You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2016/04/04 23:09:14 UTC
qpid-dispatch git commit: DISPATCH-257: Add self test to test sender
and receiver limits. Fix issues exposed by test.
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 043dd2d62 -> 77694481c
DISPATCH-257: Add self test to test sender and receiver limits.
Fix issues exposed by test.
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/77694481
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/77694481
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/77694481
Branch: refs/heads/master
Commit: 77694481c71c4ee528c032facaddec912e07ed22
Parents: 043dd2d
Author: Chuck Rolke <cr...@redhat.com>
Authored: Mon Apr 4 17:06:22 2016 -0400
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Mon Apr 4 17:06:22 2016 -0400
----------------------------------------------------------------------
src/policy.c | 25 ++++--
tests/CMakeLists.txt | 1 +
tests/policy-3/test-sender-receiver-limits.json | 26 ++++++
tests/system_tests_policy.py | 90 ++++++++++++++++++++
4 files changed, 137 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index dbd3015..f7814bc 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -426,6 +426,8 @@ bool qd_policy_approve_amqp_session(pn_session_t *ssn, qd_connection_t *qd_conn)
}
}
}
+ // Approved
+ qd_conn->n_sessions++;
return true;
}
@@ -592,8 +594,11 @@ bool _qd_policy_approve_link_name(const char *username, const char *allowed, con
//
bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn)
{
+ qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE,
+ "Approve sender link by count User: '%s', Current: %d, Limit: %d",
+ qd_conn->user_id, qd_conn->n_senders, qd_conn->policy_settings->maxSenders);
if (qd_conn->policy_settings->maxSenders) {
- if (qd_conn->n_senders == qd_conn->policy_settings->maxSenders) {
+ if (qd_conn->n_senders >= qd_conn->policy_settings->maxSenders) {
// Max sender limit specified and violated.
_qd_policy_deny_amqp_sender_link(pn_link, qd_conn);
return false;
@@ -624,20 +629,25 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_
lookup = qd_conn->policy_settings->allowAnonymousSender;
qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE,
"Approve anonymous sender for user '%s': %s",
- qd_conn->user_id, (lookup ? "ALLOW" : "DENY"));
+ qd_conn->user_id, (lookup ? "ALLOW" : "DENY"));
if (!lookup) {
_qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
return false;
}
}
+ // Approved
+ qd_conn->n_senders++;
return true;
}
bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn)
{
+ qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE,
+ "Approve receiver link by count User: '%s', Current: %d, Limit: %d",
+ qd_conn->user_id, qd_conn->n_receivers, qd_conn->policy_settings->maxReceivers);
if (qd_conn->policy_settings->maxReceivers) {
- if (qd_conn->n_receivers == qd_conn->policy_settings->maxReceivers) {
+ if (qd_conn->n_receivers >= qd_conn->policy_settings->maxReceivers) {
// Max sender limit specified and violated.
_qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
return false;
@@ -647,7 +657,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
} else {
// max receiver limit not specified
}
- // Deny receiver link based on source
+ // Approve receiver link based on source
bool dynamic_src = pn_terminus_is_dynamic(pn_link_remote_source(pn_link));
if (dynamic_src) {
bool lookup = qd_conn->policy_settings->allowDynamicSrc;
@@ -657,6 +667,9 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
// Dynamic source policy rendered the decision
if (!lookup) {
_qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
+ return false;
+ } else {
+ qd_conn->n_receivers++;
}
return lookup;
}
@@ -677,11 +690,13 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
// A receiver with no remote source.
qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE,
"Approve receiver link '' for user '%s': DENY",
- qd_conn->user_id);
+ qd_conn->user_id);
_qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
return false;
}
+ // Approved
+ qd_conn->n_receivers++;
return true;
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 123884e..d4c55c3 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -106,6 +106,7 @@ file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/management-access.json DESTINATI
file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/policy-boardwalk.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-1/)
file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/policy-safari.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-1/)
file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-2/policy-photoserver-sasl.sasldb DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-2)
+file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-3/test-sender-receiver-limits.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-3)
# following install() functions will be called only if you do a make "install"
install(FILES ${SYSTEM_TEST_FILES}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/policy-3/test-sender-receiver-limits.json
----------------------------------------------------------------------
diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json
new file mode 100644
index 0000000..2a5b367
--- /dev/null
+++ b/tests/policy-3/test-sender-receiver-limits.json
@@ -0,0 +1,26 @@
+[
+# Ruleset with differing number of senders and receivers
+# so tests can determine that correct limit is matched.
+ ["policyRuleset", {
+ "applicationName": "0.0.0.0",
+ "maxConnections": 50,
+ "maxConnPerUser": 2,
+ "maxConnPerHost": 4,
+ "connectionAllowDefault": true,
+ "settings": {
+ "default" : {
+ "maxFrameSize": 222222,
+ "maxMessageSize": 222222,
+ "maxSessionWindow": 222222,
+ "maxSessions": 2,
+ "maxSenders": 2,
+ "maxReceivers": 4,
+ "allowDynamicSrc": true,
+ "allowAnonymousSender": true,
+ "sources": "*",
+ "targets": "*"
+ }
+ }
+ }
+ ]
+]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/system_tests_policy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
index e040a61..e95a190 100644
--- a/tests/system_tests_policy.py
+++ b/tests/system_tests_policy.py
@@ -109,5 +109,95 @@ class LoadPolicyFromFolder(TestCase):
rulesets = json.loads(self.run_qdmanage('query --type=policyRuleset'))
self.assertEqual(len(rulesets), 3)
+
+class SenderReceiverLimits(TestCase):
+ """
+ Verify that specifying a policy folder from the router conf file
+ effects loading the policies in that folder.
+ This test relies on qdmanage utility.
+ """
+ @classmethod
+ def setUpClass(cls):
+ """Start the router"""
+ super(SenderReceiverLimits, cls).setUpClass()
+ policy_config_path = os.path.join(cls.top_dir, 'policy-3')
+ config = Qdrouterd.Config([
+ ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Policy3'}),
+ ('router', {'mode': 'standalone', 'routerId': 'QDR.Policy'}),
+ ('listener', {'port': cls.tester.get_port()}),
+ ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules': 'true'})
+ ])
+
+ cls.router = cls.tester.qdrouterd('SenderReceiverLimits', config, wait=True)
+
+ def address(self):
+ return self.router.addresses[0]
+
+ def test_verify_n_receivers(self):
+ n = 4
+ addr = self.address()
+
+ # connection should be ok
+ denied = False
+ try:
+ br1 = BlockingConnection(addr)
+ except ConnectionException:
+ denied = True
+
+ self.assertFalse(denied) # assert if connections that should open did not open
+
+ # n receivers OK
+ try:
+ r1 = br1.create_receiver(address="****YES_1of4***")
+ r2 = br1.create_receiver(address="****YES_20f4****")
+ r3 = br1.create_receiver(address="****YES_3of4****")
+ r4 = br1.create_receiver(address="****YES_4of4****")
+ except Exception:
+ denied = True
+
+ self.assertFalse(denied) # n receivers should have worked
+
+ # receiver n+1 should be denied
+ try:
+ r5 = br1.create_receiver("****NO****")
+ except Exception:
+ denied = True
+
+ self.assertTrue(denied) # receiver n+1 should have failed
+
+ br1.close()
+
+ def test_verify_n_senders(self):
+ n = 2
+ addr = self.address()
+
+ # connection should be ok
+ denied = False
+ try:
+ bs1 = BlockingConnection(addr)
+ except ConnectionException:
+ denied = True
+
+ self.assertFalse(denied) # assert if connections that should open did not open
+
+ # n senders OK
+ try:
+ s1 = bs1.create_sender(address="****YES_1of2****")
+ s2 = bs1.create_sender(address="****YES_2of2****")
+ except Exception:
+ denied = True
+
+ self.assertFalse(denied) # n senders should have worked
+
+ # receiver n+1 should be denied
+ try:
+ s3 = bs1.create_sender("****NO****")
+ except Exception:
+ denied = True
+
+ self.assertTrue(denied) # sender n+1 should have failed
+
+ bs1.close()
+
if __name__ == '__main__':
unittest.main(main_module())
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org