X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=data-model%2Fyang%2Fpublished%2Fo-ran%2Fru-fh%2Fo-ran-usermgmt%402022-08-15.yang;fp=data-model%2Fyang%2Fpublished%2Fo-ran%2Fru-fh%2Fo-ran-usermgmt%402022-08-15.yang;h=8d97db38db9a60b776af6783d89332aad81f82d9;hb=5a4d5f6105bb5f5fcf3ba92d2e50346766f2f485;hp=0000000000000000000000000000000000000000;hpb=ee63226cb62a49d3e08f14a78280d9d8d2a56992;p=scp%2Foam%2Fmodeling.git diff --git a/data-model/yang/published/o-ran/ru-fh/o-ran-usermgmt@2022-08-15.yang b/data-model/yang/published/o-ran/ru-fh/o-ran-usermgmt@2022-08-15.yang new file mode 100644 index 0000000..8d97db3 --- /dev/null +++ b/data-model/yang/published/o-ran/ru-fh/o-ran-usermgmt@2022-08-15.yang @@ -0,0 +1,243 @@ +module o-ran-usermgmt { + yang-version 1.1; + namespace "urn:o-ran:user-mgmt:1.0"; + prefix "o-ran-usermgmt"; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + import o-ran-wg4-features { + prefix "feat"; + } + + organization "O-RAN Alliance"; + + contact + "www.o-ran.org"; + + description + "This module defines the user management model for the O-RAN Equipment. + + Copyright 2019 the O-RAN Alliance. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the above disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the above disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the Members of the O-RAN Alliance nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission."; + + revision "2022-08-15" { + description + "version 10.0.0 + + 1) introduced SHARED-ORU-MULTI-OPERATOR feature."; + + reference "ORAN-WG4.M.0-v10.00"; + } + + + revision "2021-12-01" { + description + "version 1.3.0 + + 1) typographical corrections in descriptions"; + + reference "ORAN-WG4.M.0-v01.00"; + } + + revision "2020-12-10" { + description + "version 1.2.0 + + 1) updated description for enabled leaf"; + + reference "ORAN-WG4.M.0-v01.00"; + } + + revision "2019-07-03" { + description + "version 1.1.0 + + 1) change name leaf to type nacm:user-name-type + 2) added account-type to qualify when password is required "; + + reference "ORAN-WG4.M.0-v01.00"; + } + + revision "2019-02-04" { + description + "version 1.0.0 + + 1) imported model from xRAN + 2) changed namespace and reference from xran to o-ran"; + + reference "ORAN-WG4.M.0-v01.00"; + } + + typedef password-type { + type string { + length "8..128"; + pattern "[a-zA-Z0-9!$%\\^()\\[\\]_\\-~{}.+]*" { + error-message "Password content does not meet the requirements"; + } + } + description + "The password for this entry. This shouldn't be in clear text + The Password must contain at least 2 characters from + each of the following groups: + a) Lower case alphabetic (a-z) + b) Upper case alphabetic (A-Z) + c) Numeric 0-9 + d) Special characters Allowed !$%^()[]_-~{}.+ + Password must not contain Username."; + } + + grouping user-list { + description "a user list grouping"; + list user { + key "name"; + description + "The list of local users configured on this device."; + leaf name { + type nacm:user-name-type; + description + "The user name string identifying this entry. + + NOTE: o-ran-usermgmt:user-profile/user/name is + identical to nacm:nacm/groups/group/user-name + but the current schema is preserved for backwards + compatibility."; + } + leaf account-type { + type enumeration { + enum PASSWORD { + description "the user-name is for password based authentication"; + } + enum CERTIFICATE { + description "the user-name is for certificate based authentication"; + } + } + default "PASSWORD"; + description "the account type"; + } + + leaf password { + nacm:default-deny-all; + type password-type; + description + "The password for this entry. + + This field is only valid when account-type is NOT set to CERTIFICATE, + i.e., when account-type is NOT present or present and set to + PASSWORD."; + } + leaf enabled { + type boolean; + description + "Indicates whether an account is enabled or disabled. + + A NETCONF Server shall reject a configuration that attempts to + enable a Password account for an account where the password leaf + is not configured. + + This validation statement is included in the YANG description and + not in a MUST statement to preserve backwards compatibility."; + } + leaf-list sro-id { + if-feature feat:SHARED-ORU-MULTI-OPERATOR; + type string; + description + "An optional list if Shared Resource Operator identities associated with the + user-account. Used to realize enhanced access privileges in a shared O-RU. + When an sro-id is configured in the O-RU, the O-RU shall + implement additional sro-id based NETCONF access control + as specified in O-RAN.WG4.MP.0-v10.00. + The O-RU does not further interpret the specific value of sro-id."; + } + } + } + + container users { + must "user/enabled='true'" { + error-message "At least one account needs to be enabled."; + } + //TAKE NOTE - any configuration with zero enabled users is invalid. + //This will typically be the case when using a simulated NETCONF Server + //and so this constraint should be removed when operating in those scenarios + + //The config data base of the O-RAN equipment should ensure that the user + //default account is enabled on factory restart + + description "list of user accounts"; + uses user-list; + } + + rpc chg-password { + description "the RPC used to change a password"; + nacm:default-deny-all; + input { + leaf currentPassword { + type password-type; + mandatory true; + description + "provide the current password"; + } + leaf newPassword { + type password-type; + mandatory true; + description + "provide a new password"; + } + leaf newPasswordConfirm { + type password-type; + mandatory true; + description + "re-enter the new password "; + } + } + output { + leaf status { + type enumeration { + enum "Successful" { + value 1; + description "change password operation is successful"; + } + enum "Failed" { + value 2; + description "change password operation failed"; + } + } + mandatory true; + description + "Successful or Failed"; + } + leaf status-message { + type string; + description + "Gives a more detailed reason for success / failure"; + } + } + } + +}