diff options
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-aaa.yang')
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-aaa.yang | 811 |
1 files changed, 0 insertions, 811 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-aaa.yang b/src/plugins/yang/openconfig/openconfig-aaa.yang deleted file mode 100644 index 18a00c5..0000000 --- a/src/plugins/yang/openconfig/openconfig-aaa.yang +++ /dev/null @@ -1,811 +0,0 @@ -module openconfig-aaa { - - yang-version "1"; - - // namespace - namespace "http://openconfig.net/yang/aaa"; - - prefix "oc-aaa"; - - // import some basic types - import openconfig-extensions { prefix oc-ext; } - import openconfig-inet-types { prefix oc-inet; } - import openconfig-yang-types { prefix oc-yang; } - import openconfig-aaa-types { prefix oc-aaa-types; } - - include openconfig-aaa-tacacs; - include openconfig-aaa-radius; - - - // meta - organization "OpenConfig working group"; - - contact - "OpenConfig working group - www.openconfig.net"; - - description - "This module defines configuration and operational state data - related to authorization, authentication, and accounting (AAA) - management. - - Portions of this model reuse data definitions or structure from - RFC 7317 - A YANG Data Model for System Management"; - - oc-ext:openconfig-version "0.4.0"; - - revision "2018-04-12" { - description - "Add when conditions, correct identities"; - reference "0.4.0"; - } - - revision "2017-09-18" { - description - "Updated to use OpenConfig types modules"; - reference "0.3.0"; - } - - revision "2017-07-06" { - description - "Move to oc-inet types, add IETF attribution, add RADIUS - counters, changed password leaf names to indicate hashed"; - reference "0.2.0"; - } - - revision "2017-01-29" { - description - "Initial public release"; - reference "0.1.0"; - } - - // identity statements - - // grouping statements - grouping aaa-servergroup-common-config { - description - "Configuration data for AAA server groups"; - - leaf name { - type string; - description - "Name for the server group"; - } - - leaf type { - type identityref { - base oc-aaa-types:AAA_SERVER_TYPE; - } - description - "AAA server type -- all servers in the group must be of this - type"; - } - } - - grouping aaa-servergroup-common-state { - description - "Operational state data for AAA server groups"; - - //TODO: add list of group members as opstate - } - - grouping aaa-servergroup-common-top { - description - "Top-level grouping for AAA server groups"; - - container server-groups { - description - "Enclosing container for AAA server groups"; - - list server-group { - key "name"; - description - "List of AAA server groups. All servers in a group - must have the same type as indicated by the server - type."; - - leaf name { - type leafref { - path "../config/name"; - } - description - "Reference to configured name of the server group"; - } - - container config { - description - "Configuration data for each server group"; - - uses aaa-servergroup-common-config; - } - - container state { - config false; - - description - "Operational state data for each server group"; - - uses aaa-servergroup-common-config; - uses aaa-servergroup-common-state; - } - - uses aaa-server-top; - } - } - } - - grouping aaa-server-config { - description - "Common configuration data for AAA servers"; - - leaf name { - type string; - description - "Name assigned to the server"; - } - - - leaf address { - type oc-inet:ip-address; - description "Address of the authentication server"; - } - - leaf timeout { - type uint16; - units seconds; - description - "Set the timeout in seconds on responses from the AAA - server"; - } - } - - grouping aaa-server-state { - description - "Common operational state data for AAA servers"; - - leaf connection-opens { - type oc-yang:counter64; - description - "Number of new connection requests sent to the server, e.g. - socket open"; - } - - leaf connection-closes { - type oc-yang:counter64; - description - "Number of connection close requests sent to the server, e.g. - socket close"; - } - - leaf connection-aborts { - type oc-yang:counter64; - description - "Number of aborted connections to the server. These do - not include connections that are close gracefully."; - } - - leaf connection-failures { - type oc-yang:counter64; - description - "Number of connection failures to the server"; - } - - leaf connection-timeouts { - type oc-yang:counter64; - description - "Number of connection timeouts to the server"; - } - - leaf messages-sent { - type oc-yang:counter64; - description - "Number of messages sent to the server"; - } - - leaf messages-received { - type oc-yang:counter64; - description - "Number of messages received by the server"; - } - - leaf errors-received { - type oc-yang:counter64; - description - "Number of error messages received from the server"; - } - - } - - grouping aaa-server-top { - description - "Top-level grouping for list of AAA servers"; - - container servers { - description - "Enclosing container the list of servers"; - - list server { - key "address"; - description - "List of AAA servers"; - - leaf address { - type leafref { - path "../config/address"; - } - description - "Reference to the configured address of the AAA server"; - } - - container config { - description - "Configuration data "; - - uses aaa-server-config; - } - - container state { - config false; - - description - "Operational state data "; - - uses aaa-server-config; - uses aaa-server-state; - } - - uses aaa-tacacs-server-top { - when "../../config/type = 'oc-aaa-types:TACACS'"; - } - - uses aaa-radius-server-top { - when "../../config/type = 'oc-aaa-types:RADIUS'"; - } - } - } - } - - grouping aaa-admin-config { - description - "Configuration data for the system built-in - administrator / root user account"; - - leaf admin-password { - type string; - oc-ext:openconfig-hashed-value; - description - "The admin/root password, supplied as a cleartext string. - The system should hash and only store the password as a - hashed value."; - } - - leaf admin-password-hashed { - type oc-aaa-types:crypt-password-type; - description - "The admin/root password, supplied as a hashed value - using the notation described in the definition of the - crypt-password-type."; - } - } - - grouping aaa-admin-state { - description - "Operational state data for the root user"; - - leaf admin-username { - type string; - description - "Name of the administrator user account, e.g., admin, root, - etc."; - } - } - - grouping aaa-authentication-admin-top { - description - "Top-level grouping for root user configuration and state - data"; - - container admin-user { - description - "Top-level container for the system root or admin user - configuration and operational state"; - - container config { - description - "Configuration data for the root user account"; - - uses aaa-admin-config; - } - - container state { - config false; - - description - "Operational state data for the root user account"; - - uses aaa-admin-config; - uses aaa-admin-state; - } - } - } - grouping aaa-authentication-user-config { - description - "Configuration data for local users"; - - leaf username { - type string; - description - "Assigned username for this user"; - } - - leaf password { - type string; - oc-ext:openconfig-hashed-value; - description - "The user password, supplied as cleartext. The system - must hash the value and only store the hashed value."; - } - - leaf password-hashed { - type oc-aaa-types:crypt-password-type; - description - "The user password, supplied as a hashed value - using the notation described in the definition of the - crypt-password-type."; - } - - leaf ssh-key { - type string; - description - "SSH public key for the user (RSA or DSA)"; - } - - leaf role { - type union { - type string; - type identityref { - base oc-aaa-types:SYSTEM_DEFINED_ROLES; - } - } - description - "Role assigned to the user. The role may be supplied - as a string or a role defined by the SYSTEM_DEFINED_ROLES - identity."; - } - } - - grouping aaa-authentication-user-state { - description - "Operational state data for local users"; - } - - grouping aaa-authentication-user-top { - description - "Top-level grouping for local users"; - - container users { - description - "Enclosing container list of local users"; - - list user { - key "username"; - description - "List of local users on the system"; - - leaf username { - type leafref { - path "../config/username"; - } - description - "References the configured username for the user"; - } - - container config { - description - "Configuration data for local users"; - - uses aaa-authentication-user-config; - } - - container state { - config false; - - description - "Operational state data for local users"; - - uses aaa-authentication-user-config; - uses aaa-authentication-user-state; - } - } - - } - } - - grouping aaa-accounting-methods-common { - description - "Common definitions for accounting methods"; - - leaf-list accounting-method { - type union { - type identityref { - base oc-aaa-types:AAA_METHOD_TYPE; - } - type string; - //TODO: in YANG 1.1 this should be converted to a leafref to - //point to the server group name. - } - ordered-by user; - description - "An ordered list of methods used for AAA accounting for this - event type. The method is defined by the destination for - accounting data, which may be specified as the group of - all TACACS+/RADIUS servers, a defined server group, or - the local system."; - } - } - - - grouping aaa-accounting-events-config { - description - "Configuration data for AAA accounting events"; - - leaf event-type { - type identityref { - base oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE; - } - description - "The type of activity to record at the AAA accounting - server"; - } - - leaf record { - type enumeration { - enum START_STOP { - description - "Send START record to the accounting server at the - beginning of the activity, and STOP record at the - end of the activity."; - } - enum STOP { - description - "Send STOP record to the accounting server when the - user activity completes"; - } - } - description - "Type of record to send to the accounting server for this - activity type"; - } - } - - grouping aaa-accounting-events-state { - description - "Operational state data for accounting events"; - } - - grouping aaa-accounting-events-top { - description - "Top-level grouping for accounting events"; - - container events { - description - "Enclosing container for defining handling of events - for accounting"; - - list event { - key "event-type"; - description - "List of events subject to accounting"; - - leaf event-type { - type leafref { - path "../config/event-type"; - } - description - "Reference to the event-type being logged at the - accounting server"; - } - - container config { - description - "Configuration data for accounting events"; - - uses aaa-accounting-events-config; - } - - container state { - config false; - - description - "Operational state data for accounting events"; - - uses aaa-accounting-events-config; - uses aaa-accounting-events-state; - } - } - } - } - - grouping aaa-accounting-config { - description - "Configuration data for event accounting"; - - uses aaa-accounting-methods-common; - - } - - grouping aaa-accounting-state { - description - "Operational state data for event accounting services"; - } - - grouping aaa-accounting-top { - description - "Top-level grouping for user activity accounting"; - - container accounting { - description - "Top-level container for AAA accounting"; - - container config { - description - "Configuration data for user activity accounting."; - - uses aaa-accounting-config; - } - - container state { - config false; - - description - "Operational state data for user accounting."; - - uses aaa-accounting-config; - uses aaa-accounting-state; - } - - uses aaa-accounting-events-top; - - } - } - - grouping aaa-authorization-methods-config { - description - "Common definitions for authorization methods for global - and per-event type"; - - leaf-list authorization-method { - type union { - type identityref { - base oc-aaa-types:AAA_METHOD_TYPE; - } - type string; - } - ordered-by user; - description - "Ordered list of methods for authorizing commands. The first - method that provides a response (positive or negative) should - be used. The list may contain a well-defined method such - as the set of all TACACS or RADIUS servers, or the name of - a defined AAA server group. The system must validate - that the named server group exists."; - } - } - - grouping aaa-authorization-events-config { - description - "Configuration data for AAA authorization events"; - - leaf event-type { - type identityref { - base oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE; - } - description - "The type of event to record at the AAA authorization - server"; - } - } - - grouping aaa-authorization-events-state { - description - "Operational state data for AAA authorization events"; - } - - grouping aaa-authorization-events-top { - description - "Top-level grouping for authorization events"; - - container events { - description - "Enclosing container for the set of events subject - to authorization"; - - list event { - key "event-type"; - description - "List of events subject to AAA authorization"; - - leaf event-type { - type leafref { - path "../config/event-type"; - } - description - "Reference to the event-type list key"; - } - - container config { - description - "Configuration data for each authorized event"; - - uses aaa-authorization-events-config; - } - - container state { - config false; - - description - "Operational state data for each authorized activity"; - - uses aaa-authorization-events-config; - uses aaa-authorization-events-state; - } - } - } - } - - grouping aaa-authorization-config { - description - "Configuration data for AAA authorization"; - - uses aaa-authorization-methods-config; - } - - grouping aaa-authorization-state { - description - "Operational state data for AAA authorization"; - } - - grouping aaa-authorization-top { - description - "Top-level grouping for AAA authorization"; - - container authorization { - description - "Top-level container for AAA authorization configuration - and operational state data"; - - container config { - description - "Configuration data for authorization based on AAA - methods"; - - uses aaa-authorization-config; - } - - container state { - config false; - - description - "Operational state data for authorization based on AAA"; - - uses aaa-authorization-config; - uses aaa-authorization-state; - } - - uses aaa-authorization-events-top; - - } - } - - grouping aaa-authentication-config { - description - "Configuration data for global authentication"; - - leaf-list authentication-method { - type union { - type identityref { - base oc-aaa-types:AAA_METHOD_TYPE; - } - type string; - //TODO: string should be a leafref to a defined - //server group. this will be possible in YANG 1.1 - //type leafref { - //path "/aaa/server-groups/server-group/config/name"; - //} - } - ordered-by user; - description - "Ordered list of authentication methods for users. This - can be either a reference to a server group, or a well- - defined designation in the AAA_METHOD_TYPE identity. If - authentication fails with one method, the next defined - method is tried -- failure of all methods results in the - user being denied access."; - } - } - - grouping aaa-authentication-state { - description - "Operational state data for global authentication"; - } - - grouping aaa-authentication-top { - description - "Top-level grouping for top-level authentication"; - - container authentication { - description - "Top-level container for global authentication data"; - - container config { - description - "Configuration data for global authentication services"; - - uses aaa-authentication-config; - } - - container state { - config false; - - description - "Operational state data for global authentication - services"; - - uses aaa-authentication-config; - uses aaa-authentication-state; - } - - uses aaa-authentication-admin-top; - uses aaa-authentication-user-top; - } - } - - grouping aaa-config { - description - "Configuration data for top level AAA"; - } - - grouping aaa-state { - description - "Operational state data for top level AAA"; - } - - grouping aaa-top { - description - "Top-level grouping for AAA services"; - - container aaa { - description - "Top-level container for AAA services"; - - container config { - description - "Configuration data for top level AAA services"; - - uses aaa-config; - } - - container state { - config false; - - description - "Operational state data for top level AAA services "; - - uses aaa-config; - uses aaa-state; - } - - uses aaa-authentication-top; - uses aaa-authorization-top; - uses aaa-accounting-top; - uses aaa-servergroup-common-top; - - } - } - - - - // data definition statements - - -} |