Removing commands from confd_cli


I want to remove some commands from confd_cli i.e. I don’t want them to be available for any user.
I’ve examined the manual and also seen this discussion:

but I still need to clear some things up.

Let’s use these two confd_cli commands as examples: ‘source’ and ‘telnet’.
‘source’ does not have an entry in clispec confd.cli so I guess this makes it a built-in command.
Hence by adding a

      <delete src="source"/>

inside operationalMode >> modifications, recompiling the confd.cli and restarting confd we get what we want.

I am not sure if I am handling commands similar to ‘telnet’ correctly.
For this command I have removed its whole entry from within the confd.cli clispec file.
By recompiling and restarting again I get what I want but the manual states:

Note that commands that are auto-rendered from the data model cannot be removed using this modification.
To remove an auto-rendered command use the ‘tailf:hidden’ element in the data

I am assuming that ‘telnet’ (and any other command that has an entry in confd.cli) does not fall under this category since this ‘tailf:hidden’ element sounds to me like it only hides but not disables?

I guess what I am looking for is a confirmation that:

if command is present in confd.cli
then delete its entry
else use the <delete /> element


Note that the data model means YANG data model. If something you put in the YANG data model is hidden from the CLI using tailf:hidden, it can’t be executed from the CLI.

Also note that “confd_cli” is just a program that comes with ConfD that allow you to access the ConfD CLI over the IPC port. Normally a manager access the CLI over SSH.

Hi cohult,

thank you for clarifications.

Let’s see if I have understood better now:

if command is present in confd.cli
    delete its entry
else if command is a built in command
    use the <delete /> element
    go to relevant yang and use tailf:hidden

am i getting closer now?


There are of course more ways to remove/hide something that is in a YANG model, but basically yes.

For sure I am oversimplifying here but at least I have understood better the case of builtin/confd.cli commands.
For YANG many more options but for telnet/source/etc at least now I know how to proceed.

Many thanks for the help cohult!