qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject qpid-dispatch git commit: Create a local policy anchored in Agent. Hook it up to incoming config settings. Add test json config file.
Date Wed, 20 Jan 2016 21:19:17 GMT
Repository: qpid-dispatch
Updated Branches:
  refs/heads/crolke-DISPATCH-188-1 c284c20b8 -> b85fc9e5e


Create a local policy anchored in Agent.
Hook it up to incoming config settings.
Add test json config file.


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b85fc9e5
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b85fc9e5
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b85fc9e5

Branch: refs/heads/crolke-DISPATCH-188-1
Commit: b85fc9e5e75e630aed98b4871128218d76f09583
Parents: c284c20
Author: Chuck Rolke <crolke@redhat.com>
Authored: Wed Jan 20 16:17:24 2016 -0500
Committer: Chuck Rolke <crolke@redhat.com>
Committed: Wed Jan 20 16:17:24 2016 -0500

----------------------------------------------------------------------
 doc/notes/qdr-policy-diagrams-01.odg            | Bin 37966 -> 35808 bytes
 python/qpid_dispatch/management/qdrouter.json   |  18 ++---
 .../qpid_dispatch_internal/management/agent.py  |  16 +++++
 .../qpid_dispatch_internal/management/config.py |   4 +-
 .../management/policy_local.py                  |  13 ++++
 tests/policy-1/test-router-with-policy.json     |  70 +++++++++++++++++++
 6 files changed, 112 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/doc/notes/qdr-policy-diagrams-01.odg
----------------------------------------------------------------------
diff --git a/doc/notes/qdr-policy-diagrams-01.odg b/doc/notes/qdr-policy-diagrams-01.odg
index 0e26174..59c3cb9 100644
Binary files a/doc/notes/qdr-policy-diagrams-01.odg and b/doc/notes/qdr-policy-diagrams-01.odg
differ

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch/management/qdrouter.json
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json
index 9d1aae0..923cf80 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -1018,11 +1018,11 @@
             }
         },
 
-        "policy.accessRuleset": {
+        "policyAccessRuleset": {
             "description": "Per application definition of the locations from which users
may connect and the groups to which users belong.",
             "extends": "configurationEntity",
             "attributes": {
-                "name": {
+                "applicationName": {
                     "type": "string",
                     "description": "The application name.",
                     "required": true
@@ -1075,18 +1075,19 @@
                 }
             }
         },
-        "policy.accessStats": {
+
+        "policyAccessStats": {
             "description": "Per application connection and access statistics.",
             "extends": "operationalEntity",
             "attributes": {
-                "name": {
+                "applicationName": {
                     "type": "string",
                     "description": "The application name."
                 },
                 "connectionsApproved": {"type": "integer", "graph": true},
                 "connectionsDenied": {"type": "integer", "graph": true},
                 "connectionsCurrent": {"type": "integer", "graph": true},
-                "perUsrerState": {
+                "perUserState": {
                     "type": "map",
                     "description": "A map where the key is the authenticated user name and
the value is a list of the user's connections."
                 },
@@ -1098,7 +1099,8 @@
             }
 
         },
-        "policy.settings": {
+
+        "policyAppSettings": {
             "description": "For a given application and user group define the policy settings
applied to the user's AMQP connection.",
             "extends": "configurationEntity",
             "attributes": {
@@ -1107,7 +1109,7 @@
                     "description": "The application to which these settings apply.",
                     "required": true
                 },
-                "groupName": {
+                "userGroupName": {
                     "type": "string",
                     "description": "The user group to which these settings apply.",
                     "required": true
@@ -1182,7 +1184,7 @@
             }
         },
 
-        "policy.stats": {
+        "policyAppStats": {
             "description": "Per application policy enforcement statistics.",
             "extends": "operationalEntity",
             "attributes": {

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/agent.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py
index 1930c30..0d53bc1 100644
--- a/python/qpid_dispatch_internal/management/agent.py
+++ b/python/qpid_dispatch_internal/management/agent.py
@@ -81,6 +81,7 @@ from .schema import ValidationError, SchemaEntity, EntityType
 from .qdrouter import QdSchema
 from ..router.message import Message
 from ..router.address import Address
+from policy_local import PolicyLocal
 
 
 def dictstr(d):
@@ -154,6 +155,7 @@ class EntityAdapter(SchemaEntity):
         self.__dict__['_log'] = agent.log
         self.__dict__['_qd'] = agent.qd
         self.__dict__['_dispatch'] = agent.dispatch
+        self.__dict__['_policy'] = agent.policy
         self.__dict__['_implementations'] = []
 
     def validate(self, **kwargs):
@@ -283,6 +285,19 @@ class PolicyEntity(EntityAdapter):
     def _identifier(self):
         return self.attributes.get('module')
 
+class PolicyAccessRulesetEntity(EntityAdapter):
+    def create(self):
+        self._policy.create_ruleset(self.attributes)
+
+    def _identifier(self):
+        return self.attributes.get('applicationName')
+
+class PolicyAppSettingsEntity(EntityAdapter):
+    def create(self):
+        self._policy.create_settings(self.attributes)
+
+    def _identifier(self):
+        return self.attributes.get('applicationName') + "_" + self.attributes.get('userGroupName')
 
 def _addr_port_identifier(entity):
     for attr in ['addr', 'port']: # Set default values if need be
@@ -611,6 +626,7 @@ class Agent(object):
         self.entities = EntityCache(self)
         self.request_lock = Lock()
         self.log_adapter = LogAdapter("AGENT")
+        self.policy = PolicyLocal()
         self.management = self.create_entity({"type": "management"})
         self.add_entity(self.management)
 

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py
index 979932e..eaab7e2 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -162,7 +162,9 @@ def configure_dispatch(dispatch, lib_handle, filename):
     qd.qd_router_setup_late(dispatch) # Actions requiring active management agent.
 
     # Remaining configuration
-    for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", "policy":
+
+    for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", \
+             "policy", "policyAccessRuleset", "policyAppSettings":
         for a in config.by_type(t): configure(a)
     for e in config.entities:
         configure(e)

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/policy_local.py b/python/qpid_dispatch_internal/management/policy_local.py
index 8084fdc..bdbecda 100644
--- a/python/qpid_dispatch_internal/management/policy_local.py
+++ b/python/qpid_dispatch_internal/management/policy_local.py
@@ -283,6 +283,19 @@ class PolicyLocal(object):
             self.policy_io_read_files()
 
     #
+    # Management create
+    #
+    def create_ruleset(self, attributes):
+        print ("POLICY configured ruleset %s" % attributes['applicationName'])
+        #pdb.set_trace()
+        pass
+
+    def create_settings(self, attributes):
+        print ("POLICY configured settings %s_%s" % (attributes['applicationName'], attributes['userGroupName']))
+        #pdb.set_trace()
+        pass
+
+    #
     # Policy file I/O
     #
     def policy_io_read_files(self):

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/tests/policy-1/test-router-with-policy.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/test-router-with-policy.json b/tests/policy-1/test-router-with-policy.json
new file mode 100644
index 0000000..643de2f
--- /dev/null
+++ b/tests/policy-1/test-router-with-policy.json
@@ -0,0 +1,70 @@
+[
+    ["container", {
+	"containerName": "QdstatSslTest",
+	"saslConfigName": "tests-mech-EXTERNAL",
+	"saslConfigPath": "/home/chug/Research/qdr/standaloneSsl/sasl_configs",
+	"debugDump": "qddebug.txt"
+    }],
+    ["sslProfile", {
+	"certFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-certificate.pem",
+	"keyFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-private-key.pem",
+	"password": "server-password",
+	"name": "server-ssl",
+	"certDb": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/ca-certificate.pem"
+    }],
+    ["listener", {
+	"saslMechanisms": "ANONYMOUS",
+	"authenticatePeer": "no",
+	"idleTimeoutSeconds": "120",
+	"port": 21000,
+	"addr": "0.0.0.0"
+    }],
+    ["listener", {
+	"addr": "0.0.0.0",
+	"requireSsl": "yes",
+	"idleTimeoutSeconds": "120",
+	"saslMechanisms": "ANONYMOUS",
+	"sslProfile": "server-ssl",
+	"authenticatePeer": "no",
+	"port": 21001
+    }],
+    ["listener", {
+	"addr": "0.0.0.0",
+	"requireSsl": "no",
+	"idleTimeoutSeconds": "120",
+	"saslMechanisms": "ANONYMOUS",
+	"sslProfile": "server-ssl",
+	"authenticatePeer": "no",
+	"port": 21002
+    }],
+    ["listener", {
+	"addr": "0.0.0.0",
+	"requireSsl": "yes",
+	"idleTimeoutSeconds": "120",
+	"saslMechanisms": "EXTERNAL",
+	"sslProfile": "server-ssl",
+	"authenticatePeer": "yes",
+	"port": 21003
+    }],
+    ["log", {
+	"source": "true",
+	"enable": "info+",
+	"module": "DEFAULT"
+    }],
+    ["policy", {
+	"maximumConnections": 2
+    }],
+    ["policyAccessRuleset", {
+	"applicationName": "photoserver"
+    }],
+    ["policyAppSettings", {
+	"applicationName": "photoserver",
+	"userGroupName": "admin",
+	"maxFrameSize": 20000
+    }],
+    ["policyAppSettings", {
+	"applicationName": "photoserver",
+	"userGroupName": "users",
+	"maxFrameSize": 10000
+    }]
+]


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message