[
https://issues.apache.org/jira/browse/QPID-2393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13268660#comment-13268660
]
[email protected] commented on QPID-2393:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5015/
-----------------------------------------------------------
Review request for qpid, Alan Conway, Kim van der Riet, and Ted Ross.
Summary
-------
This patch fulfills a long-standing request to keep users from abusing broker
queue resources. If a user is allowed to create one queue he then can create
them by the thousdands.
The code is more of a quota than an access control but it fits naturally in the
current ACL module. The implementation here is queue-centric but could be
generalized to support limiting exchanges as well.
A few concerns arise:
1. This code counts/protects live requests coming in to single node. This code
does not protect queues that are presisting. The concern is that a user creates
his quota of persistent queues and then upon system restart the same user can
create another batch of queues since the persisted queues aren't tracked. Is
this a vaild concern?
2. The patch provides only a single setting for all users.
3. The patch makes no effort to replicate the queue count state across a
cluster. Surely this is a problem for clusters.
This addresses bug QPID-2393.
https://issues.apache.org/jira/browse/QPID-2393
Diffs
-----
trunk/qpid/cpp/src/qpid/acl/Acl.h 1334118
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1334118
trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1334118
trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1334118
trunk/qpid/cpp/src/qpid/broker/AclModule.h 1334118
trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1334118
trunk/qpid/cpp/src/tests/acl.py 1334118
trunk/qpid/cpp/src/tests/run_acl_tests 1334118
Diff: https://reviews.apache.org/r/5015/diff
Testing
-------
Unit tests included.
Thanks,
Chug
> Qpid C++ broker: request for feature to limit number of queues per user
> -----------------------------------------------------------------------
>
> Key: QPID-2393
> URL: https://issues.apache.org/jira/browse/QPID-2393
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Environment: Red Hat Enterprise MRG 1.2
> Reporter: Armin Noll
>
> With issue QPID-2108 (Red Hat service request #1950278) a new feature has
> been introduced which allows to control via ACL the size of queues and their
> limit policy on user level.
> The original request contained also the requirement to gain control over the
> number of queues a user may create.
> ACL should be enhanced to allow specifying a maximum number of queues for a
> single user.
> Altogether these features shall enable the operator of a Qpid broker to keep
> better control over the resources.
> We will prepare a draft implementation and provide it asap.
> This request has also been reported as Red Hat service request #1992776.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
