@ -1,25 +1,31 @@
####### Permissions module ##########
#!trydef KZ_PERMISSIONS_MAX_SUBNET 2048
#!trydef KZ_PERMISSIONS_CACHE 0
#!trydef TRUSTED_AMQP_FLAGS 2048
loadmodule "permissions.so"
modparam("permissions", "db_url", "KAZOO_DB_URL")
modparam("permissions", "db_mode", KZ_PERMISSIONS_CACHE)
modparam("permissions", "peer_tag_avp", "$avp(trusted_x_header)")
modparam("permissions", "max_subnets", KZ_PERMISSIONS_MAX_SUBNET)
modparam("rtimer", "timer", "name = trusted_reload;interval=20;mode=1;")
modparam("rtimer", "timer", "name = trusted_reload;interval=3 0;mode=1;")
modparam("rtimer", "exec", "timer = trusted_reload;route=TRUSTED_RELOAD")
modparam("rtimer", "exec", "timer = trusted_reload;route=TRUSTED_QUERY")
modparam("pv", "shvset", "trusted_query = i:1")
#!trydef TRUSTED_AMQP_FLAGS 2048
route[TRUSTED_LOAD]
{
$shv(trusted_query) = 0;
$shv(trusted_query) = 2;
$shv(trusted_reload) = 0;
$var(amqp_payload_request) = $_s({"Event-Category" : "trusted" , "Event-Name" : "query"});
$var(amqp_routing_key) = "trusted.query";
xlog("L_DEBUG ", "event|trusted|publishing to acl = > $var(amqp_routing_key) : $var(amqp_payload_request)\n");
xlog("L_INFO ", "event|trusted|publishing to acl = > $var(amqp_routing_key) : $var(amqp_payload_request)\n");
if(kazoo_query("trusted", $var(amqp_routing_key), $var(amqp_payload_request), "$def(TRUSTED_AMQP_FLAGS)") ! = 1) {
if($(kzR{kz.json,Event-Name}) = = "message_returned" ) {
xlog("L_WARNING", "event|trusted|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n");
@ -30,16 +36,19 @@ route[TRUSTED_LOAD]
return;
}
xlog("L_DEBUG", "event|trusted|query got reply $kzR \n");
xlog("L_INFO", "event|trusted|query got reply \n");
avp_delete("$avp(TrustedKeys)/g");
if(kazoo_json_keys($kzR, "Trusted", "$avp(TrustedKeys)") ! = 1) {
xlog("L_WARNING", "event|trusted|no keys for Trusted\n");
$shv(trusted_query) = 0;
return;
}
xlog("L_INFO", "event|trusted|cleaning address table\n");
sql_query("exec", "delete from address");
$var(total) = 0;
$var(Count) = $cnt($avp(TrustedKeys));
$var(Idx) = 0;
xlog("L_INFO", "event|trusted|count for trusted is $var(Count)\n");
while($var(Idx) < $var(Count)) {
$var(KeyName) = $(avp(TrustedKeys)[$var(Idx)]);
$var(Key) = $(var(KeyName){s.replace,.,%});
@ -69,18 +78,19 @@ route[TRUSTED_LOAD]
$var(portIdx) = 0;
while($var(portIdx) < $var(port_count)) {
$var(sql) = $_s(insert into address(ip_addr, mask, port, tag) values("$var(ip)", $var(mask), $(avp(ports)[$var(portIdx)]), "$var(token)"));
sql_query("exec", "$var(sql)");
sql_query("exec", "$var(sql)");
$var(portIdx) = $var(portIdx) + 1;
$var(total) = $var(total) + 1;
}
$var(cidr_idx) = $var(cidr_idx) + 1;
$var(total) = $var(total) + 1;
}
$var(Idx) = $var(Idx) + 1;
}
xlog("L_NOTICE", "event|trusted|loaded $var(total) entries into address table\n");
$shv(trusted_reload) = 1;
$shv(trusted_query) = 0;
}
@ -88,14 +98,16 @@ route[RELOAD_TRUSTED]
{
jsonrpc_exec('{"jsonrpc": "2.0", "method": "permissions.addressReload"}');
xlog("L_NOTICE", "event|trusted|reload $(jsonrpl(body){kz.json,result})\n");
$shv(trusted_reload) = 0;
}
route[TRUSTED_RELOAD]
{
if($shv(trusted_reload) = = 1) {
$shv(trusted_reload) = 2;
} else if($shv(trusted_reload) = = 2) {
route(RELOAD_TRUSTED);
};
$shv(trusted_reload) = 0;
}
route[TRUSTED_QUERY]
@ -121,5 +133,10 @@ route[TRUSTED_BINDINGS]
event_route[kazoo:consumer-event-trusted-reload]
{
xlog("L_NOTICE", "event|trusted|received trusted reload\n");
$shv(trusted_query) = 1;
if ($shv(trusted_query) = = 0) {
xlog("L_NOTICE", "event|trusted|signaling trusted reload\n");
$shv(trusted_query) = 1;
} else {
xlog("L_NOTICE", "event|trusted|signal already active for trusted reload\n");
}
}
Luis Azedo
5 years ago