summaryrefslogtreecommitdiffstats
path: root/acl/acl-api/src/main/yang/interface-acl.yang
blob: 29b85e860b89b38649aca934ff5c2d71daf1a6e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
module interface-acl {
  yang-version 1;
  namespace "urn:opendaylight:params:xml:ns:yang:interface:acl";
  prefix "ifc-acl";

  revision "2016-12-14" {
    description "Initial revision of interface-acl model";
  }

  import ietf-interfaces {
    prefix "if";
  }
  import yang-ext {
    prefix "ext";
  }
  import ietf-yang-types {
    prefix "yang";
  }

  import vpp-acl {
    prefix "vpp-acl";
  }

  import ietf-access-control-list {
    prefix "acl";
  }

  description "Augmentations to interfaces model to apply acls exposed by acl plugin of vpp";

  grouping vpp-acl-base-attributes {
    leaf tag {
      type yang:hex-string {
        length 64;
      }
      description
        "Placeholder for ACL metadata. Value is stored in vpp, and returned in read requests. No processing involved.";
    }
  }

  grouping vpp-acls-base-attributes  {
    description
      "List of ACLs of vpp-acl type"; // TODO express constraint in the model if possible
    list vpp-acls {
      key "type name";
      ordered-by user;

      leaf type {
        type acl:acl-type;
      }

      leaf name {
        type acl:access-control-list-ref;
      }

      uses vpp-acl-base-attributes;
    }
  }

  grouping vpp-macip-acls-base-attributes  {
    container vpp-macip-acl {
      description
        "ACL of vpp-macip-acl type"; // TODO express constraint in the model if possible

      leaf type {
        type acl:acl-type;
      }

      leaf name {
        type acl:access-control-list-ref;
      }

      uses vpp-acl-base-attributes;
    }
  }

  grouping interface-acl-attributes {
    container acl {
      container ingress {
        uses vpp-acls-base-attributes;
        uses vpp-macip-acls-base-attributes;
      }
      container egress {
        uses vpp-acls-base-attributes;
      }
    }
  }

  augment /if:interfaces/if:interface {
    ext:augment-identifier "vpp-acl-interface-augmentation";
    uses interface-acl-attributes;
  }

  augment /if:interfaces-state/if:interface {
    ext:augment-identifier "vpp-acl-interface-state-augmentation";
    uses interface-acl-attributes;
  }

}