Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 01D0C200B74 for ; Wed, 27 Jul 2016 22:15:49 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 00770160A6F; Wed, 27 Jul 2016 20:15:49 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 636E5160A90 for ; Wed, 27 Jul 2016 22:15:47 +0200 (CEST) Received: (qmail 8334 invoked by uid 500); 27 Jul 2016 20:15:46 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 8193 invoked by uid 99); 27 Jul 2016 20:15:46 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Jul 2016 20:15:46 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 45EEBE02A2; Wed, 27 Jul 2016 20:15:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: chug@apache.org To: commits@qpid.apache.org Date: Wed, 27 Jul 2016 20:15:46 -0000 Message-Id: <7fbfe5e24345435db8b22dec7b35f015@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [01/10] qpid-dispatch git commit: DISPATCH-311: Reorganize policy schema Rename items in entity 'policy'. Rename entity 'policyRuleset' to 'vhost'. archived-at: Wed, 27 Jul 2016 20:15:49 -0000 Repository: qpid-dispatch Updated Branches: refs/heads/master 89bdcb58f -> 5a9cebcae DISPATCH-311: Reorganize policy schema Rename items in entity 'policy'. Rename entity 'policyRuleset' to 'vhost'. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/e30c8502 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/e30c8502 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/e30c8502 Branch: refs/heads/master Commit: e30c8502110c61e050ae054f7ddf4d958b0662af Parents: 4c12a62 Author: Chuck Rolke Authored: Mon Jul 25 15:12:20 2016 -0400 Committer: Chuck Rolke Committed: Mon Jul 25 15:12:20 2016 -0400 ---------------------------------------------------------------------- python/qpid_dispatch/management/qdrouter.json | 27 +++++------- .../qdrouter.policyRuleset.settings.txt | 4 +- .../qpid_dispatch_internal/management/agent.py | 2 +- .../qpid_dispatch_internal/management/config.py | 21 +++++---- .../policy/policy_local.py | 45 ++++++++++---------- .../policy/policy_manager.py | 5 +-- src/policy.c | 36 ++++++++-------- tests/policy-1/management-access.json | 6 +-- tests/policy-1/policy-boardwalk.json | 2 +- tests/policy-1/policy-safari.json | 2 +- .../test-policy-conf-includes-folder.conf.in | 6 +-- tests/policy-2/test-router-with-policy.json.in | 12 +++--- tests/policy-3/test-sender-receiver-limits.json | 6 +-- tests/router_policy_test.py | 14 ++---- tests/system_tests_policy.py | 8 ++-- 15 files changed, 89 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch/management/qdrouter.json ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json index e36896b..37f7a3c 100644 --- a/python/qpid_dispatch/management/qdrouter.json +++ b/python/qpid_dispatch/management/qdrouter.json @@ -1346,38 +1346,31 @@ "extends": "configurationEntity", "singleton": true, "attributes": { - "maximumConnections": { + "maxConnections": { "type": "integer", "default": 0, - "description": "Global maximum number of concurrent client connections allowed. Zero implies no limit. This limit is always enforced even if no other policy settings have been defined.", + "description": "Global maximum number of concurrent client connections allowed. This limit is always enforced even if no other policy settings have been defined.", "required": false, "create": true }, - "enableAccessRules": { + "enableVhostPolicy": { "type": "boolean", "default": false, - "description": "Enable user rule set processing and connection denial.", + "description": "Enable vhost policy connection denial, and resource limit enforcement", "required": false, "create": true }, - "policyFolder": { + "policyDir": { "type": "path", "default": "", - "description": "The absolute path to a folder that holds policyRuleset definition .json files. For a small system the rulesets may all be defined in this file. At a larger scale it is better to have the policy files in their own folder and to have none of the rulesets defined here. All rulesets in all .json files in this folder are processed.", + "description": "Absolute path to a directory that holds vhost definition .json files. All vhost definitions in all .json files in this directory are processed.", "required": false, "create": true }, - "defaultApplication": { + "defaultVhost": { "type": "string", - "default": "", - "description": "Application policyRuleset to use for connections with no open.hostname or a hostname that does not match any existing policy. For users that don't wish to use open.hostname or any multi-tennancy feature, this default policy can be the only policy in effect for the network.", - "required": false, - "create": true - }, - "defaultApplicationEnabled": { - "type": "boolean", - "default": false, - "description": "Enable defaultApplication policy fallback logic.", + "default": "$default", + "description": "Vhost rule set name to use for connections with a vhost that is otherwise not defined. Default vhost processing may be disabled either by erasing the definition of defaultVhost or by not defining a vhost object named '$default'.", "required": false, "create": true }, @@ -1387,7 +1380,7 @@ } }, - "policyRuleset": { + "vhost": { "description": "Per application definition of the locations from which users may connect and the groups to which users belong.", "extends": "configurationEntity", "operations": ["CREATE"], http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt b/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt index 773df7a..653a378 100644 --- a/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt +++ b/python/qpid_dispatch/management/qdrouter.policyRuleset.settings.txt @@ -21,9 +21,9 @@ The schema `qdrouterd.json` is a JSON format file that defines annotations and entity types of the Qpid Dispatch Router management model. The model is based on the AMQP management specification. -Schema entity `policyRuleset` includes several attributes of type map. In the current form the management schema provides no way to define the keys and values in these attributes. These maps cannot be specified in the schema and they cannot be checked by the schema processing. +Schema entity `vhost` includes several attributes of type map. In the current form the management schema provides no way to define the keys and values in these attributes. These maps cannot be specified in the schema and they cannot be checked by the schema processing. -Until the schema is extended specify embedded maps this document describes the policyRuleset settings. +Until the schema is extended specify embedded maps this document describes the vhost settings. "policyAppSettings": { "description": "For a given user group define the policy settings applied to the user's AMQP connection.", http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/management/agent.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py index 8fd4e84..01f52cb 100644 --- a/python/qpid_dispatch_internal/management/agent.py +++ b/python/qpid_dispatch_internal/management/agent.py @@ -312,7 +312,7 @@ class PolicyEntity(EntityAdapter): return self.attributes.get('module') -class PolicyRulesetEntity(EntityAdapter): +class VhostEntity(EntityAdapter): def create(self): self._policy.create_ruleset(self.attributes) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/management/config.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py index 881def8..28ba91b 100644 --- a/python/qpid_dispatch_internal/management/config.py +++ b/python/qpid_dispatch_internal/management/config.py @@ -182,13 +182,12 @@ def configure_dispatch(dispatch, lib_handle, filename): from qpid_dispatch_internal.display_name.display_name import DisplayNameService displayname_service = DisplayNameService("$displayname") - policyFolder = config.by_type('policy')[0]['policyFolder'] - policyDefaultApplication = config.by_type('policy')[0]['defaultApplication'] - policyDefaultApplicationEnabled = config.by_type('policy')[0]['defaultApplicationEnabled'] + policyDir = config.by_type('policy')[0]['policyDir'] + policyDefaultVhost = config.by_type('policy')[0]['defaultVhost'] # Remaining configuration for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", \ "router.config.address", "router.config.linkRoute", "router.config.autoLink", \ - "policy", "policyRuleset": + "policy", "vhost": for a in config.by_type(t): configure(a) if t == "listener": @@ -200,15 +199,15 @@ def configure_dispatch(dispatch, lib_handle, filename): for e in config.entities: configure(e) - # Load the policyRulesets from the .json files in policyFolder - # Only policyRulesets are loaded. Other entities are silently discarded. - if not policyFolder == '': - apath = os.path.abspath(policyFolder) - for i in os.listdir(policyFolder): + # Load the vhosts from the .json files in policyDir + # Only vhosts are loaded. Other entities are silently discarded. + if not policyDir == '': + apath = os.path.abspath(policyDir) + for i in os.listdir(policyDir): if i.endswith(".json"): pconfig = PolicyConfig(os.path.join(apath, i)) - for a in pconfig.by_type("policyRuleset"): + for a in pconfig.by_type("vhost"): agent.configure(a) # Set policy default application after all rulesets loaded - agent.policy.set_default_application(policyDefaultApplication, policyDefaultApplicationEnabled) + agent.policy.set_default_vhost(policyDefaultVhost) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/policy/policy_local.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py index cb62896..52339ca 100644 --- a/python/qpid_dispatch_internal/policy/policy_local.py +++ b/python/qpid_dispatch_internal/policy/policy_local.py @@ -487,14 +487,10 @@ class PolicyLocal(object): # Entries destroyed as sockets closed self._connections = {} - # _default_application is a string - # holds the name of the policyRuleset to use when the + # _default_vhost is a string + # holds the name of the vhost to use when the # open.hostname is not found in the rulesetdb - self._default_application = "" - - # _default_application_enabled is a boolean - # controls default application fallback logic - self._default_application_enabled = False + self._default_vhost = "" # # Service interfaces @@ -559,22 +555,24 @@ class PolicyLocal(object): """ return self.rulesetdb.keys() - def set_default_application(self, name, enabled): + def set_default_vhost(self, name): """ - Set the default application name and control its enablement. - Raise PolicyError if the named application is enabled but absent. + Set the default vhost name. @param name: the name of the default application - @param enabled: default application ruleset logic is active @return: none """ - self._default_application = name - self._default_application_enabled = enabled - if enabled: - if not name in self.policy_db_get_names(): - raise PolicyError("Policy fallback defaultApplication '%s' does not exist" % name) - self._manager.log_info("Policy fallback defaultApplication is enabled: '%s'" % name) - else: - self._manager.log_info("Policy fallback defaultApplication is disabled") + self._default_vhost = name + self._manager.log_info("Policy fallback defaultVhost is enabled: '%s'" % name) + + + def default_vhost_enabled(self): + """ + The default vhost is enabled if the name is not blank and + the vhost is defined in rulesetdb. + @return: + """ + return not self._default_vhost == "" and self._default_vhost in self.rulesetdb + # # Runtime query interface @@ -596,8 +594,8 @@ class PolicyLocal(object): try: app = app_in if not app_in in self.rulesetdb: - if self._default_application_enabled: - app = self._default_application + if self.default_vhost_enabled(): + app = self._default_vhost else: self._manager.log_info( "DENY AMQP Open for user '%s', host '%s', application '%s': " @@ -684,8 +682,9 @@ class PolicyLocal(object): """ try: appname = appname_in - if not appname in self.rulesetdb and self._default_application_enabled: - appname = self._default_application + if not appname in self.rulesetdb: + if self.default_vhost_enabled(): + appname = self._default_vhost if not appname in self.rulesetdb: self._manager.log_info( http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/python/qpid_dispatch_internal/policy/policy_manager.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/policy/policy_manager.py b/python/qpid_dispatch_internal/policy/policy_manager.py index 7cb72fb..cb0247b 100644 --- a/python/qpid_dispatch_internal/policy/policy_manager.py +++ b/python/qpid_dispatch_internal/policy/policy_manager.py @@ -80,14 +80,13 @@ class PolicyManager(object): # # Management interface to set the default application # - def set_default_application(self, name, enabled): + def set_default_vhost(self, name): """ Set default application @param name: - @param enabled @return: """ - self._policy_local.set_default_application(name, enabled) + self._policy_local.set_default_vhost(name) # # Runtime query interface http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/src/policy.c ---------------------------------------------------------------------- diff --git a/src/policy.c b/src/policy.c index 48723d0..aa67964 100644 --- a/src/policy.c +++ b/src/policy.c @@ -65,8 +65,8 @@ struct qd_policy_t { void *py_policy_manager; // configured settings int max_connection_limit; - char *policyFolder; - bool enableAccessRules; + char *policyDir; + bool enableVhostPolicy; // live statistics int connections_processed; int connections_denied; @@ -83,8 +83,8 @@ qd_policy_t *qd_policy(qd_dispatch_t *qd) policy->qd = qd; policy->log_source = qd_log_source("POLICY"); policy->max_connection_limit = 0; - policy->policyFolder = 0; - policy->enableAccessRules = false; + policy->policyDir = 0; + policy->enableVhostPolicy = false; policy->connections_processed= 0; policy->connections_denied = 0; policy->connections_current = 0; @@ -99,8 +99,8 @@ qd_policy_t *qd_policy(qd_dispatch_t *qd) **/ void qd_policy_free(qd_policy_t *policy) { - if (policy->policyFolder) - free(policy->policyFolder); + if (policy->policyDir) + free(policy->policyDir); free(policy); } @@ -110,19 +110,19 @@ void qd_policy_free(qd_policy_t *policy) qd_error_t qd_entity_configure_policy(qd_policy_t *policy, qd_entity_t *entity) { - policy->max_connection_limit = qd_entity_opt_long(entity, "maximumConnections", 0); CHECK(); + policy->max_connection_limit = qd_entity_opt_long(entity, "maxConnections", 0); CHECK(); if (policy->max_connection_limit < 0) - return qd_error(QD_ERROR_CONFIG, "maximumConnections must be >= 0"); - policy->policyFolder = - qd_entity_opt_string(entity, "policyFolder", 0); CHECK(); - policy->enableAccessRules = qd_entity_opt_bool(entity, "enableAccessRules", false); CHECK(); - qd_log(policy->log_source, QD_LOG_INFO, "Policy configured maximumConnections: %d, policyFolder: '%s', access rules enabled: '%s'", - policy->max_connection_limit, policy->policyFolder, (policy->enableAccessRules ? "true" : "false")); + return qd_error(QD_ERROR_CONFIG, "maxConnections must be >= 0"); + policy->policyDir = + qd_entity_opt_string(entity, "policyDir", 0); CHECK(); + policy->enableVhostPolicy = qd_entity_opt_bool(entity, "enableVhostPolicy", false); CHECK(); + qd_log(policy->log_source, QD_LOG_INFO, "Policy configured maxConnections: %d, policyDir: '%s', access rules enabled: '%s'", + policy->max_connection_limit, policy->policyDir, (policy->enableVhostPolicy ? "true" : "false")); return QD_ERROR_NONE; error: - if (policy->policyFolder) - free(policy->policyFolder); + if (policy->policyDir) + free(policy->policyDir); qd_policy_free(policy); return qd_error_code(); } @@ -222,7 +222,7 @@ void qd_policy_socket_close(void *context, const qd_connection_t *conn) n_connections -= 1; assert (n_connections >= 0); - if (policy->enableAccessRules) { + if (policy->enableVhostPolicy) { // HACK ALERT: TODO: This should be deferred to a Python thread qd_python_lock_state_t lock_state = qd_python_lock(); PyObject *module = PyImport_ImportModule("qpid_dispatch_internal.policy.policy_manager"); @@ -262,7 +262,7 @@ void qd_policy_socket_close(void *context, const qd_connection_t *conn) // allow or deny the Open. Denied Open attempts are // effected by returning Open and then Close_with_condition. // -/** Look up user/host/app in python policyRuleset and give the AMQP Open +/** Look up user/host/app in python vhost and give the AMQP Open * a go-no_go decision. Return false if the mechanics of calling python * fails. A policy lookup will deny the connection by returning a blank * usergroup name in the name buffer. @@ -707,7 +707,7 @@ void qd_policy_amqp_open(void *context, bool discard) qd_policy_t *policy = qd->policy; bool connection_allowed = true; - if (policy->enableAccessRules) { + if (policy->enableVhostPolicy) { // Open connection or not based on policy. pn_transport_t *pn_trans = pn_connection_transport(conn); const char *hostip = qdpn_connector_hostip(qd_conn->pn_cxtr); http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/management-access.json ---------------------------------------------------------------------- diff --git a/tests/policy-1/management-access.json b/tests/policy-1/management-access.json index b642b94..48e544a 100644 --- a/tests/policy-1/management-access.json +++ b/tests/policy-1/management-access.json @@ -23,7 +23,7 @@ # localhost - proton 0.13 # unnamed host- proton 0.13 [ - ["policyRuleset", { + ["vhost", { "applicationName": "", "maxConnections": 50, "maxConnPerUser": 5, @@ -45,7 +45,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "0.0.0.0", "maxConnections": 50, "maxConnPerUser": 5, @@ -67,7 +67,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "localhost", "maxConnections": 50, "maxConnPerUser": 5, http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/policy-boardwalk.json ---------------------------------------------------------------------- diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json index 174bdef..d5c611a 100644 --- a/tests/policy-1/policy-boardwalk.json +++ b/tests/policy-1/policy-boardwalk.json @@ -19,7 +19,7 @@ [ # The boardwalk policy ruleset - ["policyRuleset", + ["vhost", { "applicationName": "boardwalk", "maxConnections": 10, http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/policy-safari.json ---------------------------------------------------------------------- diff --git a/tests/policy-1/policy-safari.json b/tests/policy-1/policy-safari.json index a61bbd9..be28e96 100644 --- a/tests/policy-1/policy-safari.json +++ b/tests/policy-1/policy-safari.json @@ -18,7 +18,7 @@ ## [ # The safari policy ruleset - ["policyRuleset", + ["vhost", { "applicationName": "safari", "maxConnections": 10, http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-1/test-policy-conf-includes-folder.conf.in ---------------------------------------------------------------------- diff --git a/tests/policy-1/test-policy-conf-includes-folder.conf.in b/tests/policy-1/test-policy-conf-includes-folder.conf.in index 3dbcc77..bd2e750 100644 --- a/tests/policy-1/test-policy-conf-includes-folder.conf.in +++ b/tests/policy-1/test-policy-conf-includes-folder.conf.in @@ -34,7 +34,7 @@ listener { } policy { - maximumConnections: 10 - enableAccessRules: true - policyFolder: ${CMAKE_CURRENT_BINARY_DIR}/policy-1 + maxConnections: 10 + enableVhostPolicy: true + policyDir: ${CMAKE_CURRENT_BINARY_DIR}/policy-1 } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-2/test-router-with-policy.json.in ---------------------------------------------------------------------- diff --git a/tests/policy-2/test-router-with-policy.json.in b/tests/policy-2/test-router-with-policy.json.in index 1ec3ef1..a38608f 100644 --- a/tests/policy-2/test-router-with-policy.json.in +++ b/tests/policy-2/test-router-with-policy.json.in @@ -25,11 +25,11 @@ "module": "DEFAULT" }], ["policy", { - "maximumConnections": 20, - "enableAccessRules": "true" + "maxConnections": 20, + "enableVhostPolicy": "true" }], # Some ruleset - ["policyRuleset", { + ["vhost", { "applicationName": "photoserver", "maxConnections": 50, "maxConnPerUser": 5, @@ -145,7 +145,7 @@ } } }], - ["policyRuleset", { + ["vhost", { "applicationName": "", "maxConnections": 50, "maxConnPerUser": 5, @@ -167,7 +167,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "0.0.0.0", "maxConnections": 50, "maxConnPerUser": 5, @@ -189,7 +189,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "localhost", "maxConnections": 50, "maxConnPerUser": 5, http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/policy-3/test-sender-receiver-limits.json ---------------------------------------------------------------------- diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json index f7fc033..7a30aaf 100644 --- a/tests/policy-3/test-sender-receiver-limits.json +++ b/tests/policy-3/test-sender-receiver-limits.json @@ -1,7 +1,7 @@ [ # Ruleset with differing number of senders and receivers # so tests can determine that correct limit is matched. - ["policyRuleset", { + ["vhost", { "applicationName": "", "maxConnections": 50, "maxConnPerUser": 2, @@ -23,7 +23,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "0.0.0.0", "maxConnections": 50, "maxConnPerUser": 2, @@ -45,7 +45,7 @@ } } ], - ["policyRuleset", { + ["vhost", { "applicationName": "localhost", "maxConnections": 50, "maxConnPerUser": 2, http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/router_policy_test.py ---------------------------------------------------------------------- diff --git a/tests/router_policy_test.py b/tests/router_policy_test.py index c2359f2..d6eefca 100644 --- a/tests/router_policy_test.py +++ b/tests/router_policy_test.py @@ -200,8 +200,8 @@ class PolicyFileApplicationFallback(TestCase): self.assertTrue( self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '') - # Enable the fallback defaultApplication and show the same user can now connect - self.policy.set_default_application('photoserver', True) + # Enable the fallback defaultVhost and show the same user can now connect + self.policy.set_default_vhost('photoserver') settingsname = self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) self.assertTrue(settingsname == 'test') @@ -222,18 +222,10 @@ class PolicyFileApplicationFallback(TestCase): self.assertTrue(upolicy['sources'] == 'private') # Disable fallback and show failure again - self.policy.set_default_application('', False) + self.policy.set_default_vhost('') self.assertTrue( self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '') - # Configuration will not allow default application to point to bogus app ruleset - was_allowed = True - try: - self.policy.set_default_application('foobar', True) - except: - was_allowed = False - self.assertTrue(was_allowed == False) - class PolicyAppConnectionMgrTests(TestCase): def test_policy_app_conn_mgr_fail_by_total(self): http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e30c8502/tests/system_tests_policy.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py index f8fd556..e01e666 100644 --- a/tests/system_tests_policy.py +++ b/tests/system_tests_policy.py @@ -35,7 +35,7 @@ class AbsoluteConnectionCountLimit(TestCase): config = Qdrouterd.Config([ ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}), ('listener', {'port': cls.tester.get_port()}), - ('policy', {'maximumConnections': 2}) + ('policy', {'maxConnections': 2, 'enableVhostPolicy': 'false'}) ]) cls.router = cls.tester.qdrouterd('conn-limit-router', config, wait=True) @@ -82,7 +82,7 @@ class LoadPolicyFromFolder(TestCase): config = Qdrouterd.Config([ ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}), ('listener', {'port': cls.tester.get_port()}), - ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules': 'true'}) + ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'}) ]) cls.router = cls.tester.qdrouterd('conn-limit-router', config, wait=True) @@ -104,7 +104,7 @@ class LoadPolicyFromFolder(TestCase): def test_verify_policies_are_loaded(self): addr = self.address() - rulesets = json.loads(self.run_qdmanage('query --type=policyRuleset')) + rulesets = json.loads(self.run_qdmanage('query --type=vhost')) self.assertEqual(len(rulesets), 5) class SenderReceiverLimits(TestCase): @@ -121,7 +121,7 @@ class SenderReceiverLimits(TestCase): config = Qdrouterd.Config([ ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}), ('listener', {'port': cls.tester.get_port()}), - ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules': 'true'}) + ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'}) ]) cls.router = cls.tester.qdrouterd('SenderReceiverLimits', config, wait=True) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org