-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5015/
-----------------------------------------------------------
Review request for qpid, Alan Conway, Kim van der Riet, and Ted Ross.
Summary
-------
This patch fulfills a long-standing request to keep users from abusing broker
queue resources. If a user is allowed to create one queue he then can create
them by the thousdands.
The code is more of a quota than an access control but it fits naturally in the
current ACL module. The implementation here is queue-centric but could be
generalized to support limiting exchanges as well.
A few concerns arise:
1. This code counts/protects live requests coming in to single node. This code
does not protect queues that are presisting. The concern is that a user creates
his quota of persistent queues and then upon system restart the same user can
create another batch of queues since the persisted queues aren't tracked. Is
this a vaild concern?
2. The patch provides only a single setting for all users.
3. The patch makes no effort to replicate the queue count state across a
cluster. Surely this is a problem for clusters.
This addresses bug QPID-2393.
https://issues.apache.org/jira/browse/QPID-2393
Diffs
-----
trunk/qpid/cpp/src/qpid/acl/Acl.h 1334118
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1334118
trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1334118
trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1334118
trunk/qpid/cpp/src/qpid/broker/AclModule.h 1334118
trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1334118
trunk/qpid/cpp/src/tests/acl.py 1334118
trunk/qpid/cpp/src/tests/run_acl_tests 1334118
Diff: https://reviews.apache.org/r/5015/diff
Testing
-------
Unit tests included.
Thanks,
Chug
