Merge #2191

doc/guide/bind10-guide.xml

@@ -1486,18 +1486,6 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
           will work in a similar way.
         </para>
 
-        <note>
-          <simpara>
-	    The list form is currently rejected due to an
-	    implementation bug.  There is a plan to fix it relatively
-	    soon, so the syntax is kept here, but note that it won't
-	    work until the bug is fixed.  To keep track of the status
-	    of the issue, see
-	    <ulink url="http://bind10.isc.org/ticket/2191">Trac #2191</ulink>.
-	    Until then, the value must be a single string.
-          </simpara>
-        </note>
-
         <para>
           If that is not enough, you can compose the matching conditions
           to logical expressions. They are called "ANY", "ALL" and "NOT".

src/lib/acl/dns.h

@@ -136,10 +136,6 @@ public:
     virtual boost::shared_ptr<RequestCheck>
     create(const std::string& name, isc::data::ConstElementPtr definition,
            const acl::Loader<RequestContext>& loader);
-
-    /// Until we are sure how the various rules work for this case, we won't
-    /// allow unexpected special interpretation for list definitions.
-    virtual bool allowListAbbreviation() const { return (false); }
 };
 } // end of namespace "internal"
 

src/lib/acl/tests/dns_test.cc

@@ -62,6 +62,18 @@ TEST(DNSACL, getRequestLoader) {
                                               "  \"from\": \"192.0.2.1\"}]")));
 }
 
+// Check we can abbreviate the IP address lists and TSIG keys
+TEST(DNSACL, abbreviated) {
+    dns::RequestLoader* l(&getRequestLoader());
+
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"from\": [\"127.0.0.1\","
+                                              "             \"::1\"]}]")));
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"key\": [\"key.example.\","
+                                              "            \"other.\"]}]")));
+}
+
 class RequestCheckCreatorTest : public ::testing::Test {
 protected:
     dns::internal::RequestCheckCreator creator_;
@@ -78,7 +90,7 @@ TEST_F(RequestCheckCreatorTest, names) {
 }
 
 TEST_F(RequestCheckCreatorTest, allowListAbbreviation) {
-    EXPECT_FALSE(creator_.allowListAbbreviation());
+    EXPECT_TRUE(creator_.allowListAbbreviation());
 }
 
 // The following two tests check the creator for the form of

src/lib/python/isc/acl/tests/dns_test.py

@@ -198,10 +198,6 @@ class RequestACLTest(unittest.TestCase):
         self.assertRaises(LoaderError, REQUEST_LOADER.load,
                           [{"action": "ACCEPT", "from": 4}])
         self.assertRaises(LoaderError, REQUEST_LOADER.load,
-                          '[{"action": "ACCEPT", "from": []}]')
-        self.assertRaises(LoaderError, REQUEST_LOADER.load,
-                          [{"action": "ACCEPT", "from": []}])
-        self.assertRaises(LoaderError, REQUEST_LOADER.load,
                           '[{"action": "ACCEPT", "key": 1}]')
         self.assertRaises(LoaderError, REQUEST_LOADER.load,
                           [{"action": "ACCEPT", "key": 1}])