Repository: qpid-dispatch Updated Branches: refs/heads/crolke-DISPATCH-188-1 c284c20b8 -> b85fc9e5e
Create a local policy anchored in Agent. Hook it up to incoming config settings. Add test json config file. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b85fc9e5 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b85fc9e5 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b85fc9e5 Branch: refs/heads/crolke-DISPATCH-188-1 Commit: b85fc9e5e75e630aed98b4871128218d76f09583 Parents: c284c20 Author: Chuck Rolke <[email protected]> Authored: Wed Jan 20 16:17:24 2016 -0500 Committer: Chuck Rolke <[email protected]> Committed: Wed Jan 20 16:17:24 2016 -0500 ---------------------------------------------------------------------- doc/notes/qdr-policy-diagrams-01.odg | Bin 37966 -> 35808 bytes python/qpid_dispatch/management/qdrouter.json | 18 ++--- .../qpid_dispatch_internal/management/agent.py | 16 +++++ .../qpid_dispatch_internal/management/config.py | 4 +- .../management/policy_local.py | 13 ++++ tests/policy-1/test-router-with-policy.json | 70 +++++++++++++++++++ 6 files changed, 112 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/doc/notes/qdr-policy-diagrams-01.odg ---------------------------------------------------------------------- diff --git a/doc/notes/qdr-policy-diagrams-01.odg b/doc/notes/qdr-policy-diagrams-01.odg index 0e26174..59c3cb9 100644 Binary files a/doc/notes/qdr-policy-diagrams-01.odg and b/doc/notes/qdr-policy-diagrams-01.odg differ http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch/management/qdrouter.json ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json index 9d1aae0..923cf80 100644 --- a/python/qpid_dispatch/management/qdrouter.json +++ b/python/qpid_dispatch/management/qdrouter.json @@ -1018,11 +1018,11 @@ } }, - "policy.accessRuleset": { + "policyAccessRuleset": { "description": "Per application definition of the locations from which users may connect and the groups to which users belong.", "extends": "configurationEntity", "attributes": { - "name": { + "applicationName": { "type": "string", "description": "The application name.", "required": true @@ -1075,18 +1075,19 @@ } } }, - "policy.accessStats": { + + "policyAccessStats": { "description": "Per application connection and access statistics.", "extends": "operationalEntity", "attributes": { - "name": { + "applicationName": { "type": "string", "description": "The application name." }, "connectionsApproved": {"type": "integer", "graph": true}, "connectionsDenied": {"type": "integer", "graph": true}, "connectionsCurrent": {"type": "integer", "graph": true}, - "perUsrerState": { + "perUserState": { "type": "map", "description": "A map where the key is the authenticated user name and the value is a list of the user's connections." }, @@ -1098,7 +1099,8 @@ } }, - "policy.settings": { + + "policyAppSettings": { "description": "For a given application and user group define the policy settings applied to the user's AMQP connection.", "extends": "configurationEntity", "attributes": { @@ -1107,7 +1109,7 @@ "description": "The application to which these settings apply.", "required": true }, - "groupName": { + "userGroupName": { "type": "string", "description": "The user group to which these settings apply.", "required": true @@ -1182,7 +1184,7 @@ } }, - "policy.stats": { + "policyAppStats": { "description": "Per application policy enforcement statistics.", "extends": "operationalEntity", "attributes": { http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/agent.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py index 1930c30..0d53bc1 100644 --- a/python/qpid_dispatch_internal/management/agent.py +++ b/python/qpid_dispatch_internal/management/agent.py @@ -81,6 +81,7 @@ from .schema import ValidationError, SchemaEntity, EntityType from .qdrouter import QdSchema from ..router.message import Message from ..router.address import Address +from policy_local import PolicyLocal def dictstr(d): @@ -154,6 +155,7 @@ class EntityAdapter(SchemaEntity): self.__dict__['_log'] = agent.log self.__dict__['_qd'] = agent.qd self.__dict__['_dispatch'] = agent.dispatch + self.__dict__['_policy'] = agent.policy self.__dict__['_implementations'] = [] def validate(self, **kwargs): @@ -283,6 +285,19 @@ class PolicyEntity(EntityAdapter): def _identifier(self): return self.attributes.get('module') +class PolicyAccessRulesetEntity(EntityAdapter): + def create(self): + self._policy.create_ruleset(self.attributes) + + def _identifier(self): + return self.attributes.get('applicationName') + +class PolicyAppSettingsEntity(EntityAdapter): + def create(self): + self._policy.create_settings(self.attributes) + + def _identifier(self): + return self.attributes.get('applicationName') + "_" + self.attributes.get('userGroupName') def _addr_port_identifier(entity): for attr in ['addr', 'port']: # Set default values if need be @@ -611,6 +626,7 @@ class Agent(object): self.entities = EntityCache(self) self.request_lock = Lock() self.log_adapter = LogAdapter("AGENT") + self.policy = PolicyLocal() self.management = self.create_entity({"type": "management"}) self.add_entity(self.management) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/config.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py index 979932e..eaab7e2 100644 --- a/python/qpid_dispatch_internal/management/config.py +++ b/python/qpid_dispatch_internal/management/config.py @@ -162,7 +162,9 @@ def configure_dispatch(dispatch, lib_handle, filename): qd.qd_router_setup_late(dispatch) # Actions requiring active management agent. # Remaining configuration - for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", "policy": + + for t in "fixedAddress", "listener", "connector", "waypoint", "linkRoutePattern", \ + "policy", "policyAccessRuleset", "policyAppSettings": for a in config.by_type(t): configure(a) for e in config.entities: configure(e) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/python/qpid_dispatch_internal/management/policy_local.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/policy_local.py b/python/qpid_dispatch_internal/management/policy_local.py index 8084fdc..bdbecda 100644 --- a/python/qpid_dispatch_internal/management/policy_local.py +++ b/python/qpid_dispatch_internal/management/policy_local.py @@ -283,6 +283,19 @@ class PolicyLocal(object): self.policy_io_read_files() # + # Management create + # + def create_ruleset(self, attributes): + print ("POLICY configured ruleset %s" % attributes['applicationName']) + #pdb.set_trace() + pass + + def create_settings(self, attributes): + print ("POLICY configured settings %s_%s" % (attributes['applicationName'], attributes['userGroupName'])) + #pdb.set_trace() + pass + + # # Policy file I/O # def policy_io_read_files(self): http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b85fc9e5/tests/policy-1/test-router-with-policy.json ---------------------------------------------------------------------- diff --git a/tests/policy-1/test-router-with-policy.json b/tests/policy-1/test-router-with-policy.json new file mode 100644 index 0000000..643de2f --- /dev/null +++ b/tests/policy-1/test-router-with-policy.json @@ -0,0 +1,70 @@ +[ + ["container", { + "containerName": "QdstatSslTest", + "saslConfigName": "tests-mech-EXTERNAL", + "saslConfigPath": "/home/chug/Research/qdr/standaloneSsl/sasl_configs", + "debugDump": "qddebug.txt" + }], + ["sslProfile", { + "certFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-certificate.pem", + "keyFile": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/server-private-key.pem", + "password": "server-password", + "name": "server-ssl", + "certDb": "/home/chug/Research/qdr/standaloneSsl/ssl_certs/ca-certificate.pem" + }], + ["listener", { + "saslMechanisms": "ANONYMOUS", + "authenticatePeer": "no", + "idleTimeoutSeconds": "120", + "port": 21000, + "addr": "0.0.0.0" + }], + ["listener", { + "addr": "0.0.0.0", + "requireSsl": "yes", + "idleTimeoutSeconds": "120", + "saslMechanisms": "ANONYMOUS", + "sslProfile": "server-ssl", + "authenticatePeer": "no", + "port": 21001 + }], + ["listener", { + "addr": "0.0.0.0", + "requireSsl": "no", + "idleTimeoutSeconds": "120", + "saslMechanisms": "ANONYMOUS", + "sslProfile": "server-ssl", + "authenticatePeer": "no", + "port": 21002 + }], + ["listener", { + "addr": "0.0.0.0", + "requireSsl": "yes", + "idleTimeoutSeconds": "120", + "saslMechanisms": "EXTERNAL", + "sslProfile": "server-ssl", + "authenticatePeer": "yes", + "port": 21003 + }], + ["log", { + "source": "true", + "enable": "info+", + "module": "DEFAULT" + }], + ["policy", { + "maximumConnections": 2 + }], + ["policyAccessRuleset", { + "applicationName": "photoserver" + }], + ["policyAppSettings", { + "applicationName": "photoserver", + "userGroupName": "admin", + "maxFrameSize": 20000 + }], + ["policyAppSettings", { + "applicationName": "photoserver", + "userGroupName": "users", + "maxFrameSize": 10000 + }] +] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
