| [hono-dev] Qpid Dispatch Router Policies |
|
Hi, I had a look at the policy rulesets that can be defined in the Dispatch Router configuration with the goal to secure the receiver side of our telemetry use case. My first approach was to define an application for the Hono server, a user group for each tenant with the users that have access to it and set allowed endpoints
for each tenant. With the help of the examples from the tests I ended up with something like this (I omitted all max* settings for brevity): [ [ "policyRuleset", { "applicationName": "hono", "userGroups": { "myTenant": "user1 user2", "anotherTenant": "user3 user4" }, "ingressHostGroups": { "world": "*" }, "ingressPolicies": { "myTenant": "world", "anotherTenant": "world" }, "settings": { "myTenant": { "allowDynamicSrc": true, "allowAnonymousSender": false, "sources": "telemetry/myTenant", "targets": "telemetry/myTenant" }, "anotherTenant": { "allowDynamicSrc": true, "allowAnonymousSender": false, "sources": "telemetry/anotherTenant", "targets": "telemetry/anotherTenant" } } } ] ] Now my first question is if this approach is valid and this is how the policies are supposed to be used? Apart from that it’s not clear to me what the
applicationName is used? Some this resolves to the IP/hostname of the server (in my case the Docker container)? Best regards Dominik Guggemos INST/ECS1 Tel. +49 7545 202-396 |