Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.6.0
-
None
Description
The policy schema suffers from some object naming issues that could
stand cleanup. Some are simple renames to make things consistent
but others require new names that better describe the objects being
configured.
Another goal of renaming things is to have the names used in logging
be the same as the names used in configuration.
Concept renames
'application' -> 'virtualhost'
The application name is derived from the hostname field of the AMQP
Open performative. Calling it an application is fine sometimes but
not always. Referring to the Open.hostname field a virtualhost is
always applicable.
Entity 'policyRuleset' -> 'virtualhostRuleset'
The 'policy ruleset' gathers a bunch of different definitions into
one object. Exactly how the name 'policyRuleset' expresses that is
not clear. If the rules apply to one virtualhost then using the name
'virtualhostRuleset' clarifes the intent.
'ingress' -> 'remote' host definition attributes
Using 'ingress' to describe anything in a messaging system may be
associated more with messages than it would with remote user
connections. Remote hosts are commonly associated with remote
users and that is what the policy definitions are describing.
Logging
Policy logging will of course make all the changes to reflect
concept renames.
Policy code uses a common format for the log messages when policy
allow or deny decisions are rendered. Here is a log message from
the current code:
POLICY (trace) ALLOW AMQP Begin Session. user: anonymous, hostip: 127.0.0.1, app: (null)
After renaming things the same log will be:
POLICY (trace) ALLOW AMQP Begin Session. user: anonymous, rhost: 127.0.0.1, vhost: (null)
Specific proposed renames
Config entities
Current | Proposed |
---|---|
policy | policy |
policyRuleset | virtualhostRuleset |
policy entity attributes
Current | Proposed |
---|---|
maximumConnections | maxConnections |
enableAccessRules | enableAccessRules |
policyFolder | policyDir |
virtualhostRuleset entity attributes
Current | Proposed |
---|---|
applicationName | virtualhostName |
maxConnections | maxConnections |
maxConnPerUser | maxConnectionsPerUser |
maxConnPerHost | maxConnectionsPerHost |
userGroups | userGroups |
ingressHostGroups | remoteHostGroups |
ingressPolicies | connectionsAllowed |
connectionAllowDefault | connectionAllowUnknownUser |
settings | settings |