I would like to know that whether confd supports for module element level restrictions.I mean that i have 10 applications trying to access the same module which contains 10 leaf, one of my instant(application) wants to access only 5,6,7and 8 leaf and another application have access permission for 1,2 and 3 leaf like that.I need to implement instant basis access level restriction,Is it possible with confd? how to achieve this ?if you have any example please share that will help me to understand more.
Which ConfD API will your applications use, e.g. CDB, DP, MAAPI, NETCONF?
Will they read only or write too?
Will they access configuration and/or operational data?
Small change in my previous post sorry for the confusion .I'm looking for key based filtering for application.For example take the arpe example
container arpentries {
config false;
list arpe {
key “ip ifname”;
max-elements 1024;
leaf ip {
type inet:ip-address;
}
leaf ifname {
type string;
}
leaf hwaddr {
type string;
mandatory true;
}
leaf permanent {
type boolean;
mandatory true;
}
leaf published {
type boolean;
mandatory true;
}
I have two applications trying to get the value based on key .first application only get the rows matches with key “192.34.56.23,eth1” and second will get rows matches with key “198.32.45.67,eth2”.how i can achieve this?
$ arp -a
apps-net0-13.test.com (172.16.171.13) at dd:aa:aa:aa:aa:bb [ether] PERM on eth1
apps-net0-9.test.com (172.16.171.10) at aa:aa:aa:aa:aa:aa [ether] PERM on eth1
apps-net0-1.test.com (172.16.171.2) at 00:50:56:f7:9d:e2 [ether] on eth1
apps-net15-14.test.com (172.16.171.254) at 00:50:56:fc:2e:c5 [ether] on eth0
apps-net0-11.test.com (172.16.171.11) at aa:aa:aa:aa:aa:bb [ether] PERM on eth2
apps-net0-12.test.com (172.16.171.12) at cc:aa:aa:aa:aa:bb [ether] PERM on eth2
apps-net0-1.test.com (172.16.171.2) at 00:50:56:f7:9d:e2 [ether] on eth0
Let’s look at a MAAPI example how we can get part of the list using the ip key, the ifname key, or both keys. We use the confd_load tool that comes with ConfD to run our MAAPI commands:
One more clarification regarding the previous post i want to achieve the same results through DP API instead of using confd_load tool.For that what i need to do ? i mean any changes required on the callbacks?
The source code for the confd_load and confd_cmd tools come with the ConfD release in $CONFD_DIR/src/confd/tools
From the confd_lib_maapi man pages:
int maapi_get_elem(int sock, int thandle, confd_value_t *v, const char *fmt, …);
This reads a value from the path in fmt and writes the result into the result parameter confd_value_t.
If you for example call maapi_get_elem(), here we use the maapi_cmd tool, and set the path to “/arpentries/arpe{172.16.171.2 eth0}/hwaddr” :
Since your operational data in the 5-c_stats example is not located in the CDB operational datastore, i.e. it is fetched through a callback from the arpstat.c example application (see tailf:callpoint the YANG module), you cannot use the CDB/DP API to get the data which is not in CDB. You need to use MAAPI to trigger the application callback/callpoint.
For an example where the data is stored in the CDB operational datastore, see $CONFD_DIR/examples.confd/cdb_oper/ifstatus.
Here you can use the CDB/DP API to get the operational data from the CDB operational datastore. E.g.
$ pwd
/home/tailf/tailf/confd-6.0/examples.confd/cdb_oper/ifstatus
$ make start
...
$ confd_cmd -d -d -o -c 'get "/interfaces/interface{lo}/status/receive/bytes"'
get "/interfaces/interface{lo}/status/receive/bytes"
TRACE Connected (maapi) to ConfD
TRACE MAAPI_LOAD_ALL_NS
TRACE MAAPI_LOAD_HASH_DB
TRACE Connected (cdb) to ConfD
TRACE CDB_NEW_SESSION --> CONFD_OK
TRACE Established new CDB session to ConfD
TRACE CDB_GET /interfaces/interface{lo}/status/receive/bytes --> CONFD_OK
103958329