You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2016/01/30 00:02:54 UTC
qpid-dispatch git commit: Create a policy manager with dispatch
interfaces to contain local policy.
Repository: qpid-dispatch
Updated Branches:
refs/heads/crolke-DISPATCH-188-1 f47d39d12 -> 17b9b13ee
Create a policy manager with dispatch interfaces to contain local policy.
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/17b9b13e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/17b9b13e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/17b9b13e
Branch: refs/heads/crolke-DISPATCH-188-1
Commit: 17b9b13ee52adc704cc056d3870ff58e5eb79322
Parents: f47d39d
Author: Chuck Rolke <cr...@redhat.com>
Authored: Fri Jan 29 18:01:39 2016 -0500
Committer: Chuck Rolke <cr...@redhat.com>
Committed: Fri Jan 29 18:01:39 2016 -0500
----------------------------------------------------------------------
.../qpid_dispatch_internal/management/agent.py | 4 +-
.../policy/policy_local.py | 18 +++-
.../policy/policy_manager.py | 103 +++++++++++++++++++
3 files changed, 120 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/17b9b13e/python/qpid_dispatch_internal/management/agent.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py
index 994b0dd..d22179d 100644
--- a/python/qpid_dispatch_internal/management/agent.py
+++ b/python/qpid_dispatch_internal/management/agent.py
@@ -81,7 +81,7 @@ from .schema import ValidationError, SchemaEntity, EntityType
from .qdrouter import QdSchema
from ..router.message import Message
from ..router.address import Address
-from ..policy.policy_local import PolicyLocal
+from ..policy.policy_manager import PolicyManager
def dictstr(d):
@@ -619,7 +619,7 @@ class Agent(object):
self.entities = EntityCache(self)
self.request_lock = Lock()
self.log_adapter = LogAdapter("AGENT")
- self.policy = PolicyLocal()
+ self.policy = PolicyManager(self)
self.management = self.create_entity({"type": "management"})
self.add_entity(self.management)
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/17b9b13e/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index 0a77e12..c6a8627 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -358,11 +358,15 @@ class PolicyLocal(object):
The policy database.
"""
- def __init__(self):
+ def __init__(self, manager):
"""
Create instance
@params folder: relative path from __file__ to conf file folder
"""
+ # manager is a class
+ # It provides access the dispatch system functions
+ self._manager = manager
+
# rulesetdb is a map
# key : application name
# val : ruleset for this app
@@ -382,6 +386,13 @@ class PolicyLocal(object):
# validates incoming policy and readies it for internal use
self._policy_compiler = PolicyCompiler()
+ # snag trace constants
+ self.LOG_TRACE = manager.log_trace()
+ self.LOG_DEBUG = manager.log_debug()
+ self.LOG_INFO = manager.log_info()
+ self.LOG_ERROR = manager.log_error()
+
+
#
# Service interfaces
#
@@ -398,11 +409,12 @@ class PolicyLocal(object):
if not result:
raise PolicyError( "Policy '%s' is invalid: %s" % (name, diag[0]) )
if len(warnings) > 0:
- print ("LogMe: Application '%s' has warnings: %s" %
- (name, warnings))
+ for warning in warnings:
+ self._manager.log(self.LOG_DEBUG, warning)
self.rulesetdb[name] = {}
self.rulesetdb[name].update(candidate)
# TODO: Create stats
+ self._manager.log(self.LOG_INFO, "Created ruleset %s" % name)
def policy_read(self, name):
"""
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/17b9b13e/python/qpid_dispatch_internal/policy/policy_manager.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_manager.py b/python/qpid_dispatch_internal/policy/policy_manager.py
new file mode 100644
index 0000000..00317ff
--- /dev/null
+++ b/python/qpid_dispatch_internal/policy/policy_manager.py
@@ -0,0 +1,103 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License
+#
+
+"""
+
+"""
+
+import json
+import traceback
+from policy_local import PolicyLocal
+from ..dispatch import LogAdapter, LOG_INFO, LOG_TRACE, LOG_DEBUG, LOG_ERROR
+
+
+
+"""
+Entity implementing the glue between the policy engine and the rest of the system.
+"""
+
+class PolicyManager(object):
+ """
+
+ """
+
+ def __init__(self, agent):
+ """
+ """
+ self._agent = agent
+ self._policy_local = PolicyLocal(self)
+ self.log_adapter = LogAdapter("POLICY")
+
+ def log(self, level, text):
+ info = traceback.extract_stack(limit=2)[0] # Caller frame info
+ self.log_adapter.log(level, text, info[0], info[1])
+
+ def log_debug(self):
+ return LOG_DEBUG
+
+ def log_info(self):
+ return LOG_INFO
+
+ def log_trace(self):
+ return LOG_TRACE
+
+ def log_error(self):
+ return LOG_ERROR
+
+ #
+ # Management interface to create a ruleset
+ #
+ def create_ruleset(self, attributes):
+ """
+ Create named policy ruleset
+ @param[in] attributes: from config
+ """
+ self._policy_local.create_ruleset(attributes)
+ # TODO: Create stats
+
+ #
+ # Runtime query interface
+ #
+ def lookup_user(self, user, host, app, conn_name):
+ """
+ Lookup function called from C.
+ Determine if a user on host accessing app through AMQP Open is allowed
+ according to the policy access rules.
+ If allowed then return the policy settings name
+ @param[in] user connection authId
+ @param[in] host connection remote host numeric IP address as string
+ @param[in] app application user is accessing
+ @return settings user-group name if allowed; "" if not allowed
+ # Note: the upolicy[0] output is list of group names joined with '|'.
+ TODO: handle the AccessStats
+ """
+ return self._policy_local.lookup_user(user, host, app, conn_name)
+
+ def lookup_settings(self, appname, name, upolicy):
+ """
+ Given a settings name, return the aggregated policy blob.
+ @param[in] appname: application user is accessing
+ @param[in] name: user group name
+ @param[out] upolicy: dict holding policy values - the settings blob
+ TODO: make this a c struct
+ @return if allowed by policy
+ # Note: the upolicy output is a non-nested dict with settings of interest
+ # TODO: figure out decent defaults for upolicy settings that are undefined
+ """
+ return self._policy_local.lookup_settings(appname, name, upolicy)
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org