BIND 10 #983: Python wrappers for ACLs

BIND 10 Development do-not-reply at isc.org
Fri Jul 8 13:15:49 UTC 2011 

#983: Python wrappers for ACLs
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  vorner                             |                Status:  reviewing
                       Type:  task   |             Milestone:
                   Priority:  major  |  Sprint-20110712
                  Component:         |            Resolution:
  Unclassified                       |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  5.0
Feature Depending on Ticket:  ACL    |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Changes (by vorner):

 * owner:  vorner => jinmei


Comment:

 Hello

 To address the design points first. I like it to be split into two parts,
 I don't know if it's better to be done this way or if more modules can be
 packed into one .so, but it is probably simpler this way anyway.

 The thing about `load_request_acl` ‒ I'm little bit worried here. I expect
 we'll add a way to write custom checks sometime in future and I'd really
 like it to be possible to write them in python as well. Then we would need
 to expose the loader itself to register it and would need to change the
 interface. But maybe I worry too soon.

 The code itself looks clean, with few small details:
  * I fixed a problem in Makefile ‒ it failed here, because dnsacl could
 not find an exception type from libacl. And I think the libacl should not
 depend on dns acl.
  * I don't really understand this comment, what does it mean?
 {{{
         // Install module constants.  Note that we can release our own
         // references to these objects because we don't have corresponding
         // C++ variables.
 }}}
  * In `PyInit_acl`, can some of the installToModule thing fail? Shouldn't
 it be checked for NULL? Or is this some kind of our thing that throws?
  * Why are the included files with documentation `.cc`? Shouldn't they be
 .h?
  * src/lib/python/isc/acl/dns.py seems to have the legal header twice.
  * Should this really be `TypeError`?
 {{{#!C++
 PyErr_SetString(PyExc_TypeError,
                     "RequestACL cannot be directly constructed");
 }}}
  * The functions that construct the ACLs take strings. I get it is the
 same as with the logging, but the logging is not really exposed, it is
 used from within the ModuleConfig thing. This might be used externally, do
 you think it makes sense to accept the list argument directly (and call
 the conversion to string to be used from within the C++ code)?

 With regards

-- 
Ticket URL: <https://bind10.isc.org/ticket/983#comment:7>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list