Bug 849790 - ERD 4.1.3: Acl-1000-8, An API for "If I tried this, would it be allowed"
Summary: ERD 4.1.3: Acl-1000-8, An API for "If I tried this, would it be allowed"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 2.1.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 2.3
: ---
Assignee: Chuck Rolke
QA Contact: Zdenek Kraus
URL:
Whiteboard:
Depends On:
Blocks: 853830
TreeView+ depends on / blocked
 
Reported: 2012-08-20 21:26 UTC by Irina Boverman
Modified: 2013-04-16 00:48 UTC (History)
4 users (show)

Fixed In Version: qpid-cpp-0.18-1
Doc Type: Enhancement
Doc Text:
Feature: Add facility to test an Acl rule file to see if it would load correctly and protect the system as expected. Reason: Acl files may be reloaded at any time. However if there is an error in the Acl file then the broker halts. There is no way to load a trial Acl file and see how it behaves; only live Acl rule files may be tested. Result (if any): This BZ documents a method of loading the Acl file the user wants to test into an off-line broker. Then the Acl file may be repeatedly loaded and tested without interrupting service on a mission-critical broker. When the Acl file is finally tested only then is it loaded into the live broker.
Clone Of:
: 853830 (view as bug list)
Environment:
Last Closed: 2013-03-06 18:51:45 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Apache JIRA QPID-3918 0 None None None Never
Red Hat Product Errata RHSA-2013:0561 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Messaging 2.3 security update 2013-03-06 23:48:13 UTC

Description Irina Boverman 2012-08-20 21:26:04 UTC
Description of problem:

See Milan PRD/ERD.
Also tracked by qpid upstream as QPID-3918.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Chuck Rolke 2012-08-21 15:08:48 UTC
1. Acl files may be tested by running them in a stand-alone, off-line broker that is not mission critical:
1a. Direct the broker to use the Acl file under test.
1b. Start the broker and see that the Acl rules are accepted.
1c. Run tests against the management interface to see that the rules are correct.

2. The upstream Jira https://issues.apache.org/jira/browse/QPID-3918 has several attachment files that demonstrate how to use the query feature.

 acl-test-01.rules.acl is the Acl file to run in the qpidd broker.
 acl-test-01.py        is the test script that queries the Acl.
 acl-test-01.log       is what the console prints when the test script runs.

The script performs 355 queries.

3. If a user has the proper credentials to use the management interface methods then he or she may run the test scripts against a live broker.

Comment 4 Zdenek Kraus 2012-12-08 00:42:16 UTC
Tested on RHEL 6.3, RHEL 5.8 on architectures i686 and x86_64

packages:
qpid-cpp-server-0.18-12.el5
python-qpid-qmf-0.18-12.el5

qpid-cpp-server-0.18-12.el6_3
python-qpid-qmf-0.18-12.el6_3

Feature is operational as expected -> VERIFIED.

Comment 5 Zdenek Kraus 2013-01-17 13:05:28 UTC
Feature was successfully retested on RHEL 5.9, 6.4 && i686, x86_64 with packages
qpid-cpp-server-0.18-13

Comment 7 errata-xmlrpc 2013-03-06 18:51:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0561.html


Note You need to log in before you can comment on or make changes to this bug.