Bug 849790

Summary: ERD 4.1.3: Acl-1000-8, An API for "If I tried this, would it be allowed"
Product: Red Hat Enterprise MRG Reporter: Irina Boverman <iboverma>
Component: qpid-cppAssignee: Chuck Rolke <crolke>
Status: CLOSED ERRATA QA Contact: Zdenek Kraus <zkraus>
Severity: high Docs Contact:
Priority: high    
Version: 2.1.2CC: jross, mcressma, pematous, zkraus
Target Milestone: 2.3Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qpid-cpp-0.18-1 Doc Type: Enhancement
Doc Text:
Feature: Add facility to test an Acl rule file to see if it would load correctly and protect the system as expected. Reason: Acl files may be reloaded at any time. However if there is an error in the Acl file then the broker halts. There is no way to load a trial Acl file and see how it behaves; only live Acl rule files may be tested. Result (if any): This BZ documents a method of loading the Acl file the user wants to test into an off-line broker. Then the Acl file may be repeatedly loaded and tested without interrupting service on a mission-critical broker. When the Acl file is finally tested only then is it loaded into the live broker.
 Story Points: ---
Clone Of:
: 853830 (view as bug list) Environment:
Last Closed: 2013-03-06 18:51:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 853830    

Description Irina Boverman 2012-08-20 21:26:04 UTC 
Description of problem:

See Milan PRD/ERD.
Also tracked by qpid upstream as QPID-3918.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Chuck Rolke 2012-08-21 15:08:48 UTC 
1. Acl files may be tested by running them in a stand-alone, off-line broker that is not mission critical:
1a. Direct the broker to use the Acl file under test.
1b. Start the broker and see that the Acl rules are accepted.
1c. Run tests against the management interface to see that the rules are correct.

2. The upstream Jira https://issues.apache.org/jira/browse/QPID-3918 has several attachment files that demonstrate how to use the query feature.

 acl-test-01.rules.acl is the Acl file to run in the qpidd broker.
 acl-test-01.py        is the test script that queries the Acl.
 acl-test-01.log       is what the console prints when the test script runs.

The script performs 355 queries.

3. If a user has the proper credentials to use the management interface methods then he or she may run the test scripts against a live broker.
Comment 4 Zdenek Kraus 2012-12-08 00:42:16 UTC 
Tested on RHEL 6.3, RHEL 5.8 on architectures i686 and x86_64

packages:
qpid-cpp-server-0.18-12.el5
python-qpid-qmf-0.18-12.el5

qpid-cpp-server-0.18-12.el6_3
python-qpid-qmf-0.18-12.el6_3

Feature is operational as expected -> VERIFIED.
Comment 5 Zdenek Kraus 2013-01-17 13:05:28 UTC 
Feature was successfully retested on RHEL 5.9, 6.4 && i686, x86_64 with packages
qpid-cpp-server-0.18-13
Comment 7 errata-xmlrpc 2013-03-06 18:51:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0561.html