Radek Krejci | ed5acc5 | 2019-04-25 15:57:04 +0200 | [diff] [blame^] | 1 | <?xml version="1.0" encoding="UTF-8"?> |
| 2 | <module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when2"> |
| 3 | <namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/> |
| 4 | <prefix value="nacm"/> |
| 5 | <import module="ietf-yang-types"> |
| 6 | <prefix value="yang"/> |
| 7 | </import> |
| 8 | <organization> |
| 9 | <text>IETF NETCONF (Network Configuration) Working Group</text> |
| 10 | </organization> |
| 11 | <contact> |
| 12 | <text>WG Web: <http://tools.ietf.org/wg/netconf/> |
| 13 | WG List: <mailto:netconf@ietf.org> |
| 14 | |
| 15 | WG Chair: Mehmet Ersue |
| 16 | <mailto:mehmet.ersue@nsn.com> |
| 17 | |
| 18 | WG Chair: Bert Wijnen |
| 19 | <mailto:bertietf@bwijnen.net> |
| 20 | |
| 21 | Editor: Andy Bierman |
| 22 | <mailto:andy@yumaworks.com> |
| 23 | |
| 24 | Editor: Martin Bjorklund |
| 25 | <mailto:mbj@tail-f.com></text> |
| 26 | </contact> |
| 27 | <description> |
| 28 | <text>NETCONF Access Control Model. |
| 29 | |
| 30 | Copyright (c) 2012 IETF Trust and the persons identified as |
| 31 | authors of the code. All rights reserved. |
| 32 | |
| 33 | Redistribution and use in source and binary forms, with or |
| 34 | without modification, is permitted pursuant to, and subject |
| 35 | to the license terms contained in, the Simplified BSD |
| 36 | License set forth in Section 4.c of the IETF Trust's |
| 37 | Legal Provisions Relating to IETF Documents |
| 38 | (http://trustee.ietf.org/license-info). |
| 39 | |
| 40 | This version of this YANG module is part of RFC 6536; see |
| 41 | the RFC itself for full legal notices.</text> |
| 42 | </description> |
| 43 | <revision date="2012-02-22"> |
| 44 | <description> |
| 45 | <text>Initial version</text> |
| 46 | </description> |
| 47 | <reference> |
| 48 | <text>RFC 6536: Network Configuration Protocol (NETCONF) |
| 49 | Access Control Model</text> |
| 50 | </reference> |
| 51 | </revision> |
| 52 | <extension name="default-deny-write"> |
| 53 | <description> |
| 54 | <text>Used to indicate that the data model node |
| 55 | represents a sensitive security system parameter. |
| 56 | |
| 57 | If present, and the NACM module is enabled (i.e., |
| 58 | /nacm/enable-nacm object equals 'true'), the NETCONF server |
| 59 | will only allow the designated 'recovery session' to have |
| 60 | write access to the node. An explicit access control rule is |
| 61 | required for all other users. |
| 62 | |
| 63 | The 'default-deny-write' extension MAY appear within a data |
| 64 | definition statement. It is ignored otherwise.</text> |
| 65 | </description> |
| 66 | </extension> |
| 67 | <extension name="default-deny-all"> |
| 68 | <description> |
| 69 | <text>Used to indicate that the data model node |
| 70 | controls a very sensitive security system parameter. |
| 71 | |
| 72 | If present, and the NACM module is enabled (i.e., |
| 73 | /nacm/enable-nacm object equals 'true'), the NETCONF server |
| 74 | will only allow the designated 'recovery session' to have |
| 75 | read, write, or execute access to the node. An explicit |
| 76 | access control rule is required for all other users. |
| 77 | |
| 78 | The 'default-deny-all' extension MAY appear within a data |
| 79 | definition statement, 'rpc' statement, or 'notification' |
| 80 | statement. It is ignored otherwise.</text> |
| 81 | </description> |
| 82 | </extension> |
| 83 | <typedef name="user-name-type"> |
| 84 | <type name="string"> |
| 85 | <length value="1..max"/> |
| 86 | </type> |
| 87 | <description> |
| 88 | <text>General Purpose Username string.</text> |
| 89 | </description> |
| 90 | </typedef> |
| 91 | <typedef name="matchall-string-type"> |
| 92 | <type name="string"> |
| 93 | <pattern value="\*"/> |
| 94 | </type> |
| 95 | <description> |
| 96 | <text>The string containing a single asterisk '*' is used |
| 97 | to conceptually represent all possible values |
| 98 | for the particular leaf using this data type.</text> |
| 99 | </description> |
| 100 | </typedef> |
| 101 | <typedef name="access-operations-type"> |
| 102 | <type name="bits"> |
| 103 | <bit name="create"> |
| 104 | <description> |
| 105 | <text>Any protocol operation that creates a |
| 106 | new data node.</text> |
| 107 | </description> |
| 108 | </bit> |
| 109 | <bit name="read"> |
| 110 | <description> |
| 111 | <text>Any protocol operation or notification that |
| 112 | returns the value of a data node.</text> |
| 113 | </description> |
| 114 | </bit> |
| 115 | <bit name="update"> |
| 116 | <description> |
| 117 | <text>Any protocol operation that alters an existing |
| 118 | data node.</text> |
| 119 | </description> |
| 120 | </bit> |
| 121 | <bit name="delete"> |
| 122 | <description> |
| 123 | <text>Any protocol operation that removes a data node.</text> |
| 124 | </description> |
| 125 | </bit> |
| 126 | <bit name="exec"> |
| 127 | <description> |
| 128 | <text>Execution access to the specified protocol operation.</text> |
| 129 | </description> |
| 130 | </bit> |
| 131 | </type> |
| 132 | <description> |
| 133 | <text>NETCONF Access Operation.</text> |
| 134 | </description> |
| 135 | </typedef> |
| 136 | <typedef name="group-name-type"> |
| 137 | <type name="string"> |
| 138 | <length value="1..max"/> |
| 139 | <pattern value="[^\*].*"/> |
| 140 | </type> |
| 141 | <description> |
| 142 | <text>Name of administrative group to which |
| 143 | users can be assigned.</text> |
| 144 | </description> |
| 145 | </typedef> |
| 146 | <typedef name="action-type"> |
| 147 | <type name="enumeration"> |
| 148 | <enum name="permit"> |
| 149 | <description> |
| 150 | <text>Requested action is permitted.</text> |
| 151 | </description> |
| 152 | </enum> |
| 153 | <enum name="deny"> |
| 154 | <description> |
| 155 | <text>Requested action is denied.</text> |
| 156 | </description> |
| 157 | </enum> |
| 158 | </type> |
| 159 | <description> |
| 160 | <text>Action taken by the server when a particular |
| 161 | rule matches.</text> |
| 162 | </description> |
| 163 | </typedef> |
| 164 | <typedef name="node-instance-identifier"> |
| 165 | <type name="yang:xpath1.0"/> |
| 166 | <description> |
| 167 | <text>Path expression used to represent a special |
| 168 | data node instance identifier string. |
| 169 | |
| 170 | A node-instance-identifier value is an |
| 171 | unrestricted YANG instance-identifier expression. |
| 172 | All the same rules as an instance-identifier apply |
| 173 | except predicates for keys are optional. If a key |
| 174 | predicate is missing, then the node-instance-identifier |
| 175 | represents all possible server instances for that key. |
| 176 | |
| 177 | This XPath expression is evaluated in the following context: |
| 178 | |
| 179 | o The set of namespace declarations are those in scope on |
| 180 | the leaf element where this type is used. |
| 181 | |
| 182 | o The set of variable bindings contains one variable, |
| 183 | 'USER', which contains the name of the user of the current |
| 184 | session. |
| 185 | |
| 186 | o The function library is the core function library, but |
| 187 | note that due to the syntax restrictions of an |
| 188 | instance-identifier, no functions are allowed. |
| 189 | |
| 190 | o The context node is the root node in the data tree.</text> |
| 191 | </description> |
| 192 | </typedef> |
| 193 | <container name="nacm"> |
| 194 | <nacm:default-deny-all/> |
| 195 | <description> |
| 196 | <text>Parameters for NETCONF Access Control Model.</text> |
| 197 | </description> |
| 198 | <leaf name="enable-nacm"> |
| 199 | <type name="boolean"/> |
| 200 | <default value="true"/> |
| 201 | <description> |
| 202 | <text>Enables or disables all NETCONF access control |
| 203 | enforcement. If 'true', then enforcement |
| 204 | is enabled. If 'false', then enforcement |
| 205 | is disabled.</text> |
| 206 | </description> |
| 207 | </leaf> |
| 208 | <leaf name="read-default"> |
| 209 | <type name="action-type"/> |
| 210 | <default value="permit"/> |
| 211 | <description> |
| 212 | <text>Controls whether read access is granted if |
| 213 | no appropriate rule is found for a |
| 214 | particular read request.</text> |
| 215 | </description> |
| 216 | </leaf> |
| 217 | <leaf name="write-default"> |
| 218 | <type name="action-type"/> |
| 219 | <default value="deny"/> |
| 220 | <description> |
| 221 | <text>Controls whether create, update, or delete access |
| 222 | is granted if no appropriate rule is found for a |
| 223 | particular write request.</text> |
| 224 | </description> |
| 225 | </leaf> |
| 226 | <leaf name="exec-default"> |
| 227 | <type name="action-type"/> |
| 228 | <default value="permit"/> |
| 229 | <description> |
| 230 | <text>Controls whether exec access is granted if no appropriate |
| 231 | rule is found for a particular protocol operation request.</text> |
| 232 | </description> |
| 233 | </leaf> |
| 234 | <leaf name="enable-external-groups"> |
| 235 | <type name="boolean"/> |
| 236 | <default value="true"/> |
| 237 | <description> |
| 238 | <text>Controls whether the server uses the groups reported by the |
| 239 | NETCONF transport layer when it assigns the user to a set of |
| 240 | NACM groups. If this leaf has the value 'false', any group |
| 241 | names reported by the transport layer are ignored by the |
| 242 | server.</text> |
| 243 | </description> |
| 244 | </leaf> |
| 245 | <leaf name="denied-operations"> |
| 246 | <type name="yang:zero-based-counter32"/> |
| 247 | <config value="false"/> |
| 248 | <mandatory value="true"/> |
| 249 | <description> |
| 250 | <text>Number of times since the server last restarted that a |
| 251 | protocol operation request was denied.</text> |
| 252 | </description> |
| 253 | </leaf> |
| 254 | <leaf name="denied-data-writes"> |
| 255 | <type name="yang:zero-based-counter32"/> |
| 256 | <config value="false"/> |
| 257 | <mandatory value="true"/> |
| 258 | <when condition="../denied-operations > 0"/> |
| 259 | <description> |
| 260 | <text>Number of times since the server last restarted that a |
| 261 | protocol operation request to alter |
| 262 | a configuration datastore was denied.</text> |
| 263 | </description> |
| 264 | </leaf> |
| 265 | <leaf name="denied-notifications"> |
| 266 | <type name="yang:zero-based-counter32"/> |
| 267 | <config value="false"/> |
| 268 | <mandatory value="true"/> |
| 269 | <description> |
| 270 | <text>Number of times since the server last restarted that |
| 271 | a notification was dropped for a subscription because |
| 272 | access to the event type was denied.</text> |
| 273 | </description> |
| 274 | </leaf> |
| 275 | <container name="groups"> |
| 276 | <description> |
| 277 | <text>NETCONF Access Control Groups.</text> |
| 278 | </description> |
| 279 | <list name="group"> |
| 280 | <key value="name"/> |
| 281 | <description> |
| 282 | <text>One NACM Group Entry. This list will only contain |
| 283 | configured entries, not any entries learned from |
| 284 | any transport protocols.</text> |
| 285 | </description> |
| 286 | <leaf name="name"> |
| 287 | <type name="group-name-type"/> |
| 288 | <description> |
| 289 | <text>Group name associated with this entry.</text> |
| 290 | </description> |
| 291 | </leaf> |
| 292 | <leaf-list name="user-name"> |
| 293 | <type name="user-name-type"/> |
| 294 | <description> |
| 295 | <text>Each entry identifies the username of |
| 296 | a member of the group associated with |
| 297 | this entry.</text> |
| 298 | </description> |
| 299 | </leaf-list> |
| 300 | </list> |
| 301 | </container> |
| 302 | <list name="rule-list"> |
| 303 | <key value="name"/> |
| 304 | <ordered-by value="user"/> |
| 305 | <description> |
| 306 | <text>An ordered collection of access control rules.</text> |
| 307 | </description> |
| 308 | <leaf name="name"> |
| 309 | <type name="string"> |
| 310 | <length value="1..max"/> |
| 311 | </type> |
| 312 | <description> |
| 313 | <text>Arbitrary name assigned to the rule-list.</text> |
| 314 | </description> |
| 315 | </leaf> |
| 316 | <leaf-list name="group"> |
| 317 | <type name="union"> |
| 318 | <type name="matchall-string-type"/> |
| 319 | <type name="group-name-type"/> |
| 320 | </type> |
| 321 | <description> |
| 322 | <text>List of administrative groups that will be |
| 323 | assigned the associated access rights |
| 324 | defined by the 'rule' list. |
| 325 | |
| 326 | The string '*' indicates that all groups apply to the |
| 327 | entry.</text> |
| 328 | </description> |
| 329 | </leaf-list> |
| 330 | <list name="rule"> |
| 331 | <key value="name"/> |
| 332 | <ordered-by value="user"/> |
| 333 | <description> |
| 334 | <text>One access control rule. |
| 335 | |
| 336 | Rules are processed in user-defined order until a match is |
| 337 | found. A rule matches if 'module-name', 'rule-type', and |
| 338 | 'access-operations' match the request. If a rule |
| 339 | matches, the 'action' leaf determines if access is granted |
| 340 | or not.</text> |
| 341 | </description> |
| 342 | <leaf name="name"> |
| 343 | <type name="string"> |
| 344 | <length value="1..max"/> |
| 345 | </type> |
| 346 | <description> |
| 347 | <text>Arbitrary name assigned to the rule.</text> |
| 348 | </description> |
| 349 | </leaf> |
| 350 | <leaf name="module-name"> |
| 351 | <type name="union"> |
| 352 | <type name="matchall-string-type"/> |
| 353 | <type name="string"/> |
| 354 | </type> |
| 355 | <default value="*"/> |
| 356 | <description> |
| 357 | <text>Name of the module associated with this rule. |
| 358 | |
| 359 | This leaf matches if it has the value '*' or if the |
| 360 | object being accessed is defined in the module with the |
| 361 | specified module name.</text> |
| 362 | </description> |
| 363 | </leaf> |
| 364 | <choice name="rule-type"> |
| 365 | <description> |
| 366 | <text>This choice matches if all leafs present in the rule |
| 367 | match the request. If no leafs are present, the |
| 368 | choice matches all requests.</text> |
| 369 | </description> |
| 370 | <case name="protocol-operation"> |
| 371 | <leaf name="rpc-name"> |
| 372 | <type name="union"> |
| 373 | <type name="matchall-string-type"/> |
| 374 | <type name="string"/> |
| 375 | </type> |
| 376 | <description> |
| 377 | <text>This leaf matches if it has the value '*' or if |
| 378 | its value equals the requested protocol operation |
| 379 | name.</text> |
| 380 | </description> |
| 381 | </leaf> |
| 382 | </case> |
| 383 | <case name="notification"> |
| 384 | <leaf name="notification-name"> |
| 385 | <type name="union"> |
| 386 | <type name="matchall-string-type"/> |
| 387 | <type name="string"/> |
| 388 | </type> |
| 389 | <description> |
| 390 | <text>This leaf matches if it has the value '*' or if its |
| 391 | value equals the requested notification name.</text> |
| 392 | </description> |
| 393 | </leaf> |
| 394 | </case> |
| 395 | <case name="data-node"> |
| 396 | <leaf name="path"> |
| 397 | <type name="node-instance-identifier"/> |
| 398 | <mandatory value="true"/> |
| 399 | <description> |
| 400 | <text>Data Node Instance Identifier associated with the |
| 401 | data node controlled by this rule. |
| 402 | |
| 403 | Configuration data or state data instance |
| 404 | identifiers start with a top-level data node. A |
| 405 | complete instance identifier is required for this |
| 406 | type of path value. |
| 407 | |
| 408 | The special value '/' refers to all possible |
| 409 | datastore contents.</text> |
| 410 | </description> |
| 411 | </leaf> |
| 412 | </case> |
| 413 | </choice> |
| 414 | <leaf name="access-operations"> |
| 415 | <type name="union"> |
| 416 | <type name="matchall-string-type"/> |
| 417 | <type name="access-operations-type"/> |
| 418 | </type> |
| 419 | <default value="*"/> |
| 420 | <description> |
| 421 | <text>Access operations associated with this rule. |
| 422 | |
| 423 | This leaf matches if it has the value '*' or if the |
| 424 | bit corresponding to the requested operation is set.</text> |
| 425 | </description> |
| 426 | </leaf> |
| 427 | <leaf name="action"> |
| 428 | <type name="action-type"/> |
| 429 | <mandatory value="true"/> |
| 430 | <description> |
| 431 | <text>The access control action associated with the |
| 432 | rule. If a rule is determined to match a |
| 433 | particular request, then this object is used |
| 434 | to determine whether to permit or deny the |
| 435 | request.</text> |
| 436 | </description> |
| 437 | </leaf> |
| 438 | <leaf name="comment"> |
| 439 | <type name="string"/> |
| 440 | <description> |
| 441 | <text>A textual description of the access rule.</text> |
| 442 | </description> |
| 443 | </leaf> |
| 444 | </list> |
| 445 | </list> |
| 446 | </container> |
| 447 | </module> |