-module o-ran-usermgmt {
- yang-version 1.1;
- namespace "urn:o-ran:user-mgmt:1.0";
- prefix "o-ran-usermgmt";
-
- import ietf-netconf-acm {
- prefix nacm;
- reference
- "RFC 8341: Network Configuration Access Control Model";
- }
-
- organization "O-RAN Alliance";
-
- contact
- "www.o-ran.org";
-
- description
- "This module defines the user management model for the O-RAN Equipment.
-
- Copyright 2019 the O-RAN Alliance.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS'
- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the above disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the above disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the Members of the O-RAN Alliance nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.";
-
- revision "2019-07-03" {
- description
- "version 1.1.0
-
- 1) change name leaf to type nacm:user-name-type
- 2) added account-type to qualify when password is required ";
-
- reference "ORAN-WG4.M.0-v01.00";
- }
-
- revision "2019-02-04" {
- description
- "version 1.0.0
-
- 1) imported model from xRAN
- 2) changed namespace and reference from xran to o-ran";
-
- reference "ORAN-WG4.M.0-v01.00";
- }
-
- typedef password-type {
- type string {
- length "8..128";
- pattern "[a-zA-Z0-9!$%\\^()\\[\\]_\\-~{}.+]*" {
- error-message "Password content does not meet the requirements";
- }
- }
- description
- "The password for this entry. This shouldn't be in clear text
- The Password must contain at least 2 characters from
- each of the following groups:
- a) Lower case alphabetic (a-z)
- b) Upper case alphabetic (A-Z)
- c) Numeric 0-9
- d) Special characters Allowed !$%^()[]_-~{}.+
- Password must not contain Username.";
- }
-
- grouping user-list {
- list user {
- key "name";
- description
- "The list of local users configured on this device.";
- leaf name {
- type nacm:user-name-type;
- description
- "The user name string identifying this entry.
-
- NOTE: o-ran-usermgmt:user-profile/user/name is
- identical to nacm:nacm/groups/group/user-name
- but the current schema is preserved for backwards
- compatibility.";
- }
- leaf account-type {
- type enumeration {
- enum PASSWORD {
- description "the user-name is for password based authentication";
- }
- enum CERTIFICATE {
- description "the user-name is for certificate based authentciation";
- }
- }
- default "PASSWORD";
- }
-
- leaf password {
- nacm:default-deny-all;
- type password-type;
- description
- "The password for this entry.
-
- This field is only valid when account-type is NOT set to CERTIFICATE,
- i.e., when account-type is NOT present or present and set to
- PASSWORD.";
- }
- leaf enabled {
- type boolean;
- description
- "Indicates whether an account is enabled or disabled.";
- }
- }
- }
-
- container users {
- must "user/enabled='true'" {
- error-message "At least one account needs to be enabled.";
- }
- //TAKE NOTE - any configuration with zero enabled users is invalid.
- //This will typically be the case when using a simulated NETCONF Server
- //and so this constraint should be removed when operating in those scenarios
-
- //The config data base of the O-RAN equipment should ensure that the user
- //default account is enabled on factory restart
-
- description "list of user accounts";
- uses user-list;
- }
-
- rpc chg-password {
- nacm:default-deny-all;
- input {
- leaf currentPassword {
- type password-type;
- mandatory true;
- description
- "provide the current password";
- }
- leaf newPassword {
- type password-type;
- mandatory true;
- description
- "provide a new password";
- }
- leaf newPasswordConfirm {
- type password-type;
- mandatory true;
- description
- "re-enter the new password ";
- }
- }
- output {
- leaf status {
- type enumeration {
- enum "Successful" {
- value 1;
- }
- enum "Failed" {
- value 2;
- }
- }
- mandatory true;
- description
- "Successful or Failed";
- }
- leaf status-message {
- type string;
- description
- "Gives a more detailed reason for success / failure";
- }
- }
- }
-
-}