search

clicon / clixon-controller

Clixon network controller
Apache License 2.0
12 stars 4 forks source link

NACM paths don't work for mounted YANG models #62

Closed krihal closed 7 months ago

krihal commented 7 months ago

NACM paths don't work when there are mounted YANG models. In the example below I try to use a path which spans over both the controller YANG and Juniper YANG(s):

   <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
     <enable-nacm>true</enable-nacm>
     <read-default>deny</read-default>
     <write-default>deny</write-default>
     <exec-default>permit</exec-default>
     <groups>
       <group>
         <name>test</name>
         <user-name>debian</user-name>
       </group>
     </groups>
     <rule-list>
       <name>test-acl</name>
       <group>test</group>
       <rule>
         <name>permit juniper1</name>
         <module-name>*</module-name>
         <access-operations>*</access-operations>
         <action>permit</action>
         <path xmlns:ctrl="http://clicon.org/controller" xmlns:js="http://yang.juniper.net/junos/conf/root">/ctrl:devices/ctrl:device[ctrl:name='juniper1']/ctrl:config/js:configure/js:firewall</path>
       </rule>
     </rule-list>
   </nacm>
olofhagsand commented 7 months ago

Should be fixed, see https://github.com/clicon/clixon/blob/master/test/test_nacm_mount.sh for an example

olofhagsand commented 7 months ago

NACM PATHs + CIi does not work correctly, see also https://github.com/clicon/clixon/issues/463

olofhagsand commented 7 months ago

Open a separate issue for the special case NACM+CLI+PATH+MOUNT, see https://github.com/clicon/clixon-controller/issues/67 CLosing the generic case.