From 11e154ab3e09464086cad06376a5da25430cf48b Mon Sep 17 00:00:00 2001
From: Marek Gradzki <mgradzki@cisco.com>
Date: Mon, 10 Oct 2016 13:18:01 +0200
Subject: Move interface acls to separate yang module

Change-Id: Ia11eacababd62f719e23af5b64b19c5227d56a45
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
---
 v3po/api/src/main/yang/v3po.yang | 122 ++++-----------------------------------
 1 file changed, 10 insertions(+), 112 deletions(-)

(limited to 'v3po/api/src/main/yang/v3po.yang')

diff --git a/v3po/api/src/main/yang/v3po.yang b/v3po/api/src/main/yang/v3po.yang
index 3e981c3ff..b2d0a74ed 100644
--- a/v3po/api/src/main/yang/v3po.yang
+++ b/v3po/api/src/main/yang/v3po.yang
@@ -32,11 +32,8 @@ module v3po {
   import yang-ext {
     prefix "ext";
   }
-  import vpp-classifier {
-    prefix "vpp-classifier";
-  }
-  import ietf-access-control-list {
-    prefix "acl";
+  import vpp-acl {
+    prefix "vpp-acl";
   }
 
   typedef bridge-domain-ref {
@@ -137,13 +134,6 @@ module v3po {
     }
   }
 
-  typedef interface-mode {
-    type enumeration {
-      enum "l2";
-      enum "l3";
-    }
-  }
-
   grouping bridge-domain-attributes {
     leaf flood {
       type boolean;
@@ -430,98 +420,6 @@ module v3po {
       }
   }
 
-  grouping acl-base-attributes {
-    description
-      "Defines references to classify tables.
-       At least one table reference should be specified.";
-    container l2-acl {
-      leaf classify-table {
-        type vpp-classifier:classify-table-ref;
-        description
-          "An L2 ACL table";
-      }
-    }
-    container ip4-acl {
-      leaf classify-table {
-        type vpp-classifier:classify-table-ref;
-        description
-          "An IPv4 ACL table";
-      }
-    }
-    container ip6-acl {
-      leaf classify-table {
-        type vpp-classifier:classify-table-ref;
-        description
-          "An IPv6 ACL table";
-      }
-    }
-  }
-
-  grouping ietf-acl-base-attributes {
-    description
-      "Provides limited support for ietf-acl model.";
-
-    container access-lists {
-      description
-        "Defines references to ietf-acl lists. Before assignment to interface,
-        ACL lists are merged into 3 type of acls (l2, ip4 and ip6) that are supported by vpp.
-        Then 3 corresponding chains of tables and sessions are created and assigned to the interface
-        as l2, ip4 and ip6 classify table chains.
-        User ordering is preserved in each group separately.
-
-        Assignment update/delete removes all created tables and sessions and repeats process described above.
-        Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
-
-        Read is supported only for acls that were created and assigned by Honeycomb agent
-        (corresponding metadata are present).
-
-        Limitations (due to vpp limitations):
-        - egress rules are currently ignored (HONEYCOMB-234)
-        - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
-        - mixing L2/L3/L4 rules is currently not supported (limited support will by provided by HONEYCOMB-233)
-        - L2 only rules on L3 interfaces are not supported (not allowed by vpp,
-          in the future defining L2/L3 pairs should be partially supported)
-        - vlan tags are supported only for sub-interfaces defined as exact-match";
-      list acl {
-        key "type name";
-        ordered-by user;
-
-        leaf type {
-          type acl:acl-type;
-        }
-
-        leaf name {
-          type acl:access-control-list-ref;
-        }
-      }
-
-      leaf default-action {
-        type enumeration {
-          enum "deny";
-          enum "permit";
-         }
-         default "deny";
-        description
-          "Default action applied to packet that does not match any of rules defined in assigned ACLs.
-           It is translated to single classify table and applied at the end of assigned chains.";
-      }
-
-      leaf mode {
-        type interface-mode;
-        default l3;
-        description
-          "The way ACLs are translated depends on the interface mode.
-           In case of L2 interfaces (bridge/interconnection)
-           classify tables are assigned as l2_table using input_acl_set_interface (ether type matching is automatically
-           added in case of L3 rules).
-           In case of L3 interfaces, classify tables are assigned as ip4/ip6 tables.
-
-           It is the user responsibility to choose mode that matches target interface.
-           ";
-      }
-    }
-  }
-
   augment /if:interfaces/if:interface {
     ext:augment-identifier "vpp-interface-augmentation";
 
@@ -582,19 +480,19 @@ module v3po {
 
     container acl {
       container ingress {
-        uses acl-base-attributes;
+        uses vpp-acl:acl-base-attributes;
       }
       container egress {
-        uses acl-base-attributes;
+        uses vpp-acl:acl-base-attributes;
       }
     }
 
     container ietf-acl {
       container ingress {
-        uses ietf-acl-base-attributes;
+        uses vpp-acl:ietf-acl-base-attributes;
       }
       container egress {
-        uses ietf-acl-base-attributes;
+        uses vpp-acl:ietf-acl-base-attributes;
       }
     }
   }
@@ -672,19 +570,19 @@ module v3po {
 
     container acl {
       container ingress {
-        uses acl-base-attributes;
+        uses vpp-acl:acl-base-attributes;
       }
       container egress {
-        uses acl-base-attributes;
+        uses vpp-acl:acl-base-attributes;
       }
     }
 
     container ietf-acl {
       container ingress {
-        uses ietf-acl-base-attributes;
+        uses vpp-acl:ietf-acl-base-attributes;
       }
       container egress {
-        uses ietf-acl-base-attributes;
+        uses vpp-acl:ietf-acl-base-attributes;
       }
     }
   }
-- 
cgit 1.2.3-korg