YANG-API ProtocolYumaWorksandy@yumaworks.comTail-f Systemsmbj@tail-f.com
This document describes a RESTful protocol that provides
a programmatic interface over HTTP for accessing data
defined in YANG, using the datastores defined in NETCONF.
There is a need for standard mechanisms to allow WEB applications
to access the configuration data, operational data, and
data-model specific RPC operations within
a networking device, in a modular and extensible manner.
This document describes a RESTful protocol called YANG-API,
running over HTTP , for accessing data defined
in YANG , using datastores defined in NETCONF .
The NETCONF protocol defines configuration datastores and
a set of Create, Retrieve, Update, Delete (CRUD) operations
that can be used to access these datastores. The YANG language
defines the syntax and semantics of datastore content
and operational data. RESTful operations are used to
access the hierarchical data within a datastore.
A RESTful API can be created that provides CRUD operations on a
NETCONF datastore containing YANG-defined data. This can be done in a
simplified manner, compatible with HTTP and RESTful design principles.
Since NETCONF protocol operations are not relevant, the user should
not need any prior knowledge of NETCONF in order to use the RESTful
API.
Configuration data and state data are exposed as resources that
can be retrieved with the GET method.
Resources representing configuration data
can be modified with the DELETE, PATCH, POST, and PUT methods.
Data-model specific RPC operations defined with
the YANG "rpc" statement can be invoked with the POST method.
The framework and meta-model used for a RESTful API does not need to
mirror those used by the NETCONF protocol. It just needs to be compatible
with NETCONF. A simplified framework and protocol is needed
that aligns with the three NETCONF datastores (candidate, running, startup).
A simplified yet more powerful transaction model is needed that
exposes the proper functionality without over-restricting server design.
The RESTful API is not intended to replace NETCONF, but rather provide
an additional simplified interface that follows RESTful principles and
is compatible with a resource-oriented device abstraction. It is
expected that applications that need the full feature set of NETCONF
such as notifications will continue to use NETCONF.
The following figure shows the system components:
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14, .
The following terms are defined in :
candidate configuration datastore
client
configuration data
datastore
configuration datastore
protocol operation
running configuration datastore
server
startup configuration datastore
state data
user
The following terms are defined in :
entity tag
fragment
header line
message body
method
path
query
request URI
response body
The following terms are defined in :
container
data node
key leaf
leaf
leaf-list
list
presence container (or P-container)
RPC operation
non-presence container (or NP-container)
ordered-by system
ordered-by user
The following terms are used within this document:
API resource: a resource with the media type
"application/vnd.yang.api+xml" or ""application/vnd.yang.api+json".
data resource: a resource with the media type
"application/vnd.yang.data+xml" or "application/vnd.yang.data+json".
datastore resource: a resource with the media type
"application/vnd.yang.datastore+xml" or
"application/vnd.yang.datastore+json"
edit operation: a YANG-API operation on a data resource
using the POST, PUT, PATCH, or DELETE method.
operation: the conceptual YANG-API operation for a message, derived from the
method, request URI, headers, and message body.
operation resource: a resource with the media type
"vnd.yang.operation+xml" or "vnd.yang.operation+json"
optional key: a key leaf for a YANG list data node,
which MAY be omitted by the client when an instance of the list
is created.
query parameter: a parameter (and its value if any),
encoded within the query portion of the request URI.
resource: a conceptual object representing a manageable
component within a device.
retrieval request: an operation using the GET or HEAD methods.
target resource: the resource that is associated with
a particular message, identified by the "path" component
of the request URI.
transaction resource: a resource with the media type
"vnd.yang.transaction+xml" or "vnd.yang.transaction+json"
This document defines the YANG-API protocol, a RESTful API for accessing
conceptual datastores
containing data defined with YANG language.
YANG-API provides an application framework and meta-model,
using HTTP operations.
The YANG-API resources are accessed via a set of
URIs defined in this document.
The set of YANG modules supported by the server
will determine the additional data model specific operations
and top-level data node resources available on the server.
Not all YANG-API defined resources are mandatory-to-implement.
The server implementor may choose the specific editing model
and persistence model that is supported. The specific
subset is identified and accessible via 3 capability fields.
Refer to for more details.
The URI hierarchy for the YANG-API resources
consists of an entry point
and up to 6 top-level resources and/or fields.
Refer to for details on each URI.
The examples within this document use the non-normative
example YANG module defined in .
This section shows some typical YANG-API message exchanges.
In these examples, the server capabilities are as follows:
the edit-model is "direct"
the persist-model is "manual"
the transaction-model is "none"
By default, when a resource is retrieved, all of its fields are
returned, but none (if any) of the nested resources are
returned. Also, the default encoding is JSON. Data resources are
encoded according to the encoding rules in .
The client starts by retrieving the top-level
API resource, using the entry point URI "/yang‑api".
The server might respond as follows.
The "module" lines below are split for display
purposes only:
To request that the response content to be encoded in XML,
the "Accept" header can be used, as in this example request:
An alternate approach is provided using the "format" query
parameter, as in this example request:
The server will return the same response either way,
which might be as follows :
Refer to for details on the GET operation.
To create a new "jukebox" resource, the client might send:
If the resource is created, the server might respond:
To create a new "artist" resource within the "jukebox"
resource, the client might send the following request,
Note that the arbitrary integer "index" is not provided,
since it is an optional key:
If the resource is created, the server might respond:
To create a new "album" resource for this artist within the "jukebox"
resource, the client might send the following request,
If the resource is created, the server might respond
as follows. Note that the "Location" header line is wrapped
for display purposes only:
Refer to for details on the POST operation.
Note: replacing a resource is a fairly drastic operation.
The PATCH operation is often more appropriate.
The album sub-resource is re-added here for example
purposes only.
To replace the "artist" resource contents,
the client might send:
If the resource is updated, the server might respond:
Refer to for details on the PUT operation.
To replace just the "year" field in the "album" resource,
the client might send:
If the resource is updated, the server might respond:
Refer to for details on the PATCH operation.
To delete a resource such as the "album" resource,
the client might send:
If the resource is deleted, the server might respond:
Refer to for details on the DELETE operation.
To invoke a global operation, such as the "save‑datastore"
operation resource, the POST operation is used.
A client might send a "save‑datastore" request as follows:
The server might respond:
Refer to for details on using the POST operation
with operation resources.
The YANG-API protocol defines a framework
that can be used to implement a common API for
configuration management. This section describes
the components of the YANG-API framework.
The YANG-API protocol uses HTTP entities for messages.
A single HTTP message corresponds to a single protocol operation in NETCONF.
A message can perform a single task on a single resource,
such as retrieving a resource or editing a resource. It cannot be used
to combine multiple tasks. The client cannot provide
multiple (possibly unrelated) edit operations within a single request,
like the NETCONF <edit‑config> protocol operation.
The YANG-API protocol operates on a hierarchy of resources,
starting with the top-level API resource itself. Each resource represents
a manageable component within the device.
A resource can be considered a collection of conceptual data
and the set of allowed operations on that data. It can contain
child nodes that are either "fields" or other resources.
The child resource types and operations allowed on them
are data-model specific.
A resource has its own media type identifier, represented
by the "Content‑Type" header in the HTTP response message.
A resource can contain zero or more fields and zero or
more resources. A resource can be
created and deleted independently of its
parent resource, as long as the parent resource exist.
A field is a child node defined within a resource.
A field can contain zero or more fields and zero or
more resources. A field cannot be
created and deleted independently of its parent resource.
All YANG-API resources and fields are defined in this document except
datastore contents and RPC operations. These resource types are
defined with YANG data definition statements and the "rpc" statement.
A default mapping is defined to differentiate sub-resources from fields
within data resources.
The YANG-API protocol defines some application specific media types
to identify each of the available resource types. The following table
summarizes the purpose of each resource.
ResourceMedia TypeAPIapplication/vnd.yang.apiDatastoreapplication/vnd.yang.datastoreDataapplication/vnd.yang.dataOperationapplication/vnd.yang.operationTransactionapplication/vnd.yang.transaction
These resources are described in .
A client SHOULD start by retrieving the top-level
API resource, using the entry point URI "/yang‑api".
The YANG-API protocol does not include a
resource discovery mechanism. Instead, the definitions
within the YANG modules advertised by the server
are used to construct a predictable operation or data
resource identifier.
The "depth" query parameter can be used to control how many
descendant levels should be included when retrieving
sub-resources. This parameter can be used with the GET operation
to discover sub-resources within a particular resource.
Refer to for more details on the "depth" parameter.
A conceptual "unified datastore" is used to simplify resource
management for the client. The YANG-API datastore is a
combination of the running configuration and any
non-configuration data supported by the device.
By default only configuration data is returned
by a GET operation on the datastore contents.
The underlying NETCONF datastores can be used
to implement the unified datastore, but the server design
is not limited to the exact datastore procedures defined
in NETCONF.
Instead of a separate candidate configuration datastore
to use as a globally shared scratchpad to collect edits,
an optional transaction mechanism is provided (see ).
Instead of a separate startup configuration datastore, a simplified
persistence model is used (see ).
The YANG-API protocol operates on a conceptual datastore defined with
the YANG data modeling language. The server lists each YANG module it
supports in the "/yang‑api/modules/module" field in the
top-level API resource type, using the YANG module capability
URI format defined in RFC 6020.
The conceptual datastore contents and data-model-specific
operations are identified by the set of
YANG module capability URIs. All YANG-API content identified
as either a data resource or an operation resource
is defined with the YANG language.
The classification of data as configuration or
non-configuration is derived from the YANG "config" statement.
Data retrieval with the GET operation can be filtered
in several ways, including the "config" parameter
to retrieve configuration or non-configuration data.
The classification of data as a resource or field within
a resource is derived from the rules specified in .
Data ordering behavior is derived from the YANG "ordered‑by"
statement. Editing mechanisms are provided to allow
list or leaf-list resources to be inserted or moved
in the same manner as NETCONF, and defined in YANG.
The server is not required to maintain system ordered data
in any particular persistent order. The server SHOULD
maintain the same data ordering for system ordered data
until the next reboot or termination of the server.
The YANG-API datastore editing model is compatible with
the NETCONF protocol but not exactly the same.
If the running configuration datastore is written directly,
then each change takes place right away. This
can have a negative impact on network behavior if
multiple inter-related resources need to be edited at once,
in order to achieve the new desired network state.
To address this problem, an optional transaction mechanism
is defined (similar to the NETCONF :candidate capability)
to allow multiple edits to be collected and validated,
before being applied all-or-nothing to the running
configuration datastore.
Private and shared transactions are supported. If the server uses a
single shared datastore resource, or if multiple clients use the same
private transaction, then it is often useful to know if the data
resources being edited have changed (relative to the resource versions
the client thinks are on the server).
This can be achieved in YANG-API using the edit collision detection
mechanisms described in . If a collision is
detected, then the client can retrieve the resource before proceeding
with the edit.
Sometimes a server does not implement every operation
for every resource. Sometimes data model requirements
cause a node to implement a subset of the edit operations.
For example, a server may not allow modification of a
particular configuration data node after the
parent resource has been created.
The OPTIONS operation can be used to identify which
operations are supported by the server for a particular
resource. For example, if the server will allow a data resource
node to be created then the POST operation will be
returned in the response.
Two "edit collision detection" mechanisms are provided
in YANG-API, for datastore and data resources.
timestamp: the last change time is maintained and the
"Last‑Modified" and "Date" headers are returned in the
response for a retrieval request.
The "If‑Unmodified‑Since" header can be used
in edit operation requests to cause the server
to reject the request if the resource has been modified
since the specified timestamp.
entity tag: a unique opaque string is maintained and
the "ETag" header is returned in the
response for a retrieval request.
The "If‑Match" header can be used
in edit operation requests to cause the server
to reject the request if the resource entity tag
does not match the specified value.
Note that the server is only required to maintain these fields
for a datastore resource, not for individual data resources.
Example:
In this example, the server just supports the
mandatory datastore last-changed timestamp.
The client has previously retrieved the "Last‑Modified"
header and has some value cached to provide in
the following request to replace a list entry
with key value "11":
In this example the datastore resource has changed
since the time specified in the "If‑Unmodified‑Since"
header. The server might respond:
Datastore locking is needed in order to allow a client to
make several changes to the running configuration datastore
contents in sequence, without disturbance from other clients.
The "lock‑datastore" and "unlock‑datastore" operations
MUST be supported by the server.
These correspond to the global locks defined in NETCONF.
Only the running configuration datastore can be locked and unlocked
in this manner. If the datastore is locked, then direct edits
and transaction commits by other clients will fail.
The editing model allows for concurrent transactions to
occur without locking, using the transaction "update" operation.
This is similar to the "discard‑changes" operation,
except that the running configuration datastore is merged
into the current transaction datastore
(instead of replacing the contents). If the "update" cannot be
done, a conflict error report is generated so the client
can manually resolve the differences.
A client can request exclusive write access when a
transaction resource is created. This is comparable to
a global lock on the candidate configuration datastore
if the server "transaction‑model" capability field is set to "shared".
In this case, the creation of the new transaction resource will fail
if another exclusive transaction already exists.
There is no partial datastore locking
(i.e., per-resource or per YANG data node) at this time.
Explicit partial locks are difficult to use and
easy to misuse. Transactions are easier for a client
to use, and allow more server design freedom as well.
A client must be aware of how the server saves configuration
data to non-volatile storage, so the server advertises its
persistence model (either "automatic" or "manual").
If manual persistence of the running configuration datastore is
required, then the "persist" operation MUST be supported
by the server and MUST be used by the client to save
the running configuration datastore contents to non-volatile
storage.
If automatic persistence of the running configuration datastore is
supported by the server, then the non-volatile storage
of configuration changes is handled automatically by the server,
and the "persist" operation MUST NOT be supported by the server.
NETCONF has a rather complex defaults handling model for
leafs. YANG-API attempts to avoid this complexity by
restricting the operations that can be applied to
a resource and fields within that resource.
The GET method returns only nodes that exist, which will
be determined by the server. There is no mechanism for
the client to ask the server for the default values
that would be used for any nodes not present, but some
default value is in use by the server.
If a leaf definition has a default value, and the leaf has not been
given a value yet, the server SHOULD NOT return any value
for the leaf in the response for a GET operation.
The "/yang‑api/transaction" resource will be present if the server
supports transactions. If so, the server MUST support at least one
transaction at a time and MAY support multiple concurrent
transactions, either by one client or multiple clients.
The "/yang‑api/capabilities/transaction‑model" field in the top-level
API resource identifies which type of transactions the server
supports, either "none", "shared", or "private". If shared, then all
clients are sharing the same "/yang‑api/transaction/<id>/datastore"
resource. If "private" then each instance of a
"/yang‑api/transaction/<id>/datastore" resource is independent of each
another.
There are a small number of operations supported for a transaction resource.
commit: attempt to commit the transaction.
discard-changes: replace the contents of the transaction datastore to
the contents of the running configuration datastore.
update: merge the contents of the
running configuration datastore into the transaction datastore.
validate: Run commit validation tests against
the running configuration datastore contents, according to
section 8.3.3 of .
Refer to for more details on these operations.
The YANG-API protocol is designed to be extensible for
datastore content and data-model specific RPC operations.
New RPC operations can be added without changing
the entry point if they are optional and do not alter
any existing operations.
Separate namespaces for each YANG module are used.
Content encoded in XML will indicate the module
using the "namespace" URI value in the YANG module.
Content encoded in JSON will indicate the module
using the module name specified in the YANG module.
JSON encoding rules for module namespaces are specified
in .
The version of a resource instance is identified with an entity tag,
as defined by HTTP.
The version identifiers in this section apply to the
version of the schema definition of a resource.
There are two types of schema versioning information used
in the YANG-API protocol:
the YANG-API protocol version
data and operation resource definition versions
The protocol version is identified by the string used for the
well-known URI entry point "/yang‑api".
This would be changed (e.g., "/yang‑api2")
if non-backward compatible changes are ever needed.
Minor version changes that do not break
backward-compatibility will not cause the entry point to change.
The API "yang‑api/version" field can be used by the client to identify
the exact version of the YANG-API protocol implemented by the server.
This value will include the complete YANG-API protocol version.
The "/yang‑api" entry point will only change (e.g., "/yang‑api2")
if non-backward compatible changes are made to the protocol.
The "/yang‑api/version" field MUST be updated every time
the protocol specification is republished.
The resource definition version for a data or operation
resource is a date string,
which is the revision date of the YANG module that defines the resource.
The resource version for all other resource types is a numeric string,
defined by the "/yang‑api/version" field.
There are four types of filtering for retrieval of data resources
in the YANG-API protocol.
conditional all-or-nothing: use some conditional test
mechanism in the request headers and retrieve either a
complete "200 OK" response if the condition is met,
or a "304 Not Modified" Status-Line if the condition is not met.
data classification: request configuration or non-configuration data.
subset: request a subset of all possible instances of a
list or leaf-list data resource.
filter: request a subset of all possible descendant nodes
within the target resource. The "select" query parameter can be used
for this purpose.
Refer to for details on data retrieval filtering.
The YANG-API protocol provides no granular access control for any
content except for operation and data resources. The NETCONF
Access Control Model (NACM) is defined in .
There is a specific mapping between YANG-API operations
and NETCONF edit operations, defined in .
The resource path also needs to be converted internally
by the server to the corresponding YANG instance-identifier.
Using this information, the server can apply the NACM
access control rules to YANG-API messages.
The server MUST NOT allow any operation to any resources that
the client is not authorized to access.
The YANG-API protocol uses HTTP methods to identify
the CRUD operation requested for a particular resource
or field within a resource. The following table
shows how the YANG-API operations relate to NETCONF
protocol operations:
YANG-APINETCONFOPTIONSnoneHEADnoneGET<get-config>, <get>POST<edit-config> (operation="create")PUT<edit-config> (operation="replace")PATCH<edit-config> (operation="merge")DELETE<edit-config> (operation="delete")
The NETCONF "remove" operation attribute is not supported
by the HTTP DELETE method. The resource must exist or
the DELETE operation will fail.
This section defines the YANG-API protocol usage for
each HTTP method.
The OPTIONS method is sent by the client to
discover which methods are supported by the server
for a specific resource, or field within a resource.
It is supported for all media types.
Note that implementation
of this operation is part of HTTP, and this section does
not introduce any additional requirements.
The request MUST contain a request URI
that contains at least the entry point component.
The server will return a "Status‑Line" header containing "204 No Content".
and include the "Allow" header in the response.
This header will be filled in, based on the target resource media type.
Other headers MAY also be included in the response.
Example 1:
A client might request the methods supported for a data
resource called "library"
The server might respond (for a config=true list):
Example 2:
A client might request the methods supported for a
non-configuration leaf within a data resource:
The server might respond:
Example 3:
A client might request the methods supported for an
operation resource called "play":
The server might respond:
The HEAD operation is sent by the client to
retrieve just the headers that would be returned
for the comparable GET operation, without the response body.
The HTTP HEAD method is used for this operation.
It is supported for all resource types, except operation resources.
The request MUST contain a request URI
that contains at least the entry point component.
The same query parameters supported by the GET operation
are supported by the HEAD operation. For example,
the "select" query parameter can be used to
specify a field within the target resource.
The access control behavior is enforced
as if the method was GET instead of HEAD.
The server MUST respond the same as if the method
was GET instead of HEAD, except that no
response body is included.
Example:
The client might request the response headers for the default
(JSON) representation of the "library" resource:
The server might respond:
The GET operation is sent by the client to
retrieve data and meta-data for a resource or
field within a resource.
The HTTP GET method is used for this operation.
It is supported for all resource types, except operation resources.
The request MUST contain a request URI
that contains at least the entry point component.
The following query parameters are supported
by the GET operation:
NameSectionDescriptionconfigRequest either configuration or non-configuration datadepthControl the depth of a retrieval requestformatRequest either JSON or XML content in the responseselectSpecify a field within the target resource
The server MUST NOT return any data resources or fields within
any data resources for which the user does not have read privileges.
If the user is not authorized to read any portion of
the target resource, an error response containing
a "403 Forbidden" Status-Line is returned to
the client.
If the user is authorized to read some but not all of
the target resource, the unauthorized content is omitted
from the response message body, and the authorized content
is returned to the client.
Example:
The client might request the response headers for a
JSON representation of the "library" resource:
The server might respond:
The POST operation is sent by the client for various
reasons. The HTTP POST method is used for this purpose.
The request MUST contain a request URI
that contains a target resource that
identifies one of the following resource types:
TypeDescriptionDataCreate a configuration data resourceOperationInvoke RPC operationTransactionCreate a new transaction
The following query parameters are supported
by the POST operation:
NameSectionDescriptioninsertSpecify where to insert a resourcepointSpecify the insert point for a resource
If the POST operation succeeds, a "200 OK" Status-Line
is returned if there is no response message body, and
a "204 No Content" Status-Line is returned if there is
a response message body.
If the user is not authorized to invoke the target (operation) resource,
or create the target resource,
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The PUT operation is sent by the client to replace
the target resource.
The HTTP PUT method is used for this purpose.
The request MUST contain a request URI
that contains a target resource that
identifies the data resource to replace.
The following query parameters are supported
by the PUT operation:
NameSectionDescriptioninsertSpecify where to move a resourcepointSpecify the move point for a resource
If the PUT operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to replace the target resource
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The PATCH operation uses the HTTP PATCH method defined
in to provide a "merge" editing mode for
data resources. Instead of replacing all or part of the
target resource, the supplied values are merged into the
target resource.
If the PATCH operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to alter the target resource
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The DELETE operation uses the HTTP DELETE method
to delete the target resource.
If the DELETE operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to delete the target resource then
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
Each YANG-API operation allows zero or more query
parameters to be present in the request URI.
Refer to
for details on the query parameters used
in the definition of each operation.
Query parameters can be given in any order.
Each parameter can appear zero or one time.
A default value may apply if the parameter is missing.
This section defines all the YANG-API query parameters.
The "config" parameter is used to specify whether
configuration or non-configuration data is requested.
This parameter is only supported for the GET and HEAD methods.
It is also only supported if the target resource is a data resource.
Example:
This example request by the client
would retrieve only the non-configuration data nodes
that exist within the second-level "library" resource.
The server might respond:
The "depth" parameter is used to specify the number
of nest levels returned in a response for a GET operation.
A nest-level consists of the target resource and any
child nodes which are optional data nodes (anyxml, leaf, or
leaf-list). A non-presence container
is transparent when determining the nest level.
A child node (which is not a non-presence container)
within a non-presence container is used to determine the nest-level.
The start level is determined by the target resource
for the operation.
Example:
This example operation would retrieve 2 levels of configuration data nodes
that exist within the top-level "jukebox" resource.
The server might respond:
The "format" parameter is used to specify the format
of any content returned in the response. Note that
the "Accept" header MAY be used instead of this
parameter to identify the format desired in the response.
For example:
This example request would retrieve only the configuration data nodes
that exist within the top-level "routing" resource, and retrieve
them in XML encoding instead of JSON encoding.
The "format" parameter is only supported for the GET and HEAD methods.
It is supported for all YANG-API media types.
Example:
This example URI would retrieve only the configuration data nodes
that exist within the top-level "routing" resource, and retrieve
them in XML encoding instead of JSON encoding.
The "insert" parameter is used to specify how a
resource should be inserted (or moved) within
the user-ordered list or leaf-list data resource.
This parameter is only supported for the POST and PUT methods.
It is also only supported if the target resource is
a data resource, and that data represents
a YANG list or leaf-list that is ordered by the user, not the system.
If the values "before" or "after" are used, then a "point"
parameter for the insertion parameter MUST also be present.
Example:
The "point" parameter is used to specify the insertion point
for a data resource that is being created or moved within
a user ordered list or leaf-list. It is ignored unless the "insert"
query parameter is also present, and has the value "before" or "after".
This parameter contains the instance identifier of the
resource, or field within a resource, to be used as the
insertion point for a POST or PUT operation. It is
encoded according to the rules defined in .
There is no default for this parameter.
Example:
In this example, the client is moving an existing "song" resource
within an "album" resource after another song.
The request URI is split for display purposes only.
The "select" query parameter is used to specify an
expression which can represent a subset of all data nodes
within the target resource. It contains a relative
path expression, using the target resource as the context node.
It is supported for all resource types except operation resources.
The contents are encoded according to the "api‑select"
rule defined in . This parameter is only allowed
for GET and HEAD operations.
[FIXME: the syntax of the select string is still TBD;
XPath, schema-identifier, regular expressions, something else]
Refer to for example request messages
using the "select" parameter.
The YANG-API also allows RPC operations to be invoked
using the POST method. The media type
"vnd.yang.operation+xml" or "vnd.yang.operation+json"
MUST be used in the "Content‑Type" field in the message header.
The following datastore specific operations are defined:
OperationDescriptionlock-datastoreLock the /yang-api/datastore resource for writingsave-datastoreSave the /yang-api/datastore resource to NV-storageunlock-datastoreUnlock the /yang-api/datastore resource
Refer to for details on these operations.
The following transaction specific operations are defined:
OperationDescriptioncommitCommit the transaction to the running configdiscard-changesreplace transaction data with current running configupdatemerge current running config into transaction datavalidatevalidate transaction datastore
Refer to for details on these operations.
Data model specific operations are supported.
The syntax and semantics of these operations
exactly correspond to the YANG rpc statement definition
for the operation.
Any input for a RPC operation is encoded in an element
called "input", which corresponds to the <input> element
in a NETCONF message. The child nodes of the "input"
element are encoded according to the data definition statements
in the input section of the rpc statement.
Any output for a RPC operation is encoded in an element
called "output", which corresponds to the <rpc‑reply> element
in a NETCONF message. The child nodes of the "output"
element are encoded according to the data definition statements
in the output section of the rpc statement.
This section describes the messages that are used in the YANG-API
protocol.
Resources are represented with URIs following the structure
for generic URIs in .
A YANG-API operation is derived from the HTTP method
and the request URI, using the following conceptual fields:
method: the HTTP method identifying the YANG-API operation
requested by the client, to act upon the target resource
specified in the request URI. YANG-API operation details are
described in .
entry: the well-known YANG-API entry point ("/yang‑api").
resource: the path expression identifying the resource
that is being accessed by the operation.
If this field is not present, then the target resource
is the API itself, represented by the media type "vnd.yang.api".
query: the set of parameters associated with the YANG-API
message. These have the familiar form of "name=value" pairs.
There is a specific set of parameters defined,
although the server MAY choose to support additional
parameters not defined in this document.
fragment: This field is not used by the YANG-API protocol.
The client SHOULD NOT assume the final structure of
a URI path for a resource. Instead, existing resources can
be discovered with the GET operation. When new resources
are created by the client, a "Location" header
is returned, which identifies the path of the newly created resource.
The client MUST use this exact path identifier to access
the resource once it has been created.
The "target" of an operation is a resource.
The "path" field in the request URI represents
the target resource for the operation.
There are several HTTP header lines utilized in YANG-API messages.
Messages are not limited to the HTTP headers listed in this section.
HTTP defines which header lines are required for particular circumstances.
Refer to each operation definition section in
for examples on how particular headers are used.
There are some request headers that are used within YANG-API,
usually applied to data resources.
The following tables summarize the headers most relevant
in YANG-API message requests:
NameDescriptionAcceptResponse Content-Types that are acceptableContent-TypeThe media type of the request bodyHostThe host address of the serverIf-MatchOnly perform the action if the entity matches ETagIf-Modified-SinceOnly perform the action if modified since timeIf-RangeOnly retrieve range if resource unchangedIf-Unmodified-SinceOnly perform the action if un-modified since timeRangeSpecify a range of data resource entries
The following tables summarize the headers most relevant
in YANG-API message responses:
NameDescriptionAllowValid actions when 405 error returnedContent-TypeThe media type of the response bodyDateThe date and time the message was sentETagAn identifier for a specific version of a resourceLast-ModifiedThe last modified date and time of a resourceLocationThe resource identifier for a newly created resource
YANG-API messages are encoded in HTTP according to RFC 2616.
The "utf‑8" character set is used for all messages.
YANG-API message content is sent in the HTTP message body.
Content is encoded in either JSON or XML format.
XML encoding rules for data nodes are defined in .
The same encoding rules are used for all XML content.
XML attributes are not used and will be ignored if present
in an XML-encoded message.
JSON encoding rules are defined in .
Special encoding rules are needed to handle multiple
module namespaces and provide consistent data type processing.
Request input content encoding format is identified with the Content-Type
header. This field MUST be present if message input is sent
by the client.
Response output content encoding format is identified with the Accept
header, the "format" query parameter, or if
neither is specified, the request input encoding format is used.
If there was no request input, then the default output encoding is JSON.
File extensions encoded in the request are not used to identify
format encoding.
Each message represents some sort of resource access.
An HTTP "Status‑Line" header line is returned for each request.
If a 4xx or 5xx range status code is returned in the Status-Line,
then the error information will be returned in the response,
according to the format defined in .
Since the datastore contents change at unpredictable times,
responses from a YANG-API server generally SHOULD NOT be cached.
The server SHOULD include a "Cache‑Control" header in every response
that specifies whether the response should be cached.
A "Pragma" header specifying "no‑cache" MAY also be sent
in case the "Cache‑Control" header is not supported.
Instead of using HTTP caching, the client SHOULD track the "ETag"
and/or "Last‑Modified" headers returned by the server for the
datastore resource (or data resource if the server supports it).
A retrieval request for a resource can include headers
such as "If‑None‑Match" or "If‑Modified‑Since" which
will cause the server to return a "304 Not Modified" Status-Line
if the resource has not changed.
The client MAY use the HEAD operation to retrieve just
the message headers, which SHOULD include the "ETag"
and "Last‑Modified" headers, if this meta-data is maintained
for the target resource.
The resources used in the YANG-API protocol are identified
by the "path" component in the request URI. Each operation
is performed on a target resource.
The API resource contains the state and access points for
the YANG-API features.
It is the top-level resource and has the media type
"application/vnd.yang.api+xml" or "application/vnd.yang.api+json".
It is accessible through the well-known URI "/yang‑api".
This resource has the following fields:
Field NameDescriptioncapabilitiesServer capabilitiesdatastoreLink to "datastore" resourceoperationsGlobal operationsmodulesYANG modulestransactionLink to "transaction" resource
This mandatory field represents the YANG-API server
capabilities. The child nodes are read-only fields that MUST NOT change
while the server is running, but MAY change after a reboot.
Example:
To retrieve just the YANG-API capabilities, the
client might send the following request:
The server might respond:
The "edit‑model" capability field is used to identify the editing
model used by the server. There are 4 supported models:
none: A server within a constrained device MAY choose
to provide a read-only implementation, in which case
no editing model is supported.
direct: A device MAY allow the running configuration
datastore to only be modified directly, and therefore will not
support transactions.
transaction: A device SHOULD support the transaction mechanism
defined in this document. Datastore edits are collected
in the transaction datastore and applied to the running
configuration datastore with the "commit" operation.
both: A device MAY support both the direct and transaction
editing models, by allowing direct editing operations on the
datastore and supporting the transaction mechanism.
The server SHOULD support 1 of the 2 datastore editing models,
and MAY support both datastore editing models.
If both are supported, then the client can decide
which editing model it prefers.
This field is encoded with the rules for a "bits" data type,
using the following leaf definition:
There is no default. The server MUST set zero, one, or both
of these bits in the "edit‑model" capability field.
The "persist‑model" capability field is used to identify the persistence
model used by the server. There are two supported models:
automatic: The server will automatically save the running configuration
datastore contents to non-volatile storage.
manual: The client must manually save the running configuration
datastore contents to non-volatile storage.
This field is encoded with the rules for an "enumeration" data type,
using the following leaf definition:
There is no default. The server MUST set one enumeration
value in the "persist‑model" capability field.
The "transaction‑model" capability field is used to identify the
transaction model used by the server. There are 3 supported models:
none: The server does not support transactions.
shared: All clients are sharing the same
conceptual transaction datastore (similar to NETCONF :candidate
capability).
private: Each transaction datastore resource
is independent of one another.
This field is encoded with the rules for an "enumeration" data type,
using the following leaf definition:
There is no default. The server MUST set one enumeration
value in the "transaction‑model" capability field.
This mandatory resource represents the running configuration
datastore and any non-configuration data available.
It may be retrieved and edited directly or indirectly (via transactions).
It cannot be created or deleted by the client.
This resource type is defined in .
This optional field provides access to the global datastore
and data-model specific RPC operations supported by the server.
The datastore operation resources will be available depending
on the server capabilities.
If the server does not support any global operations,
then this field SHOULD NOT not be present.
There are 3 global operations defined by YANG-API.
lock-datastore
save-datastore
unlock-datastore
Any data-model specific global operations derived from
YANG modules supported by the server will also be
available through child node resources within the "operations" field.
The YANG-API defined global operations are described in this section.
The "lock‑datastore" operation resource is used to lock
the datastore resource represented by the URI "/yang‑api/datastore".
It behaves exactly the same as the NETCONF <lock> operation
on the running configuration datastore.
If the operation succeeds, a "204 No Content" value in the
"Status‑Line" is sent in the response. If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
The "lock‑datastore" operation does not take any parameters.
The YANG "rpc" statement definition for this operation
is defined in .
Example:
The client might request a lock on the running configuration
datastore as follows:
If the operation succeeds the server might respond:
If the operation fails the server might respond:
The "save‑datastore" operation resource is used to save
the datastore resource represented by the URI "/yang‑api/datastore"
to non-volatile storage.
It behaves exactly the same as the NETCONF <copy‑config> operation
when used to copy the running configuration datastore
to the startup configuration datastore.
If the operation succeeds, a "204 No Content" value in the
"Status‑Line" is sent in the response.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
The "save‑datastore" operation does not take any parameters.
The YANG "rpc" statement definition for this operation
is defined in .
Example:
The client might request that the running configuration
datastore be saved in non-volatile storage as follows:
If the operation succeeds the server might respond:
If the operation fails the server might respond:
The "unlock‑datastore" operation resource is used to unlock
the datastore resource represented by the URI "/yang‑api/datastore".
It behaves exactly the same as the NETCONF <unlock> operation
on the running configuration datastore.
If the operation succeeds, a "204 No Content" value in the
"Status‑Line" is sent in the response.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
The "unlock‑datastore" operation does not take any parameters.
The YANG "rpc" statement definition for this operation
is defined in .
Example:
The client might release a lock on the running configuration
datastore as follows:
If the operation succeeds the server might respond:
If the operation fails the server might respond:
This mandatory field contains the identifiers
for the YANG data model modules supported by the server.
There MUST be exactly one instance of this field.
The server MUST maintain a last-modified timestamp for this
field, and return the "Last‑Modified" header when this
field is retrieved with the GET or HEAD methods.
This mandatory field contains one URI string
for each YANG data model module supported by the server.
There MUST be an instance of this field for every
YANG module that is accessible via an operation resource
or a data resource.
The server MAY maintain a last-modified timestamp for
each instance of this resource, and return the
"Last‑Modified" header when this resource is retrieved
with the GET or HEAD methods. If not supported
then the timestamp for the parent "modules" field
MUST NOT be used instead.
The contents of this field are encoded with the "uri"
derived type from the "ietf‑iana‑types" modules
in .
There are additional encoding requirements for this field.
The URI MUST follow the YANG module capability URI formatting
defined in section 5.6.4 of .
In this example the client is retrieving the modules field
from the server in the default JSON format:
The server might respond as follows.
Note that the content below is split across multiple
lines for display purposes only:
This optional resource will be supported if the
server implements transactions, identified by the
"/yang‑api/capabilities/edit‑model" field
in the API resource.
It is used to allow one or more individual edits to
be applied (all-or-nothing) to the running configuration datastore,
and to facilitate concurrent editing transactions
with a mechanism to update the transaction datastore
contents with the latest running configuration datastore
contents.
This resource is defined in .
This mandatory field identifies the specific version
of the YANG-API protocol implemented by the server.
The same server-wide response MUST be returned
each time this field is retrieved. It is assigned
by the server when the server is started.
The server MUST return the value "1.0" for this
version of the YANG-API protocol.
This field is encoded with the rules for an "enumeration" data type,
using the following leaf definition:
A datastore resource represents the conceptual root
of a tree of data resources.
The server MUST maintain a last-modified timestamp for this
resource, and return the "Last‑Modified" header when this
resource is retrieved with the GET or HEAD methods.
Only changes to configuration data resources within
the datastore affect this timestamp.
The server SHOULD maintain a resource entity tag for this
resource, and return the "ETag" header when this
resource is retrieved with the GET or HEAD methods.
The resource entity tag SHOULD be changed to a new
previously unused value if changes to any configuration
data resources within the datastore are made.
A datastore resource can be retrieved with the GET operation,
to retrieve either configuration data resources or non-configuration
data resources within the datastore. The "config" query
parameter is used to choose between them.
Refer to for more details.
The depth of the subtrees returned in retrieval operations
can be controlled with the "depth" query parameter.
The number of nest levels, starting at the target resource,
can be specified, or an unlimited number can be returned.
Refer to for more details.
A datastore resource cannot be written directly with
any edit operation. Only the configuration data resources
within the datastore resource can be edited.
A data resource represents a YANG data node that is a descendant
node of a datastore resource.
For configuration data resources,
the server MAY maintain a last-modified timestamp for the
resource, and return the "Last‑Modified" header when it
is retrieved with the GET or HEAD methods.
For configuration data resources,
the server MAY maintain a resource entity tag for the
resource, and return the "ETag" header when it
is retrieved as the target resource with the GET or HEAD methods.
The resource entity tag SHOULD be changed to a new
previously unused value if changes to the resource
or any configuration field within the resource is altered.
A data resource can be retrieved with the GET operation,
to retrieve either configuration data resources or non-configuration
data resources within the target resource. The "config" query
parameter is used to choose between them.
Refer to for more details.
The depth of the subtrees returned in retrieval operations
can be controlled with the "depth" query parameter.
The number of nest levels, starting at the target resource,
can be specified, or an unlimited number can be returned.
Refer to for more details.
A configuration data resource can be altered by the client
with some of all of the edit operations, depending on the
target resource and the specific operation. Refer to
for more details on edit operations.
In YANG, data nodes are named with an absolute
XPath expression, from the document root to the target resource.
In YANG-API, URL friendly path expressions are used instead.
The YANG "instance‑identifier" (i-i) data type is represented
in YANG-API with the path expression format defined
in this section.
NameCommentspointInsertion point is always a full i-ipathRequest URI path is a full or partial i-i
The "path" component of the request URI contains the
absolute path expression that identifies the
target resource. The "select" query parameter is
used to optionally identify the requested data nodes
within the target resource to be retrieved in a GET operation.
A predictable location for a data resource
is important, since applications will code to the YANG
data model module, which uses static naming and defines an
absolute path location for all data nodes.
A YANG-API data resource identifier is not an XPath expression.
It is encoded from left to right, starting with the top-level
data node, according to the "api‑path" rule in .
The node name of each ancestor of the target resource node
is encoded in order, ending with the node name for the
target resource.
If the "select" is present, it is encoded,
starting with a child node of the target resource,
according to the "api‑select" rule defined in .
If a data node in the path expression is a YANG list node,
then the key values for the list (if any) are encoded
according to the "key‑value" rule. If the list node
is the target resource, then the key values MAY be omitted,
according to the operation. For example, the POST
operation to create a new data resource for a list node
does not allow the key values to be present in the request URI.
The key leaf values for a data resource representing a YANG list
MUST be encoded as follows:
The value of each leaf identified in the "key" statement
is encoded in order.
All the components in the "key" statement MUST be encoded.
Partial instance identifiers are not supported.
Each value is encoded using the "key‑value" rule in ,
according to the encoding rules for the data type of the key leaf.
An empty string can be a valid key value
(e.g., "/top/list/key1//key3").
The "/" character MUST be URL-encoded (i.e., "%2F").
All whitespace MUST be URL-encoded.
A "null" value is not allowed since the "empty" data type is
not allowed for key leafs.
The XML encoding is defined in .
The JSON encoding is defined in .
The entire "key‑value" MUST be properly URL-encoded,
according to the rules defined in .
Examples:
The following ABNF syntax is used to construct YANG-API
path identifiers:
The data resources used in YANG-API are
defined with YANG data definition statements.
Not every data node defined in a YANG module
should be treated as a resource. The YANG-API needs to know
which YANG data nodes are resources, and which are fields
within a resource.
For data resources, YANG-API uses a simple algorithm for defining
resource boundaries, within the conceptual sub-trees
described by YANG data definition statements.
All top-level data nodes are considered to
be resources. For nodes within a top-level resource:
a presence container starts a new resource
a list starts a new resource
an optional terminal node (anyxml, leaf, or leaf-list) starts a new resource
a data node of type "anyxml" cannot have any sub-resources
A non-configuration data node cannot be a separate resource
from its parent. Only top-level data nodes are considered
to be resources (which only support retrieval methods).
It is sometimes useful to have the server assign
the key(s) for a new resource. The "Location"
header will indicate the key value(s) that the server
selected, so the client does not need to provide all the key leaf
values.
It is useful to identify in the YANG data model module
which key leafs are optional to provide, and which are not.
The YANG extension statement "optional‑key" is provided
to indicate that the leaf definition represents
an optional key.
The client MAY provide a value for a key leaf
in a POST operation. Refer to for details
on the "optional‑key" extension. Refer to
for usage examples of this YANG extension statement.
There are four types of filtering for retrieval of data resources.
This section defines each mode.
The HTTP headers (such as "If‑Modified‑Since" and "If‑Match")
can by used in for a request message for a GET operation
to check a condition within the server state, such as the
last time the datastore resource was modified, or the resource entity tag
of the target resource.
If the condition is met according to the header
definition, a "200 OK" Status-Line and the data requested is
returned in the response message.
If the condition is not met, a "304 Not Modified"
Status-Line is returned in response message instead.
The "config" query parameter
can be used with the GET operation to specify whether
configuration or non-configuration data is requested.
Refer to for more details on the "config"
query parameter.
The "Range" header is used to request a specific
subset of the instances of a list or leaf-list
data resource that are returned by the
server for a retrieval operation. Normally, if the target resource
in a request message does not specify an instance,
then all instances are returned.
The YANG-API protocol uses the token "entries" instead
of "bytes" as the range units.
The entries are numbered
starting from "0". A list or leaf-list can change order
between requests so the client needs to be aware of
the data model semantics, and whether the list contents
are stable enough to use the subset retrieval mechanism.
If the requested range cannot be returned
because the range specification includes index
values for entries that do not exist,
then an error occurs, and the server MUST return
a "416 Requested range not satisfiable" Status-Line.
If the range request can be satisfied, then a "200 OK"
Status-Line is returned, and the response MUST include
a "Content‑Range" header indicating which entries are
returned. The response message body contains the
data for the requested range of entries.
Example:
In this example, the client is requesting 5 "artist"
resource entries, starting with the 10th entry:
The "select" query parameter is used to specify a filter
that should be applied to the target resource to
request a subset of all possible descendant nodes
within the target resource.
The format of the "select" parameter string is defined
in . The set of nodes selected by the
filter expression is applied to each context node
identified by the target resource.
An operation resource represents an RPC operation
defined with the YANG "rpc" statement.
All operation resources share the same module namespace
as any top-level data resources, so the name of an operation
resource cannot conflict with the name of a top-level
data resource defined within the same module.
If 2 different YANG modules define the same "rpc" identifier,
then the module name MUST be used in the request URI.
For example, if "module‑A" and "module‑B" both defined
a "reset" operation, then invoking the operation from "module‑A"
would be requested as follows:
Any usage of an operation resource from the same module,
with the same name, refers to the same "rpc" statement
definition. This behavior can be used to design RPC operations
that perform the same general function on different
resource types.
If the "rpc" statement has an "input" section, then a message body
MAY be sent by the client in the request, otherwise the request
message MUST NOT include a message body.
If the "rpc" statement has an "output" section, then a message body
MAY be sent by the server in the response. Otherwise the
server MUST NOT include a message body in the response message,
and MUST send a "204 No Content" Status-Line instead.
If the "rpc" statement has an "input" section, then
the "input" node is provided in the message body,
corresponding to the YANG data definition statements
within the "input" section.
Example:
The following YANG definition is used for the examples in this
section.
The client might send the following POST request message:
The server might respond:
If the "rpc" statement has an "output" section, then
the "output" node is provided in the message body,
corresponding to the YANG data definition statements
within the "output" section.
Example:
The following YANG definition is used for the examples in this
section.
The client might send the following POST request message:
The server might respond:
The operation resources used in YANG-API are
defined with YANG "rpc" statements.
All "rpc" statements within a YANG module that are
supported by the server are available as operation resources.
The "transaction" resource type is used to
construct a set of one or more edit operations
on data resources within a "scratchpad" datastore
resource. The transaction can be committed
when the client decides the data resource edits are complete.
The transaction can also be reverted and updated,
as described later in this section.
This resource type will only be supported if the
"edit‑model" capabilities field in the API resource
includes the value "transaction".
If transactions are supported, then the server
will allow the client to create, use, and delete
transaction resources.
The POST operation is used to create a new transaction resource.
The DELETE operation is used to cleanup and delete an
existing transaction resource. The PUT and PATCH operations
are not supported for this resource type.
The media type for the transaction resource type is
either "application/vnd.yang.transaction+xml"
or "application/vnd.yang.transaction+json".
The procedures for editing the transaction datastore contents
are the same as those for editing the running configuration
datastore except the changes do not take effect right away
and the datastore integrity validation tests are not
done until the transaction is committed to running
configuration datastore.
The following steps are typically followed to use transaction
resources:
create a transaction resource using the URI "/yang‑api/transaction".
the server will allocate a new transaction and return its resource ID.
add/alter/delete data resources within the scratchpad datastore
commit the transaction to the running configuration datastore.
delete the transaction resource
In order to reduce the complexity of query parameters and
allow easier extensibility of transaction resource creation,
the configuration parameters for the transaction are
sent in the request message for the POST operation.
The only parameter at this time is the "exclusive‑mode" parameter,
which is used by the client to request that no other transactions
or direct edits are allowed to alter the running configuration datastore
while the exclusive mode transaction resource exists.
An exclusive mode transaction if the server transaction-model
is "shared" is conceptually equivalent in NETCONF to
global locks on both the "candidate" and "running" datastores.
The following YANG leaf definition is used for the "exclusive‑mode"
parameter, for encoding purposes:
When a transaction resource is created by the client,
the server will generate an opaque string to
identify the transaction. This transaction ID will be
used by the server in the resource ID for the new transaction.
If the server uses a shared transaction model, then the
transaction ID MAY be the same for multiple transaction resources.
Otherwise the server SHOULD use a unique identifier for each
transaction resource.
The server does not ensure exclusive access to a particular
transaction. The access control mechanisms for sharing
transactions is out of scope for this document.
After a transaction has been successfully created,
it can be accessed via the "Location" header returned
in the response message.
Example:
The following message shows an exclusive transaction
resource request. The client might send:
The server might reply:
When a transaction resource is created,
the server will create a child datastore resource,
which is a conceptual scratchpad for collecting
edits to later be applied all at once to the running
configuration datastore. The initial contents
of this datastore are the contents of the running
configuration datastore at the time the transaction
is created.
After a transaction has been successfully created,
it can be accessed by using the previously retrieved
"Location" header value in the request URI of
new request messages.
This datastore resource is a child node
of the resource ID node, identified by a URI.
For example, the "path" component of a request URI
for a datastore resource (for transaction ID "12345") would be:
The client can add, edit, or delete the data resources
within the transaction datastore. Refer to
for details on editing data resources.
Example:
The following message shows the creation of a new
"artist" resource within the "jukebox" resource.
The request URI is split across lines for display purposes only.
The client might send:
The server might reply as follows.
The "Location" header is split across lines for display purposes only.
Once a client is finished with a transaction resource,
it SHOULD be deleted by the client.
A transaction resource is not deleted when a commit
is completed. The DELETE operation is used to
terminate the transaction, and discard the transaction database
and all its data resource contents.
Example:
The following message shows the deletion of an
existing transaction resource.
The client might send:
The server might reply as follows.
There are a small number of operation resources available
for transaction resources. These are protocol operations
beyond the basic CRUD operations allowed for the
data resources within the transaction datastore.
The "commit" operation is used to apply the contents of
the transaction datastore to the running configuration datastore.
If this operation succeeds then a "204 No Content" Status-Line
is sent in the response message.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
Example:
The following message exchange shows a commit operation.
The client might send:
The server might reply as follows:
The "discard‑changes" operation is used to replace the contents of
the transaction datastore with the contents
of the running configuration datastore.
If this operation succeeds then a "204 No Content" Status-Line
is sent in the response message.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
Example:
The following message exchange shows a discard-changes operation.
The client might send:
The server might reply as follows.
The "update" operation is used to merge the contents of
the running configuration datastore into the transaction datastore.
If any editing conflicts are detected that cannot
be resolved by the server, then the update operation MUST fail,
and the transaction datastore contents MUST remain unchanged
after the operation is completed.
If this operation succeeds then a "204 No Content" Status-Line
is sent in the response message.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
Example:
The following message exchange shows an update operation.
The client might send:
The server might reply as follows.
The "validate" operation is used to validate the contents of
the transaction datastore. The server will verify
that the transaction datastore can be committed
to the running configuration datastore.
If any editing conflicts are detected which cannot
be resolved by the server, then the update operation MUST fail.
If this operation succeeds then a "204 No Content" Status-Line
is sent in the response message.
If the operation fails, the
appropriate error code is set according to the rules
in , and the error report
is sent in the response, according to the format defined in .
Example:
The following message exchange shows a validate operation.
The client might send:
The server might reply as follows.
HTTP Status-Lines are used to report success or failure
for YANG-API operations.
The <rpc‑error> element returned in NETCONF error responses
contains some useful information. This error information
is adapted for use in YANG-API, and error information
is returned for "4xx" class of status codes.
The following table summarizes the return status codes
used specifically by YANG-API operations:
Status-LineDescription100 ContinuePOST accepted, 201 should follow200 OKSuccess with response body201 CreatedPOST to create a resource success202 AcceptedPOST to create a resource accepted204 No ContentSuccess without response body304 Not ModifiedConditional operation not done400 Bad RequestInvalid request message403 ForbiddenAccess to resource denied404 Not FoundResource target or resource node not found405 Method Not AllowedMethod not allowed for target resource409 ConflictResource or lock in use413 Request Entity Too Largetoo-big error414 Request-URI Too Largetoo-big error415 Unsupported Media Typenon YANG-API media type416 Requested range not satisfiableIf-Range error500 Internal Server Erroroperation-failed501 Not Implementedunknown-operation503 Service UnavailableRecoverable server error
Since an operation resource is defined with a YANG "rpc"
statement, a mapping between the NETCONF <error‑tag> value
and the HTTP status code is needed. The specific error
condition and response code to use are data-model specific
and might be contained in the YANG "description" statement
for the "rpc" statement.
<error‑tag>status codein-use409invalid-value400too-big413missing-attribute400bad-attribute400unknown-attribute400bad-element400unknown-element400unknown-namespace400access-denied403lock-denied409resource-denied409rollback-failed500data-exists409data-missing409operation-not-supported501operation-failed500partial-operation500malformed-message400
When an error occurs for a request message on a data resource
or an operation resource, and a "4xx" class of status codes
(except for status code "403"),
then the server SHOULD send a response body containing
the information described by the following YANG data definition
statement:
Example:
The following example shows an error returned for
an "lock‑denied" error on a datastore resource.
The server might respond:
TBD
RFC Ed.: update the date below with the date of RFC publication and
remove this note.
<CODE BEGINS> file "ietf-yang-api@2012-05-27.yang"<CODE ENDS>
TBD
TBD
Resource creation order and other dependencies between resources
are not well identified in YANG.
YANG has leafrefs and instance-identifiers, which can be used
to identify some order dependencies.
Are any new mechanisms needed in YANG-API needed to identify
resource creation order and other dependency requirements?
There is no "message‑id" field in a YANG-API message.
Is a message identifier needed? If so, should either the "Message‑ID"
or "Content‑ID" header from RFC 2392 be used for this purpose?
The non-configuration data resources are combined with the
configuration data resources within the YANG-API datastore.
The "config" query parameter is used to pick 1 or the
other for GET operations. Is this the best way to deal with
YANG config-stmt? Should YANG-API follow the same data
classifications as YANG (i.e. config=true|false),
or create something new? Note that transactions are config=true
only, like the candidate datastore in NETCONF.
Should confirmed commit be added? If so, how?
Should NETCONF "confirmed‑commit" procedure be used exactly
for the transaction commit operation, or should a new
procedure be defined?
Should datastore operations be added
for "backup" and "restore" functionality?
Should sessions be used or not?
Should "reusable sessions" be used? Better for auditing?
How does locking of the /yang-api/datastore resource
work for multiple edits if a session is 1 operation?
When does the server release the lock and decide it has
been abandoned or client was disconnected?
What syntax should be used for the "select" query parameter?
Should the "/yang‑api/modules" field within the API resource
be a separate resource, with its own timestamp? Currently the
API timestamp is coupled to any changes to the list of loaded
modules. Should the API resource be static and cacheable?
How should resource discovery be done?
What to do about no REMOVE operation, just DELETE?
The effect is local to the request; in a NETCONF
edit-config it is worse, since the netconf request might
create/delete/modify many nodes
Should every YANG data node be a data resource and every YANG RPC
statement an operation resource? Is a YANG extension needed to
allow data modeler control of resource boundaries?
Encoding of leafrefs? Is there some additional meta-data needed?
Do leafref nodes need to be identified in responses (RFC 5988) or
is the YANG module definition sufficient to provide this meta-data?
What should the default algorithm be for defining data resources?
Should the default for an augment from another namespace be to
start a new resource? Top-level data node defaults as a resource OK?
Is the token "entries" legal in the YANG-API usage of Range?
What units should be used? "bytes" is the only token defined by HTTP.
How should private transaction conflicts be handled?
Currently up to the server to decide how to
handle conflicts. What happens if there are transactions A and B. A commits.
Next, B commits w/o updating. Will A's changes be lost? Maybe.
Detecting conflicts may require a very resource-intensive implementation on the
server - may force the server to create a copy of the entire datastore
for each transaction. Want to allow a transaction to be just a diff-set
towards the datastore, so transactions are cheap.
Does the shared transaction work like the candidate wrt to locks?
I.e. will an exclusive transaction start fail if there are
uncommitted changes?
Need to specify the update/commit procedure in more detail
so that there is some server flexibility and client can tell
what the server will do? E.g., what causes a conflict?
When is update required before commit?
Are all header lines used by YANG-API supported by common application
frameworks, such as FastCGI and WSGI? If not, then should
query parameters be used instead, since the QUERY_STRING is
widely available to WEB applications?
Should the <errors> element returned in error responses
be a separate media type?
Locks tied to sessions, but if don't have sessions,
then how do locks work?
Should locks be modeled as resources as operations.
I.e., remove lock-datastore and unlock-datastore operations.
and transactions will be required (exclusive mode) to
write more than one operation at a time with exclusive access.
Should the writable-running (direct mode) be removed
and just have transaction resources, which will
hide writes to running config?
Should POST to create a new transaction for a shared
candidate be needed? Could get the same transaction ID back
each ime? Predictable resource needed instead?
Do changes to the shared transaction show up in all copies
when the change is made?
How can private transactions be shared securely?
Are any new access control mechanisms needed?
Key words for use in RFCs to Indicate Requirement LevelsHarvard UniversityIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.Hypertext Transfer Protocol -- HTTP/1.1Department of Information and Computer ScienceUniversity of California, IrvineIrvineCA92697-3425+1(949)824-1715fielding@ics.uci.eduWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682jg@w3.orgCompaq Computer CorporationWestern Research Laboratory250 University AvenuePalo AltoCA94305mogul@wrl.dec.comWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682frystyk@w3.orgXerox CorporationMIT Laboratory for Computer Science, NE43-3563333 Coyote Hill RoadPalo AltoCA94034masinter@parc.xerox.comMicrosoft Corporation1 Microsoft WayRedmondWA98052paulle@microsoft.comWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682timbl@w3.org
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. It is a generic, stateless, protocol which can be used for
many tasks beyond its use for hypertext, such as name servers and
distributed object management systems, through extension of its
request methods, error codes and headers . A feature of HTTP is
the typing and negotiation of data representation, allowing systems
to be built independently of the data being transferred.
HTTP has been in use by the World-Wide Web global information
initiative since 1990. This specification defines the protocol
referred to as "HTTP/1.1", and is an update to RFC 2068 .
Uniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumMassachusetts Institute of Technology77 Massachusetts AvenueCambridgeMA02139USA+1-617-253-5702+1-617-258-5999timbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Software5251 California Ave., Suite 110IrvineCA92617USA+1-949-679-2960+1-949-679-2972fielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems Incorporated345 Park AveSan JoseCA95110USA+1-408-536-3024LMM@acm.orghttp://larry.masinter.net/
Applications
uniform resource identifierURIURLURNWWWresource
A Uniform Resource Identifier (URI) is a compact sequence of characters
that identifies an abstract or physical resource. This specification
defines the generic URI syntax and a process for resolving URI references
that might be in relative form, along with guidelines and security
considerations for the use of URIs on the Internet.
The URI syntax defines a grammar that is a superset of all valid URIs,
allowing an implementation to parse the common components of a URI
reference without knowing the scheme-specific requirements of every
possible identifier. This specification does not define a generative
grammar for URIs; that task is performed by the individual
specifications of each URI scheme.
PATCH Method for HTTPSeveral applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource. [STANDARDS-TRACK]Network Configuration Protocol (NETCONF)YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS TRACK]Common YANG Data TypesNetwork Configuration Protocol (NETCONF) Access Control ModelThe standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF protocol access for particular users to a pre-configured subset of all available NETCONF protocol operations and content. This document defines such an access control model. [STANDARDS-TRACK]Modeling JSON Text with YANGCZ.NIC