| <?xml version="1.0" encoding="UTF-8"?> |
| <module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when2"> |
| <namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/> |
| <prefix value="nacm"/> |
| <import module="ietf-yang-types"> |
| <prefix value="yang"/> |
| </import> |
| <organization> |
| <text>IETF NETCONF (Network Configuration) Working Group</text> |
| </organization> |
| <contact> |
| <text>WG Web: <http://tools.ietf.org/wg/netconf/> |
| WG List: <mailto:netconf@ietf.org> |
| |
| WG Chair: Mehmet Ersue |
| <mailto:mehmet.ersue@nsn.com> |
| |
| WG Chair: Bert Wijnen |
| <mailto:bertietf@bwijnen.net> |
| |
| Editor: Andy Bierman |
| <mailto:andy@yumaworks.com> |
| |
| Editor: Martin Bjorklund |
| <mailto:mbj@tail-f.com></text> |
| </contact> |
| <description> |
| <text>NETCONF Access Control Model. |
| |
| Copyright (c) 2012 IETF Trust and the persons identified as |
| authors of the code. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with or |
| without modification, is permitted pursuant to, and subject |
| to the license terms contained in, the Simplified BSD |
| License set forth in Section 4.c of the IETF Trust's |
| Legal Provisions Relating to IETF Documents |
| (http://trustee.ietf.org/license-info). |
| |
| This version of this YANG module is part of RFC 6536; see |
| the RFC itself for full legal notices.</text> |
| </description> |
| <revision date="2012-02-22"> |
| <description> |
| <text>Initial version</text> |
| </description> |
| <reference> |
| <text>RFC 6536: Network Configuration Protocol (NETCONF) |
| Access Control Model</text> |
| </reference> |
| </revision> |
| <extension name="default-deny-write"> |
| <description> |
| <text>Used to indicate that the data model node |
| represents a sensitive security system parameter. |
| |
| If present, and the NACM module is enabled (i.e., |
| /nacm/enable-nacm object equals 'true'), the NETCONF server |
| will only allow the designated 'recovery session' to have |
| write access to the node. An explicit access control rule is |
| required for all other users. |
| |
| The 'default-deny-write' extension MAY appear within a data |
| definition statement. It is ignored otherwise.</text> |
| </description> |
| </extension> |
| <extension name="default-deny-all"> |
| <description> |
| <text>Used to indicate that the data model node |
| controls a very sensitive security system parameter. |
| |
| If present, and the NACM module is enabled (i.e., |
| /nacm/enable-nacm object equals 'true'), the NETCONF server |
| will only allow the designated 'recovery session' to have |
| read, write, or execute access to the node. An explicit |
| access control rule is required for all other users. |
| |
| The 'default-deny-all' extension MAY appear within a data |
| definition statement, 'rpc' statement, or 'notification' |
| statement. It is ignored otherwise.</text> |
| </description> |
| </extension> |
| <typedef name="user-name-type"> |
| <type name="string"> |
| <length value="1..max"/> |
| </type> |
| <description> |
| <text>General Purpose Username string.</text> |
| </description> |
| </typedef> |
| <typedef name="matchall-string-type"> |
| <type name="string"> |
| <pattern value="\*"/> |
| </type> |
| <description> |
| <text>The string containing a single asterisk '*' is used |
| to conceptually represent all possible values |
| for the particular leaf using this data type.</text> |
| </description> |
| </typedef> |
| <typedef name="access-operations-type"> |
| <type name="bits"> |
| <bit name="create"> |
| <description> |
| <text>Any protocol operation that creates a |
| new data node.</text> |
| </description> |
| </bit> |
| <bit name="read"> |
| <description> |
| <text>Any protocol operation or notification that |
| returns the value of a data node.</text> |
| </description> |
| </bit> |
| <bit name="update"> |
| <description> |
| <text>Any protocol operation that alters an existing |
| data node.</text> |
| </description> |
| </bit> |
| <bit name="delete"> |
| <description> |
| <text>Any protocol operation that removes a data node.</text> |
| </description> |
| </bit> |
| <bit name="exec"> |
| <description> |
| <text>Execution access to the specified protocol operation.</text> |
| </description> |
| </bit> |
| </type> |
| <description> |
| <text>NETCONF Access Operation.</text> |
| </description> |
| </typedef> |
| <typedef name="group-name-type"> |
| <type name="string"> |
| <length value="1..max"/> |
| <pattern value="[^\*].*"/> |
| </type> |
| <description> |
| <text>Name of administrative group to which |
| users can be assigned.</text> |
| </description> |
| </typedef> |
| <typedef name="action-type"> |
| <type name="enumeration"> |
| <enum name="permit"> |
| <description> |
| <text>Requested action is permitted.</text> |
| </description> |
| </enum> |
| <enum name="deny"> |
| <description> |
| <text>Requested action is denied.</text> |
| </description> |
| </enum> |
| </type> |
| <description> |
| <text>Action taken by the server when a particular |
| rule matches.</text> |
| </description> |
| </typedef> |
| <typedef name="node-instance-identifier"> |
| <type name="yang:xpath1.0"/> |
| <description> |
| <text>Path expression used to represent a special |
| data node instance identifier string. |
| |
| A node-instance-identifier value is an |
| unrestricted YANG instance-identifier expression. |
| All the same rules as an instance-identifier apply |
| except predicates for keys are optional. If a key |
| predicate is missing, then the node-instance-identifier |
| represents all possible server instances for that key. |
| |
| This XPath expression is evaluated in the following context: |
| |
| o The set of namespace declarations are those in scope on |
| the leaf element where this type is used. |
| |
| o The set of variable bindings contains one variable, |
| 'USER', which contains the name of the user of the current |
| session. |
| |
| o The function library is the core function library, but |
| note that due to the syntax restrictions of an |
| instance-identifier, no functions are allowed. |
| |
| o The context node is the root node in the data tree.</text> |
| </description> |
| </typedef> |
| <container name="nacm"> |
| <nacm:default-deny-all/> |
| <description> |
| <text>Parameters for NETCONF Access Control Model.</text> |
| </description> |
| <leaf name="enable-nacm"> |
| <type name="boolean"/> |
| <default value="true"/> |
| <description> |
| <text>Enables or disables all NETCONF access control |
| enforcement. If 'true', then enforcement |
| is enabled. If 'false', then enforcement |
| is disabled.</text> |
| </description> |
| </leaf> |
| <leaf name="read-default"> |
| <type name="action-type"/> |
| <default value="permit"/> |
| <description> |
| <text>Controls whether read access is granted if |
| no appropriate rule is found for a |
| particular read request.</text> |
| </description> |
| </leaf> |
| <leaf name="write-default"> |
| <type name="action-type"/> |
| <default value="deny"/> |
| <description> |
| <text>Controls whether create, update, or delete access |
| is granted if no appropriate rule is found for a |
| particular write request.</text> |
| </description> |
| </leaf> |
| <leaf name="exec-default"> |
| <type name="action-type"/> |
| <default value="permit"/> |
| <description> |
| <text>Controls whether exec access is granted if no appropriate |
| rule is found for a particular protocol operation request.</text> |
| </description> |
| </leaf> |
| <leaf name="enable-external-groups"> |
| <type name="boolean"/> |
| <default value="true"/> |
| <description> |
| <text>Controls whether the server uses the groups reported by the |
| NETCONF transport layer when it assigns the user to a set of |
| NACM groups. If this leaf has the value 'false', any group |
| names reported by the transport layer are ignored by the |
| server.</text> |
| </description> |
| </leaf> |
| <leaf name="denied-operations"> |
| <type name="yang:zero-based-counter32"/> |
| <config value="false"/> |
| <mandatory value="true"/> |
| <description> |
| <text>Number of times since the server last restarted that a |
| protocol operation request was denied.</text> |
| </description> |
| </leaf> |
| <leaf name="denied-data-writes"> |
| <type name="yang:zero-based-counter32"/> |
| <config value="false"/> |
| <mandatory value="true"/> |
| <when condition="../denied-operations > 0"/> |
| <description> |
| <text>Number of times since the server last restarted that a |
| protocol operation request to alter |
| a configuration datastore was denied.</text> |
| </description> |
| </leaf> |
| <leaf name="denied-notifications"> |
| <type name="yang:zero-based-counter32"/> |
| <config value="false"/> |
| <mandatory value="true"/> |
| <description> |
| <text>Number of times since the server last restarted that |
| a notification was dropped for a subscription because |
| access to the event type was denied.</text> |
| </description> |
| </leaf> |
| <container name="groups"> |
| <description> |
| <text>NETCONF Access Control Groups.</text> |
| </description> |
| <list name="group"> |
| <key value="name"/> |
| <description> |
| <text>One NACM Group Entry. This list will only contain |
| configured entries, not any entries learned from |
| any transport protocols.</text> |
| </description> |
| <leaf name="name"> |
| <type name="group-name-type"/> |
| <description> |
| <text>Group name associated with this entry.</text> |
| </description> |
| </leaf> |
| <leaf-list name="user-name"> |
| <type name="user-name-type"/> |
| <description> |
| <text>Each entry identifies the username of |
| a member of the group associated with |
| this entry.</text> |
| </description> |
| </leaf-list> |
| </list> |
| </container> |
| <list name="rule-list"> |
| <key value="name"/> |
| <ordered-by value="user"/> |
| <description> |
| <text>An ordered collection of access control rules.</text> |
| </description> |
| <leaf name="name"> |
| <type name="string"> |
| <length value="1..max"/> |
| </type> |
| <description> |
| <text>Arbitrary name assigned to the rule-list.</text> |
| </description> |
| </leaf> |
| <leaf-list name="group"> |
| <type name="union"> |
| <type name="matchall-string-type"/> |
| <type name="group-name-type"/> |
| </type> |
| <description> |
| <text>List of administrative groups that will be |
| assigned the associated access rights |
| defined by the 'rule' list. |
| |
| The string '*' indicates that all groups apply to the |
| entry.</text> |
| </description> |
| </leaf-list> |
| <list name="rule"> |
| <key value="name"/> |
| <ordered-by value="user"/> |
| <description> |
| <text>One access control rule. |
| |
| Rules are processed in user-defined order until a match is |
| found. A rule matches if 'module-name', 'rule-type', and |
| 'access-operations' match the request. If a rule |
| matches, the 'action' leaf determines if access is granted |
| or not.</text> |
| </description> |
| <leaf name="name"> |
| <type name="string"> |
| <length value="1..max"/> |
| </type> |
| <description> |
| <text>Arbitrary name assigned to the rule.</text> |
| </description> |
| </leaf> |
| <leaf name="module-name"> |
| <type name="union"> |
| <type name="matchall-string-type"/> |
| <type name="string"/> |
| </type> |
| <default value="*"/> |
| <description> |
| <text>Name of the module associated with this rule. |
| |
| This leaf matches if it has the value '*' or if the |
| object being accessed is defined in the module with the |
| specified module name.</text> |
| </description> |
| </leaf> |
| <choice name="rule-type"> |
| <description> |
| <text>This choice matches if all leafs present in the rule |
| match the request. If no leafs are present, the |
| choice matches all requests.</text> |
| </description> |
| <case name="protocol-operation"> |
| <leaf name="rpc-name"> |
| <type name="union"> |
| <type name="matchall-string-type"/> |
| <type name="string"/> |
| </type> |
| <description> |
| <text>This leaf matches if it has the value '*' or if |
| its value equals the requested protocol operation |
| name.</text> |
| </description> |
| </leaf> |
| </case> |
| <case name="notification"> |
| <leaf name="notification-name"> |
| <type name="union"> |
| <type name="matchall-string-type"/> |
| <type name="string"/> |
| </type> |
| <description> |
| <text>This leaf matches if it has the value '*' or if its |
| value equals the requested notification name.</text> |
| </description> |
| </leaf> |
| </case> |
| <case name="data-node"> |
| <leaf name="path"> |
| <type name="node-instance-identifier"/> |
| <mandatory value="true"/> |
| <description> |
| <text>Data Node Instance Identifier associated with the |
| data node controlled by this rule. |
| |
| Configuration data or state data instance |
| identifiers start with a top-level data node. A |
| complete instance identifier is required for this |
| type of path value. |
| |
| The special value '/' refers to all possible |
| datastore contents.</text> |
| </description> |
| </leaf> |
| </case> |
| </choice> |
| <leaf name="access-operations"> |
| <type name="union"> |
| <type name="matchall-string-type"/> |
| <type name="access-operations-type"/> |
| </type> |
| <default value="*"/> |
| <description> |
| <text>Access operations associated with this rule. |
| |
| This leaf matches if it has the value '*' or if the |
| bit corresponding to the requested operation is set.</text> |
| </description> |
| </leaf> |
| <leaf name="action"> |
| <type name="action-type"/> |
| <mandatory value="true"/> |
| <description> |
| <text>The access control action associated with the |
| rule. If a rule is determined to match a |
| particular request, then this object is used |
| to determine whether to permit or deny the |
| request.</text> |
| </description> |
| </leaf> |
| <leaf name="comment"> |
| <type name="string"/> |
| <description> |
| <text>A textual description of the access rule.</text> |
| </description> |
| </leaf> |
| </list> |
| </list> |
| </container> |
| </module> |