Repository: qpid-dispatch Updated Branches: refs/heads/master 043dd2d62 -> 77694481c
DISPATCH-257: Add self test to test sender and receiver limits. Fix issues exposed by test. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/77694481 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/77694481 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/77694481 Branch: refs/heads/master Commit: 77694481c71c4ee528c032facaddec912e07ed22 Parents: 043dd2d Author: Chuck Rolke <[email protected]> Authored: Mon Apr 4 17:06:22 2016 -0400 Committer: Chuck Rolke <[email protected]> Committed: Mon Apr 4 17:06:22 2016 -0400 ---------------------------------------------------------------------- src/policy.c | 25 ++++-- tests/CMakeLists.txt | 1 + tests/policy-3/test-sender-receiver-limits.json | 26 ++++++ tests/system_tests_policy.py | 90 ++++++++++++++++++++ 4 files changed, 137 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/src/policy.c ---------------------------------------------------------------------- diff --git a/src/policy.c b/src/policy.c index dbd3015..f7814bc 100644 --- a/src/policy.c +++ b/src/policy.c @@ -426,6 +426,8 @@ bool qd_policy_approve_amqp_session(pn_session_t *ssn, qd_connection_t *qd_conn) } } } + // Approved + qd_conn->n_sessions++; return true; } @@ -592,8 +594,11 @@ bool _qd_policy_approve_link_name(const char *username, const char *allowed, con // bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn) { + qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE, + "Approve sender link by count User: '%s', Current: %d, Limit: %d", + qd_conn->user_id, qd_conn->n_senders, qd_conn->policy_settings->maxSenders); if (qd_conn->policy_settings->maxSenders) { - if (qd_conn->n_senders == qd_conn->policy_settings->maxSenders) { + if (qd_conn->n_senders >= qd_conn->policy_settings->maxSenders) { // Max sender limit specified and violated. _qd_policy_deny_amqp_sender_link(pn_link, qd_conn); return false; @@ -624,20 +629,25 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_ lookup = qd_conn->policy_settings->allowAnonymousSender; qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE, "Approve anonymous sender for user '%s': %s", - qd_conn->user_id, (lookup ? "ALLOW" : "DENY")); + qd_conn->user_id, (lookup ? "ALLOW" : "DENY")); if (!lookup) { _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn); return false; } } + // Approved + qd_conn->n_senders++; return true; } bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn) { + qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE, + "Approve receiver link by count User: '%s', Current: %d, Limit: %d", + qd_conn->user_id, qd_conn->n_receivers, qd_conn->policy_settings->maxReceivers); if (qd_conn->policy_settings->maxReceivers) { - if (qd_conn->n_receivers == qd_conn->policy_settings->maxReceivers) { + if (qd_conn->n_receivers >= qd_conn->policy_settings->maxReceivers) { // Max sender limit specified and violated. _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn); return false; @@ -647,7 +657,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q } else { // max receiver limit not specified } - // Deny receiver link based on source + // Approve receiver link based on source bool dynamic_src = pn_terminus_is_dynamic(pn_link_remote_source(pn_link)); if (dynamic_src) { bool lookup = qd_conn->policy_settings->allowDynamicSrc; @@ -657,6 +667,9 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q // Dynamic source policy rendered the decision if (!lookup) { _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn); + return false; + } else { + qd_conn->n_receivers++; } return lookup; } @@ -677,11 +690,13 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q // A receiver with no remote source. qd_log(qd_conn->server->qd->policy->log_source, QD_LOG_TRACE, "Approve receiver link '' for user '%s': DENY", - qd_conn->user_id); + qd_conn->user_id); _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn); return false; } + // Approved + qd_conn->n_receivers++; return true; } http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 123884e..d4c55c3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -106,6 +106,7 @@ file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/management-access.json DESTINATI file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/policy-boardwalk.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-1/) file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-1/policy-safari.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-1/) file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-2/policy-photoserver-sasl.sasldb DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-2) +file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/policy-3/test-sender-receiver-limits.json DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/policy-3) # following install() functions will be called only if you do a make "install" install(FILES ${SYSTEM_TEST_FILES} http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/policy-3/test-sender-receiver-limits.json ---------------------------------------------------------------------- diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json new file mode 100644 index 0000000..2a5b367 --- /dev/null +++ b/tests/policy-3/test-sender-receiver-limits.json @@ -0,0 +1,26 @@ +[ +# Ruleset with differing number of senders and receivers +# so tests can determine that correct limit is matched. + ["policyRuleset", { + "applicationName": "0.0.0.0", + "maxConnections": 50, + "maxConnPerUser": 2, + "maxConnPerHost": 4, + "connectionAllowDefault": true, + "settings": { + "default" : { + "maxFrameSize": 222222, + "maxMessageSize": 222222, + "maxSessionWindow": 222222, + "maxSessions": 2, + "maxSenders": 2, + "maxReceivers": 4, + "allowDynamicSrc": true, + "allowAnonymousSender": true, + "sources": "*", + "targets": "*" + } + } + } + ] +] http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/77694481/tests/system_tests_policy.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py index e040a61..e95a190 100644 --- a/tests/system_tests_policy.py +++ b/tests/system_tests_policy.py @@ -109,5 +109,95 @@ class LoadPolicyFromFolder(TestCase): rulesets = json.loads(self.run_qdmanage('query --type=policyRuleset')) self.assertEqual(len(rulesets), 3) + +class SenderReceiverLimits(TestCase): + """ + Verify that specifying a policy folder from the router conf file + effects loading the policies in that folder. + This test relies on qdmanage utility. + """ + @classmethod + def setUpClass(cls): + """Start the router""" + super(SenderReceiverLimits, cls).setUpClass() + policy_config_path = os.path.join(cls.top_dir, 'policy-3') + config = Qdrouterd.Config([ + ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Policy3'}), + ('router', {'mode': 'standalone', 'routerId': 'QDR.Policy'}), + ('listener', {'port': cls.tester.get_port()}), + ('policy', {'maximumConnections': 2, 'policyFolder': policy_config_path, 'enableAccessRules': 'true'}) + ]) + + cls.router = cls.tester.qdrouterd('SenderReceiverLimits', config, wait=True) + + def address(self): + return self.router.addresses[0] + + def test_verify_n_receivers(self): + n = 4 + addr = self.address() + + # connection should be ok + denied = False + try: + br1 = BlockingConnection(addr) + except ConnectionException: + denied = True + + self.assertFalse(denied) # assert if connections that should open did not open + + # n receivers OK + try: + r1 = br1.create_receiver(address="****YES_1of4***") + r2 = br1.create_receiver(address="****YES_20f4****") + r3 = br1.create_receiver(address="****YES_3of4****") + r4 = br1.create_receiver(address="****YES_4of4****") + except Exception: + denied = True + + self.assertFalse(denied) # n receivers should have worked + + # receiver n+1 should be denied + try: + r5 = br1.create_receiver("****NO****") + except Exception: + denied = True + + self.assertTrue(denied) # receiver n+1 should have failed + + br1.close() + + def test_verify_n_senders(self): + n = 2 + addr = self.address() + + # connection should be ok + denied = False + try: + bs1 = BlockingConnection(addr) + except ConnectionException: + denied = True + + self.assertFalse(denied) # assert if connections that should open did not open + + # n senders OK + try: + s1 = bs1.create_sender(address="****YES_1of2****") + s2 = bs1.create_sender(address="****YES_2of2****") + except Exception: + denied = True + + self.assertFalse(denied) # n senders should have worked + + # receiver n+1 should be denied + try: + s3 = bs1.create_sender("****NO****") + except Exception: + denied = True + + self.assertTrue(denied) # sender n+1 should have failed + + bs1.close() + if __name__ == '__main__': unittest.main(main_module()) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
