BIND 10 #983: Python wrappers for ACLs
BIND 10 Development
do-not-reply at isc.org
Wed Jul 13 19:27:48 UTC 2011
#983: Python wrappers for ACLs
-------------------------------------+-------------------------------------
Reporter: | Owner: jinmei
vorner | Status: reviewing
Type: task | Milestone:
Priority: major | Sprint-20110802
Component: | Resolution:
Unclassified | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 5.0
Feature Depending on Ticket: ACL | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
Replying to [comment:17 vorner]:
> I think, when it is already written and is quite short, we might want to
include it. It will be more convenient and more the python way.
Okay.
> But, the `PyImport_AddModule` ‒ it does not ensure the module is
actually loaded into the interpretter (if somethind didn't load it before,
it returns an empty module). Can we expect it is already loaded, as in the
case of isc.acl.acl?
Ah, good point. Since the tests passed even if I didn't import json
explicitly, I blindly thought it was somehow imported as part of the
core system or something (but simply invisible until the script does
'import json'). The fact is that the json module is imported via
the isc.__init__.py, which imports isc.cc, whose __init__.py imports
cc.message, which imports json.
So, it's actually true that we could (normally) rely on the json
module has been imported by the time the acl.dns module is used, but
after figuring this out I now think it's probably too implicit and
fragile. In fact, a buggy or evil python script could explicitly
delete sys.module['json'] after importing isc.acl and before importing
isc.acl.dns, in which case the assumption isn't met.
So I revised the code further: First, isc.acl.__init__.py now
explicitly imports json (just to be explicit; as noted above, this is
actually a redundant operation in normal cases). Second, I moved the
access code to json.dumps() from load() to the class initialization
function. This way, we could defend us against some time of evil
behavior such as deleting sys.module['json'] after importing the dns
module.
> The documentation for the loader is taken from the C++ one and it speaks
about loading the checks. There's no function and no binding for the
checks currently, should that part be removed?
It at least notes create/registration (if you mean it by 'loading the
checks') is not available in the python version:
{{{
To allow any kind of checks to exist in the application, creators are\n\
registered for the names of the checks (this feature is not yet\n\
available for the python API).\n\
}}}
Basically, I wanted to keep the pydoc as close to the original C++ doc
as possible because the latter would also be modified in future, and
we want to incorporate the changes to pydoc. To make the merge easier
it would be helpful if the two versions are not so different.
And, in this case, according to you there's some plan (maybe at a
lower priority though) to add this feature to the python version, and
if so, I'd keep these parts with a simple note that it's not currently
available.
At the moment I didn't touch the documentation string. If you still
want to remove unimplemented part, could you be more specific about
exactly which part should better be removed?
--
Ticket URL: <http://bind10.isc.org/ticket/983#comment:18>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list