Multiple base for identity not working in restriction_arg #348
Comments
|
#248 maybe |
|
@guigomcha can you try the change that was abandoned in https://github.com/robshakir/pyangbind/pull/331/files and see if that achieves what you were trying to do? |
|
I wanted to give this a try.... but using pyang 2.6.0 I get 'error: unexpected keyword "base"' when I attempt to validate a YANG model with an identity with multiple bases. @guigomcha , which is the YANG Model you are using? It is in some public repo? I restored #248 into https://github.com/robshakir/pyangbind/tree/dimbleby-multiple-bases, with a naive addition to the YANG model used for Unittests. This is failing pyang validation. |
|
Hi @JoseIgnacioTamayo @xavier-contreras , you are right. I have an example for the PR that was not finished. I am trying to use the I2NSF data models for policies. They are available here https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/ I upload here the yang files that I am usinglocally since I was not able to import them directly from a public repository (if you happen to know how to do that it would be great) identity pass {
base ingress-action;
base egress-action;
base default-action;
description
"The pass action allows traffic that matches
the rule to proceed through the NSF to reach the
destination.";
reference
"draf
[ietf-i2nsf-policies.zip](https://github.com/user-attachments/files/16082366/ietf-i2nsf-policies.zip)
t-ietf-i2nsf-capability-data-model-32:
I2NSF Capability YANG Data Model - Actions and
Default Action";
}This is an example for the test (rule 1 is not accepted) {
"i2nsf-security-policy": [
{
"name": "ll_security_policy_for_firewall_and_ddos_attacks",
"rules": [
{
"name": "rule1",
"description": "description from NSF provider",
"enable": true,
"long-connection": {
"enable": true
},
"condition": {
"ipv4": {
"source-ipv4-network": "192.168.137.13/24",
"destination-ipv4-network": "192.168.137.115/24"
}
},
"action": {
"packet-action": {
"egress-action": "pass"
}
}
},
{
"name": "rule2",
"description": "description from NSF provider",
"enable": true,
"long-connection": {
"enable": true
},
"condition": {
"ipv4": {
"source-ipv4-network": "192.168.137.13/24",
"destination-ipv4-network": "192.168.137.115/24"
},
"ddos": {
"alert-packet-rate": 200
}
},
"action": {
"packet-action": {
"egress-action": "rate-limit"
},
"advanced-action": {
"attack-mitigation-control": "anti-ddos"
}
}
}
]
}
]
} |
|
@guigomcha , I restored #248 maybe from @dimbleby at #354, could you please that branch a try? |
I have an example where the leaf identityref that I have defined can be used in several leafs
However when I run the command
pyang --plugindir $PYBINDPLUGIN -f pybind --build-rpcs --build-notifications -o yang/capability_binding.py -p yang yang/ietf-i2nsf-capability@2022-05-23.yangI get a class which considers "pass" only for leafs of type ingress-action and does not let me use "pass" in leafs of type egreess-action according to "restriction_arg"The text was updated successfully, but these errors were encountered: