Merge #2191

48b6e913 · Michal 'vorner' Vaner · 2adcf037 · bfdb265f · 48b6e913 · 48b6e913
Unverified Commit 48b6e913 authored Sep 26, 2012 by Michal 'vorner' Vaner
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1486,18 +1486,6 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
          will work in a similar way.
        </para>

-        <note>
-          <simpara>
-	    The list form is currently rejected due to an
-	    implementation bug.  There is a plan to fix it relatively
-	    soon, so the syntax is kept here, but note that it won't
-	    work until the bug is fixed.  To keep track of the status
-	    of the issue, see
-	    <ulink url="http://bind10.isc.org/ticket/2191">Trac #2191</ulink>.
-	    Until then, the value must be a single string.
-          </simpara>
-        </note>
-
        <para>
          If that is not enough, you can compose the matching conditions
          to logical expressions. They are called "ANY", "ALL" and "NOT".

--- a/src/lib/acl/dns.h
+++ b/src/lib/acl/dns.h
@@ -136,10 +136,6 @@ public:
    virtual boost::shared_ptr<RequestCheck>
    create(const std::string& name, isc::data::ConstElementPtr definition,
           const acl::Loader<RequestContext>& loader);
-
-    /// Until we are sure how the various rules work for this case, we won't
-    /// allow unexpected special interpretation for list definitions.
-    virtual bool allowListAbbreviation() const { return (false); }
 };
 } // end of namespace "internal"


--- a/src/lib/acl/tests/dns_test.cc
+++ b/src/lib/acl/tests/dns_test.cc
@@ -62,6 +62,18 @@ TEST(DNSACL, getRequestLoader) {
                                              "  \"from\": \"192.0.2.1\"}]")));
 }

+// Check we can abbreviate the IP address lists and TSIG keys
+TEST(DNSACL, abbreviated) {
+    dns::RequestLoader* l(&getRequestLoader());
+
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"from\": [\"127.0.0.1\","
+                                              "             \"::1\"]}]")));
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"key\": [\"key.example.\","
+                                              "            \"other.\"]}]")));
+}
+
 class RequestCheckCreatorTest : public ::testing::Test {
 protected:
    dns::internal::RequestCheckCreator creator_;
@@ -78,7 +90,7 @@ TEST_F(RequestCheckCreatorTest, names) {
 }

 TEST_F(RequestCheckCreatorTest, allowListAbbreviation) {
-    EXPECT_FALSE(creator_.allowListAbbreviation());
+    EXPECT_TRUE(creator_.allowListAbbreviation());
 }

 // The following two tests check the creator for the form of

--- a/src/lib/python/isc/acl/tests/dns_test.py
+++ b/src/lib/python/isc/acl/tests/dns_test.py
@@ -197,10 +197,6 @@ class RequestACLTest(unittest.TestCase):
                          '[{"action": "ACCEPT", "from": 4}]')
        self.assertRaises(LoaderError, REQUEST_LOADER.load,
                          [{"action": "ACCEPT", "from": 4}])
-        self.assertRaises(LoaderError, REQUEST_LOADER.load,
-                          '[{"action": "ACCEPT", "from": []}]')
-        self.assertRaises(LoaderError, REQUEST_LOADER.load,
-                          [{"action": "ACCEPT", "from": []}])
        self.assertRaises(LoaderError, REQUEST_LOADER.load,
                          '[{"action": "ACCEPT", "key": 1}]')
        self.assertRaises(LoaderError, REQUEST_LOADER.load,