qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ernie Allen" <eal...@redhat.com>
Subject Re: Review Request 39596: DISPATCH-186 - Add singleton annotation to sslProfile
Date Tue, 27 Oct 2015 16:28:35 GMT


> On Oct. 23, 2015, 7:31 p.m., Alan Conway wrote:
> > A "singleton" means there can only be one, but you could have multiple sslProfiles
in a configuration. An sslProfile is a set of parameters that can be re-used for more than
one connection, but it is not the *only* set of SSL parameters that can be used in a router.
A broker that participates in multiple security domains or accepts connections from clients
with different SSL-based security might have multiple SSL profiles.
> > 
> > The idea behind all the "annotations" is that they are not themselves entities,
they are pre-packaged sets of attributes that can be applied to one or more entities. They
are purely convenience, you could specify your configuration entirely in terms of entity attributes
and not use the annotations at all. They are handy when you have a bunch of attributes that
will have the same values for multiple entities - for example lots of connections might share
common security settings.

Using singleton was a poor choice on my part. I've changed it to referential.

The sslProfile annotation can indeed by treated like a separate entity in the config file.
It can be referenced by name like so:

ssl-profile {
    name: ssl-profile-name
    cert-db: /home/eallen/blah/blah/ca-certificate.pem
    cert-file: /home/eallen/blah/blah/server-certificate.pem
    key-file: /home/eallen/blah/blah/server-private-key.pem
    password: server-password
}
listener {
    role: inter-router
    addr: 0.0.0.0
    port: 20102
    sasl-mechanisms: EXTERNAL
    ssl-profile: ssl-profile-name
    requirePeerAuth: yes
}

My changes don't affect the working of the schema parser. They only decorate the schema and
output the decorations in the JSON file.


- Ernie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39596/#review103834
-----------------------------------------------------------


On Oct. 23, 2015, 2:54 p.m., Ernie Allen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39596/
> -----------------------------------------------------------
> 
> (Updated Oct. 23, 2015, 2:54 p.m.)
> 
> 
> Review request for qpid, Alan Conway, Ganesh M, Kenneth Giusti, mick goulish, and Ted
Ross.
> 
> 
> Repository: qpid-dispatch
> 
> 
> Description
> -------
> 
> Sets singleton=true for the sslProfile annotation. 
> Also adds an "annotatedBy" list to an entity in the JSON schema so the console can see
which annotations are singletons. 
> 
> The sslProfile annotation contains the attributes certDb, certFile, keyFile, passwordFile,
and password.
> Both the listener and connector are annotated by sslProfile and the values for these
attributes should be the same. In the console, we want to enter the sslProfile attributes
only once.
> 
> This change gives the console enough information to separate the sslProfile attributes
into their own form so they can be entered only once and then applied to all listeners and
connectors.
> 
> 
> Diffs
> -----
> 
>   python/qpid_dispatch/management/qdrouter.json c5b1edb 
>   python/qpid_dispatch_internal/management/schema.py 8f7e961 
> 
> Diff: https://reviews.apache.org/r/39596/diff/
> 
> 
> Testing
> -------
> 
> bin/test.sh
> 
> 
> Thanks,
> 
> Ernie Allen
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message