[jira] [Created] (QPID-8356) [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider

Fri, 16 Aug 2019 05:24:04 -0700 

Alex Rudyy created QPID-8356:
--------------------------------

             Summary: [Broker-J] ACL rule properties 'from_network' and 
'from_hostname' are lost on loading ACL from file in 'RuleBased' access control 
provider
                 Key: QPID-8356
                 URL: https://issues.apache.org/jira/browse/QPID-8356
             Project: Qpid
          Issue Type: Bug
          Components: Broker-J
    Affects Versions: qpid-java-broker-7.1.4, qpid-java-broker-7.0.8
            Reporter: Alex Rudyy
             Fix For: qpid-java-broker-7.1.4


ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL 
from file in 'RuleBased' access control provider.

The following unit test fails:
{code}
@Test
public void testLoadFirewallRules()
{
    final Map<String, Object> attributes = 
Collections.singletonMap(RuleBasedAccessControlProvider.NAME, getTestName());
    final Broker<?> broker = BrokerTestHelper.createBrokerMock();
    final RuleBasedAccessControlProviderImpl aclProvider = new 
RuleBasedAccessControlProviderImpl(attributes, broker);
    aclProvider.create();

    final String acl = "ACL ALLOW-LOG guest ACCESS VIRTUALHOST 
from_hostname=\"localhost\"";
    final String data = DataUrlUtils.getDataUrlForBytes(acl.getBytes(UTF_8));

    aclProvider.loadFromFile(data);

    final List<AclRule> rules = aclProvider.getRules();

    assertThat(rules, is(notNullValue()));
    assertThat(rules.size(), is(equalTo(1)));

    final AclRule rule = rules.get(0);
    assertThat(rule, is(notNullValue()));
    assertThat(rule.getObjectType(), is(equalTo(ObjectType.VIRTUALHOST)));
    assertThat(rule.getIdentity(), is(equalTo("guest")));
    assertThat(rule.getOperation(), is(equalTo(LegacyOperation.ACCESS)));
    assertThat(rule.getOutcome(), is(equalTo(RuleOutcome.ALLOW_LOG)));
    assertThat(rule.getAttributes(), 
is(equalTo(Collections.singletonMap("from_hostname", "localhost"))));
}
{code}

The workaround for this defect would changing the ACL rules directly using 
'rules' attribute.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to