commit 13e65fa8edad6efa61a8fc36523020451c65fe4b
author Chuck Rolke <crolke@redhat.com> Thu Jul 28 16:55:07 2016 -0400
committer Chuck Rolke <crolke@redhat.com> Thu Jul 28 16:55:07 2016 -0400
tree f64f3401a5899c8a22811c3b18b908b1f1070962
parent de617bfc4109621e9dc16712bb2c2e6d31cb1316

DISPATCH-463: Remove policy username wildcard from docs, examples, and tests.

doc/book/policy.adoc

diff --git a/doc/book/policy.adoc b/doc/book/policy.adoc
index b520a45..9d41323 100644
--- a/doc/book/policy.adoc
+++ b/doc/book/policy.adoc
@@ -181,16 +181,6 @@
 The asterisk must stand alone and cannot be appended to a host name
 or to an IP address fragment.
 
-=== User Name Wildcard
-
-User names in group name lists may be specified by a name prefix
-terminated with a single asterisk character.
-
-[options="nowrap"]
-----
-    users: customer*, admin, employee*
-----
-
 === AMQP Source and Target Wildcard and Name Substitution
 
 The rule definitions for `sources` and `targets` may include the username
@@ -248,9 +238,9 @@
 vhost {
     name: $default                 <2>
     maxConnectionsPerUser: 10      <3>
+    allowUnknownUser: true         <4>
     groups: {
-        all: {
-            users: *               <4>
+        $default: {
             remoteHosts: *         <5>
             sources: *             <6>
             targets: *             <6>
@@ -262,8 +252,8 @@
 <1> The global maxConnections limit of 100 is enforced.
 <2> No normal vhost names are defined; user is assigned to default vhost '$default'.
 <3> The vhost maxConnectionsPerUser limit of 10 is enforced.
-<4> User name is found in user group 'all'
-<5> The user is allowed to connect from any remote host. The connection is approved and the user gets user group 'all' settings.
+<4> No groups are defined to have any users but allowUnknownUser is true so all users are assigned to group $default.
+<5> The user is allowed to connect from any remote host.
 <6> The user is allowed to connect to any source or target in the AMQP network. Router system-wide values are used for the other AMQP settings that are unspecified in the vhost rules.
 
 === Example 3. Admins Must Connect From Localhost
@@ -337,7 +327,7 @@
     name: traders.com                            <1>
     groups: {
         traders: {
-            users: trader-*                      <2>
+            users: trader-1, trader-2, ...       <2>
             maxFrameSize: 10000                  <3>
             maxSessionWindow: 500                <3>
             maxSessions: 1                       <4>
@@ -355,7 +345,7 @@
 ----
 
 <1> These rules are for vhost traders.com.
-<2> The 'traders' group includes any user whose name begins with _trader-_.
+<2> The 'traders' group includes trader-1, trader-2, and any other user defined in the list.
 <3> _maxFrameSize_ and _maxSessionWindow_ allow for at most 5,000,000 bytes of data to be in flight on each session.
 <4> Only one session per connection is allowed.
 <5> In the 'feeds' group two users are defined.

python/qpid_dispatch_internal/policy/policy_local.py

diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index c401e94..5b61152 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -713,7 +713,7 @@
         ruleset_str += '"test":            { "users": "zeke, ynot", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255", "maxFrameSize": 444444, "maxMessageSize": 444444, "maxSessionWindow": 444444, "maxSessions": 4, "maxSenders": 44, "maxReceivers": 44, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "private", "targets": "private" },'
         ruleset_str += '"admin":           { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
         ruleset_str += '"superuser":       { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
-        ruleset_str += '"$default":        { "users": "*", "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
+        ruleset_str += '"$default":        {                   "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
         ruleset_str += '}}]'
 
         ruleset = json.loads(ruleset_str)

tests/policy-1/policy-boardwalk.json

diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json
index 1d17751..0961402 100644
--- a/tests/policy-1/policy-boardwalk.json
+++ b/tests/policy-1/policy-boardwalk.json
@@ -70,7 +70,6 @@
                     "targets": "public, private, management, root"
                 },
                 "$default": {
-                    "users": "*",
                     "remoteHosts": "*",
                     "maxFrameSize": 222222,
                     "maxMessageSize": 222222,

tests/policy-1/policy-safari.json

diff --git a/tests/policy-1/policy-safari.json b/tests/policy-1/policy-safari.json
index 613761e..107d35f 100644
--- a/tests/policy-1/policy-safari.json
+++ b/tests/policy-1/policy-safari.json
@@ -69,7 +69,6 @@
                     "targets": "public, private, management, root"
                 },
                 "$default": {
-                    "users": "*",
                     "remoteHosts": "*",
                     "maxFrameSize": 222222,
                     "maxMessageSize": 222222,

tests/policy-2/test-router-with-policy.json.in

diff --git a/tests/policy-2/test-router-with-policy.json.in b/tests/policy-2/test-router-with-policy.json.in
index 26405fd..c4de9f9 100644
--- a/tests/policy-2/test-router-with-policy.json.in
+++ b/tests/policy-2/test-router-with-policy.json.in
@@ -121,7 +121,6 @@
           "targets": "public, private, management, root"
         },
         "$default" : {
-          "users":            "*",
           "remoteHosts":      "*",
           "maxFrameSize":     222222,
           "maxMessageSize":   222222,

tests/policy-3/test-sender-receiver-limits.json

diff --git a/tests/policy-3/test-sender-receiver-limits.json b/tests/policy-3/test-sender-receiver-limits.json
index 9103a26..1c9f90f 100644
--- a/tests/policy-3/test-sender-receiver-limits.json
+++ b/tests/policy-3/test-sender-receiver-limits.json
@@ -9,7 +9,6 @@
       "allowUnknownUser": true,
       "groups": {
         "$default" : {
-          "users": "*",
           "remoteHosts": "*",
           "maxFrameSize":     222222,
           "maxMessageSize":   222222,
@@ -33,7 +32,6 @@
       "allowUnknownUser": true,
       "groups": {
         "$default" : {
-          "users": "*",
           "remoteHosts": "*",
           "maxFrameSize":     222222,
           "maxMessageSize":   222222,
@@ -57,7 +55,6 @@
       "allowUnknownUser": true,
       "groups": {
         "$default" : {
-          "users": "*",
           "remoteHosts": "*",
           "maxFrameSize":     222222,
           "maxMessageSize":   222222,