IETF Logo Mail Archive

Re: [netmod] validating a YANG action

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 03 May 2019 16:53 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3E412022B for <netmod@ietfa.amsl.com>; Fri, 3 May 2019 09:53:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id URgyRyg9u3wT for <netmod@ietfa.amsl.com>; Fri, 3 May 2019 09:53:50 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D865A12021B for <netmod@ietf.org>; Fri, 3 May 2019 09:53:49 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id B725DB23; Fri, 3 May 2019 18:53:47 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id JRXGlTGjyqUL; Fri, 3 May 2019 18:53:47 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Fri, 3 May 2019 18:53:47 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id 783D6200E9; Fri, 3 May 2019 18:53:47 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id 4CjT1cPIJXIQ; Fri, 3 May 2019 18:53:47 +0200 (CEST)
Received: from exchange.jacobs-university.de (sxchmb04.jacobs.jacobs-university.de [10.70.0.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id 10785200E8; Fri, 3 May 2019 18:53:47 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 3 May 2019 18:53:46 +0200
Received: by anna.localdomain (Postfix, from userid 501) id 31BBB3008BE2C0; Fri, 3 May 2019 18:53:45 +0200 (CEST)
Date: Fri, 03 May 2019 18:53:45 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Andy Bierman <andy@yumaworks.com>
CC: NetMod WG <netmod@ietf.org>
Message-ID: <20190503165345.spvrfu4zkin7er4y@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Andy Bierman <andy@yumaworks.com>, NetMod WG <netmod@ietf.org>
References: <CABCOCHS-nwPfgF-NCNqp5tdS=G3Fz_9s7RkvGNvHbLVq=jYCsg@mail.gmail.com> <20190503055724.723voy7swdito3bv@anna.jacobs.jacobs-university.de> <CABCOCHThV5=re8-Mv8S0aLnFDrUoXvr_9nOgB2-zGoED+H2=oQ@mail.gmail.com> <20190503092012.gb2zzqggb2igzs37@anna.jacobs.jacobs-university.de> <CABCOCHQQDQMvphaxDmqjBvg3znhk-_7z2eGxU+qrfg8bL9eU1Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABCOCHQQDQMvphaxDmqjBvg3znhk-_7z2eGxU+qrfg8bL9eU1Q@mail.gmail.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB03.jacobs.jacobs-university.de (10.70.0.155) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/FQcugtSrByMVvUIFP3bMrAMhujE>
Subject: Re: [netmod] validating a YANG action
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 16:53:54 -0000

On Fri, May 03, 2019 at 09:43:44AM -0700, Andy Bierman wrote:
> On Fri, May 3, 2019 at 2:20 AM Juergen Schoenwaelder <
> j.schoenwaelder@jacobs-university.de> wrote:
> 
> > On Fri, May 03, 2019 at 01:10:58AM -0700, Andy Bierman wrote:
> > > On Thu, May 2, 2019 at 10:57 PM Juergen Schoenwaelder <
> > > j.schoenwaelder@jacobs-university.de> wrote:
> > >
> > > > On Thu, May 02, 2019 at 04:15:28PM -0700, Andy Bierman wrote:
> > > > > Hi,
> > > > >
> > > > > The text about invoking actions in RFC 7950, sec. 7.15 is not clear
> > > > > about whether the ancestor data nodes have to exist.
> > > > >
> > > > > sec 7.15.2, para 2:
> > > > >
> > > > >    The <action> element contains a hierarchy of nodes that identifies
> > > > > the node in the datastore.
> > > > >
> > > > >
> > > > > The RFC does not say anything about if the data node is required to
> > > > > exist or not.  There is no distinction between NP-container,
> > P-container,
> > > > > or list which are ancestors of the action node. It does not specify
> > > > > which datastore, and that is not supplied in the <action> RPC.
> > > > > The text specifies what must be in the <rpc> request, not in any
> > > > datastore
> > > > > or state data.
> > > > >
> > > > > It seems like the intent is that no instance test is specified at
> > all and
> > > > > the corresponding ancestor nodes to the action node do not have to
> > > > > exist for the action to be invoked. (The action may succeed or fail).
> > > > > The issue is whether there is an existence-test before invoking the
> > > > action.
> > > >
> > > > We discussed actions during the work on NMDA. RFC 8342 has this text
> > > > in section 6, in particular 6.1 says:
> > > >
> > > >    Actions are always invoked in the context of the operational state
> > > >    datastore.  The node for which the action is invoked MUST exist in
> > > >    the operational state datastore.
> > > >
> > > >
> > > This only applies to a server implementing NMDA.
> > > There is no requirement for a server implementing RFC 7950 to make this
> > > test.
> > >
> >
> > Yes, the behavior is unspecified in RFC 7950. However, note that RFC
> > 8342 formally updates RFC 7950 and the Introduction section says:
> >
> >    This document updates RFC 7950 by refining the definition of the
> >    accessible tree for some XML Path Language (XPath) context (see
> >    Section 6.1) and the invocation context of operations (see
> >    Section 6.2).
> >
> > This update may not affect your implementation but since you asked
> > whether there is an existence-test before invoking the action, I
> > thought a pointer to RFC 8342 is perhaps relevant.
> >
> >
> OK, but the update wrt/ action invocation is irrelevant unless the server
> implements the <operational> datastore.
> 
> This NMDA requirement means that a server MUST implement the
> operational values of config=true ancestor data nodes in order to
> implement an action nested within configuration.
> 
> If the server does not implement these operational values,
> and follows YANG library guidelines by omitting
> these ancestor schema nodes from the schema for <operational>,
> then the YANG action is not accessible on the server.
> 
> I don't think the YANG Library RFC makes it clear that an action must exist
> in the schema for <operational> in order for it to be accessible. This
> should be confirmed and an errata posted if needed.

I am not sure which text you propose or why YANG Library should say
something specific.

> This also means that any mechanism which disables configuration and
> therefore removes the corresponding data nodes from <operational>,
> also disables any actions within that configuration.

I think the model is that you invoke an action on an existing
resource.

> The keystore thread has already discussed the rather awkward procedures
> for waiting and confirming that <operational> has synched with <running>
> before being able to invoke an action.

Lets see what comes out of the discussion.

> Maybe YANG 1.2 can fix this mess, or maybe new protocol operations are
> needed.

It is not clear yet to me what 'this mess' is and hence what needs fixing.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email