target = 4738; listen = 4737; directory = .; logfile = broker.log; debug-level = server=1; admin-name = "Perforce Admins"; admin-phone = 999/911; admin-email = perforce-admins@example.com; compress = false; # Optional user account to authenticate the broker to the target server with. #service-user = "svc-user-broker"; # Optional alternate P4TICKETS location. #ticket-file = "/p4/broker/.p4tickets"; redirection = selective; #------------------------------------------------------------------------------- # Definitions of all altservers in the environment. #------------------------------------------------------------------------------- # Note that the altserver name can not be 'random' as that is reserved for use # in the destination field of command handlers to specify that the altserver # should be chosen randomly. # #altserver: replica_name #{ # # # # Address of target server. Note that target servers must be configured # # to use P4AUTH to ensure that login tickets are valid for all servers in # # the brokered environment. I.e. the target and alternate servers must # # share their authentication. # # # target = localhost:1669; #} #------------------------------------------------------------------------------- # Command policies #------------------------------------------------------------------------------- # # The general syntax is: # # command: # { # # Conditions for the command to meet (optional) # # Note that with the exception of 'flags', these are regex patterns. # # See 'p4 help grep' for an explanation of the regex syntax. # flags = ; # args = ; # user = ; # workspace = ; # prog = ; # version = ; # # # What to do with matching commands (required) # action = pass | reject | redirect | filter ; # # # How to go about it # destination = ; # Required for action = redirect # execute = ; # Required for action = filter # message = ; # Required for action = reject #} # # Note that when specifying regex patterns, bare strings like 'integ' will also # match 'integrate'. To match an exact string, append the beginning/end of line # anchors. E.g. '^integ$'. # # Uncomment the lines below to block all access to the server during # periods of maintenance. # #command: .* #{ # action = reject; # message = "Server down for maintenance. Back soon"; #} # # Allow user 'tony' to run 'p4 opened -a'. # #command: opened #{ # flags = -a; # user = tony; # action = pass; #} # # # Forbid the use of 'p4 opened -a' to everyone else. # #command: opened #{ # flags = -a; # action = reject; # message = "You don't need to know that"; #} # # Use of the 'p4 changes' command is filtered. The script might decide # that requests for information about older changes can be served by # an alternate server. # #command: changes #{ # action = filter; # execute = ./check_changes.rb; #} # # Redirect all 'p4 users' commands to another server. Not a very useful # example; good cases for wholesale redirection are hard to come by and # great care should be exercised when using this action. # #command: users #{ # action = redirect; # destination = replica; #} # When the destination is 'random', the altserver is chosen arbitrarily. # #command: fixes #{ # action = redirect; # destination = random; #} # # The combination of the following two command handlers lets you create two # classes of super user - one with full 'super' privileges, and another that # can only run a subset of the full 'super' command set. This separation is # only effective if all user requests are passing through the broker. # # The first rule assumes a naming scheme where full super users have names # prefixed by 'super-'. The second one rejects all requests for the 'super' # commands that we don't want the rest of the super users (or anyone else) # to run. Note that we're specifically not matching 'protects' since P4V # requires it to log in. # #command: admin|protect|obliterate #{ # user = ^super-; # action = pass; #} # #command: admin|^protect$|obliterate #{ # action = reject; # message = "permission denied."; #} # # Reject programs that don't identify themselves. # #command: .* #{ # prog = ^$|unknown; # action = reject; # message = "Unnamed programs disallowed. API programs can call SetProg()."; #} # # Reject commands with arguments against //... and //some_depot/... # # Note that this will also match //client/ syntax, which is often of a much # smaller scope than a path in depot syntax. Client software such as P4V # relies on client syntax, so one might want to list out the depot names # explicitly instead of using the generic regex. # #command: .* #{ # args = ^//[^/]*/?\.\.\.; # action = reject; # message = "Some commands just want to watch the database churn."; #}