Ruby spec a ffi-rzmq project

Intro

When working with async messaging, tests are more difficult. ffi-rzmq library is special because messages are received in a weird way:

receiver.recv_string(buffer = "")

The message payload is in the buffer variable, which is passed as a parameter. To achieve testing I had to turn buffer to a instance variable (@buffer) and I resorted to the mock results Arbitrary Handling

    # e is a Emitter instance, my fictionary zeromq-based class
    @endpoint.should_receive(:recv_string) do
      e.instance_variable_set("@buffer", my_data)
    end
    @endpoint.should_receive(:recv_string) do 
      e.instance_variable_set("@buffer", "__END_OF_DATA__")
    end

@endpoint is a mocked socket: when it receives the recv_string method, it replaces @buffer instance variable on e. Please have a look at the example code.

Protect your Hawt.IO ActiveMQ-5.9.0 console with LDAP

Starting from version 5.9.0, activemq is shipped with the hawt.io web console.

Out-of-the-box the credentials to access are admin:admin, istructions are at: $ACTIVEMQ_HOME/docs/WebConsole-README.txt.

In order to enable a LDAP based authorization, you need to modify the jaas conf file (default is: $ACTIVEMQ_HOME/conf/login.config) and a couple of Java Additional Parameters ($ACTIVEMQ_OPTS) which can be specified in various places, wrapper.conf, for example.

You also need a java LDAP library: ldaptive. Please copy the newest ldaptive jar file from http://www.ldaptive.org/download in your $ACTIVEMQ_HOME/lib.

login.config

The login.config should look like:

	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	activemq {
	org.ldaptive.jaas.LdapLoginModule required
	debug=true
	storePass="true"
	ldapUrl="ldap://ldap.example.org:389"
	baseDn="ou=people,dc=example,dc=org"
	useStartTLS="true"
	credentialConfig="{trustCertificates=file:/etc/ssl/certs/ca-chain.pem}"
	userFilter="(uid={user})";
	org.ldaptive.jaas.LdapRoleAuthorizationModule required
	useFirstPass="true"
	ldapUrl="ldap://ldap.example.org:389"
	bindDn="cn=hawtio,ou=agents,dc=example,dc=org"
	baseDn="ou=groups,dc=example,dc=org"
	bindCredential="secret"
	roleFilter="(&(cn=the_admins_group)(memberUid={user}))"
	useStartTLS="true"
	credentialConfig="{trustCertificates=file:/etc/ssl/certs/ca-chain.pem}"
	defaultRole="admins"
	roleAttribute="cn";
	};

view raw login.config hosted with ❤ by GitHub

The cn=hawtio,ou=agents,dc=example,dc=org is a principal allowed to browse the groups' memberships.
Users allowed to access to hawt.io have to be members of the cn=the_admins_group,ou=groups,dc=example,dc=org group.

The LDAP server is ldap.example.org and it is contacted over TLS.

Java Additional Parameters

The relevant Java Additional Parameters are:

• hawtio.realm=activemq: should match the key if config.login (activemq in the previous example);
• hawtio.role=admins: group membership required. As the defaultRole membership is granted to the users found in the roleFilter, you need to match the defaultRole;
• hawtio.rolePrincipalClasses=org.ldaptive.jaas.LdapRole: the java class of the role. The given value is correct for a ldaptive-granted role;
• java.security.auth.login.config=%ACTIVEMQ_CONF%/login.config: location of the jaas config file.

These parameters can be specified in ./bin/activemq, in wrapper.conf or in /etc/default/activemq (Linux GNU/Debian).

Enable logging

This couple of lines in logback.xml can help you a lot:

	<logger name="org.ldaptive" additivity="false">
	<level value="DEBUG"/>
	<appender-ref ref="R" />
	<appender-ref ref="stdout" />
	</logger>
	<logger name="io.hawt" additivity="false">
	<level value="DEBUG"/>
	<appender-ref ref="R" />
	<appender-ref ref="stdout" />
	</logger>

view raw logback.xml hosted with ❤ by GitHub