experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Fixed [identityref validation fails when using typedef #87](https://github.com/clicon/clixon/issues/87)

Browse source
This commit is contained in:
Olof hagsand 2019-06-20 15:35:57 +02:00
parent 97529a20a4
commit c90aa8371c
4 changed files with 70 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -251,6 +251,7 @@
### Corrected Bugs ### Corrected Bugs
* Fixed [identityref validation fails when using typedef #87](https://github.com/clicon/clixon/issues/87)
* Fixed a problem with some netconf error messages caused restconf daemon to exit due to no XML encoding * Fixed a problem with some netconf error messages caused restconf daemon to exit due to no XML encoding
* Check cligen tab mode, dont start if CLICON_CLI_TAB_MODE is undefined * Check cligen tab mode, dont start if CLICON_CLI_TAB_MODE is undefined
* Startup transactions did not mark added tree with XML_FLAG_ADD as it should. * Startup transactions did not mark added tree with XML_FLAG_ADD as it should.

9
lib/src/clixon_xml_map.c
View file

@ -1206,20 +1206,21 @@ xml_yang_validate_all(clicon_handle h,
/* Special case if leaf is leafref, then first check against /* Special case if leaf is leafref, then first check against
current xml tree current xml tree
*/ */
if ((yc = yang_find(ys, Y_TYPE, NULL)) != NULL){ /* Get base type yc */
if (strcmp(yc->ys_argument, "leafref") == 0){ if (yang_type_get(ys, NULL, &yc, NULL, NULL, NULL, NULL, NULL) < 0)
goto done;
if (strcmp(yang_argument_get(yc), "leafref") == 0){
if ((ret = validate_leafref(xt, yc, xret)) < 0) if ((ret = validate_leafref(xt, yc, xret)) < 0)
goto done; goto done;
if (ret == 0) if (ret == 0)
goto fail; goto fail;
} }
else if (strcmp(yc->ys_argument, "identityref") == 0){ else if (strcmp(yang_argument_get(yc), "identityref") == 0){
if ((ret = validate_identityref(xt, ys, yc, xret)) < 0) if ((ret = validate_identityref(xt, ys, yc, xret)) < 0)
goto done; goto done;
if (ret == 0) if (ret == 0)
goto fail; goto fail;
} }
}
break; break;
default: default:
break; break;

3
lib/src/clixon_yang_type.c
View file

@ -1416,13 +1416,14 @@ yang_type_resolve(yang_stmt *yorig,
* *
* @code * @code
* yang_stmt *yrestype; * yang_stmt *yrestype;
* char *origtype = NULL;
* int options; * int options;
* cvec *cvv = NULL; * cvec *cvv = NULL;
* cvec *patterns = cvec_new(0); * cvec *patterns = cvec_new(0);
* cvec *regexps = cvec_new(0); * cvec *regexps = cvec_new(0);
* uint8_t fraction; * uint8_t fraction;
* *
* if (yang_type_get(ys, &type, &yrestype, &options, &cvv, * if (yang_type_get(ys, &origtype, &yrestype, &options, &cvv,
* patterns, regexps, &fraction) < 0) * patterns, regexps, &fraction) < 0)
* goto err; * goto err;
* if (yrestype == NULL) # unresolved * if (yrestype == NULL) # unresolved

54
test/test_identity.sh
View file

@ -106,6 +106,30 @@ cat <<EOF > $fyang
container aes-parameters { container aes-parameters {
when "../crypto = 'mc:aes'"; when "../crypto = 'mc:aes'";
} }
identity acl-base;
typedef acl-type {
description "problem detected in ietf-access-control-list.yang";
type identityref {
base acl-base;
}
}
identity ipv4-acl-type {
base mc:acl-base;
}
identity ipv6-acl-type {
base mc:acl-base;
}
container acls {
list acl {
key name;
leaf name {
type string;
}
leaf type {
type acl-type;
}
}
}
} }
EOF EOF
@ -120,7 +144,7 @@ if [ $BE -ne 0 ]; then
start_backend -s init -f $cfg start_backend -s init -f $cfg
new "waiting" new "waiting"
sleep $RCWAIT wait_backend
fi fi
new "Set crypto to aes" new "Set crypto to aes"
@ -186,6 +210,34 @@ expectfn "$clixon_cli -1 -f $cfg -l o set crypto des:des3" 0 "^$"
new "cli validate" new "cli validate"
expectfn "$clixon_cli -1 -f $cfg -l o validate" 0 "^$" expectfn "$clixon_cli -1 -f $cfg -l o validate" 0 "^$"
new "Netconf set acl-type"
expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></target><config><acls xmlns="urn:example:my-crypto"><acl><name>x</name><type>mc:ipv4-acl-type</type></acl></acls></config></edit-config></rpc>]]>]]>' '^<rpc-reply><ok/></rpc-reply>]]>]]>$'
new "netconf validate "
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><validate><source><candidate/></source></validate></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
new "Netconf set undefined acl-type"
expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></target><config><acls xmlns="urn:example:my-crypto"><acl><name>x</name><type>undefined</type></acl></acls></config></edit-config></rpc>]]>]]>' '^<rpc-reply><ok/></rpc-reply>]]>]]>$'
new "netconf validate fail"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><validate><source><candidate/></source></validate></rpc>]]>]]>" '^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-severity>error</error-severity><error-message>Identityref validation failed, Identityref validation failed, not derived from acl-base</error-message></rpc-error></rpc-reply>]]>]]>$'
new "netconf discard-changes"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><discard-changes/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
new "CLI set acl-type"
expectfn "$clixon_cli -1 -f $cfg -l o set acls acl x type mc:ipv4-acl-type" 0 "^$"
new "cli validate"
expectfn "$clixon_cli -1 -f $cfg -l o validate" 0 "^$"
new "CLI set wrong acl-type"
expectfn "$clixon_cli -1 -f $cfg -l o set acls acl x type undefined" 0 "^$"
new "cli validate"
expectfn "$clixon_cli -1 -f $cfg -l o validate" 255 "Identityref validation failed"
if [ $BE -eq 0 ]; then if [ $BE -eq 0 ]; then
exit # BE exit # BE
fi fi