Repository: qpid-dispatch Updated Branches: refs/heads/crolke-DISPATCH-188-1 17b9b13ee -> 1a8628a05
Add logging to various spots in policy processor. Add lookup tests to exercise failure paths. Add mock manager to tests. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/1a8628a0 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/1a8628a0 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/1a8628a0 Branch: refs/heads/crolke-DISPATCH-188-1 Commit: 1a8628a05803325304525d381e4a2a3e0a392f13 Parents: 17b9b13 Author: Chuck Rolke <[email protected]> Authored: Sat Jan 30 11:01:01 2016 -0500 Committer: Chuck Rolke <[email protected]> Committed: Sat Jan 30 11:01:01 2016 -0500 ---------------------------------------------------------------------- .../policy/policy_local.py | 35 +++++++++++--------- .../policy/policy_manager.py | 20 ++++++----- tests/router_policy_test.py | 24 +++++++++++++- 3 files changed, 55 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/1a8628a0/python/qpid_dispatch_internal/policy/policy_local.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py index c6a8627..8518381 100644 --- a/python/qpid_dispatch_internal/policy/policy_local.py +++ b/python/qpid_dispatch_internal/policy/policy_local.py @@ -23,7 +23,6 @@ import json from policy_util import PolicyError, HostStruct, HostAddr -from copy import deepcopy """ Entity implementing the business logic of user connection/access policy. @@ -386,12 +385,6 @@ class PolicyLocal(object): # validates incoming policy and readies it for internal use self._policy_compiler = PolicyCompiler() - # snag trace constants - self.LOG_TRACE = manager.log_trace() - self.LOG_DEBUG = manager.log_debug() - self.LOG_INFO = manager.log_info() - self.LOG_ERROR = manager.log_error() - # # Service interfaces @@ -410,11 +403,11 @@ class PolicyLocal(object): raise PolicyError( "Policy '%s' is invalid: %s" % (name, diag[0]) ) if len(warnings) > 0: for warning in warnings: - self._manager.log(self.LOG_DEBUG, warning) + self._manager.log_debug(warning) self.rulesetdb[name] = {} self.rulesetdb[name].update(candidate) # TODO: Create stats - self._manager.log(self.LOG_INFO, "Created ruleset %s" % name) + self._manager.log_info("Created policy rules for application %s" % name) def policy_read(self, name): """ @@ -471,7 +464,9 @@ class PolicyLocal(object): """ try: if not app in self.rulesetdb: - # TODO: ("LogMe: no policy defined for application %s" % app) + self._manager.log_trace( + "lookup_user failed for user '%s', host '%s', application '%s': " + "No policy defined for application" % (user, host, app)) return "" ruleset = self.rulesetdb[app] @@ -482,7 +477,9 @@ class PolicyLocal(object): if ruleset[PolicyKeys.KW_CONNECTION_ALLOW_DEFAULT]: usergroup = PolicyKeys.KW_DEFAULT_SETTINGS else: - # User is not in a group and default is disallowed. So no go. + self._manager.log_trace( + "lookup_user failed for user '%s', host '%s', application '%s': " + "User must be in a user group" % (user, host, app)) return "" # User in usergroup allowed to connect from host? if usergroup in ruleset[PolicyKeys.KW_CONNECTION_INGRESS_POLICIES]: @@ -502,6 +499,9 @@ class PolicyLocal(object): # User's usergroup has no ingress policy so allow allowed = True if not allowed: + self._manager.log_trace( + "lookup_user failed for user '%s', host '%s', application '%s': " + "User is not allowed to connect from this host" % (user, host, app)) return "" # This user passes administrative approval. @@ -511,8 +511,9 @@ class PolicyLocal(object): return usergroup except Exception, e: - #print str(e) - #pdb.set_trace() + self._manager.log_error( + "lookup_user failed for user '%s', host '%s', application '%s': " + "Internal error: %s" % (user, host, app, e)) return "" def lookup_settings(self, appname, name, upolicy): @@ -528,13 +529,17 @@ class PolicyLocal(object): """ try: if not appname in self.rulesetdb: - # TODO: ("LogMe: no policy defined for application %s" % app) + self._manager.log_trace( + "lookup_settings fail for application '%s', user group '%s': " + "No policy defined for this application" % (appname, name)) return "" ruleset = self.rulesetdb[appname] if not name in ruleset[PolicyKeys.KW_SETTINGS]: - # TODO: ("LogMe: no user group settings for application %s group %s" % (app, name)) + self._manager.log_trace( + "lookup_settings fail for application '%s', user group '%s': " + "This application has no settings for the user group" % (appname, name)) return "" upolicy.update(ruleset[PolicyKeys.KW_SETTINGS][name]) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/1a8628a0/python/qpid_dispatch_internal/policy/policy_manager.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/policy/policy_manager.py b/python/qpid_dispatch_internal/policy/policy_manager.py index 00317ff..ce6a683 100644 --- a/python/qpid_dispatch_internal/policy/policy_manager.py +++ b/python/qpid_dispatch_internal/policy/policy_manager.py @@ -48,17 +48,21 @@ class PolicyManager(object): info = traceback.extract_stack(limit=2)[0] # Caller frame info self.log_adapter.log(level, text, info[0], info[1]) - def log_debug(self): - return LOG_DEBUG + def _log(self, level, text): + info = traceback.extract_stack(limit=3)[0] # Caller's caller frame info + self.log_adapter.log(level, text, info[0], info[1]) + + def log_debug(self, text): + self._log(LOG_DEBUG, text) - def log_info(self): - return LOG_INFO + def log_info(self, text): + self._log(LOG_INFO, text) - def log_trace(self): - return LOG_TRACE + def log_trace(self, text): + self._log(LOG_TRACE, text) - def log_error(self): - return LOG_ERROR + def log_error(self, text): + self._log(LOG_ERROR, text) # # Management interface to create a ruleset http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/1a8628a0/tests/router_policy_test.py ---------------------------------------------------------------------- diff --git a/tests/router_policy_test.py b/tests/router_policy_test.py index 5d2505d..e2b0f87 100644 --- a/tests/router_policy_test.py +++ b/tests/router_policy_test.py @@ -107,9 +107,20 @@ class PolicyHostAddrTest(TestCase): self.expect_deny( "::1,::2,::3", "arg count") self.expect_deny( "0:ff:0,0:fe:ffff:ffff::0", "a > b") +class MockPolicyManager(object): + def log_debug(self, text): + print("DEBUG: %s" % text) + def log_info(self, text): + print("INFO: %s" % text) + def log_trace(self, text): + print("TRACE: %s" % text) + def log_error(self, text): + print("ERROR: %s" % text) + class PolicyFile(TestCase): - policy = PolicyLocal() + manager = MockPolicyManager() + policy = PolicyLocal(manager) policy.test_load_config() def dict_compare(self, d1, d2): @@ -159,6 +170,17 @@ class PolicyFile(TestCase): yname = PolicyFile.policy.lookup_user('ynot', '10.48.255.254', 'photoserver', '192.168.100.5:33334') self.assertTrue( zname == yname ) + def test_policy1_lookup_unknown_application(self): + upolicy = {} + self.assertFalse( + PolicyFile.policy.lookup_settings('unknown', 'doesntmatter', upolicy) + ) + + def test_policy1_lookup_unknown_usergroup(self): + upolicy = {} + self.assertFalse( + PolicyFile.policy.lookup_settings('photoserver', 'unknown', upolicy) + ) class PolicyAppConnectionMgrTests(TestCase): --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
