-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/9260/
-----------------------------------------------------------
Review request for qpid.
Description
-------
* Remove the --connection-limit-per-user command line switch.
* Force all quota limits to have maximum of 65530. (65535 had integer wrap
issues)
* Use static, named strings in place of "acl", "group", "all", etc., that were
sprinkled throughout.
* Add Acl file syntax to support "quota connections N user|group [, user|group]"
* If no quotas are specified in Acl file then no quotas are enforced. However,
connections are still counted so that if later an Acl file that has quotas is
loaded then the connection counts are live and up to date.
* If a user is using his specified connection quota limit and later a new Acl
file is loaded that lowers his limit then the user's current connections are
allowed to persist. New connections from that user are denied until the user
closes enough existing connections and his quota falls to below the quota limit.
* Users with a connection quota of 0 are denied any connections.
* Connection quota for pseudo-user "all" is applied to users who are otherwise
not named explicitly in the Acl file.
* Quota values for any user may change during Acl file processing as the user
is named in multiple Acl rules or is included in groups. The connection quota
values are stored for users as the Acl file is read in serial order. New values
specified in later rules in the Acl file overwrite any existing values.
This addresses bug QPID-4054.
https://issues.apache.org/jira/browse/QPID-4054
Diffs
-----
trunk/qpid/cpp/src/qpid/acl/Acl.h 1441609
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclData.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclData.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclReader.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclReader.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclTopicMatch.h 1441609
trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1441609
trunk/qpid/cpp/src/tests/acl.py 1441609
trunk/qpid/cpp/src/tests/run_acl_tests 1441609
Diff: https://reviews.apache.org/r/9260/diff/
Testing
-------
Three new sections are added to the Acl self test to test individual users,
groups, the "all" user, and explicit connection denial with a quota of zero.
Thanks,
Chug Rolke
