Validating anydata in YANG Library context

Introduction defines the "anydata" statement to represent an unknown set of YANG nodes for which the data model is not known at module design time. However, left the verification of the "anydata" tree open to become known through protocol signaling or other means. Several IETF models, e.g., , , , , and , use "anydata" in their definitions. Current YANG implementations accept syntactically valid YANG data nodes as children of an "anydata" node but do not check the data type of these data nodes against a YANG schema. This creates a real problem for any YANG data consumer when validating YANG data against YANG data tree. For instance, a YANG Message Broker Consumer described in is not able to fully validate the received messages published by the network nodes. YANG Schema Mount allows mounting complete data models at implementation and run time. While powerful, schema mount cannot address use cases where the user selects an arbitrary subset of an instantiated data tree, such as . A current proposed approach, YANG Full Include , complements YANG Schema Mount and applies at design time, yet cannot address dynamic filtering of an instantiated YANG data tree. This document propeses using the to define the context in which anydata trees are validated. This would require the YANG tooling to implement additional flags that enables validating "anydata" subtrees in the context of a YANG Library.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Terminology This document uses the terminology defined in YANG for schema node and schema tree but refines data node and data tree to be more precise.

data node: A node in the schema tree that can be instantiated in a data tree. One of container, leaf, leaf-list, list, anydata, and anyxml. This document does not change how YANG handles anyxml data nodes.
instantiated data node: an instantiated instance of a data node that contains before fully qualified name (module namespace + identifier) for the data node and the data modeled within YANG.
instantiated data tree: is what defines as "data tree". Adding the term "instantiated" precisely indicates that this tree is an instance of specific data modeled with YANG.
data tree: a tree of data nodes (with no values).

Instantiated data node schema lookup This document builds on the fact that when a YANG validator examines a node in an instantiated data tree, it can find the corresponding data node in a YANG schema. For the existing YANG encodings, the following rules are defined to encode instantiated data nodes:

In YANG XML encoding, The element's local name is the data node identifier, and its namespace is the module's XML namespace.
In JSON encoding, each object member must be identical to the corresponding YANG data node identifier or namespace-qualified - the data node identifier is prefixed with the name of the module in which the data node is defined, separated from the data node identifier by the colon character (":").
In CBOR encoding, node should include information that would allow each node to be - identified in a stateless way, for instance, the SID number associated with the node, the SID delta from another SID in the application payload, the namespace-qualified name, or the instance-identifier.

Given the encoding rules that maintain complete information to identify the corresponding data node for each instantiated data node, the YANG validator can easily find the schema for the data node in the YANG Library.

Validating "anydata" Data Tree This document introduces two new YANG validation options: anydata-complete and anydata-candidate. These two options align with , such that the complete validation validates the contents of the anydata subtree, which MUST obey all validation rules defined in the corresponding schema in the YANG Library. The candidate does not apply the constraint checks.

Note to the RFC-Editor: Please remove this section before publishing. anydata-candidate validation is implemented for libyang and avaiable at

IANA Considerations This memo includes no request to IANA.

Security Considerations TBD

References Normative References Informative References

Acknowledgements The authors would like to thank Jean Quilbeuf, Benoit Claise, and Alex Huang Feng for their review and valuable comments.