Validating anydata in YANG Library context

Introduction YANG defines the "anydata" statement to represent an unknown set of YANG nodes for which the data model is not known at module design time. However, YANG left the verification of the "anydata" tree open to be done using external means. Several IETF models, e.g., , , , , and , use "anydata" in their definitions. Current YANG implementations accept syntactically valid YANG data nodes as children of an "anydata" node but do not check the data type of these data nodes against a YANG schema. This creates a real problem for any consumer of these models when validating all leaves of the YANG data tree. For instance, a YANG-Push receiver described in is not able to fully validate the messages streamed by network nodes. YANG Schema Mount allows mounting complete data models at implementation and run time. While powerful, schema mount cannot address use cases where the user selects an arbitrary subset of an instantiated data tree, such as YANG-Push. A current proposed approach, YANG Full Include YANG Full Include, complements YANG Schema Mount and applies at design time, yet cannot address dynamic filtering of an instantiated YANG data tree. This document propeses using the YANG Library to define the context in which anydata trees are validated. This would require the YANG tooling to implement an optional flag that enables a flag for validating "anydata" subtrees in the context of a YANG Library.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Terminology This document uses the terminology defined in YANG for schema node and schema tree but refines data node and data tree to be more precise.

data node: A node in the schema tree that can be instantiated in a data tree. One of container, leaf, leaf-list, list, anydata, and anyxml. This document does not change how YANG handles anyxml data nodes.
instantiated data node: an instantiated instance of a data node that contains before fully qualified name (module namespace + identifier) for the data node and the data modeled within YANG.
instantiated data tree: is what YANG defines as "data tree". Adding the term "instantiated" precisely indicates that this tree is an instance of specific data modeled with YANG.
data tree: a tree of data nodes (with no values).

Validating "anydata" Data Tree The current YANG encodings, XML, JSON, and CBOR, encode instantiated data nodes with fully qualified name using the module's namespace and a local name. The module's namespace can be either explicit or assumed from a default namespace defined in the top data tree. This document introduces a new YANG validation option: anydata-subtree-validation. In this mode, a YANG data parser MUST accept a YANG Library as input along the YANG data file. When this option is enabled, any instantiated data node (NodeB) that is a child of anydata node (NodeA) is accepted to be valid only if (i) the qualified name of the node NodeB is found in one of the data trees defined by the YANG library AND (ii) the instantiated data tree rooted by NodeB is valid incomplete instantiated data tree according to the data node of NodeB. The first condition ensures the completeness of the YANG Library, and no subtree can be included as a child of anydata node unless a schema is defined for all the children of anydata subtree and specified in the YANG Library. The second condition applies a regular YANG validation against the subtree of anydata, considering that the subtree of anydata could be generated using an XPath or a subtree filter . Thus, the validator MUST consider this subtree incomplete and ignore any missing leaves.

IANA Considerations This memo includes no request to IANA.

Security Considerations TBD

References Normative References Informative References

Acknowledgements The authors would like to thank Jean Quilbeuf, Thomas Graf, Benoit Claise, and Alex Huang Feng for their review and valuable comments.