I'm working on https://issues.apache.org/jira/browse/QPID-4334 ("[Java
broker] move the Firewall functionality into the ACL plugin") and want to
gather opinions on the desired behaviour.
My main questions are:
- Are we happy to make this change to the Java Broker?
- If so, what is the nicest ACL syntax for firewall rules?
The motivation for this work is to:
(1) rationalise our set of plugins, thus making the implementation of
QPID-4335 ("[java broker] replace current plugin system with a simplified
system") easier;
(2) make life simpler for our users.
I expect the second point will be more contentious, hence this email.
Putting myself in the user's shoes, I believe it makes sense for access
control and firewall configuration to be done in one place, using rules
such as:
ACL ALLOW all ACCESS VIRTUALHOST FROM-NETWORK="123.456.789/24"
ACL DENY-LOG all ACCESS VIRTUALHOST FROM-HOSTNAME=".*\.uat.mycompany\.com"
I therefore propose to enhance the "ACCESS VIRTUALHOST" ACL rule to support
the same network and hostname predicates that are currently supported by
the firewall Java broker plugin. This will make the firewall plugin
redundant, so it will be deleted.
The objections I'm anticipating are:
- This will break require users to modify their config when they upgrade.
I think this minor inconvenience is outweighed by the motivations stated
above.
- This will cause the Java and C++ ACL syntax to diverge further. I don't
know if this is a showstopper. I understand that this enhancement was
previously discussed for the C++ broker, and I'd be particularly interested
to hear current views on this from the C++ folks.
Let me know what you think.
Thanks
Phil
