qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Rolke <cro...@redhat.com>
Subject Re: C++ broker management from a C++ library
Date Mon, 14 Nov 2016 19:59:43 GMT
Hi Chris,

----- Original Message -----
> From: "Chris Richardson" <cr@fourc.eu>
> To: "users" <users@qpid.apache.org>
> Sent: Monday, November 14, 2016 5:28:43 AM
> Subject: C++ broker management from a C++ library
> Hi,
> I noticed recently there was a question about how to do this (
> http://qpid.2158936.n2.nabble.com/How-from-within-a-C-application-is-it-possible-to-examine-and-manage-a-broker-td7652451.html)
> which happened to be posted at exactly the time I'd finished implementing a
> small feature subset in C++. This was based on the python implementation
> exactly as Steve mentioned in the above post. Since it seemed we at FourC
> are not the only ones interested in this functionality I've carved the code
> out of our libraries, expanded the scope to include as much of the QMF RPC
> interface as I could and released it under LGPL3 as a library here
> https://github.com/fourceu/fourc-qpid-manager
> From a user perspective it's simply a case of creating an instance of a
> fourc::fmf::BrokerAgent, which requires a connected
> qpid::messaging::Session for its constructor. The interface of this class
> is similar to the Qpid Python one and should be pretty self-explanatory.
> The functionality offered includes making ACL queries, triggering an ACL
> reload, querying for broker, connection, exchange, link, memory, session
> and subscriber stats and querying/creating/deleting exchanges, queues and
> bindings. Stub implementations of the Cluster and HaBroker classes are
> included but they don't do anything because I haven't yet built a cluster
> to work with!
> Internally the library uses the QMF interface and is very closely modelled
> on the Python implementation; after that things get ugly as of course C++
> doesn't support some of the nice Python deserialisation features, so the
> rest of the library is pairs of classes and related decoders. It includes a
> fairly comprehensive suite of tests which execute on Travis CI so my hope
> is that even though the code is very new it should actually work! If
> there's sufficient interest I can add more documentation and some examples.

This sounds pretty interesting and I hope to take a look at it over the
next couple of weeks. Thanks for posting it.

> One feature we would really like which is not present is the ability to
> modify ACLs "in memory", so to speak, rather than making modifications to
> the ACL file and then triggering a reload. Could anyone provide more
> information about whether this is possible and if so how?

The ACLs today do not offer the option of replacing just one rule in place.
There are two reasons for this.

1. An ACL rule file is 'compiled' into the run-time rule set. 
A single rule's settings are propagated to many places.  Figuring out what
to undo/redo to replace an existing ACL rule would be error prone.

2. ACL does not offer an 'export the rule set' command.
If a rule is replaced then the rule set that the box is using is nowhere
represented by a file. How can the running rule set be recreated or
verified? By design rule sets come from files on the host and are imported
into ACL. The system manager then has the opportunity to keep a copy
of every ACL rule file for later reuse and analysis.

Certainly both of these restrictions are negotiable. To date the security
risk in changing either of these design choices has outweighed the 
benefit. If the ACL rules need to change then change them in a file and
load that new file.

> I hope this library will be of use to someone but of course the main reason
> for publishing it is to end up with the best possible implementation so
> feedback and contributions will be very warmly welcomed!
> --
> *Chris Richardson*, System Architect
> cr@fourc.eu
> *FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu
> <http://www.fourc.eu/>*
> *Follow us on LinkedIn <http://bit.ly/fourcli>, Facebook
> <http://bit.ly/fourcfb>, Google+ <http://bit.ly/fourcgp> and Twitter
> <http://bit.ly/fourctw>!*

To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

View raw message