DISPATCH-463: Remove policy username wildcard from docs, examples, and tests.
diff --git a/doc/book/policy.adoc b/doc/book/policy.adoc
index b520a45..9d41323 100644
--- a/doc/book/policy.adoc
+++ b/doc/book/policy.adoc
@@ -181,16 +181,6 @@
The asterisk must stand alone and cannot be appended to a host name
or to an IP address fragment.
-=== User Name Wildcard
-
-User names in group name lists may be specified by a name prefix
-terminated with a single asterisk character.
-
-[options="nowrap"]
-----
- users: customer*, admin, employee*
-----
-
=== AMQP Source and Target Wildcard and Name Substitution
The rule definitions for `sources` and `targets` may include the username
@@ -248,9 +238,9 @@
vhost {
name: $default <2>
maxConnectionsPerUser: 10 <3>
+ allowUnknownUser: true <4>
groups: {
- all: {
- users: * <4>
+ $default: {
remoteHosts: * <5>
sources: * <6>
targets: * <6>
@@ -262,8 +252,8 @@
<1> The global maxConnections limit of 100 is enforced.
<2> No normal vhost names are defined; user is assigned to default vhost '$default'.
<3> The vhost maxConnectionsPerUser limit of 10 is enforced.
-<4> User name is found in user group 'all'
-<5> The user is allowed to connect from any remote host. The connection is approved and the user gets user group 'all' settings.
+<4> No groups are defined to have any users but allowUnknownUser is true so all users are assigned to group $default.
+<5> The user is allowed to connect from any remote host.
<6> The user is allowed to connect to any source or target in the AMQP network. Router system-wide values are used for the other AMQP settings that are unspecified in the vhost rules.
=== Example 3. Admins Must Connect From Localhost
@@ -337,7 +327,7 @@
name: traders.com <1>
groups: {
traders: {
- users: trader-* <2>
+ users: trader-1, trader-2, ... <2>
maxFrameSize: 10000 <3>
maxSessionWindow: 500 <3>
maxSessions: 1 <4>
@@ -355,7 +345,7 @@
----
<1> These rules are for vhost traders.com.
-<2> The 'traders' group includes any user whose name begins with _trader-_.
+<2> The 'traders' group includes trader-1, trader-2, and any other user defined in the list.
<3> _maxFrameSize_ and _maxSessionWindow_ allow for at most 5,000,000 bytes of data to be in flight on each session.
<4> Only one session per connection is allowed.
<5> In the 'feeds' group two users are defined.
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index c401e94..5b61152 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -713,7 +713,7 @@
ruleset_str += '"test": { "users": "zeke, ynot", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255", "maxFrameSize": 444444, "maxMessageSize": 444444, "maxSessionWindow": 444444, "maxSessions": 4, "maxSenders": 44, "maxReceivers": 44, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "private", "targets": "private" },'
ruleset_str += '"admin": { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
ruleset_str += '"superuser": { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
- ruleset_str += '"$default": { "users": "*", "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
+ ruleset_str += '"$default": { "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
ruleset_str += '}}]'
ruleset = json.loads(ruleset_str)
diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json
index 1d17751..0961402 100644
--- a/tests/policy-1/policy-boardwalk.json
+++ b/tests/policy-1/policy-boardwalk.json
@@ -70,7 +70,6 @@
"targets": "public, private, management, root"
},
"$default": {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,
diff --git a/tests/policy-1/policy-safari.json b/tests/policy-1/policy-safari.json
index 613761e..107d35f 100644
--- a/tests/policy-1/policy-safari.json
+++ b/tests/policy-1/policy-safari.json
@@ -69,7 +69,6 @@
"targets": "public, private, management, root"
},
"$default": {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,
diff --git a/tests/policy-2/test-router-with-policy.json.in b/tests/policy-2/test-router-with-policy.json.in
index 26405fd..c4de9f9 100644
--- a/tests/policy-2/test-router-with-policy.json.in
+++ b/tests/policy-2/test-router-with-policy.json.in
@@ -121,7 +121,6 @@
"targets": "public, private, management, root"
},
"$default" : {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,
diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json
index 9103a26..1c9f90f 100644
--- a/tests/policy-3/test-sender-receiver-limits.json
+++ b/tests/policy-3/test-sender-receiver-limits.json
@@ -9,7 +9,6 @@
"allowUnknownUser": true,
"groups": {
"$default" : {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,
@@ -33,7 +32,6 @@
"allowUnknownUser": true,
"groups": {
"$default" : {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,
@@ -57,7 +55,6 @@
"allowUnknownUser": true,
"groups": {
"$default" : {
- "users": "*",
"remoteHosts": "*",
"maxFrameSize": 222222,
"maxMessageSize": 222222,