aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/yang/openconfig/openconfig-aaa.yang
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-aaa.yang')
-rw-r--r--src/plugins/yang/openconfig/openconfig-aaa.yang811
1 files changed, 0 insertions, 811 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-aaa.yang b/src/plugins/yang/openconfig/openconfig-aaa.yang
deleted file mode 100644
index 18a00c5..0000000
--- a/src/plugins/yang/openconfig/openconfig-aaa.yang
+++ /dev/null
@@ -1,811 +0,0 @@
-module openconfig-aaa {
-
- yang-version "1";
-
- // namespace
- namespace "http://openconfig.net/yang/aaa";
-
- prefix "oc-aaa";
-
- // import some basic types
- import openconfig-extensions { prefix oc-ext; }
- import openconfig-inet-types { prefix oc-inet; }
- import openconfig-yang-types { prefix oc-yang; }
- import openconfig-aaa-types { prefix oc-aaa-types; }
-
- include openconfig-aaa-tacacs;
- include openconfig-aaa-radius;
-
-
- // meta
- organization "OpenConfig working group";
-
- contact
- "OpenConfig working group
- www.openconfig.net";
-
- description
- "This module defines configuration and operational state data
- related to authorization, authentication, and accounting (AAA)
- management.
-
- Portions of this model reuse data definitions or structure from
- RFC 7317 - A YANG Data Model for System Management";
-
- oc-ext:openconfig-version "0.4.0";
-
- revision "2018-04-12" {
- description
- "Add when conditions, correct identities";
- reference "0.4.0";
- }
-
- revision "2017-09-18" {
- description
- "Updated to use OpenConfig types modules";
- reference "0.3.0";
- }
-
- revision "2017-07-06" {
- description
- "Move to oc-inet types, add IETF attribution, add RADIUS
- counters, changed password leaf names to indicate hashed";
- reference "0.2.0";
- }
-
- revision "2017-01-29" {
- description
- "Initial public release";
- reference "0.1.0";
- }
-
- // identity statements
-
- // grouping statements
- grouping aaa-servergroup-common-config {
- description
- "Configuration data for AAA server groups";
-
- leaf name {
- type string;
- description
- "Name for the server group";
- }
-
- leaf type {
- type identityref {
- base oc-aaa-types:AAA_SERVER_TYPE;
- }
- description
- "AAA server type -- all servers in the group must be of this
- type";
- }
- }
-
- grouping aaa-servergroup-common-state {
- description
- "Operational state data for AAA server groups";
-
- //TODO: add list of group members as opstate
- }
-
- grouping aaa-servergroup-common-top {
- description
- "Top-level grouping for AAA server groups";
-
- container server-groups {
- description
- "Enclosing container for AAA server groups";
-
- list server-group {
- key "name";
- description
- "List of AAA server groups. All servers in a group
- must have the same type as indicated by the server
- type.";
-
- leaf name {
- type leafref {
- path "../config/name";
- }
- description
- "Reference to configured name of the server group";
- }
-
- container config {
- description
- "Configuration data for each server group";
-
- uses aaa-servergroup-common-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for each server group";
-
- uses aaa-servergroup-common-config;
- uses aaa-servergroup-common-state;
- }
-
- uses aaa-server-top;
- }
- }
- }
-
- grouping aaa-server-config {
- description
- "Common configuration data for AAA servers";
-
- leaf name {
- type string;
- description
- "Name assigned to the server";
- }
-
-
- leaf address {
- type oc-inet:ip-address;
- description "Address of the authentication server";
- }
-
- leaf timeout {
- type uint16;
- units seconds;
- description
- "Set the timeout in seconds on responses from the AAA
- server";
- }
- }
-
- grouping aaa-server-state {
- description
- "Common operational state data for AAA servers";
-
- leaf connection-opens {
- type oc-yang:counter64;
- description
- "Number of new connection requests sent to the server, e.g.
- socket open";
- }
-
- leaf connection-closes {
- type oc-yang:counter64;
- description
- "Number of connection close requests sent to the server, e.g.
- socket close";
- }
-
- leaf connection-aborts {
- type oc-yang:counter64;
- description
- "Number of aborted connections to the server. These do
- not include connections that are close gracefully.";
- }
-
- leaf connection-failures {
- type oc-yang:counter64;
- description
- "Number of connection failures to the server";
- }
-
- leaf connection-timeouts {
- type oc-yang:counter64;
- description
- "Number of connection timeouts to the server";
- }
-
- leaf messages-sent {
- type oc-yang:counter64;
- description
- "Number of messages sent to the server";
- }
-
- leaf messages-received {
- type oc-yang:counter64;
- description
- "Number of messages received by the server";
- }
-
- leaf errors-received {
- type oc-yang:counter64;
- description
- "Number of error messages received from the server";
- }
-
- }
-
- grouping aaa-server-top {
- description
- "Top-level grouping for list of AAA servers";
-
- container servers {
- description
- "Enclosing container the list of servers";
-
- list server {
- key "address";
- description
- "List of AAA servers";
-
- leaf address {
- type leafref {
- path "../config/address";
- }
- description
- "Reference to the configured address of the AAA server";
- }
-
- container config {
- description
- "Configuration data ";
-
- uses aaa-server-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data ";
-
- uses aaa-server-config;
- uses aaa-server-state;
- }
-
- uses aaa-tacacs-server-top {
- when "../../config/type = 'oc-aaa-types:TACACS'";
- }
-
- uses aaa-radius-server-top {
- when "../../config/type = 'oc-aaa-types:RADIUS'";
- }
- }
- }
- }
-
- grouping aaa-admin-config {
- description
- "Configuration data for the system built-in
- administrator / root user account";
-
- leaf admin-password {
- type string;
- oc-ext:openconfig-hashed-value;
- description
- "The admin/root password, supplied as a cleartext string.
- The system should hash and only store the password as a
- hashed value.";
- }
-
- leaf admin-password-hashed {
- type oc-aaa-types:crypt-password-type;
- description
- "The admin/root password, supplied as a hashed value
- using the notation described in the definition of the
- crypt-password-type.";
- }
- }
-
- grouping aaa-admin-state {
- description
- "Operational state data for the root user";
-
- leaf admin-username {
- type string;
- description
- "Name of the administrator user account, e.g., admin, root,
- etc.";
- }
- }
-
- grouping aaa-authentication-admin-top {
- description
- "Top-level grouping for root user configuration and state
- data";
-
- container admin-user {
- description
- "Top-level container for the system root or admin user
- configuration and operational state";
-
- container config {
- description
- "Configuration data for the root user account";
-
- uses aaa-admin-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for the root user account";
-
- uses aaa-admin-config;
- uses aaa-admin-state;
- }
- }
- }
- grouping aaa-authentication-user-config {
- description
- "Configuration data for local users";
-
- leaf username {
- type string;
- description
- "Assigned username for this user";
- }
-
- leaf password {
- type string;
- oc-ext:openconfig-hashed-value;
- description
- "The user password, supplied as cleartext. The system
- must hash the value and only store the hashed value.";
- }
-
- leaf password-hashed {
- type oc-aaa-types:crypt-password-type;
- description
- "The user password, supplied as a hashed value
- using the notation described in the definition of the
- crypt-password-type.";
- }
-
- leaf ssh-key {
- type string;
- description
- "SSH public key for the user (RSA or DSA)";
- }
-
- leaf role {
- type union {
- type string;
- type identityref {
- base oc-aaa-types:SYSTEM_DEFINED_ROLES;
- }
- }
- description
- "Role assigned to the user. The role may be supplied
- as a string or a role defined by the SYSTEM_DEFINED_ROLES
- identity.";
- }
- }
-
- grouping aaa-authentication-user-state {
- description
- "Operational state data for local users";
- }
-
- grouping aaa-authentication-user-top {
- description
- "Top-level grouping for local users";
-
- container users {
- description
- "Enclosing container list of local users";
-
- list user {
- key "username";
- description
- "List of local users on the system";
-
- leaf username {
- type leafref {
- path "../config/username";
- }
- description
- "References the configured username for the user";
- }
-
- container config {
- description
- "Configuration data for local users";
-
- uses aaa-authentication-user-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for local users";
-
- uses aaa-authentication-user-config;
- uses aaa-authentication-user-state;
- }
- }
-
- }
- }
-
- grouping aaa-accounting-methods-common {
- description
- "Common definitions for accounting methods";
-
- leaf-list accounting-method {
- type union {
- type identityref {
- base oc-aaa-types:AAA_METHOD_TYPE;
- }
- type string;
- //TODO: in YANG 1.1 this should be converted to a leafref to
- //point to the server group name.
- }
- ordered-by user;
- description
- "An ordered list of methods used for AAA accounting for this
- event type. The method is defined by the destination for
- accounting data, which may be specified as the group of
- all TACACS+/RADIUS servers, a defined server group, or
- the local system.";
- }
- }
-
-
- grouping aaa-accounting-events-config {
- description
- "Configuration data for AAA accounting events";
-
- leaf event-type {
- type identityref {
- base oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE;
- }
- description
- "The type of activity to record at the AAA accounting
- server";
- }
-
- leaf record {
- type enumeration {
- enum START_STOP {
- description
- "Send START record to the accounting server at the
- beginning of the activity, and STOP record at the
- end of the activity.";
- }
- enum STOP {
- description
- "Send STOP record to the accounting server when the
- user activity completes";
- }
- }
- description
- "Type of record to send to the accounting server for this
- activity type";
- }
- }
-
- grouping aaa-accounting-events-state {
- description
- "Operational state data for accounting events";
- }
-
- grouping aaa-accounting-events-top {
- description
- "Top-level grouping for accounting events";
-
- container events {
- description
- "Enclosing container for defining handling of events
- for accounting";
-
- list event {
- key "event-type";
- description
- "List of events subject to accounting";
-
- leaf event-type {
- type leafref {
- path "../config/event-type";
- }
- description
- "Reference to the event-type being logged at the
- accounting server";
- }
-
- container config {
- description
- "Configuration data for accounting events";
-
- uses aaa-accounting-events-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for accounting events";
-
- uses aaa-accounting-events-config;
- uses aaa-accounting-events-state;
- }
- }
- }
- }
-
- grouping aaa-accounting-config {
- description
- "Configuration data for event accounting";
-
- uses aaa-accounting-methods-common;
-
- }
-
- grouping aaa-accounting-state {
- description
- "Operational state data for event accounting services";
- }
-
- grouping aaa-accounting-top {
- description
- "Top-level grouping for user activity accounting";
-
- container accounting {
- description
- "Top-level container for AAA accounting";
-
- container config {
- description
- "Configuration data for user activity accounting.";
-
- uses aaa-accounting-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for user accounting.";
-
- uses aaa-accounting-config;
- uses aaa-accounting-state;
- }
-
- uses aaa-accounting-events-top;
-
- }
- }
-
- grouping aaa-authorization-methods-config {
- description
- "Common definitions for authorization methods for global
- and per-event type";
-
- leaf-list authorization-method {
- type union {
- type identityref {
- base oc-aaa-types:AAA_METHOD_TYPE;
- }
- type string;
- }
- ordered-by user;
- description
- "Ordered list of methods for authorizing commands. The first
- method that provides a response (positive or negative) should
- be used. The list may contain a well-defined method such
- as the set of all TACACS or RADIUS servers, or the name of
- a defined AAA server group. The system must validate
- that the named server group exists.";
- }
- }
-
- grouping aaa-authorization-events-config {
- description
- "Configuration data for AAA authorization events";
-
- leaf event-type {
- type identityref {
- base oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE;
- }
- description
- "The type of event to record at the AAA authorization
- server";
- }
- }
-
- grouping aaa-authorization-events-state {
- description
- "Operational state data for AAA authorization events";
- }
-
- grouping aaa-authorization-events-top {
- description
- "Top-level grouping for authorization events";
-
- container events {
- description
- "Enclosing container for the set of events subject
- to authorization";
-
- list event {
- key "event-type";
- description
- "List of events subject to AAA authorization";
-
- leaf event-type {
- type leafref {
- path "../config/event-type";
- }
- description
- "Reference to the event-type list key";
- }
-
- container config {
- description
- "Configuration data for each authorized event";
-
- uses aaa-authorization-events-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for each authorized activity";
-
- uses aaa-authorization-events-config;
- uses aaa-authorization-events-state;
- }
- }
- }
- }
-
- grouping aaa-authorization-config {
- description
- "Configuration data for AAA authorization";
-
- uses aaa-authorization-methods-config;
- }
-
- grouping aaa-authorization-state {
- description
- "Operational state data for AAA authorization";
- }
-
- grouping aaa-authorization-top {
- description
- "Top-level grouping for AAA authorization";
-
- container authorization {
- description
- "Top-level container for AAA authorization configuration
- and operational state data";
-
- container config {
- description
- "Configuration data for authorization based on AAA
- methods";
-
- uses aaa-authorization-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for authorization based on AAA";
-
- uses aaa-authorization-config;
- uses aaa-authorization-state;
- }
-
- uses aaa-authorization-events-top;
-
- }
- }
-
- grouping aaa-authentication-config {
- description
- "Configuration data for global authentication";
-
- leaf-list authentication-method {
- type union {
- type identityref {
- base oc-aaa-types:AAA_METHOD_TYPE;
- }
- type string;
- //TODO: string should be a leafref to a defined
- //server group. this will be possible in YANG 1.1
- //type leafref {
- //path "/aaa/server-groups/server-group/config/name";
- //}
- }
- ordered-by user;
- description
- "Ordered list of authentication methods for users. This
- can be either a reference to a server group, or a well-
- defined designation in the AAA_METHOD_TYPE identity. If
- authentication fails with one method, the next defined
- method is tried -- failure of all methods results in the
- user being denied access.";
- }
- }
-
- grouping aaa-authentication-state {
- description
- "Operational state data for global authentication";
- }
-
- grouping aaa-authentication-top {
- description
- "Top-level grouping for top-level authentication";
-
- container authentication {
- description
- "Top-level container for global authentication data";
-
- container config {
- description
- "Configuration data for global authentication services";
-
- uses aaa-authentication-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for global authentication
- services";
-
- uses aaa-authentication-config;
- uses aaa-authentication-state;
- }
-
- uses aaa-authentication-admin-top;
- uses aaa-authentication-user-top;
- }
- }
-
- grouping aaa-config {
- description
- "Configuration data for top level AAA";
- }
-
- grouping aaa-state {
- description
- "Operational state data for top level AAA";
- }
-
- grouping aaa-top {
- description
- "Top-level grouping for AAA services";
-
- container aaa {
- description
- "Top-level container for AAA services";
-
- container config {
- description
- "Configuration data for top level AAA services";
-
- uses aaa-config;
- }
-
- container state {
- config false;
-
- description
- "Operational state data for top level AAA services ";
-
- uses aaa-config;
- uses aaa-state;
- }
-
- uses aaa-authentication-top;
- uses aaa-authorization-top;
- uses aaa-accounting-top;
- uses aaa-servergroup-common-top;
-
- }
- }
-
-
-
- // data definition statements
-
-
-}