apache · ganeshmurthy · Apr 3, 2017
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -23,7 +23,7 @@
 
 import json
 import pdb
-from policy_util import PolicyError, HostStruct, HostAddr, PolicyAppConnectionMgr
+from policy_util import PolicyError, HostStruct, HostAddr, PolicyAppConnectionMgr, is_ipv6_enabled
 
 """
 Entity implementing the business logic of user connection/access policy.
@@ -702,8 +702,14 @@ def test_load_config(self):
         ruleset_str += '"users":           { "users": "u1, u2", "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" },'
         ruleset_str += '"paidsubscribers": { "users": "p1, p2", "remoteHosts": "*", "maxFrameSize": 333333, "maxMessageSize": 333333, "maxSessionWindow": 333333, "maxSessions": 3, "maxSenders": 33, "maxReceivers": 33, "allowDynamicSource": true, "allowAnonymousSender": false, "sources": "public, private", "targets": "public, private" },'
         ruleset_str += '"test":            { "users": "zeke, ynot", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255", "maxFrameSize": 444444, "maxMessageSize": 444444, "maxSessionWindow": 444444, "maxSessions": 4, "maxSenders": 44, "maxReceivers": 44, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "private", "targets": "private" },'
-        ruleset_str += '"admin":           { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
-        ruleset_str += '"superuser":       { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+
+        if is_ipv6_enabled():
+            ruleset_str += '"admin":           { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
+            ruleset_str += '"superuser":       { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+        else:
+            ruleset_str += '"admin":           { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
+            ruleset_str += '"superuser":       { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+
         ruleset_str += '"$default":        {                   "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
         ruleset_str += '}}]'
 

diff --git a/python/qpid_dispatch_internal/policy/policy_util.py b/python/qpid_dispatch_internal/policy/policy_util.py
@@ -17,11 +17,9 @@
 # under the License
 #
 
-import sys, os
 import socket
 import binascii
 
-
 #
 #
 class PolicyError(Exception):
@@ -30,8 +28,19 @@ def __init__(self, value):
     def __str__(self):
         return repr(self.value)
 
-#
-#
+def is_ipv6_enabled():
+    """
+    Returns true if IPV6 is enabled, false otherwise
+    """
+    ipv6_enabled = True
+    try:
+        sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
+        sock.bind(('::1', 0))
+    except Exception as e:
+        ipv6_enabled = False
+
+    return ipv6_enabled
+
 class HostStruct(object):
     """
     HostStruct represents a single, binary socket address from getaddrinfo
@@ -42,10 +51,11 @@ class HostStruct(object):
     """
     families = [socket.AF_INET]
     famnames = ["IPv4"]
-    if socket.has_ipv6:
+    if is_ipv6_enabled():
         families.append(socket.AF_INET6)
         famnames.append("IPv6")
 
+
     def __init__(self, hostname):
         """
         Given a host name text string, return the socket info for it.
@@ -70,7 +80,6 @@ def __init__(self, hostname):
                         if not saddr == sockaddr[0] or not sfamily == family:
                             raise PolicyError("HostStruct: '%s' resolves to multiple IP addresses" %
                                               hostname)
-
             if not foundFirst:
                 raise PolicyError("HostStruct: '%s' did not resolve to one of the supported address family" %
                         hostname)
@@ -116,9 +125,6 @@ class HostAddr(object):
     Raises a PolicyError on validation error in constructor.
     """
 
-    def has_ipv6(self):
-        return socket.has_ipv6
-
     def __init__(self, hostspec, separator=","):
         """
         Parse host spec into binary structures to use for comparisons.

diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json
@@ -57,7 +57,7 @@
                 },
                 "superuser": {
                     "users": "ellen",
-                    "remoteHosts": "127.0.0.1, ::1, 72.135.2.9",
+                    "remoteHosts": "127.0.0.1, 72.135.2.9, ::1",
                     "maxFrameSize": 666666,
                     "maxMessageSize": 666666,
                     "maxSessionWindow": 666666,

diff --git a/tests/policy-1/policy-boardwalk.json.in b/tests/policy-1/policy-boardwalk.json.in
@@ -0,0 +1,88 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements.  See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership.  The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License.  You may obtain a copy of the License at
+##
+##   http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied.  See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+
+[
+    # The boardwalk policy ruleset
+    ["vhost",
+        {
+            "id": "boardwalk",
+            "maxConnections": 10,
+            "maxConnectionsPerUser": 2,
+            "maxConnectionsPerHost": 5,
+            "allowUnknownUser": true,
+            "groups": {
+                "anonymous": {
+                    "users": "anonymous",
+                    "remoteHosts": "10.18.0.0-10.18.255.255, 10.48.0.0-10.48.255.255, 192.168.0.0-192.168.255.255",
+                    "maxFrameSize": 111111,
+                    "maxMessageSize": 111111,
+                    "maxSessionWindow": 111111,
+                    "maxSessions": 1,
+                    "maxSenders": 11,
+                    "maxReceivers": 11,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public",
+                    "targets": ""
+                },
+                "users": {
+                    "users": "u1, u2, u3",
+                    "remoteHosts": "*",
+                    "maxFrameSize": 222222,
+                    "maxMessageSize": 222222,
+                    "maxSessionWindow": 222222,
+                    "maxSessions": 2,
+                    "maxSenders": 22,
+                    "maxReceivers": 22,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private",
+                    "targets": "public"
+                },
+                "superuser": {
+                    "users": "ellen",
+                    "remoteHosts": "127.0.0.1, 72.135.2.9{IPV6_LOOPBACK}",
+                    "maxFrameSize": 666666,
+                    "maxMessageSize": 666666,
+                    "maxSessionWindow": 666666,
+                    "maxSessions": 6,
+                    "maxSenders": 66,
+                    "maxReceivers": 66,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private, management, root",
+                    "targets": "public, private, management, root"
+                },
+                "$default": {
+                    "remoteHosts": "*",
+                    "maxFrameSize": 222222,
+                    "maxMessageSize": 222222,
+                    "maxSessionWindow": 222222,
+                    "maxSessions": 2,
+                    "maxSenders": 22,
+                    "maxReceivers": 22,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private",
+                    "targets": "public"
+                }
+            }
+        }
+    ]
+]
diff --git a/tests/policy-1/policy-safari.json.in b/tests/policy-1/policy-safari.json.in
@@ -0,0 +1,87 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements.  See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership.  The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License.  You may obtain a copy of the License at
+##
+##   http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied.  See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+[
+    # The safari policy ruleset
+    ["vhost",
+        {
+            "id": "safari",
+            "maxConnections": 10,
+            "maxConnectionsPerUser": 2,
+            "maxConnectionsPerHost": 5,
+            "allowUnknownUser": true,
+            "groups": {
+                "anonymous": {
+                    "users": "anonymous",
+                    "remoteHosts": "*",
+                    "maxFrameSize": 111111,
+                    "maxMessageSize": 111111,
+                    "maxSessionWindow": 111111,
+                    "maxSessions": 1,
+                    "maxSenders": 11,
+                    "maxReceivers": 11,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public",
+                    "targets": ""
+                },
+                "clients": {
+                    "users": "moja, mbili",
+                    "remoteHosts": "72.135.2.9",
+                    "maxFrameSize": 222222,
+                    "maxMessageSize": 222222,
+                    "maxSessionWindow": 222222,
+                    "maxSessions": 2,
+                    "maxSenders": 22,
+                    "maxReceivers": 22,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private",
+                    "targets": "public"
+                },
+                "guides": {
+                    "users": "kata, hapa",
+                    "remoteHosts": "72.135.2.9, 10.48.0.0-10.48.255.255, 192.168.0.0-192.168.255.255, 127.0.0.1{IPV6_LOOPBACK}",
+                    "maxFrameSize": 666666,
+                    "maxMessageSize": 666666,
+                    "maxSessionWindow": 666666,
+                    "maxSessions": 6,
+                    "maxSenders": 66,
+                    "maxReceivers": 66,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private, management, root",
+                    "targets": "public, private, management, root"
+                },
+                "$default": {
+                    "remoteHosts": "*",
+                    "maxFrameSize": 222222,
+                    "maxMessageSize": 222222,
+                    "maxSessionWindow": 222222,
+                    "maxSessions": 2,
+                    "maxSenders": 22,
+                    "maxReceivers": 22,
+                    "allowDynamicSource": false,
+                    "allowAnonymousSender": false,
+                    "sources": "public, private",
+                    "targets": "public"
+                }
+            }
+        }
+    ]
+]
diff --git a/tests/router_policy_test.py b/tests/router_policy_test.py
@@ -19,12 +19,12 @@
 
 import unittest
 
-from qpid_dispatch_internal.policy.policy_util import HostAddr
+from qpid_dispatch_internal.policy.policy_util import HostAddr, is_ipv6_enabled
 from qpid_dispatch_internal.policy.policy_util import HostStruct
 from qpid_dispatch_internal.policy.policy_util import PolicyError
 from qpid_dispatch_internal.policy.policy_util import PolicyAppConnectionMgr
 from qpid_dispatch_internal.policy.policy_local import PolicyLocal
-from system_test import TestCase, main_module, is_ipv6_enabled
+from system_test import TestCase, main_module
 
 class PolicyHostAddrTest(TestCase):
 

diff --git a/tests/system_test.py b/tests/system_test.py
@@ -143,20 +143,6 @@ def get_local_host_socket(protocol_family='IPv4'):
 
     return s, host
 
-def is_ipv6_enabled():
-    """
-    Returns true if IPV6 is enabled, false otherwise
-    """
-    sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
-    ipv6_enabled = True
-    try:
-        sock.bind(('::1', 0))
-    except Exception as e:
-        if "socket.error" in str(type(e)):
-            ipv6_enabled = False
-
-    return ipv6_enabled
-
 def port_available(port, protocol_family='IPv4'):
     """Return true if connecting to host:port gives 'connection refused'."""
     s, host = get_local_host_socket(protocol_family)

diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
@@ -23,6 +23,7 @@
 from subprocess import PIPE, STDOUT
 from proton import ConnectionException
 from proton.utils import BlockingConnection, LinkDetached
+from qpid_dispatch_internal.policy.policy_util import is_ipv6_enabled
 
 class AbsoluteConnectionCountLimit(TestCase):
     """
@@ -78,7 +79,22 @@ class LoadPolicyFromFolder(TestCase):
     def setUpClass(cls):
         """Start the router"""
         super(LoadPolicyFromFolder, cls).setUpClass()
+
+        ipv6_enabled = is_ipv6_enabled()
+
         policy_config_path = os.path.join(DIR, 'policy-1')
+        replacements = {'{IPV6_LOOPBACK}':', ::1'}
+        for f in os.listdir(policy_config_path):
+            if f.endswith(".json.in"):
+                with open(policy_config_path + "/" + f) as infile, open(policy_config_path+"/"+f[:-3], 'w') as outfile:
+                    for line in infile:
+                        for src, target in replacements.iteritems():
+                            if ipv6_enabled:
+                                line = line.replace(src, target)
+                            else:
+                                line = line.replace(src, '')
+                        outfile.write(line)
+
         config = Qdrouterd.Config([
             ('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
             ('listener', {'port': cls.tester.get_port()}),

diff --git a/tests/system_tests_protocol_family.py b/tests/system_tests_protocol_family.py
@@ -20,7 +20,8 @@
 import unittest
 from time import sleep
 from proton import Message
-from system_test import TestCase, Qdrouterd, main_module, is_ipv6_enabled
+from system_test import TestCase, Qdrouterd, main_module
+from qpid_dispatch_internal.policy.policy_util import is_ipv6_enabled
 
 try:
     from proton import MODIFIED