You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2018/05/01 20:25:27 UTC

[05/10] qpid-dispatch git commit: DISPATCH-976: Accept new config settings and store in local policy

DISPATCH-976: Accept new config settings and store in local policy


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/dc981ecc
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/dc981ecc
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/dc981ecc

Branch: refs/heads/master
Commit: dc981ecc6cf31d8c605e84703a589553281281c2
Parents: 210683d
Author: Chuck Rolke <cr...@redhat.com>
Authored: Tue May 1 13:55:35 2018 -0400
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Tue May 1 15:58:35 2018 -0400

----------------------------------------------------------------------
 .../policy/policy_local.py                      | 42 ++++++++++++++++++--
 src/policy.c                                    |  8 ++--
 src/policy.h                                    |  2 +
 3 files changed, 44 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index 228d65d..19c81c8 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -63,6 +63,8 @@ class PolicyKeys(object):
     KW_ALLOW_USERID_PROXY       = "allowUserIdProxy"
     KW_SOURCES                  = "sources"
     KW_TARGETS                  = "targets"
+    KW_SOURCE_PATTERN           = "sourcePattern"
+    KW_TARGET_PATTERN           = "targetPattern"
 
     # Policy stats key words
     KW_CONNECTIONS_APPROVED     = "connectionsApproved"
@@ -86,6 +88,7 @@ class PolicyKeys(object):
 
     # policy stats controlled by C code but referenced by settings
     KW_CSTATS                   = "denialCounts"
+
 #
 #
 class PolicyCompiler(object):
@@ -122,7 +125,9 @@ class PolicyCompiler(object):
         PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER,
         PolicyKeys.KW_ALLOW_USERID_PROXY,
         PolicyKeys.KW_SOURCES,
-        PolicyKeys.KW_TARGETS
+        PolicyKeys.KW_TARGETS,
+        PolicyKeys.KW_SOURCE_PATTERN,
+        PolicyKeys.KW_TARGET_PATTERN
         ]
 
     def __init__(self):
@@ -223,10 +228,16 @@ class PolicyCompiler(object):
         policy_out[PolicyKeys.KW_ALLOW_DYNAMIC_SRC] = False
         policy_out[PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER] = False
         policy_out[PolicyKeys.KW_ALLOW_USERID_PROXY] = False
-        policy_out[PolicyKeys.KW_SOURCES] = ''
-        policy_out[PolicyKeys.KW_TARGETS] = ''
+        policy_out[PolicyKeys.KW_SOURCES] = None
+        policy_out[PolicyKeys.KW_TARGETS] = None
+        policy_out[PolicyKeys.KW_SOURCE_PATTERN] = None
+        policy_out[PolicyKeys.KW_TARGET_PATTERN] = None
 
         cerror = []
+        user_sources = False
+        user_targets = False
+        user_src_pattern = False
+        user_tgt_pattern = False
         for key, val in policy_in.iteritems():
             if key not in self.allowed_settings_options:
                 warnings.append("Policy vhost '%s' user group '%s' option '%s' is ignored." %
@@ -261,7 +272,9 @@ class PolicyCompiler(object):
                 policy_out[key] = val
             elif key in [PolicyKeys.KW_USERS,
                          PolicyKeys.KW_SOURCES,
-                         PolicyKeys.KW_TARGETS
+                         PolicyKeys.KW_TARGETS,
+                         PolicyKeys.KW_SOURCE_PATTERN,
+                         PolicyKeys.KW_TARGET_PATTERN
                          ]:
                 # accept a string or list
                 if type(val) is str:
@@ -280,6 +293,27 @@ class PolicyCompiler(object):
                 val = list(set(val))
                 # output result is CSV string with no white space between values: 'abc,def,mytarget'
                 policy_out[key] = ','.join(val)
+
+                if key == PolicyKeys.KW_SOURCES:
+                    user_sources = True
+                if key == PolicyKeys.KW_TARGETS:
+                    user_targets = True
+                if key == PolicyKeys.KW_SOURCE_PATTERN:
+                    user_src_pattern = True
+                if key == PolicyKeys.KW_TARGET_PATTERN:
+                    user_tgt_pattern = True
+
+        if user_sources:
+            warnings.append("Policy vhost '%s' user group '%s' uses deprecated 'sources' attribute. Use 'sourcePattern' instead" % (vhostname, usergroup))
+        if user_targets:
+            warnings.append("Policy vhost '%s' user group '%s' uses deprecated 'targets' attribute. Use 'targetPattern' instead" % (vhostname, usergroup))
+        if user_sources and user_src_pattern:
+            errors.append("Policy vhost '%s' user group '%s' specifies conflicting  'sources' and 'sourcePattern' attributes. Use only 'sourcePattern' instead" % (vhostname, usergroup))
+            return False
+        if user_targets and user_tgt_pattern:
+            errors.append("Policy vhost '%s' user group '%s' specifies conflicting  'targets' and 'targetPattern' attributes. Use only 'targetPattern' instead" % (vhostname, usergroup))
+            return False
+
         return True
 
 

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 7fc460a..4ee1930 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -322,10 +322,10 @@ bool qd_policy_open_lookup_user(
                     settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
                     settings->allowDynamicSource   = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
                     settings->allowUserIdProxy     = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
-                    if (settings->sources == 0)
-                        settings->sources          = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
-                    if (settings->targets == 0)
-                        settings->targets          = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+                    settings->sources              = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
+                    settings->targets              = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+                    settings->sourcePattern        = qd_entity_get_string((qd_entity_t*)upolicy, "sourcePattern");
+                    settings->targetPattern        = qd_entity_get_string((qd_entity_t*)upolicy, "targetPattern");
                     settings->denialCounts         = (qd_policy_denial_counts_t*)
                                                     qd_entity_get_long((qd_entity_t*)upolicy, "denialCounts");
                     Py_XDECREF(result2);

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/dc981ecc/src/policy.h
----------------------------------------------------------------------
diff --git a/src/policy.h b/src/policy.h
index 27d209a..80d50aa 100644
--- a/src/policy.h
+++ b/src/policy.h
@@ -52,6 +52,8 @@ struct qd_policy__settings_s {
     bool allowUserIdProxy;
     char *sources;
     char *targets;
+    char *sourcePattern;
+    char *targetPattern;
     qd_policy_denial_counts_t *denialCounts;
 };
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org