This is an automated email from the ASF dual-hosted git repository.
kgiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git
The following commit(s) were added to refs/heads/main by this push:
new 759aa17 DISPATCH-2305: prevent policy defaults overriding
configuration
759aa17 is described below
commit 759aa173e440b139a7b6e05314e37b7f39d24d69
Author: Kenneth Giusti <[email protected]>
AuthorDate: Fri Jan 7 17:22:51 2022 -0500
DISPATCH-2305: prevent policy defaults overriding configuration
This closes #1475
---
python/qpid_dispatch/management/qdrouter.json | 3 -
.../qpid_dispatch_internal/policy/policy_local.py | 13 ++-
tests/system_tests_policy.py | 106 +++++++++++++++++++++
3 files changed, 115 insertions(+), 7 deletions(-)
diff --git a/python/qpid_dispatch/management/qdrouter.json
b/python/qpid_dispatch/management/qdrouter.json
index ed0aa8e..d14f495 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -2358,21 +2358,18 @@
"maxFrameSize": {
"type": "integer",
"description": "The largest frame, in bytes, that may be
sent on this connection. Non-zero policy values overwrite values specified for
a listener object (AMQP Open, max-frame-size).",
- "default": 16384,
"required": false,
"create": true
},
"maxSessionWindow": {
"type": "integer",
"description": "The incoming capacity for new AMQP
sessions, measured in octets. Non-zero policy values overwrite values specified
for a listener object (AMQP Begin, incoming-window).",
- "default": 1638400,
"required": false,
"create": true
},
"maxSessions": {
"type": "integer",
"description": "The maximum number of sessions that may be
created on this connection. Non-zero policy values overwrite values specified
for a listener object (AMQP Open, channel-max).",
- "default": 32768,
"required": false,
"create": true
},
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py
b/python/qpid_dispatch_internal/policy/policy_local.py
index 264c632..32c9bb2 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -239,11 +239,16 @@ class PolicyCompiler(object):
# rulesets may not come through standard config so make nice defaults
policy_out[PolicyKeys.KW_USERS] = ''
policy_out[PolicyKeys.KW_REMOTE_HOSTS] = ''
- # DISPATCH-1277 - KW_MAX_FRAME_SIZE must be defaulted to 16384 not
2147483647
- policy_out[PolicyKeys.KW_MAX_FRAME_SIZE] = 16384
+
+ # DISPATCH-2305: do not provide default values for max
+ # frame/window/sessions. The router already provides these. Setting
+ # zero here will cause the router to use configured values unless
+ # specifically overridden by policy:
+ policy_out[PolicyKeys.KW_MAX_FRAME_SIZE] = 0
+ policy_out[PolicyKeys.KW_MAX_SESSION_WINDOW] = 0
+ policy_out[PolicyKeys.KW_MAX_SESSIONS] = 0
+
policy_out[PolicyKeys.KW_MAX_MESSAGE_SIZE] = None
- policy_out[PolicyKeys.KW_MAX_SESSION_WINDOW] = 2147483647
- policy_out[PolicyKeys.KW_MAX_SESSIONS] = 65536
policy_out[PolicyKeys.KW_MAX_SENDERS] = 2147483647
policy_out[PolicyKeys.KW_MAX_RECEIVERS] = 2147483647
policy_out[PolicyKeys.KW_ALLOW_DYNAMIC_SRC] = False
diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
index 362bcb0..2887b23 100644
--- a/tests/system_tests_policy.py
+++ b/tests/system_tests_policy.py
@@ -2037,5 +2037,111 @@ class PolicyVhostMultiTenantBlankHostname(TestCase):
self.assertTrue(test.error is None)
+class PolicyVhostFrameSessionWindowOverride(TestCase):
+ """
+ DISPATCH-2305: verify that policy does not override the connection settings
+ by default.
+ """
+ @classmethod
+ def setUpClass(cls):
+ super(PolicyVhostFrameSessionWindowOverride, cls).setUpClass()
+
+ def router(name, mode, extra=None):
+ config = [
+ ('router', {'mode': mode,
+ 'id': name}),
+ ('listener', {'role': 'normal',
+ 'multiTenant': 'true',
+ 'port': cls.tester.get_port(),
+ 'policyVhost': 'noOverride',
+ 'maxFrameSize': '2048',
+ 'maxSessions': '200',
+ 'maxSessionFrames': '100'}),
+ ('listener', {'role': 'normal',
+ 'multiTenant': 'true',
+ 'port': cls.tester.get_port(),
+ 'policyVhost': 'overrideMe',
+ 'maxFrameSize': '2048',
+ 'maxSessions': '200',
+ 'maxSessionFrames': '100'}),
+ ('policy', {'enableVhostPolicy': 'true'}),
+
+
+ ('vhost', {
+ 'hostname': 'noOverride',
+ 'allowUnknownUser': 'true',
+ 'groups': {
+ '$default': {
+ 'users': '*',
+ 'remoteHosts': '*',
+ 'sources': '*',
+ 'targets': '*',
+ 'allowAnonymousSender': True
+ }
+ }
+ }),
+
+ ('vhost', {
+ 'hostname': 'overrideMe',
+ 'allowUnknownUser': 'true',
+ 'groups': {
+ '$default': {
+ 'users': '*',
+ 'remoteHosts': '*',
+ 'sources': '*',
+ 'targets': '*',
+ 'allowAnonymousSender': True,
+ 'maxFrameSize': 32767,
+ 'maxSessions': 10,
+ 'maxSessionWindow': 3 * 32767,
+ }
+ }
+ })
+ ]
+
+ config = Qdrouterd.Config(config)
+ cls.routers.append(cls.tester.qdrouterd(name, config, wait=True))
+ return cls.routers[-1]
+
+ cls.routers = []
+
+ router('A', 'interior')
+ cls.INT_A = cls.routers[0]
+ cls.INT_A.defaults = cls.INT_A.addresses[0]
+ cls.INT_A.override = cls.INT_A.addresses[1]
+
+ def test_1_check_frame_sessions(self):
+ mframe, mssn, _ = PolicyConnSettingsSniffer(self.INT_A.defaults).run()
+ self.assertEqual(2048, mframe)
+ self.assertEqual(200, mssn)
+ mframe, mssn, _ = PolicyConnSettingsSniffer(self.INT_A.override).run()
+ self.assertEqual(32767, mframe)
+ self.assertEqual(10, mssn)
+
+
+class PolicyConnSettingsSniffer(MessagingHandler):
+ def __init__(self, address):
+ super(PolicyConnSettingsSniffer, self).__init__()
+ self.address = address
+ self.max_frame = None
+ self.max_sessions = None
+ self.max_window = None
+
+ def on_start(self, event):
+ self.conn = event.container.connect(self.address)
+ self.sender = event.container.create_sender(self.conn, "target")
+
+ def on_link_opened(self, event):
+ self.max_frame = event.transport.remote_max_frame_size
+ self.max_sessions = event.transport.remote_channel_max + 1
+ # currently proton does not provide access to remote window info!
+ # self.max_window = event.session.incoming_capacity
+ self.conn.close()
+
+ def run(self):
+ Container(self).run()
+ return (self.max_frame, self.max_sessions, self.max_window)
+
+
if __name__ == '__main__':
unittest.main(main_module())
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
