DISPATCH-333: Create new router policies doc#255
DISPATCH-333: Create new router policies doc#255bhardesty wants to merge 5 commits intoapache:masterfrom
Conversation
ChugR
left a comment
ChugR
left a comment
There was a problem hiding this comment.
Only one minor comment on how vhost config objects transition between logical spaces.
| ==== | ||
|
|
||
| `sources`:: | ||
| A list of source addresses from which users in this group may receive messages. To specify multiple addresses, separate the addresses with either a comma or a space. If you do not specify any addresses, users in this group are not allowed to receive messages from any addresses. |
There was a problem hiding this comment.
Maybe call them 'AMQP source addresses' to signal to the reader that it is not a network address but a protocol thing. Same for targets.
bhardesty
force-pushed
the
dispatch-333-policies
branch
from
db9bb96 to
3da2a0b
Compare
| defaultVhost: $default // <4> | ||
| } | ||
| ---- | ||
| <1> The maximum number of concurrent client connections allowed for this router. This limit is always enforced, even if no other policy settings have been defined. The limit is applied to all incoming connections regardless of remote host, authenticated user, or targeted vhost. The default value is `65535`. |
There was a problem hiding this comment.
If possible, please provide the minimum and maximum values for this element.
There was a problem hiding this comment.
maxConnections is restricted to be in the range 0..65535 inclusive. That said, a setting of zero works but it renders the router to be useless as no users or management clients can connect to it. The 65535 was chosen to be some limit that is probably not achievable in the real world.
There was a problem hiding this comment.
I updated this to specify that 65535 is both the default and the maximum.
dmuntima
left a comment
dmuntima
left a comment
There was a problem hiding this comment.
Ben, looks good. Just a few suggestions.
| ** The remote hosts from which the group members may connect to the router network | ||
| ** The AMQP resources that the group members are permitted to access on the vhost | ||
|
|
||
| You can configure vhost policies directly in the router configuration file, or create them as JSON files. |
There was a problem hiding this comment.
Add links to the text "router configuration file" and " create them as JSON files" for the respective sections.
|
|
||
| . Repeat the previous step for each additional router that should use the vhost policies located in the vhost policy directory. | ||
|
|
||
| === Example: A Vhost Policy Configuration |
There was a problem hiding this comment.
Suggestion: If this is a heading level three, I think renaming it to "Configuring a Vhost Policy - Example" would be better to maintain parallelism in the headings.
There was a problem hiding this comment.
Good catch. I made this change.
| * The host from which the client is connecting (the remote host) | ||
|
|
||
| If the connection is permitted, then the router applies a vhost policy that matches the vhost to which the connection is directed. The vhost policy limits are enforced for the lifetime of the connection. | ||
|
|
There was a problem hiding this comment.
This description is correct but it glosses over some of the structure within a vhost policy. In a vhost policy maxConnections, maxConnectionsPerUser, maxConnectionsPerHost, and allowUnknownUser are common for all users. Then based on the user name the vhost policy assigns the remaining policy settings (vhostUserGroupSettings). Users who connect to a given vhost may receive different settings based on what user group the user is assigned.
There was a problem hiding this comment.
I reworked this section to better account for the nuances of vhost policies.
* Add new Authorization section to Security chapter * Remove old policies content * Update policy configuration attribute descriptions
bhardesty
force-pushed
the
dispatch-333-policies
branch
from
3da2a0b to
15251bf
Compare
* Added new Authorization section to Security chapter * Removed old policies content * Updated policy configuration attribute descriptions This closes apache#255
3 participants
@ChugR @RoddieKieley here's the updated policies doc. Please review for technical accuracy. Updates include: