52 leaf encryption{
53 tailf:info "Set encryption algorithm for protection suite";
54 type enumeration{
55 enum des{
56 tailf:info "DES - Data Encryption Standard (56 bit keys).";
57 value 0;
58 }
59 enum aes{
60 tailf:info "AES - Advanced Encryption Standard.";
61 }
62 enum 3des{
63 tailf:info "Three key triple DES";
64 value 2;
65 }
66 }
67 }
68 leaf aes-type {
69 when "../encryption = 'aes'";
70 type enumeration{
71 enum aes-128{
72 value 0;
73 }
74 enum aes-192{
75 value 1;
76 }
77 enum aes-256{
78 value 2;
79 }
80 }
81 }
But sorry to say that, it is not working, when I give encryption and ? then result is as shown below.
osboxes(config)# crypto isakmp policy 1 encryption ?
Description: Set encryption algorithm for protection suite
Possible completions:
3des Three key triple DES
aes128 AES - Advanced Encryption Standard.
des DES - Data Encryption Standard (56 bit keys).
code completion hint - ? - for “encryption” leaf only hints it’s values of course;
aes-type in above example is standalone separate leaf, that can be configured only when you set “encryption” to ‘aes’ - according to definition of when statement;
dev(config)# encryption ?
Possible completions:
3des aes des
dev(config)# encryption aes
dev(config)# aes-type ?
Possible completions:
aes-128 aes-192 aes-256
It really depends on what you want to model - specific data types for leaf/leaves, structure of yang, specific CLI behavior only, etc.
Other way to model, with emphasis on CLI - can be using e.g. “choice” statement:
// --- if you don't have it in YANG already - to support custom annotation below...
import tailf-common {
prefix tailf;
}
container encryption {
choice enc-type { // ---- one of the cases below can be selected at a time
leaf aes {
type enumeration { // --- enum value - one of aes types
enum aes-128;
enum aes-192;
enum aes-256;
}
}
leaf enc {
tailf:cli-drop-node-name; // --- so CLI does not show extra "enc" leaf name in completion hints
type enumeration { // --- and other remaining values from enumeration like before
enum des;
enum 3des;
}
}
}
}
Now behavior is:
miklos-dev(config)# encryption ?
Possible completions:
3des aes des
miklos-dev(config)# encryption aes ?
Possible completions:
aes-128 aes-192 aes-256
miklos-dev(config)#
Please note however, that putting an emphasis on CLI behavior can make YANG model itself more complex and less clean. CDB state can now have more distinct leaves, and your back-end code (if any) might need more complex logic to work with paths to specific leaves in choice…