Re: [yang-doctors] Yangdoctors last call review of draft-ietf-ospf-yang-09
Martin Bjorklund <mbj@tail-f.com> Wed, 10 January 2018 16:18 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6077712D945 for <yang-doctors@ietfa.amsl.com>; Wed, 10 Jan 2018 08:18:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWi2VYuXxYjP for <yang-doctors@ietfa.amsl.com>; Wed, 10 Jan 2018 08:18:14 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id D5E3E12421A for <yang-doctors@ietf.org>; Wed, 10 Jan 2018 08:18:13 -0800 (PST)
Received: from localhost (unknown [173.38.220.56]) by mail.tail-f.com (Postfix) with ESMTPSA id 3C5B51AE0118; Wed, 10 Jan 2018 17:18:12 +0100 (CET)
Date: Wed, 10 Jan 2018 17:18:11 +0100
Message-Id: <20180110.171811.858477092972700390.mbj@tail-f.com>
To: lhotka@nic.cz
Cc: yang-doctors@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <1515600384.11767.48.camel@nic.cz>
References: <1515579468.6095.29.camel@nic.cz> <20180110.125841.1275902835172392300.mbj@tail-f.com> <1515600384.11767.48.camel@nic.cz>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/aoSGgNFp6Nov4adJoCcE_r7VCeE>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-ospf-yang-09
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 16:18:17 -0000
Ladislav Lhotka <lhotka@nic.cz> wrote: > On Wed, 2018-01-10 at 12:58 +0100, Martin Bjorklund wrote: > > Ladislav Lhotka <lhotka@nic.cz> wrote: > > > On Wed, 2018-01-10 at 10:35 +0100, Martin Bjorklund wrote: > > > > Hi, > > > > > > > > Replying to this only on yang-doctors, since this is mostly a > > > > discussion about the interpretation of RFC 7950. > > > > > > > > > > > > Ladislav Lhotka <lhotka@nic.cz> wrote: > > > > > On Tue, 2018-01-09 at 16:23 +0100, Martin Bjorklund wrote: > > > > > > Ladislav Lhotka <lhotka@nic.cz> wrote: > > > > > > > On Tue, 2018-01-09 at 09:06 +0100, Martin Bjorklund wrote: > > > > > > > > Ladislav Lhotka <lhotka@nic.cz> wrote: > > > > > > > > > On Mon, 2018-01-08 at 19:28 +0000, Acee Lindem (acee) wrote: > > > > > > > > > > On 12/6/17, 6:26 AM, "Ladislav Lhotka" <lhotka@nic.cz> wrote: > > > > > > > > [...] > > > > > > > > > > > > > > > 4. In "when" expressions, the module uses literal strings > > > > for > > > > > > > > > > > identities. This is known to be problematic, the XPath > > > > > > > > functions > > > > > > > > > > > derived-from() or derived-from-or-self() should be used > > > > > > > > instead. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Why is this problematic? Is it because the types can be > > > > extended? > > > > > > > > > > > > > > > > > > That's one reason: derived identities should often also satisfy > > > > the > > > > > > > > > constraint. > > > > > > > > > > > > > > > > > > But the more serious problem is that things like > > > > > > > > > > > > > > > > > > when "../../../../../../../rt:type = 'ospf:ospfv3'" > > > > > > > > > > > > > > > > > > rely on plain string comparison that depends od the actual > > > > prefix > > > > used > > > > > > > > > > > > > > > > > "rt:type" value. For one, according to RFC 7951 the JSON > > > > encoding of > > > > > > > > > this value > > > > > > > > > would be "ietf-ospf:ospfv3" so the above expression is always > > > > > > > > false. > > > > > > > > > > > > > > > > This is not correct; the when expression is not evaluated on the > > > > JSON > > > > > > > > encoding. See the last paragraph of section 9.10.3 in RFC 7950: > > > > > > > > > > > > > > > > The string value of a node of type "identityref" in a "must" or > > > > > > > > "when" XPath expression is the referred identity's qualified > > > > name > > > > > > > > with the prefix present. If the referred identity is defined > > > > in an > > > > > > > > imported module, the prefix in the string value is the prefix > > > > > > > > defined > > > > > > > > in the corresponding "import" statement. Otherwise, the prefix > > > > in > > > > > > > > the string value is the prefix for the current module. > > > > > > > > > > > > > > This is weird, to say the least. The leafref instance may have an > > > > > > > > identity > > > > > > > value > > > > > > > that is defined in a module that (has to be implemented by the > > > > server > > > > but) > > > > > > > needn't be imported in the module that contains the XPath > > > > expression. So > > > > I > > > > > > > don't > > > > > > > know what 'corresponding "import" statement' this paragraph is > > > > talking > > > > > > > about. > > > > > > > > > > > > It has to import the module in order to give a prefix, which then can > > > > > > be used in the XPath expression. > > > > > > > > > > In the XPath expression above, do you mean the "rt" prefix of > > > > > "rt:type"? > > > > > > > > No, I meant the "ospf" prefix for the module "ietf-ospf". > > > > > > > > > If so, > > > > > it is irrelevant for the string comparison, what's important is the > > > > *value* > > > > of > > > > > the "rt:type" instance, which can be an identity defined in a module > > > > that > > > > > needn't be imported by ietf-routing, ietf-ospf or whatever. Sec. 9.10.2: > > > > > > > > > > On a particular server, the valid values are further restricted > > > > > to the set of identities defined in the modules implemented by > > > > > the server. > > > > > > > > Because of the way the representation of identities work in must/when > > > > expressions, you *must* import the module where the identity is > > > > define, if you want to use the identity for equality comparision like > > > > in the example. > > > > > > > > You may have: > > > > > > > > module a { > > > > ... > > > > import ietf-ospf { > > > > prefix x; > > > > } > > > > ... > > > > leaf foo { > > > > when "../type = 'x:ospfv3'"; > > > > ... > > > > } > > > > } > > > > > > The problem here is not with the literal 'x:ospf' but rather with the string > > > value of the leafref node instance ("../type" here), and clearly it is what > > > > sec. > > > 9.10.3 talks about ("string value of a [leafref] node"). > > > > > > I can define a module like > > > > > > module foo-ospf { > > > namespace "http://example.com/foo-ospf"; > > > prefix ospf; > > > import ietf-routing { > > > prefix rt; > > > } > > > identity ospfv3 { > > > base "rt:routing-protocol"; > > > } > > > ... > > > } > > > > > > Now, if the server advertizes both ietf-ospf and foo-ospf as implemented > > > > (which > > > is legal), the module foo-ospf needn't be imported anywhere and still the > > > > "type" > > > leaf instance can have both values "ietf-ospf:ospfv3" and "foo-ospf:ospfv3", > > > provided that it is defined as > > > > > > leaf type { > > > type identityref { > > > base rt:routing-protocol; > > > } > > > } > > > > > > And I wonder what the last paragraph in sec. 9.10.3 means in this situation, > > > i.e. what string value of "type" is used in the evaluation of the XPath > > > expression in your module "a", if the value-space value of 'type' instance > > > > in a > > > datastore is either of the two '...:ospfv3' identities. > > > > > > Do you see what I mean? > > > > Do you mean that the problem is that the spec does not define what the > > string value is if the module where the identity is defined is not > > imported? > > > > I agree that this is an issue. > > > > BUT, actually, if you look the text in the spec: > > > > The string value of a node of type "identityref" in a "must" or > > "when" XPath expression is the referred identity's qualified name > > with the prefix present. If the referred identity is defined in an > > imported module, the prefix in the string value is the prefix defined > > in the corresponding "import" statement. Otherwise, the prefix in > > the string value is the prefix for the current module. > > > > If you blindly follow this, the last sentence would have to apply, and > > the string would be "a:ospfv3", which clearly is broken. > > It depends on what "current module" means. "current module" and "local module" means the module where the "must" or "when" expression is defined. There was a separate thread about this as well. > It could also be interpreted as the > module in which the identity is defined, but then we can get the collision of > prefixes as in my example. > > > > > For all practical purposes, I think the string value can be "" if the > > identity is defined in a module that is not imported, and is not > > defined in the current module. > > I think a better solution would be to avoid prefixes in lexical-space identity > values altogether and use the same string as in JSON encoding (RFC 7951). The > XPath expression from your example would become > > "../type = 'ietf-ospf:ospfv3'" > > Everything would then be straightforward and non-ambiguous. Yes, as I wrote in my previous email, I agree, this would be better. But that's for YANG 2.0, unfortunately. /martin > > Lada > > > > > > > /martin > > > > > > > > > > > > > > Lada > > > > > > > > > > > > > > and > > > > > > > > module b { > > > > ... > > > > import ietf-ospf { > > > > prefix y; > > > > } > > > > ... > > > > leaf bar { > > > > when "../type = 'y:ospfv3'"; > > > > ... > > > > } > > > > } > > > > > > > > You may not like it, but these two modules are both correct according > > > > to the rules defined in RFC 7950. The string value of the "type" leaf > > > > *when evaluating the when expression* is different in the different > > > > modules. See the last paragraph of section 9.10.3 in RFC 7950. > > > > > > > > > > > Also, potentially there can be a collision in prefixes and then this > > > > > > > > also > > > > > > > breaks down. > > > > > > > > > > > > > > > > > > No, two modules cannot be imported with the same prefix. > > > > > > > > > > I have to disagree. An identity derived from the > > > > > "ietf-routing:control-protocol-type" base identity can be defined > > > > > in a module that is not imported anywhere. If a server declares such > > > > > a module as implemented, then "rt:type" may have this value per > > > > > sec. 9.10.2. > > > > > > > > > > And, consequently, there may be two different modules with > > > > > conflicting prefixes defining identities that are derived from > > > > > "ietf-routing:control-protocol-type". > > > > > > > > Sure, but this is not the point. > > > > > > > > > > > A moral of the namespace/prefix story in XML was that relying of > > > > > > > namespace prefixes having a particular value is a really bad > > > > > > > idea. I know that the cited paragraph was intended to make such > > > > > > > XPath string comparisons more deterministic, but it is also > > > > > > > problematic and should be avoided if possible. > > > > > > > > > > > > Note that this prefix is under the control of the module designer > > > > > > writing the XPath expression. The same identityref value might use a > > > > > > > > > > No, it is not. The prefixes appear in instance data. > > > > > > > > The prefix *in the when expression* is under the control of the module > > > > designer, as explained above. > > > > > > > > You are correct that the prefix in an XML encoding is not under > > > > control of the module designer, but noone has claimed that. > > > > > > > > I agree that it is unfortunate that context-specific prefixes are used > > > > for the identityref values. It would have been better if we used a > > > > context free representation, e.g. "<module-name>:<identity>". But > > > > that's another discussion. > > > > > > > > > > > > > > > > /martin > > > > > > -- > > > Ladislav Lhotka > > > Head, CZ.NIC Labs > > > PGP Key ID: 0xB8F92B08A9F76C67 > > > > -- > Ladislav Lhotka > Head, CZ.NIC Labs > PGP Key ID: 0xB8F92B08A9F76C67 > > _______________________________________________ > yang-doctors mailing list > yang-doctors@ietf.org > https://www.ietf.org/mailman/listinfo/yang-doctors >
- [yang-doctors] Yangdoctors last call review of dr… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Andy Bierman
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Juergen Schoenwaelder
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Andy Bierman
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Andy Bierman
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Martin Bjorklund
- Re: [yang-doctors] Yangdoctors last call review o… Acee Lindem (acee)
- Re: [yang-doctors] [Lsr] Yangdoctors last call re… Rob Shakir
- Re: [yang-doctors] [Lsr] Yangdoctors last call re… Acee Lindem (acee)
- Re: [yang-doctors] Yangdoctors last call review o… Christian Hopps