Re: [yang-doctors] Ensuring top/base models are designed as augmentable
Benoit Claise <bclaise@cisco.com> Wed, 20 November 2019 03:12 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBD7F1201E0 for <yang-doctors@ietfa.amsl.com>; Tue, 19 Nov 2019 19:12:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQyynJChtYMQ for <yang-doctors@ietfa.amsl.com>; Tue, 19 Nov 2019 19:12:57 -0800 (PST)
Received: from bgl-iport-1.cisco.com (bgl-iport-1.cisco.com [72.163.197.25]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5D8D12002E for <yang-doctors@ietf.org>; Tue, 19 Nov 2019 19:12:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3100; q=dns/txt; s=iport; t=1574219576; x=1575429176; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=2luOmQKZesRk2E2080az0KQs+u0LZQU4UMliLlQ+jYk=; b=ICNcSfkFGir9cKbmcKQaKa2P8SRtti9AS4w+T55etWrU5xFF3+nqf0Fi ORKaQCE5v8QLwro/nN45cT3DoOV82bnq3lmgmklUEP3M3G9o2YdkHrv7Q z3iQirujT4Kid3veNvJDkb7Iew2asxJwLxj96jx8/e0mHQm0hH7jy6dQi I=;
X-IronPort-AV: E=Sophos;i="5.69,220,1571702400"; d="scan'208";a="130633541"
Received: from vla196-nat.cisco.com (HELO bgl-core-2.cisco.com) ([72.163.197.24]) by bgl-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Nov 2019 03:12:53 +0000
Received: from [10.68.213.14] ([10.68.213.14]) (authenticated bits=0) by bgl-core-2.cisco.com (8.15.2/8.15.2) with ESMTPSA id xAK36HKG025088 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Wed, 20 Nov 2019 03:06:20 GMT
To: Ebben Aries <exa@arrcus.com>, Martin Bjorklund <mbj@tail-f.com>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "Joe Clarke (jclarke)" <jclarke@cisco.com>
References: <20191118000150.amlnwhgagufkft5t@localhost> <20191118.085212.404540088270846510.mbj@tail-f.com> <20191118081238.wckqp7tczhmfmb45@localhost>
From: Benoit Claise <bclaise@cisco.com>
Message-ID: <0515f51c-77bc-a1ff-6645-da5eb91c670b@cisco.com>
Date: Wed, 20 Nov 2019 11:06:17 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <20191118081238.wckqp7tczhmfmb45@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Authenticated-User: bclaise
X-Outbound-SMTP-Client: 10.68.213.14, [10.68.213.14]
X-Outbound-Node: bgl-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/Hcna8PZ01Sl03NyzD--rDp2_d6Q>
Subject: Re: [yang-doctors] Ensuring top/base models are designed as augmentable
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 03:12:59 -0000
Including Joe Clarke in the loop. As OPSAWG chair, Joe took the AI to follow up with the YANG doctors in order to find the best solution for the TACACS+ YANG model. Regards, Benoit > On Nov 18 08:52 AM, Martin Bjorklund wrote: >> Ebben Aries <exa@arrcus.com> wrote: >>> I was looking for any such possible wording in 8407 but could not find >>> anything around this design consideration. >>> >>> Case in point, there are many modules that may be defined with top-level >>> nodes where the intention is that other domains add/augment in either at >>> a later date or at a bare minimum via another set of >>> definitions/modules in related domains. When this occurs, it seems >>> important that the top level modules are designed in such a way to >>> account for such augmentation and to pick on one case, is the use of >>> 'must' statements in top-level modules. >>> >>> If we look at ietf-system below, for authentication, there are 2 >>> definitions carried in the top-level module (local-users/radius) with a >>> must restriction being placed at a node which is a target candidate for >>> augmentation. >>> >>> # ietf-system@2014-08-06.yang >>> >>> container authentication { >>> nacm:default-deny-write; >>> if-feature authentication; >>> >>> description >>> "The authentication configuration subtree."; >>> >>> leaf-list user-authentication-order { >>> type identityref { >>> base authentication-method; >>> } >>> must '(. != "sys:radius" or ../../radius/server)' { >>> error-message >>> "When 'radius' is used, a RADIUS server" >>> + " must be configured."; >>> description >>> "When 'radius' is used as an authentication method, >>> a RADIUS server must be configured."; >>> } >>> ordered-by user; >>> >>> Now if one were to augment in with say 'tacacs' which would define an >>> identity that would base off sys:authentication-method, this would >>> either mean >>> >>> - Any augmented identities cannot follow the same design pattern as >>> those in the base module >> Can you provide an example of what you want to do and show what >> doesn't work? From what I understand, it seems you can add the nodes >> you want, but you can't just augment a must expression: >> >> must '(. != "x:tacacs" or ../../x:tacacs/server)' > The question is more generic wrt. ensuring nodes are augmentable or some > verbiage around such otherwise there could very well be cases that a > base restriction prevents and/or makes this difficult either for other > future SDO modules or other implementation augments. > > For this specific case - that is precisely it as you have above. The > augmented module cannot enforce similar restrictions for design > consistency sake > > _______________________________________________ > yang-doctors mailing list > yang-doctors@ietf.org > https://www.ietf.org/mailman/listinfo/yang-doctors > . >
- [yang-doctors] Ensuring top/base models are desig… Ebben Aries
- Re: [yang-doctors] Ensuring top/base models are d… Martin Bjorklund
- Re: [yang-doctors] Ensuring top/base models are d… Ebben Aries
- Re: [yang-doctors] Ensuring top/base models are d… Benoit Claise
- Re: [yang-doctors] Ensuring top/base models are d… Joe Clarke (jclarke)
- Re: [yang-doctors] Ensuring top/base models are d… Ladislav Lhotka
- Re: [yang-doctors] Ensuring top/base models are d… Joe Clarke (jclarke)
- Re: [yang-doctors] Ensuring top/base models are d… Ladislav Lhotka
- Re: [yang-doctors] Ensuring top/base models are d… Rob Wilton (rwilton)