diff --git a/CHANGELOG.md b/CHANGELOG.md
index 408c0be4..2ba61c41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,12 +30,16 @@ Expected: September 2020
Users may have to change how they access the system
+* NACM datanode paths fixed to canonical namespace
+ * The fix of [Cannot create or modify NACM data node access rule with path using JSON encoding #129](https://github.com/clicon/clixon/issues/129) leads that data-node paths, eg `...ex:table/ex:parameter` instance-identifiers are restricted to canonical namespace identifiers for both XML and JSON encoding. That is, if a symbol (such as `table` above) is a symbol in a module with prefix `ex`, another prefix cannot be used, even though defined with a `xmlns:` rule.
+
* New clixon-config@2020-08-17.yang revision
* Added options for Restconf evhtp setting default bind socket address and ports `CLICON_RESTCONF_IPV4_ADDR`, `CLICON_RESTCONF_IPV6_ADDR`, `CLICON_RESTCONF_HTTP_PORT`, `CLICON_RESTCONF_HTTPS_PORT`
### Corrected Bugs
-* Corrected error message for list min/max-value to comply to RFC 7950: a proper path is now returned, peviously only the list symbol. it is also exposed in the CLI correctly.
+* Fixed: [Cannot create or modify NACM data node access rule with path using JSON encoding #129](https://github.com/clicon/clixon/issues/129). The evaluation of NACM datanode rule path is assumed to be canonical namespace and cannot be overruled with `xmlns` rules.
+* Corrected error message for list min/max-value to comply to RFC 7950: a proper path is now returned, previously only the final list symbol was returned. This error-path is also now exposed in the CLI error message correctly.
* Example: `/c/a1`
* Fixed: [Yang modules skipped if the name is a proper prefix of other module name](https://github.com/clicon/clixon/issues/130)
* Fixed an error in global default values. Global default values were not written to datastore after startup, but AFTER an edit/commit.
diff --git a/lib/src/clixon_nacm.c b/lib/src/clixon_nacm.c
index 55a1a435..ffc081e0 100644
--- a/lib/src/clixon_nacm.c
+++ b/lib/src/clixon_nacm.c
@@ -454,12 +454,22 @@ nacm_datanode_prepare(clicon_handle h,
}
else{
path0 = clixon_trim2(xml_body(pathobj), " \t\n");
+ /* Get canonical namespace context for nacm paths */
+ if ((path = strdup(path0)) == NULL){
+ clicon_err(OE_UNIX, errno, "strdup");
+ goto done;
+ }
+#if 0
+ /* See https://github.com/clicon/clixon/issues/129:
+ * If this is enabled, you are back to the problem of JSON encodings
+ */
/* Create namespace context for with nacm namespace as default */
if (xml_nsctx_node(pathobj, &nsc0) < 0)
goto done;
/* instance-id requires canonical paths */
if (xpath2canonical(path0, nsc0, yspec, &path, NULL) < 0)
goto done;
+#endif
if ((ret = clixon_xml_find_instance_id(xt, yspec, &xvec, &xlen, "%s", path)) < 0)
goto done;
if (ret == 0)
diff --git a/test/config.sh.in b/test/config.sh.in
index 51179181..fdd987d2 100755
--- a/test/config.sh.in
+++ b/test/config.sh.in
@@ -51,7 +51,7 @@ CXX=@CXX@
CC=@CC@
# Web user default (ie what RESTCONF daemon runs as). Default: www-data
-WWWUSER=@wwwuser@
+wwwuser=@wwwuser@
# Home dir for web user, by default /www-data
WWWDIR=@wwwdir@
diff --git a/test/lib.sh b/test/lib.sh
index 1c2604f3..63f2bafd 100755
--- a/test/lib.sh
+++ b/test/lib.sh
@@ -266,7 +266,7 @@ stop_restconf_pre(){
# 1) Dont use $clixon_restconf (dont work in valgrind)
# 2) Dont use -u $WWWUSER since clixon_restconf may drop privileges.
stop_restconf(){
- # sudo pkill -u $WWWUSER -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind
+ # sudo pkill -u $wwwuser -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind
sudo pkill -f clixon_restconf
if [ $valgrindtest -eq 3 ]; then
sleep 1
diff --git a/test/test_leaf_default.sh b/test/test_leaf_default.sh
index 1f816e38..4c3025ea 100755
--- a/test/test_leaf_default.sh
+++ b/test/test_leaf_default.sh
@@ -10,6 +10,10 @@
# v non-presence container (presence false) DEFAULT
# ancestor--> ancestor --> leaf --> default
# ^leafs closest ancestor that is not a non-presence container
+# Test has three parts where system is started three times:
+# 1) with init
+# 2) with startup: r1 only
+# 3) with startup: p4 only
# Magic line must be first in script (see README.md)
s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@@ -79,6 +83,25 @@ module example{
}
}
}
+ container xs-config {
+ description "Typical contruct where a list element has a default leaf";
+ list x {
+ key "name";
+ leaf name {
+ type string;
+ }
+ container y {
+ leaf inside {
+ type boolean;
+ default false;
+ }
+ }
+ leaf outside {
+ type boolean;
+ default false;
+ }
+ }
+ }
}
EOF
@@ -115,6 +138,12 @@ expecteof "$clixon_netconf -qf $cfg" 0 ']]>]]>' "^$XML]]>]]>$"
+new "Set x list element"
+expecteof "$clixon_netconf -qf $cfg" 0 'a]]>]]>' "^]]>]]>$"
+
+new "get config (should contain y/inside+outside)"
+expecteof "$clixon_netconf -qf $cfg" 0 ']]>]]>' "^$XMLafalsefalse]]>]]>$"
+
if [ $BE -ne 0 ]; then
new "Kill backend"
# Check if premature kill
@@ -187,7 +216,7 @@ if [ -z "$pid" ]; then
err "backend already dead"
fi
-# From startup 2, only prsence p4, s4/np5 should be filled in
+# From startup 2, only presence p4, s4/np5 should be filled in
cat < $dir/startup_db
@@ -217,4 +246,34 @@ if [ -z "$pid" ]; then
err "backend already dead"
fi
+# Only single x list element
+cat < $dir/startup_db
+
+ a
+
+EOF
+XML='11223331'
+if [ $BE -ne 0 ]; then
+ new "kill old backend"
+ sudo clixon_backend -zf $cfg
+ if [ $? -ne 0 ]; then
+ err
+ fi
+ new "start backend -s startup -f $cfg"
+ start_backend -s startup -f $cfg
+
+ new "waiting"
+ wait_backend
+fi
+
+new "get startup config with list default"
+expecteof "$clixon_netconf -qf $cfg" 0 ']]>]]>' "^$XMLafalsefalse]]>]]>$"
+
+new "Kill backend"
+# Check if premature kill
+pid=$(pgrep -u root -f clixon_backend)
+if [ -z "$pid" ]; then
+ err "backend already dead"
+fi
+
rm -rf $dir
diff --git a/test/test_nacm_datanode.sh b/test/test_nacm_datanode.sh
index 7a90b44c..96cda8ad 100755
--- a/test/test_nacm_datanode.sh
+++ b/test/test_nacm_datanode.sh
@@ -132,8 +132,8 @@ RULES=$(cat <guest
deny-nacm
-
- /n:nacm
+
+ /nacm:nacm
*deny
@@ -147,8 +147,8 @@ RULES=$(cat <limited
permit-acme-config
-
- /acme:acme-netconf/acme:config-parameters
+
+ /ex:acme-netconf/acme:config-parameters
read create update delete
diff --git a/test/test_nacm_datanode_paths.sh b/test/test_nacm_datanode_paths.sh
index 2f9241aa..4c16fa20 100755
--- a/test/test_nacm_datanode_paths.sh
+++ b/test/test_nacm_datanode_paths.sh
@@ -112,8 +112,6 @@ if [ $RC -ne 0 ]; then
wait_restconf
fi
-
-
new "admin read OK"
expectpart "$(curl -u andy:bar -siS -X GET http://localhost/restconf/data/nacm-example:table/parameters/parameter=a)" 0 'HTTP/1.1 200 OK' '{"nacm-example:parameter":\[{"name":"a","value":"72"}\]}'
@@ -142,12 +140,14 @@ expectpart "$(curl -u andy:bar -siS -X POST http://localhost/restconf/data/ietf
new "Read NACM rule"
expectpart "$(curl -u andy:bar -siS -X GET http://localhost/restconf/data/ietf-netconf-acm:nacm/rule-list=limited-acl)" 0 "HTTP/1.1 200 OK" '{"ietf-netconf-acm:rule-list":\[{"name":"limited-acl","group":"limited","rule":\[{"name":"table","module-name":"\*","path":"/ex:table","access-operations":"read","action":"permit"}\]}\]}'
-if false; then
+new "limit read OK (Set rul w JSON)"
+expectpart "$(curl -u wilma:bar -siS -X GET http://localhost/restconf/data/nacm-example:table/parameters/parameter=a)" 0 'HTTP/1.1 200 OK' '{"nacm-example:parameter":\[{"name":"a","value":"72"}\]}'
+
+new "Delete NACM read rule"
+expectpart "$(curl -u andy:bar -siS -X DELETE http://localhost/restconf/data/ietf-netconf-acm:nacm/rule-list=limited-acl)" 0 "HTTP/1.1 204 No Content"
+
new "Fail limit read"
-# XXX: No namespace found for prefix: ex
-# See [Cannot create or modify NACM data node access rule with path using JSON encoding #129](https://github.com/clicon/clixon/issues/129)
expectpart "$(curl -u wilma:bar -siS -X GET http://localhost/restconf/data/nacm-example:table/parameters/parameter=a)" 0 'HTTP/1.1 404 Not Found' '{"ietf-restconf:errors":{"error":{"error-type":"application","error-tag":"invalid-value","error-severity":"error","error-message":"Instance does not exist"}}}'
-fi
if [ $RC -ne 0 ]; then
new "Kill restconf daemon"