But there is no notification sent by ConfD. There is a error in log:
<ERR> 6-Aug-2020::10:18:43.997 confd[17]: devel-c Failed to send notification for stream DATA-CHANGE: /push-change-update/change/target: {34,
[{<<"new4">>},
1728446403,
[252269338|1377102414]]}: The XPath /ecomplete:container-x/ecomplete:conflicting-leaf-list[.="new4"] doesn't belong to the restricted subset.
What is the root cause of this error? Thank you very much.
What is this tagpath?
Can you share the YANG module snippet for the notification?
I am wondering if you have some restriction in the notification model, or the model expects a different format?
Is the tagpath the XPath printed in the error log: /ecomplete:container-x/ecomplete:conflicting-leaf-list[.=“new4”]?
YANG module:
notification push-change-update {
description "Generated when the server detects that the
<running> datastore or state data has changed.
The notification summarizes the changes.
Sent on the TEST-DATA-CHANGE stream,
but not on the NETCONF stream.";
/* As there might not be any data specific access control on
* push-change-update notifications, a subscriber may receive information
* about all data in the ME. This may include security sensitive data.
* push-change-update notifications will only be sent to
* subscribers for whom an explicit permit rule is defined. */
nacm:default-deny-all;
leaf sequence-number {
type uint64 ;
}
uses ncn:changed-by-parms;
list change {
description "A change entry SHALL be present for each distinct
configuration or state change that the server has detected.";
leaf target {
type instance-identifier;
mandatory true;
description "Top-most data node within
the datastore associated with the change.";
}
leaf operation {
type enumeration {
enum create {
value 0;
}
enum delete {
value 1;
}
enum insert {
value 2;
}
enum "merge" {
value 3;
}
enum move {
value 4;
}
/* replace not used as containers/list entries are instead
* deleted and re-created while for other data nodes the
* merge operation is used.
*
* remove not used as in this context it means the same
* as delete */
}
mandatory true;
description "Type of edit operation / change detected.";
}
leaf point {
when "(../operation = 'insert' or ../operation = 'move')"
+ "and (../where = 'before' or ../where = 'after')" {
description
"This leaf only applies for 'insert' or 'move'
operations, before or after an existing entry.";
}
type instance-identifier;
description
"The path for the data node that is being
used as the insertion point or move point for the
target of this 'change' entry.";
}
anyxml value {
when "../operation = 'create' "
+ "or ../operation = 'merge' "
+ "or ../operation = 'insert'";
}
}
}
Update on this issue:
We found a solution to send notification for this case:
change the 4th argument flags in function maapi_diff_iterate from 0 to ITER_WANT_LEAF_LIST_AS_LEAF which is deprecated.
I see. I think you need to remove ITER_WANT_LEAF_LIST_AS_LEAF and fix the issue of processing this leaf as a leaf-list (C_LIST type).
Your code that sends the notification needs to populate this field the right way.
notification push-change-update {
...
list change {
description "A change entry SHALL be present for each distinct
configuration or state change that the server has detected.";
leaf target {
type instance-identifier;
mandatory true;
description "Top-most data node within
the datastore associated with the change.";
}
...
}
Error Logs
<ERR> 6-Aug-2020::10:18:43.997 confd[17]: devel-c Failed to send notification for stream DATA-CHANGE: /push-change-update/change/target: {34,
[{<<"new4">>},
1728446403,
[252269338|1377102414]]}: The XPath /ecomplete:container-x/ecomplete:conflicting-leaf-list[.="new4"] doesn't belong to the restricted subset.
why confd reports the above error?
As you can see that /ecomplete:container-x/ecomplete:conflicting-leaf-list[.=“new4”] is a valid instance-identifier. Refer to rfc7950 (https://tools.ietf.org/html/rfc7950#section-9.13.4). why confd reports the error?
ITER_WANT_LEAF_LIST_AS_LEAF
if maapi_diff_iterate doesn’t use ITER_WANT_LEAF_LIST_AS_LEAF parameter, confd will generate the diff by go through every leaf of the leaf-list, and the xpath of the diff will be /ecomplete:container-x/ecomplete:conflicting-leaf-list[.=“new4”]. Am i right?
Build notification message
confd_hkeypath_t *thekp;
int res = maapi_xpath2kpath(_maapiSocket, kp.c_str(), &thekp);
CONFD_SET_TAG_OBJECTREF(&_valueArray[_i],_change_target->tag, thekp); _i++;
I think we are talking about two issues. I thought the issue was only around the “leaf-list as leaf”.
Regarding the maapi_diff_iterate, I think you can test and find out what ConfD diffs over, easily. That should answer your question. The diff will be similar to lists.
Regarding the notification, I think something is wrong here. You are right that the XPath expression is a valid value for an instance-identifier type, based on the YANG RFC.
But since the behavior of the leaf-list implementation is changed, I don’t know if this is why the path is restricted.
For sure, if you omit ‘[.=“new4”]’, it should work.
I think ConfD, in this case, looks at the XPath and thinks “leaf-list = leaf”, then the extra predicate shouldn’t be present. This explains the error message you get. One thing you can try is to remove the backward compatibility settings and try.
But I highly doubt it would work, so this may be a bug in ConfD. I will double check internally.
Thanks for your answer!
We are trying to send out notifications when configuration changes, which includes the leaf-list changes. The bug in confd blocks our tasks.
please let us know if some new version confd can fix the bug.
