Description of problem: Implement queue quotas in the Broker/Acl that allow admins to specify queue quotas for individual users. Version-Release number of selected component (if applicable): New development
Fixed upstream by r1451737 Upstream wiki describes changes: https://cwiki.apache.org/qpid/acl.html
Hi Chuck, the link describing the functionality returns 404 Not Found, I'd tried some searching on the cwiki, but no luck. Could you please fix the cwiki, or provide the description by other way? thanks.
The web site is "in transition". For now the page is at https://cwiki.apache.org/confluence/display/qpid/ACL
I've discovered following problems with this implementation: 1. The connection quota value zero allows one connection in quota connections 0 usera@QPID ./qc2_connector -b usera/usera@localhost:5672 -c 10 2013-07-18 13:06:28 [Client] warning Broker closed connection: 320, connection-forced: User connection denied by configured limit connection-forced: User connection denied by configured limit 1 9 10 ^ ^ ^ ^ ^ requested connections ^ failed connection connected sucessfully 2. queue quota tracks only create actions but not actual creations or existing objects quota queues 10 userb@QPID Execute for 10 times ./qc2_connector -b usera/usera@localhost:5672 -a "q1;{create:always; node:{type:queue}}: thus only ONE "q1" is created qpid-stat -q -b root/root@localhost:5672 Queues queue dur autoDel excl msg msgIn msgOut bytes bytesIn bytesOut cons bind ========================================================================================================================= a1d75b1b-768d-46e3-bc73-c255260d5a28:0.0 Y Y 0 0 0 0 0 0 1 2 cq_1 creating another queue as userb is denied ./qc2_connector -b userd/userd@localhost:5672 -a "q2;{create:always, node:{type:queue}}" 10 0 10 2013-07-18 12:56:29 [Client] warning Exception received from broker: unauthorized-access: unauthorized-access: ACL denied queue create request from userd@QPID (/builddir/build/BUILD/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:1291) [caused by 1 \x08:\x01] terminate called after throwing an instance of 'qpid::messaging::UnauthorizedAccess' what(): unauthorized-access: unauthorized-access: ACL denied queue create request from userd@QPID (/builddir/build/BUILD/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:1291) Aborted (core dumped) NOTE(core dumped is qc2_connector's issue, it does not catch the exceptions yet) -> ASSIGNED
there is a typo in username, there should be 'userb' in all places, except of 'root'
Also moving issue 1. regarding connections into Bug 874516. Sorry for the inconvenience.
Created attachment 801911 [details] Tests for existance of the queue before calling approveCreateQueue
Ernie, this one needs a jira. The original upstream issue is closed. An aside for all bug reporters: Do *not* revert an RFE back to assigned just because you found a defect. Create a new bug.
http://svn.apache.org/viewvc?view=revision&revision=r1525980 Chuck got to this before me (just barely).
Tested on RHEL 6.5 i686 & x86_64, with packages: perl-qpid-0.22-7.el6 python-qpid-0.22-10.el6 python-qpid-qmf-0.22-26.el6 qpid-cpp-client-0.22-33.el6 qpid-cpp-client-devel-0.22-33.el6 qpid-cpp-client-devel-docs-0.22-33.el6 qpid-cpp-client-ssl-0.22-33.el6 qpid-cpp-debuginfo-0.22-33.el6 qpid-cpp-server-0.22-33.el6 qpid-cpp-server-devel-0.22-33.el6 qpid-cpp-server-ha-0.22-33.el6 qpid-cpp-server-ssl-0.22-33.el6 qpid-cpp-server-store-0.22-33.el6 qpid-cpp-server-xml-0.22-33.el6 qpid-java-client-0.22-5.el6 qpid-java-common-0.22-5.el6 qpid-java-example-0.22-5.el6 qpid-jca-0.22-1.el6 qpid-jca-xarecovery-0.22-1.el6 qpid-proton-c-0.6-1.el6 qpid-proton-c-devel-0.6-1.el6 qpid-proton-debuginfo-0.6-1.el6 qpid-qmf-0.22-26.el6 qpid-qmf-debuginfo-0.22-26.el6 qpid-snmpd-1.0.0-15.el6 qpid-snmpd-debuginfo-1.0.0-15.el6 qpid-tools-0.22-7.el6 ruby-qpid-qmf-0.22-26.el6 -> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1296.html