-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple base for identity not working in restriction_arg #348
Comments
#248 maybe |
@guigomcha can you try the change that was abandoned in https://github.com/robshakir/pyangbind/pull/331/files and see if that achieves what you were trying to do? |
I wanted to give this a try.... but using pyang 2.6.0 I get 'error: unexpected keyword "base"' when I attempt to validate a YANG model with an identity with multiple bases. @guigomcha , which is the YANG Model you are using? It is in some public repo? I restored #248 into https://github.com/robshakir/pyangbind/tree/dimbleby-multiple-bases, with a naive addition to the YANG model used for Unittests. This is failing pyang validation. |
Hi @JoseIgnacioTamayo @xavier-contreras , you are right. I have an example for the PR that was not finished. I am trying to use the I2NSF data models for policies. They are available here https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/ I upload here the yang files that I am usinglocally since I was not able to import them directly from a public repository (if you happen to know how to do that it would be great) identity pass {
base ingress-action;
base egress-action;
base default-action;
description
"The pass action allows traffic that matches
the rule to proceed through the NSF to reach the
destination.";
reference
"draf
[ietf-i2nsf-policies.zip](https://github.com/user-attachments/files/16082366/ietf-i2nsf-policies.zip)
t-ietf-i2nsf-capability-data-model-32:
I2NSF Capability YANG Data Model - Actions and
Default Action";
} This is an example for the test (rule 1 is not accepted) {
"i2nsf-security-policy": [
{
"name": "ll_security_policy_for_firewall_and_ddos_attacks",
"rules": [
{
"name": "rule1",
"description": "description from NSF provider",
"enable": true,
"long-connection": {
"enable": true
},
"condition": {
"ipv4": {
"source-ipv4-network": "192.168.137.13/24",
"destination-ipv4-network": "192.168.137.115/24"
}
},
"action": {
"packet-action": {
"egress-action": "pass"
}
}
},
{
"name": "rule2",
"description": "description from NSF provider",
"enable": true,
"long-connection": {
"enable": true
},
"condition": {
"ipv4": {
"source-ipv4-network": "192.168.137.13/24",
"destination-ipv4-network": "192.168.137.115/24"
},
"ddos": {
"alert-packet-rate": 200
}
},
"action": {
"packet-action": {
"egress-action": "rate-limit"
},
"advanced-action": {
"attack-mitigation-control": "anti-ddos"
}
}
}
]
}
]
} |
@guigomcha , I restored #248 maybe from @dimbleby at #354, could you please that branch a try? |
I have an example where the leaf identityref that I have defined can be used in several leafs
However when I run the command
pyang --plugindir $PYBINDPLUGIN -f pybind --build-rpcs --build-notifications -o yang/capability_binding.py -p yang yang/ietf-i2nsf-capability@2022-05-23.yang
I get a class which considers "pass" only for leafs of type ingress-action and does not let me use "pass" in leafs of type egreess-action according to "restriction_arg"The text was updated successfully, but these errors were encountered: