You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ernest Allen (JIRA)" <ji...@apache.org> on 2016/01/08 18:15:39 UTC
[jira] [Comment Edited] (QPID-6326) [ACL] Python client demands
unnecessary permission / performs unnecessary actions
[ https://issues.apache.org/jira/browse/QPID-6326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089526#comment-15089526 ]
Ernest Allen edited comment on QPID-6326 at 1/8/16 5:14 PM:
------------------------------------------------------------
This will be in the next qpid-python release.
was (Author: eallen):
This has been fixed in the .34 release
> [ACL] Python client demands unnecessary permission / performs unnecessary actions
> ---------------------------------------------------------------------------------
>
> Key: QPID-6326
> URL: https://issues.apache.org/jira/browse/QPID-6326
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.31
> Reporter: Ernest Allen
> Assignee: Ernest Allen
> Fix For: qpid-python-next
>
>
> Description of problem:
> Python clients accesses both exchange and queue objects, even when the object types is specified. Thus demanding unnecessary ACL rules to be allowed.
> Version-Release number of selected component (if applicable):
> python-qpid-0.22-15
> How reproducible:
> 100%
> Steps to Reproduce:
> Scenario A (access)
> 1. create acl:
> acl allow-log all access exchange
> acl deny-log all all
> 2. send message to an amq.fanout
> /usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b UserA/UserA@localhost:5672 "amq.fanout;{node:{type:topic}}"
> 3. check qpidd log
> Scenario B (create)
> 1. create acl:
> acl allow-log access all
> acl allow-log create queue
> acl deny-log all all
> 2. create a queue using spout
> /usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b UserA/UserA@localhost:5672 "q;{create:always, node:{type:queue}}"
> 3. check qpidd log
> Scenario A
> Actual results:
> 2014-07-28 10:45:07 [Security] info ACL Allow id:UserA@QPID action:access ObjectType:exchange Name:amq.fanout
> 2014-07-28 10:45:07 [Security] info ACL Deny id:UserA@QPID action:access ObjectType:queue Name:amq.fanout
> Expected results:
> 2014-07-28 10:45:07 [Security] info ACL Allow id:UserA@QPID action:access ObjectType:exchange Name:amq.fanout
> 2014-07-28 10:45:07 [Security] info ACL Deny id:UserA@QPID action:publish ObjectType:exchange Name:amq.fanout
> Scenario B
> Actual results:
> 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access ObjectType:exchange Name:q
> 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access ObjectType:queue Name:q
> 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create ObjectType:queue Name:q
> Expected results:
> 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create ObjectType:queue Name:q
> Additional info:
> [A] it behaves the same for node/type:queue, querying the exchanges then queue.
> [B] when creating, client should request only 'create' action, same as C++
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org