Skip to content

Fix v1.5→v1.7 keystore migration: wrap symmetric-key in key-type container #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix v1.5→v1.7 keystore migration: wrap symmetric-key in key-type container #1382

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Jan 29, 2026
edited
Loading

Description

The migration script transformed infix-keystore:cleartext-key to infix-keystore:symmetric-key at the wrong schema level, causing libyang validation errors for WiFi PSK configurations.

The YANG schema requires symmetric-key under a key-type choice (infix-keystore.yang:60-81), but the migration placed it directly under symmetric-key node.

Before (incorrect):

{
  "name": "hemma",
  "infix-keystore:symmetric-key": "password123"
}

After (correct):

{
  "name": "hemma",
  "key-type": {
    "infix-keystore:symmetric-key": "password123"
  }
}

Updated jq transformation in 1.7/20-keystore-cleartext-key-rename.sh to add the key-type container wrapper.

Checklist

Tick relevant boxes, this PR is-a or has-a:

  • Bugfix
    • Regression tests
    • ChangeLog updates (for next release)
  • Feature
    • YANG model change => revision updated?
    • Regression tests added?
    • ChangeLog updates (for next release)
    • Documentation added?
  • Test changes
    • Checked in changed Readme.adoc (make test-spec)
    • Added new test to group Readme.adoc and yaml file
  • Code style update (formatting, renaming)
  • Refactoring (please detail in commit messages)
  • Build related changes
  • Documentation content changes
    • ChangeLog updated (for major changes)
  • Other (please describe):
Original prompt

This section details on the original issue you should resolve

<issue_title>Fails to migrate from confd v1.5 => v1.7</issue_title>
<issue_description>### Current Behavior

With wifi psk: Unclear reason, needs to be checked before release.

Nov  4 10:56:02 infix load[3920]: Loading startup-config ...
Nov  4 10:56:02 infix startup[3920]: libyang error: Node "cleartext-key" not found as a child of "symmetric-key" node. (/ietf-keystore:keystore/symmetric-keys/symmetric-key[name='hemma'])

Expected Behavior

No error

Steps To Reproduce

No response

Additional information

No response</issue_description>

<agent_instructions>I need your help to review the syntax migration scripts in src/confd/share/migrate/ to ensure they actually support migrating from v1.5 syntax to the latest.

I do not expect you to find any issue with this, it's purely review.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@troglobit
Fix migration script to wrap symmetric-key in key-type container
46f25d7 
The migration script was incorrectly placing symmetric-key directly
under the symmetric-key node, but according to the YANG schema, it
should be wrapped in a key-type container. This fixes the libyang
error: "Node 'cleartext-key' not found as a child of 'symmetric-key'
node" when migrating from v1.5 to v1.7.

Co-authored-by: troglobit <183517+troglobit@users.noreply.github.com>
Copilot AI changed the title [WIP] Review syntax migration scripts for confd v1.5 to v1.7 Fix v1.5→v1.7 keystore migration: wrap symmetric-key in key-type container Jan 29, 2026
Copilot AI requested a review from troglobit January 29, 2026 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@troglobit troglobit Awaiting requested review from troglobit

At least 1 approving review is required to merge this pull request.

Assignees

@troglobit troglobit

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fails to migrate from confd v1.5 => v1.7

2 participants

@troglobit