czechlight-cfg-fs: add NACM rules for anonymous access
Depends-On: https://gerrit.cesnet.cz/c/CzechLight/dependencies/+/6373
Change-Id: Ifd7f4f9f4ff5d184a6459d3c98aa2602cbe53d5f
diff --git a/package/czechlight-cfg-fs/czechlight-migration-list.sh b/package/czechlight-cfg-fs/czechlight-migration-list.sh
index 7f8517c..7ceb7b9 100644
--- a/package/czechlight-cfg-fs/czechlight-migration-list.sh
+++ b/package/czechlight-cfg-fs/czechlight-migration-list.sh
@@ -3,4 +3,5 @@
'0002_default_startup_configuration_for_ietf-interfaces.sh'
'0003_shelve_alarms.sh'
'0004_nacm.sh'
+ '0005_nacm_anonymous_user.sh'
)
diff --git a/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.json b/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.json
new file mode 100644
index 0000000..b370ba7
--- /dev/null
+++ b/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.json
@@ -0,0 +1,114 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "@": {
+ "yang:insert": "first"
+ },
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.sh b/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.sh
new file mode 100644
index 0000000..0e45c05
--- /dev/null
+++ b/package/czechlight-cfg-fs/migrations/0005_nacm_anonymous_user.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Introduce rules for NACM anonymous access user
+# ----------------------------------------------
+# Adds rules for the anonymous user access to the front of the ietf-netconf-acm:nacm/rule-list.
+
+sysrepocfg --datastore=startup --format=json --module=ietf-netconf-acm --edit="${MIGRATIONS_DIRECTORY}/0005_nacm_anonymous_user.json"
diff --git a/tests/czechlight-cfg-fs/data/v0_sdn-inline_empty/expected.json b/tests/czechlight-cfg-fs/data/v0_sdn-inline_empty/expected.json
index e3b8174..db4cc14 100644
--- a/tests/czechlight-cfg-fs/data/v0_sdn-inline_empty/expected.json
+++ b/tests/czechlight-cfg-fs/data/v0_sdn-inline_empty/expected.json
@@ -60,8 +60,115 @@
"ietf-netconf-acm:nacm": {
"rule-list": [
{
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ },
+ {
"name": "Allow DWDM control to the optics group",
- "group": ["optics"],
+ "group": [
+ "optics"
+ ],
"rule": [
{
"name": "czechlight-roadm-device",
diff --git a/tests/czechlight-cfg-fs/data/v0_sdn-inline_somedata/expected.json b/tests/czechlight-cfg-fs/data/v0_sdn-inline_somedata/expected.json
index 41dafc9..0d9e104 100644
--- a/tests/czechlight-cfg-fs/data/v0_sdn-inline_somedata/expected.json
+++ b/tests/czechlight-cfg-fs/data/v0_sdn-inline_somedata/expected.json
@@ -69,38 +69,6 @@
]
}
},
- "ietf-netconf-acm:nacm": {
- "rule-list": [
- {
- "name": "Allow DWDM control to the optics group",
- "group": [
- "optics"
- ],
- "rule": [
- {
- "name": "czechlight-roadm-device",
- "module-name": "czechlight-roadm-device",
- "action": "permit"
- },
- {
- "name": "czechlight-inline-amp",
- "module-name": "czechlight-inline-amp",
- "action": "permit"
- },
- {
- "name": "czechlight-coherent-add-drop",
- "module-name": "czechlight-coherent-add-drop",
- "action": "permit"
- },
- {
- "name": "czechlight-calibration-device",
- "module-name": "czechlight-calibration-device",
- "action": "permit"
- }
- ]
- }
- ]
- },
"ietf-netconf-server:netconf-server": {
"listen": {
"endpoint": [
@@ -140,5 +108,142 @@
}
]
}
+ },
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": [
+ "optics"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
}
}
diff --git a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_empty/expected.json b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_empty/expected.json
index 6ccd852..7877199 100644
--- a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_empty/expected.json
+++ b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_empty/expected.json
@@ -785,8 +785,115 @@
"ietf-netconf-acm:nacm": {
"rule-list": [
{
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ },
+ {
"name": "Allow DWDM control to the optics group",
- "group": ["optics"],
+ "group": [
+ "optics"
+ ],
"rule": [
{
"name": "czechlight-roadm-device",
diff --git a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_with_altered_initial_data/expected.json b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_with_altered_initial_data/expected.json
index def9bac..7877199 100644
--- a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_with_altered_initial_data/expected.json
+++ b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-line_with_altered_initial_data/expected.json
@@ -783,33 +783,140 @@
}
],
"ietf-netconf-acm:nacm": {
- "rule-list": [
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
{
- "name": "Allow DWDM control to the optics group",
- "group": ["optics"],
- "rule": [
- {
- "name": "czechlight-roadm-device",
- "module-name": "czechlight-roadm-device",
- "action": "permit"
- },
- {
- "name": "czechlight-inline-amp",
- "module-name": "czechlight-inline-amp",
- "action": "permit"
- },
- {
- "name": "czechlight-coherent-add-drop",
- "module-name": "czechlight-coherent-add-drop",
- "action": "permit"
- },
- {
- "name": "czechlight-calibration-device",
- "module-name": "czechlight-calibration-device",
- "action": "permit"
- }
- ]
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
}
- ]
+ ]
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": [
+ "optics"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
}
}
diff --git a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_default_nacm/expected.json b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_default_nacm/expected.json
index 59d413b..53ab3ec 100644
--- a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_default_nacm/expected.json
+++ b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_default_nacm/expected.json
@@ -1,32 +1,137 @@
{
- "ietf-netconf-acm:nacm": {
- "rule-list": [
- {
- "name": "Allow DWDM control to the optics group",
- "group": ["optics"],
- "rule": [
- {
- "name": "czechlight-roadm-device",
- "module-name": "czechlight-roadm-device",
- "action": "permit"
- },
- {
- "name": "czechlight-inline-amp",
- "module-name": "czechlight-inline-amp",
- "action": "permit"
- },
- {
- "name": "czechlight-coherent-add-drop",
- "module-name": "czechlight-coherent-add-drop",
- "action": "permit"
- },
- {
- "name": "czechlight-calibration-device",
- "module-name": "czechlight-calibration-device",
- "action": "permit"
- }
- ]
- }
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
]
- }
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
+ }
}
diff --git a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_multiple_nacm_rules/expected.json b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_multiple_nacm_rules/expected.json
index 59d413b..53ab3ec 100644
--- a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_multiple_nacm_rules/expected.json
+++ b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_multiple_nacm_rules/expected.json
@@ -1,32 +1,137 @@
{
- "ietf-netconf-acm:nacm": {
- "rule-list": [
- {
- "name": "Allow DWDM control to the optics group",
- "group": ["optics"],
- "rule": [
- {
- "name": "czechlight-roadm-device",
- "module-name": "czechlight-roadm-device",
- "action": "permit"
- },
- {
- "name": "czechlight-inline-amp",
- "module-name": "czechlight-inline-amp",
- "action": "permit"
- },
- {
- "name": "czechlight-coherent-add-drop",
- "module-name": "czechlight-coherent-add-drop",
- "action": "permit"
- },
- {
- "name": "czechlight-calibration-device",
- "module-name": "czechlight-calibration-device",
- "action": "permit"
- }
- ]
- }
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
]
- }
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
+ }
}
diff --git a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_no_nacm/expected.json b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_no_nacm/expected.json
index 59d413b..53ab3ec 100644
--- a/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_no_nacm/expected.json
+++ b/tests/czechlight-cfg-fs/data/v3_sdn-roadm-line_no_nacm/expected.json
@@ -1,32 +1,137 @@
{
- "ietf-netconf-acm:nacm": {
- "rule-list": [
- {
- "name": "Allow DWDM control to the optics group",
- "group": ["optics"],
- "rule": [
- {
- "name": "czechlight-roadm-device",
- "module-name": "czechlight-roadm-device",
- "action": "permit"
- },
- {
- "name": "czechlight-inline-amp",
- "module-name": "czechlight-inline-amp",
- "action": "permit"
- },
- {
- "name": "czechlight-coherent-add-drop",
- "module-name": "czechlight-coherent-add-drop",
- "action": "permit"
- },
- {
- "name": "czechlight-calibration-device",
- "module-name": "czechlight-calibration-device",
- "action": "permit"
- }
- ]
- }
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
]
- }
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
+ }
}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/cmdline b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/cmdline
new file mode 100644
index 0000000..6b1d906
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/cmdline
@@ -0,0 +1 @@
+czechlight=sdn-roadm-line
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/expected.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/expected.json
new file mode 100644
index 0000000..74c2a5f
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/expected.json
@@ -0,0 +1,137 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/startup.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/startup.json
new file mode 100644
index 0000000..59d413b
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/startup.json
@@ -0,0 +1,32 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/version b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/version
new file mode 100644
index 0000000..b8626c4
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/version
@@ -0,0 +1 @@
+4
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/xpath b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/xpath
new file mode 100644
index 0000000..8eca9fa
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_default_nacm/xpath
@@ -0,0 +1 @@
+/ietf-netconf-acm:nacm
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/cmdline b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/cmdline
new file mode 100644
index 0000000..6b1d906
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/cmdline
@@ -0,0 +1 @@
+czechlight=sdn-roadm-line
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/expected.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/expected.json
new file mode 100644
index 0000000..e0eeb9c
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/expected.json
@@ -0,0 +1,149 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ },
+ {
+ "name": "Some rule list",
+ "group": ["optics"]
+ },
+ {
+ "name": "Another rule list",
+ "group": ["optics"]
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ },
+ {
+ "name": "Yet another rule list (YARL)",
+ "group": ["optics"]
+ }
+ ]
+ }
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/startup.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/startup.json
new file mode 100644
index 0000000..a56c909
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/startup.json
@@ -0,0 +1,47 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Some rule list",
+ "group": ["optics"],
+ "rule": []
+ },
+ {
+ "name": "Another rule list",
+ "group": ["optics"],
+ "rule": []
+ },
+ {
+ "name": "Allow DWDM control to the optics group",
+ "group": ["optics"],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit"
+ },
+ {
+ "name": "czechlight-calibration-device",
+ "module-name": "czechlight-calibration-device",
+ "action": "permit"
+ }
+ ]
+ },
+ {
+ "name": "Yet another rule list (YARL)",
+ "group": ["optics"],
+ "rule": []
+ }
+ ]
+ }
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/version b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/version
new file mode 100644
index 0000000..b8626c4
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/version
@@ -0,0 +1 @@
+4
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/xpath b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/xpath
new file mode 100644
index 0000000..8eca9fa
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_multiple_nacm_rules/xpath
@@ -0,0 +1 @@
+/ietf-netconf-acm:nacm
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/cmdline b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/cmdline
new file mode 100644
index 0000000..6b1d906
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/cmdline
@@ -0,0 +1 @@
+czechlight=sdn-roadm-line
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/expected.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/expected.json
new file mode 100644
index 0000000..f8ca166
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/expected.json
@@ -0,0 +1,111 @@
+{
+ "ietf-netconf-acm:nacm": {
+ "rule-list": [
+ {
+ "name": "Permit yangnobody user/group to read only some modules",
+ "group": [
+ "yangnobody"
+ ],
+ "rule": [
+ {
+ "name": "czechlight-roadm-device",
+ "module-name": "czechlight-roadm-device",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-inline-amp",
+ "module-name": "czechlight-inline-amp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-coherent-add-drop",
+ "module-name": "czechlight-coherent-add-drop",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-yang-library",
+ "module-name": "ietf-yang-library",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-hardware",
+ "module-name": "ietf-hardware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-interfaces",
+ "module-name": "ietf-interfaces",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: contact",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/contact",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: hostname",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/hostname",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: location",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/location",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: clock",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system/clock",
+ "access-operations": "read"
+ },
+ {
+ "name": "ietf-system: system-state",
+ "module-name": "ietf-system",
+ "action": "permit",
+ "path": "/ietf-system:system-state",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-lldp",
+ "module-name": "czechlight-lldp",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:firmware",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:firmware",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "czechlight-system:leds",
+ "module-name": "czechlight-system",
+ "path": "/czechlight-system:leds",
+ "action": "permit",
+ "access-operations": "read"
+ },
+ {
+ "name": "wildcard-deny",
+ "module-name": "*",
+ "action": "deny",
+ "access-operations": "*"
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/startup.json b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/startup.json
new file mode 100644
index 0000000..2c63c08
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/startup.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/version b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/version
new file mode 100644
index 0000000..b8626c4
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/version
@@ -0,0 +1 @@
+4
diff --git a/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/xpath b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/xpath
new file mode 100644
index 0000000..8eca9fa
--- /dev/null
+++ b/tests/czechlight-cfg-fs/data/v4_sdn-roadm-line_no_nacm/xpath
@@ -0,0 +1 @@
+/ietf-netconf-acm:nacm