You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2018/05/01 20:25:30 UTC
[08/10] qpid-dispatch git commit: DISPATCH-976: Enable src/tgt parse
tree processing; add self test
DISPATCH-976: Enable src/tgt parse tree processing; add self test
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/f1f4231a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/f1f4231a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/f1f4231a
Branch: refs/heads/master
Commit: f1f4231aca1a50006383bd238ec486750eeca012
Parents: 17d9977
Author: Chuck Rolke <cr...@redhat.com>
Authored: Tue May 1 14:12:31 2018 -0400
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Tue May 1 15:58:35 2018 -0400
----------------------------------------------------------------------
.../policy/policy_local.py | 8 +-
src/policy.c | 12 +-
tests/system_tests_policy.py | 150 +++++++++++++++++++
3 files changed, 160 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f1f4231a/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index 19c81c8..a3e503a 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -228,10 +228,10 @@ class PolicyCompiler(object):
policy_out[PolicyKeys.KW_ALLOW_DYNAMIC_SRC] = False
policy_out[PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER] = False
policy_out[PolicyKeys.KW_ALLOW_USERID_PROXY] = False
- policy_out[PolicyKeys.KW_SOURCES] = None
- policy_out[PolicyKeys.KW_TARGETS] = None
- policy_out[PolicyKeys.KW_SOURCE_PATTERN] = None
- policy_out[PolicyKeys.KW_TARGET_PATTERN] = None
+ #policy_out[PolicyKeys.KW_SOURCES] = None
+ #policy_out[PolicyKeys.KW_TARGETS] = None
+ #policy_out[PolicyKeys.KW_SOURCE_PATTERN] = None
+ #policy_out[PolicyKeys.KW_TARGET_PATTERN] = None
cerror = []
user_sources = False
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f1f4231a/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index cddafe4..235c125 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -655,7 +655,7 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_
bool lookup;
if (target && *target) {
// a target is specified
- lookup = _qd_policy_approve_link_name(qd_conn->user_id, qd_conn->policy_settings->targets, target);
+ lookup = qd_policy_approve_link_name(qd_conn->user_id, qd_conn->policy_settings, target, false);
qd_log(qd_server_dispatch(qd_conn->server)->policy->log_source, (lookup ? QD_LOG_TRACE : QD_LOG_INFO),
"%s AMQP Attach sender link '%s' for user '%s', rhost '%s', vhost '%s' based on link target name",
@@ -717,7 +717,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
const char * source = pn_terminus_get_address(pn_link_remote_source(pn_link));
if (source && *source) {
// a source is specified
- bool lookup = _qd_policy_approve_link_name(qd_conn->user_id, qd_conn->policy_settings->sources, source);
+ bool lookup = qd_policy_approve_link_name(qd_conn->user_id, qd_conn->policy_settings, source, true);
qd_log(qd_server_dispatch(qd_conn->server)->policy->log_source, (lookup ? QD_LOG_TRACE : QD_LOG_INFO),
"%s AMQP Attach receiver link '%s' for user '%s', rhost '%s', vhost '%s' based on link source name",
@@ -810,16 +810,16 @@ bool qd_policy_approve_link_name(const char *username,
if (isReceiver) {
if (settings->sourceParseTree) {
return _qd_policy_approve_link_name_tree(username, settings->sourceParseTree, proposed);
- } else if (settings->sourcePattern) {
+ } else if (settings->sources) {
return _qd_policy_approve_link_name(username, settings->sources, proposed);
} else {
return false;
}
} else {
if (settings->targetParseTree) {
- return _qd_policy_approve_link_name_tree(username, settings->sourceParseTree, proposed);
- } else if (settings->sourcePattern) {
- return _qd_policy_approve_link_name(username, settings->sources, proposed);
+ return _qd_policy_approve_link_name_tree(username, settings->targetParseTree, proposed);
+ } else if (settings->targets) {
+ return _qd_policy_approve_link_name(username, settings->targets, proposed);
} else {
return false;
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f1f4231a/tests/system_tests_policy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
index 275ad75..93c7d6a 100644
--- a/tests/system_tests_policy.py
+++ b/tests/system_tests_policy.py
@@ -595,5 +595,155 @@ class PolicyWarnings(TestCase):
self.assertTrue(len(critical_lines) == 0, msg='Policy manager does not forward policy warnings and shuts down instead.')
+class PolicyLinkNamePatternTest(TestCase):
+ """
+ Verify that specifying a policy that generates a warning does
+ not cause the router to exit without showing the warning.
+ """
+ @classmethod
+ def setUpClass(cls):
+ """Start the router"""
+ super(PolicyLinkNamePatternTest, cls).setUpClass()
+ listen_port = cls.tester.get_port()
+ policy_config_path = os.path.join(DIR, 'policy-7')
+ config = Qdrouterd.Config([
+ ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
+ ('listener', {'port': listen_port}),
+ ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'})
+ ])
+
+ cls.router = cls.tester.qdrouterd('PolicyLinkNamePatternTest', config, wait=False)
+ try:
+ cls.router.wait_ready(timeout = 5)
+ except Exception, e:
+ pass
+
+ def address(self):
+ return self.router.addresses[0]
+
+ def run_qdmanage(self, cmd, input=None, expect=Process.EXIT_OK):
+ p = self.popen(
+ ['qdmanage'] + cmd.split(' ') + ['--bus', 'u1:password@' + self.address(), '--indent=-1', '--timeout', str(TIMEOUT)],
+ stdin=PIPE, stdout=PIPE, stderr=STDOUT, expect=expect)
+ out = p.communicate(input)[0]
+ try:
+ p.teardown()
+ except Exception, e:
+ raise Exception("%s\n%s" % (e, out))
+ return out
+
+ def default_patterns(self):
+ return """
+{
+ "hostname": "$default",
+ "maxConnections": 3,
+ "maxConnectionsPerHost": 3,
+ "maxConnectionsPerUser": 3,
+ "allowUnknownUser": true,
+ "groups": {
+ "$default": {
+ "allowAnonymousSender": true,
+ "maxReceivers": 99,
+ "users": "*",
+ "maxSessionWindow": 1000000,
+ "maxFrameSize": 222222,
+ "sourcePattern": "public, private, $management",
+ "maxMessageSize": 222222,
+ "allowDynamicSource": true,
+ "remoteHosts": "*",
+ "maxSessions": 2,
+ "targetPattern": "public, private, $management",
+ "maxSenders": 22
+ }
+ }
+}
+"""
+
+ def disallowed_source(self):
+ return """
+{
+ "hostname": "DISPATCH-1993-2",
+ "maxConnections": 3,
+ "maxConnectionsPerHost": 3,
+ "maxConnectionsPerUser": 3,
+ "allowUnknownUser": true,
+ "groups": {
+ "$default": {
+ "allowAnonymousSender": true,
+ "maxReceivers": 99,
+ "users": "*",
+ "maxSessionWindow": 1000000,
+ "maxFrameSize": 222222,
+ "sources": "public, private, $management",
+ "sourcePattern": "public, private, $management",
+ "maxMessageSize": 222222,
+ "allowDynamicSource": true,
+ "remoteHosts": "*",
+ "maxSessions": 2,
+ "targetPattern": "public, private, $management",
+ "maxSenders": 22
+ }
+ }
+}
+"""
+
+ def disallowed_target(self):
+ return """
+{
+ "id": "DISPATCH-1993-3",
+ "maxConnections": 3,
+ "maxConnectionsPerHost": 3,
+ "maxConnectionsPerUser": 3,
+ "allowUnknownUser": true,
+ "groups": {
+ "$default": {
+ "allowAnonymousSender": true,
+ "maxReceivers": 99,
+ "users": "*",
+ "maxSessionWindow": 1000000,
+ "maxFrameSize": 222222,
+ "sourcePattern": "public, private, $management",
+ "maxMessageSize": 222222,
+ "allowDynamicSource": true,
+ "remoteHosts": "*",
+ "maxSessions": 2,
+ "targetPattern": "public, private, $management",
+ "targets": "public, private, $management",
+ "maxSenders": 22
+ }
+ }
+}
+"""
+
+ def test_link_name_parse_tree_patterns(self):
+ # update to replace source/target match patterns
+ qdm_out = "<not written>"
+ try:
+ qdm_out = self.run_qdmanage('update --type=vhost --name=vhost/$default --stdin', input=self.default_patterns())
+ except Exception, e:
+ self.assertTrue(False, msg=('Error running qdmanage %s' % e.message))
+ self.assertFalse("PolicyError" in qdm_out)
+
+ # attempt an create that should be rejected
+ qdm_out = "<not written>"
+ exception = False
+ try:
+ qdm_out = self.run_qdmanage('create --type=vhost --name=DISPATCH-1993-2 --stdin', input=self.disallowed_source())
+ except Exception, e:
+ exception = True
+ self.assertTrue("InternalServerErrorStatus: PolicyError: \"Policy 'DISPATCH-1993-2' is invalid:" in e.message)
+ self.assertTrue(exception)
+
+ # attempt another create that should be rejected
+ qdm_out = "<not written>"
+ exception = False
+ try:
+ qdm_out = self.run_qdmanage('create --type=vhost --name=DISPATCH-1993-3 --stdin', input=self.disallowed_target())
+ except Exception, e:
+ exception = True
+ self.assertTrue("InternalServerErrorStatus: PolicyError: \"Policy 'DISPATCH-1993-3' is invalid:" in e.message)
+ self.assertTrue(exception)
+
+
if __name__ == '__main__':
unittest.main(main_module())
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org