[
https://issues.apache.org/jira/browse/QPID-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242479#comment-13242479
]
[email protected] commented on QPID-3918:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4525/
-----------------------------------------------------------
(Updated 2012-03-30 15:54:07.491139)
Review request for qpid, Alan Conway, Gordon Sim, and rajith attapattu.
Changes
-------
1. Don't log module load.
2. Check in unrelated bug fixes separately.
3. Change function try/catch scheme: Just have one try/catch. Change 'throw
str' exception generation to 'throw qpid::Exception(str)' and then catch only
std::exception.
There was some push back to exclude this patch: it does not add to the function
of a broker and becomes one more piece of unrelated code that fails to be
maintained. An alternative is to create a separate library or executable that
loads acl.so and implements the query functions there. This has the possibility
of loading any acl.so and to give query results from any version of qpidd.
I favor keeping this patch not just because it's complete and ready to go.
Adding the proposed library or executable is a much larger task and is likely
'not worth doing'. This patch is very focused and exists in an optional,
loadable module; as such it doesn't burden the broker at run-time or change any
of its performance characteristics. Also, by being in the broker itself it can
never give wrong results because it loaded the wrong acl.so file.
Summary
-------
Add management methods that let a customer drive arbitrary ACL lookup queries.
This addresses bug QPID-3918.
https://issues.apache.org/jira/browse/QPID-3918
Diffs (updated)
-----
trunk/qpid/cpp/src/qpid/acl/Acl.h 1307073
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1307073
trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1307073
trunk/qpid/cpp/src/qpid/broker/AclModule.h 1307073
Diff: https://reviews.apache.org/r/4525/diff
Testing
-------
Thanks,
Chug
> Add management acl-query test methods to C++ broker ACL plugin
> --------------------------------------------------------------
>
> Key: QPID-3918
> URL: https://issues.apache.org/jira/browse/QPID-3918
> Project: Qpid
> Issue Type: New Feature
> Components: C++ Broker
> Affects Versions: 0.14
> Reporter: Chuck Rolke
> Assignee: Chuck Rolke
> Attachments: acl-test-00-rules.acl, acl-test-00.log, acl-test-00.py
>
>
> In its current form the ACL module is not testable in a customer deployment.
> The ACL module loads the ACL file and from then on only real-world activity
> triggers allow and deny decisions.
> This feature proposal adds two management methods that are directly tied to
> the ACL decision Lookup functions. Using them a customer may start a dummy
> broker process that uses his actual (1) ACL rule file. Then using a
> management application the customer may fire off a set of lookups against his
> rule file to see if the ACL rules deliver the intended results.
> This feature could also be used to augment the self tests. It is very hard to
> stage enough driver code to trigger some of the ACL queries. Using the
> proposed methods then the self test can launch any ACL query directly.
> (1) As usual the ACL file must be bent enough to allow 'anonymous' to have
> access to the management methods
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
