Cisco IOS CLI can be “hidden” but at the same time we can still type in the CLI into IOS for it to execute the command.
Say i have one module which defines just one show command “show abc xyz”. With tailf:export none statement, I can completely hide the “show abc xyz” CLI, but when we type in “show abc xyz”, the confd_cli will complains some error:
user1@nfvis> show abc xyz
syntax error: element does not exist
IS there anyway for confd to implement the Cisco IOS style hidden CLI?
Instead of using the tailf:export statement, you can use the tailf:hidden statement with a hide group instead in your YANG model. If you list the corresponding hide group in confd.conf, the hidden data can be unhidden with the unhide CLI command. You can find description of this feature in section 3.9 of the ConfD User Guide.
Here’s what is stated in section 3.9.2 of the ConfD User Guide:
A hide group can only be unhidden if the group is listed in the confd.conf.
This means that a hide group will be completely hidden to the user interfaces
unless it has been explicitly allowed to be unhidden in confd.conf . A
password can optionally be required to unhide a group.
The hidden part of your data model isn’t accessible until it gets unhidden with the unhide command.
The ConfD CLI does support the “hidden” as in “you can do it if you know it”, but only for commands defined in a clispec file - from the clispec(5) manual page:
The “hidden” element makes a CLI command invisible even though it can
be evaluated if we know about its existence. This comes handy for
commands which are used for debugging or are in pre-release state.
The tailf:hidden YANG extension provides a richer functionality, and is not CLI-specific - the “you can do it if you know it” form of “hidden” obviously only works in a CLI context.