Bug 849790 - ERD 4.1.3: Acl-1000-8, An API for "If I tried this, would it be allowed"
ERD 4.1.3: Acl-1000-8, An API for "If I tried this, would it be allowed"
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.1.2
Unspecified Unspecified
high Severity high
: 2.3
: ---
Assigned To: Chuck Rolke
Zdenek Kraus
: FutureFeature
Depends On:
Blocks: 853830
  Show dependency treegraph
 
Reported: 2012-08-20 17:26 EDT by Irina Boverman
Modified: 2013-04-15 20:48 EDT (History)
4 users (show)

See Also:
Fixed In Version: qpid-cpp-0.18-1
Doc Type: Enhancement
Doc Text:
Feature: Add facility to test an Acl rule file to see if it would load correctly and protect the system as expected. Reason: Acl files may be reloaded at any time. However if there is an error in the Acl file then the broker halts. There is no way to load a trial Acl file and see how it behaves; only live Acl rule files may be tested. Result (if any): This BZ documents a method of loading the Acl file the user wants to test into an off-line broker. Then the Acl file may be repeatedly loaded and tested without interrupting service on a mission-critical broker. When the Acl file is finally tested only then is it loaded into the live broker.
Story Points: ---
Clone Of:
: 853830 (view as bug list)
Environment:
Last Closed: 2013-03-06 13:51:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-3918 None None None Never

  None (edit)
Description Irina Boverman 2012-08-20 17:26:04 EDT
Description of problem:

See Milan PRD/ERD.
Also tracked by qpid upstream as QPID-3918.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Chuck Rolke 2012-08-21 11:08:48 EDT
1. Acl files may be tested by running them in a stand-alone, off-line broker that is not mission critical:
1a. Direct the broker to use the Acl file under test.
1b. Start the broker and see that the Acl rules are accepted.
1c. Run tests against the management interface to see that the rules are correct.

2. The upstream Jira https://issues.apache.org/jira/browse/QPID-3918 has several attachment files that demonstrate how to use the query feature.

 acl-test-01.rules.acl is the Acl file to run in the qpidd broker.
 acl-test-01.py        is the test script that queries the Acl.
 acl-test-01.log       is what the console prints when the test script runs.

The script performs 355 queries.

3. If a user has the proper credentials to use the management interface methods then he or she may run the test scripts against a live broker.
Comment 4 Zdenek Kraus 2012-12-07 19:42:16 EST
Tested on RHEL 6.3, RHEL 5.8 on architectures i686 and x86_64

packages:
qpid-cpp-server-0.18-12.el5
python-qpid-qmf-0.18-12.el5

qpid-cpp-server-0.18-12.el6_3
python-qpid-qmf-0.18-12.el6_3

Feature is operational as expected -> VERIFIED.
Comment 5 Zdenek Kraus 2013-01-17 08:05:28 EST
Feature was successfully retested on RHEL 5.9, 6.4 && i686, x86_64 with packages
qpid-cpp-server-0.18-13
Comment 7 errata-xmlrpc 2013-03-06 13:51:45 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0561.html

Note You need to log in before you can comment on or make changes to this bug.