> On Oct. 23, 2015, 7:31 p.m., Alan Conway wrote:
> > A "singleton" means there can only be one, but you could have multiple
> > sslProfiles in a configuration. An sslProfile is a set of parameters that
> > can be re-used for more than one connection, but it is not the *only* set
> > of SSL parameters that can be used in a router. A broker that participates
> > in multiple security domains or accepts connections from clients with
> > different SSL-based security might have multiple SSL profiles.
> >
> > The idea behind all the "annotations" is that they are not themselves
> > entities, they are pre-packaged sets of attributes that can be applied to
> > one or more entities. They are purely convenience, you could specify your
> > configuration entirely in terms of entity attributes and not use the
> > annotations at all. They are handy when you have a bunch of attributes that
> > will have the same values for multiple entities - for example lots of
> > connections might share common security settings.
Using singleton was a poor choice on my part. I've changed it to referential.
The sslProfile annotation can indeed by treated like a separate entity in the
config file. It can be referenced by name like so:
ssl-profile {
name: ssl-profile-name
cert-db: /home/eallen/blah/blah/ca-certificate.pem
cert-file: /home/eallen/blah/blah/server-certificate.pem
key-file: /home/eallen/blah/blah/server-private-key.pem
password: server-password
}
listener {
role: inter-router
addr: 0.0.0.0
port: 20102
sasl-mechanisms: EXTERNAL
ssl-profile: ssl-profile-name
requirePeerAuth: yes
}
My changes don't affect the working of the schema parser. They only decorate
the schema and output the decorations in the JSON file.
- Ernie
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39596/#review103834
-----------------------------------------------------------
On Oct. 23, 2015, 2:54 p.m., Ernie Allen wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39596/
> -----------------------------------------------------------
>
> (Updated Oct. 23, 2015, 2:54 p.m.)
>
>
> Review request for qpid, Alan Conway, Ganesh M, Kenneth Giusti, mick goulish,
> and Ted Ross.
>
>
> Repository: qpid-dispatch
>
>
> Description
> -------
>
> Sets singleton=true for the sslProfile annotation.
> Also adds an "annotatedBy" list to an entity in the JSON schema so the
> console can see which annotations are singletons.
>
> The sslProfile annotation contains the attributes certDb, certFile, keyFile,
> passwordFile, and password.
> Both the listener and connector are annotated by sslProfile and the values
> for these attributes should be the same. In the console, we want to enter the
> sslProfile attributes only once.
>
> This change gives the console enough information to separate the sslProfile
> attributes into their own form so they can be entered only once and then
> applied to all listeners and connectors.
>
>
> Diffs
> -----
>
> python/qpid_dispatch/management/qdrouter.json c5b1edb
> python/qpid_dispatch_internal/management/schema.py 8f7e961
>
> Diff: https://reviews.apache.org/r/39596/diff/
>
>
> Testing
> -------
>
> bin/test.sh
>
>
> Thanks,
>
> Ernie Allen
>
>
