Review Request 23447: Improve C++ Broker acl validation table

Sun, 13 Jul 2014 06:33:31 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23447/
-----------------------------------------------------------

Review request for qpid.


Bugs: QPID-5890
    https://issues.apache.org/jira/browse/QPID-5890


Repository: qpid


Description
-------

The last step to completing QPID-5890 is flushing the 
AclHelper::loadValidationMap (ugh!) function and rewriting it in 
AclValidator.cpp to be comprehensible, maintainable, and possibly correct.

The new scheme has these features:

* Tables indexed by [action][object] contain the set of properties allowed.
** Property: holds the values that the broker sends to Acl for authorise().
** SpecProperty: holds the values an Acl file may contain. This mostly matches 
the Property table except where a Property value (like maxpages) becomes an 
upper and lower limit in the Acl world.
* The index table construction consists of a series of calls containing 
[calling-function, action, object, allowed-properties] 
** Example: registerProperty("Broker::bind", ACT_BIND, OBJ_EXCHANGE, "queuename 
routingkey");
** The table is constructed by manually examining all the authorise() call 
sites and putting the registration call together. Future work could generate 
this automatically but that's probably more work than it's worth.

A great fringe benefit of this scheme is that a simple set of QPID_LOG 
statements can go into these tables and their constructors and harvest 
information. Please see QPID-5890 for a comment showing:
* Acl call sites
* For each action-object pair which properties are allowed
* For each property which action-object pairs allow it


Diffs
-----

  trunk/qpid/cpp/src/qpid/acl/AclLexer.h 1609833 
  trunk/qpid/cpp/src/qpid/acl/AclLexer.cpp 1609833 
  trunk/qpid/cpp/src/qpid/acl/AclReader.cpp 1609833 
  trunk/qpid/cpp/src/qpid/acl/AclValidator.h 1609833 
  trunk/qpid/cpp/src/qpid/acl/AclValidator.cpp 1609833 

Diff: https://reviews.apache.org/r/23447/diff/


Testing
-------

passes self and unit tests
compiles on windows


Thanks,

Chug Rolke

Reply via email to