qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-3918) Add management acl-query test methods to C++ broker ACL plugin
Date Tue, 27 Mar 2012 20:46:28 GMT

     [ https://issues.apache.org/jira/browse/QPID-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chuck Rolke updated QPID-3918:

    Attachment: acl-test-00.log

The attached files demonstrate how this feature would work. 
* The rules file is a simple but non-trivial ACL file.
* The py file is a qmf.console test driver that runs queries against the broker with the ACLs.
* The log shows the result.

> Add management acl-query test methods to C++ broker ACL plugin
> --------------------------------------------------------------
>                 Key: QPID-3918
>                 URL: https://issues.apache.org/jira/browse/QPID-3918
>             Project: Qpid
>          Issue Type: New Feature
>          Components: C++ Broker
>    Affects Versions: 0.14
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>         Attachments: acl-test-00-rules.acl, acl-test-00.log, acl-test-00.py
> In its current form the ACL module is not testable in a customer deployment. The ACL
module loads the ACL file and from then on only real-world activity triggers allow and deny
> This feature proposal adds two management methods that are directly tied to the ACL decision
Lookup functions. Using them a customer may start a dummy broker process that uses his actual
(1) ACL rule file. Then using a management application the customer may fire off a set of
lookups against his rule file to see if the ACL rules deliver the intended results.
> This feature could also be used to augment the self tests. It is very hard to stage enough
driver code to trigger some of the ACL queries. Using the proposed methods then the self test
can launch any ACL query directly.
> (1) As usual the ACL file must be bent enough to allow 'anonymous' to have access to
the management methods

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message