[
https://issues.apache.org/jira/browse/QPID-2393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13269726#comment-13269726
]
[email protected] commented on QPID-2393:
-----------------------------------------------------
bq. On 2012-05-07 15:43:12, Alan Conway wrote:
bq. > Definitely needs to replicate state in a cluster. Shout if you need
pointers.
This more of a general problem where ACL doesn't play well with the clustered
setup.
Perhaps we could work on a case by case for the time being to get certain
functionality like this working.
However longer term we need to find a way to ensure the ACL in-memory-model is
replicated so any change done in one broker is relected on it's members.
That would be the first step in allowing dynamic provisioning of rules.
- rajith
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5015/#review7640
-----------------------------------------------------------
On 2012-05-04 19:41:45, Chug Rolke wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/5015/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-05-04 19:41:45)
bq.
bq.
bq. Review request for qpid, Alan Conway, Kim van der Riet, and Ted Ross.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. This patch fulfills a long-standing request to keep users from abusing
broker queue resources. If a user is allowed to create one queue he then can
create them by the thousdands.
bq.
bq. The code is more of a quota than an access control but it fits naturally
in the current ACL module. The implementation here is queue-centric but could
be generalized to support limiting exchanges as well.
bq.
bq. A few concerns arise:
bq.
bq. 1. This code counts/protects live requests coming in to single node. This
code does not protect queues that are presisting. The concern is that a user
creates his quota of persistent queues and then upon system restart the same
user can create another batch of queues since the persisted queues aren't
tracked. Is this a vaild concern?
bq.
bq. 2. The patch provides only a single setting for all users.
bq.
bq. 3. The patch makes no effort to replicate the queue count state across a
cluster. Surely this is a problem for clusters.
bq.
bq.
bq. This addresses bug QPID-2393.
bq. https://issues.apache.org/jira/browse/QPID-2393
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. trunk/qpid/cpp/src/qpid/acl/Acl.h 1334118
bq. trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1334118
bq. trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1334118
bq. trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1334118
bq. trunk/qpid/cpp/src/qpid/broker/AclModule.h 1334118
bq. trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1334118
bq. trunk/qpid/cpp/src/tests/acl.py 1334118
bq. trunk/qpid/cpp/src/tests/run_acl_tests 1334118
bq.
bq. Diff: https://reviews.apache.org/r/5015/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Unit tests included.
bq.
bq.
bq. Thanks,
bq.
bq. Chug
bq.
bq.
> Qpid C++ broker: request for feature to limit number of queues per user
> -----------------------------------------------------------------------
>
> Key: QPID-2393
> URL: https://issues.apache.org/jira/browse/QPID-2393
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Environment: Red Hat Enterprise MRG 1.2
> Reporter: Armin Noll
> Assignee: Chuck Rolke
>
> With issue QPID-2108 (Red Hat service request #1950278) a new feature has
> been introduced which allows to control via ACL the size of queues and their
> limit policy on user level.
> The original request contained also the requirement to gain control over the
> number of queues a user may create.
> ACL should be enhanced to allow specifying a maximum number of queues for a
> single user.
> Altogether these features shall enable the operator of a Qpid broker to keep
> better control over the resources.
> We will prepare a draft implementation and provide it asap.
> This request has also been reported as Red Hat service request #1992776.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
