Opened 7 years ago

Closed 7 years ago

#2191 closed defect (fixed)

list form of ACL match value is rejected

Reported by: jinmei Owned by: vorner
Priority: medium Milestone: Sprint-20121009
Component: ACL Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: Core Feature Depending on Ticket:
Estimated Difficulty: 4 Add Hours to Ticket: 0
Total Hours: 0.94 Internal?: no


According to the discussion in #2066, it seems to have been expected
that the ACL parser should accept a list of strings (instead of a
single string) for the value of a match mapping:

"from": ["2001:db8::/32", ""]

but this type of form is currently rejected:

> config show Xfrout/transfer_acl
Xfrout/transfer_acl[0]	{"action": "ACCEPT"}	any	(default)
> config set Xfrout/transfer_acl[0] {"action": "ACCEPT", "from": ["", "2001:db8::/32"]}
> config commit
Error: Failed to handle new configuration: Failed to parse transfer_acl: stringValue() called on non-string Element

I actually didn't know that a list was expected to be accepted, but if
that was the intent, we should fix the implementation to meet it.

The ACL documentation in the guide will refer to this ticket. When
this issue is fixed the corresponding doc should also be updated.


Change History (6)

comment:1 Changed 7 years ago by vorner

I'm quite confident it was part of my original proposal. There may have been a
discussion after it, though, there seem to be a comment saying we were not sure
then. After some looking through the code, there's a support for this thing,
but it seems to be turned off ‒ grep for allowListAbbreviation in the lib/acl

However, as demonstrated on the example, I think this thing is pretty handy in practice.

comment:2 Changed 7 years ago by jelte

  • Milestone changed from New Tasks to Sprint-20120918

comment:3 Changed 7 years ago by vorner

  • Owner set to vorner
  • Status changed from new to accepted

comment:4 Changed 7 years ago by vorner

  • Owner changed from vorner to UnAssigned
  • Status changed from accepted to reviewing


It should be ready for review. The code changes are rather simple O:-)

The changelog would be:

[bug]	vorner
The abbreviated form of IP addresses in ACLs is accepted (eg. "from":
["127.0.01", "::1"] now works).

comment:5 Changed 7 years ago by jelte

  • Owner changed from UnAssigned to vorner

the virtual method is now the same as the method in the superclass it replaces, so technically it's redundant.

Other than that the code seems to be fine :)

comment:6 Changed 7 years ago by vorner

  • Resolution set to fixed
  • Status changed from reviewing to closed
  • Total Hours changed from 0 to 0.94

Thank you, the method was removed and merged. Closing.

Note: See TracTickets for help on using tickets.