BIND 10 #1643: TSIG configuration syntax should be as consistent as possible for auth and xfrout
BIND 10 Development
do-not-reply at isc.org
Fri Feb 24 12:04:10 UTC 2012
#1643: TSIG configuration syntax should be as consistent as possible for auth and
xfrout
-------------------------------------+-------------------------------------
Reporter: | Owner: jinmei
jinmei | Status: reviewing
Type: | Milestone:
defect | Sprint-20120306
Priority: major | Resolution:
Component: | Sensitive: 0
configuration | Sub-Project: DNS
Keywords: | Estimated Difficulty: 5
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by vorner):
* owner: vorner => jinmei
Comment:
Hello
Replying to [comment:7 jinmei]:
> Ideally, I'd like to confirm actual zone transfer using TSIG via
> system tests. Since configuration involves multiple processes, and
> also we now have additional indirection to the global key ring,
> I'm afraid it's more likely to have a system-level bug that cannot be
> detected via unittests. This could be a separate deferred ticket
> though.
OK, I'll add the ticket when merging this.
> - Please explain a bit more rationale about this change. It's not
> crystal clear. (maybe we need to add the implication to the
> add_remote_config() description)
> {{{
> * The config callback should be called after the module is ready.
> }}}
The _add_remote_config_internal did call the callback if there were non-
default values. However, it did before setting the internal structures, so
it complain the remote config is not set up yet when used from inside the
callback. So I just switched the order there. There's no implication to
the outside, it was just a bug caught by system tests, so I fixed it.
> - not really for this branch, but `_add_remote_config_internal` seems
> to ignore some error cases:
> - non-0 rcode or value is None
Being none is allowed, if there's no config set yet. But I do check the
others now.
> }}}
> - error cases do not seem to be tested like this one:
> {{{#!python
> if module_spec.get_module_name() != module_name:
> raise ModuleCCSessionError("Module name mismatch: "
+
> module_name + " and " +
>
module_spec.get_module_name())
> }}}
> (you may also want to run pycoverage)
I tried running pycoverage, but it fails for me with this error:
{{{
Running test: edns_python_test.py
Traceback (most recent call last):
File
"/home/vorner/work/bind10/src/lib/dns/python/tests/edns_python_test.py",
line 18, in <module>
from pydnspp import *
ImportError: dynamic module does not define init function (initpydnspp)
make[7]: *** [check-local] Error 1
}}}
This seems to happen reliably with all wrapper modules, and I need to look
into it sometime. I didn't want to hold this ticket because of it, though.
> '''changelog'''
>
> - s/tsig_kes/tsig_key_ring/
> {{{
> However, the old
> configuration of Xfrout/tsig_kes need to be removed for Xfrout to
> work.
> }}}
Hmm, yes, you're right. I'll update it when merging.
--
Ticket URL: <http://bind10.isc.org/ticket/1643#comment:9>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list