qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject [01/10] qpid-dispatch git commit: DISPATCH-311: Reorganize policy schema Rename items in entity 'policy'. Rename entity 'policyRuleset' to 'vhost'.
Date Wed, 27 Jul 2016 20:15:46 GMT
Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 89bdcb58f -> 5a9cebcae


DISPATCH-311: Reorganize policy schema
Rename items in entity 'policy'.
Rename entity 'policyRuleset' to 'vhost'.


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/e30c8502
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/e30c8502
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/e30c8502

Branch: refs/heads/master
Commit: e30c8502110c61e050ae054f7ddf4d958b0662af
Parents: 4c12a62
Author: Chuck Rolke <crolke@redhat.com>
Authored: Mon Jul 25 15:12:20 2016 -0400
Committer: Chuck Rolke <crolke@redhat.com>
Committed: Mon Jul 25 15:12:20 2016 -0400

----------------------------------------------------------------------
 python/qpid_dispatch/management/qdrouter.json   | 27 +++++-------
 .../qdrouter.policyRuleset.settings.txt         |  4 +-
 .../qpid_dispatch_internal/management/agent.py  |  2 +-
 .../qpid_dispatch_internal/management/config.py | 21 +++++----
 .../policy/policy_local.py                      | 45 ++++++++++----------
 .../policy/policy_manager.py                    |  5 +--
 src/policy.c                                    | 36 ++++++++--------
 tests/policy-1/management-access.json           |  6 +--
 tests/policy-1/policy-boardwalk.json            |  2 +-
 tests/policy-1/policy-safari.json               |  2 +-
 .../test-policy-conf-includes-folder.conf.in    |  6 +--
 tests/policy-2/test-router-with-policy.json.in  | 12 +++---
 tests/policy-3/test-sender-receiver-limits.json |  6 +--
 tests/router_policy_test.py                     | 14 ++----
 tests/system_tests_policy.py                    |  8 ++--
 15 files changed, 89 insertions(+), 107 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch/management/qdrouter.json
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json
index e36896b..37f7a3c 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -1346,38 +1346,31 @@
             "extends": "configurationEntity",
             "singleton": true,
             "attributes": {
-                "maximumConnections": {
+                "maxConnections": {
                     "type": "integer",
                     "default": 0,
-                    "description": "Global maximum number of concurrent client connections
allowed. Zero implies no limit. This limit is always enforced even if no other policy settings
have been defined.",
+                    "description": "Global maximum number of concurrent client connections
allowed. This limit is always enforced even if no other policy settings have been defined.",
                     "required": false,
                     "create": true
                 },
-                "enableAccessRules": {
+                "enableVhostPolicy": {
                     "type": "boolean",
                     "default": false,
-                    "description": "Enable user rule set processing and connection denial.",
+                    "description": "Enable vhost policy connection denial, and resource limit
enforcement",
                     "required": false,
                     "create": true
                 },
-                "policyFolder": {
+                "policyDir": {
                     "type": "path",
                     "default": "",
-                    "description": "The absolute path to a folder that holds policyRuleset
definition .json files. For a small system the rulesets may all be defined in this file. At
a larger scale it is better to have the policy files in their own folder and to have none
of the rulesets defined here. All rulesets in all .json files in this folder are processed.",
+                    "description": "Absolute path to a directory that holds vhost definition
.json files. All vhost definitions in all .json files in this directory are processed.",
                     "required": false,
                     "create": true
                 },
-                "defaultApplication": {
+                "defaultVhost": {
                     "type": "string",
-                    "default": "",
-                    "description": "Application policyRuleset to use for connections with
no open.hostname or a hostname that does not match any existing policy. For users that don't
wish to use open.hostname or any multi-tennancy feature, this default policy can be the only
policy in effect for the network.",
-                    "required": false,
-                    "create": true
-                },
-                "defaultApplicationEnabled": {
-                    "type": "boolean",
-                    "default": false,
-                    "description": "Enable defaultApplication policy fallback logic.",
+                    "default": "$default",
+                    "description": "Vhost rule set name to use for connections with a vhost
that is otherwise not defined. Default vhost processing may be disabled either by erasing
the definition of defaultVhost or by not defining a vhost object named '$default'.",
                     "required": false,
                     "create": true
                 },
@@ -1387,7 +1380,7 @@
             }
         },
 
-        "policyRuleset": {
+        "vhost": {
             "description": "Per application definition of the locations from which users
may connect and the groups to which users belong.",
             "extends": "configurationEntity",
             "operations": ["CREATE"],

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt b/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt
index 773df7a..653a378 100644
--- a/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt
+++ b/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt
@@ -21,9 +21,9 @@ The schema `qdrouterd.json` is a JSON format file that defines annotations
and
 entity types of the Qpid Dispatch Router management model.  The model is based
 on the AMQP management specification.
 
-Schema entity `policyRuleset` includes several attributes of type map. In the current form
the management schema provides no way to define the keys and values in these attributes. These
maps cannot be specified in the schema and they cannot be checked by the schema processing.

+Schema entity `vhost` includes several attributes of type map. In the current form the management
schema provides no way to define the keys and values in these attributes. These maps cannot
be specified in the schema and they cannot be checked by the schema processing. 
 
-Until the schema is extended specify embedded maps this document describes the policyRuleset
settings.
+Until the schema is extended specify embedded maps this document describes the vhost settings.
 
   "policyAppSettings": {
       "description": "For a given user group define the policy settings applied to the user's
AMQP connection.",

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/management/agent.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py
index 8fd4e84..01f52cb 100644
--- a/python/qpid_dispatch_internal/management/agent.py
+++ b/python/qpid_dispatch_internal/management/agent.py
@@ -312,7 +312,7 @@ class PolicyEntity(EntityAdapter):
         return self.attributes.get('module')
 
 
-class PolicyRulesetEntity(EntityAdapter):
+class VhostEntity(EntityAdapter):
     def create(self):
         self._policy.create_ruleset(self.attributes)
 

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py
index 881def8..28ba91b 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -182,13 +182,12 @@ def configure_dispatch(dispatch, lib_handle, filename):
 
     from qpid_dispatch_internal.display_name.display_name import DisplayNameService
     displayname_service = DisplayNameService("$displayname")
-    policyFolder = config.by_type('policy')[0]['policyFolder']
-    policyDefaultApplication = config.by_type('policy')[0]['defaultApplication']
-    policyDefaultApplicationEnabled = config.by_type('policy')[0]['defaultApplicationEnabled']
+    policyDir = config.by_type('policy')[0]['policyDir']
+    policyDefaultVhost = config.by_type('policy')[0]['defaultVhost']
     # Remaining configuration
     for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", \
              "router.config.address", "router.config.linkRoute", "router.config.autoLink",
\
-             "policy", "policyRuleset":
+             "policy", "vhost":
         for a in config.by_type(t):
             configure(a)
             if t == "listener":
@@ -200,15 +199,15 @@ def configure_dispatch(dispatch, lib_handle, filename):
     for e in config.entities:
         configure(e)
 
-    # Load the policyRulesets from the .json files in policyFolder
-    # Only policyRulesets are loaded. Other entities are silently discarded.
-    if not policyFolder == '':
-        apath = os.path.abspath(policyFolder)
-        for i in os.listdir(policyFolder):
+    # Load the vhosts from the .json files in policyDir
+    # Only vhosts are loaded. Other entities are silently discarded.
+    if not policyDir == '':
+        apath = os.path.abspath(policyDir)
+        for i in os.listdir(policyDir):
             if i.endswith(".json"):
                 pconfig = PolicyConfig(os.path.join(apath, i))
-                for a in pconfig.by_type("policyRuleset"):
+                for a in pconfig.by_type("vhost"):
                     agent.configure(a)
 
     # Set policy default application after all rulesets loaded
-    agent.policy.set_default_application(policyDefaultApplication, policyDefaultApplicationEnabled)
+    agent.policy.set_default_vhost(policyDefaultVhost)

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index cb62896..52339ca 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -487,14 +487,10 @@ class PolicyLocal(object):
         # Entries destroyed as sockets closed
         self._connections = {}
 
-        # _default_application is a string
-        #  holds the name of the policyRuleset to use when the
+        # _default_vhost is a string
+        #  holds the name of the vhost to use when the
         #  open.hostname is not found in the rulesetdb
-        self._default_application = ""
-
-        # _default_application_enabled is a boolean
-        #  controls default application fallback logic
-        self._default_application_enabled = False
+        self._default_vhost = ""
 
     #
     # Service interfaces
@@ -559,22 +555,24 @@ class PolicyLocal(object):
         """
         return self.rulesetdb.keys()
 
-    def set_default_application(self, name, enabled):
+    def set_default_vhost(self, name):
         """
-        Set the default application name and control its enablement.
-        Raise PolicyError if the named application is enabled but absent.
+        Set the default vhost name.
         @param name: the name of the default application
-        @param enabled: default application ruleset logic is active
         @return: none
         """
-        self._default_application = name
-        self._default_application_enabled = enabled
-        if enabled:
-            if not name in self.policy_db_get_names():
-                raise PolicyError("Policy fallback defaultApplication '%s' does not exist"
% name)
-            self._manager.log_info("Policy fallback defaultApplication is enabled: '%s'"
% name)
-        else:
-            self._manager.log_info("Policy fallback defaultApplication is disabled")
+        self._default_vhost = name
+        self._manager.log_info("Policy fallback defaultVhost is enabled: '%s'" % name)
+
+
+    def default_vhost_enabled(self):
+        """
+        The default vhost is enabled if the name is not blank and
+        the vhost is defined in rulesetdb.
+        @return:
+        """
+        return not self._default_vhost == "" and self._default_vhost in self.rulesetdb
+
 
     #
     # Runtime query interface
@@ -596,8 +594,8 @@ class PolicyLocal(object):
         try:
             app = app_in
             if not app_in in self.rulesetdb:
-                if self._default_application_enabled:
-                    app = self._default_application
+                if self.default_vhost_enabled():
+                    app = self._default_vhost
                 else:
                     self._manager.log_info(
                         "DENY AMQP Open for user '%s', host '%s', application '%s': "
@@ -684,8 +682,9 @@ class PolicyLocal(object):
         """
         try:
             appname = appname_in
-            if not appname in self.rulesetdb and self._default_application_enabled:
-                appname = self._default_application
+            if not appname in self.rulesetdb:
+                if self.default_vhost_enabled():
+                    appname = self._default_vhost
 
             if not appname in self.rulesetdb:
                 self._manager.log_info(

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/policy/policy_manager.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_manager.py b/python/qpid_dispatch_internal/policy/policy_manager.py
index 7cb72fb..cb0247b 100644
--- a/python/qpid_dispatch_internal/policy/policy_manager.py
+++ b/python/qpid_dispatch_internal/policy/policy_manager.py
@@ -80,14 +80,13 @@ class PolicyManager(object):
     #
     # Management interface to set the default application
     #
-    def set_default_application(self, name, enabled):
+    def set_default_vhost(self, name):
         """
         Set default application
         @param name:
-        @param enabled
         @return:
         """
-        self._policy_local.set_default_application(name, enabled)
+        self._policy_local.set_default_vhost(name)
 
     #
     # Runtime query interface

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 48723d0..aa67964 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -65,8 +65,8 @@ struct qd_policy_t {
     void                 *py_policy_manager;
                           // configured settings
     int                   max_connection_limit;
-    char                 *policyFolder;
-    bool                  enableAccessRules;
+    char                 *policyDir;
+    bool                  enableVhostPolicy;
                           // live statistics
     int                   connections_processed;
     int                   connections_denied;
@@ -83,8 +83,8 @@ qd_policy_t *qd_policy(qd_dispatch_t *qd)
     policy->qd                   = qd;
     policy->log_source           = qd_log_source("POLICY");
     policy->max_connection_limit = 0;
-    policy->policyFolder         = 0;
-    policy->enableAccessRules    = false;
+    policy->policyDir         = 0;
+    policy->enableVhostPolicy    = false;
     policy->connections_processed= 0;
     policy->connections_denied   = 0;
     policy->connections_current  = 0;
@@ -99,8 +99,8 @@ qd_policy_t *qd_policy(qd_dispatch_t *qd)
  **/
 void qd_policy_free(qd_policy_t *policy)
 {
-    if (policy->policyFolder)
-        free(policy->policyFolder);
+    if (policy->policyDir)
+        free(policy->policyDir);
     free(policy);
 }
 
@@ -110,19 +110,19 @@ void qd_policy_free(qd_policy_t *policy)
 
 qd_error_t qd_entity_configure_policy(qd_policy_t *policy, qd_entity_t *entity)
 {
-    policy->max_connection_limit = qd_entity_opt_long(entity, "maximumConnections", 0);
CHECK();
+    policy->max_connection_limit = qd_entity_opt_long(entity, "maxConnections", 0); CHECK();
     if (policy->max_connection_limit < 0)
-        return qd_error(QD_ERROR_CONFIG, "maximumConnections must be >= 0");
-    policy->policyFolder =
-        qd_entity_opt_string(entity, "policyFolder", 0); CHECK();
-    policy->enableAccessRules = qd_entity_opt_bool(entity, "enableAccessRules", false);
CHECK();
-    qd_log(policy->log_source, QD_LOG_INFO, "Policy configured maximumConnections: %d,
policyFolder: '%s', access rules enabled: '%s'",
-           policy->max_connection_limit, policy->policyFolder, (policy->enableAccessRules
? "true" : "false"));
+        return qd_error(QD_ERROR_CONFIG, "maxConnections must be >= 0");
+    policy->policyDir =
+        qd_entity_opt_string(entity, "policyDir", 0); CHECK();
+    policy->enableVhostPolicy = qd_entity_opt_bool(entity, "enableVhostPolicy", false);
CHECK();
+    qd_log(policy->log_source, QD_LOG_INFO, "Policy configured maxConnections: %d, policyDir:
'%s', access rules enabled: '%s'",
+           policy->max_connection_limit, policy->policyDir, (policy->enableVhostPolicy
? "true" : "false"));
     return QD_ERROR_NONE;
 
 error:
-    if (policy->policyFolder)
-        free(policy->policyFolder);
+    if (policy->policyDir)
+        free(policy->policyDir);
     qd_policy_free(policy);
     return qd_error_code();
 }
@@ -222,7 +222,7 @@ void qd_policy_socket_close(void *context, const qd_connection_t *conn)
 
     n_connections -= 1;
     assert (n_connections >= 0);
-    if (policy->enableAccessRules) {
+    if (policy->enableVhostPolicy) {
         // HACK ALERT: TODO: This should be deferred to a Python thread
         qd_python_lock_state_t lock_state = qd_python_lock();
         PyObject *module = PyImport_ImportModule("qpid_dispatch_internal.policy.policy_manager");
@@ -262,7 +262,7 @@ void qd_policy_socket_close(void *context, const qd_connection_t *conn)
 // allow or deny the Open. Denied Open attempts are
 // effected by returning Open and then Close_with_condition.
 //
-/** Look up user/host/app in python policyRuleset and give the AMQP Open
+/** Look up user/host/app in python vhost and give the AMQP Open
  *  a go-no_go decision. Return false if the mechanics of calling python
  *  fails. A policy lookup will deny the connection by returning a blank
  *  usergroup name in the name buffer.
@@ -707,7 +707,7 @@ void qd_policy_amqp_open(void *context, bool discard)
         qd_policy_t *policy = qd->policy;
         bool connection_allowed = true;
 
-        if (policy->enableAccessRules) {
+        if (policy->enableVhostPolicy) {
             // Open connection or not based on policy.
             pn_transport_t *pn_trans = pn_connection_transport(conn);
             const char *hostip = qdpn_connector_hostip(qd_conn->pn_cxtr);

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/management-access.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/management-access.json b/tests/policy-1/management-access.json
index b642b94..48e544a 100644
--- a/tests/policy-1/management-access.json
+++ b/tests/policy-1/management-access.json
@@ -23,7 +23,7 @@
 #    localhost   - proton 0.13
 #    unnamed host- proton 0.13
 [
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "",
       "maxConnections": 50,
       "maxConnPerUser": 5,
@@ -45,7 +45,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "0.0.0.0",
       "maxConnections": 50,
       "maxConnPerUser": 5,
@@ -67,7 +67,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "localhost",
       "maxConnections": 50,
       "maxConnPerUser": 5,

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/policy-boardwalk.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json
index 174bdef..d5c611a 100644
--- a/tests/policy-1/policy-boardwalk.json
+++ b/tests/policy-1/policy-boardwalk.json
@@ -19,7 +19,7 @@
 
 [
     # The boardwalk policy ruleset
-    ["policyRuleset",
+    ["vhost",
         {
             "applicationName": "boardwalk",
             "maxConnections": 10,

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/policy-safari.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/policy-safari.json b/tests/policy-1/policy-safari.json
index a61bbd9..be28e96 100644
--- a/tests/policy-1/policy-safari.json
+++ b/tests/policy-1/policy-safari.json
@@ -18,7 +18,7 @@
 ##
 [
     # The safari policy ruleset
-    ["policyRuleset",
+    ["vhost",
         {
             "applicationName": "safari",
             "maxConnections": 10,

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/test-policy-conf-includes-folder.conf.in
----------------------------------------------------------------------
diff --git a/tests/policy-1/test-policy-conf-includes-folder.conf.in b/tests/policy-1/test-policy-conf-includes-folder.conf.in
index 3dbcc77..bd2e750 100644
--- a/tests/policy-1/test-policy-conf-includes-folder.conf.in
+++ b/tests/policy-1/test-policy-conf-includes-folder.conf.in
@@ -34,7 +34,7 @@ listener {
 }
 
 policy {
-    maximumConnections: 10
-    enableAccessRules: true
-    policyFolder: ${CMAKE_CURRENT_BINARY_DIR}/policy-1
+    maxConnections: 10
+    enableVhostPolicy: true
+    policyDir: ${CMAKE_CURRENT_BINARY_DIR}/policy-1
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-2/test-router-with-policy.json.in
----------------------------------------------------------------------
diff --git a/tests/policy-2/test-router-with-policy.json.in b/tests/policy-2/test-router-with-policy.json.in
index 1ec3ef1..a38608f 100644
--- a/tests/policy-2/test-router-with-policy.json.in
+++ b/tests/policy-2/test-router-with-policy.json.in
@@ -25,11 +25,11 @@
 	"module": "DEFAULT"
     }],
     ["policy", {
-	"maximumConnections": 20,
-	"enableAccessRules": "true"
+	"maxConnections": 20,
+	"enableVhostPolicy": "true"
     }],
 # Some ruleset
-    ["policyRuleset", {
+    ["vhost", {
       "applicationName": "photoserver",
       "maxConnections": 50,
       "maxConnPerUser": 5,
@@ -145,7 +145,7 @@
         }
       }
   }],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "",
       "maxConnections": 50,
       "maxConnPerUser": 5,
@@ -167,7 +167,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "0.0.0.0",
       "maxConnections": 50,
       "maxConnPerUser": 5,
@@ -189,7 +189,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "localhost",
       "maxConnections": 50,
       "maxConnPerUser": 5,

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-3/test-sender-receiver-limits.json
----------------------------------------------------------------------
diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json
index f7fc033..7a30aaf 100644
--- a/tests/policy-3/test-sender-receiver-limits.json
+++ b/tests/policy-3/test-sender-receiver-limits.json
@@ -1,7 +1,7 @@
 [
 # Ruleset with differing number of senders and receivers
 # so tests can determine that correct limit is matched.
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "",
       "maxConnections": 50,
       "maxConnPerUser": 2,
@@ -23,7 +23,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "0.0.0.0",
       "maxConnections": 50,
       "maxConnPerUser": 2,
@@ -45,7 +45,7 @@
       }
     }
   ],
-  ["policyRuleset", {
+  ["vhost", {
       "applicationName": "localhost",
       "maxConnections": 50,
       "maxConnPerUser": 2,

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/router_policy_test.py
----------------------------------------------------------------------
diff --git a/tests/router_policy_test.py b/tests/router_policy_test.py
index c2359f2..d6eefca 100644
--- a/tests/router_policy_test.py
+++ b/tests/router_policy_test.py
@@ -200,8 +200,8 @@ class PolicyFileApplicationFallback(TestCase):
         self.assertTrue(
             self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) ==
'')
 
-        # Enable the fallback defaultApplication and show the same user can now connect
-        self.policy.set_default_application('photoserver', True)
+        # Enable the fallback defaultVhost and show the same user can now connect
+        self.policy.set_default_vhost('photoserver')
         settingsname = self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid",
5)
         self.assertTrue(settingsname == 'test')
 
@@ -222,18 +222,10 @@ class PolicyFileApplicationFallback(TestCase):
         self.assertTrue(upolicy['sources'] == 'private')
 
         # Disable fallback and show failure again
-        self.policy.set_default_application('', False)
+        self.policy.set_default_vhost('')
         self.assertTrue(
             self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) ==
'')
 
-        # Configuration will not allow default application to point to bogus app ruleset
-        was_allowed = True
-        try:
-            self.policy.set_default_application('foobar', True)
-        except:
-            was_allowed = False
-        self.assertTrue(was_allowed == False)
-
 class PolicyAppConnectionMgrTests(TestCase):
 
     def test_policy_app_conn_mgr_fail_by_total(self):

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/system_tests_policy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
index f8fd556..e01e666 100644
--- a/tests/system_tests_policy.py
+++ b/tests/system_tests_policy.py
@@ -35,7 +35,7 @@ class AbsoluteConnectionCountLimit(TestCase):
         config = Qdrouterd.Config([
             ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
             ('listener', {'port': cls.tester.get_port()}),
-            ('policy', {'maximumConnections': 2})
+            ('policy', {'maxConnections': 2, 'enableVhostPolicy': 'false'})
         ])
 
         cls.router = cls.tester.qdrouterd('conn-limit-router', config, wait=True)
@@ -82,7 +82,7 @@ class LoadPolicyFromFolder(TestCase):
         config = Qdrouterd.Config([
             ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
             ('listener', {'port': cls.tester.get_port()}),
-            ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules':
'true'})
+            ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy':
'true'})
         ])
 
         cls.router = cls.tester.qdrouterd('conn-limit-router', config, wait=True)
@@ -104,7 +104,7 @@ class LoadPolicyFromFolder(TestCase):
     def test_verify_policies_are_loaded(self):
         addr = self.address()
 
-        rulesets = json.loads(self.run_qdmanage('query --type=policyRuleset'))
+        rulesets = json.loads(self.run_qdmanage('query --type=vhost'))
         self.assertEqual(len(rulesets), 5)
 
 class SenderReceiverLimits(TestCase):
@@ -121,7 +121,7 @@ class SenderReceiverLimits(TestCase):
         config = Qdrouterd.Config([
             ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
             ('listener', {'port': cls.tester.get_port()}),
-            ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules':
'true'})
+            ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy':
'true'})
         ])
 
         cls.router = cls.tester.qdrouterd('SenderReceiverLimits', config, wait=True)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message