cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

83
Views
0
Helpful
0
Replies
ian.scheidler1
Enthusiast

Using XPath in service template

I would like to use an XPath substring function in an XML template for a NSO service.

My "source" and "destination" fields have a network/IP entered in the following format x.x.x.x/y (y=0-32). For the actual ACL entry later on in my template I need the IP without the "/y" part (and the "/y" part needs to be translated into a wildcard mask, which I plan on doing in the Java Code). I want to cut off the "/y" part in the template directly, using an XPath substring function. Not sure how to go about this.

Here is the example with my code:

Consider the following YANG model (only relevant parts included here):

leaf source {

               tailf:info "Source network or host(s) in x.x.x.x/y (y=0-32) format";

               mandatory true;

               type tailf:ipv4-address-and-prefix-length; //tailf provides appropriate type for /prefix notation

      }

     

      leaf destination {

               tailf:info "Destination network or host(s) in x.x.x.x/y (y=0-32) format";

               mandatory true;

               type tailf:ipv4-address-and-prefix-length;//tailf provides appropriate type for /prefix notation

        }

     

      leaf service_protocol {

               tailf:info "Protocol to be allowed/blocked; e.g.: TCP, UDP, IP (for any IP protocol)";

               mandatory true;

           type enumeration { //since no appropriate type is provided by ietf or tailf we define an enum of our own

                    enum ip;

                    enum tcp;

                    enum udp;

                    enum icmp;

                    enum igmp;

                  }

             }

     

      leaf service_port {

             tailf:info "Port of Service to be blocked/allowed";

             mandatory true;

             type inet:port-number; //for port number ietf provides appropriate type

        }

And  here is my idea for the XML template:

<config-template xmlns="http://tail-f.com/ns/config/1.0" xmlns:fn="http://www.w3.org/2005/xpath-functions">

  <devices xmlns="http://tail-f.com/ns/ncs">

       <device>

  <name>{/device}</name>

  <config>

       <ip xmlns="urn:ios">

            <access-list>

                 <extended>

                      <ext-named-acl>

                                <name>vlan10-out</name>

                           <ext-access-list-rule>

                                <rule>permit {service_protocol} fn:substring-before("{source}","/") {source_wc_mask} fn:substring-before("{destination}","/") {dest_wc_mask}

                                eq {service_port}

                                </rule>

                           </ext-access-list-rule>

                      </ext-named-acl>

                 </extended>

            </access-list>

       </ip>

       <interface xmlns="urn:ios">

            <Vlan>

                 <name>10</name>

                      <ip>

                           <access-group>

                                <direction>out</direction>

                                <access-list>vlan10-out</access-list>

                           </access-group>

                      </ip>

            </Vlan>

       </interface>

  </config>

  </device>

  </devices>

</config-template>

The relevant parts in the XML which I am unsure about are:

1. The namespace part at the top (xmlns:fn="http://www.w3.org/2005/xpath-functions"). Is it possible to just declare another namespace used like this?

2. The content of the <rule></rule> tags? Will this be replaced correctly? Do I maybe need { } around the entire fn:substring expression? Will the nested variables {source} and {destination} still be replaced correctly?

Any help is appreciated. Thanks.

0 REPLIES 0
Create
Recognize Your Peers
Content for Community-Ad