[netmod] Re: Regarding RFC 7950 Mandatory validation
Andy Bierman <andy@yumaworks.com> Tue, 17 September 2024 20:00 UTC
Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1157C15198C for <netmod@ietfa.amsl.com>; Tue, 17 Sep 2024 13:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iegBsBbzYfac for <netmod@ietfa.amsl.com>; Tue, 17 Sep 2024 13:00:38 -0700 (PDT)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AA34C151522 for <netmod@ietf.org>; Tue, 17 Sep 2024 13:00:38 -0700 (PDT)
Received: by mail-pg1-x533.google.com with SMTP id 41be03b00d2f7-7db61fd92a1so266138a12.3 for <netmod@ietf.org>; Tue, 17 Sep 2024 13:00:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks.com; s=google; t=1726603238; x=1727208038; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LCV2xulC80jsPC83odmn+krvTPnZ1ZI/mG9CZjqv6lw=; b=AA9JINXhX9xBkUwHXNMlhgchhZoZawm3mGxFKeON1RC3TIi/ffA0vK3Di5nE5aqbf7 5exOSoiLzOjHr5zw17KCcBTKpTDwtnRJkJ7z5dOPTOPXeZz1YAT1sUXLy+csLuo+gzP0 8LPd5U9gCt/xo9HUwZ3V9WVOnsFoQZCgmlCHGfu35Dnb8iggmzP3Ccj8kqME6Z2vOWnJ mEe5rsVzalGNgqPG/mpemNng0dFKObSFBbMiJEVpXyVmPN/O49p5/uizFHZyZzNIwQfC FdWmYUb0hahQJLzPvsU4jC2j1edQeaNfoQdfA0V6emX/LrZixcqI47sTReTckBpHH1Xw LK1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726603238; x=1727208038; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LCV2xulC80jsPC83odmn+krvTPnZ1ZI/mG9CZjqv6lw=; b=rAjUnBW0dN/WGJVaX6mhsalsRXRv4XZVRN83+NOpV9WgmWNQWGFfYdkjjRsE1abEKi u+ZVxIqnzkfjdVscM9w1i94DuMPZ1tccNJ9TD2llkB3YB8BKwvgOdgbaCqwET5RvvZKm Kh8azMjISB75NRZPjovF9haW2pumuh6UB6T+qKY4g2R2lMXgjXnWxBstQ6PTNQQw2yV2 YKe6OIR2Bel1FnQTnEND/nQBnfkFLra1Z8svHJVRE4m8UYpZYyXX4tUqb6J204e5VoVx SA10IAyjD/+sGT3SBZjEJD+nuZz1pHvORl718ydhNEOEfTeGE8+VPb0FqDN2a9WwQXI7 tMAg==
X-Forwarded-Encrypted: i=1; AJvYcCVC8JiqK9c2EzdHDoAU9AzF6mabDIyHOIO63+qa4QlIChlsy56GXTDIaBlo9tl/kU0Ut/o28SI=@ietf.org
X-Gm-Message-State: AOJu0Yzx13Kd8NrjXq4EOq5e4js3995zrdhNB53ofYuZvu3xxiDDNHL3 wPCOcI6NasRFFxH8WrvqKybHWnUinxn9yzEZP2tKT4VPi0Vrc57rMwL2Yi+wS5rno4yAV0gj3qh ndM1nVumgUP14faJD+V0eJaC1zlqkJjzFxhXXfg==
X-Google-Smtp-Source: AGHT+IH2efQs3/VlzHBl7WNy2hHirbNIPvKjxNx4bC4ybshqQNEpkQHK8WiK66ICr9aYyXSONWn884xvayxcuKImSPM=
X-Received: by 2002:a05:6a00:2d88:b0:717:87c5:84b with SMTP id d2e1a72fcca58-71926088d53mr12075778b3a.1.1726603237759; Tue, 17 Sep 2024 13:00:37 -0700 (PDT)
MIME-Version: 1.0
References: <OS3PR01MB5848ECB03174DF2A56B8B81BF19E2@OS3PR01MB5848.jpnprd01.prod.outlook.com> <01000191fc9ebeef-cf02c2a8-6818-4683-841d-ea41fe0b0d76-000000@email.amazonses.com> <OS3PR01MB584892B40019F7875D146379F1612@OS3PR01MB5848.jpnprd01.prod.outlook.com> <01000192017932af-055438cd-14e1-4829-9b3a-8aa82ffa86ee-000000@email.amazonses.com>
In-Reply-To: <01000192017932af-055438cd-14e1-4829-9b3a-8aa82ffa86ee-000000@email.amazonses.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Tue, 17 Sep 2024 13:00:26 -0700
Message-ID: <CABCOCHR-Fu=+h19kzqJeC91hoWNEoifdfhENK-RKwF8RfFwrNQ@mail.gmail.com>
To: Kent Watsen <kent@watsen.net>
Content-Type: multipart/alternative; boundary="000000000000a7ba0b06225624ad"
Message-ID-Hash: ETHRCJ7IJVQZ4FNMVSP6DGVCVANEG6YF
X-Message-ID-Hash: ETHRCJ7IJVQZ4FNMVSP6DGVCVANEG6YF
X-MailFrom: andy@yumaworks.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netmod.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Parthasarathy.R@fujitsu.com, "netmod@ietf.org" <netmod@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netmod] Re: Regarding RFC 7950 Mandatory validation
List-Id: NETMOD WG list <netmod.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/5iq9LDeyI6I3ZhZOokFHdCRCAEo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Owner: <mailto:netmod-owner@ietf.org>
List-Post: <mailto:netmod@ietf.org>
List-Subscribe: <mailto:netmod-join@ietf.org>
List-Unsubscribe: <mailto:netmod-leave@ietf.org>
On Tue, Sep 17, 2024 at 12:32 PM Kent Watsen <kent@watsen.net> wrote: > Hi Partha, > > On Sep 17, 2024, at 3:33 AM, Parthasarathy.R@fujitsu.com wrote: > > Hi Andy and Kent, > Thanks a lot for your emails. Great. > > One clarification: > The RFC section 8.3.1 mentioning Payload Parsing is more of a validation > over-the-wire, isn’t it? > > “When content arrives in RPC payloads, it MUST be well-formed XML, > following the hierarchy and content rules defined by the set of > models the server implements. > o If a leaf data value does not match the type constraints for the > leaf, including those defined in the type’s "range", "length", and > "pattern" properties, the server MUST reply with an > "invalid-value" <error-tag> in the <rpc-error>, and with the > error-app-tag (Section 7.5.4.2) and error-message > (Section 7.5.4.1) associated with the constraint, if any exist.” > > > Try not to read this to mean that the over-the-wire message is > fully-validated directly. Yes, the over-the-wire message must be valid XML > but, beyond that, all implementations I’m aware of "validate the > over-the-wire message" by 1) processing it to update a version of > <running>and 2) validating the resulting version of <running>. > > > On a quicker look, for a leaf, the length, range etc can be easily > deduced from the Yang schema without involving Datastore. The same way, I > interpreted ‘mandatory’ check too can be done just with Yang schema without > involving Datastore. > > > The check is mandatory, but it happens indirectly via checking the updated > <running> or <intended>, if implementing NMDA (RFC8342). > > > Somehow, I feel, the thing, ‘mandatory is mandatory only for create > request and it is not for merge request’ is not explicitly mentioned in RFC > based on operation-type (be it create/merge). > > > Yes, you make a point, such nodes exist in the request message 99% of the > time, but it is possible that they may alternatively be set via <system> > defined configuration, or via a template. > > IMO the RFCs are clear. The 'edit-config' RPC input parameters have some constraints like mandatory parameters. The 'config' payload constraints are not part of the RPC input parameter validation. Only constraints defined on the RPC input parameters are checked here. https://datatracker.ietf.org/doc/html/rfc6241#section-7.2 The server applies the config to its internal datastore. At that point the config contents are part of a configuration data tree. https://datatracker.ietf.org/doc/html/rfc7950#section-8 o If the constraint is defined on configuration data, it MUST be true in a valid configuration data tree. ... o If the constraint is defined on RPC or action input parameters, it MUST be true in an invocation of the RPC or action operation. Andy K. > > > Thanks & Regards, > Partha. > > *From:* Kent Watsen <kent@watsen.net> > *Sent:* Tuesday, September 17, 2024 2:26 AM > *To:* R, Parthasarathy <Parthasarathy.R@fujitsu.com> > *Cc:* netmod@ietf.org > *Subject:* Re: [netmod] Regarding RFC 7950 Mandatory validation > > Hi Partha, > > > > On Sep 6, 2024, at 1:13 PM, Parthasarathy.R@fujitsu.com< > Parthasarathy.R=40fujitsu.com@dmarc.ietf.org> wrote: > > Hi, > I am a Software Engineer working in Fujitsu’s NMS product > supporting Netconf devices. I want a clarification in RFC 7950 on the > behavior of constraint validation in an edit-config request enforced by > ‘mandatory’ statement. I referred to section 8 in RFC 7950 regarding this > and from what I see, all edit-config requests should include the > mandatory leafs. There is no special behavior mentioned on edit-config’s > operation type as ‘create’ or ‘merge’ or ‘delete’ in the validation section > of RFC. > > This ends up in two different interpretations: > > 1. All edit-config requests must always include the mandatory > attributes irrespective of the operation type is create/merge > > 2. Edit-config requests must include the mandatory attributes only > if operation type is create and it can choose to skip if the attribute is > already present in Datastore due to previous edit-configs. > > Kindly confirm which interpretation holds good. Also, I would like to > understand, if, ‘mandatory’ check applies to the payload during Payload > Parsing stage (mentioned in section 8.3.1 of RFC 7950) for every edit > config and that all edit config operations must include the mandatory > attributes into the payload, even if the operation is merge and the > mandatory attribute exists in the candidate store. > > > > It’s more the latter, but please note that YANG doesn’t validate what is > in a message over-the-wire, so much as the contents of the <running> > datastore (as Andy mentioned) after the over-the-wire message has been > processed. > > PS: If using NMDA (RFC8342), then it’s the <intended> datastore that is > subject to validation. > > K. > > > > > Kindly help to clarify. > > Thanks & Regards, > Partha. > _______________________________________________ > netmod mailing list -- netmod@ietf.org > To unsubscribe send an email to netmod-leave@ietf.org > > >
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Kent Watsen
- [netmod] Regarding RFC 7950 Mandatory validation Parthasarathy.R@fujitsu.com
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Andy Bierman
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Kent Watsen
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Andy Bierman
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Kent Watsen
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Kent Watsen
- [netmod] Re: Regarding RFC 7950 Mandatory validat… Andy Bierman