module openconfig-aaa-types {

  yang-version "1";

  // namespace
  namespace "http://openconfig.net/yang/aaa/types";

  prefix "oc-aaa-types";

  // import some basic types
  import openconfig-extensions { prefix oc-ext; }


  // meta
  organization "OpenConfig working group";

  contact
    "OpenConfig working group
    www.openconfig.net";

  description
    "This module defines shared types for data related to AAA
    (authentication, authorization, accounting).";

  oc-ext:openconfig-version "0.4.0";

  revision "2018-04-12" {
    description
      "Add when conditions, correct identities";
    reference "0.4.0";
  }

  revision "2017-09-18" {
    description
      "Updated to use OpenConfig types modules";
    reference "0.3.0";
  }

  revision "2017-07-06" {
    description
      "Move to oc-inet types, add IETF attribution, add RADIUS
      counters, changed password leaf names to indicate hashed";
    reference "0.2.0";
  }

  revision "2017-01-29" {
    description
      "Initial public release";
    reference "0.1.0";
  }


  // identity statements

  identity AAA_SERVER_TYPE {
    description
      "Base identity for types of AAA servers";
  }


  identity SYSTEM_DEFINED_ROLES {
    description
      "Base identity for system_defined roles that can be assigned
      to users.";
  }

  identity SYSTEM_ROLE_ADMIN {
    base SYSTEM_DEFINED_ROLES;
    description
      "Built-in role that allows the equivalent of superuser
      permission for all configuration and operational commands
      on the device.";
  }

  identity AAA_ACCOUNTING_EVENT_TYPE {
    description
      "Base identity for specifying events types that should be
      sent to AAA server for accounting";
  }

  identity AAA_ACCOUNTING_EVENT_COMMAND {
    base AAA_ACCOUNTING_EVENT_TYPE;
    description
      "Specifies interactive command events for AAA accounting";
  }

  identity AAA_ACCOUNTING_EVENT_LOGIN {
    base AAA_ACCOUNTING_EVENT_TYPE;
    description
      "Specifies login events for AAA accounting";
  }

  identity AAA_AUTHORIZATION_EVENT_TYPE {
    description
      "Base identity for specifying activities that should be
      sent to AAA server for authorization";
  }

  identity AAA_AUTHORIZATION_EVENT_COMMAND {
    base AAA_AUTHORIZATION_EVENT_TYPE;
    description
      "Specifies interactive command events for AAA authorization";
  }

  identity AAA_AUTHORIZATION_EVENT_CONFIG {
    base AAA_AUTHORIZATION_EVENT_TYPE;
    description
      "Specifies configuration (e.g., EXEC) events for AAA
      authorization";
  }

  identity AAA_METHOD_TYPE {
    description
      "Base identity to define well-known methods for AAA
      operations";
  }

  identity TACACS_ALL {
    base AAA_METHOD_TYPE;
    description
      "The group of all TACACS+ servers.";
  }

  identity RADIUS_ALL {
    base AAA_METHOD_TYPE;
    description
      "The group of all RADIUS servers.";
  }

  identity LOCAL {
    base AAA_METHOD_TYPE;
    description
      "Locally configured method for AAA operations.";
  }


  // typedef statements

  typedef crypt-password-type {
    type string;
    description
      "A password that is hashed based on the hash algorithm
      indicated by the prefix in the string.  The string
      takes the following form, based on the Unix crypt function:

      $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]

      Common hash functions include:

      id  | hash function
       ---+---------------
        1 | MD5
        2a| Blowfish
        2y| Blowfish (correct handling of 8-bit chars)
        5 | SHA-256
        6 | SHA-512

      These may not all be supported by a target device.";
  }


}