" When datastore processing is complete, the final contents MUST obey
all validation constraints. This validation processing is performed
at differing times according to the datastore. If the datastore is
<running/> or <startup/>, these constraints MUST be enforced at the
end of the <edit-config> or <copy-config> operation. If the
datastore is <candidate/>, the constraint enforcement is delayed
until a <commit> or <validate> operation.

o Any "must" constraints MUST evaluate to "true".

o Any referential integrity constraints defined via the "path"
statement MUST be satisfied.

o Any "unique" constraints on lists MUST be satisfied.

o The "min-elements" and "max-elements" constraints are enforced for
lists and leaf-lists."

More concrete problem

I've just stumbled on a RESTConf problem that I'm having a hard problem finding a clean way out.

In a nutshell:

I have an ACL module that import interfaces module so that ACLs can be attached to interfaces.

Normally in a router you can not delete an interface without removing the ACL first. This is to ensure consistency. Anyway, I'm sure most people can relate to this issue and find their own example.

Now, if my Yang models are compiled and loaded, there is nothing stopping the admin from deleting everything, everywhere. By the time I get onDataChanged() all changes are done.

I just tested and I can go and remove an interface and indirectly stopping, ACL, QoS, packet forwarding, etc and putting the system in a state where ACL is attached to an interface that does not exist.

In my ACL model interface is a leafref, meaning it is a reference to an interface that should exist in the system but that not enforced by RESTConf/datastore.

If datastore can not provide such functionality, we need:

• an event that is triggered before changes are actually committed application can sanitize/stop changes that would result in consistency issues

or

Go back to JAX-RS decorators in order to provide consistency and do not rely in automatic RESTconf operations.

or something else