Unverified Commit 48b6e913 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Merge #2191

parents 2adcf037 bfdb265f
......@@ -1486,18 +1486,6 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
will work in a similar way.
The list form is currently rejected due to an
implementation bug. There is a plan to fix it relatively
soon, so the syntax is kept here, but note that it won't
work until the bug is fixed. To keep track of the status
of the issue, see
<ulink url="http://bind10.isc.org/ticket/2191">Trac #2191</ulink>.
Until then, the value must be a single string.
If that is not enough, you can compose the matching conditions
to logical expressions. They are called "ANY", "ALL" and "NOT".
......@@ -136,10 +136,6 @@ public:
virtual boost::shared_ptr<RequestCheck>
create(const std::string& name, isc::data::ConstElementPtr definition,
const acl::Loader<RequestContext>& loader);
/// Until we are sure how the various rules work for this case, we won't
/// allow unexpected special interpretation for list definitions.
virtual bool allowListAbbreviation() const { return (false); }
} // end of namespace "internal"
......@@ -62,6 +62,18 @@ TEST(DNSACL, getRequestLoader) {
" \"from\": \"\"}]")));
// Check we can abbreviate the IP address lists and TSIG keys
TEST(DNSACL, abbreviated) {
dns::RequestLoader* l(&getRequestLoader());
EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
" \"from\": [\"\","
" \"::1\"]}]")));
EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
" \"key\": [\"key.example.\","
" \"other.\"]}]")));
class RequestCheckCreatorTest : public ::testing::Test {
dns::internal::RequestCheckCreator creator_;
......@@ -78,7 +90,7 @@ TEST_F(RequestCheckCreatorTest, names) {
TEST_F(RequestCheckCreatorTest, allowListAbbreviation) {
// The following two tests check the creator for the form of
......@@ -197,10 +197,6 @@ class RequestACLTest(unittest.TestCase):
'[{"action": "ACCEPT", "from": 4}]')
self.assertRaises(LoaderError, REQUEST_LOADER.load,
[{"action": "ACCEPT", "from": 4}])
self.assertRaises(LoaderError, REQUEST_LOADER.load,
'[{"action": "ACCEPT", "from": []}]')
self.assertRaises(LoaderError, REQUEST_LOADER.load,
[{"action": "ACCEPT", "from": []}])
self.assertRaises(LoaderError, REQUEST_LOADER.load,
'[{"action": "ACCEPT", "key": 1}]')
self.assertRaises(LoaderError, REQUEST_LOADER.load,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment