tags => [<<"authorization">>]
@@ -176,7 +176,7 @@ schema("/authorization/sources/built-in-database/username/:username") ->
                    }
             }
      };
-schema("/authorization/sources/built-in-database/clientid/:clientid") ->
+schema("/authorization/sources/built_in_database/clientid/:clientid") ->
     #{ 'operationId' => client
      , get =>
            #{ tags => [<<"authorization">>]
@@ -214,7 +214,7 @@ schema("/authorization/sources/built-in-database/clientid/:clientid") ->
                    }
             }
      };
-schema("/authorization/sources/built-in-database/all") ->
+schema("/authorization/sources/built_in_database/all") ->
     #{ 'operationId' => all
      , get =>
            #{ tags => [<<"authorization">>]
@@ -235,7 +235,7 @@ schema("/authorization/sources/built-in-database/all") ->
                    }
             }
      };
-schema("/authorization/sources/built-in-database/purge-all") ->
+schema("/authorization/sources/built_in_database/purge-all") ->
     #{ 'operationId' => purge
      , delete =>
            #{ tags => [<<"authorization">>]
@@ -389,17 +389,17 @@ all(post, #{body := #{<<"rules">> := Rules}}) ->
     {204}.
 
 purge(delete, _) ->
-    case emqx_authz_api_sources:get_raw_source(<<"built-in-database">>) of
+    case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of
         [#{<<"enable">> := false}] ->
             ok = emqx_authz_mnesia:purge_rules(),
             {204};
         [#{<<"enable">> := true}] ->
             {400, #{code => <<"BAD_REQUEST">>,
                     message =>
-                        <<"'built-in-database' type source must be disabled before purge.">>}};
+                        <<"'built_in_database' type source must be disabled before purge.">>}};
         [] ->
             {404, #{code => <<"BAD_REQUEST">>,
-                    message => <<"'built-in-database' type source is not found.">>
+                    message => <<"'built_in_database' type source is not found.">>
                    }}
     end.
 
@@ -513,7 +513,7 @@ rules_example({ExampleName, ExampleType}) ->
                 [Example]
         end,
     #{
-        'password-based:built-in-database' => #{
+        'password_based:built_in_database' => #{
             summary => Summary,
             value   => Value
         }

apps/emqx_authz/src/emqx_authz_api_schema.erl

@@ -35,8 +35,8 @@ fields(http) ->
         ++ maps:to_list(maps:without([ base_url
                                      , pool_type],
                                      maps:from_list(emqx_connector_http:fields(config))));
-fields('built-in-database') ->
-    authz_common_fields('built-in-database');
+fields('built_in_database') ->
+    authz_common_fields('built_in_database');
 fields(mongo_single) ->
     authz_mongo_common_fields()
     ++ emqx_connector_mongo:fields(single);
@@ -170,7 +170,7 @@ authz_sources_types(Type) ->
     end
         ++
         [ http
-        , 'built-in-database'
+        , 'built_in_database'
         , mysql
         , postgresql
         , file].

apps/emqx_authz/src/emqx_authz_mnesia.erl

@@ -94,7 +94,7 @@ dry_run(_Source) -> ok.
 
 authorize(#{username := Username,
             clientid := Clientid
-           } = Client, PubSub, Topic, #{type := 'built-in-database'}) ->
+           } = Client, PubSub, Topic, #{type := 'built_in_database'}) ->
 
     Rules = case mnesia:dirty_read(?ACL_TABLE, {?ACL_TABLE_CLIENTID, Clientid}) of
                 [] -> [];

apps/emqx_authz/src/emqx_authz_schema.erl

@@ -113,7 +113,7 @@ fields(http_post) ->
     , {headers, fun headers/1}
     ] ++ http_common_fields();
 fields(mnesia) ->
-    [ {type, #{type => 'built-in-database'}}
+    [ {type, #{type => 'built_in_database'}}
     , {enable, #{type => boolean(),
                  default => true}}
     ];

apps/emqx_authz/test/emqx_authz_api_mnesia_SUITE.erl

@@ -62,7 +62,7 @@ set_special_configs(emqx_authz) ->
     {ok, _} = emqx:update_config([authorization, cache, enable], false),
     {ok, _} = emqx:update_config([authorization, no_match], deny),
     {ok, _} = emqx:update_config([authorization, sources],
-                                 [#{<<"type">> => <<"built-in-database">>}]),
+                                 [#{<<"type">> => <<"built_in_database">>}]),
     ok;
 set_special_configs(_App) ->
     ok.
@@ -74,12 +74,12 @@ set_special_configs(_App) ->
 t_api(_) ->
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "username"])
+               , uri(["authorization", "sources", "built_in_database", "username"])
                , [?USERNAME_RULES_EXAMPLE]),
 
     {ok, 200, Request1} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "username"])
+               , uri(["authorization", "sources", "built_in_database", "username"])
                , []),
     #{<<"data">> := [#{<<"username">> := <<"user1">>, <<"rules">> := Rules1}],
       <<"meta">> := #{<<"count">> := 1,
@@ -91,7 +91,7 @@ t_api(_) ->
         request( get
                , uri([ "authorization"
                      , "sources"
-                     , "built-in-database"
+                     , "built_in_database"
                      , "username?page=1&limit=20&like_username=noexist"])
                , []),
     #{<<"data">> := [],
@@ -102,47 +102,47 @@ t_api(_) ->
 
     {ok, 200, Request2} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , []),
     #{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2),
 
 
     {ok, 204, _} =
         request( put
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , ?USERNAME_RULES_EXAMPLE#{rules => []}),
     {ok, 200, Request3} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , []),
     #{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3),
     ?assertEqual(0, length(Rules2)),
 
     {ok, 204, _} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , []),
     {ok, 404, _} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , []),
     {ok, 404, _} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "username", "user1"])
+               , uri(["authorization", "sources", "built_in_database", "username", "user1"])
                , []),
 
 
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "clientid"])
+               , uri(["authorization", "sources", "built_in_database", "clientid"])
                , [?CLIENTID_RULES_EXAMPLE]),
     {ok, 200, Request4} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "clientid"])
+               , uri(["authorization", "sources", "built_in_database", "clientid"])
                , []),
     {ok, 200, Request5} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , []),
     #{<<"data">> := [#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules3}],
       <<"meta">> := #{<<"count">> := 1, <<"limit">> := 100, <<"page">> := 1}}
@@ -152,97 +152,97 @@ t_api(_) ->
 
     {ok, 204, _} =
         request( put
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , ?CLIENTID_RULES_EXAMPLE#{rules => []}),
     {ok, 200, Request6} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , []),
     #{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6),
     ?assertEqual(0, length(Rules4)),
 
     {ok, 204, _} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , []),
     {ok, 404, _} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , []),
     {ok, 404, _} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
+               , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
                , []),
 
 
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "all"])
+               , uri(["authorization", "sources", "built_in_database", "all"])
                , ?ALL_RULES_EXAMPLE),
     {ok, 200, Request7} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "all"])
+               , uri(["authorization", "sources", "built_in_database", "all"])
                , []),
     #{<<"rules">> := Rules5} = jsx:decode(Request7),
     ?assertEqual(3, length(Rules5)),
 
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "all"])
+               , uri(["authorization", "sources", "built_in_database", "all"])
 
                , ?ALL_RULES_EXAMPLE#{rules => []}),
     {ok, 200, Request8} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "all"])
+               , uri(["authorization", "sources", "built_in_database", "all"])
                , []),
     #{<<"rules">> := Rules6} = jsx:decode(Request8),
     ?assertEqual(0, length(Rules6)),
 
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "username"])
+               , uri(["authorization", "sources", "built_in_database", "username"])
                , [ #{username => erlang:integer_to_binary(N), rules => []}
                    || N <- lists:seq(1, 20) ]),
     {ok, 200, Request9} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "username?page=2&limit=5"])
+               , uri(["authorization", "sources", "built_in_database", "username?page=2&limit=5"])
                , []),
     #{<<"data">> := Data1} = jsx:decode(Request9),
     ?assertEqual(5, length(Data1)),
 
     {ok, 204, _} =
         request( post
-               , uri(["authorization", "sources", "built-in-database", "clientid"])
+               , uri(["authorization", "sources", "built_in_database", "clientid"])
                , [ #{clientid => erlang:integer_to_binary(N), rules => []}
                    || N <- lists:seq(1, 20) ]),
     {ok, 200, Request10} =
         request( get
-               , uri(["authorization", "sources", "built-in-database", "clientid?limit=5"])
+               , uri(["authorization", "sources", "built_in_database", "clientid?limit=5"])
                , []),
     #{<<"data">> := Data2} = jsx:decode(Request10),
     ?assertEqual(5, length(Data2)),
 
     {ok, 400, Msg1} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "purge-all"])
+               , uri(["authorization", "sources", "built_in_database", "purge-all"])
                , []),
     ?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")),
     {ok, 204, _} =
         request( put
-               , uri(["authorization", "sources", "built-in-database"])
+               , uri(["authorization", "sources", "built_in_database"])
                ,  #{<<"enable">> => true}),
     %% test idempotence
     {ok, 204, _} =
         request( put
-               , uri(["authorization", "sources", "built-in-database"])
+               , uri(["authorization", "sources", "built_in_database"])
                ,  #{<<"enable">> => true}),
     {ok, 204, _} =
         request( put
-               , uri(["authorization", "sources", "built-in-database"])
+               , uri(["authorization", "sources", "built_in_database"])
                ,  #{<<"enable">> => false}),
     {ok, 204, _} =
         request( delete
-               , uri(["authorization", "sources", "built-in-database", "purge-all"])
+               , uri(["authorization", "sources", "built_in_database", "purge-all"])
                , []),
     ?assertEqual(0, emqx_authz_mnesia:record_count()),
     ok.

apps/emqx_authz/test/emqx_authz_mnesia_SUITE.erl

@@ -125,7 +125,7 @@ t_normalize_rules(_Config) ->
 raw_mnesia_authz_config() ->
     #{
         <<"enable">> => <<"true">>,
-        <<"type">> => <<"built-in-database">>
+        <<"type">> => <<"built_in_database">>
     }.
 
 setup_client_samples(ClientInfo, Samples, Key) ->

apps/emqx_conf/etc/emqx_conf.md

@@ -196,7 +196,7 @@ e.g. `authentication.1={...}` is parsed as `authentication={"1": {...}}`
 Indexed-map arrays can be used to override list arrays:
 
 ```
-authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}]
+authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
 # we can disable this authentication provider with:
 authentication.1.enable=false
 ```
@@ -204,7 +204,7 @@ However, list arrays do not get recursively merged into indexed-map arrays.
 e.g.
 
 ```
-authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}]
+authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
 ## below value will replace the whole array, but not to override just one field.
 authentication=[{enable=true}]
 ```

apps/emqx_conf/src/emqx_conf_schema.erl

@@ -959,7 +959,7 @@ In EMQX, MQTT client access control is extremely flexible.<br>
 An out-of-the-box set of authorization data sources are supported.
 For example,<br>
 'file' source is to support concise and yet generic ACL rules in a file;<br>
-'built-in-database' source can be used to store per-client customizable rule sets,
+'built_in_database' source can be used to store per-client customizable rule sets,
 natively in the EMQX node;<br>
 'http' source to make EMQX call an external HTTP API to make the decision;<br>
 'PostgreSQL' etc. to look up clients or rules from external databases;<br>

apps/emqx_gateway/etc/emqx_gateway.conf.example

@@ -27,8 +27,8 @@ gateway.stomp {
   }
 
   authentication: {
-    mechanism = password-based
-    backend = built-in-database
+    mechanism = password_based
+    backend = built_in_database
     user_id_type = clientid
   }
 
@@ -43,8 +43,8 @@ gateway.stomp {
     ]
 
    authentication: {
-     mechanism = password-based
-     backend = built-in-database
+     mechanism = password_based
+     backend = built_in_database
      user_id_type = username
    }
 

apps/emqx_gateway/src/emqx_gateway_api_listeners.erl

@@ -709,8 +709,8 @@ examples_listener() ->
              , max_connections => 1024000
              , max_conn_rate => 1000
              , authentication =>
-                #{ backend => <<"built-in-database">>
-                 , mechanism => <<"password-based">>
+                #{ backend => <<"built_in_database">>
+                 , mechanism => <<"password_based">>
                  , password_hash_algorithm =>
                     #{ name => <<"sha256">>
                      }

apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl

@@ -190,8 +190,8 @@ t_authn(_) ->
     {201, _} = request(post, "/gateway", GwConf),
     {204, _} = request(get, "/gateway/stomp/authentication"),
 
-    AuthConf = #{mechanism => <<"password-based">>,
-                 backend => <<"built-in-database">>,
+    AuthConf = #{mechanism => <<"password_based">>,
+                 backend => <<"built_in_database">>,
                  user_id_type => <<"clientid">>
                 },
     {201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@@ -213,8 +213,8 @@ t_authn_data_mgmt(_) ->
     {201, _} = request(post, "/gateway", GwConf),
     {204, _} = request(get, "/gateway/stomp/authentication"),
 
-    AuthConf = #{mechanism => <<"password-based">>,
-                 backend => <<"built-in-database">>,
+    AuthConf = #{mechanism => <<"password_based">>,
+                 backend => <<"built_in_database">>,
                  user_id_type => <<"clientid">>
                 },
     {201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@@ -291,8 +291,8 @@ t_listeners_authn(_) ->
     {200, ConfResp} = request(get, "/gateway/stomp"),
     assert_confs(GwConf, ConfResp),
 
-    AuthConf = #{mechanism => <<"password-based">>,
-                 backend => <<"built-in-database">>,
+    AuthConf = #{mechanism => <<"password_based">>,
+                 backend => <<"built_in_database">>,
                  user_id_type => <<"clientid">>
                 },
     Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",
@@ -322,8 +322,8 @@ t_listeners_authn_data_mgmt(_) ->
     {200, ConfResp} = request(get, "/gateway/stomp"),
     assert_confs(GwConf, ConfResp),
 
-    AuthConf = #{mechanism => <<"password-based">>,
-                 backend => <<"built-in-database">>,
+    AuthConf = #{mechanism => <<"password_based">>,
+                 backend => <<"built_in_database">>,
                  user_id_type => <<"clientid">>
                 },
     Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",

apps/emqx_gateway/test/emqx_gateway_conf_SUITE.erl

@@ -226,13 +226,13 @@ asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
             }
          }).
 -define(CONF_STOMP_AUTHN_1,
-        #{ <<"mechanism">> => <<"password-based">>,
-           <<"backend">> => <<"built-in-database">>,
+        #{ <<"mechanism">> => <<"password_based">>,
+           <<"backend">> => <<"built_in_database">>,
            <<"user_id_type">> => <<"clientid">>
          }).
 -define(CONF_STOMP_AUTHN_2,
-        #{ <<"mechanism">> => <<"password-based">>,
-           <<"backend">> => <<"built-in-database">>,
+        #{ <<"mechanism">> => <<"password_based">>,
+           <<"backend">> => <<"built_in_database">>,
            <<"user_id_type">> => <<"username">>
          }).