Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?

"M. Ranganathan" <mranga@gmail.com> Thu, 02 November 2017 15:35 UTC

Return-Path: <mranga@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C232113FAB8 for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 08:35:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfK2Wh7lznNb for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 08:35:18 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D516813FAB3 for <netmod@ietf.org>; Thu, 2 Nov 2017 08:35:17 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id a132so9182360oih.11 for <netmod@ietf.org>; Thu, 02 Nov 2017 08:35:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gREjYiIwR4FY54pGc8ICJPPOwLPmfaV76rt+qZ2MZEk=; b=ICzOp3quhlTgNBBxzf0Xtq/gaeoLn9pYGwwjz28bGd0usHiVbrQvCY5Fr5nOnjVWik E4vCwqkQg2CucvcU98KLtpGLII8Iozp2ohpI/P4JwDBdlJBBCcRg7qY20zVaEBZUHSUU x6r4YXKui7lWLwQIeLXaNPc6XUsmZNCu2iAuDZz0n9ZJEiS7twbkQVgW9gEOc58rRVeN UOD4Gb61FZXPGIx6Fc5qb51iQn6gwhxiwzjUlkFACRYOnlpkwgEMf2mhS2R92R9gvg97 jc3f+k3nL0G93vYHBn2KsqAZxs6MmvlReKMOvJNOHuYgaVxCk0BZrLEtuOgtG9/xstmY jW+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gREjYiIwR4FY54pGc8ICJPPOwLPmfaV76rt+qZ2MZEk=; b=dsttUdGtdbuzcSqPMc1+3TlJnJ+TmKTbyDXT8t7fodQr1ZczpBfMYzUEclTHp3+9y4 eVq/EKV5rgwpxNOvkspACWtOCIRI3p+YQe19z2y6vc/o3nBJnc1mxx1W0YLKJSRwb0hk d8tVzQ93M1vFnLjETDqJv29vC876SbsRwup59YwqV8pMQ9rcx5lAIdTv3d7QJxg3+7cn e4yEYnRg9I/9WDjHpMusSr9RP0fjWgAtprLuWt732KXNfvBk8k3LLePDWeTrJy5NLs1w RkebGbOiaBcMcWfBVrsoI+P6Z7iMmyUYYCH5J/2MjV/qnjfAW/2GUmbpvHvcKIXfPrnx CpCA==
X-Gm-Message-State: AJaThX5Q4fqH3EAsqEfOVLF5YgDuy3uDuU4gZzAm2TaXDnO/XEH+pOtb UfJLcM2jCdYYyACU8MDu9z61AzpH6/CmOBJbzU8=
X-Google-Smtp-Source: ABhQp+RCMK5oMfGNcMUxGlDEWwDWLc/oabeUJ6c4gUr25lH7vAHZOqk/06A/y9u0Cr3TAsXxZG4nsuiWkFF/WGEPqII=
X-Received: by 10.157.48.124 with SMTP id w57mr2493460otd.440.1509636916972; Thu, 02 Nov 2017 08:35:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.133 with HTTP; Thu, 2 Nov 2017 08:34:36 -0700 (PDT)
In-Reply-To: <a5f545bf-1f1e-188b-be03-eed1fb321e03@cisco.com>
References: <CAHiu4JPKNE6eL=P6TSb1NCMGpFvcX4BxTWFRcDR+BDQN9kWj2Q@mail.gmail.com> <6B80D720-C62B-444E-A0D0-E4839F5483D2@gmail.com> <CAHiu4JP2RTamZnfvwimPMAo+03vVn9y2gO+5z=R0DxUzwMOEHg@mail.gmail.com> <a5f545bf-1f1e-188b-be03-eed1fb321e03@cisco.com>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Thu, 2 Nov 2017 11:34:36 -0400
Message-ID: <CAHiu4JPAAmBybnjaKO8AGnHaW4nwVXy2Q3QYn0QJSatmPVK=mQ@mail.gmail.com>
To: Robert Wilton <rwilton@cisco.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, netmod@ietf.org
Content-Type: multipart/alternative; boundary="001a113b1bbc2d130d055d01bce0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/XNXLm0woWlBTVFx9feCVm_lezQs>
Subject: Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:35:20 -0000

Hi Rob, Mahesh,

Thanks for reading.

On Thu, Nov 2, 2017 at 11:00 AM, Robert Wilton <rwilton@cisco.com> wrote:

> Hi Ranga,
>
> Presumably another choice would to keep ACLs defined in one place (i.e. no
> grouping required), augment with ACL model with your extra MUD + other mgmt
> data, and then have a reference to that ACL from your model.
>
> Thanks,
> Rob
>

 In the case of MUD ( which is just a use case driving this need ), there
are local references from MUD to the ACL. MUD itself augments the ACL
model.

Augmentation would make (logical and design) sense if you were adding nodes
that are in some way related to the ACL itself.

If I wanted to Augment ACL with something that is not directly ACL relevant
then Augmentation makes less sense to me from a design perspective (lets
say I wanted to define a new YANG model that includes the ACL with some
other system-relavant meta-data that has nothing to do with ACLs but is
needed by the system in order to install an ACL).

Making access-lists into a grouping and then using it in a container does
not alter the ACL model as it currently stands but allows designers to use
the ACL model with either augmentation or inclusion in other YANG models.
Hence it improves the usability of the ACL model without altering the
semantics of the current model. It is just a re-structuring but it helps
the implementer.


Regards,

Ranga


> On 02/11/2017 14:50, M. Ranganathan wrote:
>
> Hi Mahesh,
>
>
>
> On Wed, Nov 1, 2017 at 11:32 PM, Mahesh Jethanandani <
> mjethanandani@gmail.com> wrote:
>
>> Ranga,
>>
>> Is there a reason why you do not want to consider augmenting the model,
>> particularly since you seem to want to use the entire model?
>>
>
>
> Yes. I want to include other metadata (specifically MUD + other management
> data modeled using YANG) associated with the ACL in a container in my own
> model. For this I want to import access-lists from the ACL YANG model but
> as it currently stands, I can't.
>
> With the way it has been defined (i.e. as a container and not a grouping),
> I cannot include it in another YANG model. It would be perfect if the
> access-lists could be made into a grouping as suggested. Nothing else needs
> to change as far as I am concerned.
>
> Thanks!
>
> Regards,
>
> Ranga.
>
>
>
>
>
>>
>> > On Oct 31, 2017, at 8:39 PM, M. Ranganathan <mranga@gmail.com> wrote:
>> >
>> > Re-posted from OPSAWG list :
>> >
>> >
>> > Hello,
>> >
>> > In the file
>> >
>> > ietf-access-control-list@2017-10-03.yang
>> >
>> > I see that access-lists is directly defined as a collection.
>> >
>> >
>> > May I suggest making a grouping (say access-lists-grouping) and use a
>> "uses" statement in access-lists.
>> >
>> > The use-case for this change request - I would like to use the grouping
>> in another YANG model using a "uses" statement.
>> >
>> > Thanks in advance for considering it.
>> >
>> > Regards,
>> >
>> > Ranga.
>> >
>> > --
>> > M. Ranganathan
>> > _______________________________________________
>> > netmod mailing list
>> > netmod@ietf.org
>> > https://www.ietf.org/mailman/listinfo/netmod
>>
>> Mahesh Jethanandani
>> mjethanandani@gmail.com
>>
>>
>
>
> --
> M. Ranganathan
>
>
> _______________________________________________
> netmod mailing listnetmod@ietf.orghttps://www.ietf.org/mailman/listinfo/netmod
>
>
>


-- 
M. Ranganathan