diff options
author | Pavel Moravec <pmoravec@apache.org> | 2014-02-03 12:59:37 +0000 |
---|---|---|
committer | Pavel Moravec <pmoravec@apache.org> | 2014-02-03 12:59:37 +0000 |
commit | 1f71694af9d86eec479e41404d8cf8affd448a70 (patch) | |
tree | 094e67a266ee73e5beb59e00a31b7cbb6f684679 | |
parent | c3b93ca895efa1175e5891ba73b0407e421ad31e (diff) | |
download | qpid-python-1f71694af9d86eec479e41404d8cf8affd448a70.tar.gz |
QPID-5519: ACL property/properties for paged queues - fixed typo, added tests and documentation
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1563866 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/design_docs/broker-acl-work.txt | 24 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/AclModule.h | 4 | ||||
-rwxr-xr-x | qpid/cpp/src/tests/acl.py | 223 | ||||
-rw-r--r-- | qpid/doc/book/src/cpp-broker/Security.xml | 38 |
4 files changed, 275 insertions, 14 deletions
diff --git a/qpid/cpp/design_docs/broker-acl-work.txt b/qpid/cpp/design_docs/broker-acl-work.txt index e89e446a56..e587dc5198 100644 --- a/qpid/cpp/design_docs/broker-acl-work.txt +++ b/qpid/cpp/design_docs/broker-acl-work.txt @@ -28,16 +28,20 @@ in memory and on disk. * Add property limit settings to CREATE QUEUE Acl rules. -User Option Acl Limit Property Units ---------------- ---------------------- --------------- -qpid.max_size queuemaxsizelowerlimit bytes - queuemaxsizeupperlimit bytes -qpid.max_count queuemaxcountlowerlimit messages - queuemaxcountupperlimit messages -qpid.file_size filemaxsizelowerlimit pages (64Kb per page) - filemaxsizeupperlimit pages (64Kb per page) -qpid.file_count filemaxcountlowerlimit files - filemaxcountupperlimit files +User Option Acl Limit Property Units +--------------- ---------------------- --------------- +qpid.max_size queuemaxsizelowerlimit bytes + queuemaxsizeupperlimit bytes +qpid.max_count queuemaxcountlowerlimit messages + queuemaxcountupperlimit messages +qpid.file_size filemaxsizelowerlimit pages (64Kb per page) + filemaxsizeupperlimit pages (64Kb per page) +qpid.file_count filemaxcountlowerlimit files + filemaxcountupperlimit files +qpid.max_pages_loaded pageslowerlimit pages + pagesupperlimit pages +qpid.page_factor pagefactorlowerlimit integer (multiple of the platform-defined page size) + pagefactorlowerlimit integer (multiple of the platform-defined page size) * Change rule match behavior to accomodate limit settings diff --git a/qpid/cpp/src/qpid/broker/AclModule.h b/qpid/cpp/src/qpid/broker/AclModule.h index 934a11789f..aa0ea0c6b0 100644 --- a/qpid/cpp/src/qpid/broker/AclModule.h +++ b/qpid/cpp/src/qpid/broker/AclModule.h @@ -326,9 +326,9 @@ namespace acl { case SPECPROP_MAXFILECOUNTLOWERLIMIT: return "filemaxcountlowerlimit"; case SPECPROP_MAXFILECOUNTUPPERLIMIT: return "filemaxcountupperlimit"; case SPECPROP_MAXPAGESLOWERLIMIT: return "pageslowerlimit"; - case SPECPROP_MAXPAGESUPPERLIMIT: return "pageslowerlimit"; + case SPECPROP_MAXPAGESUPPERLIMIT: return "pagesupperlimit"; case SPECPROP_MAXPAGEFACTORLOWERLIMIT: return "pagefactorlowerlimit"; - case SPECPROP_MAXPAGEFACTORUPPERLIMIT: return "pagefactorlowerlimit"; + case SPECPROP_MAXPAGEFACTORUPPERLIMIT: return "pagefactorupperlimit"; default: assert(false); // should never get here } return ""; diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py index 66705e6d24..c9b2db64db 100755 --- a/qpid/cpp/src/tests/acl.py +++ b/qpid/cpp/src/tests/acl.py @@ -671,6 +671,118 @@ class ACLTests(TestBase010): self.fail(result) + def test_illegal_pages_lower_limit_spec(self): + """ + Test illegal paged queue policy + """ + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pageslowerlimit=-1\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "-1 is not a valid value for 'pageslowerlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pageslowerlimit=9223372036854775808\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "9223372036854775808 is not a valid value for 'pageslowerlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + + def test_illegal_pages_upper_limit_spec(self): + """ + Test illegal paged queue policy + """ + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagesupperlimit=-1\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "-1 is not a valid value for 'pagesupperlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagesupperlimit=9223372036854775808\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "9223372036854775808 is not a valid value for 'pagesupperlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + + def test_illegal_pagefactor_lower_limit_spec(self): + """ + Test illegal paged queue policy + """ + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagefactorlowerlimit=-1\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "-1 is not a valid value for 'pagefactorlowerlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagefactorlowerlimit=9223372036854775808\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "9223372036854775808 is not a valid value for 'pagefactorlowerlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + + def test_illegal_pagefactor_upper_limit_spec(self): + """ + Test illegal paged queue policy + """ + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagefactorupperlimit=-1\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "-1 is not a valid value for 'pagefactorupperlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=q2 pagefactorupperlimit=9223372036854775808\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + expected = "9223372036854775808 is not a valid value for 'pagefactorupperlimit', " \ + "values should be between 0 and 9223372036854775807"; + if (result.find(expected) == -1): + self.fail(result) + + #===================================== # ACL queue tests #===================================== @@ -687,6 +799,7 @@ class ACLTests(TestBase010): aclf.write('acl deny bob@QPID purge queue name=q3\n') aclf.write('acl deny bob@QPID delete queue name=q4\n') aclf.write('acl deny bob@QPID create queue name=q5 maxqueuesize=1000 maxqueuecount=100\n') + aclf.write('acl deny bob@QPID create queue name=q6 paging=true\n') aclf.write('acl allow all all') aclf.close() @@ -739,6 +852,15 @@ class ACLTests(TestBase010): try: queue_options = {} + queue_options["qpid.paging"] = True + session.queue_declare(queue="q6", arguments=queue_options) + self.fail("ACL should deny queue create request with name=q6, qpid.paging=True"); + except qpid.session.SessionException, e: + self.assertEqual(403,e.args[0].error_code) + session = self.get_session('bob','bob') + + try: + queue_options = {} queue_options["qpid.max_count"] = 200 queue_options["qpid.max_size"] = 100 session.queue_declare(queue="q2", exclusive=True, arguments=queue_options) @@ -972,6 +1094,107 @@ class ACLTests(TestBase010): self.fail("ACL should allow queue delete request for q4"); #===================================== + # ACL paged tests + #===================================== + + def test_paged_allow_mode(self): + """ + Test cases for paged acl in allow mode + """ + aclf = self.get_acl_file() + aclf.write('acl deny bob@QPID create queue name=qf1 pageslowerlimit=1000\n') + aclf.write('acl deny bob@QPID create queue name=qf2 pagesupperlimit=100\n') + aclf.write('acl deny bob@QPID create queue name=qf3 pagefactorlowerlimit=10\n') + aclf.write('acl deny bob@QPID create queue name=qf4 pagefactorupperlimit=1\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + if (result): + self.fail(result) + + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.max_pages_loaded"] = 500 + session.queue_declare(queue="qf1", arguments=queue_options) + self.fail("ACL should deny queue create request with name=qf1, qpid.paging=True, qpid.max_pages_loaded=500"); + except qpid.session.SessionException, e: + self.assertEqual(403,e.args[0].error_code) + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.max_pages_loaded"] = 500 + session.queue_declare(queue="qf2", arguments=queue_options) + self.fail("ACL should deny queue create request with name=qf2, qpid.paging=True, qpid.max_pages_loaded=500"); + except qpid.session.SessionException, e: + self.assertEqual(403,e.args[0].error_code) + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.page_factor"] = 5 + session.queue_declare(queue="qf3", arguments=queue_options) + self.fail("ACL should deny queue create request with name=qf3, qpid.paging=True, qpid.page_factor=5"); + except qpid.session.SessionException, e: + self.assertEqual(403,e.args[0].error_code) + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.page_factor"] = 5 + session.queue_declare(queue="qf4", arguments=queue_options) + self.fail("ACL should deny queue create request with name=qf4, qpid.paging=True, qpid.page_factor=5"); + except qpid.session.SessionException, e: + self.assertEqual(403,e.args[0].error_code) + session = self.get_session('bob','bob') + + + def test_paged_deny_mode(self): + """ + Test cases for paged acl in deny mode + """ + aclf = self.get_acl_file() + aclf.write('acl allow bob@QPID create queue name=qf1 pageslowerlimit=100 pagesupperlimit=1000\n') + aclf.write('acl allow bob@QPID create queue name=qf2 pagefactorlowerlimit=1 pagefactorupperlimit=10\n') + aclf.write('acl allow anonymous all all\n') + aclf.write('acl deny all all') + aclf.close() + + result = self.reload_acl() + if (result): + self.fail(result) + + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.max_pages_loaded"] = 500 + session.queue_declare(queue="qf1", arguments=queue_options) + except qpid.session.SessionException, e: + if (403 == e.args[0].error_code): + self.fail("ACL should allow queue create request with name=qf1, qpid.paging=True, qpid.max_pages_loaded=500"); + session = self.get_session('bob','bob') + + try: + queue_options = {} + queue_options["qpid.paging"] = True + queue_options["qpid.page_factor"] = 5 + session.queue_declare(queue="qf2", arguments=queue_options) + except qpid.session.SessionException, e: + if (403 == e.args[0].error_code): + self.fail("ACL should allow queue create request with name=qf2, qpid.paging=True, qpid.page_factor=5"); + session = self.get_session('bob','bob') + + + #===================================== # ACL file tests #===================================== diff --git a/qpid/doc/book/src/cpp-broker/Security.xml b/qpid/doc/book/src/cpp-broker/Security.xml index 7bf7034996..00795a05d8 100644 --- a/qpid/doc/book/src/cpp-broker/Security.xml +++ b/qpid/doc/book/src/cpp-broker/Security.xml @@ -421,7 +421,11 @@ com.sun.security.jgss.initiate { filemaxsizelowerlimit | filemaxsizeupperlimit | filemaxcountlowerlimit | - filemaxcountupperlimit ] + filemaxcountupperlimit | + pageslowerlimit | + pagesupperlimit | + pagefactorlowerlimit | + pagefactorupperlimit ] acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all" [property=<property-value> ...]] @@ -728,6 +732,12 @@ com.sun.security.jgss.initiate { <entry>Indicates the presence of an <parameter>exclusive</parameter> flag</entry> <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> + <row> + <entry> <command>paging</command> </entry> + <entry>Boolean</entry> + <entry>Indicates if the queue is paging queue</entry> + <entry>CREATE QUEUE, ACCESS QUEUE</entry> + </row> <row> <entry> <command>type</command> </entry> <entry>String</entry> @@ -806,6 +816,30 @@ com.sun.security.jgss.initiate { <entry>Maximum value for file.max_count (files)</entry> <entry>CREATE QUEUE, ACCESS QUEUE</entry> </row> + <row> + <entry> <command>pageslowerlimit</command> </entry> + <entry>Integer</entry> + <entry>Minimum value for number of pages in memory of paged queue</entry> + <entry>CREATE QUEUE</entry> + </row> + <row> + <entry> <command>pagesupperlimit</command> </entry> + <entry>Integer</entry> + <entry>Maximum value for number of pages in memory of paged queue</entry> + <entry>CREATE QUEUE</entry> + </row> + <row> + <entry> <command>pagefactorlowerlimit</command> </entry> + <entry>Integer</entry> + <entry>Minimum value for size of one page in paged queue</entry> + <entry>CREATE QUEUE</entry> + </row> + <row> + <entry> <command>pagefactorupperlimit</command> </entry> + <entry>Integer</entry> + <entry>Maximum value for size of one page in paged queue</entry> + <entry>CREATE QUEUE</entry> + </row> </tbody> </tgroup> </table> @@ -910,7 +944,7 @@ com.sun.security.jgss.initiate { <row> <entry>create</entry> <entry>queue</entry> - <entry>name alternate durable exclusive autodelete policy queuemaxsizelowerlimit queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit filemaxsizelowerlimit filemaxsizeupperlimit filemaxcountlowerlimit filemaxcountupperlimit</entry> + <entry>name alternate durable exclusive autodelete policy queuemaxsizelowerlimit queuemaxsizeupperlimit queuemaxcountlowerlimit queuemaxcountupperlimit filemaxsizelowerlimit filemaxsizeupperlimit filemaxcountlowerlimit filemaxcountupperlimit paging pageslowerlimit pagesupperlimit pagefactorlowerlimit pagefactorupperlimit</entry> <entry></entry> </row> <row> |