* Fixed [identityref validation fails when using typedef #87](#87)

clicon · Jun 20, 2019 · c90aa83 · c90aa83
1 parent 97529a2
commit c90aa83
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -251,6 +251,7 @@
 
 ### Corrected Bugs
 
+* Fixed [identityref validation fails when using typedef #87](https://github.com/clicon/clixon/issues/87)
 * Fixed a problem with some netconf error messages caused restconf daemon to exit due to no XML encoding
 * Check cligen tab mode, dont start if CLICON_CLI_TAB_MODE is undefined
 * Startup transactions did not mark added tree with XML_FLAG_ADD as it should.

diff --git a/lib/src/clixon_xml_map.c b/lib/src/clixon_xml_map.c
@@ -1206,19 +1206,20 @@ xml_yang_validate_all(clicon_handle h,
 	    /* Special case if leaf is leafref, then first check against
 	       current xml tree
  	    */
-	    if ((yc = yang_find(ys, Y_TYPE, NULL)) != NULL){
-		if (strcmp(yc->ys_argument, "leafref") == 0){
-		    if ((ret = validate_leafref(xt, yc, xret)) < 0)
-			goto done;
-		    if (ret == 0)
-			goto fail;
-		}
-		else if (strcmp(yc->ys_argument, "identityref") == 0){
-		    if ((ret = validate_identityref(xt, ys, yc, xret)) < 0)
-			goto done;
-		    if (ret == 0)
-			goto fail;
+	    /* Get base type yc */
+	    if (yang_type_get(ys, NULL, &yc, NULL, NULL, NULL, NULL, NULL) < 0)
+		goto done;
+	    if (strcmp(yang_argument_get(yc), "leafref") == 0){
+		if ((ret = validate_leafref(xt, yc, xret)) < 0)
+		    goto done;
+		if (ret == 0)
+		    goto fail;
 		}
+	    else if (strcmp(yang_argument_get(yc), "identityref") == 0){
+		if ((ret = validate_identityref(xt, ys, yc, xret)) < 0)
+		    goto done;
+		if (ret == 0)
+		    goto fail;
 	    }
 	    break;
 	default:

diff --git a/lib/src/clixon_yang_type.c b/lib/src/clixon_yang_type.c
@@ -1416,13 +1416,14 @@ yang_type_resolve(yang_stmt   *yorig,
  *
  * @code
  *   yang_stmt    *yrestype;
+ *   char         *origtype = NULL;
  *   int           options;
  *   cvec         *cvv = NULL;
  *   cvec         *patterns = cvec_new(0);
  *   cvec         *regexps = cvec_new(0);
  *   uint8_t       fraction;
  *
- *   if (yang_type_get(ys, &type, &yrestype, &options, &cvv, 
+ *   if (yang_type_get(ys, &origtype, &yrestype, &options, &cvv, 
  *                     patterns, regexps, &fraction) < 0)
  *      goto err;
  *   if (yrestype == NULL) # unresolved

diff --git a/test/test_identity.sh b/test/test_identity.sh
@@ -106,7 +106,31 @@ cat <<EOF > $fyang
        container aes-parameters {
          when "../crypto = 'mc:aes'";
        }
-     }
+       identity acl-base;
+       typedef acl-type {
+          description "problem detected in ietf-access-control-list.yang";
+          type identityref {
+             base acl-base;
+          }
+       }
+       identity ipv4-acl-type {
+          base mc:acl-base;
+       }
+       identity ipv6-acl-type {
+          base mc:acl-base;
+       }
+       container acls { 
+          list acl {
+             key name;
+             leaf name {
+                type string;
+             }
+             leaf type {
+	        type acl-type;
+             }
+          } 
+       }
+   }
 EOF
 
 new "test params: -f $cfg"
@@ -120,7 +144,7 @@ if [ $BE -ne 0 ]; then
     start_backend -s init -f $cfg
 
     new "waiting"
-    sleep $RCWAIT
+    wait_backend
 fi
 
 new "Set crypto to aes"
@@ -186,6 +210,34 @@ expectfn "$clixon_cli -1 -f $cfg -l o set crypto des:des3" 0 "^$"
 new "cli validate"
 expectfn "$clixon_cli -1 -f $cfg -l o validate" 0 "^$"
 
+new "Netconf set acl-type"
+expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></target><config><acls xmlns="urn:example:my-crypto"><acl><name>x</name><type>mc:ipv4-acl-type</type></acl></acls></config></edit-config></rpc>]]>]]>' '^<rpc-reply><ok/></rpc-reply>]]>]]>$'
+
+new "netconf validate "
+expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><validate><source><candidate/></source></validate></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
+
+new "Netconf set undefined acl-type"
+expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></target><config><acls xmlns="urn:example:my-crypto"><acl><name>x</name><type>undefined</type></acl></acls></config></edit-config></rpc>]]>]]>' '^<rpc-reply><ok/></rpc-reply>]]>]]>$'
+
+new "netconf validate fail"
+expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><validate><source><candidate/></source></validate></rpc>]]>]]>" '^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-severity>error</error-severity><error-message>Identityref validation failed, Identityref validation failed,  not derived from acl-base</error-message></rpc-error></rpc-reply>]]>]]>$'
+
+new "netconf discard-changes"
+expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><discard-changes/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
+
+new "CLI set acl-type"
+expectfn "$clixon_cli -1 -f $cfg -l o set acls acl x type mc:ipv4-acl-type" 0 "^$"
+
+new "cli validate"
+expectfn "$clixon_cli -1 -f $cfg -l o validate" 0 "^$"
+
+new "CLI set wrong acl-type"
+expectfn "$clixon_cli -1 -f $cfg -l o set acls acl x type undefined" 0 "^$"
+
+new "cli validate"
+expectfn "$clixon_cli -1 -f $cfg -l o validate" 255 "Identityref validation failed"
+
+
 if [ $BE -eq 0 ]; then
     exit # BE
 fi