ConfD User Community

Prevent rpc from being auto-rendered in CLI


#1

Hello,

I have a RPC in my YANG model that is intended for JSON/RPC & Netconf. I don’t want this RPC to be auto-rendered in CLI under ‘request’ command. Is there any way I can do that?

Using tailf:hidden dont-show-in-cli disables JSON/RPC as well… that is not what I want. I don’t want the option in CLI alone.

Thanks
Raman


#2

Hello,

the easiest option is to do it at “compile” time - see confdc (ConfD-compiler binary) manual pages, section:

 --export Agent ...

If you need to control it during the runtime, i guess you will need to create some AAA rules that limit accessibility to specific “context” in the /nacm configuration section…

(edit, my suggestion above of course applies only assuming the YANG has no other contents that you do NOT want to hide…)


#3

Hi Josephm,

Compile time option would not work for me. I tried creating AAA rule but that takes effect only if i nuke the config data base (viz. *.cdb). Is there any way to force AAA rule to take effect without nuking the .cdb files?

Thanks
Raman


#4

You only have the set the NACM rule in for example the CLI, log out and log in through SSH or the confd_cli program with the group name provided. Quick example using an “echo” RPC added to the 1-2-3 example:

$ pwd
/Users/tailf/confd/examples.confd/intro/1-2-3-start-query-model
$ make all start
$ confd_cli -u oper -g oper -J
oper connected from 127.0.0.1 using console
> request <TAB>
Possible completions:
  echo    - my dummy RPC
  job     - Job operations
  message - Send message to terminal of one or all users
  system  - System operations
> config  
Entering configuration mode private
% set <TAB>
Possible completions:
  aaa   - AAA management
  dhcp  - 
  user  - User specific command aliases and default CLI session parameters
  webui - Web UI specific configuration
% exit
[ok]
> exit

$ confd_cli -u admin -J
admin connected from 127.0.0.1 using console
> request <TAB>
Possible completions:
  aaa     - AAA management
  echo    - my dummy RPC
  job     - Job operations
  message - Send message to terminal of one or all users
  system  - System operations
> config  
Entering configuration mode private
% set nacm rule-list any-group rule noecho rpc-name echo action deny context cli
% move nacm rule-list any-group rule noecho first
% commit
Commit complete.
% exit
> exit
$ confd_cli -u oper -g oper -J
oper connected from 127.0.0.1 using console
> request <TAB>
Possible completions:
  job     - Job operations
  message - Send message to terminal of one or all users
  system  - System operations