I have one yang model, which is use to change run time parameter of my application.how i can make some parameter read only because some parameter when get change it impact on my code.I want user cannot change that parameter on run time.
notification bind-lne-name-failed {
description
"Indicates an error in the association of an interface to an
LNE. Only generated after success is initially returned when
bind-lne-name is set.";
leaf name {
type leafref {
path "/if:interfaces/if:interface/if:name";
}
mandatory true;
description
"Contains the interface name associated with the
failure.";
}
leaf bind-lne-name {
type leafref {
path "/if:interfaces/if:interface/lne:bind-lne-name";
}
mandatory true;
description
"Contains the bind-lne-name associated with the
failure.";
}
leaf error-info {
type string;
description
"Optionally, indicates the source of the assignment
failure.";
}
}
You've provided a YANG notification, which defines the structure of messages being sent from a YANG-capable server (for example, a NETCONF server) to a YANG-capable client (a NETCONF client) that has subscribed to it.
So notifications doesn't describe configuration data, but something the server sends to the client on its own.
I assume you have another yang model that does contain the data you want, which might overlap with the notification data.
Generically, you make leafs non-configurable by using the config keyword, which can have true or false values.
Here's an example on how that would look like in the error-info leaf:
leaf error-info {
type string;
config false;
description
"Optionally, indicates the source of the assignment
failure.";
}
By default, every data nodes are config true, meaning that they are writable, so that can be ommitted. For defining read-only data, you use config false.
You can find documentation on this keyword on the YANG RFC at https://www.rfc-editor.org/rfc/rfc6020#section-7.19.1
Related
I imported my existing azurerm_linux_virtual_machine in terraform state file and notice that now terraform plan is removing the identity block. Then I added the identity block in my terraform code with attributes plan was removing
identity {
identity_ids = []
principal_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type = "SystemAssigned"
}
and now its complaining
Error: Value for unconfigurable attribute
Can't configure a value for "identity.principal_id": its value will be decided automatically based on the result of applying this configuration.
Error: Value for unconfigurable attribute
Can't configure a value for "identity.tenant_id": its value will be decided automatically based on the result of applying this configuration.
Can someone please help? I also tried with different type like "UserAssigned" but that is not helping either.
The meaning of these messages is that those two attributes of the identity object type are chosen by the provider rather than being chosen by you in the configuration. Providers typically declare attributes in this way if they are something that the remote API decides in its response, rather than something the client decides in the request.
If your goal is to make the configuration match the object you imported into the state then you need only to set the attributes that are considered by the provider to be arguments chosen in the configuration, which in this case seems to be just identity_ids and type and so you could write the following:
identity {
identity_ids = []
type = "SystemAssigned"
}
As part of the producing the plan, Terraform will try to merge the arguments you specified in the configuration with the attributes already in the state and so should therefore be able to produce an identity object that matches the one already in the Terraform state, and thus avoid proposing to make a change.
I know that subscription in Appsync works with mutation, which means whenever mutation gets invoked, subscription is also invoked which sends the message to all the subscribers.
What I want is that if there is any way, I can basically sends a message to the user directly from lambda using Appsync or any other way in real time? That is, I don't want user to refresh the page.
The use case can be, say, I have a standalone lambda which runs every hour and wants to notify users every hour about something. It is not part of any mutation or query.
You can attach a None DataSource to a mutation and send the information required for the subscription to be triggered within the mutation arguments.
for example let's assume you have the following schema
type Book {
bookId: Int
}
input BookInput {
bookId: Int
}
type mutation {
triggerBookUpdate(input: BookInput!): Book
}
type subscription {
onBookUpdate(bookId: Int!): Book
#aws_subscribe(mutations: ["triggerBookUpdate"])
}
then you attach the None DataSource to the resolver for the TriggerBookUpdate field and provide the following Request Mapping Template
#**
Resolvers with None data sources can locally publish events that fire
subscriptions or otherwise transform data without hitting a backend data source.
The value of 'payload' is forwarded to $ctx.result in the response mapping template.
*#
{
"version": "2017-02-28",
"payload": $utils.toJson($context.arguments.input)
}
and the Response Mapping Template
$util.toJson($ctx.result)
for more information check this Documentation
Can i sent POST(not PUT or PATCH) command if the config statement is false? How?
module system {
namespace "system:uri";
prefix "sys";
leaf id {
config false;
type string;
}
}
It's possible to define the leaf as a read-only in netconf or YANG? (after POST)
Config false nodes are not configurable. The server implementation sets their values. You cannot directly change the value of your id leaf. You can however instruct the server to do this indirectly, if you define a custom operation with such semantics.
rpc change-id {
input {
leaf new-id {
description "Sets the value of system:id.";
type string;
}
}
}
Obviously, the leaf would need to be really special to warrant something like this. You would then invoke the operation via POST:
POST /restconf/operations/system:change-id HTTP/1.1
Host: example.com
Content-Type: application/yang-data+json
{"system:input":{"new-id": "foo"}}
You will of course need to define proper semantics of your operation yourself.
P.S.: seeing that you asked a somewhat similar question here, perhaps what you really need is access control.
I am using IBM Watson Conversation service and slots within a dialog node. In the response I want to return the value of a context variable that is gathered with a slot. However, I cannot be sure that the variable exists because the user could have cancelled the input process and because the variable is optional. How can I check the existence and act depending on that check?
Using this
<? $myVariable ?>
gives an error when the variable is not present.
The Conversation service uses Spring Expression Language (SpEL) to process variables and conditions in its responses. There is a special check that can be applied. I have taken the example from this useful collection of use cases:
"<? context.myVariable? 'Great. I have the following: '+context.myVariable+'.' :
'No information present' ?>"
You can access context variables via context followed by the variable name. The question mark (?) checks for existence. The first response is taken in the case the variable is present, else the second response. The colon (:) separates the two answer options.
In the above example is the answer is either "Great. I have the following: VALUE" or "No information present".
if you have a REST API that is hypermedia-driven (HATEOAS) you can easily change a client's behavior by including or omitting links in the response (_links). That enables a client to completely forget about testing permissions for the operations that are possible in the current state of a resource (the link to the operation is present or not).
Additionally you can leave out properties in the response if the current user doesn't have permission to see it.
That way authorization is done entirely on the server (and controls actions and properties that are eligible to execute/view).
But what if I want to a have a read-only property? It is no problem for the REST API to ignore the property if it is present in the request (_POST_ OR _PUT_). it just won't get saved. But how can a client distinguish between write and read-only properties to present the user appropriate controls (like a disabled input field in HTML)?
The goal is to never ever have the client request a user's permissions, but to have a completely resource driven client/frontend.
Any help is greatly appreciated :-)
If I misunderstood your question, I apologize upfront. With that being said...
But how can a client distinguish between write and read-only
properties to present the user appropriate controls (like a disabled
input field in HTML)
Well, there are multiple solutions to this. The simplest one I can personally think of is to make each property an object having a simple structure of something like:
...
someProperty: {
value: 'some value',
access: 'read-only'
},
someOtherProperty: {
value: 'some value',
access: 'write'
}
...
You can obviously get as creative as you want with how you represent the "access" level of the property (using enums, booleans, changing access to be isReadOnly or whatever).
After that, the person using the API now knows they are read-only or not. If they submit a "write" value for a "read-only" property as part of the POST payload, then they should expect nothing less than a 403 response.
Edit:
In case you can't alter the properties in this manner, there are a number of other ways you can still achieve this:
write documentation that explains what access each property has
create a route that the user can submit 1 or more properties to in order to receive a response that indicates the access level of each property (response: { propName: 'read-only', propName2: 'write', etc.)
Return a propertyAccess map as part of the response (mapping properties to access levels).
end of the day, you just need a way to map a property with an access level. however that's done depends on what your restrictions and requirements are for the api, what changes you can make, and what is acceptable to both your client(s) and the business requirements.