QPID-4604: C++ Broker queue limits controlled by ACL file. Patch from Ernie Allen.

See https://reviews.apache.org/r/9703/ git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1451737 13f79535-47bb-0310-9956-ffa450edef68
author: Charles E. Rolke <chug@apache.org> 2013-03-01 22:20:33 +0000
committer: Charles E. Rolke <chug@apache.org> 2013-03-01 22:20:33 +0000
commit: b9f04e24129422f03cb1c4658be339e66b397179 (patch)
tree: a3e28c86015f99fcfbd813ee3781d0d2905fe000 /qpid/cpp/src/tests/acl.py
parent: a2208ec6b1c7e9c1c9cca7ea22820b791d5127b8 (diff)
download: qpid-python-b9f04e24129422f03cb1c4658be339e66b397179.tar.gz
1 files changed, 123 insertions, 39 deletions
diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py
index 595063d6c5..94ede22783 100755
--- a/qpid/cpp/src/tests/acl.py
+++ b/qpid/cpp/src/tests/acl.py
@@ -2871,58 +2871,142 @@ class ACLTests(TestBase010):
    # Queue per-user quota
    #=====================================
 
-    def test_queue_per_user_quota(self):
+    def queue_quota(self, user, passwd, count, byPort=None):
+        """ Helper method to:
+        - create a number of queues (should succeed)
+        - create too many queues (should fail)
+        - create another queue after deleting a queue (should succeed)
         """
-        Test ACL queue counting limits.
-        port_q has a limit of 2
-        """
-        # bob should be able to create two queues
-        session = self.get_session_by_port('bob','bob', self.port_q())
 
         try:
-            session.queue_declare(queue="queue1")
-            session.queue_declare(queue="queue2")
-        except qpid.session.SessionException, e:
-            self.fail("Error during queue create request");
+            if byPort:
+                session = self.get_session_by_port(user, passwd, byPort)
+            else:
+                session = self.get_session(user, passwd)
+        except Exception, e:
+            self.fail("Unexpected error creating session for %s: %s" % (user, str(e)))
 
-        # third queue should fail
+        # Should be able to create count queues per user
         try:
-            session.queue_declare(queue="queue3")
-            self.fail("Should not be able to create third queue")
+            for i in range(count):
+                session.queue_declare(queue="%s%d" % (user, i))
         except Exception, e:
-            result = None
-            session = self.get_session_by_port('bob','bob', self.port_q())
-
-        # alice should be able to create two queues
-        session2 = self.get_session_by_port('alice','alice', self.port_q())
+            self.fail("Could not create %s for %s: %s" % ("%s%d" % (user, i), user, str(e)))
 
+        # next queue should fail
         try:
-            session2.queue_declare(queue="queuea1")
-            session2.queue_declare(queue="queuea2")
-        except qpid.session.SessionException, e:
-            self.fail("Error during queue create request");
+            session.queue_declare(queue="%s%d" % (user, count))
+            self.fail("Should not be able to create another queue for user %s" % user)
+        except Exception, e:
+            if byPort:
+                session = self.get_session_by_port(user, passwd, byPort)
+            else:
+                session = self.get_session(user, passwd)
 
-        # third queue should fail
+        if count > 0:
+            # Deleting a queue should allow another queue.
+            session.queue_delete(queue="%s0" % user)
+            try:
+                session.queue_declare(queue="%s%d" % (user, count))
+            except Exception, e:
+                self.fail("Could not recreate additional queue for user %s: %s " % (user, str(e)))
+
+        # Clean up
+        for i in range(1, count+1):
+            session.queue_delete(queue="%s%d" % (user, i))
         try:
-            session2.queue_declare(queue="queuea3")
-            self.fail("Should not be able to create third queue")
+            session.close()
         except Exception, e:
-            result = None
-            session2 = self.get_session_by_port('alice','alice', self.port_q())
+            pass
 
-        # bob should be able to delete a queue and create another
-        try:
-            session.queue_delete(queue="queue1")
-            session.queue_declare(queue="queue3")
-        except qpid.session.SessionException, e:
-            self.fail("Error during queue create request");
+    def test_queue_per_named_user_quota(self):
+        """
+        Test ACL queue counting limits per named user.
+        """
+        aclf = self.get_acl_file()
+        aclf.write('quota queues 2 ted@QPID carrol@QPID\n')
+        aclf.write('quota queues 1 edward@QPID\n')
+        aclf.write('quota queues 0 mick@QPID\n')
+        aclf.write('acl allow all all')
+        aclf.close()
 
-        # alice should be able to delete a queue and create another
-        try:
-            session2.queue_delete(queue="queuea1")
-            session2.queue_declare(queue="queuea3")
-        except qpid.session.SessionException, e:
-            self.fail("Error during queue create request");
+        result = self.reload_acl()
+        if (result):
+            self.fail(result)
+
+        # named users should be able to create specified number of queues
+        self.queue_quota("ted", 'ted', 2)
+        self.queue_quota("carrol", 'carrol', 2)
+        self.queue_quota("edward", 'edward', 1)
+
+        # User with quota of 0 is denied
+        self.queue_quota("mick", 'mick', 0)
+
+        # User not named in quotas is denied
+        self.queue_quota("dan", 'dan', 0)
+
+    def test_queue_per_user_quota(self):
+        """
+        Test ACL queue counting limits.
+        port_q has a limit of 2
+        """
+        # bob should be able to create two queues
+        self.queue_quota("bob", 'bob', 2, self.port_q())
+
+        # alice should be able to create two queues
+        self.queue_quota("alice", 'alice', 2, self.port_q())
+
+
+    def test_queue_limits_by_unnamed_all(self):
+        """
+        Test ACL control queue limits
+        """
+        aclf = self.get_acl_file()
+        aclf.write('quota queues 2 aliceQUA@QPID bobQUA@QPID\n')
+        aclf.write('quota queues 1 all\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+
+        result = self.reload_acl()
+        if (result):
+            self.fail(result)
+
+        # By username should be able to connect twice per user
+        self.queue_quota('aliceQUA', 'alice', 2)
+        self.queue_quota('bobQUA', 'bob', 2)
+
+        # User not named in quotas gets 'all' quota
+        self.queue_quota('charlieQUA', 'charlie', 1)
+
+
+    def test_queue_limits_by_group(self):
+        """
+        Test ACL control queue limits
+        """
+        aclf = self.get_acl_file()
+        aclf.write('group hobbits frodoGR@QPID samGR@QPID merryGR@QPID\n')
+        aclf.write('quota queues 2 gandalfGR@QPID aragornGR@QPID\n')
+        aclf.write('quota queues 2 hobbits rosieGR@QPID\n')
+        aclf.write('# user and groups may be overwritten. Should use last value\n')
+        aclf.write('quota queues 3 aragornGR@QPID hobbits\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+
+        result = self.reload_acl()
+        if (result):
+            self.fail(result)
+
+        # gandalf gets 2
+        self.queue_quota('gandalfGR', 'gandalf', 2)
+
+        # aragorn gets 3
+        self.queue_quota('aragornGR', 'aragorn', 3)
+
+        # frodo gets 3
+        self.queue_quota('frodoGR', 'frodo', 3)
+
+        # User not named in quotas is denied
+        self.queue_quota('bilboGR', 'bilbo', 0)
 
 class BrokerAdmin:
     def __init__(self, broker, username=None, password=None):
author	Charles E. Rolke <chug@apache.org>	2013-03-01 22:20:33 +0000
committer	Charles E. Rolke <chug@apache.org>	2013-03-01 22:20:33 +0000
commit	b9f04e24129422f03cb1c4658be339e66b397179 (patch)
tree	a3e28c86015f99fcfbd813ee3781d0d2905fe000 /qpid/cpp/src/tests/acl.py
parent	a2208ec6b1c7e9c1c9cca7ea22820b791d5127b8 (diff)
download	qpid-python-b9f04e24129422f03cb1c4658be339e66b397179.tar.gz