You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2019/07/05 19:27:20 UTC
[qpid-dispatch] branch master updated: DISPATCH-1353 - Add
procedure for creating connector vhost policies. This closes #524
This is an automated email from the ASF dual-hosted git repository.
gmurthy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git
The following commit(s) were added to refs/heads/master by this push:
new c47e03b DISPATCH-1353 - Add procedure for creating connector vhost policies. This closes #524
c47e03b is described below
commit c47e03b3270363c219e40f5b8d75ac39891b9ff6
Author: Ben Hardesty <bh...@redhat.com>
AuthorDate: Fri Jun 7 12:48:33 2019 -0400
DISPATCH-1353 - Add procedure for creating connector vhost policies. This closes #524
---
docs/books/user-guide/authorization.adoc | 54 ++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/docs/books/user-guide/authorization.adoc b/docs/books/user-guide/authorization.adoc
index 6364be3..7e10614 100644
--- a/docs/books/user-guide/authorization.adoc
+++ b/docs/books/user-guide/authorization.adoc
@@ -227,6 +227,60 @@ A list of AMQP target addresses from which users in this group may send messages
+
The advanced user group settings enable you to define resource limits based on the AMQP connection open, session begin, and link attach phases of the connection. For more information, see link:{qdrouterdConfManPageUrl}#_vhost[vhost^] in the `qdrouterd.conf` man page.
+[id='']
+=== Configuring Resource Limits for Outgoing Connections
+
+If the router establishes an outgoing connection to an external AMQP container (such as a client or broker), you can restrict the resources that the external container can access on the router by configuring a connector vhost policy.
+
+The resource limits that are defined in a connector vhost policy are applied to links that are initiated by the external AMQP container. The connector vhost policy does not restrict links that the router creates.
+
+A connector vhost policy can only be applied to a connector with a `normal` or `route-container` role. You cannot apply connector vhost policies to connectors that have `inter-router` or `edge` roles.
+
+.Prerequisites
+
+Vhost policies are enabled for the router. For more information, see xref:enabling-vhost-policies[].
+
+.Procedure
+
+. In the router's configuration file, add a `vhost` section with a `$connector` user group.
++
+--
+[options="nowrap"]
+----
+vhost {
+ hostname: my-connector-policy
+ groups: {
+ $connector: {
+ sources: *
+ targets: *
+ maxSenders: 5
+ maxReceivers: 10
+ allowAnonymousSender: true
+ allowWaypointLinks: true
+ }
+ }
+}
+----
+`hostname`:: A unique name to identify the connector vhost policy. This name does not represent an actual hostname; therefore, choose a name that will not conflict with an actual vhost hostname.
+`$connector`:: Identifies this vhost policy as a connector vhost policy.
+--
+
+. Apply the connector vhost policy to the connector that establishes the connection to the external AMQP container.
++
+--
+The following example applies the connector vhost policy that was configured in the previous step:
+
+[options="nowrap"]
+----
+connector {
+ host: 192.0.2.10
+ port: 5672
+ role: normal
+ policyVhost: my-connector-policy
+}
+----
+--
+
[id='configuring-vhost-policies-json']
=== Configuring Vhost Policies as JSON Files
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org