qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-5890) C++ Broker AclModule.h compiles static code dozens of times
Date Sun, 13 Jul 2014 14:29:04 GMT

    [ https://issues.apache.org/jira/browse/QPID-5890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060118#comment-14060118
] 

Chuck Rolke commented on QPID-5890:
-----------------------------------

Here are the Acl validation table dumps.
* In the authorization calls table the call site information is useful for developers and
maintainers but not necessarily for end users.
* in the property usage reference table it appears that 'name' and 'owner' are unused. The
'name' property is special and is always used. 'owner' could be deleted.

h2. AclValidator: authorization calls from broker:

||call site||action||object||associated properties||
|Broker::queryQueue|access|queue|  |
|Broker::getTimestampConfig|access|broker|  |
|Broker::setTimestampConfig|update|broker|  |
|Broker::queueRedirect|redirect|queue|  |
|Broker::queueMoveMessages|move|queue|  |
|Broker::createQueue|create|queue| alternate durable exclusive autodelete policytype paging
maxpages maxpagefactor maxqueuecount maxqueuesize maxfilecount maxfilesize |
|Broker::deleteQueue|delete|queue| alternate durable exclusive autodelete policytype |
|Broker::createExchange|create|exchange| type alternate durable autodelete |
|Broker::deleteExchange|delete|exchange| type alternate durable |
|Broker::bind|bind|exchange| queuename routingkey |
|Broker::unbind|unbind|exchange| queuename routingkey |
|ConnectionHandler::Handler::open|create|link|  |
|Queue::ManagementMethod|purge|queue|  |
|Queue::ManagementMethod|reroute|queue| exchangename |
|SemanticState::route|publish|exchange| routingkey |
|ExchangeHandlerImpl::declare|access|exchange| type alternate durable autodelete |
|ExchangeHandlerImpl::query|access|exchange|  |
|ExchangeHandlerImpl::bound|access|exchange| queuename routingkey |
|QueueHandlerImpl::query|access|queue|  |
|QueueHandlerImpl::declare|access|queue| alternate durable exclusive autodelete policytype
maxqueuecount maxqueuesize |
|QueueHandlerImpl::purge|purge|queue|  |
|MessageHandlerImpl::subscribe|consume|queue|  |
|Authorise::access|access|exchange| type durable |
|Authorise::access|access|queue| alternate durable exclusive autodelete policytype maxqueuecount
maxqueuesize |
|Authorise::incoming|publish|exchange|  |
|Authorise::outgoing|bind|exchange| queuename routingkey |
|Authorise::outgoing|consume|queue|  |
|Authorise::route|publish|exchange| routingkey |
|Authorise::interlink|create|link|  |
|Authorise::access|access|exchange|  |
|Authorise::access|access|queue|  |
|ManagementAgent::handleMethodRequest|access|method| schemapackage schemaclass |
|ManagementAgent::handleGetQuery|access|query| schemaclass |
|ManagementAgent::authorizeAgentMessage|access|method| schemapackage schemaclass |

h2. AclValidator: validation table:
* Rules marked 'Disallowed' are not ever checked by the broker and should not be in Acl files.

||action-object||allowed properties||
|( consume)(   queue)| |
|( consume)(exchange)|Disallowed|
|( consume)(  broker)|Disallowed|
|( consume)(    link)|Disallowed|
|( consume)(  method)|Disallowed|
|( consume)(   query)|Disallowed|
|( publish)(   queue)|Disallowed|
|( publish)(exchange)| routingkey |
|( publish)(  broker)|Disallowed|
|( publish)(    link)|Disallowed|
|( publish)(  method)|Disallowed|
|( publish)(   query)|Disallowed|
|(  create)(   queue)| durable autodelete exclusive alternate policytype paging queuemaxsizelowerlimit
queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit filemaxsizelowerlimit
filemaxsizeupperlimit filemaxcountlowerlimit filemaxcountupperlimit pageslowerlimit pagesupperlimit
pagefactorlowerlimit pagefactorupperlimit |
|(  create)(exchange)| durable autodelete type alternate |
|(  create)(  broker)|Disallowed|
|(  create)(    link)| |
|(  create)(  method)|Disallowed|
|(  create)(   query)|Disallowed|
|(  access)(   queue)| durable autodelete exclusive alternate policytype queuemaxsizelowerlimit
queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit |
|(  access)(exchange)| durable routingkey autodelete type alternate queuename |
|(  access)(  broker)| |
|(  access)(    link)|Disallowed|
|(  access)(  method)| schemapackage schemaclass |
|(  access)(   query)| schemaclass |
|(    bind)(   queue)|Disallowed|
|(    bind)(exchange)| routingkey queuename |
|(    bind)(  broker)|Disallowed|
|(    bind)(    link)|Disallowed|
|(    bind)(  method)|Disallowed|
|(    bind)(   query)|Disallowed|
|(  unbind)(   queue)|Disallowed|
|(  unbind)(exchange)| routingkey queuename |
|(  unbind)(  broker)|Disallowed|
|(  unbind)(    link)|Disallowed|
|(  unbind)(  method)|Disallowed|
|(  unbind)(   query)|Disallowed|
|(  delete)(   queue)| durable autodelete exclusive alternate policytype |
|(  delete)(exchange)| durable type alternate |
|(  delete)(  broker)|Disallowed|
|(  delete)(    link)|Disallowed|
|(  delete)(  method)|Disallowed|
|(  delete)(   query)|Disallowed|
|(   purge)(   queue)| |
|(   purge)(exchange)|Disallowed|
|(   purge)(  broker)|Disallowed|
|(   purge)(    link)|Disallowed|
|(   purge)(  method)|Disallowed|
|(   purge)(   query)|Disallowed|
|(  update)(   queue)|Disallowed|
|(  update)(exchange)|Disallowed|
|(  update)(  broker)| |
|(  update)(    link)|Disallowed|
|(  update)(  method)|Disallowed|
|(  update)(   query)|Disallowed|
|(    move)(   queue)| |
|(    move)(exchange)|Disallowed|
|(    move)(  broker)|Disallowed|
|(    move)(    link)|Disallowed|
|(    move)(  method)|Disallowed|
|(    move)(   query)|Disallowed|
|(redirect)(   queue)| |
|(redirect)(exchange)|Disallowed|
|(redirect)(  broker)|Disallowed|
|(redirect)(    link)|Disallowed|
|(redirect)(  method)|Disallowed|
|(redirect)(   query)|Disallowed|
|( reroute)(   queue)| exchangename |
|( reroute)(exchange)|Disallowed|
|( reroute)(  broker)|Disallowed|
|( reroute)(    link)|Disallowed|
|( reroute)(  method)|Disallowed|
|( reroute)(   query)|Disallowed|

h2. AclValidator: property usage reference:

||Property||allowed by action-object||
|name||
|durable|(create queue)(create exchange)(access queue)(access exchange)(delete queue)(delete
exchange)|
|owner||
|routingkey|(publish exchange)(access exchange)(bind exchange)(unbind exchange)|
|autodelete|(create queue)(create exchange)(access queue)(access exchange)(delete queue)|
|exclusive|(create queue)(access queue)(delete queue)|
|type|(create exchange)(access exchange)(delete exchange)|
|alternate|(create queue)(create exchange)(access queue)(access exchange)(delete queue)(delete
exchange)|
|queuename|(access exchange)(bind exchange)(unbind exchange)|
|exchangename|(reroute queue)|
|schemapackage|(access method)|
|schemaclass|(access method)(access query)|
|policytype|(create queue)(access queue)(delete queue)|
|paging|(create queue)|
|queuemaxsizelowerlimit|(create queue)(access queue)|
|queuemaxsizeupperlimit|(create queue)(access queue)|
|queuemaxcountlowerlimit|(create queue)(access queue)|
|queuemaxcountupperlimit|(create queue)(access queue)|
|filemaxsizelowerlimit|(create queue)|
|filemaxsizeupperlimit|(create queue)|
|filemaxcountlowerlimit|(create queue)|
|filemaxcountupperlimit|(create queue)|
|pageslowerlimit|(create queue)|
|pagesupperlimit|(create queue)|
|pagefactorlowerlimit|(create queue)|
|pagefactorupperlimit|(create queue)|


> C++ Broker AclModule.h compiles static code dozens of times
> -----------------------------------------------------------
>
>                 Key: QPID-5890
>                 URL: https://issues.apache.org/jira/browse/QPID-5890
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.15
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>
> AclModule needs to be refactored.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message