diff options
| author | Ted Ross <tross@apache.org> | 2012-07-26 14:38:53 +0000 |
|---|---|---|
| committer | Ted Ross <tross@apache.org> | 2012-07-26 14:38:53 +0000 |
| commit | 636830f7161ee1bc772e7d96716cdb3264002cb7 (patch) | |
| tree | 3073c079723ccd3c4279afc4e20999a905be8896 /qpid/tools | |
| parent | f5707c7969f5bac6700c37c946dbfb0eb9a8d7ef (diff) | |
| download | qpid-python-636830f7161ee1bc772e7d96716cdb3264002cb7.tar.gz | |
QPID-3175 - Added SSL/x.509-auth capability to Python clients and Python tools
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1366020 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/tools')
| -rwxr-xr-x | qpid/tools/src/py/qpid-cluster | 27 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-config | 25 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-ha | 21 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-printevents | 25 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-queue-stats | 14 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-route | 31 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-stat | 29 | ||||
| -rwxr-xr-x | qpid/tools/src/py/qpid-tool | 9 | ||||
| -rw-r--r-- | qpid/tools/src/py/qpidtoollibs/broker.py | 5 |
9 files changed, 122 insertions, 64 deletions
diff --git a/qpid/tools/src/py/qpid-cluster b/qpid/tools/src/py/qpid-cluster index d4f9391dcf..7d800b52fb 100755 --- a/qpid/tools/src/py/qpid-cluster +++ b/qpid/tools/src/py/qpid-cluster @@ -64,17 +64,19 @@ class IpAddr: return bestAddr class BrokerManager: - def __init__(self, config): - self.config = config - self.brokerName = None - self.qmf = None - self.broker = None - self.brokers = [] + def __init__(self, config, conn_options): + self.config = config + self.cert = None + self.conn_options = conn_options + self.brokerName = None + self.qmf = None + self.broker = None + self.brokers = [] def SetBroker(self, brokerUrl): self.url = brokerUrl self.qmf = Session() - self.broker = self.qmf.addBroker(brokerUrl, self.config._connTimeout) + self.broker = self.qmf.addBroker(brokerUrl, self.config._connTimeout, **self.conn_options) agents = self.qmf.getAgents() for a in agents: if a.getAgentBank() == '0': @@ -240,6 +242,8 @@ def main(argv=None): description="Example: $ qpid-cluster -C broker-host:10000") parser.add_option("-t", "--timeout", action="store", type="int", default=10, metavar="SECS", help="Maximum time to wait for broker connection (in seconds)") + parser.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") parser.add_option("-C", "--all-connections", action="store_true", default=False, help="View client connections to all cluster members") parser.add_option("-c", "--connections", metavar="ID", help="View client connections to specified member") parser.add_option("-d", "--del-connection", metavar="HOST:PORT", help="Disconnect a client connection") @@ -280,7 +284,13 @@ def main(argv=None): config._force = opts.force config._numeric = opts.numeric - bm = BrokerManager(config) + conn_options = {} + if opts.sasl_mechanism: + conn_options['mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + + bm = BrokerManager(config, conn_options) try: bm.SetBroker(config._host) @@ -303,7 +313,6 @@ def main(argv=None): bm.Disconnect() except Exception, e: - raise print str(e) return 1 diff --git a/qpid/tools/src/py/qpid-config b/qpid/tools/src/py/qpid-config index 1308df765d..df43b7ea4e 100755 --- a/qpid/tools/src/py/qpid-config +++ b/qpid/tools/src/py/qpid-config @@ -88,7 +88,6 @@ class Config: self._altern_ex = None self._durable = False self._replicate = None - self._ha_admin = False self._clusterDurable = False self._if_empty = True self._if_unused = True @@ -102,7 +101,6 @@ class Config: self._ive = False self._eventGeneration = None self._file = None - self._sasl_mechanism = None self._flowStopCount = None self._flowResumeCount = None self._flowStopSize = None @@ -114,6 +112,7 @@ class Config: self._returnCode = 0 config = Config() +conn_options = {} FILECOUNT = "qpid.file_count" FILESIZE = "qpid.file_size" @@ -177,6 +176,9 @@ def OptionsAndArguments(argv): group1.add_option("-r", "--recursive", action="store_true", help="Show bindings in queue or exchange list") group1.add_option("-b", "--broker", action="store", type="string", default="localhost:5672", metavar="<address>", help="Address of qpidd broker with syntax: [username/password@] hostname | ip-address [:<port>]") group1.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + group1.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + group1.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") + group1.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group1) group_ls = OptionGroup(parser, "Options for Listing Exchanges and Queues") @@ -187,7 +189,6 @@ def OptionsAndArguments(argv): group2.add_option("--alternate-exchange", action="store", type="string", metavar="<aexname>", help="Name of the alternate-exchange for the new queue or exchange. Exchanges route messages to the alternate exchange if they are unable to route them elsewhere. Queues route messages to the alternate exchange if they are rejected by a subscriber or orphaned by queue deletion.") group2.add_option("--durable", action="store_true", help="The new queue or exchange is durable.") group2.add_option("--replicate", action="store", metavar="<level>", help="Enable automatic replication in a HA cluster. <level> is 'none', 'configuration' or 'all').") - group2.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group2) group3 = OptionGroup(parser, "Options for Adding Queues") @@ -306,6 +307,16 @@ def OptionsAndArguments(argv): config._extra_arguments = opts.extra_arguments if opts.start_replica: config._start_replica = opts.start_replica + + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + if opts.ha_admin: + conn_options['client_properties'] = {'qpid.ha-admin' : 1} + return args @@ -355,11 +366,9 @@ class BrokerManager: self.conn = None self.broker = None - def SetBroker(self, brokerUrl, mechanism): + def SetBroker(self, brokerUrl): self.url = brokerUrl - client_properties={} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.conn = Connection.establish(self.url, sasl_mechanisms=mechanism, client_properties=client_properties) + self.conn = Connection.establish(self.url, **conn_options) self.broker = BrokerAgent(self.conn) def Disconnect(self): @@ -690,7 +699,7 @@ def main(argv=None): bm = BrokerManager() try: - bm.SetBroker(config._host, config._sasl_mechanism) + bm.SetBroker(config._host) if len(args) == 0: bm.Overview() else: diff --git a/qpid/tools/src/py/qpid-ha b/qpid/tools/src/py/qpid-ha index 6ddde93967..5b701a1fb4 100755 --- a/qpid/tools/src/py/qpid-ha +++ b/qpid/tools/src/py/qpid-ha @@ -19,8 +19,7 @@ # under the License. # -import qmf.console, optparse, sys, time, os -from qpid.management import managementChannel, managementClient +import optparse, sys, time, os from qpid.messaging import Connection from qpid.messaging import Message as QpidMessage from qpidtoollibs.broker import BrokerAgent @@ -47,6 +46,8 @@ class Command: self.help = help self.op=optparse.OptionParser(usage) self.op.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + self.op.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + self.op.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") self.op.add_option("-b", "--broker", action="store", type="string", default="localhost:5672", metavar="<address>", help="Address of qpidd broker with syntax: [username/password@] hostname | ip-address [:<port>]") def execute(self, args): @@ -54,13 +55,19 @@ class Command: if len(args) != len(self.arg_names)+1: self.op.print_help() raise Exception("Wrong number of arguments") - connection = Connection.establish( - opts.broker, - sasl_mechanisms=opts.sasl_mechanism, - client_properties={"qpid.ha-admin":1}) + conn_options = {} + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + conn_options['client_properties'] = {'qpid.ha-admin' : 1} + + connection = Connection.establish(opts.broker, **conn_options) qmf_broker = BrokerAgent(connection) ha_broker = qmf_broker.getHaBroker() - if not ha_broker: raise Exception("HA module is not loaded on broker at %s"%broker) + if not ha_broker: raise Exception("HA module is not loaded on broker at %s" % opts.broker) try: self.do_execute(qmf_broker, ha_broker, opts, args) finally: connection.close() diff --git a/qpid/tools/src/py/qpid-printevents b/qpid/tools/src/py/qpid-printevents index 7c3e2b6c23..0d0f1a0782 100755 --- a/qpid/tools/src/py/qpid-printevents +++ b/qpid/tools/src/py/qpid-printevents @@ -57,11 +57,10 @@ class EventReceiver(Thread): This class does not use the "reconnect" option because it needs to report as events when the connection is established and when it's lost. """ - def __init__(self, printer, url, mechanism, options): + def __init__(self, printer, url, options): Thread.__init__(self) self.printer = printer self.url = url - self.mechanism = mechanism self.options = options self.running = True self.helper = EventHelper() @@ -73,7 +72,7 @@ class EventReceiver(Thread): isOpen = False while self.running: try: - conn = Connection.establish(self.url, sasl_mechanisms=self.mechanism, client_properties=self.options) + conn = Connection.establish(self.url, **options) isOpen = True self.printer.pr(strftime("%c", gmtime(time())) + " NOTIC qpid-printevents:brokerConnected broker=%s" % self.url) @@ -133,23 +132,37 @@ def main(argv=None): p = optparse.OptionParser(usage=_usage, description=_description, formatter=JHelpFormatter()) p.add_option("--heartbeats", action="store_true", default=False, help="Use heartbeats.") p.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + p.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + p.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") + p.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") options, arguments = p.parse_args(args=argv) if len(arguments) == 0: arguments.append("localhost") brokers = [] - mechanism = options.sasl_mechanism - props = {'qpid.ha-admin' : 1} + conn_options = {} + props = {} printer = Printer() + if options.sasl_mechanism: + conn_options['sasl_mechanisms'] = options.sasl_mechanism + if options.ssl_certificate: + conn_options['ssl_certfile'] = options.ssl_certificate + if options.ssl_key: + conn_options['ssl_key'] = options.ssl_key + if options.ha_admin: + props['qpid.ha-admin'] = 1 if options.heartbeats: props['heartbeat'] = 5 + if len(props) > 0: + conn_options['client_properties'] = props + try: try: for host in arguments: - er = EventReceiver(printer, host, mechanism, props) + er = EventReceiver(printer, host, conn_options) brokers.append(er) er.start() diff --git a/qpid/tools/src/py/qpid-queue-stats b/qpid/tools/src/py/qpid-queue-stats index 562ccce32d..f68609aed8 100755 --- a/qpid/tools/src/py/qpid-queue-stats +++ b/qpid/tools/src/py/qpid-queue-stats @@ -32,13 +32,13 @@ from qpid.connection import Connection, ConnectionFailed from time import sleep class BrokerManager(Console): - def __init__(self, host, mechanism): + def __init__(self, host, conn_options): self.url = host self.objects = {} self.filter = None self.session = Session(self, rcvEvents=False, rcvHeartbeats=False, userBindings=True, manageConnections=True) - self.broker = self.session.addBroker(self.url, None, mechanism) + self.broker = self.session.addBroker(self.url, **conn_options) self.firstError = True def setFilter(self,filter): @@ -126,17 +126,23 @@ def main(argv=None): p.add_option('--broker-address','-a', default='localhost' , help='broker-addr is in the form: [username/password@] hostname | ip-address [:<port>] \n ex: localhost, 10.1.1.7:10000, broker-host:10000, guest/guest@localhost') p.add_option('--filter','-f' ,default=None ,help='a list of comma separated queue names (regex are accepted) to show') p.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") - + p.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") options, arguments = p.parse_args(args=argv) + conn_options = {} + if options.sasl_mechanism: + conn_options['mechanisms'] = options.sasl_mechanism + if options.ssl_certificate: + conn_options['ssl_certfile'] = options.ssl_certificate + host = options.broker_address filter = [] if options.filter != None: for s in options.filter.split(","): filter.append(re.compile(s)) - bm = BrokerManager(host, options.sasl_mechanism) + bm = BrokerManager(host, conn_options) bm.setFilter(filter) bm.Display() diff --git a/qpid/tools/src/py/qpid-route b/qpid/tools/src/py/qpid-route index 0316c24322..00c7c59189 100755 --- a/qpid/tools/src/py/qpid-route +++ b/qpid/tools/src/py/qpid-route @@ -53,16 +53,15 @@ def Usage(): class Config: def __init__(self): - self._verbose = False - self._quiet = False - self._durable = False - self._dellink = False - self._srclocal = False - self._transport = "tcp" - self._ack = 0 - self._connTimeout = 10 - self._client_sasl_mechanism = None - self._ha_admin = False + self._verbose = False + self._quiet = False + self._durable = False + self._dellink = False + self._srclocal = False + self._transport = "tcp" + self._ack = 0 + self._connTimeout = 10 + self._conn_options = {} config = Config() @@ -97,6 +96,7 @@ def OptionsAndArguments(argv): parser.add_option("-t", "--transport", action="store", type="string", default="tcp", metavar="<transport>", help="Transport to use for links, defaults to tcp") parser.add_option("--client-sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). Used when the client connects to the destination broker (not for authentication between the source and destination brokers - that is specified using the [mechanisms] argument to 'add route'). SASL automatically picks the most secure available mechanism - use this option to override.") + parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") parser.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") opts, encArgs = parser.parse_args(args=argv) @@ -130,13 +130,16 @@ def OptionsAndArguments(argv): config._transport = opts.transport if opts.ha_admin: - config._ha_admin = True + config._conn_options['client_properties'] = {'qpid.ha-admin' : 1} if opts.ack: config._ack = opts.ack if opts.client_sasl_mechanism: - config._client_sasl_mechanism = opts.client_sasl_mechanism + config._conn_options['mechanisms'] = opts.client_sasl_mechanism + + if opts.ssl_certificate: + config._conn_options['ssl_certfile'] = opts.ssl_certificate return args @@ -147,9 +150,7 @@ class RouteManager: self.local = BrokerURL(localBroker) self.remote = None self.qmf = Session() - client_properties = {} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.broker = self.qmf.addBroker(localBroker, config._connTimeout, config._client_sasl_mechanism, client_properties=client_properties) + self.broker = self.qmf.addBroker(localBroker, config._connTimeout, **config._conn_options) self.broker._waitForStable() self.agent = self.broker.getBrokerAgent() diff --git a/qpid/tools/src/py/qpid-stat b/qpid/tools/src/py/qpid-stat index cd2633756e..458ae36182 100755 --- a/qpid/tools/src/py/qpid-stat +++ b/qpid/tools/src/py/qpid-stat @@ -42,15 +42,15 @@ class Config: self._limit = 50 self._increasing = False self._sortcol = None - self._sasl_mechanism = None - self._ha_admin = False config = Config() +conn_options = {} def OptionsAndArguments(argv): """ Set global variables for options, return arguments """ global config + global conn_options usage = \ """%prog -g [options] @@ -70,6 +70,8 @@ def OptionsAndArguments(argv): help="Maximum time to wait for broker connection (in seconds)") group1.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + group1.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + group1.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") group1.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group1) @@ -100,8 +102,15 @@ def OptionsAndArguments(argv): config._connTimeout = opts.timeout config._increasing = opts.increasing config._limit = opts.limit - config._sasl_mechanism = opts.sasl_mechanism - config._ha_admin = opts.ha_admin + + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + if opts.ha_admin: + conn_options['client_properties'] = {'qpid.ha-admin' : 1} return args @@ -137,11 +146,9 @@ class BrokerManager: self.broker = None self.cluster = None - def SetBroker(self, brokerUrl, mechanism): + def SetBroker(self, brokerUrl): self.url = brokerUrl - client_properties={} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.connection = Connection.establish(self.url, sasl_mechanisms=mechanism, client_properties=client_properties) + self.connection = Connection.establish(self.url, **conn_options) self.broker = BrokerAgent(self.connection) def Disconnect(self): @@ -246,9 +253,10 @@ class BrokerManager: def displayConn(self): disp = Display(prefix=" ") heads = [] - heads.append(Header('client-addr')) + heads.append(Header('connection')) heads.append(Header('cproc')) heads.append(Header('cpid')) + heads.append(Header('mech')) heads.append(Header('auth')) heads.append(Header('connected', Header.DURATION)) heads.append(Header('idle', Header.DURATION)) @@ -262,6 +270,7 @@ class BrokerManager: row.append(conn.address) row.append(conn.remoteProcessName) row.append(conn.remotePid) + row.append(conn.saslMechanism) row.append(conn.authIdentity) row.append(broker.getUpdateTime() - conn.getCreateTime()) row.append(broker.getUpdateTime() - conn.getUpdateTime()) @@ -537,7 +546,7 @@ def main(argv=None): bm = BrokerManager() try: - bm.SetBroker(config._host, config._sasl_mechanism) + bm.SetBroker(config._host) bm.display(args) bm.Disconnect() return 0 diff --git a/qpid/tools/src/py/qpid-tool b/qpid/tools/src/py/qpid-tool index b31d93594c..4afa18dbb1 100755 --- a/qpid/tools/src/py/qpid-tool +++ b/qpid/tools/src/py/qpid-tool @@ -173,11 +173,11 @@ class Mcli(Cmd): class QmfData(Console): """ """ - def __init__(self, disp, url): + def __init__(self, disp, url, cert): self.disp = disp self.url = url self.session = Session(self, manageConnections=True) - self.broker = self.session.addBroker(self.url) + self.broker = self.session.addBroker(self.url, ssl_certfile=cert) self.lock = Lock() self.connected = None self.closing = None @@ -724,10 +724,13 @@ if _host[0] == '-': sys.exit(1) disp = Display() +cert = None +if len(cargs) > 1: + cert = cargs[1] # Attempt to make a connection to the target broker try: - data = QmfData(disp, _host) + data = QmfData(disp, _host, cert) except Exception, e: if str(e).find("Exchange not found") != -1: print "Management not enabled on broker: Use '-m yes' option on broker startup." diff --git a/qpid/tools/src/py/qpidtoollibs/broker.py b/qpid/tools/src/py/qpidtoollibs/broker.py index d34c2e6ced..ea31aeabb0 100644 --- a/qpid/tools/src/py/qpidtoollibs/broker.py +++ b/qpid/tools/src/py/qpidtoollibs/broker.py @@ -194,9 +194,10 @@ class BrokerAgent(object): def getMemory(self): return self._getSingleObject(Memory) - def echo(self, sequence, body): + def echo(self, sequence = 1, body = "Body"): """Request a response to test the path to the management broker""" - pass + args = {'sequence' : sequence, 'body' : body} + return self._method('echo', args) def connect(self, host, port, durable, authMechanism, username, password, transport): """Establish a connection to another broker""" |