You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2016/01/20 22:19:17 UTC
qpid-dispatch git commit: Create a local policy anchored in Agent.
Hook it up to incoming config settings. Add test json config file.
Repository: qpid-dispatch
Updated Branches:
refs/heads/crolke-DISPATCH-188-1 c284c20b8 -> b85fc9e5e
Create a local policy anchored in Agent.
Hook it up to incoming config settings.
Add test json config file.
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b85fc9e5
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b85fc9e5
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b85fc9e5
Branch: refs/heads/crolke-DISPATCH-188-1
Commit: b85fc9e5e75e630aed98b4871128218d76f09583
Parents: c284c20
Author: Chuck Rolke <cr...@redhat.com>
Authored: Wed Jan 20 16:17:24 2016 -0500
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Wed Jan 20 16:17:24 2016 -0500
----------------------------------------------------------------------
doc/notes/qdr-policy-diagrams-01.odg | Bin 37966 -> 35808 bytes
python/qpid_dispatch/management/qdrouter.json | 18 ++---
.../qpid_dispatch_internal/management/agent.py | 16 +++++
.../qpid_dispatch_internal/management/config.py | 4 +-
.../management/policy_local.py | 13 ++++
tests/policy-1/test-router-with-policy.json | 70 +++++++++++++++++++
6 files changed, 112 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/doc/notes/qdr-policy-diagrams-01.odg
----------------------------------------------------------------------
diff --git a/doc/notes/qdr-policy-diagrams-01.odg b/doc/notes/qdr-policy-diagrams-01.odg
index 0e26174..59c3cb9 100644
Binary files a/doc/notes/qdr-policy-diagrams-01.odg and b/doc/notes/qdr-policy-diagrams-01.odg differ
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch/management/qdrouter.json
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json
index 9d1aae0..923cf80 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -1018,11 +1018,11 @@
}
},
- "policy.accessRuleset": {
+ "policyAccessRuleset": {
"description": "Per application definition of the locations from which users may connect and the groups to which users belong.",
"extends": "configurationEntity",
"attributes": {
- "name": {
+ "applicationName": {
"type": "string",
"description": "The application name.",
"required": true
@@ -1075,18 +1075,19 @@
}
}
},
- "policy.accessStats": {
+
+ "policyAccessStats": {
"description": "Per application connection and access statistics.",
"extends": "operationalEntity",
"attributes": {
- "name": {
+ "applicationName": {
"type": "string",
"description": "The application name."
},
"connectionsApproved": {"type": "integer", "graph": true},
"connectionsDenied": {"type": "integer", "graph": true},
"connectionsCurrent": {"type": "integer", "graph": true},
- "perUsrerState": {
+ "perUserState": {
"type": "map",
"description": "A map where the key is the authenticated user name and the value is a list of the user's connections."
},
@@ -1098,7 +1099,8 @@
}
},
- "policy.settings": {
+
+ "policyAppSettings": {
"description": "For a given application and user group define the policy settings applied to the user's AMQP connection.",
"extends": "configurationEntity",
"attributes": {
@@ -1107,7 +1109,7 @@
"description": "The application to which these settings apply.",
"required": true
},
- "groupName": {
+ "userGroupName": {
"type": "string",
"description": "The user group to which these settings apply.",
"required": true
@@ -1182,7 +1184,7 @@
}
},
- "policy.stats": {
+ "policyAppStats": {
"description": "Per application policy enforcement statistics.",
"extends": "operationalEntity",
"attributes": {
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/agent.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py
index 1930c30..0d53bc1 100644
--- a/python/qpid_dispatch_internal/management/agent.py
+++ b/python/qpid_dispatch_internal/management/agent.py
@@ -81,6 +81,7 @@ from .schema import ValidationError, SchemaEntity, EntityType
from .qdrouter import QdSchema
from ..router.message import Message
from ..router.address import Address
+from policy_local import PolicyLocal
def dictstr(d):
@@ -154,6 +155,7 @@ class EntityAdapter(SchemaEntity):
self.__dict__['_log'] = agent.log
self.__dict__['_qd'] = agent.qd
self.__dict__['_dispatch'] = agent.dispatch
+ self.__dict__['_policy'] = agent.policy
self.__dict__['_implementations'] = []
def validate(self, **kwargs):
@@ -283,6 +285,19 @@ class PolicyEntity(EntityAdapter):
def _identifier(self):
return self.attributes.get('module')
+class PolicyAccessRulesetEntity(EntityAdapter):
+ def create(self):
+ self._policy.create_ruleset(self.attributes)
+
+ def _identifier(self):
+ return self.attributes.get('applicationName')
+
+class PolicyAppSettingsEntity(EntityAdapter):
+ def create(self):
+ self._policy.create_settings(self.attributes)
+
+ def _identifier(self):
+ return self.attributes.get('applicationName') + "_" + self.attributes.get('userGroupName')
def _addr_port_identifier(entity):
for attr in ['addr', 'port']: # Set default values if need be
@@ -611,6 +626,7 @@ class Agent(object):
self.entities = EntityCache(self)
self.request_lock = Lock()
self.log_adapter = LogAdapter("AGENT")
+ self.policy = PolicyLocal()
self.management = self.create_entity({"type": "management"})
self.add_entity(self.management)
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py
index 979932e..eaab7e2 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -162,7 +162,9 @@ def configure_dispatch(dispatch, lib_handle, filename):
qd.qd_router_setup_late(dispatch) # Actions requiring active management agent.
# Remaining configuration
- for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", "policy":
+
+ for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", \
+ "policy", "policyAccessRuleset", "policyAppSettings":
for a in config.by_type(t): configure(a)
for e in config.entities:
configure(e)
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/policy_local.py b/python/qpid_dispatch_internal/management/policy_local.py
index 8084fdc..bdbecda 100644
--- a/python/qpid_dispatch_internal/management/policy_local.py
+++ b/python/qpid_dispatch_internal/management/policy_local.py
@@ -283,6 +283,19 @@ class PolicyLocal(object):
self.policy_io_read_files()
#
+ # Management create
+ #
+ def create_ruleset(self, attributes):
+ print ("POLICY configured ruleset %s" % attributes['applicationName'])
+ #pdb.set_trace()
+ pass
+
+ def create_settings(self, attributes):
+ print ("POLICY configured settings %s_%s" % (attributes['applicationName'], attributes['userGroupName']))
+ #pdb.set_trace()
+ pass
+
+ #
# Policy file I/O
#
def policy_io_read_files(self):
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/tests/policy-1/test-router-with-policy.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/test-router-with-policy.json b/tests/policy-1/test-router-with-policy.json
new file mode 100644
index 0000000..643de2f
--- /dev/null
+++ b/tests/policy-1/test-router-with-policy.json
@@ -0,0 +1,70 @@
+[
+ ["container", {
+ "containerName": "QdstatSslTest",
+ "saslConfigName": "tests-mech-EXTERNAL",
+ "saslConfigPath": "/home/chug/Research/qdr/standaloneSsl/sasl_configs",
+ "debugDump": "qddebug.txt"
+ }],
+ ["sslProfile", {
+ "certFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-certificate.pem",
+ "keyFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-private-key.pem",
+ "password": "server-password",
+ "name": "server-ssl",
+ "certDb": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/ca-certificate.pem"
+ }],
+ ["listener", {
+ "saslMechanisms": "ANONYMOUS",
+ "authenticatePeer": "no",
+ "idleTimeoutSeconds": "120",
+ "port": 21000,
+ "addr": "0.0.0.0"
+ }],
+ ["listener", {
+ "addr": "0.0.0.0",
+ "requireSsl": "yes",
+ "idleTimeoutSeconds": "120",
+ "saslMechanisms": "ANONYMOUS",
+ "sslProfile": "server-ssl",
+ "authenticatePeer": "no",
+ "port": 21001
+ }],
+ ["listener", {
+ "addr": "0.0.0.0",
+ "requireSsl": "no",
+ "idleTimeoutSeconds": "120",
+ "saslMechanisms": "ANONYMOUS",
+ "sslProfile": "server-ssl",
+ "authenticatePeer": "no",
+ "port": 21002
+ }],
+ ["listener", {
+ "addr": "0.0.0.0",
+ "requireSsl": "yes",
+ "idleTimeoutSeconds": "120",
+ "saslMechanisms": "EXTERNAL",
+ "sslProfile": "server-ssl",
+ "authenticatePeer": "yes",
+ "port": 21003
+ }],
+ ["log", {
+ "source": "true",
+ "enable": "info+",
+ "module": "DEFAULT"
+ }],
+ ["policy", {
+ "maximumConnections": 2
+ }],
+ ["policyAccessRuleset", {
+ "applicationName": "photoserver"
+ }],
+ ["policyAppSettings", {
+ "applicationName": "photoserver",
+ "userGroupName": "admin",
+ "maxFrameSize": 20000
+ }],
+ ["policyAppSettings", {
+ "applicationName": "photoserver",
+ "userGroupName": "users",
+ "maxFrameSize": 10000
+ }]
+]
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org