Bug 808105 - ACL syntax does not allow specifying '' exchange
ACL syntax does not allow specifying '' exchange
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.1
All Linux
medium Severity low
: 3.0
: ---
Assigned To: Chuck Rolke
Zdenek Kraus
: Improvement
: 707678 (view as bug list)
Depends On: 802656
Blocks: 785156 961006
  Show dependency treegraph
 
Reported: 2012-03-29 11:23 EDT by Pavel Moravec
Modified: 2014-09-24 11:04 EDT (History)
5 users (show)

See Also:
Fixed In Version: qpid-cpp-0.22-4.el6, qpid-cpp-0.22-4.el5
Doc Type: Enhancement
Doc Text:
ACL PUBLISH EXCHANGE rules now have a simplified way to refer to the nameless default exchange. In situations where the default exchange requires ACL rules, it is now possible to name the unnamed exchange by specifying the keyword `amq.default` in the ACL rule syntax.
Story Points: ---
Clone Of:
: 961006 (view as bug list)
Environment:
Last Closed: 2014-09-24 11:04:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-4727 None None None Never

  None (edit)
Description Pavel Moravec 2012-03-29 11:23:40 EDT
Description of problem:
There is no way how to specify '' exchange in an ACL rule. These lines have been tried:
1) acl allow all publish exchange name=""
then ACL checks exchange of name '""' (string with 2 characters ")
2) acl allow all publish exchange name=''
then ACL checks exchange of name '''' (string with 2 characters ')
3) acl allow all publish exchange name=
then ACL syntax check rejects it as it requires a non-empty value

Workaround in specifying:
acl allow all publish exchange name=*
acl deny all publish exchange name=[a-zA-Z-0-9]*

is not applicable as each check would have to pass up to 62 rules.


Version-Release number of selected component (if applicable):
any (seen in 0.12)


How reproducible:
100% (missing configuration ability)


Steps to Reproduce:
n.a.

  
Actual results:
n.a.


Expected results:
n.a.


Additional info:
Can't 802656 (RFE: Support regular expressions in ACL) elegantly resolve this?
Comment 1 Justin Ross 2013-02-26 16:28:33 EST
*** Bug 707678 has been marked as a duplicate of this bug. ***
Comment 2 Chuck Rolke 2013-04-08 14:49:47 EDT
Committed upstream trunk at r1465719

The patch adds an ACL keyword "amq.default" that stands in for the unnamed exchange during PUBLISH EXCHANGE lookups. The rule:

 acl allow mrPavel publish exchange name=amq.default routingkey=secretqueue

allows mrPavel to publish to secretqueue.
Comment 4 Zdenek Kraus 2013-07-18 04:45:38 EDT
Fix is OK.

Issue was tested on RHEL5 and RHEL6, i686 and x86_64 with packages:
python-qpid-0.22-4
python-qpid-qmf-0.22-6
qpid-cpp-client-ssl-0.22-7
qpid-cpp-server-store-0.22-7
qpid-proton-c-0.4-2.2
qpid-cpp-client-0.22-7
qpid-cpp-client-rdma-0.22-7
qpid-cpp-server-ssl-0.22-7
qpid-cpp-server-ha-0.22-7
qpid-tools-0.22-3
qpid-cpp-server-0.22-7
qpid-qmf-0.22-6
qpid-cpp-server-devel-0.22-7
qpid-cpp-debuginfo-0.22-7
qpid-cpp-client-devel-0.22-7
qpid-cpp-server-xml-0.22-7
qpid-cpp-server-rdma-0.22-7
qpid-cpp-client-devel-docs-0.22-7

->VERIFIED
Comment 6 errata-xmlrpc 2014-09-24 11:04:11 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html

Note You need to log in before you can comment on or make changes to this bug.