qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Review Request 64645: authorization support for sasl delegation plugin
Date Fri, 15 Dec 2017 18:20:12 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64645/
-----------------------------------------------------------

(Updated Dec. 15, 2017, 6:20 p.m.)


Review request for qpid, Chug Rolke, Ganesh Murthy, and Ted Ross.


Changes
-------

Updated to always use the permissions from the auth service even if config based policy is
also in place (this is one option, an alternative could be to always overwrite any auth service
policies from config or to somehow try and combine them)


Bugs: DISPATCH-901
    https://issues.apache.org/jira/browse/DISPATCH-901


Repository: qpid-dispatch


Description
-------

If the client specifies its desire for the ADDRESS-AUTHZ capacbility, the authorization service,
if it supports this, will return a set of permissions in the properties of the open frame.
The properties will have an address-authz key, whose value is a map of address (or wildcard
pattern) to an array of permissions. The only permissions recognised at present by this patch
are 'send' and 'recv'.


Diffs (updated)
-----

  src/policy.c 22cc79f 
  src/remote_sasl.c e3c969b 
  tests/CMakeLists.txt 0c6454c 
  tests/authservice.py PRE-CREATION 
  tests/system_tests_authz_service_plugin.py PRE-CREATION 


Diff: https://reviews.apache.org/r/64645/diff/2/

Changes: https://reviews.apache.org/r/64645/diff/1-2/


Testing
-------

Added new systems tests using proton python based dummy auth service.


Thanks,

Gordon Sim


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message