Which yang statement to use?

Kamal_M · February 16, 2019, 7:23am

Hi Team,

In my module I have a leaf named encryption which can take values des, 3des & aes.
But aes has provision to take 3 values aes128, aes192 & aes256.

I have formed leaf as below.

             leaf encryption{
                tailf:info "Set encryption algorithm for protection suite";
                type enumeration{
                   enum des{
                    tailf:info "DES - Data Encryption Standard (56 bit keys).";
                    value 0;
                   }
                   enum aes{
                    tailf:info "AES - Advanced Encryption Standard.";
                    value 1;
                   }
                   enum 3des{
                    tailf:info "Three key triple DES";
                    value 2;
                   }
                }
            }

Here when I try to configure aes it should again ask for 128, 192 & 256.
How do I proceed ?

Thanks in advance,
Kamal

josephm · February 18, 2019, 9:40am

Hello,

it depends on how rest of your model looks like.

You could use e.g. “when” statement for additional leaf that is active only for AES case, something like:

leaf encryption {
  // all your original content
}

leaf aes-type {
  when "../encryption = aes";
  type enumeration{
    enum aes-128;
    enum aes-192;
    enum aes-256;
  }
}

Kamal_M · February 18, 2019, 12:02pm

@josephm,

I have modified it to:

 52                     leaf encryption{
 53                         tailf:info "Set encryption algorithm for protection suite";
 54                         type enumeration{
 55                            enum des{
 56                             tailf:info "DES - Data Encryption Standard (56 bit keys).";
 57                             value 0;
 58                            }
 59                            enum aes{
 60                             tailf:info "AES - Advanced Encryption Standard.";
 61                            }
 62                            enum 3des{
 63                             tailf:info "Three key triple DES";
 64                             value 2;
 65                            }
 66                         }
 67                     }
 68                     leaf aes-type {
 69                         when "../encryption = 'aes'";
 70                         type enumeration{
 71                                 enum aes-128{
 72                                         value 0;
 73                                 }
 74                                 enum aes-192{
 75                                         value 1;
 76                                 }
 77                                 enum aes-256{
 78                                         value 2;
 79                                 }
 80                         }
 81                     }

But sorry to say that, it is not working, when I give encryption and ? then result is as shown below.

osboxes(config)# crypto isakmp policy 1 encryption ?
Description: Set encryption algorithm for protection suite
Possible completions:
  3des     Three key triple DES
  aes128   AES - Advanced Encryption Standard.
  des      DES - Data Encryption Standard (56 bit keys).

Let me know where is the mistake.

josephm · February 18, 2019, 12:53pm

code completion hint - ? - for “encryption” leaf only hints it’s values of course;
aes-type in above example is standalone separate leaf, that can be configured only when you set “encryption” to ‘aes’ - according to definition of when statement;

dev(config)# encryption ?
Possible completions:
  3des  aes  des
dev(config)# encryption aes
dev(config)# aes-type ?
Possible completions:
  aes-128  aes-192  aes-256

It really depends on what you want to model - specific data types for leaf/leaves, structure of yang, specific CLI behavior only, etc.

Other way to model, with emphasis on CLI - can be using e.g. “choice” statement:

  // --- if you don't have it in YANG already - to support custom annotation below...
  import tailf-common {
    prefix tailf;
  }   

  container encryption {
    choice enc-type {          // ---- one of the cases below can be selected at a time
      leaf aes {
        type enumeration {   // --- enum value - one of aes types
          enum aes-128;
          enum aes-192;
          enum aes-256;
        }
      }
      leaf enc {
        tailf:cli-drop-node-name;   // --- so CLI does not show extra "enc" leaf name in completion hints
        type enumeration {    // --- and other remaining values from enumeration like before
          enum des;
          enum 3des;
        }
      }
    }
  }

Now behavior is:

miklos-dev(config)# encryption ?
Possible completions:
  3des  aes  des
miklos-dev(config)# encryption aes ?
Possible completions:
  aes-128  aes-192  aes-256
miklos-dev(config)#

Please note however, that putting an emphasis on CLI behavior can make YANG model itself more complex and less clean. CDB state can now have more distinct leaves, and your back-end code (if any) might need more complex logic to work with paths to specific leaves in choice…

mnovak · February 19, 2019, 9:00am

What if you try when "../encryption = \"aes\""; ?