Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?

Andy Bierman <andy@yumaworks.com> Thu, 02 November 2017 15:55 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6980139504 for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 08:55:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ho3vXOohmtPn for <netmod@ietfa.amsl.com>; Thu, 2 Nov 2017 08:55:53 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A421386A2 for <netmod@ietf.org>; Thu, 2 Nov 2017 08:55:52 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id g70so4008lfl.3 for <netmod@ietf.org>; Thu, 02 Nov 2017 08:55:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IsxtXCe/Y2KOn6nPLN78bVjkZmy0hj3P05Lii/4sQSc=; b=zA8xqEzJIvsju2JNT9q9lLNecIkhLq5LOwqQeMCXonc7Y4S40Ew3+z5A7EbCi5xIrM Yrp9DQ8nAVLc46UJKRnt6GatsFanrp76dklO50YYmcZl/XlMkOQZP0+wjw13t8AlCxvc yjog6QTWB7IkJrWDS5Ar+TARc6NoV+kHeA9NtLZ2UkFpkMnx+0PU/GkbiWAz7sRCtJJM UtA+ViOWlzpG77S/xQq2O7tnhwePIy3vH3G4uWGHeIffmuMsjFfzumP1wsieJ/aoKY7A JORdz0wHHdn7QFUnnXoLLdUFg4J+x1HfEM5ZJ3HkpExYPAprhCg4iNwPqFXr1UT9LTDb Pecg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IsxtXCe/Y2KOn6nPLN78bVjkZmy0hj3P05Lii/4sQSc=; b=st+i2GxFVqi2Ylt5UHPBMm14UATfcJF2IkTnTc3ltMxSWRDXZKyWE5AZ4VULG/39wn PZF9y/fiYO7POtwy5qQd79erfhfEkteOZenbtv2yFUEUYinO6N9LlQL4czSMZ9me+kX0 IRWSjIIbHjl2wn2twT8H6rMg3hos7/Y27mihrsuX1bPpIEQGBe1t/19VHtpeCeZFpy67 o9ostixO+pkBCBOBKWHMmdK9l7O0qTcmmLy/l0SD+QuRlHe4H4Lb77pYVOtJ+Ksz+HDr ewObR/g0L8Eyje8NVB7KP/Koh5+FIoU0j0t8+O8+UUra/6aRe88Zq67QnvqDRik8DB7l 36Aw==
X-Gm-Message-State: AJaThX6q9tU3UI0xG2RV+noUbEkBVYjfCzuG7xJXTH9aVqCsaHkZAhX3 Y7R3nESnFWUIgVUji628gMdx0MEyW02b4959vBWtMQ==
X-Google-Smtp-Source: ABhQp+Sbk71HgBJUkbff3u7QsOD/7cn7yJuv5mFII4/hBxEBO0kFypuo+SfmFq6vRs16zrUx9AgMKeTLhhAw/h/OWIY=
X-Received: by 10.25.204.81 with SMTP id c78mr1561700lfg.49.1509638150937; Thu, 02 Nov 2017 08:55:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.214.9 with HTTP; Thu, 2 Nov 2017 08:55:50 -0700 (PDT)
In-Reply-To: <CAHiu4JPAAmBybnjaKO8AGnHaW4nwVXy2Q3QYn0QJSatmPVK=mQ@mail.gmail.com>
References: <CAHiu4JPKNE6eL=P6TSb1NCMGpFvcX4BxTWFRcDR+BDQN9kWj2Q@mail.gmail.com> <6B80D720-C62B-444E-A0D0-E4839F5483D2@gmail.com> <CAHiu4JP2RTamZnfvwimPMAo+03vVn9y2gO+5z=R0DxUzwMOEHg@mail.gmail.com> <a5f545bf-1f1e-188b-be03-eed1fb321e03@cisco.com> <CAHiu4JPAAmBybnjaKO8AGnHaW4nwVXy2Q3QYn0QJSatmPVK=mQ@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 2 Nov 2017 08:55:50 -0700
Message-ID: <CABCOCHSVVJiYa-eNeHoNbsCm_enK9hv28Edo5hvxKrJkp64JLw@mail.gmail.com>
To: "M. Ranganathan" <mranga@gmail.com>
Cc: Robert Wilton <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1a17c4b9f6b0055d020523"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/tyagOF3anhtsHaCy0xkWH57srnM>
Subject: Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:55:56 -0000

On Thu, Nov 2, 2017 at 8:34 AM, M. Ranganathan <mranga@gmail.com> wrote:

> Hi Rob, Mahesh,
>
> Thanks for reading.
>
> On Thu, Nov 2, 2017 at 11:00 AM, Robert Wilton <rwilton@cisco.com> wrote:
>
>> Hi Ranga,
>>
>> Presumably another choice would to keep ACLs defined in one place (i.e.
>> no grouping required), augment with ACL model with your extra MUD + other
>> mgmt data, and then have a reference to that ACL from your model.
>>
>> Thanks,
>> Rob
>>
>
>  In the case of MUD ( which is just a use case driving this need ), there
> are local references from MUD to the ACL. MUD itself augments the ACL
> model.
>
> Augmentation would make (logical and design) sense if you were adding
> nodes that are in some way related to the ACL itself.
>
> If I wanted to Augment ACL with something that is not directly ACL
> relevant then Augmentation makes less sense to me from a design perspective
> (lets say I wanted to define a new YANG model that includes the ACL with
> some other system-relavant meta-data that has nothing to do with ACLs but
> is needed by the system in order to install an ACL).
>
> Making access-lists into a grouping and then using it in a container does
> not alter the ACL model as it currently stands but allows designers to use
> the ACL model with either augmentation or inclusion in other YANG models.
> Hence it improves the usability of the ACL model without altering the
> semantics of the current model. It is just a re-structuring but it helps
> the implementer.
>
>
Loosely coupled tables should use leafref.
The main concern of the NETMOD WG should be the usability of the primary
solution.


>
> Regards,
>
> Ranga
>
>

Andy


>
>> On 02/11/2017 14:50, M. Ranganathan wrote:
>>
>> Hi Mahesh,
>>
>>
>>
>> On Wed, Nov 1, 2017 at 11:32 PM, Mahesh Jethanandani <
>> mjethanandani@gmail.com> wrote:
>>
>>> Ranga,
>>>
>>> Is there a reason why you do not want to consider augmenting the model,
>>> particularly since you seem to want to use the entire model?
>>>
>>
>>
>> Yes. I want to include other metadata (specifically MUD + other
>> management data modeled using YANG) associated with the ACL in a container
>> in my own model. For this I want to import access-lists from the ACL YANG
>> model but as it currently stands, I can't.
>>
>> With the way it has been defined (i.e. as a container and not a
>> grouping), I cannot include it in another YANG model. It would be perfect
>> if the access-lists could be made into a grouping as suggested. Nothing
>> else needs to change as far as I am concerned.
>>
>> Thanks!
>>
>> Regards,
>>
>> Ranga.
>>
>>
>>
>>
>>
>>>
>>> > On Oct 31, 2017, at 8:39 PM, M. Ranganathan <mranga@gmail.com> wrote:
>>> >
>>> > Re-posted from OPSAWG list :
>>> >
>>> >
>>> > Hello,
>>> >
>>> > In the file
>>> >
>>> > ietf-access-control-list@2017-10-03.yang
>>> >
>>> > I see that access-lists is directly defined as a collection.
>>> >
>>> >
>>> > May I suggest making a grouping (say access-lists-grouping) and use a
>>> "uses" statement in access-lists.
>>> >
>>> > The use-case for this change request - I would like to use the
>>> grouping in another YANG model using a "uses" statement.
>>> >
>>> > Thanks in advance for considering it.
>>> >
>>> > Regards,
>>> >
>>> > Ranga.
>>> >
>>> > --
>>> > M. Ranganathan
>>> > _______________________________________________
>>> > netmod mailing list
>>> > netmod@ietf.org
>>> > https://www.ietf.org/mailman/listinfo/netmod
>>>
>>> Mahesh Jethanandani
>>> mjethanandani@gmail.com
>>>
>>>
>>
>>
>> --
>> M. Ranganathan
>>
>>
>> _______________________________________________
>> netmod mailing listnetmod@ietf.orghttps://www.ietf.org/mailman/listinfo/netmod
>>
>>
>>
>
>
> --
> M. Ranganathan
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>
>