Use $Restrict

README.rst

@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
 path pattern described by ``path``. The ``host`` and ``policy``
 parameters are required, and must be non-empty.
 
-The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
-called in any other subroutine, then an error message is emitted to
-the Varnish log (using the ``VCL_Error`` tag), and the method call is
-ignored.
+Restricted to: ``vcl_init``
 
 The value of ``host`` MUST be a valid host name, optionally beginning
 with an asterisk (``*``):
@@ -478,8 +475,7 @@ return values are:
 * -1 if no matching policy can be found
 * -2 if there was an internal error
 
-This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
-load fails.
+Restricted to: ``client, backend``
 
 The method searches for host names added by the ``.add()`` method that
 match ``host`` in order of addition, possibly matching the suffix if
@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type
 non-cryptographic portion of an authorization token; return NULL if no
 matching policy could be determined. There are no required parameters.
 
-This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
-load fails. If the previous ``.policy()`` call did not determine
-policy type TOKEN, or if ``.policy()`` was not called previously in
-the current task scope, then an error message is emitted to the
-Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
+Restricted to: ``client, backend``
 
 If none of the optional parameters are specified, then the method
 returns a string with the parameters ``st`` and ``exp`` for the start
@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the
 previous invocation of ``.policy()``. Returns NULL if no such shared
 secret was specified, or if no matching policy could be determined.
 
-This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
-load fails. If ``.policy()`` was not called previously in the current
-task scope, then an error message is emitted to the Varnish log with
-the ``VCL_Error`` tag, and the method returns NULL.
+Restricted to: ``client, backend``
 
 Examples::
 
@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy
 and/or in the ``.add()`` method call that assigned the policy, then
 these are included in the string.
 
-The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
-then the VCL load fails. If ``.policy()`` was not called previously in
-the current task scope, then an error message is emitted to the
-Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
+Restricted to: ``client, backend``
 
 Example::
 

src/tests/add.vtc

@@ -18,7 +18,7 @@ varnish v1 -vcl {
 	}
 } -start
 
-varnish v1 -vcl {
+varnish v1 -errvcl {Not available in subroutine 'vcl_recv'} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	backend proforma none;
 
@@ -29,20 +29,9 @@ varnish v1 -vcl {
 
 	sub vcl_recv {
 		h.add("example.com", "p");
-        }
+	}
 }
 
-client c1 {
-	txreq
-	rxresp
-} -run
-
-logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
-        expect 0 * Begin req
-        expect * = VCL_Error "^vmod hoailona error: h.add.. may only be called in vcl_init$"
-        expect * = End
-} -run
-
 varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	backend proforma none;

src/tests/explain.vtc

@@ -89,7 +89,7 @@ client c1 {
 	expect resp.http.eB == "No policy was matched"
 } -run
 
-varnish v1 -errvcl {h.explain() may not be called in vcl_init} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	backend proforma none;
 

src/tests/policy_method.vtc

@@ -387,7 +387,7 @@ client c1 {
 } -run
 
 # Usage tests
-varnish v1 -errvcl {h.policy() may not be called in vcl_init} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	backend proforma none;
 

src/tests/secret.vtc

@@ -34,7 +34,7 @@ client c1 {
 } -run
 
 # Usage
-varnish v1 -errvcl {h.secret() may not be called in vcl_init} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	import blob;
 	backend proforma none;

src/tests/token.vtc

@@ -154,7 +154,7 @@ client c1 {
 } -run
 
 # Usage
-varnish v1 -errvcl {h.token() may not be called in vcl_init} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
 	backend proforma none;
 

src/vmod_hoailona.c

@@ -57,8 +57,6 @@
 #define ERRNOMEM(ctx, msg) \
         ERR((ctx), msg ", out of space")
 
-#define INIT(ctx) (((ctx)->method & VCL_MET_INIT) != 0)
-
 struct host {
 	unsigned			magic;
 #define VMOD_HOAILONA_HOST_MAGIC 0x731af58f
@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts,
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 	CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
 	AN(init_task);
-	if (!INIT(ctx)) {
-		VERR(ctx, "%s.add() may only be called in vcl_init",
-		     hosts->vcl_name);
-		return;
-	}
+	assert(ctx->method == VCL_MET_INIT);
+
 	if (hostname == NULL || hostname[0] == '\0') {
 		VERR(ctx, "host is empty in %s.add()", hosts->vcl_name);
 		return;
@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts,
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 	CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
 	AN(priv_task);
-	if (INIT(ctx)) {
-		VERR(ctx, "%s.policy() may not be called in vcl_init",
-		     hosts->vcl_name);
-		return -2;
-	}
+	AZ(ctx->method & VCL_MET_INIT);
 	if (hostname == NULL || hostname[0] == '\0') {
 		if (! (pathname == NULL || pathname[0] == '\0')) {
 			VERR(ctx, "host is empty in %s.policy()",
@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts,
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 	CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
-	if (INIT(ctx)) {
-		VERR(ctx, "%s.token() may not be called in vcl_init",
-		     hosts->vcl_name);
-		return NULL;
-	}
+	AZ(ctx->method & VCL_MET_INIT);
 	if (ttl < 0) {
 		VERR(ctx, "ttl must not be < 0 in %s.token(): %f",
 		     hosts->vcl_name, ttl);
@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts,
 
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
-	if (INIT(ctx)) {
-		VERR(ctx, "%s.secret() may not be called in vcl_init",
-		     hosts->vcl_name);
-		return NULL;
-	}
+	AZ(ctx->method & VCL_MET_INIT);
 
 	policy = get_policy(ctx, priv_task, hosts->vcl_name, "secret");
 	if (policy == NULL)
@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts,
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 	CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
 	AN(priv_task);
-	if (INIT(ctx)) {
-		VERR(ctx, "%s.explain() may not be called in vcl_init",
-		     hosts->vcl_name);
-		return NULL;
-	}
+	AZ(ctx->method & VCL_MET_INIT);
 	if (priv_task->priv == NULL) {
 		VERR(ctx, "%s.explain() called before %s.policy()",
 		     hosts->vcl_name, hosts->vcl_name);

src/vmod_hoailona.vcc

@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
 path pattern described by ``path``. The ``host`` and ``policy``
 parameters are required, and must be non-empty.
 
-The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
-called in any other subroutine, then an error message is emitted to
-the Varnish log (using the ``VCL_Error`` tag), and the method call is
-ignored.
+$Restrict vcl_init
 
 The value of ``host`` MUST be a valid host name, optionally beginning
 with an asterisk (``*``):
@@ -417,8 +414,7 @@ return values are:
 * -1 if no matching policy can be found
 * -2 if there was an internal error
 
-This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
-load fails.
+$Restrict client  backend
 
 The method searches for host names added by the ``.add()`` method that
 match ``host`` in order of addition, possibly matching the suffix if
@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path``
 parameters empty is an error.
 
 $Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0)
-
 If the previous invocation of ``.policy()`` determined policy type
 ``TOKEN`` (return value 2 from ``.policy()``), then return the
 non-cryptographic portion of an authorization token; return NULL if no
 matching policy could be determined. There are no required parameters.
 
-This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
-load fails. If the previous ``.policy()`` call did not determine
-policy type TOKEN, or if ``.policy()`` was not called previously in
-the current task scope, then an error message is emitted to the
-Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
+$Restrict client backend
 
 If none of the optional parameters are specified, then the method
 returns a string with the parameters ``st`` and ``exp`` for the start
@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the
 previous invocation of ``.policy()``. Returns NULL if no such shared
 secret was specified, or if no matching policy could be determined.
 
-This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
-load fails. If ``.policy()`` was not called previously in the current
-task scope, then an error message is emitted to the Varnish log with
-the ``VCL_Error`` tag, and the method returns NULL.
+$Restrict client backend
 
 Examples::
 
@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy
 and/or in the ``.add()`` method call that assigned the policy, then
 these are included in the string.
 
-The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
-then the VCL load fails. If ``.policy()`` was not called previously in
-the current task scope, then an error message is emitted to the
-Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
+$Restrict client backend
 
 Example::