Re: nested operation attribute interoperability

[Andy Bierman <ietf@andybierman.com>]

>...
> 1) only 'create' and 'delete' have any kind of existence tests.
>    Merge and replace can always work and never generate an error because
>    of data present or missing in the target configuration.

I'm wrong again. :-(
There is another undocumented existence test. (!)
If the default-operation is 'none' for any of the
start nodes in the <config> data, and those corresponding
nodes do not exist in the target, then a data-missing
error should be generated.


[This issue is more relevant for nested dynamic tables,
 but this simple example will suffice]

  <default-operation>none</default-operation>
  <config>
    <users>
      <user operation="create">
         ... rest of entry
      </user>
    </users>
  </config>


If the <users> container does not exist in the agent yet,
then the agent is not supposed to create it, according to this PDU.
The 'none' start state was added as a feature because
the create or delete attributes sometimes must be located
in a child node and not apply to the parent.  This is needed
for access control as well as accurate operation attribute
existence tests.

Now I have to start an errata list :-(

1) data-exists error is for delete only, not replace and delete

2) data-missing error is for create and none, not just create

Note that these errors return no parameters.  I am adding
proprietary elements to identify what is or isn't missing.
Since multiple errors can occur in different sub-trees,
the rpc-error is mostly worthless without them.  This
is not the same as access-denied.  That gets checked before
any other processing of course, and suppresses any more
error messages for the restricted data.




Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>