[
https://issues.apache.org/jira/browse/QPID-2393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13269822#comment-13269822
]
[email protected] commented on QPID-2393:
-----------------------------------------------------
bq. On 2012-05-07 15:43:12, Alan Conway wrote:
bq. > Definitely needs to replicate state in a cluster. Shout if you need
pointers.
bq.
bq. rajith attapattu wrote:
bq. This more of a general problem where ACL doesn't play well with the
clustered setup.
bq. Perhaps we could work on a case by case for the time being to get
certain functionality like this working.
bq.
bq. However longer term we need to find a way to ensure the ACL
in-memory-model is replicated so any change done in one broker is relected on
it's members.
bq. That would be the first step in allowing dynamic provisioning of rules.
AFAIK all the existing ACL model is replicated in a cluster, so it's just a
matter of keeping it up to date as we add new functionality. There might be a
case for some refactoring to make that easier.
- Alan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5015/#review7640
-----------------------------------------------------------
On 2012-05-04 19:41:45, Chug Rolke wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/5015/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2012-05-04 19:41:45)
bq.
bq.
bq. Review request for qpid, Alan Conway, Kim van der Riet, and Ted Ross.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. This patch fulfills a long-standing request to keep users from abusing
broker queue resources. If a user is allowed to create one queue he then can
create them by the thousdands.
bq.
bq. The code is more of a quota than an access control but it fits naturally
in the current ACL module. The implementation here is queue-centric but could
be generalized to support limiting exchanges as well.
bq.
bq. A few concerns arise:
bq.
bq. 1. This code counts/protects live requests coming in to single node. This
code does not protect queues that are presisting. The concern is that a user
creates his quota of persistent queues and then upon system restart the same
user can create another batch of queues since the persisted queues aren't
tracked. Is this a vaild concern?
bq.
bq. 2. The patch provides only a single setting for all users.
bq.
bq. 3. The patch makes no effort to replicate the queue count state across a
cluster. Surely this is a problem for clusters.
bq.
bq.
bq. This addresses bug QPID-2393.
bq. https://issues.apache.org/jira/browse/QPID-2393
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. trunk/qpid/cpp/src/qpid/acl/Acl.h 1334118
bq. trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1334118
bq. trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1334118
bq. trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1334118
bq. trunk/qpid/cpp/src/qpid/broker/AclModule.h 1334118
bq. trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1334118
bq. trunk/qpid/cpp/src/tests/acl.py 1334118
bq. trunk/qpid/cpp/src/tests/run_acl_tests 1334118
bq.
bq. Diff: https://reviews.apache.org/r/5015/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. Unit tests included.
bq.
bq.
bq. Thanks,
bq.
bq. Chug
bq.
bq.
> Qpid C++ broker: request for feature to limit number of queues per user
> -----------------------------------------------------------------------
>
> Key: QPID-2393
> URL: https://issues.apache.org/jira/browse/QPID-2393
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Environment: Red Hat Enterprise MRG 1.2
> Reporter: Armin Noll
> Assignee: Chuck Rolke
>
> With issue QPID-2108 (Red Hat service request #1950278) a new feature has
> been introduced which allows to control via ACL the size of queues and their
> limit policy on user level.
> The original request contained also the requirement to gain control over the
> number of queues a user may create.
> ACL should be enhanced to allow specifying a maximum number of queues for a
> single user.
> Altogether these features shall enable the operator of a Qpid broker to keep
> better control over the resources.
> We will prepare a draft implementation and provide it asap.
> This request has also been reported as Red Hat service request #1992776.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
