X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ntsimulator%2Fyang%2Fo-ran-usermgmt.yang;fp=ntsimulator%2Fyang%2Fo-ran-usermgmt.yang;h=7da3b968e9553f4aab016b2318d0ae8c183be4e6;hb=29ce368a8b49cb41f3a1640581ff9958ea50ad8c;hp=0000000000000000000000000000000000000000;hpb=1d6c03fcfde03df735f82913ea795a75cd3068d9;p=sim%2Fo1-interface.git diff --git a/ntsimulator/yang/o-ran-usermgmt.yang b/ntsimulator/yang/o-ran-usermgmt.yang new file mode 100644 index 0000000..7da3b96 --- /dev/null +++ b/ntsimulator/yang/o-ran-usermgmt.yang @@ -0,0 +1,188 @@ +module o-ran-usermgmt { + yang-version 1.1; + namespace "urn:o-ran:user-mgmt:1.0"; + prefix "o-ran-usermgmt"; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization "O-RAN Alliance"; + + contact + "www.o-ran.org"; + + description + "This module defines the user management model for the O-RAN Equipment. + + Copyright 2019 the O-RAN Alliance. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the above disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the above disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the Members of the O-RAN Alliance nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission."; + + revision "2019-04-25" { + description + "version 1.0.1 + + 1) change name leaf to type nacm:user-name-type + 2) added account-type to qualify when password is required "; + + reference "ORAN-WG4.M.0-v01.00"; + } + + revision "2019-02-04" { + description + "version 1.0.0 + + 1) imported model from xRAN + 2) changed namespace and reference from xran to o-ran"; + + reference "ORAN-WG4.M.0-v01.00"; + } + + typedef password-type { + type string { + length "8..128"; + pattern "[a-zA-Z0-9!$%\\^()\\[\\]_\\-~{}.+]*" { + error-message "Password content does not meet the requirements"; + } + } + description + "The password for this entry. This shouldn't be in clear text + The Password must contain at least 2 characters from + each of the following groups: + a) Lower case alphabetic (a-z) + b) Upper case alphabetic (A-Z) + c) Numeric 0-9 + d) Special characters Allowed !$%^()[]_-~{}.+ + Password must not contain Username."; + } + + grouping user-list { + list user { + key "name"; + description + "The list of local users configured on this device."; + leaf name { + type nacm:user-name-type; + description + "The user name string identifying this entry. + + NOTE: o-ran-usermgmt:user-profile/user/name is + identical to nacm:nacm/groups/group/user-name + but the current schema is preserved for backwards + compatibility."; + } + leaf account-type { + type enumeration { + enum PASSWORD { + description "the user-name is for password based authentication"; + } + enum CERTIFICATE { + description "the user-name is for certificate based authentciation"; + } + } + default "PASSWORD"; + } + + leaf password { + nacm:default-deny-all; + type password-type; + description + "The password for this entry. + + This field is only valid when account-type is NOT set to CERTIFICATE, + i.e., when account-type is NOT present or present and set to + PASSWORD."; + } + leaf enabled { + type boolean; + description + "Indicates whether an account is enabled or disabled."; + } + } + } + + container users { + must "user/enabled='true'" { + error-message "At least one account needs to be enabled."; + } + //TAKE NOTE - any configuration with zero enabled users is invalid. + //This will typically be the case when using a simulated NETCONF Server + //and so this constraint should be removed when operating in those scenarios + + //The config data base of the O-RAN equipment should ensure that the user + //default account is enabled on factory restart + + description "list of user accounts"; + uses user-list; + } + + rpc chg-password { + nacm:default-deny-all; + input { + leaf currentPassword { + type password-type; + mandatory true; + description + "provide the current password"; + } + leaf newPassword { + type password-type; + mandatory true; + description + "provide a new password"; + } + leaf newPasswordConfirm { + type password-type; + mandatory true; + description + "re-enter the new password "; + } + } + output { + leaf status { + type enumeration { + enum "Successful" { + value 1; + } + enum "Failed" { + value 2; + } + } + mandatory true; + description + "Successful or Failed"; + } + leaf status-message { + type string; + description + "Gives a more detailed reason for success / failure"; + } + } + } + +}