target = 4738; listen = 4737; directory = .; logfile = broker.log; debug-level = server=1; admin-name = "Perforce Admins"; admin-phone = 999/911; admin-email = perforce-admins@example.com; compress = false; # Optional user account to authenticate the broker to the target server with. #service-user = "svc-user-broker"; # Optional alternate P4TICKETS location. #ticket-file = "/p4/broker/.p4tickets"; redirection = selective; #------------------------------------------------------------------------------- # Definitions of all altservers in the environment. #------------------------------------------------------------------------------- # Note that the altserver name can not be 'random' as that is reserved for use # in the destination field of command handlers to specify that the altserver # should be chosen randomly. # #altserver: replica_name #{ # # # # Address of target server. Note that target servers must be configured # # to use P4AUTH to ensure that login tickets are valid for all servers in # # the brokered environment. I.e. the target and alternate servers must # # share their authentication. # # # target = localhost:1669; #} #------------------------------------------------------------------------------- # Command policies #------------------------------------------------------------------------------- # # The general syntax is: # # command: <regex pattern> # { # # Conditions for the command to meet (optional) # # Note that with the exception of 'flags', these are regex patterns. # # See 'p4 help grep' for an explanation of the regex syntax. # flags = <required flags>; # args = <required arguments>; # user = <required user>; # workspace = <required client workspace>; # prog = <required client program>; # version = <required version of client program>; # # # What to do with matching commands (required) # action = pass | reject | redirect | filter ; # # # How to go about it # destination = <altserver>; # Required for action = redirect # execute = <path to filter program>; # Required for action = filter # message = <rejection message>; # Required for action = reject #} # # Note that when specifying regex patterns, bare strings like 'integ' will also # match 'integrate'. To match an exact string, append the beginning/end of line # anchors. E.g. '^integ$'. # # Uncomment the lines below to block all access to the server during # periods of maintenance. # #command: .* #{ # action = reject; # message = "Server down for maintenance. Back soon"; #} # # Allow user 'tony' to run 'p4 opened -a'. # #command: opened #{ # flags = -a; # user = tony; # action = pass; #} # # # Forbid the use of 'p4 opened -a' to everyone else. # #command: opened #{ # flags = -a; # action = reject; # message = "You don't need to know that"; #} # # Use of the 'p4 changes' command is filtered. The script might decide # that requests for information about older changes can be served by # an alternate server. # #command: changes #{ # action = filter; # execute = ./check_changes.rb; #} # # Redirect all 'p4 users' commands to another server. Not a very useful # example; good cases for wholesale redirection are hard to come by and # great care should be exercised when using this action. # #command: users #{ # action = redirect; # destination = replica; #} # When the destination is 'random', the altserver is chosen arbitrarily. # #command: fixes #{ # action = redirect; # destination = random; #} # # The combination of the following two command handlers lets you create two # classes of super user - one with full 'super' privileges, and another that # can only run a subset of the full 'super' command set. This separation is # only effective if all user requests are passing through the broker. # # The first rule assumes a naming scheme where full super users have names # prefixed by 'super-'. The second one rejects all requests for the 'super' # commands that we don't want the rest of the super users (or anyone else) # to run. Note that we're specifically not matching 'protects' since P4V # requires it to log in. # #command: admin|protect|obliterate #{ # user = ^super-; # action = pass; #} # #command: admin|^protect$|obliterate #{ # action = reject; # message = "permission denied."; #} # # Reject programs that don't identify themselves. # #command: .* #{ # prog = ^$|unknown; # action = reject; # message = "Unnamed programs disallowed. API programs can call SetProg()."; #} # # Reject commands with arguments against //... and //some_depot/... # # Note that this will also match //client/ syntax, which is often of a much # smaller scope than a path in depot syntax. Client software such as P4V # relies on client syntax, so one might want to list out the depot names # explicitly instead of using the generic regex. # #command: .* #{ # args = ^//[^/]*/?\.\.\.; # action = reject; # message = "Some commands just want to watch the database churn."; #}
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#3 | 25531 | C. Thomas Tyler |
Refactored to receive merge from SDP. This structure emphasizes that HMS will be layered on the SDP. The tree is now structured to make it clear where files appear in an as-deployed configurtion, overlaid into the '/p4/common' structure of the SDP. The test suite is outside this structure, as it will not be deployed (due to dependencies on infratructure that won't likely appear in SDP production deployments). |
||
#2 | 20510 | C. Thomas Tyler | Tweaked to allow sideline testing. | ||
#1 | 20508 | C. Thomas Tyler | Added test broker config file. |