ConfD User Community

Maapi_start_trans_in_trans used in validation callpoint


I would like to check if it is valid operation to use maapi_start_trans_in_trans in validation callpoint. The idea is to update a field during the time of validation in the transaction. For example encrypt data.

It seems not specified in document, even though we found it works quite well. However, we have concern it will be blocked by confd in coming release.

Here is the description

The changes in this transaction can be validated by calling maapi_validate_trans() with a non-zero value for forcevalidation, but calling maapi_apply_trans() will not do any validation - in either case, the resulting configuration will be validated when the backend transaction is committed to the running data store. Note though that unlike the case with a transaction directly towards a data store, no transaction lock is taken on the underlying data store when doing validation of this type of transaction - thus it is possible for the contents of the data store to change (due to commit of another transaction) during the validation.


I am convinced ConfD should not allow a read-write trans-in-trans in the validation callback and it is a bug that it is allowed. Validation callbacks are supposed to be run after all configuration changes have been done, and this effectively allows you to bypass validation. I am not sure how much it is likely that such call is detected and refused in future releases of ConfD, but you should not (mis)use that.

I should have added that stuff like data encryption can and should be done elsewhere: a set- or transaction-hook, possibly a custom type callback.


Thanks, it sounds reasonable since it sounds anti-pattern to change data in validation phrase. I would like to understand more about this function maapi_validate_trans(). It sounds like this should only be used in sethook. which is the only point user can inject callback before validation. Should this be documented more specifically.

You can use it also in transaction hooks, transforms, action/command callbacks, or your management applications such as the simple one in the misc/maapi_cli example.


I tried those approaches, but it seems not work well with Data Provider. It seems Confd doesn’t allow both transaction hooks/transforms together with data provider. Because data provider is implemented by another process, I can’t change. I would like to change data before request reaches callbacks for data provider. Is there better way doing it?

There is no reason why transforms or set hook would not work in the presence of an external database. A set-hook can even be registered on data that is handled by the data provider, but you still better should avoid modifying the leaf for which you register the hook.

Custom types are completely independent on the underlying database, but they are also somewhat limited in what you can do in their callbacks - in particular, there is no access to the configuration.

You are right. The problem as I can se now is that we would like to modify the leaf for which I register the hook. It went into infinity loop and hang there.