- Stricter CLICON_BACKEND_RESTCONF_PROCESS :
- if set, restconf daemon queries backend for its config
- if not set, restconf daemon reads its config from main config file
- Restconf auth=none changes
- Load clixon-restconf and resolve features earlier so that config features work
- Removed auth=none code from example (this was non-std half-baked basic auth)
- Changed tests that used auth-type=none to enable feature clixon-restconf:allow-auth-none
- Moved cert creation from sub-shell to servercert function
- Fixed typos for dockerfile rename of restconf evhtp to native
* Hello message semantics has been made stricter according to RFC 6241 Sec 8.1, for example:
* A client MUST send a <hello> element.
* Each peer MUST send at least the base NETCONF capability, "urn:ietf:params:netconf:base:1.1" (or 1.0 for RFC 4741)
* The netconf client will terminate (close the socket) if the client does not comply
* You can set `CLICON_NETCONF_HELLO_OPTIONAL` to true to use the old behavior of essentially ignoring hellos.
* New clixon-config@2020-03-08.yang revision
* Added: `CLICON_NETCONF_HELLO_OPTIONAL`
* The base capability has been changed to "urn:ietf:params:netconf:base:1.1" following RFC6241.
* Introduced a delay before making process start/stop/restart processes for race conditions when configuring eg restconf
* For restconf `CLICON_BACKEND_RESTCONF_PROCESS`, restart restconf if restconf is edited.
* evhtp restconf closes session on -1 fatal error (no hang)
* restconf auth-type=none call ca_auth callback
* main example for auth_type=none uses basic auth to get user but without passwd check
* Except `CLICON_RESTCONF_DIR` which remains in clixon-config.yang due to bootstrapping
* -d <dir> option removed
* This applies to both evhtp and fcgi RESTCONF
* Both can also read config from backend, and be started from backend
* You may need to move config as follows (from clixon-config.yang to clixon-restconf.yang)
* CLICON_RESTCONF_PRETTY -> restconf/pretty
* CLICON_RESTCONF_PATH -> restconf/fcgi-path
* Not backward compatible: All uses of the ca-auth callback in restconf plugins must be changed
* New version is: `int ca_auth(h, req, auth_type, authp, userp)`
* where `auth_type` is the requested authentication-type (none, client-cert or user-defined)
* `authp` is the returned authentication flag
* `userp` is the returned associated authenticated user
* and the return value is three-valued: -1: Error, 0: ignored, 1: OK
* For more info see [clixon-docs](https://clixon-docs.readthedocs.io/en/latest/restconf.html)
* New clixon-restconf@2020-12-30.yang revision
* New clixon-lib@2020-12-30.yang revision
* Added callback to process-control RPC feature in clixon-lib.yang to manage processes
* Changed behavior of starting restconf internally using `CLICON_BACKEND_RESTCONF_PROCESS` monitoring changes in enable flag, not only the RPC.
* Changed: RPC process-control output parameter status to pid
* This is an alternative to manage a clixon daemon via sudtemd, containerd or other
* One important special case is starting the clixon-restconf daemon internally
* This is how it works:
* Register a process via `clixon_process_register(h, name, namespace, argv, argc)`
* Use process-control RPC defined in clixon-lib.yang to start/stop/restart or query status on that process
* Example code in the main example
* Added: autocli-op extension (see new features)
* Added: rpc process-control for process/daemon management
* Added enable flag and removed presence in clixon-restconf
* A new configuration option `CLICON_CONFIGDIR` has been added for loading of extra config files
* If not given, only the main configfile is loaded.
* If given, and if the directory exists, the files in this directory will be loaded alphabetically AFTER the main config file in the following way:
* leaf values are overwritten
* leaf-list values are appended
* You can override file setting with `-E <dir>` command-line option.
* New clixon-config@2020-10-01.yang revision
* Added option for configuration directory: `CLICON_CONFIGDIR`
* If multiple strings (eg "\n" in text), indent before each new line
* Primarily for auto-cli where long help strings are generated from YANG descriptions, but applies as well for manual long/multi-line help strings
* New config option: `CLICON_CLI_HELPSTRING_TRUNCATE`: Truncate help string on right margin mode
* New config option: `CLICON_CLI_HELPSTRING_LINES`: Limit of number of help strings to show
* Only requests on the form: `<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><edit-config>...` will be accepted
* All replies will be on the form: `<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">...`
* Requests such as: `<rpc><edit-config>...` will not be accepted.
* You can revert this behaviour (to clixon pre-4.6 behaviour) by enabling `CLICON_NAMESPACE_NETCONF_DEFAULT`
* This API change is a consequence of: [copy-config's RPC cxobj parameter does not contain namespace #131](https://github.com/clicon/clixon/issues/131)
* NACM recovery user session is now properly enforced. This means that if `CLICON_NACM_CREDENTIALS` is `except` (default), then a specific `CLICON_NACM_RECOVERY_USER` can make any edits and bypass NACM rules.
* If a default value is replaced by an actual value, RESTCONF return values have changed from `204 No Content` to `201 Created`
* clixon-config.yang: Removed default valude of CLICON_NACM_RECOVERY_USER
* Enforcing RFC 7950 Sec 7.6.1 means unassigned top-level leafs (or leafs under non-presence containers) are assigned default values.
* NACM default behaviour is read-only (empty configs are dead-lockedd)
* This applies if NACM is loaded and `CLICON_NACM_MODE` is `internal`
* Fixed: [default values don't show up in datastores #111](https://github.com/clicon/clixon/issues/111)
