qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Conway" <acon...@redhat.com>
Subject Re: Review Request: Limit number of queues a user can create
Date Mon, 07 May 2012 15:43:12 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5015/#review7640
-----------------------------------------------------------


Definitely needs to replicate state in a cluster. Shout if you need pointers.


trunk/qpid/cpp/src/qpid/broker/Broker.cpp
<https://reviews.apache.org/r/5015/#comment16850>

    This doesn't count deletions of auto-delete queues. Perhaps better to put this check in
Queue::destroyed



trunk/qpid/cpp/src/tests/acl.py
<https://reviews.apache.org/r/5015/#comment16851>

    No need to catch an exception just to fail the test as a result. Allow the exception to
cause the test to fail directly, that gives you a deeper stack trace to debug.


- Alan


On 2012-05-04 19:41:45, Chug Rolke wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5015/
> -----------------------------------------------------------
> 
> (Updated 2012-05-04 19:41:45)
> 
> 
> Review request for qpid, Alan Conway, Kim van der Riet, and Ted Ross.
> 
> 
> Summary
> -------
> 
> This patch fulfills a long-standing request to keep users from abusing broker queue resources.
If a user is allowed to create one queue he then can create them by the thousdands.
> 
> The code is more of a quota than an access control but it fits naturally in the current
ACL module. The implementation here is queue-centric but could be generalized to support limiting
exchanges as well.
> 
> A few concerns arise:
> 
> 1. This code counts/protects live requests coming in to single node. This code does not
protect queues that are presisting. The concern is that a user creates his quota of persistent
queues and then upon system restart the same user can create another batch of queues since
the persisted queues aren't tracked. Is this a vaild concern?
> 
> 2. The patch provides only a single setting for all users.
> 
> 3. The patch makes no effort to replicate the queue count state across a cluster. Surely
this is a problem for clusters.
> 
> 
> This addresses bug QPID-2393.
>     https://issues.apache.org/jira/browse/QPID-2393
> 
> 
> Diffs
> -----
> 
>   trunk/qpid/cpp/src/qpid/acl/Acl.h 1334118 
>   trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1334118 
>   trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1334118 
>   trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1334118 
>   trunk/qpid/cpp/src/qpid/broker/AclModule.h 1334118 
>   trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1334118 
>   trunk/qpid/cpp/src/tests/acl.py 1334118 
>   trunk/qpid/cpp/src/tests/run_acl_tests 1334118 
> 
> Diff: https://reviews.apache.org/r/5015/diff
> 
> 
> Testing
> -------
> 
> Unit tests included.
> 
> 
> Thanks,
> 
> Chug
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message