IETF Logo Mail Archive

Re: [netmod] Does defining a feature require the module be implemented?

Andy Bierman <andy@yumaworks.com> Wed, 18 May 2022 16:51 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 211D9C1594A3 for <netmod@ietfa.amsl.com>; Wed, 18 May 2022 09:51:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ESiOeOA8thV for <netmod@ietfa.amsl.com>; Wed, 18 May 2022 09:51:08 -0700 (PDT)
Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17E3C1594A0 for <netmod@ietf.org>; Wed, 18 May 2022 09:51:07 -0700 (PDT)
Received: by mail-yb1-xb29.google.com with SMTP id j2so4786878ybu.0 for <netmod@ietf.org>; Wed, 18 May 2022 09:51:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iXZfZrokYTDdnRCBlY0kmlbwSZ54Sc9iENiVypysrlw=; b=mQZDMNgW6zw5kKMHKlQpjC9L38swWiuUGHHqmBhUEowIVRNLum+05tDXZxqr6Hqmp+ Owm15uwCEMxeJN8YRbcJDTLaQwrVClkjy/vfK9vqnWk2UmtlLzZr4T+UQEmjCRwZSBMU BtA+B8BeJ3CyvORL6SrnGOj5BiH12R9QDAev75VHzjBOybJXL5HHGM4Ou/1ZwAwK8NOQ 09q7Qup9gw/CIdSg7m5TKLDiN4JrhqxGMlswwjPFXkwTSlpnNiEPSRKYBO/ctlH8G7ri AJJHIYbC8nbPsHTjKSRrqwjbFN2axaDrjedTGftBzuzAXqD3djcvJ2RVyrRXYJZyEwYc cgpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iXZfZrokYTDdnRCBlY0kmlbwSZ54Sc9iENiVypysrlw=; b=WSIllR65cuBq3boN99EXCOL2MHR4Ur5XRk7kkbpnftcbhXhA62avbyNy5PpuuGTKo8 neIeVqgiIRu6vCJKgdiH1exrwtwU1/uDPHKh1AEdonPm9LxnVzEmwVAZev4FYZV0gfIe lgsebUCvSlfhImWxrCamKWV8djeunTcX5rABOCJc6K/wJWF5mOf3RbR5jIWWGi8MVC5U BZk0pwrDO2EERBR3k8LwTvsQG7SIwGf4QXhRHjFqjzSF58vijpqqRafLhJ5l5NnwnLZC g2kqEucLeHEjQEV3T/NMYvRFxUuRE8CXTYxETzYUP4WjND0Ye2P5faOZGh/T+Zl1sSbl EHAA==
X-Gm-Message-State: AOAM5338UTa+2s7IlenFV/30OBItDRB06FldO2x8QNI9qJwVbeqngmRR QwU4v4bY92ggmlP8R0BsZq2ZsBI3LTpKKSOozxMfQUkm7LcDFg==
X-Google-Smtp-Source: ABdhPJzvU/XBw29z1hv6EF4MxGjtJH4T6+cWrxmWOOBv8F2atAsH882nIdBJ8bNgkg/WWHnO7KBKme6XWOBpOjHL2u8=
X-Received: by 2002:a25:e204:0:b0:64d:de3b:e60b with SMTP id h4-20020a25e204000000b0064dde3be60bmr587310ybe.64.1652892666912; Wed, 18 May 2022 09:51:06 -0700 (PDT)
MIME-Version: 1.0
References: <01000180a9eb37cb-85b9c576-c1eb-425a-b42c-b3cabe548fbb-000000@email.amazonses.com> <20220518.080543.825575420363032441.id@4668.se> <01000180d793d6ee-f82a4a03-28d8-4f8b-909e-7306a7fc565b-000000@email.amazonses.com>
In-Reply-To: <01000180d793d6ee-f82a4a03-28d8-4f8b-909e-7306a7fc565b-000000@email.amazonses.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Wed, 18 May 2022 09:50:56 -0700
Message-ID: <CABCOCHT8URJeGJc_Jy7rePqVKjmSUuyPLCBh640WL7UiOpnPpQ@mail.gmail.com>
To: Kent Watsen <kent+ietf@watsen.net>
Cc: Martin Björklund <mbj+ietf@4668.se>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000043740705df4c1010"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/NdiiHOy_B69rN53J4_YoUHkbjXo>
Subject: Re: [netmod] Does defining a feature require the module be implemented?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2022 16:51:12 -0000

On Wed, May 18, 2022 at 7:30 AM Kent Watsen <kent+ietf@watsen.net> wrote:

>
>
> On May 18, 2022, at 2:05 AM, Martin Björklund <mbj+ietf@4668.se> wrote:
>
> PS: the answer to this impacts the "crypto-types and friends" drafts
> in the NETCONF WG, where it is assumed (and various tools agreed, sans
> a recent change in `yanglint`) that the implementation-status of a
> module is orthogonal to what features supported.
>
>
> Can you show a specific example where this is a problem?
>
>
> Background:
>
> The genesis of this issue arises from a change (I think!) in
> instance-document validation behavior from yanglint 1.x and 2.x, which I've
> been switching to, whereby validation is now failing due to an assumption
> that a module is *implemented* when the module is targeted by the
> "--features" parameter, even if only to explicitly indicate the *no*
> features are defined (i.e., "--featues=foo:", note that there are no
> feature-names listed after the colon).  As an aside, this seems a bit
> like "the tail wagging the dog", but the reasoning was/is that features can
> only be defined if a module is implemented and therefore it makes sense
> to auto-implement a module even though it wasn't explicitly listed as such
> on the command line.
>
> Issue:
>
> An issue arises when a module (like ietf-keystore) defines a grouping
> (like "keystore-grouping") that is used both to allow instances in other
> data models as well as a "global" instance when the module is implemented.
>  i.e., container keystore { uses keystore-grouping; }
>
> In ietf-keystore, a feature (central-keystore-supported) is used to enable
> leafrefs to the global instance for cases when the module is implemented
> (e.g., see local-or-keystore-symmetric-key-grouping).   However, because it
> was not anticipated that a module had to be implemented in order for a
> feature to be defined (as was allowed by RFC 7895 YANG Library), the
> "central-keystore-supported" feature statement was NOT placed on the root
> node of the protocol-accessible tree.
>
> So, in the case of NOT wanting the global keystore instance and yet there
> IS a desire to define another keystore feature (e.g., asymmetric-keys), it
> seems that 1) the module MUST be implemented *and* the root node of the
> protocol-accessible tree MUST have an "if-feature
> central-keystore-supported" statement.
>
> Closing thoughts:
>
> 1) I'm not saying it is wrong that a module must be implemented in order
> to define features defined in it.  But I am noting that I can't find where
> this behavior is defined (e.g., in RFC 7950).   Also I note that RFC
> 7895 enabled features to be defined independent of implementation-status
> while RFC 8525 doesn't.   As a co-author of RFC 8525, I don't recall this
> being discussed and wonder what justification was used, as folks are
> pointing to and working backwards from RFC 8525 to indicate that it must be
> so.
>
>

IMO the focus on "protocol-accessible" is clearly wrong.
The larger issue is simply "what is the point of defining a YANG feature if
there is no way
for the server to tell the client it is supported?".

The YANG module itself will say what it means to support the feature.
The YANG library does not override any of its conformance requirements.

It is legal in YANG to define features for any reason.
They apply to many more schema items than data nodes.

A server can support a module without any protocol-accessible objects in 3
ways
   - implement the module with no features supported
   - implement the module with features supported
   - import the module without implementing it

To Martin's point, it is not clear that a client is harmed because a server
lists a module in
the 'module' list instead of the 'import-only-module' list.


Andy


2) If it is the case that the module must be implemented to use
> its features, then I need to update some of my modules (e.g., crypto-types
> and friends) to explicitly disable the protocol-accessible tree when the
> module is implemented *only* to use its features.
>
> 3) I wish more modules would following the pattern of having the global
> protocol accessible tree be defined via a "uses" of a grouping defined in
> the module.   In another recent project, I had to hack the topology modules
> defined in RFC 8345 (to convert the containers to groupings) to enable a
> multiplicity of "abstract network topologies" to be configured.  The
> assumption that only a single global instance is ever needed is proving to
> be invalid in my work time and again.
>
>
> K.
>
>
>
>
>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>

v2.23.0 | Report a Bug | By Email