You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2018/05/01 20:25:27 UTC
[05/10] qpid-dispatch git commit: DISPATCH-976: Accept new config
settings and store in local policy
DISPATCH-976: Accept new config settings and store in local policy
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/dc981ecc
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/dc981ecc
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/dc981ecc
Branch: refs/heads/master
Commit: dc981ecc6cf31d8c605e84703a589553281281c2
Parents: 210683d
Author: Chuck Rolke <cr...@redhat.com>
Authored: Tue May 1 13:55:35 2018 -0400
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Tue May 1 15:58:35 2018 -0400
----------------------------------------------------------------------
.../policy/policy_local.py | 42 ++++++++++++++++++--
src/policy.c | 8 ++--
src/policy.h | 2 +
3 files changed, 44 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index 228d65d..19c81c8 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -63,6 +63,8 @@ class PolicyKeys(object):
KW_ALLOW_USERID_PROXY = "allowUserIdProxy"
KW_SOURCES = "sources"
KW_TARGETS = "targets"
+ KW_SOURCE_PATTERN = "sourcePattern"
+ KW_TARGET_PATTERN = "targetPattern"
# Policy stats key words
KW_CONNECTIONS_APPROVED = "connectionsApproved"
@@ -86,6 +88,7 @@ class PolicyKeys(object):
# policy stats controlled by C code but referenced by settings
KW_CSTATS = "denialCounts"
+
#
#
class PolicyCompiler(object):
@@ -122,7 +125,9 @@ class PolicyCompiler(object):
PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER,
PolicyKeys.KW_ALLOW_USERID_PROXY,
PolicyKeys.KW_SOURCES,
- PolicyKeys.KW_TARGETS
+ PolicyKeys.KW_TARGETS,
+ PolicyKeys.KW_SOURCE_PATTERN,
+ PolicyKeys.KW_TARGET_PATTERN
]
def __init__(self):
@@ -223,10 +228,16 @@ class PolicyCompiler(object):
policy_out[PolicyKeys.KW_ALLOW_DYNAMIC_SRC] = False
policy_out[PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER] = False
policy_out[PolicyKeys.KW_ALLOW_USERID_PROXY] = False
- policy_out[PolicyKeys.KW_SOURCES] = ''
- policy_out[PolicyKeys.KW_TARGETS] = ''
+ policy_out[PolicyKeys.KW_SOURCES] = None
+ policy_out[PolicyKeys.KW_TARGETS] = None
+ policy_out[PolicyKeys.KW_SOURCE_PATTERN] = None
+ policy_out[PolicyKeys.KW_TARGET_PATTERN] = None
cerror = []
+ user_sources = False
+ user_targets = False
+ user_src_pattern = False
+ user_tgt_pattern = False
for key, val in policy_in.iteritems():
if key not in self.allowed_settings_options:
warnings.append("Policy vhost '%s' user group '%s' option '%s' is ignored." %
@@ -261,7 +272,9 @@ class PolicyCompiler(object):
policy_out[key] = val
elif key in [PolicyKeys.KW_USERS,
PolicyKeys.KW_SOURCES,
- PolicyKeys.KW_TARGETS
+ PolicyKeys.KW_TARGETS,
+ PolicyKeys.KW_SOURCE_PATTERN,
+ PolicyKeys.KW_TARGET_PATTERN
]:
# accept a string or list
if type(val) is str:
@@ -280,6 +293,27 @@ class PolicyCompiler(object):
val = list(set(val))
# output result is CSV string with no white space between values: 'abc,def,mytarget'
policy_out[key] = ','.join(val)
+
+ if key == PolicyKeys.KW_SOURCES:
+ user_sources = True
+ if key == PolicyKeys.KW_TARGETS:
+ user_targets = True
+ if key == PolicyKeys.KW_SOURCE_PATTERN:
+ user_src_pattern = True
+ if key == PolicyKeys.KW_TARGET_PATTERN:
+ user_tgt_pattern = True
+
+ if user_sources:
+ warnings.append("Policy vhost '%s' user group '%s' uses deprecated 'sources' attribute. Use 'sourcePattern' instead" % (vhostname, usergroup))
+ if user_targets:
+ warnings.append("Policy vhost '%s' user group '%s' uses deprecated 'targets' attribute. Use 'targetPattern' instead" % (vhostname, usergroup))
+ if user_sources and user_src_pattern:
+ errors.append("Policy vhost '%s' user group '%s' specifies conflicting 'sources' and 'sourcePattern' attributes. Use only 'sourcePattern' instead" % (vhostname, usergroup))
+ return False
+ if user_targets and user_tgt_pattern:
+ errors.append("Policy vhost '%s' user group '%s' specifies conflicting 'targets' and 'targetPattern' attributes. Use only 'targetPattern' instead" % (vhostname, usergroup))
+ return False
+
return True
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 7fc460a..4ee1930 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -322,10 +322,10 @@ bool qd_policy_open_lookup_user(
settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
settings->allowDynamicSource = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
settings->allowUserIdProxy = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
- if (settings->sources == 0)
- settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
- if (settings->targets == 0)
- settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
+ settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ settings->sourcePattern = qd_entity_get_string((qd_entity_t*)upolicy, "sourcePattern");
+ settings->targetPattern = qd_entity_get_string((qd_entity_t*)upolicy, "targetPattern");
settings->denialCounts = (qd_policy_denial_counts_t*)
qd_entity_get_long((qd_entity_t*)upolicy, "denialCounts");
Py_XDECREF(result2);
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/src/policy.h
----------------------------------------------------------------------
diff --git a/src/policy.h b/src/policy.h
index 27d209a..80d50aa 100644
--- a/src/policy.h
+++ b/src/policy.h
@@ -52,6 +52,8 @@ struct qd_policy__settings_s {
bool allowUserIdProxy;
char *sources;
char *targets;
+ char *sourcePattern;
+ char *targetPattern;
qd_policy_denial_counts_t *denialCounts;
};
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org