.pylintrc
output
-# data models in scp/oam/modeling
-*.yang
-
# Avoid ignoring Maven wrapper jar file (.jar files are usually ignored)
!/.mvn/wrapper/maven-wrapper.jar
--- /dev/null
+module iana-crypt-hash {
+ namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash";
+ prefix ianach;
+
+ organization "IANA";
+ contact
+ " Internet Assigned Numbers Authority
+
+ Postal: ICANN
+ 12025 Waterfront Drive, Suite 300
+ Los Angeles, CA 90094-2536
+ United States
+
+ Tel: +1 310 301 5800
+ E-Mail: iana@iana.org>";
+ description
+ "This YANG module defines a type for storing passwords
+ using a hash function and features to indicate which hash
+ functions are supported by an implementation.
+
+ The latest revision of this YANG module can be obtained from
+ the IANA web site.
+
+ Requests for new values should be made to IANA via
+ email (iana@iana.org).
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ The initial version of this YANG module is part of RFC 7317;
+ see the RFC itself for full legal notices.";
+
+ revision 2014-08-06 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7317: A YANG Data Model for System Management";
+ }
+
+ typedef crypt-hash {
+ type string {
+ pattern
+ '$0$.*'
+ + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
+ + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
+ + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
+ }
+ description
+ "The crypt-hash type is used to store passwords using
+ a hash function. The algorithms for applying the hash
+ function and encoding the result are implemented in
+ various UNIX systems as the function crypt(3).
+
+ A value of this type matches one of the forms:
+
+ $0$<clear text password>
+ $<id>$<salt>$<password hash>
+ $<id>$<parameter>$<salt>$<password hash>
+
+ The '$0$' prefix signals that the value is clear text. When
+ such a value is received by the server, a hash value is
+ calculated, and the string '$<id>$<salt>$' or
+ $<id>$<parameter>$<salt>$ is prepended to the result. This
+ value is stored in the configuration data store.
+ If a value starting with '$<id>$', where <id> is not '0', is
+ received, the server knows that the value already represents a
+ hashed value and stores it 'as is' in the data store.
+
+ When a server needs to verify a password given by a user, it
+ finds the stored password hash string for that user, extracts
+ the salt, and calculates the hash with the salt and given
+ password as input. If the calculated hash value is the same
+ as the stored value, the password given by the client is
+ accepted.
+
+ This type defines the following hash functions:
+
+ id | hash function | feature
+ ---+---------------+-------------------
+ 1 | MD5 | crypt-hash-md5
+ 5 | SHA-256 | crypt-hash-sha-256
+ 6 | SHA-512 | crypt-hash-sha-512
+
+ The server indicates support for the different hash functions
+ by advertising the corresponding feature.";
+ reference
+ "IEEE Std 1003.1-2008 - crypt() function
+ RFC 1321: The MD5 Message-Digest Algorithm
+ FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+ feature crypt-hash-md5 {
+ description
+ "Indicates that the device supports the MD5
+ hash function in 'crypt-hash' values.";
+ reference "RFC 1321: The MD5 Message-Digest Algorithm";
+ }
+
+ feature crypt-hash-sha-256 {
+ description
+ "Indicates that the device supports the SHA-256
+ hash function in 'crypt-hash' values.";
+ reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+ feature crypt-hash-sha-512 {
+ description
+ "Indicates that the device supports the SHA-512
+ hash function in 'crypt-hash' values.";
+ reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
+ }
+
+}
\ No newline at end of file
--- /dev/null
+module ietf-geo-location {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-geo-location";
+ prefix geo;
+ import ietf-yang-types {
+ prefix yang;
+ reference "RFC 6991: Common YANG Data Types";
+ }
+
+ organization
+ "IETF NETMOD Working Group (NETMOD)";
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Christian Hopps
+ <mailto:chopps@chopps.org>";
+
+ description
+ "This module defines a grouping of a container object for
+ specifying a location on or around an astronomical object (e.g.,
+ 'earth').
+
+ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
+ NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
+ 'MAY', and 'OPTIONAL' in this document are to be interpreted as
+ described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
+ they appear in all capitals, as shown here.
+
+ Copyright (c) 2022 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms,
+ with or without modification, is permitted pursuant to,
+ and subject to the license terms contained in, the
+ Revised BSD License set forth in Section 4.c of the
+ IETF Trust's Legal Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 9179
+ (https://www.rfc-editor.org/info/rfc9179); see the RFC itself
+ for full legal notices.";
+
+ revision 2022-02-11 {
+ description
+ "Initial Revision";
+ reference
+ "RFC 9179: A YANG Grouping for Geographic Locations";
+ }
+
+ feature alternate-systems {
+ description
+ "This feature means the device supports specifying locations
+ using alternate systems for reference frames.";
+ }
+
+ grouping geo-location {
+ description
+ "Grouping to identify a location on an astronomical object.";
+
+ container geo-location {
+ description
+ "A location on an astronomical body (e.g., 'earth')
+ somewhere in a universe.";
+
+ container reference-frame {
+ description
+ "The Frame of Reference for the location values.";
+
+ leaf alternate-system {
+ if-feature "alternate-systems";
+ type string;
+ description
+ "The system in which the astronomical body and
+ geodetic-datum is defined. Normally, this value is not
+ present and the system is the natural universe; however,
+ when present, this value allows for specifying alternate
+ systems (e.g., virtual realities). An alternate-system
+ modifies the definition (but not the type) of the other
+ values in the reference frame.";
+ }
+ leaf astronomical-body {
+ type string {
+ pattern '[ -@\[-\^_-~]*';
+ }
+ default "earth";
+ description
+ "An astronomical body as named by the International
+ Astronomical Union (IAU) or according to the alternate
+ system if specified. Examples include 'sun' (our star),
+ 'earth' (our planet), 'moon' (our moon), 'enceladus' (a
+ moon of Saturn), 'ceres' (an asteroid), and
+ '67p/churyumov-gerasimenko (a comet). The ASCII value
+ SHOULD have uppercase converted to lowercase and not
+ include control characters (i.e., values 32..64, and
+ 91..126). Any preceding 'the' in the name SHOULD NOT be
+ included.";
+ reference
+ "https://www.iau.org/";
+ }
+ container geodetic-system {
+ description
+ "The geodetic system of the location data.";
+ leaf geodetic-datum {
+ type string {
+ pattern '[ -@\[-\^_-~]*';
+ }
+ description
+ "A geodetic-datum defining the meaning of latitude,
+ longitude, and height. The default when the
+ astronomical body is 'earth' is 'wgs-84', which is
+ used by the Global Positioning System (GPS). The
+ ASCII value SHOULD have uppercase converted to
+ lowercase and not include control characters
+ (i.e., values 32..64, and 91..126). The IANA registry
+ further restricts the value by converting all spaces
+ (' ') to dashes ('-').
+ The specification for the geodetic-datum indicates
+ how accurately it models the astronomical body in
+ question, both for the 'horizontal'
+ latitude/longitude coordinates and for height
+ coordinates.";
+ reference
+ "RFC 9179: A YANG Grouping for Geographic Locations,
+ Section 6.1";
+ }
+ leaf coord-accuracy {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ description
+ "The accuracy of the latitude/longitude pair for
+ ellipsoidal coordinates, or the X, Y, and Z components
+ for Cartesian coordinates. When coord-accuracy is
+ specified, it indicates how precisely the coordinates
+ in the associated list of locations have been
+ determined with respect to the coordinate system
+ defined by the geodetic-datum. For example, there
+ might be uncertainty due to measurement error if an
+ experimental measurement was made to determine each
+ location.";
+ }
+ leaf height-accuracy {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ units "meters";
+ description
+ "The accuracy of the height value for ellipsoidal
+ coordinates; this value is not used with Cartesian
+ coordinates. When height-accuracy is specified, it
+ indicates how precisely the heights in the
+ associated list of locations have been determined
+ with respect to the coordinate system defined by the
+ geodetic-datum. For example, there might be
+ uncertainty due to measurement error if an
+ experimental measurement was made to determine each
+ location.";
+ }
+ }
+ }
+ choice location {
+ description
+ "The location data either in latitude/longitude or
+ Cartesian values";
+ case ellipsoid {
+ leaf latitude {
+ type decimal64 {
+ fraction-digits 16;
+ }
+ units "decimal degrees";
+ description
+ "The latitude value on the astronomical body. The
+ definition and precision of this measurement is
+ indicated by the reference-frame.";
+ }
+ leaf longitude {
+ type decimal64 {
+ fraction-digits 16;
+ }
+ units "decimal degrees";
+ description
+ "The longitude value on the astronomical body. The
+ definition and precision of this measurement is
+ indicated by the reference-frame.";
+ }
+ leaf height {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ units "meters";
+ description
+ "Height from a reference 0 value. The precision and
+ '0' value is defined by the reference-frame.";
+ }
+ }
+ case cartesian {
+ leaf x {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ units "meters";
+ description
+ "The X value as defined by the reference-frame.";
+ }
+ leaf y {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ units "meters";
+ description
+ "The Y value as defined by the reference-frame.";
+ }
+ leaf z {
+ type decimal64 {
+ fraction-digits 6;
+ }
+ units "meters";
+ description
+ "The Z value as defined by the reference-frame.";
+ }
+ }
+ }
+ container velocity {
+ description
+ "If the object is in motion, the velocity vector describes
+ this motion at the time given by the timestamp. For a
+ formula to convert these values to speed and heading, see
+ RFC 9179.";
+ reference
+ "RFC 9179: A YANG Grouping for Geographic Locations";
+
+ leaf v-north {
+ type decimal64 {
+ fraction-digits 12;
+ }
+ units "meters per second";
+ description
+ "v-north is the rate of change (i.e., speed) towards
+ true north as defined by the geodetic-system.";
+ }
+
+ leaf v-east {
+ type decimal64 {
+ fraction-digits 12;
+ }
+ units "meters per second";
+ description
+ "v-east is the rate of change (i.e., speed) perpendicular
+ to the right of true north as defined by
+ the geodetic-system.";
+ }
+
+ leaf v-up {
+ type decimal64 {
+ fraction-digits 12;
+ }
+ units "meters per second";
+ description
+ "v-up is the rate of change (i.e., speed) away from the
+ center of mass.";
+ }
+ }
+ leaf timestamp {
+ type yang:date-and-time;
+ description
+ "Reference time when location was recorded.";
+ }
+ leaf valid-until {
+ type yang:date-and-time;
+ description
+ "The timestamp for which this geo-location is valid until.
+ If unspecified, the geo-location has no specific
+ expiration time.";
+ }
+ }
+ }
+}
--- /dev/null
+module ietf-inet-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types";
+ prefix "inet";
+
+ organization
+ "IETF Network Modeling (NETMOD) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types for Internet addresses and related things.
+
+ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
+ NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
+ 'MAY', and 'OPTIONAL' in this document are to be interpreted as
+ described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
+ they appear in all capitals, as shown here.
+
+ Copyright (c) 2021 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX;
+ see the RFC itself for full legal notices.";
+
+ revision 2021-02-22 {
+ description
+ "This revision adds the following new data types:
+ - inet:ip-address-and-prefix
+ - inet:ipv4-address-and-prefix
+ - inet:ipv6-address-and-prefix
+ - inet:host-name
+ - inet:email-address
+ The inet:host union was changed to use inet:host-name instead
+ of inet:domain-name.";
+ reference
+ "RFC XXXX: Common YANG Data Types";
+ }
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - inet:ip-address-no-zone
+ - inet:ipv4-address-no-zone
+ - inet:ipv6-address-no-zone";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of types related to protocol fields ***/
+
+ typedef ip-version {
+ type enumeration {
+ enum unknown {
+ value "0";
+ description
+ "An unknown or unspecified version of the Internet
+ protocol.";
+ }
+ enum ipv4 {
+ value "1";
+ description
+ "The IPv4 protocol as defined in RFC 791.";
+ }
+ enum ipv6 {
+ value "2";
+ description
+ "The IPv6 protocol as defined in RFC 2460.";
+ }
+ }
+ description
+ "This value represents the version of the IP protocol.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetVersion textual convention of the SMIv2.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+ typedef dscp {
+ type uint8 {
+ range "0..63";
+ }
+ description
+ "The dscp type represents a Differentiated Services Code Point
+ that may be used for marking packets in a traffic stream.
+
+ In the value set and its semantics, this type is equivalent
+ to the Dscp textual convention of the SMIv2.";
+ reference
+ "RFC 3289: Management Information Base for the Differentiated
+ Services Architecture
+ RFC 2474: Definition of the Differentiated Services Field
+ (DS Field) in the IPv4 and IPv6 Headers
+ RFC 2780: IANA Allocation Guidelines For Values In
+ the Internet Protocol and Related Headers";
+ }
+
+ typedef ipv6-flow-label {
+ type uint32 {
+ range "0..1048575";
+ }
+ description
+ "The ipv6-flow-label type represents the flow identifier or
+ Flow Label in an IPv6 packet header that may be used to
+ discriminate traffic flows.
+
+ In the value set and its semantics, this type is equivalent
+ to the IPv6FlowLabel textual convention of the SMIv2.";
+ reference
+ "RFC 3595: Textual Conventions for IPv6 Flow Label
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification";
+ }
+
+ typedef port-number {
+ type uint16 {
+ range "0..65535";
+ }
+ description
+ "The port-number type represents a 16-bit port number of an
+ Internet transport-layer protocol such as UDP, TCP, DCCP, or
+ SCTP. Port numbers are assigned by IANA. A current list of
+ all assignments is available from <http://www.iana.org/>.
+
+ Note that the port number value zero is reserved by IANA. In
+ situations where the value zero does not make sense, it can
+ be excluded by subtyping the port-number type.
+ In the value set and its semantics, this type is equivalent
+ to the InetPortNumber textual convention of the SMIv2.";
+ reference
+ "RFC 768: User Datagram Protocol
+ RFC 793: Transmission Control Protocol
+ RFC 4960: Stream Control Transmission Protocol
+ RFC 4340: Datagram Congestion Control Protocol (DCCP)
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+
+ /*** collection of types related to autonomous systems ***/
+
+ typedef as-number {
+ type uint32;
+ description
+ "The as-number type represents autonomous system numbers
+ which identify an Autonomous System (AS). An AS is a set
+ of routers under a single technical administration, using
+ an interior gateway protocol and common metrics to route
+ packets within the AS, and using an exterior gateway
+ protocol to route packets to other ASes. IANA maintains
+ the AS number space and has delegated large parts to the
+ regional registries.
+
+ Autonomous system numbers were originally limited to 16
+ bits. BGP extensions have enlarged the autonomous system
+ number space to 32 bits. This type therefore uses an uint32
+ base type without a range restriction in order to support
+ a larger autonomous system number space.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetAutonomousSystemNumber textual convention of
+ the SMIv2.";
+ reference
+ "RFC 1930: Guidelines for creation, selection, and registration
+ of an Autonomous System (AS)
+ RFC 4271: A Border Gateway Protocol 4 (BGP-4)
+ RFC 4001: Textual Conventions for Internet Network Addresses
+ RFC 6793: BGP Support for Four-Octet Autonomous System (AS)
+ Number Space";
+ }
+
+ /*** collection of types related to IP addresses and hostnames ***/
+
+ typedef ip-address {
+ type union {
+ type inet:ipv4-address;
+ type inet:ipv6-address;
+ }
+ description
+ "The ip-address type represents an IP address and is IP
+ version neutral. The format of the textual representation
+ implies the IP version. This type supports scoped addresses
+ by allowing zone identifiers in the address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '(%[\p{N}\p{L}]+)?';
+ }
+ description
+ "The ipv4-address type represents an IPv4 address in
+ dotted-quad notation. The IPv4 address may include a zone
+ index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format for the zone index is the numerical
+ format";
+ }
+
+ typedef ipv6-address {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(%[\p{N}\p{L}]+)?';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(%.+)?';
+ }
+ description
+ "The ipv6-address type represents an IPv6 address in full,
+ mixed, shortened, and shortened-mixed notation. The IPv6
+ address may include a zone index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format of IPv6 addresses uses the textual
+ representation defined in Section 4 of RFC 5952. The
+ canonical format for the zone index is the numerical
+ format as described in Section 11.2 of RFC 4007.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-address-no-zone {
+ type union {
+ type inet:ipv4-address-no-zone;
+ type inet:ipv6-address-no-zone;
+ }
+ description
+ "The ip-address-no-zone type represents an IP address and is
+ IP version neutral. The format of the textual representation
+ implies the IP version. This type does not support scoped
+ addresses since it does not allow zone identifiers in the
+ address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address-no-zone {
+ type inet:ipv4-address {
+ pattern '[0-9\.]*';
+ }
+ description
+ "An IPv4 address without a zone index. This type, derived from
+ ipv4-address, may be used in situations where the zone is known
+ from the context and hence no zone index is needed.";
+ }
+
+ typedef ipv6-address-no-zone {
+ type inet:ipv6-address {
+ pattern '[0-9a-fA-F:\.]*';
+ }
+ description
+ "An IPv6 address without a zone index. This type, derived from
+ ipv6-address, may be used in situations where the zone is known
+ from the context and hence no zone index is needed.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-prefix {
+ type union {
+ type inet:ipv4-prefix;
+ type inet:ipv6-prefix;
+ }
+ description
+ "The ip-prefix type represents an IP prefix and is IP
+ version neutral. The format of the textual representations
+ implies the IP version.";
+ }
+
+ typedef ipv4-prefix {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '/(([0-9])|([1-2][0-9])|(3[0-2]))';
+ }
+ description
+ "The ipv4-prefix type represents an IPv4 prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 32.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The canonical format of an IPv4 prefix has all bits of
+ the IPv4 address set to zero that are not part of the
+ IPv4 prefix.
+
+ The definition of ipv4-prefix does not require that bits,
+ which are not part of the prefix, are set to zero. However,
+ implementations have to return values in canonical format,
+ which requires non-prefix bits to be set to zero. This means
+ that 192.0.2.1/24 must be accepted as a valid value but it
+ will be converted into the canonical format 192.0.2.0/24.";
+ }
+
+ typedef ipv6-prefix {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(/.+)';
+ }
+ description
+ "The ipv6-prefix type represents an IPv6 prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 128.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The canonical format of an IPv6 prefix has all bits of
+ the IPv6 address set to zero that are not part of the
+ IPv6 prefix. Furthermore, the IPv6 address is represented
+ as defined in Section 4 of RFC 5952.
+
+ The definition of ipv6-prefix does not require that bits,
+ which are not part of the prefix, are set to zero. However,
+ implementations have to return values in canonical format,
+ which requires non-prefix bits to be set to zero. This means
+ that 2001:db8::1/64 must be accepted as a valid value but it
+ will be converted into the canonical format 2001:db8::/64.";
+ reference
+ "RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-address-and-prefix {
+ type union {
+ type inet:ipv4-address-and-prefix;
+ type inet:ipv6-address-and-prefix;
+ }
+ description
+ "The ip-address-and-prefix type represents an IP address and
+ prefix and is IP version neutral. The format of the textual
+ representations implies the IP version.";
+ }
+
+ typedef ipv4-address-and-prefix {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '/(([0-9])|([1-2][0-9])|(3[0-2]))';
+ }
+ description
+ "The ipv4-address-and-prefix type represents an IPv4
+ address and an associated ipv4 prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 32.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.";
+ }
+
+ typedef ipv6-address-and-prefix {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(/.+)';
+ }
+ description
+ "The ipv6-address-and-prefix type represents an IPv6
+ address and an associated ipv4 prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 128.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The canonical format requires that the IPv6 address is
+ represented as defined in Section 4 of RFC 5952.";
+ reference
+ "RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ /*** collection of domain name and URI types ***/
+
+ typedef domain-name {
+ type string {
+ length "1..253";
+ pattern
+ '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'
+ + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'
+ + '|\.';
+ }
+ description
+ "The domain-name type represents a DNS domain name. The
+ name SHOULD be fully qualified whenever possible. This
+ type does not support wildcards (see RFC 4592) or
+ classless in-addr.arpa delegations (see RFC 2317).
+
+ Internet domain names are only loosely specified. Section
+ 3.5 of RFC 1034 recommends a syntax (modified in Section
+ 2.1 of RFC 1123). The pattern above is intended to allow
+ for current practice in domain name use, and some possible
+ future expansion. Note that Internet host names have a
+ stricter syntax (described in RFC 952) than the DNS
+ recommendations in RFCs 1034 and 1123. Schema nodes
+ representing host names should use the host-name type
+ instead of the domain-type.
+
+ The encoding of DNS names in the DNS protocol is limited
+ to 255 characters. Since the encoding consists of labels
+ prefixed by a length bytes and there is a trailing NULL
+ byte, only 253 characters can appear in the textual dotted
+ notation.
+
+ The description clause of schema nodes using the domain-name
+ type MUST describe when and how these names are resolved to
+ IP addresses. Note that the resolution of a domain-name value
+ may require to query multiple DNS records (e.g., A for IPv4
+ and AAAA for IPv6). The order of the resolution process and
+ which DNS record takes precedence can either be defined
+ explicitly or may depend on the configuration of the
+ resolver.
+
+ Domain-name values use the US-ASCII encoding. Their canonical
+ format uses lowercase US-ASCII characters. Internationalized
+ domain names MUST be A-labels as per RFC 5890.";
+ reference
+ "RFC 952: DoD Internet Host Table Specification
+ RFC 1034: Domain Names - Concepts and Facilities
+ RFC 1123: Requirements for Internet Hosts -- Application
+ and Support
+ RFC 2317: Classless IN-ADDR.ARPA delegation
+ RFC 2782: A DNS RR for specifying the location of services
+ (DNS SRV)
+ RFC 4592: The Role of Wildcards in the Domain Name System
+ RFC 5890: Internationalized Domain Names in Applications
+ (IDNA): Definitions and Document Framework";
+ }
+
+ typedef host-name {
+ type domain-name {
+ pattern '[a-zA-Z0-9\-\.]+';
+ length "2..max";
+ }
+ description
+ "The host-name type represents (fully qualified) host names.
+ Host names must be at least two characters long (see RFC 952)
+ and they are restricted to labels consisting of letters, digits
+ and hyphens separated by dots (see RFC1123 and RFC 952).";
+ reference
+ "RFC 952: DoD Internet Host Table Specification
+ RFC 1123: Requirements for Internet Hosts: Application and Support";
+ }
+
+ typedef host {
+ type union {
+ type inet:ip-address;
+ type inet:host-name;
+ }
+ description
+ "The host type represents either an IP address or a (fully
+ qualified) host name.";
+ }
+
+ /*
+ * DISCUSS:
+ * - It was discussed to define int-domain-name and int-host-name
+ * that use U-labels instead of A-labels and to add int-host-name
+ * to the inet:host union, perhaps all gated by an inet:idna-aware
+ * feature.
+ * - It is not clear how inet:idna-aware affects inet:email-address
+ * and inet:uri - do we also need int-uri and int-email-address?
+ */
+
+ typedef uri {
+ type string;
+ description
+ "The uri type represents a Uniform Resource Identifier
+ (URI) as defined by STD 66.
+
+ Objects using the uri type MUST be in US-ASCII encoding,
+ and MUST be normalized as described by RFC 3986 Sections
+ 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary
+ percent-encoding is removed, and all case-insensitive
+ characters are set to lowercase except for hexadecimal
+ digits, which are normalized to uppercase as described in
+ Section 6.2.2.1.
+
+ The purpose of this normalization is to help provide
+ unique URIs. Note that this normalization is not
+ sufficient to provide uniqueness. Two URIs that are
+ textually distinct after this normalization may still be
+ equivalent.
+
+ Objects using the uri type may restrict the schemes that
+ they permit. For example, 'data:' and 'urn:' schemes
+ might not be appropriate.
+
+ A zero-length URI is not a valid URI. This can be used to
+ express 'URI absent' where required.
+
+ In the value set and its semantics, this type is equivalent
+ to the Uri SMIv2 textual convention defined in RFC 5017.";
+ reference
+ "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax
+ RFC 3305: Report from the Joint W3C/IETF URI Planning Interest
+ Group: Uniform Resource Identifiers (URIs), URLs,
+ and Uniform Resource Names (URNs): Clarifications
+ and Recommendations
+ RFC 5017: MIB Textual Conventions for Uniform Resource
+ Identifiers (URIs)";
+ }
+
+ typedef email-address {
+ type string {
+ // dot-atom-text "@" ...
+ pattern '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+'
+ + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*'
+ + '@'
+ + '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+'
+ + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*';
+ }
+ description
+ "The email-address type represents an email address as
+ defined as addr-spec in RFC 5322 section 3.4.1.";
+ reference
+ "RFC 5322: Internet Message Format";
+ }
+
+ /*
+ * DISCUSS:
+ * - Need to define a pattern that has a meaningful trade-off
+ * between precision and complexity (there are very tight
+ * pattern that are very long and complex). The current
+ * pattern does not take care of quoted-string, obs-local-part,
+ * domain-literal, obs-domain.
+ */
+
+}
--- /dev/null
+module ietf-netconf-acm {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm";
+
+ prefix nacm;
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ Author: Andy Bierman
+ <mailto:andy@yumaworks.com>
+
+ Author: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "Network Configuration Access Control Model.
+
+ Copyright (c) 2012 - 2018 IETF Trust and the persons
+ identified as authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8341; see
+ the RFC itself for full legal notices.";
+
+ revision "2018-02-14" {
+ description
+ "Added support for YANG 1.1 actions and notifications tied to
+ data nodes. Clarified how NACM extensions can be used by
+ other data models.";
+ reference
+ "RFC 8341: Network Configuration Access Control Model";
+ }
+
+ revision "2012-02-22" {
+ description
+ "Initial version.";
+ reference
+ "RFC 6536: Network Configuration Protocol (NETCONF)
+ Access Control Model";
+ }
+
+ /*
+ * Extension statements
+ */
+
+ extension default-deny-write {
+ description
+ "Used to indicate that the data model node
+ represents a sensitive security system parameter.
+
+ If present, the NETCONF server will only allow the designated
+ 'recovery session' to have write access to the node. An
+ explicit access control rule is required for all other users.
+
+ If the NACM module is used, then it must be enabled (i.e.,
+ /nacm/enable-nacm object equals 'true'), or this extension
+ is ignored.
+
+ The 'default-deny-write' extension MAY appear within a data
+ definition statement. It is ignored otherwise.";
+ }
+
+ extension default-deny-all {
+ description
+ "Used to indicate that the data model node
+ controls a very sensitive security system parameter.
+
+ If present, the NETCONF server will only allow the designated
+ 'recovery session' to have read, write, or execute access to
+ the node. An explicit access control rule is required for all
+ other users.
+
+ If the NACM module is used, then it must be enabled (i.e.,
+ /nacm/enable-nacm object equals 'true'), or this extension
+ is ignored.
+
+ The 'default-deny-all' extension MAY appear within a data
+ definition statement, 'rpc' statement, or 'notification'
+ statement. It is ignored otherwise.";
+ }
+
+ /*
+ * Derived types
+ */
+
+ typedef user-name-type {
+ type string {
+ length "1..max";
+ }
+ description
+ "General-purpose username string.";
+ }
+
+ typedef matchall-string-type {
+ type string {
+ pattern '\*';
+ }
+ description
+ "The string containing a single asterisk '*' is used
+ to conceptually represent all possible values
+ for the particular leaf using this data type.";
+ }
+
+ typedef access-operations-type {
+ type bits {
+ bit create {
+ description
+ "Any protocol operation that creates a
+ new data node.";
+ }
+ bit read {
+ description
+ "Any protocol operation or notification that
+ returns the value of a data node.";
+ }
+ bit update {
+ description
+ "Any protocol operation that alters an existing
+ data node.";
+ }
+ bit delete {
+ description
+ "Any protocol operation that removes a data node.";
+ }
+ bit exec {
+ description
+ "Execution access to the specified protocol operation.";
+ }
+ }
+ description
+ "Access operation.";
+ }
+
+ typedef group-name-type {
+ type string {
+ length "1..max";
+ pattern '[^\*].*';
+ }
+ description
+ "Name of administrative group to which
+ users can be assigned.";
+ }
+
+ typedef action-type {
+ type enumeration {
+ enum permit {
+ description
+ "Requested action is permitted.";
+ }
+ enum deny {
+ description
+ "Requested action is denied.";
+ }
+ }
+ description
+ "Action taken by the server when a particular
+ rule matches.";
+ }
+
+ typedef node-instance-identifier {
+ type yang:xpath1.0;
+ description
+ "Path expression used to represent a special
+ data node, action, or notification instance-identifier
+ string.
+
+ A node-instance-identifier value is an
+ unrestricted YANG instance-identifier expression.
+ All the same rules as an instance-identifier apply,
+ except that predicates for keys are optional. If a key
+ predicate is missing, then the node-instance-identifier
+ represents all possible server instances for that key.
+
+ This XML Path Language (XPath) expression is evaluated in the
+ following context:
+
+ o The set of namespace declarations are those in scope on
+ the leaf element where this type is used.
+
+ o The set of variable bindings contains one variable,
+ 'USER', which contains the name of the user of the
+ current session.
+
+ o The function library is the core function library, but
+ note that due to the syntax restrictions of an
+ instance-identifier, no functions are allowed.
+
+ o The context node is the root node in the data tree.
+
+ The accessible tree includes actions and notifications tied
+ to data nodes.";
+ }
+
+ /*
+ * Data definition statements
+ */
+
+ container nacm {
+ nacm:default-deny-all;
+
+ description
+ "Parameters for NETCONF access control model.";
+
+ leaf enable-nacm {
+ type boolean;
+ default "true";
+ description
+ "Enables or disables all NETCONF access control
+ enforcement. If 'true', then enforcement
+ is enabled. If 'false', then enforcement
+ is disabled.";
+ }
+
+ leaf read-default {
+ type action-type;
+ default "permit";
+ description
+ "Controls whether read access is granted if
+ no appropriate rule is found for a
+ particular read request.";
+ }
+
+ leaf write-default {
+ type action-type;
+ default "deny";
+ description
+ "Controls whether create, update, or delete access
+ is granted if no appropriate rule is found for a
+ particular write request.";
+ }
+
+ leaf exec-default {
+ type action-type;
+ default "permit";
+ description
+ "Controls whether exec access is granted if no appropriate
+ rule is found for a particular protocol operation request.";
+ }
+
+ leaf enable-external-groups {
+ type boolean;
+ default "true";
+ description
+ "Controls whether the server uses the groups reported by the
+ NETCONF transport layer when it assigns the user to a set of
+ NACM groups. If this leaf has the value 'false', any group
+ names reported by the transport layer are ignored by the
+ server.";
+ }
+
+ leaf denied-operations {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that a
+ protocol operation request was denied.";
+ }
+
+ leaf denied-data-writes {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that a
+ protocol operation request to alter
+ a configuration datastore was denied.";
+ }
+
+ leaf denied-notifications {
+ type yang:zero-based-counter32;
+ config false;
+ mandatory true;
+ description
+ "Number of times since the server last restarted that
+ a notification was dropped for a subscription because
+ access to the event type was denied.";
+ }
+
+ container groups {
+ description
+ "NETCONF access control groups.";
+
+ list group {
+ key name;
+
+ description
+ "One NACM group entry. This list will only contain
+ configured entries, not any entries learned from
+ any transport protocols.";
+
+ leaf name {
+ type group-name-type;
+ description
+ "Group name associated with this entry.";
+ }
+
+ leaf-list user-name {
+ type user-name-type;
+ description
+ "Each entry identifies the username of
+ a member of the group associated with
+ this entry.";
+ }
+ }
+ }
+
+ list rule-list {
+ key name;
+ ordered-by user;
+ description
+ "An ordered collection of access control rules.";
+
+ leaf name {
+ type string {
+ length "1..max";
+ }
+ description
+ "Arbitrary name assigned to the rule-list.";
+ }
+ leaf-list group {
+ type union {
+ type matchall-string-type;
+ type group-name-type;
+ }
+ description
+ "List of administrative groups that will be
+ assigned the associated access rights
+ defined by the 'rule' list.
+
+ The string '*' indicates that all groups apply to the
+ entry.";
+ }
+
+ list rule {
+ key name;
+ ordered-by user;
+ description
+ "One access control rule.
+
+ Rules are processed in user-defined order until a match is
+ found. A rule matches if 'module-name', 'rule-type', and
+ 'access-operations' match the request. If a rule
+ matches, the 'action' leaf determines whether or not
+ access is granted.";
+
+ leaf name {
+ type string {
+ length "1..max";
+ }
+ description
+ "Arbitrary name assigned to the rule.";
+ }
+
+ leaf module-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ default "*";
+ description
+ "Name of the module associated with this rule.
+
+ This leaf matches if it has the value '*' or if the
+ object being accessed is defined in the module with the
+ specified module name.";
+ }
+ choice rule-type {
+ description
+ "This choice matches if all leafs present in the rule
+ match the request. If no leafs are present, the
+ choice matches all requests.";
+ case protocol-operation {
+ leaf rpc-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ description
+ "This leaf matches if it has the value '*' or if
+ its value equals the requested protocol operation
+ name.";
+ }
+ }
+ case notification {
+ leaf notification-name {
+ type union {
+ type matchall-string-type;
+ type string;
+ }
+ description
+ "This leaf matches if it has the value '*' or if its
+ value equals the requested notification name.";
+ }
+ }
+
+ case data-node {
+ leaf path {
+ type node-instance-identifier;
+ mandatory true;
+ description
+ "Data node instance-identifier associated with the
+ data node, action, or notification controlled by
+ this rule.
+
+ Configuration data or state data
+ instance-identifiers start with a top-level
+ data node. A complete instance-identifier is
+ required for this type of path value.
+
+ The special value '/' refers to all possible
+ datastore contents.";
+ }
+ }
+ }
+
+ leaf access-operations {
+ type union {
+ type matchall-string-type;
+ type access-operations-type;
+ }
+ default "*";
+ description
+ "Access operations associated with this rule.
+
+ This leaf matches if it has the value '*' or if the
+ bit corresponding to the requested operation is set.";
+ }
+
+ leaf action {
+ type action-type;
+ mandatory true;
+ description
+ "The access control action associated with the
+ rule. If a rule has been determined to match a
+ particular request, then this object is used
+ to determine whether to permit or deny the
+ request.";
+ }
+
+ leaf comment {
+ type string;
+ description
+ "A textual description of the access rule.";
+ }
+ }
+ }
+ }
+}
--- /dev/null
+module ietf-network-topology {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-network-topology";
+ prefix nt;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+ import ietf-network {
+ prefix nw;
+ reference
+ "RFC 8345: A YANG Data Model for Network Topologies";
+ }
+
+ organization
+ "IETF I2RS (Interface to the Routing System) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/i2rs/>
+ WG List: <mailto:i2rs@ietf.org>
+
+ Editor: Alexander Clemm
+ <mailto:ludwig@clemm.org>
+
+ Editor: Jan Medved
+ <mailto:jmedved@cisco.com>
+
+ Editor: Robert Varga
+ <mailto:robert.varga@pantheon.tech>
+
+ Editor: Nitin Bahadur
+ <mailto:nitin_bahadur@yahoo.com>
+
+ Editor: Hariharan Ananthakrishnan
+ <mailto:hari@packetdesign.com>
+
+ Editor: Xufeng Liu
+ <mailto:xufeng.liu.ietf@gmail.com>";
+
+ description
+ "This module defines a common base model for a network topology,
+ augmenting the base network data model with links to connect
+ nodes, as well as termination points to terminate links
+ on nodes.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8345;
+ see the RFC itself for full legal notices.";
+
+ revision 2018-02-26 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 8345: A YANG Data Model for Network Topologies";
+ }
+
+ typedef link-id {
+ type inet:uri;
+ description
+ "An identifier for a link in a topology. The precise
+ structure of the link-id will be up to the implementation.
+ The identifier SHOULD be chosen such that the same link in a
+ real network topology will always be identified through the
+ same identifier, even if the data model is instantiated in
+ separate datastores. An implementation MAY choose to capture
+ semantics in the identifier -- for example, to indicate the
+ type of link and/or the type of topology of which the link is
+ a part.";
+ }
+
+ typedef tp-id {
+ type inet:uri;
+ description
+ "An identifier for termination points on a node. The precise
+ structure of the tp-id will be up to the implementation.
+ The identifier SHOULD be chosen such that the same termination
+ point in a real network topology will always be identified
+ through the same identifier, even if the data model is
+ instantiated in separate datastores. An implementation MAY
+ choose to capture semantics in the identifier -- for example,
+ to indicate the type of termination point and/or the type of
+ node that contains the termination point.";
+ }
+
+ grouping link-ref {
+ description
+ "This grouping can be used to reference a link in a specific
+ network. Although it is not used in this module, it is
+ defined here for the convenience of augmenting modules.";
+ leaf link-ref {
+ type leafref {
+ path "/nw:networks/nw:network[nw:network-id=current()/../"+
+ "network-ref]/nt:link/nt:link-id";
+ require-instance false;
+ }
+ description
+ "A type for an absolute reference to a link instance.
+ (This type should not be used for relative references.
+ In such a case, a relative path should be used instead.)";
+ }
+ uses nw:network-ref;
+ }
+
+ grouping tp-ref {
+ description
+ "This grouping can be used to reference a termination point
+ in a specific node. Although it is not used in this module,
+ it is defined here for the convenience of augmenting
+ modules.";
+ leaf tp-ref {
+ type leafref {
+ path "/nw:networks/nw:network[nw:network-id=current()/../"+
+ "network-ref]/nw:node[nw:node-id=current()/../"+
+ "node-ref]/nt:termination-point/nt:tp-id";
+ require-instance false;
+ }
+ description
+ "A type for an absolute reference to a termination point.
+ (This type should not be used for relative references.
+ In such a case, a relative path should be used instead.)";
+ }
+ uses nw:node-ref;
+ }
+
+ augment "/nw:networks/nw:network" {
+ description
+ "Add links to the network data model.";
+ list link {
+ key "link-id";
+ description
+ "A network link connects a local (source) node and
+ a remote (destination) node via a set of the respective
+ node's termination points. It is possible to have several
+ links between the same source and destination nodes.
+ Likewise, a link could potentially be re-homed between
+ termination points. Therefore, in order to ensure that we
+ would always know to distinguish between links, every link
+ is identified by a dedicated link identifier. Note that a
+ link models a point-to-point link, not a multipoint link.";
+ leaf link-id {
+ type link-id;
+ description
+ "The identifier of a link in the topology.
+ A link is specific to a topology to which it belongs.";
+ }
+ container source {
+ description
+ "This container holds the logical source of a particular
+ link.";
+ leaf source-node {
+ type leafref {
+ path "../../../nw:node/nw:node-id";
+ require-instance false;
+ }
+ description
+ "Source node identifier. Must be in the same topology.";
+ }
+ leaf source-tp {
+ type leafref {
+ path "../../../nw:node[nw:node-id=current()/../"+
+ "source-node]/termination-point/tp-id";
+ require-instance false;
+ }
+ description
+ "This termination point is located within the source node
+ and terminates the link.";
+ }
+ }
+
+ container destination {
+ description
+ "This container holds the logical destination of a
+ particular link.";
+ leaf dest-node {
+ type leafref {
+ path "../../../nw:node/nw:node-id";
+ require-instance false;
+ }
+ description
+ "Destination node identifier. Must be in the same
+ network.";
+ }
+ leaf dest-tp {
+ type leafref {
+ path "../../../nw:node[nw:node-id=current()/../"+
+ "dest-node]/termination-point/tp-id";
+ require-instance false;
+ }
+ description
+ "This termination point is located within the
+ destination node and terminates the link.";
+ }
+ }
+ list supporting-link {
+ key "network-ref link-ref";
+ description
+ "Identifies the link or links on which this link depends.";
+ leaf network-ref {
+ type leafref {
+ path "../../../nw:supporting-network/nw:network-ref";
+ require-instance false;
+ }
+ description
+ "This leaf identifies in which underlay topology
+ the supporting link is present.";
+ }
+
+ leaf link-ref {
+ type leafref {
+ path "/nw:networks/nw:network[nw:network-id=current()/"+
+ "../network-ref]/link/link-id";
+ require-instance false;
+ }
+ description
+ "This leaf identifies a link that is a part
+ of this link's underlay. Reference loops in which
+ a link identifies itself as its underlay, either
+ directly or transitively, are not allowed.";
+ }
+ }
+ }
+ }
+ augment "/nw:networks/nw:network/nw:node" {
+ description
+ "Augments termination points that terminate links.
+ Termination points can ultimately be mapped to interfaces.";
+ list termination-point {
+ key "tp-id";
+ description
+ "A termination point can terminate a link.
+ Depending on the type of topology, a termination point
+ could, for example, refer to a port or an interface.";
+ leaf tp-id {
+ type tp-id;
+ description
+ "Termination point identifier.";
+ }
+ list supporting-termination-point {
+ key "network-ref node-ref tp-ref";
+ description
+ "This list identifies any termination points on which a
+ given termination point depends or onto which it maps.
+ Those termination points will themselves be contained
+ in a supporting node. This dependency information can be
+ inferred from the dependencies between links. Therefore,
+ this item is not separately configurable. Hence, no
+ corresponding constraint needs to be articulated.
+ The corresponding information is simply provided by the
+ implementing system.";
+
+ leaf network-ref {
+ type leafref {
+ path "../../../nw:supporting-node/nw:network-ref";
+ require-instance false;
+ }
+ description
+ "This leaf identifies in which topology the
+ supporting termination point is present.";
+ }
+ leaf node-ref {
+ type leafref {
+ path "../../../nw:supporting-node/nw:node-ref";
+ require-instance false;
+ }
+ description
+ "This leaf identifies in which node the supporting
+ termination point is present.";
+ }
+ leaf tp-ref {
+ type leafref {
+ path "/nw:networks/nw:network[nw:network-id=current()/"+
+ "../network-ref]/nw:node[nw:node-id=current()/../"+
+ "node-ref]/termination-point/tp-id";
+ require-instance false;
+ }
+ description
+ "Reference to the underlay node (the underlay node must
+ be in a different topology).";
+ }
+ }
+ }
+ }
+}
--- /dev/null
+module ietf-network {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-network";
+ prefix nw;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ organization
+ "IETF I2RS (Interface to the Routing System) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/i2rs/>
+ WG List: <mailto:i2rs@ietf.org>
+
+ Editor: Alexander Clemm
+ <mailto:ludwig@clemm.org>
+
+ Editor: Jan Medved
+ <mailto:jmedved@cisco.com>
+
+ Editor: Robert Varga
+ <mailto:robert.varga@pantheon.tech>
+
+ Editor: Nitin Bahadur
+ <mailto:nitin_bahadur@yahoo.com>
+
+ Editor: Hariharan Ananthakrishnan
+ <mailto:hari@packetdesign.com>
+
+ Editor: Xufeng Liu
+ <mailto:xufeng.liu.ietf@gmail.com>";
+ description
+ "This module defines a common base data model for a collection
+ of nodes in a network. Node definitions are further used
+ in network topologies and inventories.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8345;
+ see the RFC itself for full legal notices.";
+
+ revision 2018-02-26 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 8345: A YANG Data Model for Network Topologies";
+ }
+
+ typedef node-id {
+ type inet:uri;
+ description
+ "Identifier for a node. The precise structure of the node-id
+ will be up to the implementation. For example, some
+ implementations MAY pick a URI that includes the network-id
+ as part of the path. The identifier SHOULD be chosen
+ such that the same node in a real network topology will
+ always be identified through the same identifier, even if
+ the data model is instantiated in separate datastores. An
+ implementation MAY choose to capture semantics in the
+ identifier -- for example, to indicate the type of node.";
+ }
+
+ typedef network-id {
+ type inet:uri;
+ description
+ "Identifier for a network. The precise structure of the
+ network-id will be up to the implementation. The identifier
+ SHOULD be chosen such that the same network will always be
+ identified through the same identifier, even if the data model
+ is instantiated in separate datastores. An implementation MAY
+ choose to capture semantics in the identifier -- for example,
+ to indicate the type of network.";
+ }
+
+ grouping network-ref {
+ description
+ "Contains the information necessary to reference a network --
+ for example, an underlay network.";
+ leaf network-ref {
+ type leafref {
+ path "/nw:networks/nw:network/nw:network-id";
+ require-instance false;
+ }
+ description
+ "Used to reference a network -- for example, an underlay
+ network.";
+ }
+ }
+
+ grouping node-ref {
+ description
+ "Contains the information necessary to reference a node.";
+ leaf node-ref {
+ type leafref {
+ path "/nw:networks/nw:network[nw:network-id=current()/../"+
+ "network-ref]/nw:node/nw:node-id";
+ require-instance false;
+ }
+ description
+ "Used to reference a node.
+ Nodes are identified relative to the network that
+ contains them.";
+ }
+ uses network-ref;
+ }
+
+ container networks {
+ description
+ "Serves as a top-level container for a list of networks.";
+ list network {
+ key "network-id";
+ description
+ "Describes a network.
+ A network typically contains an inventory of nodes,
+ topological information (augmented through the
+ network-topology data model), and layering information.";
+ leaf network-id {
+ type network-id;
+ description
+ "Identifies a network.";
+ }
+ container network-types {
+ description
+ "Serves as an augmentation target.
+ The network type is indicated through corresponding
+ presence containers augmented into this container.";
+ }
+ list supporting-network {
+ key "network-ref";
+ description
+ "An underlay network, used to represent layered network
+ topologies.";
+ leaf network-ref {
+ type leafref {
+ path "/nw:networks/nw:network/nw:network-id";
+ require-instance false;
+ }
+ description
+ "References the underlay network.";
+ }
+ }
+
+ list node {
+ key "node-id";
+ description
+ "The inventory of nodes of this network.";
+ leaf node-id {
+ type node-id;
+ description
+ "Uniquely identifies a node within the containing
+ network.";
+ }
+ list supporting-node {
+ key "network-ref node-ref";
+ description
+ "Represents another node that is in an underlay network
+ and that supports this node. Used to represent layering
+ structure.";
+ leaf network-ref {
+ type leafref {
+ path "../../../nw:supporting-network/nw:network-ref";
+ require-instance false;
+ }
+ description
+ "References the underlay network of which the
+ underlay node is a part.";
+ }
+ leaf node-ref {
+ type leafref {
+ path "/nw:networks/nw:network/nw:node/nw:node-id";
+ require-instance false;
+ }
+ description
+ "References the underlay node itself.";
+ }
+ }
+ }
+ }
+ }
+}
--- /dev/null
+module ietf-system {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-system";
+ prefix "sys";
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+
+ import ietf-netconf-acm {
+ prefix nacm;
+ }
+
+ import iana-crypt-hash {
+ prefix ianach;
+ }
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Andy Bierman
+ <mailto:andy@yumaworks.com>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "This module contains a collection of YANG definitions for the
+ configuration and identification of some common system
+ properties within a device containing a NETCONF server. This
+ includes data node definitions for system identification,
+ time-of-day management, user management, DNS resolver
+ configuration, and some protocol operations for system
+ management.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7317; see
+ the RFC itself for full legal notices.";
+
+ revision 2014-08-06 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7317: A YANG Data Model for System Management";
+ }
+
+ /*
+ * Typedefs
+ */
+
+ typedef timezone-name {
+ type string;
+ description
+ "A time zone name as used by the Time Zone Database,
+ sometimes referred to as the 'Olson Database'.
+
+ The exact set of valid values is an implementation-specific
+ matter. Client discovery of the exact set of time zone names
+ for a particular server is out of scope.";
+ reference
+ "RFC 6557: Procedures for Maintaining the Time Zone Database";
+ }
+
+ /*
+ * Features
+ */
+
+ feature radius {
+ description
+ "Indicates that the device can be configured as a RADIUS
+ client.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ feature authentication {
+ description
+ "Indicates that the device supports configuration of
+ user authentication.";
+ }
+
+ feature local-users {
+ if-feature authentication;
+ description
+ "Indicates that the device supports configuration of
+ local user authentication.";
+ }
+
+ feature radius-authentication {
+ if-feature radius;
+ if-feature authentication;
+ description
+ "Indicates that the device supports configuration of user
+ authentication over RADIUS.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
+ RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
+ Authorization for Network Access Server (NAS)
+ Management";
+ }
+
+ feature ntp {
+ description
+ "Indicates that the device can be configured to use one or
+ more NTP servers to set the system date and time.";
+ }
+
+ feature ntp-udp-port {
+ if-feature ntp;
+ description
+ "Indicates that the device supports the configuration of
+ the UDP port for NTP servers.
+
+ This is a 'feature', since many implementations do not support
+ any port other than the default port.";
+ }
+
+ feature timezone-name {
+ description
+ "Indicates that the local time zone on the device
+ can be configured to use the TZ database
+ to set the time zone and manage daylight saving time.";
+ reference
+ "RFC 6557: Procedures for Maintaining the Time Zone Database";
+ }
+
+ feature dns-udp-tcp-port {
+ description
+ "Indicates that the device supports the configuration of
+ the UDP and TCP port for DNS servers.
+
+ This is a 'feature', since many implementations do not support
+ any port other than the default port.";
+ }
+
+ /*
+ * Identities
+ */
+
+ identity authentication-method {
+ description
+ "Base identity for user authentication methods.";
+ }
+
+ identity radius {
+ base authentication-method;
+ description
+ "Indicates user authentication using RADIUS.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
+ RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
+ Authorization for Network Access Server (NAS)
+ Management";
+ }
+
+ identity local-users {
+ base authentication-method;
+ description
+ "Indicates password-based authentication of locally
+ configured users.";
+ }
+
+ identity radius-authentication-type {
+ description
+ "Base identity for RADIUS authentication types.";
+ }
+
+ identity radius-pap {
+ base radius-authentication-type;
+ description
+ "The device requests Password Authentication Protocol (PAP)
+ authentication from the RADIUS server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ identity radius-chap {
+ base radius-authentication-type;
+ description
+ "The device requests Challenge Handshake Authentication
+ Protocol (CHAP) authentication from the RADIUS server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
+ }
+
+ /*
+ * Configuration data nodes
+ */
+
+ container system {
+ description
+ "System group configuration.";
+
+ leaf contact {
+ type string;
+ description
+ "The administrator contact information for the system.
+
+ A server implementation MAY map this leaf to the sysContact
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and sysContact. The definition of
+ such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 3418: Management Information Base (MIB) for the
+ Simple Network Management Protocol (SNMP)
+ SNMPv2-MIB.sysContact";
+ }
+ leaf hostname {
+ type inet:domain-name;
+ description
+ "The name of the host. This name can be a single domain
+ label or the fully qualified domain name of the host.";
+ }
+ leaf location {
+ type string;
+ description
+ "The system location.
+
+ A server implementation MAY map this leaf to the sysLocation
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and sysLocation. The definition
+ of such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 3418: Management Information Base (MIB) for the
+ Simple Network Management Protocol (SNMP)
+ SNMPv2-MIB.sysLocation";
+ }
+
+ container clock {
+ description
+ "Configuration of the system date and time properties.";
+
+ choice timezone {
+ description
+ "The system time zone information.";
+
+ case timezone-name {
+ if-feature timezone-name;
+ leaf timezone-name {
+ type timezone-name;
+ description
+ "The TZ database name to use for the system, such
+ as 'Europe/Stockholm'.";
+ }
+ }
+ case timezone-utc-offset {
+ leaf timezone-utc-offset {
+ type int16 {
+ range "-1500 .. 1500";
+ }
+ units "minutes";
+ description
+ "The number of minutes to add to UTC time to
+ identify the time zone for this system. For example,
+ 'UTC - 8:00 hours' would be represented as '-480'.
+ Note that automatic daylight saving time adjustment
+ is not provided if this object is used.";
+ }
+ }
+ }
+ }
+
+ container ntp {
+ if-feature ntp;
+ presence
+ "Enables the NTP client unless the 'enabled' leaf
+ (which defaults to 'true') is set to 'false'";
+ description
+ "Configuration of the NTP client.";
+
+ leaf enabled {
+ type boolean;
+ default true;
+ description
+ "Indicates that the system should attempt to
+ synchronize the system clock with an NTP server
+ from the 'ntp/server' list.";
+ }
+ list server {
+ key name;
+ description
+ "List of NTP servers to use for system clock
+ synchronization. If '/system/ntp/enabled'
+ is 'true', then the system will attempt to
+ contact and utilize the specified NTP servers.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the NTP server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp {
+ container udp {
+ description
+ "Contains UDP-specific configuration parameters
+ for NTP.";
+ leaf address {
+ type inet:host;
+ mandatory true;
+ description
+ "The address of the NTP server.";
+ }
+ leaf port {
+ if-feature ntp-udp-port;
+ type inet:port-number;
+ default 123;
+ description
+ "The port number of the NTP server.";
+ }
+ }
+ }
+ }
+ leaf association-type {
+ type enumeration {
+ enum server {
+ description
+ "Use client association mode. This device
+ will not provide synchronization to the
+ configured NTP server.";
+ }
+ enum peer {
+ description
+ "Use symmetric active association mode.
+ This device may provide synchronization
+ to the configured NTP server.";
+ }
+ enum pool {
+ description
+ "Use client association mode with one or
+ more of the NTP servers found by DNS
+ resolution of the domain name given by
+ the 'address' leaf. This device will not
+ provide synchronization to the servers.";
+ }
+ }
+ default server;
+ description
+ "The desired association type for this NTP server.";
+ }
+ leaf iburst {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should enable burst
+ synchronization or not.";
+ }
+ leaf prefer {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should be preferred
+ or not.";
+ }
+ }
+ }
+
+ container dns-resolver {
+ description
+ "Configuration of the DNS resolver.";
+
+ leaf-list search {
+ type inet:domain-name;
+ ordered-by user;
+ description
+ "An ordered list of domains to search when resolving
+ a host name.";
+ }
+ list server {
+ key name;
+ ordered-by user;
+ description
+ "List of the DNS servers that the resolver should query.
+
+ When the resolver is invoked by a calling application, it
+ sends the query to the first name server in this list. If
+ no response has been received within 'timeout' seconds,
+ the resolver continues with the next server in the list.
+ If no response is received from any server, the resolver
+ continues with the first server again. When the resolver
+ has traversed the list 'attempts' times without receiving
+ any response, it gives up and returns an error to the
+ calling application.
+
+ Implementations MAY limit the number of entries in this
+ list.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the DNS server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp-and-tcp {
+ container udp-and-tcp {
+ description
+ "Contains UDP- and TCP-specific configuration
+ parameters for DNS.";
+ reference
+ "RFC 1035: Domain Names - Implementation and
+ Specification
+ RFC 5966: DNS Transport over TCP - Implementation
+ Requirements";
+
+ leaf address {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The address of the DNS server.";
+ }
+ leaf port {
+ if-feature dns-udp-tcp-port;
+ type inet:port-number;
+ default 53;
+ description
+ "The UDP and TCP port number of the DNS server.";
+ }
+ }
+ }
+ }
+ }
+ container options {
+ description
+ "Resolver options. The set of available options has been
+ limited to those that are generally available across
+ different resolver implementations and generally useful.";
+ leaf timeout {
+ type uint8 {
+ range "1..max";
+ }
+ units "seconds";
+ default "5";
+ description
+ "The amount of time the resolver will wait for a
+ response from each remote name server before
+ retrying the query via a different name server.";
+ }
+ leaf attempts {
+ type uint8 {
+ range "1..max";
+ }
+ default "2";
+ description
+ "The number of times the resolver will send a query to
+ all of its name servers before giving up and returning
+ an error to the calling application.";
+ }
+ }
+ }
+
+ container radius {
+ if-feature radius;
+
+ description
+ "Configuration of the RADIUS client.";
+
+ list server {
+ key name;
+ ordered-by user;
+ description
+ "List of RADIUS servers used by the device.
+
+ When the RADIUS client is invoked by a calling
+ application, it sends the query to the first server in
+ this list. If no response has been received within
+ 'timeout' seconds, the client continues with the next
+ server in the list. If no response is received from any
+ server, the client continues with the first server again.
+ When the client has traversed the list 'attempts' times
+ without receiving any response, it gives up and returns an
+ error to the calling application.";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the RADIUS server.";
+ }
+ choice transport {
+ mandatory true;
+ description
+ "The transport-protocol-specific parameters for this
+ server.";
+
+ case udp {
+ container udp {
+ description
+ "Contains UDP-specific configuration parameters
+ for RADIUS.";
+ leaf address {
+ type inet:host;
+ mandatory true;
+ description
+ "The address of the RADIUS server.";
+ }
+
+ leaf authentication-port {
+ type inet:port-number;
+ default "1812";
+ description
+ "The port number of the RADIUS server.";
+ }
+ leaf shared-secret {
+ type string;
+ mandatory true;
+ nacm:default-deny-all;
+ description
+ "The shared secret, which is known to both the
+ RADIUS client and server.";
+ reference
+ "RFC 2865: Remote Authentication Dial In User
+ Service (RADIUS)";
+ }
+ }
+ }
+ }
+ leaf authentication-type {
+ type identityref {
+ base radius-authentication-type;
+ }
+ default radius-pap;
+ description
+ "The authentication type requested from the RADIUS
+ server.";
+ }
+ }
+ container options {
+ description
+ "RADIUS client options.";
+
+ leaf timeout {
+ type uint8 {
+ range "1..max";
+ }
+ units "seconds";
+ default "5";
+ description
+ "The number of seconds the device will wait for a
+ response from each RADIUS server before trying with a
+ different server.";
+ }
+
+ leaf attempts {
+ type uint8 {
+ range "1..max";
+ }
+ default "2";
+ description
+ "The number of times the device will send a query to
+ all of its RADIUS servers before giving up.";
+ }
+ }
+ }
+
+ container authentication {
+ nacm:default-deny-write;
+ if-feature authentication;
+
+ description
+ "The authentication configuration subtree.";
+
+ leaf-list user-authentication-order {
+ type identityref {
+ base authentication-method;
+ }
+ must '(. != "sys:radius" or ../../radius/server)' {
+ error-message
+ "When 'radius' is used, a RADIUS server"
+ + " must be configured.";
+ description
+ "When 'radius' is used as an authentication method,
+ a RADIUS server must be configured.";
+ }
+ ordered-by user;
+
+ description
+ "When the device authenticates a user with a password,
+ it tries the authentication methods in this leaf-list in
+ order. If authentication with one method fails, the next
+ method is used. If no method succeeds, the user is
+ denied access.
+
+ An empty user-authentication-order leaf-list still allows
+ authentication of users using mechanisms that do not
+ involve a password.
+
+ If the 'radius-authentication' feature is advertised by
+ the NETCONF server, the 'radius' identity can be added to
+ this list.
+
+ If the 'local-users' feature is advertised by the
+ NETCONF server, the 'local-users' identity can be
+ added to this list.";
+ }
+
+ list user {
+ if-feature local-users;
+ key name;
+ description
+ "The list of local users configured on this device.";
+
+ leaf name {
+ type string;
+ description
+ "The user name string identifying this entry.";
+ }
+ leaf password {
+ type ianach:crypt-hash;
+ description
+ "The password for this entry.";
+ }
+ list authorized-key {
+ key name;
+ description
+ "A list of public SSH keys for this user. These keys
+ are allowed for SSH authentication, as described in
+ RFC 4253.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer
+ Protocol";
+
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the SSH key.";
+ }
+
+ leaf algorithm {
+ type string;
+ mandatory true;
+ description
+ "The public key algorithm name for this SSH key.
+
+ Valid values are the values in the IANA 'Secure Shell
+ (SSH) Protocol Parameters' registry, Public Key
+ Algorithm Names.";
+ reference
+ "IANA 'Secure Shell (SSH) Protocol Parameters'
+ registry, Public Key Algorithm Names";
+ }
+ leaf key-data {
+ type binary;
+ mandatory true;
+ description
+ "The binary public key data for this SSH key, as
+ specified by RFC 4253, Section 6.6, i.e.:
+
+ string certificate or public key format
+ identifier
+ byte[n] key/certificate data.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer
+ Protocol";
+ }
+ }
+ }
+ }
+ }
+
+ /*
+ * Operational state data nodes
+ */
+
+ container system-state {
+ config false;
+ description
+ "System group operational state.";
+
+ container platform {
+ description
+ "Contains vendor-specific information for
+ identifying the system platform and operating system.";
+ reference
+ "IEEE Std 1003.1-2008 - sys/utsname.h";
+
+ leaf os-name {
+ type string;
+ description
+ "The name of the operating system in use -
+ for example, 'Linux'.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.sysname";
+ }
+ leaf os-release {
+ type string;
+ description
+ "The current release level of the operating
+ system in use. This string MAY indicate
+ the OS source code revision.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.release";
+ }
+ leaf os-version {
+ type string;
+ description
+ "The current version level of the operating
+ system in use. This string MAY indicate
+ the specific OS build date and target variant
+ information.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.version";
+ }
+ leaf machine {
+ type string;
+ description
+ "A vendor-specific identifier string representing
+ the hardware in use.";
+ reference
+ "IEEE Std 1003.1-2008 - utsname.machine";
+ }
+ }
+
+ container clock {
+ description
+ "Monitoring of the system date and time properties.";
+
+ leaf current-datetime {
+ type yang:date-and-time;
+ description
+ "The current system date and time.";
+ }
+
+ leaf boot-datetime {
+ type yang:date-and-time;
+ description
+ "The system date and time when the system last restarted.";
+ }
+ }
+ }
+
+ rpc set-current-datetime {
+ nacm:default-deny-all;
+ description
+ "Set the /system-state/clock/current-datetime leaf
+ to the specified value.
+
+ If the system is using NTP (i.e., /system/ntp/enabled
+ is set to 'true'), then this operation will fail with
+ error-tag 'operation-failed' and error-app-tag value of
+ 'ntp-active'.";
+ input {
+ leaf current-datetime {
+ type yang:date-and-time;
+ mandatory true;
+ description
+ "The current system date and time.";
+ }
+ }
+ }
+
+ rpc system-restart {
+ nacm:default-deny-all;
+ description
+ "Request that the entire system be restarted immediately.
+ A server SHOULD send an rpc reply to the client before
+ restarting the system.";
+ }
+
+ rpc system-shutdown {
+ nacm:default-deny-all;
+ description
+ "Request that the entire system be shut down immediately.
+ A server SHOULD send an rpc reply to the client before
+ shutting down the system.";
+ }
+
+}
--- /dev/null
+module ietf-yang-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types";
+ prefix "yang";
+
+ organization
+ "IETF Network Modeling (NETMOD) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:jschoenwaelder@constructor.university>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types.
+
+ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
+ NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
+ 'MAY', and 'OPTIONAL' in this document are to be interpreted as
+ described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
+ they appear in all capitals, as shown here.
+
+ Copyright (c) 2022 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Revised BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX;
+ see the RFC itself for full legal notices.";
+
+ revision 2023-01-23 {
+ description
+ "This revision adds the following new data types:
+ - yang:date-with-zone-offset
+ - yang:date-no-zone
+ - yang:time-with-zone-offset
+ - yang:time-no-zone
+ - yang:hours32
+ - yang:minutes32
+ - yang:seconds32
+ - yang:centiseconds32
+ - yang:milliseconds32
+ - yang:microseconds32
+ - yang:microseconds64
+ - yang:nanoseconds32
+ - yang:nanoseconds64
+ - yang:language-tag
+ The yang-identifier definition has been aligned with YANG 1.1.
+ Several pattern statements have been improved.";
+ reference
+ "RFC XXXX: Common YANG Data Types";
+ }
+
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - yang:yang-identifier
+ - yang:hex-string
+ - yang:uuid
+ - yang:dotted-quad";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of counter and gauge types ***/
+
+ typedef counter32 {
+ type uint32;
+ description
+ "The counter32 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^32-1 (4294967295 decimal), when it
+ wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the instantiation of
+ a schema node of type counter32 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter32 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter32.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter32 {
+ type yang:counter32;
+ default "0";
+ description
+ "The zero-based-counter32 type represents a counter32
+ that has the defined 'initial' value zero.
+ A schema node instance of this type will be set to zero (0)
+ on creation and will thereafter increase monotonically until
+ it reaches a maximum value of 2^32-1 (4294967295 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Provided that an application discovers a new schema node
+ instance of this type within the minimum time to wrap, it
+ can use the 'initial' value as a delta. It is important for
+ a management station to be aware of this minimum time and the
+ actual time between polls, and to discard data if the actual
+ time is too long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter32 textual convention of the SMIv2.";
+ reference
+ "RFC 4502: Remote Network Monitoring Management Information
+ Base Version 2";
+ }
+
+ typedef counter64 {
+ type uint64;
+ description
+ "The counter64 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^64-1 (18446744073709551615 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the instantiation of
+ a schema node of type counter64 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter64 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter64.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter64 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter64 {
+ type yang:counter64;
+ default "0";
+ description
+ "The zero-based-counter64 type represents a counter64 that
+ has the defined 'initial' value zero.
+
+ A schema node instance of this type will be set to zero (0)
+ on creation and will thereafter increase monotonically until
+ it reaches a maximum value of 2^64-1 (18446744073709551615
+ decimal), when it wraps around and starts increasing again
+ from zero.
+
+ Provided that an application discovers a new schema node
+ instance of this type within the minimum time to wrap, it
+ can use the 'initial' value as a delta. It is important for
+ a management station to be aware of this minimum time and the
+ actual time between polls, and to discard data if the actual
+ time is too long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter64 textual convention of the SMIv2.";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ typedef gauge32 {
+ type uint32;
+ description
+ "The gauge32 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^32-1 (4294967295 decimal), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge32 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge32 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the Gauge32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef gauge64 {
+ type uint64;
+ description
+ "The gauge64 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^64-1 (18446744073709551615), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge64 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge64 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the CounterBasedGauge64 SMIv2 textual convention defined
+ in RFC 2856";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ /*** collection of identifier-related types ***/
+
+ typedef object-identifier {
+ type string {
+ pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9][0-9]*))))'
+ + '(\.(0|([1-9][0-9]*)))*';
+ }
+ description
+ "The object-identifier type represents administratively
+ assigned names in a registration-hierarchical-name tree.
+
+ Values of this type are denoted as a sequence of numerical
+ non-negative sub-identifier values. Each sub-identifier
+ value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers
+ are separated by single dots and without any intermediate
+ whitespace.
+
+ The ASN.1 standard restricts the value space of the first
+ sub-identifier to 0, 1, or 2. Furthermore, the value space
+ of the second sub-identifier is restricted to the range
+ 0 to 39 if the first sub-identifier is 0 or 1. Finally,
+ the ASN.1 standard requires that an object identifier
+ has always at least two sub-identifiers. The pattern
+ captures these restrictions.
+
+ Although the number of sub-identifiers is not limited,
+ module designers should realize that there may be
+ implementations that stick with the SMIv2 limit of 128
+ sub-identifiers.
+
+ This type is a superset of the SMIv2 OBJECT IDENTIFIER type
+ since it is not restricted to 128 sub-identifiers. Hence,
+ this type SHOULD NOT be used to represent the SMIv2 OBJECT
+ IDENTIFIER type; the object-identifier-128 type SHOULD be
+ used instead.";
+ reference
+ "ISO9834-1: Information technology -- Open Systems
+ Interconnection -- Procedures for the operation of OSI
+ Registration Authorities: General procedures and top
+ arcs of the ASN.1 Object Identifier tree";
+ }
+
+ typedef object-identifier-128 {
+ type object-identifier {
+ pattern '[0-9]*(\.[0-9]*){1,127}';
+ }
+ description
+ "This type represents object-identifiers restricted to 128
+ sub-identifiers.
+
+ In the value set and its semantics, this type is equivalent
+ to the OBJECT IDENTIFIER type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ /*** collection of types related to date and time ***/
+
+ typedef date-and-time {
+ type string {
+ pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2][0-9]|3[0-1])'
+ + 'T(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\.[0-9]+)?'
+ + '(Z|[\+\-]((1[0-3]|0[0-9]):([0-5][0-9])|14:00))?';
+ }
+ description
+ "The date-and-time type is a profile of the ISO 8601
+ standard for representation of dates and times using the
+ Gregorian calendar. The profile is defined by the
+ date-time production in Section 5.6 of RFC 3339.
+
+ The date-and-time type is compatible with the dateTime XML
+ schema dateTime type with the following notable exceptions:
+
+ (a) The date-and-time type does not allow negative years.
+
+ (b) The time-offset -00:00 indicates that the date-and-time
+ value is reported in UTC and that the local time zone
+ reference point is unknown. The time-offsets +00:00 and Z
+ both indicate that the date-and-time value is reported in
+ UTC and that the local time reference point is UTC (see RFC
+ 3339 section 4.3).
+
+ This type is not equivalent to the DateAndTime textual
+ convention of the SMIv2 since RFC 3339 uses a different
+ separator between full-date and full-time and provides
+ higher resolution of time-secfrac.
+
+ The canonical format for date-and-time values with a known time
+ zone uses a numeric time zone offset that is calculated using
+ the device's configured known offset to UTC time. A change of
+ the device's offset to UTC time will cause date-and-time values
+ to change accordingly. Such changes might happen periodically
+ in case a server follows automatically daylight saving time
+ (DST) time zone offset changes. The canonical format for
+ date-and-time values with an unknown time zone (usually
+ referring to the notion of local time) uses the time-offset
+ -00:00, i.e., date-and-time values must be reported in UTC.";
+ reference
+ "RFC 3339: Date and Time on the Internet: Timestamps
+ RFC 2579: Textual Conventions for SMIv2
+ XSD-TYPES: XML Schema Definition Language (XSD) 1.1
+ Part 2: Datatypes";
+ }
+
+ typedef date-with-zone-offset {
+ type string {
+ pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2][0-9]|3[0-1])'
+ + '(Z|[\+\-]((1[0-3]|0[0-9]):([0-5][0-9])|14:00))?';
+ }
+ description
+ "The date type represents a time-interval of the length
+ of a day, i.e., 24 hours.
+
+ The date type is compatible with the XML schema date
+ type with the following notable exceptions:
+ (a) The date type does not allow negative years.
+
+ (b) The time-offset -00:00 indicates that the date value is
+ reported in UTC and that the local time zone reference point
+ is unknown. The time-offsets +00:00 and Z both indicate that
+ the date value is reported in UTC and that the local time
+ reference point is UTC (see RFC 3339 section 4.3).
+
+ The canonical format for date values with a known time
+ zone uses a numeric time zone offset that is calculated using
+ the device's configured known offset to UTC time. A change of
+ the device's offset to UTC time will cause date values
+ to change accordingly. Such changes might happen periodically
+ in case a server follows automatically daylight saving time
+ (DST) time zone offset changes. The canonical format for
+ date values with an unknown time zone (usually referring
+ to the notion of local time) uses the time-offset -00:00,
+ i.e., date values must be reported in UTC.";
+ reference
+ "RFC 3339: Date and Time on the Internet: Timestamps
+ XSD-TYPES: XML Schema Definition Language (XSD) 1.1
+ Part 2: Datatypes";
+ }
+
+ typedef date-no-zone {
+ type date-with-zone-offset {
+ pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2][0-9]|3[0-1])';
+ }
+ description
+ "The date-no-zone type represents a date without the optional
+ time zone offset information.";
+ }
+
+ typedef time-with-zone-offset {
+ type string {
+ pattern '(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\.[0-9]+)?'
+ + '(Z|[\+\-]((1[0-3]|0[0-9]):([0-5][0-9])|14:00))?';
+ }
+ description
+ "The time type represents an instance of time of zero-duration
+ that recurs every day.
+
+ The time type is compatible with the XML schema time
+ type with the following notable exception:
+
+ (a) The time-offset -00:00 indicates that the time value is
+ reported in UTC and that the local time zone reference point
+ is unknown. The time-offsets +00:00 and Z both indicate that
+ the time value is reported in UTC and that the local time
+ reference point is UTC (see RFC 3339 section 4.3).
+
+ The canonical format for time values with a known time
+ zone uses a numeric time zone offset that is calculated using
+ the device's configured known offset to UTC time. A change of
+ the device's offset to UTC time will cause time values
+ to change accordingly. Such changes might happen periodically
+ in case a server follows automatically daylight saving time
+ (DST) time zone offset changes. The canonical format for
+ time values with an unknown time zone (usually referring
+ to the notion of local time) uses the time-offset -00:00,
+ i.e., time values must be reported in UTC.";
+ reference
+ "RFC 3339: Date and Time on the Internet: Timestamps
+ XSD-TYPES: XML Schema Definition Language (XSD) 1.1
+ Part 2: Datatypes";
+ }
+
+ typedef time-no-zone {
+ type time-with-zone-offset {
+ pattern '(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\.[0-9]+)?';
+ }
+ description
+ "The time-no-zone type represents a time without the optional
+ time zone offset information.";
+ }
+
+ typedef hours32 {
+ type int32;
+ units "hours";
+ description
+ "A period of time, measured in units of hours.
+
+ The maximum time period that can be expressed is in the
+ range [-89478485 days 08:00:00 to 89478485 days 07:00:00].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef minutes32 {
+ type int32;
+ units "minutes";
+ description
+ "A period of time, measured in units of minutes.
+
+ The maximum time period that can be expressed is in the
+ range [-1491308 days 2:08:00 to 1491308 days 2:07:00].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef seconds32 {
+ type int32;
+ units "seconds";
+ description
+ "A period of time, measured in units of seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-24855 days 03:14:08 to 24855 days 03:14:07].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef centiseconds32 {
+ type int32;
+ units "centiseconds";
+ description
+ "A period of time, measured in units of 10^-2 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-248 days 13:13:56 to 248 days 13:13:56].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef milliseconds32 {
+ type int32;
+ units "milliseconds";
+ description
+ "A period of time, measured in units of 10^-3 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-24 days 20:31:23 to 24 days 20:31:23].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef microseconds32 {
+ type int32;
+ units "microseconds";
+ description
+ "A period of time, measured in units of 10^-6 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-00:35:47 to 00:35:47].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef microseconds64 {
+ type int64;
+ units "microseconds";
+ description
+ "A period of time, measured in units of 10^-6 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-106751991 days 04:00:54 to 106751991 days 04:00:54].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef nanoseconds32 {
+ type int32;
+ units "nanoseconds";
+ description
+ "A period of time, measured in units of 10^-9 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-00:00:02 to 00:00:02].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef nanoseconds64 {
+ type int64;
+ units "nanoseconds";
+ description
+ "A period of time, measured in units of 10^-9 seconds.
+
+ The maximum time period that can be expressed is in the
+ range [-106753 days 23:12:44 to 106752 days 0:47:16].
+
+ This type should be range restricted in situations
+ where only non-negative time periods are desirable,
+ (i.e., range '0..max').";
+ }
+
+ typedef timeticks {
+ type uint32;
+ description
+ "The timeticks type represents a non-negative integer that
+ represents the time, modulo 2^32 (4294967296 decimal), in
+ hundredths of a second between two epochs. When a schema
+ node is defined that uses this type, the description of
+ the schema node identifies both of the reference epochs.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeTicks type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef timestamp {
+ type yang:timeticks;
+ description
+ "The timestamp type represents the value of an associated
+ timeticks schema node instance at which a specific occurrence
+ happened. The specific occurrence must be defined in the
+ description of any schema node defined using this type. When
+ the specific occurrence occurred prior to the last time the
+ associated timeticks schema node instance was zero, then the
+ timestamp value is zero.
+
+ Note that this requires all timestamp values to be reset to
+ zero when the value of the associated timeticks schema node
+ instance reaches 497+ days and wraps around to zero.
+
+ The associated timeticks schema node must be specified
+ in the description of any schema node using this type.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeStamp textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of generic address types ***/
+
+ typedef phys-address {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+ description
+ "Represents media- or physical-level addresses represented
+ as a sequence octets, each octet represented by two hexadecimal
+ numbers. Octets are separated by colons. The canonical
+ representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the PhysAddress textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ typedef mac-address {
+ type string {
+ pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}';
+ }
+ description
+ "The mac-address type represents an IEEE 802 MAC address.
+ The canonical representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the MacAddress textual convention of the SMIv2.";
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan Area
+ Networks: Overview and Architecture
+ RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of XML-specific types ***/
+
+ typedef xpath1.0 {
+ type string;
+ description
+ "This type represents an XPATH 1.0 expression.
+
+ When a schema node is defined that uses this type, the
+ description of the schema node MUST specify the XPath
+ context in which the XPath expression is evaluated.";
+ reference
+ "XPATH: XML Path Language (XPath) Version 1.0";
+ }
+
+ /*** collection of string types ***/
+
+ typedef hex-string {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+ description
+ "A hexadecimal string with octets represented as hex digits
+ separated by colons. The canonical representation uses
+ lowercase characters.";
+ }
+
+ typedef uuid {
+ type string {
+ pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-'
+ + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}';
+ }
+ description
+ "A Universally Unique IDentifier in the string representation
+ defined in RFC 4122. The canonical representation uses
+ lowercase characters.
+
+ The following is an example of a UUID in string representation:
+ f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+ ";
+ reference
+ "RFC 4122: A Universally Unique IDentifier (UUID) URN
+ Namespace";
+ }
+
+ typedef dotted-quad {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])';
+ }
+ description
+ "An unsigned 32-bit number expressed in the dotted-quad
+ notation, i.e., four octets written as decimal numbers
+ and separated with the '.' (full stop) character.";
+ }
+
+ typedef language-tag {
+ type string;
+ description
+ "A language tag according to RFC 5646 (BCP 47). The
+ canonical representation uses lowercase characters.
+
+ Values of this type must be well-formed language tags,
+ in conformance with the definition of well-formed tags
+ in BCP 47. Implementations MAY further limit the values
+ they accept to those permitted by a 'validating'
+ processor, as defined in BCP 47.
+
+ The canonical representation of values of this type is
+ aligned with the SMIv2 LangTag textual convention for
+ language tags fitting the length constraints imposed
+ by the LangTag textual convention.";
+ reference
+ "RFC 5646: Tags for Identifying Languages
+ RFC 5131: A MIB Textual Convention for Language Tags";
+ }
+
+ /*** collection of YANG specific types ***/
+
+ typedef yang-identifier {
+ type string {
+ length "1..max";
+ pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*';
+ }
+ description
+ "A YANG identifier string as defined by the 'identifier'
+ rule in Section 14 of RFC 7950. An identifier must
+ start with an alphabetic character or an underscore
+ followed by an arbitrary sequence of alphabetic or
+ numeric characters, underscores, hyphens, or dots.
+
+ This definition conforms to YANG 1.1 defined in RFC
+ 7950. An earlier version of this definition did exclude
+ all identifiers starting with any possible combination
+ of the lowercase or uppercase character sequence 'xml',
+ as required by YANG 1 defined in RFC 6020. If this type
+ is used in a YANG 1 context, then this restriction still
+ applies.";
+ reference
+ "RFC 7950: The YANG 1.1 Data Modeling Language
+ RFC 6020: YANG - A Data Modeling Language for the
+ Network Configuration Protocol (NETCONF)";
+ }
+
+}
--- /dev/null
+module o-ran-sc-system-with-geo-location {
+ yang-version 1.1;
+ namespace "urn:o-ran-sc:yang:o-ran-sc-system-with-geo-location";
+ prefix sysgeo;
+
+ import ietf-system {
+ prefix sys;
+ reference
+ "RFC 7317: A YANG Data Model for System Management";
+ }
+ import ietf-geo-location {
+ prefix geo;
+ reference
+ "RFC 9179: A YANG Grouping for Geographic Locations";
+ }
+
+ organization
+ "O-RAN Software Community";
+ contact
+ "www.o-ran-sc.org";
+ description
+ "This module adds an optional geo-location to ietf-system.
+
+ Copyright 2023 the O-RAN Software Community.
+
+ Licensed under the Apache License, Version 2.0 (the 'License');
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an 'AS IS' BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.";
+
+ revision 2023-11-11 {
+ description
+ "Initial version // TODO reference";
+ reference
+ "https://jira.o-ran-sc.org/browse/OAM-399";
+ }
+
+ augment "/sys:system" {
+ description
+ "Augments ietf-system with geo-location.";
+ uses geo:geo-location;
+ }
+}
--- /dev/null
+module: ietf-system
+ +--rw system
+ | +--rw contact? string
+ | +--rw hostname? inet:domain-name
+ | +--rw location? string
+ | +--rw clock
+ | | +--rw (timezone)?
+ | | +--:(timezone-name) {timezone-name}?
+ | | | +--rw timezone-name? timezone-name
+ | | +--:(timezone-utc-offset)
+ | | +--rw timezone-utc-offset? int16
+ | +--rw ntp! {ntp}?
+ | | +--rw enabled? boolean
+ | | +--rw server* [name]
+ | | +--rw name string
+ | | +--rw (transport)
+ | | | +--:(udp)
+ | | | +--rw udp
+ | | | +--rw address inet:host
+ | | | +--rw port? inet:port-number {ntp-udp-port}?
+ | | +--rw association-type? enumeration
+ | | +--rw iburst? boolean
+ | | +--rw prefer? boolean
+ | +--rw dns-resolver
+ | | +--rw search* inet:domain-name
+ | | +--rw server* [name]
+ | | | +--rw name string
+ | | | +--rw (transport)
+ | | | +--:(udp-and-tcp)
+ | | | +--rw udp-and-tcp
+ | | | +--rw address inet:ip-address
+ | | | +--rw port? inet:port-number {dns-udp-tcp-port}?
+ | | +--rw options
+ | | +--rw timeout? uint8
+ | | +--rw attempts? uint8
+ | +--rw radius {radius}?
+ | | +--rw server* [name]
+ | | | +--rw name string
+ | | | +--rw (transport)
+ | | | | +--:(udp)
+ | | | | +--rw udp
+ | | | | +--rw address inet:host
+ | | | | +--rw authentication-port? inet:port-number
+ | | | | +--rw shared-secret string
+ | | | +--rw authentication-type? identityref
+ | | +--rw options
+ | | +--rw timeout? uint8
+ | | +--rw attempts? uint8
+ | +--rw authentication {authentication}?
+ | | +--rw user-authentication-order* identityref
+ | | +--rw user* [name] {local-users}?
+ | | +--rw name string
+ | | +--rw password? ianach:crypt-hash
+ | | +--rw authorized-key* [name]
+ | | +--rw name string
+ | | +--rw algorithm string
+ | | +--rw key-data binary
+ | +--rw sysgeo:geo-location
+ | +--rw sysgeo:reference-frame
+ | | +--rw sysgeo:alternate-system? string {alternate-systems}?
+ | | +--rw sysgeo:astronomical-body? string
+ | | +--rw sysgeo:geodetic-system
+ | | +--rw sysgeo:geodetic-datum? string
+ | | +--rw sysgeo:coord-accuracy? decimal64
+ | | +--rw sysgeo:height-accuracy? decimal64
+ | +--rw (sysgeo:location)?
+ | | +--:(sysgeo:ellipsoid)
+ | | | +--rw sysgeo:latitude? decimal64
+ | | | +--rw sysgeo:longitude? decimal64
+ | | | +--rw sysgeo:height? decimal64
+ | | +--:(sysgeo:cartesian)
+ | | +--rw sysgeo:x? decimal64
+ | | +--rw sysgeo:y? decimal64
+ | | +--rw sysgeo:z? decimal64
+ | +--rw sysgeo:velocity
+ | | +--rw sysgeo:v-north? decimal64
+ | | +--rw sysgeo:v-east? decimal64
+ | | +--rw sysgeo:v-up? decimal64
+ | +--rw sysgeo:timestamp? yang:date-and-time
+ | +--rw sysgeo:valid-until? yang:date-and-time
+ +--ro system-state
+ +--ro platform
+ | +--ro os-name? string
+ | +--ro os-release? string
+ | +--ro os-version? string
+ | +--ro machine? string
+ +--ro clock
+ +--ro current-datetime? yang:date-and-time
+ +--ro boot-datetime? yang:date-and-time
+
+ rpcs:
+ +---x set-current-datetime
+ | +---w input
+ | +---w current-datetime yang:date-and-time
+ +---x system-restart
+ +---x system-shutdown
+