frr/libyang
1
0
Fork 0
Code Issues Activity

Adding upstream version 3.1.0+dfsg.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-02-05 08:00:08 +01:00
parent 64dbec996d
commit cfcebb1a7d
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
569 changed files with 205393 additions and 0 deletions

536
tools/lint/examples/README.md Normal file
View file

@ -0,0 +1,536 @@
# YANGLINT - Interactive Mode Examples
This text provides several use-case of the `yanglint(1)` interactive
mode. For basic information about the `yanglint(1)` usage, please see
the man page.
The examples are supposed to be went through one by one. Some of the examples
suppose the specific schemas loaded in some of the previous example is still
loaded. If an addition work is need, the *preparation* part in the example
provides information what to do.
To show all available command of the `yanglint(1)`, use the `help` command:
```
> help
Available commands:
help Display commands description
add Add a new module from a specific file
load Load a new schema from the searchdirs
print Print a module
data Load, validate and optionally print instance data
list List all the loaded modules
feature Print all features of module(s) with their state
searchpath Print/set the search path(s) for schemas
clear Clear the context - remove all the loaded modules
verb Change verbosity
debug Display specific debug message groups
quit Quit the program
? Display commands description
exit Quit the program
```
To show the information about the specific command, use the `help` command in
combination with the command name you are interested in:
```
> help searchpath
Usage: searchpath [--clear] [<modules-dir-path> ...]
Set paths of directories where to search for imports and includes
of the schema modules. Subdirectories are also searched. The current
working directory and the path of the module being added is used implicitly.
The 'load' command uses these paths to search even for the schema modules
to be loaded.
```
The input files referred in this document are available together with this
document.
## Duplicit Data Model
Let's have two data models [module1.yang](./module1.yang)
and [module1b.yang](./module1b.yang).
They differ in the module name but their namespaces are the same.
Preparation:
```
> clear
> add module1.yang
> list
```
Output:
```
List of the loaded models:
i ietf-yang-metadata@2016-08-05
I yang@2022-06-16
i ietf-inet-types@2013-07-15
i ietf-yang-types@2013-07-15
I ietf-yang-schema-mount@2019-01-14
I module1
```
Command and its output:
```
> add module1b.yang
libyang[0]: Two different modules ("module1" and "module1b") have the same namespace "urn:yanglint:module".
libyang[0]: Parsing module "module1b" failed.
```
## Yang Data Model Validation
**YANG/YIN syntax**
`module2.yin` contains a syntax error.
There is a bad syntax of the `type` statement in YIN file.
```
<type value="string"/>
```
instead of
```
<type name="string"/>
```
Preparation:
```
> clear
```
Command and its output:
```
> add module2.yin
libyang[0]: Unexpected attribute "value" of "type" element. (path: Line number 8.)
libyang[0]: Parsing module "module2" failed.
```
Similarly, there is a typo in `module2.yang`.
**XPath errors**
`libyang` and `yanglint(1)` is able to detect also errors in XPath expressions.
In `module3.yang` the `must` expression refers to the node which does not exists.
Preparation:
```
> clear
```
Command and its output:
```
> add module3.yang
libyang[1]: Schema node "a" for parent "/module3:c" not found; in expr "../c/a" with context node "/module3:m".
```
Note that libyang prints only a warning in this case because it is not
specified that XPath expressions must refer to existing nodes.
## Data Validation
Preparation:
```
> clear
> add ietf-netconf-acm.yang
```
**Unknown data**
By default, yanglint ignores unknown data and no error is printed (you can
compare real content of the `datastore.xml` file and what yanglint prints
in the following command if you add `-f xml` option).
Command and its output:
```
> data -t config datastore.xml
```
We use option `-t` to specify type of the data in `datastore.xml`. By the
`config` value we declare that the input file contains all the configuration
data (with at least all the mandatory nodes as required by the loaded schemas),
but without the status data. More examples of different data types will follow.
Command and its output:
```
> data -t config datastore.xml
libyang[0]: No module with namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces" in the context. (path: Line number 20.)
YANGLINT[E]: Failed to parse input data file "datastore.xml".
```
Note that in case of working with complete datastore including the status data
(no `-t` option is specified), `yanglint(1)` has to add status data from its
internal `ietf-yang-library` module.
**RPC and RPC-reply**
It is possible to validate RPCs and their replies as well.
Peparation:
```
> clear
> add module4.yang
```
Command and its output:
```
> data -t rpc rpc.xml
```
Reply to this RPC can be validated too, but it must be nested in the original
RPC element.
Command and its output:
```
> data -t reply ../tools/lint/examples/rpc-reply.xml
```
**action and action-reply**
Actions are validated the same way as RPCs except you need to be careful
about the input file structure. No NETCONF-specific envelopes are expected.
Preparation
```
> clear
> add module4.yang
```
Command and its output:
```
> data -t rpc action.xml
```
Command and its output:
```
> data -t rpc action-reply.xml action.xml
```
**notification**
Both top-level and nested notification can be validated.
Preparation
```
> clear
> add module4.yang
```
Command and its output:
```
> data -t notif notification.xml
```
Command and its output:
```
> data -t notif nested-notification.xml
```
**Multiple top-level elements in a single document**
As a feature and in conflict with the XML definition, `yanglint(1)` (and libyang)
is able to read XML files with multiple top-level elements. Such documents
are not well-formed according to the XML spec, but it fits to how the YANG
interconnects data trees (defined as top-level elements of a single schema
or by multiple schemas).
Preparation:
```
> clear
> add ietf-netconf-acm.yang
> add ietf-interfaces.yang
> add ietf-ip.yang
> add iana-if-type.yang
```
Command and its output:
```
> data -t config datastore.xml
```
**Different data content types**
Since NETCONF requires the data described by YANG to be used in different
situations (e.g. as <edit-config data>, result of the <get> with status data
included or as a result of the <get-config> without the status data and
possibly filtered, so without specified subtrees), it must be possible to
specify which kind of data is going to be parsed. In `yanglint(1)`, this is done
via `-t` option. The list of supported modes can be displayed by the `-h`
option given to the `data` command. In general, the `auto` value lets the
`yanglint(1)` to recognize the data type automatically by the additional top-level
elements added to the parsed data. This is the same way as `pyang(1)` uses. Note,
that the automatic data type recognition is available only for the XML input.
**Malformed XML data**
Command and its output:
```
> data -t edit config-missing-key.xml
libyang[0]: Node "nam" not found as a child of "group" node. (path: Schema location "/ietf-netconf-acm:nacm/groups/group", data location "/ietf-netconf-acm:group", line number 19.)
YANGLINT[E]: Failed to parse input data file "config-missing-key.xml".
```
**State information in edit-config XML**
Command and its output:
```
> data -t edit config-unknown-element.xml
libyang[0]: Unexpected data state node "denied-operations" found. (path: Schema location "/ietf-netconf-acm:nacm/denied-operations", data location "/ietf-netconf-acm:nacm", line number 24.)
YANGLINT[E]: Failed to parse input data file "config-unknown-element.xml".
```
**Missing required element in NETCONF data**
Command and its output:
```
> data data-missing-key.xml
libyang[0]: List instance is missing its key "name". (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule", data location "/ietf-netconf-acm:rule", line number 10.)
YANGLINT[E]: Failed to parse input data file "data-missing-key.xml".
```
**Malformed XML**
Command and its output:
```
> data data-malformed-xml.xml
libyang[0]: Node "nam" not found as a child of "rule" node. (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule", data location "/ietf-netconf-acm:rule", line number 8.)
YANGLINT[E]: Failed to parse input data file "data-malformed-xml.xml".
```
Command and its output:
```
> data data-malformed-xml2.xml
libyang[0]: Child element "module-name" inside a terminal node "name" found. (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule/name", data location "/ietf-netconf-acm:name", line number 7.)
YANGLINT[E]: Failed to parse input data file "data-malformed-xml2.xml".
```
**Bad value**
Command and its output:
```
> data data-out-of-range-value.xml
libyang[0]: Value "-1" is out of type uint32 min/max bounds. (path: Schema location "/ietf-netconf-acm:nacm/denied-operations", data location "/ietf-netconf-acm:nacm", line number 24.)
YANGLINT[E]: Failed to parse input data file "data-out-of-range-value.xml".
```
## Validation of "when" Statement in Data
Preparation:
```
> clear
> add ietf-netconf-acm-when.yang
```
**`When` condition is not satisfied since `denied-operation = 0`**
Command and its output:
```
> data data-acm.xml
libyang[0]: When condition "../denied-operations > 0" not satisfied. (path: Schema location "/ietf-netconf-acm-when:nacm/denied-data-writes", data location "/ietf-netconf-acm-when:nacm/denied-data-writes".)
YANGLINT[E]: Failed to parse input data file "data-acm.xml".
```
## Printing a Data Model
Preparation:
```
> clear
> add ietf-netconf-acm.yang
```
**Print a `pyang`-style tree**
Command and its output:
```
> print ietf-netconf-acm
module: ietf-netconf-acm
+--rw nacm
+--rw enable-nacm? boolean
+--rw read-default? action-type
+--rw write-default? action-type
+--rw exec-default? action-type
+--rw enable-external-groups? boolean
+--ro denied-operations yang:zero-based-counter32
+--ro denied-data-writes yang:zero-based-counter32
+--ro denied-notifications yang:zero-based-counter32
+--rw groups
| +--rw group* [name]
| +--rw name group-name-type
| +--rw user-name* user-name-type
+--rw rule-list* [name]
+--rw name string
+--rw group* union
+--rw rule* [name]
+--rw name string
+--rw module-name? union
+--rw (rule-type)?
| +--:(protocol-operation)
| | +--rw rpc-name? union
| +--:(notification)
| | +--rw notification-name? union
| +--:(data-node)
| +--rw path node-instance-identifier
+--rw access-operations? union
+--rw action action-type
+--rw comment? string
```
**Print information about specific model part**
Command and its output:
```
> print -f info -P /ietf-netconf-acm:nacm/ietf-netconf-acm:enable-nacm ietf-netconf-acm
leaf enable-nacm {
ietf-netconf-acm:default-deny-all;
type boolean;
default "true";
config true;
status current;
description
"Enables or disables all NETCONF access control
enforcement. If 'true', then enforcement
is enabled. If 'false', then enforcement
is disabled.";
}
```
## Usage of `feature` in Yang
Preparation:
```
> clear
> add ietf-interfaces.yang
> add ietf-ip.yang -F ietf-ip:*
> add iana-if-type.yang
```
Note: This example also shows `JSON` output of the command.
Command and its output:
```
> feature ietf-ip
ietf-ip features:
ipv4-non-contiguous-netmasks (on)
ipv6-privacy-autoconf (on)
> data -f json -t config data-ip.xml
{
"ietf-interfaces:interfaces": {
"interface": [
{
"name": "eth0",
"description": "Wire Connection",
"type": "iana-if-type:ethernetCsmacd",
"enabled": true,
"ietf-ip:ipv4": {
"address": [
{
"ip": "192.168.1.15",
"netmask": "255.255.255.0"
},
{
"ip": "192.168.1.10",
"netmask": "255.255.255.0"
}
]
}
}
]
}
}
```
## YANG modules with the Schema Mount extension
In these examples the non-interactive `yanglint` is used to simplify creating the context, a `yang-library` data file is
used. The working directory is `libyang/tools/lint/examples` and *libyang* must be installed.
**Print tree output of a model with Schema Mount**
Command and its output:
```
$ yanglint -f tree -p . -Y sm-context-main.xml -x sm-context-extension.xml sm-main.yang
module: sm-main
+--mp root* [node]
| +--rw node string
+--mp root2
+--rw root3
+--mp my-list* [name]
+--rw things/* [name]
| +--rw name -> /if:interfaces/if:interface/if:name
| +--rw attribute? uint32
+--rw not-compiled/
| +--rw first? string
| +--rw second? string
+--rw interfaces@
| +--rw interface* [name]
| +--rw name string
| +--rw type identityref
+--rw name string
```
**Validating and printing mounted data**
Command and its output:
```
$ yanglint -f json -t config -p . -Y sm-context-main.xml -x sm-context-extension.xml sm-data.xml
{
"ietf-interfaces:interfaces": {
"interface": [
{
"name": "eth0",
"type": "iana-if-type:ethernetCsmacd"
},
{
"name": "eth1",
"type": "iana-if-type:ethernetCsmacd"
}
]
},
"sm-main:root3": {
"my-list": [
{
"name": "list item 1",
"sm-extension:things": [
{
"name": "eth0",
"attribute": 1
}
]
}
]
}
}
```

8
tools/lint/examples/action-reply.xml Normal file
View file

@ -0,0 +1,8 @@
<cont1 xmlns="urn:module4">
<list>
<leaf1>key_val</leaf1>
<act>
<leaf3>some_output</leaf3>
</act>
</list>
</cont1>

8
tools/lint/examples/action.xml Normal file
View file

@ -0,0 +1,8 @@
<cont1 xmlns="urn:module4">
<list>
<leaf1>key_val</leaf1>
<act>
<leaf2>some_input</leaf2>
</act>
</list>
</cont1>

24
tools/lint/examples/config-acm.xml Normal file
View file

@ -0,0 +1,24 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group nc:operation="create">test</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
</nacm>

24
tools/lint/examples/config-missing-key.xml Normal file
View file

@ -0,0 +1,24 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<nam>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
</nacm>

27
tools/lint/examples/config-unknown-element.xml Normal file
View file

@ -0,0 +1,27 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>0</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

27
tools/lint/examples/data-acm.xml Normal file
View file

@ -0,0 +1,27 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>0</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

12
tools/lint/examples/data-ip.xml Normal file
View file

@ -0,0 +1,12 @@
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>eth0</name>
<description>Wire Connection</description>
<type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address><ip>192.168.1.15</ip><netmask>255.255.255.0</netmask></address>
<address><ip>192.168.1.10</ip><netmask>255.255.255.0</netmask></address>
</ipv4>
</interface>
</interfaces>

27
tools/lint/examples/data-malformed-xml.xml Normal file
View file

@ -0,0 +1,27 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<nam>almighty
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>0</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

26
tools/lint/examples/data-malformed-xml2.xml Normal file
View file

@ -0,0 +1,26 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<name>almighty<module-name></name> *</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>0</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

26
tools/lint/examples/data-missing-key.xml Normal file
View file

@ -0,0 +1,26 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>0</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

27
tools/lint/examples/data-out-of-range-value.xml Normal file
View file

@ -0,0 +1,27 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<group>test</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>test</name>
<user-name>smith</user-name>
</group>
<group>
<name>almighty</name>
<user-name>smith</user-name>
<user-name>doe</user-name>
</group>
</groups>
<denied-operations>-1</denied-operations>
<denied-data-writes>0</denied-data-writes>
<denied-notifications>0</denied-notifications>
</nacm>

29
tools/lint/examples/datastore.xml Normal file
View file

@ -0,0 +1,29 @@
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>almighty</name>
<group>almighty</group>
<rule>
<name>almighty</name>
<module-name>*</module-name>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
</rule-list>
<groups>
<group>
<name>almighty</name>
<user-name>smith</user-name>
</group>
</groups>
</nacm>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>eth0</name>
<description>Wire Connection</description>
<type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address><ip>192.168.1.15</ip><prefix-length>24</prefix-length></address>
</ipv4>
</interface>
</interfaces>

1547
tools/lint/examples/iana-if-type.yang Normal file
View file

File diff suppressed because it is too large Load diff

725
tools/lint/examples/ietf-interfaces.yang Normal file
View file

@ -0,0 +1,725 @@
module ietf-interfaces {
namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces";
prefix if;
import ietf-yang-types {
prefix yang;
}
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>";
description
"This module contains a collection of YANG definitions for
managing network interfaces.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7223; see
the RFC itself for full legal notices.";
revision 2014-05-08 {
description
"Initial revision.";
reference
"RFC 7223: A YANG Data Model for Interface Management";
}
/*
* Typedefs
*/
typedef interface-ref {
type leafref {
path "/if:interfaces/if:interface/if:name";
}
description
"This type is used by data models that need to reference
configured interfaces.";
}
typedef interface-state-ref {
type leafref {
path "/if:interfaces-state/if:interface/if:name";
}
description
"This type is used by data models that need to reference
the operationally present interfaces.";
}
/*
* Identities
*/
identity interface-type {
description
"Base identity from which specific interface types are
derived.";
}
/*
* Features
*/
feature arbitrary-names {
description
"This feature indicates that the device allows user-controlled
interfaces to be named arbitrarily.";
}
feature pre-provisioning {
description
"This feature indicates that the device supports
pre-provisioning of interface configuration, i.e., it is
possible to configure an interface whose physical interface
hardware is not present on the device.";
}
feature if-mib {
description
"This feature indicates that the device implements
the IF-MIB.";
reference
"RFC 2863: The Interfaces Group MIB";
}
/*
* Configuration data nodes
*/
container interfaces {
description
"Interface configuration parameters.";
list interface {
key "name";
description
"The list of configured interfaces on the device.
The operational state of an interface is available in the
/interfaces-state/interface list. If the configuration of a
system-controlled interface cannot be used by the system
(e.g., the interface hardware present does not match the
interface type), then the configuration is not applied to
the system-controlled interface shown in the
/interfaces-state/interface list. If the configuration
of a user-controlled interface cannot be used by the system,
the configured interface is not instantiated in the
/interfaces-state/interface list.";
leaf name {
type string;
description
"The name of the interface.
A device MAY restrict the allowed values for this leaf,
possibly depending on the type of the interface.
For system-controlled interfaces, this leaf is the
device-specific name of the interface. The 'config false'
list /interfaces-state/interface contains the currently
existing interfaces on the device.
If a client tries to create configuration for a
system-controlled interface that is not present in the
/interfaces-state/interface list, the server MAY reject
the request if the implementation does not support
pre-provisioning of interfaces or if the name refers to
an interface that can never exist in the system. A
NETCONF server MUST reply with an rpc-error with the
error-tag 'invalid-value' in this case.
If the device supports pre-provisioning of interface
configuration, the 'pre-provisioning' feature is
advertised.
If the device allows arbitrarily named user-controlled
interfaces, the 'arbitrary-names' feature is advertised.
When a configured user-controlled interface is created by
the system, it is instantiated with the same name in the
/interface-state/interface list.";
}
leaf description {
type string;
description
"A textual description of the interface.
A server implementation MAY map this leaf to the ifAlias
MIB object. Such an implementation needs to use some
mechanism to handle the differences in size and characters
allowed between this leaf and ifAlias. The definition of
such a mechanism is outside the scope of this document.
Since ifAlias is defined to be stored in non-volatile
storage, the MIB implementation MUST map ifAlias to the
value of 'description' in the persistently stored
datastore.
Specifically, if the device supports ':startup', when
ifAlias is read the device MUST return the value of
'description' in the 'startup' datastore, and when it is
written, it MUST be written to the 'running' and 'startup'
datastores. Note that it is up to the implementation to
decide whether to modify this single leaf in 'startup' or
perform an implicit copy-config from 'running' to
'startup'.
If the device does not support ':startup', ifAlias MUST
be mapped to the 'description' leaf in the 'running'
datastore.";
reference
"RFC 2863: The Interfaces Group MIB - ifAlias";
}
leaf type {
type identityref {
base interface-type;
}
mandatory true;
description
"The type of the interface.
When an interface entry is created, a server MAY
initialize the type leaf with a valid value, e.g., if it
is possible to derive the type from the name of the
interface.
If a client tries to set the type of an interface to a
value that can never be used by the system, e.g., if the
type is not supported or if the type does not match the
name of the interface, the server MUST reject the request.
A NETCONF server MUST reply with an rpc-error with the
error-tag 'invalid-value' in this case.";
reference
"RFC 2863: The Interfaces Group MIB - ifType";
}
leaf enabled {
type boolean;
default "true";
description
"This leaf contains the configured, desired state of the
interface.
Systems that implement the IF-MIB use the value of this
leaf in the 'running' datastore to set
IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry
has been initialized, as described in RFC 2863.
Changes in this leaf in the 'running' datastore are
reflected in ifAdminStatus, but if ifAdminStatus is
changed over SNMP, this leaf is not affected.";
reference
"RFC 2863: The Interfaces Group MIB - ifAdminStatus";
}
leaf link-up-down-trap-enable {
if-feature if-mib;
type enumeration {
enum enabled {
value 1;
}
enum disabled {
value 2;
}
}
description
"Controls whether linkUp/linkDown SNMP notifications
should be generated for this interface.
If this node is not configured, the value 'enabled' is
operationally used by the server for interfaces that do
not operate on top of any other interface (i.e., there are
no 'lower-layer-if' entries), and 'disabled' otherwise.";
reference
"RFC 2863: The Interfaces Group MIB -
ifLinkUpDownTrapEnable";
}
}
}
/*
* Operational state data nodes
*/
container interfaces-state {
config false;
description
"Data nodes for the operational state of interfaces.";
list interface {
key "name";
description
"The list of interfaces on the device.
System-controlled interfaces created by the system are
always present in this list, whether they are configured or
not.";
leaf name {
type string;
description
"The name of the interface.
A server implementation MAY map this leaf to the ifName
MIB object. Such an implementation needs to use some
mechanism to handle the differences in size and characters
allowed between this leaf and ifName. The definition of
such a mechanism is outside the scope of this document.";
reference
"RFC 2863: The Interfaces Group MIB - ifName";
}
leaf type {
type identityref {
base interface-type;
}
mandatory true;
description
"The type of the interface.";
reference
"RFC 2863: The Interfaces Group MIB - ifType";
}
leaf admin-status {
if-feature if-mib;
type enumeration {
enum up {
value 1;
description
"Ready to pass packets.";
}
enum down {
value 2;
description
"Not ready to pass packets and not in some test mode.";
}
enum testing {
value 3;
description
"In some test mode.";
}
}
mandatory true;
description
"The desired state of the interface.
This leaf has the same read semantics as ifAdminStatus.";
reference
"RFC 2863: The Interfaces Group MIB - ifAdminStatus";
}
leaf oper-status {
type enumeration {
enum up {
value 1;
description
"Ready to pass packets.";
}
enum down {
value 2;
description
"The interface does not pass any packets.";
}
enum testing {
value 3;
description
"In some test mode. No operational packets can
be passed.";
}
enum unknown {
value 4;
description
"Status cannot be determined for some reason.";
}
enum dormant {
value 5;
description
"Waiting for some external event.";
}
enum not-present {
value 6;
description
"Some component (typically hardware) is missing.";
}
enum lower-layer-down {
value 7;
description
"Down due to state of lower-layer interface(s).";
}
}
mandatory true;
description
"The current operational state of the interface.
This leaf has the same semantics as ifOperStatus.";
reference
"RFC 2863: The Interfaces Group MIB - ifOperStatus";
}
leaf last-change {
type yang:date-and-time;
description
"The time the interface entered its current operational
state. If the current state was entered prior to the
last re-initialization of the local network management
subsystem, then this node is not present.";
reference
"RFC 2863: The Interfaces Group MIB - ifLastChange";
}
leaf if-index {
if-feature if-mib;
type int32 {
range "1..2147483647";
}
mandatory true;
description
"The ifIndex value for the ifEntry represented by this
interface.";
reference
"RFC 2863: The Interfaces Group MIB - ifIndex";
}
leaf phys-address {
type yang:phys-address;
description
"The interface's address at its protocol sub-layer. For
example, for an 802.x interface, this object normally
contains a Media Access Control (MAC) address. The
interface's media-specific modules must define the bit
and byte ordering and the format of the value of this
object. For interfaces that do not have such an address
(e.g., a serial line), this node is not present.";
reference
"RFC 2863: The Interfaces Group MIB - ifPhysAddress";
}
leaf-list higher-layer-if {
type interface-state-ref;
description
"A list of references to interfaces layered on top of this
interface.";
reference
"RFC 2863: The Interfaces Group MIB - ifStackTable";
}
leaf-list lower-layer-if {
type interface-state-ref;
description
"A list of references to interfaces layered underneath this
interface.";
reference
"RFC 2863: The Interfaces Group MIB - ifStackTable";
}
leaf speed {
type yang:gauge64;
units "bits/second";
description
"An estimate of the interface's current bandwidth in bits
per second. For interfaces that do not vary in
bandwidth or for those where no accurate estimation can
be made, this node should contain the nominal bandwidth.
For interfaces that have no concept of bandwidth, this
node is not present.";
reference
"RFC 2863: The Interfaces Group MIB -
ifSpeed, ifHighSpeed";
}
container statistics {
description
"A collection of interface-related statistics objects.";
leaf discontinuity-time {
type yang:date-and-time;
mandatory true;
description
"The time on the most recent occasion at which any one or
more of this interface's counters suffered a
discontinuity. If no such discontinuities have occurred
since the last re-initialization of the local management
subsystem, then this node contains the time the local
management subsystem re-initialized itself.";
}
leaf in-octets {
type yang:counter64;
description
"The total number of octets received on the interface,
including framing characters.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifHCInOctets";
}
leaf in-unicast-pkts {
type yang:counter64;
description
"The number of packets, delivered by this sub-layer to a
higher (sub-)layer, that were not addressed to a
multicast or broadcast address at this sub-layer.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts";
}
leaf in-broadcast-pkts {
type yang:counter64;
description
"The number of packets, delivered by this sub-layer to a
higher (sub-)layer, that were addressed to a broadcast
address at this sub-layer.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB -
ifHCInBroadcastPkts";
}
leaf in-multicast-pkts {
type yang:counter64;
description
"The number of packets, delivered by this sub-layer to a
higher (sub-)layer, that were addressed to a multicast
address at this sub-layer. For a MAC-layer protocol,
this includes both Group and Functional addresses.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB -
ifHCInMulticastPkts";
}
leaf in-discards {
type yang:counter32;
description
"The number of inbound packets that were chosen to be
discarded even though no errors had been detected to
prevent their being deliverable to a higher-layer
protocol. One possible reason for discarding such a
packet could be to free up buffer space.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifInDiscards";
}
leaf in-errors {
type yang:counter32;
description
"For packet-oriented interfaces, the number of inbound
packets that contained errors preventing them from being
deliverable to a higher-layer protocol. For character-
oriented or fixed-length interfaces, the number of
inbound transmission units that contained errors
preventing them from being deliverable to a higher-layer
protocol.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifInErrors";
}
leaf in-unknown-protos {
type yang:counter32;
description
"For packet-oriented interfaces, the number of packets
received via the interface that were discarded because
of an unknown or unsupported protocol. For
character-oriented or fixed-length interfaces that
support protocol multiplexing, the number of
transmission units received via the interface that were
discarded because of an unknown or unsupported protocol.
For any interface that does not support protocol
multiplexing, this counter is not present.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifInUnknownProtos";
}
leaf out-octets {
type yang:counter64;
description
"The total number of octets transmitted out of the
interface, including framing characters.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifHCOutOctets";
}
leaf out-unicast-pkts {
type yang:counter64;
description
"The total number of packets that higher-level protocols
requested be transmitted, and that were not addressed
to a multicast or broadcast address at this sub-layer,
including those that were discarded or not sent.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts";
}
leaf out-broadcast-pkts {
type yang:counter64;
description
"The total number of packets that higher-level protocols
requested be transmitted, and that were addressed to a
broadcast address at this sub-layer, including those
that were discarded or not sent.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB -
ifHCOutBroadcastPkts";
}
leaf out-multicast-pkts {
type yang:counter64;
description
"The total number of packets that higher-level protocols
requested be transmitted, and that were addressed to a
multicast address at this sub-layer, including those
that were discarded or not sent. For a MAC-layer
protocol, this includes both Group and Functional
addresses.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB -
ifHCOutMulticastPkts";
}
leaf out-discards {
type yang:counter32;
description
"The number of outbound packets that were chosen to be
discarded even though no errors had been detected to
prevent their being transmitted. One possible reason
for discarding such a packet could be to free up buffer
space.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifOutDiscards";
}
leaf out-errors {
type yang:counter32;
description
"For packet-oriented interfaces, the number of outbound
packets that could not be transmitted because of errors.
For character-oriented or fixed-length interfaces, the
number of outbound transmission units that could not be
transmitted because of errors.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
'discontinuity-time'.";
reference
"RFC 2863: The Interfaces Group MIB - ifOutErrors";
}
}
}
}
}

758
tools/lint/examples/ietf-ip.yang Normal file
View file

@ -0,0 +1,758 @@
module ietf-ip {
namespace "urn:ietf:params:xml:ns:yang:ietf-ip";
prefix ip;
import ietf-interfaces {
prefix if;
}
import ietf-inet-types {
prefix inet;
}
import ietf-yang-types {
prefix yang;
}
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Thomas Nadeau
<mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>";
description
"This module contains a collection of YANG definitions for
configuring IP implementations.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7277; see
the RFC itself for full legal notices.";
revision 2014-06-16 {
description
"Initial revision.";
reference
"RFC 7277: A YANG Data Model for IP Management";
}
/*
* Features
*/
feature ipv4-non-contiguous-netmasks {
description
"Indicates support for configuring non-contiguous
subnet masks.";
}
feature ipv6-privacy-autoconf {
description
"Indicates support for Privacy Extensions for Stateless Address
Autoconfiguration in IPv6.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6";
}
/*
* Typedefs
*/
typedef ip-address-origin {
type enumeration {
enum other {
description
"None of the following.";
}
enum static {
description
"Indicates that the address has been statically
configured - for example, using NETCONF or a Command Line
Interface.";
}
enum dhcp {
description
"Indicates an address that has been assigned to this
system by a DHCP server.";
}
enum link-layer {
description
"Indicates an address created by IPv6 stateless
autoconfiguration that embeds a link-layer address in its
interface identifier.";
}
enum random {
description
"Indicates an address chosen by the system at
random, e.g., an IPv4 address within 169.254/16, an
RFC 4941 temporary address, or an RFC 7217 semantically
opaque address.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6
RFC 7217: A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless
Address Autoconfiguration (SLAAC)";
}
}
description
"The origin of an address.";
}
typedef neighbor-origin {
type enumeration {
enum other {
description
"None of the following.";
}
enum static {
description
"Indicates that the mapping has been statically
configured - for example, using NETCONF or a Command Line
Interface.";
}
enum dynamic {
description
"Indicates that the mapping has been dynamically resolved
using, e.g., IPv4 ARP or the IPv6 Neighbor Discovery
protocol.";
}
}
description
"The origin of a neighbor entry.";
}
/*
* Configuration data nodes
*/
augment "/if:interfaces/if:interface" {
description
"Parameters for configuring IP on interfaces.
If an interface is not capable of running IP, the server
must not allow the client to configure these parameters.";
container ipv4 {
presence
"Enables IPv4 unless the 'enabled' leaf
(which defaults to 'true') is set to 'false'";
description
"Parameters for the IPv4 address family.";
leaf enabled {
type boolean;
default true;
description
"Controls whether IPv4 is enabled or disabled on this
interface. When IPv4 is enabled, this interface is
connected to an IPv4 stack, and the interface can send
and receive IPv4 packets.";
}
leaf forwarding {
type boolean;
default false;
description
"Controls IPv4 packet forwarding of datagrams received by,
but not addressed to, this interface. IPv4 routers
forward datagrams. IPv4 hosts do not (except those
source-routed via the host).";
}
leaf mtu {
type uint16 {
range "68..max";
}
units octets;
description
"The size, in octets, of the largest IPv4 packet that the
interface will send and receive.
The server may restrict the allowed values for this leaf,
depending on the interface's type.
If this leaf is not configured, the operationally used MTU
depends on the interface's type.";
reference
"RFC 791: Internet Protocol";
}
list address {
key "ip";
description
"The list of configured IPv4 addresses on the interface.";
leaf ip {
type inet:ipv4-address-no-zone;
description
"The IPv4 address on the interface.";
}
choice subnet {
mandatory true;
description
"The subnet can be specified as a prefix-length, or,
if the server supports non-contiguous netmasks, as
a netmask.";
leaf prefix-length {
type uint8 {
range "0..32";
}
description
"The length of the subnet prefix.";
}
leaf netmask {
if-feature ipv4-non-contiguous-netmasks;
type yang:dotted-quad;
description
"The subnet specified as a netmask.";
}
}
}
list neighbor {
key "ip";
description
"A list of mappings from IPv4 addresses to
link-layer addresses.
Entries in this list are used as static entries in the
ARP Cache.";
reference
"RFC 826: An Ethernet Address Resolution Protocol";
leaf ip {
type inet:ipv4-address-no-zone;
description
"The IPv4 address of the neighbor node.";
}
leaf link-layer-address {
type yang:phys-address;
mandatory true;
description
"The link-layer address of the neighbor node.";
}
}
}
container ipv6 {
presence
"Enables IPv6 unless the 'enabled' leaf
(which defaults to 'true') is set to 'false'";
description
"Parameters for the IPv6 address family.";
leaf enabled {
type boolean;
default true;
description
"Controls whether IPv6 is enabled or disabled on this
interface. When IPv6 is enabled, this interface is
connected to an IPv6 stack, and the interface can send
and receive IPv6 packets.";
}
leaf forwarding {
type boolean;
default false;
description
"Controls IPv6 packet forwarding of datagrams received by,
but not addressed to, this interface. IPv6 routers
forward datagrams. IPv6 hosts do not (except those
source-routed via the host).";
reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
Section 6.2.1, IsRouter";
}
leaf mtu {
type uint32 {
range "1280..max";
}
units octets;
description
"The size, in octets, of the largest IPv6 packet that the
interface will send and receive.
The server may restrict the allowed values for this leaf,
depending on the interface's type.
If this leaf is not configured, the operationally used MTU
depends on the interface's type.";
reference
"RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
Section 5";
}
list address {
key "ip";
description
"The list of configured IPv6 addresses on the interface.";
leaf ip {
type inet:ipv6-address-no-zone;
description
"The IPv6 address on the interface.";
}
leaf prefix-length {
type uint8 {
range "0..128";
}
mandatory true;
description
"The length of the subnet prefix.";
}
}
list neighbor {
key "ip";
description
"A list of mappings from IPv6 addresses to
link-layer addresses.
Entries in this list are used as static entries in the
Neighbor Cache.";
reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)";
leaf ip {
type inet:ipv6-address-no-zone;
description
"The IPv6 address of the neighbor node.";
}
leaf link-layer-address {
type yang:phys-address;
mandatory true;
description
"The link-layer address of the neighbor node.";
}
}
leaf dup-addr-detect-transmits {
type uint32;
default 1;
description
"The number of consecutive Neighbor Solicitation messages
sent while performing Duplicate Address Detection on a
tentative address. A value of zero indicates that
Duplicate Address Detection is not performed on
tentative addresses. A value of one indicates a single
transmission with no follow-up retransmissions.";
reference
"RFC 4862: IPv6 Stateless Address Autoconfiguration";
}
container autoconf {
description
"Parameters to control the autoconfiguration of IPv6
addresses, as described in RFC 4862.";
reference
"RFC 4862: IPv6 Stateless Address Autoconfiguration";
leaf create-global-addresses {
type boolean;
default true;
description
"If enabled, the host creates global addresses as
described in RFC 4862.";
reference
"RFC 4862: IPv6 Stateless Address Autoconfiguration
Section 5.5";
}
leaf create-temporary-addresses {
if-feature ipv6-privacy-autoconf;
type boolean;
default false;
description
"If enabled, the host creates temporary addresses as
described in RFC 4941.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6";
}
leaf temporary-valid-lifetime {
if-feature ipv6-privacy-autoconf;
type uint32;
units "seconds";
default 604800;
description
"The time period during which the temporary address
is valid.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6
- TEMP_VALID_LIFETIME";
}
leaf temporary-preferred-lifetime {
if-feature ipv6-privacy-autoconf;
type uint32;
units "seconds";
default 86400;
description
"The time period during which the temporary address is
preferred.";
reference
"RFC 4941: Privacy Extensions for Stateless Address
Autoconfiguration in IPv6
- TEMP_PREFERRED_LIFETIME";
}
}
}
}
/*
* Operational state data nodes
*/
augment "/if:interfaces-state/if:interface" {
description
"Data nodes for the operational state of IP on interfaces.";
container ipv4 {
presence "Present if IPv4 is enabled on this interface";
config false;
description
"Interface-specific parameters for the IPv4 address family.";
leaf forwarding {
type boolean;
description
"Indicates whether IPv4 packet forwarding is enabled or
disabled on this interface.";
}
leaf mtu {
type uint16 {
range "68..max";
}
units octets;
description
"The size, in octets, of the largest IPv4 packet that the
interface will send and receive.";
reference
"RFC 791: Internet Protocol";
}
list address {
key "ip";
description
"The list of IPv4 addresses on the interface.";
leaf ip {
type inet:ipv4-address-no-zone;
description
"The IPv4 address on the interface.";
}
choice subnet {
description
"The subnet can be specified as a prefix-length, or,
if the server supports non-contiguous netmasks, as
a netmask.";
leaf prefix-length {
type uint8 {
range "0..32";
}
description
"The length of the subnet prefix.";
}
leaf netmask {
if-feature ipv4-non-contiguous-netmasks;
type yang:dotted-quad;
description
"The subnet specified as a netmask.";
}
}
leaf origin {
type ip-address-origin;
description
"The origin of this address.";
}
}
list neighbor {
key "ip";
description
"A list of mappings from IPv4 addresses to
link-layer addresses.
This list represents the ARP Cache.";
reference
"RFC 826: An Ethernet Address Resolution Protocol";
leaf ip {
type inet:ipv4-address-no-zone;
description
"The IPv4 address of the neighbor node.";
}
leaf link-layer-address {
type yang:phys-address;
description
"The link-layer address of the neighbor node.";
}
leaf origin {
type neighbor-origin;
description
"The origin of this neighbor entry.";
}
}
}
container ipv6 {
presence "Present if IPv6 is enabled on this interface";
config false;
description
"Parameters for the IPv6 address family.";
leaf forwarding {
type boolean;
default false;
description
"Indicates whether IPv6 packet forwarding is enabled or
disabled on this interface.";
reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
Section 6.2.1, IsRouter";
}
leaf mtu {
type uint32 {
range "1280..max";
}
units octets;
description
"The size, in octets, of the largest IPv6 packet that the
interface will send and receive.";
reference
"RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
Section 5";
}
list address {
key "ip";
description
"The list of IPv6 addresses on the interface.";
leaf ip {
type inet:ipv6-address-no-zone;
description
"The IPv6 address on the interface.";
}
leaf prefix-length {
type uint8 {
range "0..128";
}
mandatory true;
description
"The length of the subnet prefix.";
}
leaf origin {
type ip-address-origin;
description
"The origin of this address.";
}
leaf status {
type enumeration {
enum preferred {
description
"This is a valid address that can appear as the
destination or source address of a packet.";
}
enum deprecated {
description
"This is a valid but deprecated address that should
no longer be used as a source address in new
communications, but packets addressed to such an
address are processed as expected.";
}
enum invalid {
description
"This isn't a valid address, and it shouldn't appear
as the destination or source address of a packet.";
}
enum inaccessible {
description
"The address is not accessible because the interface
to which this address is assigned is not
operational.";
}
enum unknown {
description
"The status cannot be determined for some reason.";
}
enum tentative {
description
"The uniqueness of the address on the link is being
verified. Addresses in this state should not be
used for general communication and should only be
used to determine the uniqueness of the address.";
}
enum duplicate {
description
"The address has been determined to be non-unique on
the link and so must not be used.";
}
enum optimistic {
description
"The address is available for use, subject to
restrictions, while its uniqueness on a link is
being verified.";
}
}
description
"The status of an address. Most of the states correspond
to states from the IPv6 Stateless Address
Autoconfiguration protocol.";
reference
"RFC 4293: Management Information Base for the
Internet Protocol (IP)
- IpAddressStatusTC
RFC 4862: IPv6 Stateless Address Autoconfiguration";
}
}
list neighbor {
key "ip";
description
"A list of mappings from IPv6 addresses to
link-layer addresses.
This list represents the Neighbor Cache.";
reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)";
leaf ip {
type inet:ipv6-address-no-zone;
description
"The IPv6 address of the neighbor node.";
}
leaf link-layer-address {
type yang:phys-address;
description
"The link-layer address of the neighbor node.";
}
leaf origin {
type neighbor-origin;
description
"The origin of this neighbor entry.";
}
leaf is-router {
type empty;
description
"Indicates that the neighbor node acts as a router.";
}
leaf state {
type enumeration {
enum incomplete {
description
"Address resolution is in progress, and the link-layer
address of the neighbor has not yet been
determined.";
}
enum reachable {
description
"Roughly speaking, the neighbor is known to have been
reachable recently (within tens of seconds ago).";
}
enum stale {
description
"The neighbor is no longer known to be reachable, but
until traffic is sent to the neighbor no attempt
should be made to verify its reachability.";
}
enum delay {
description
"The neighbor is no longer known to be reachable, and
traffic has recently been sent to the neighbor.
Rather than probe the neighbor immediately, however,
delay sending probes for a short while in order to
give upper-layer protocols a chance to provide
reachability confirmation.";
}
enum probe {
description
"The neighbor is no longer known to be reachable, and
unicast Neighbor Solicitation probes are being sent
to verify reachability.";
}
}
description
"The Neighbor Unreachability Detection state of this
entry.";
reference
"RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
Section 7.3.2";
}
}
}
}
}

412
tools/lint/examples/ietf-netconf-acm-when.yang Normal file
View file

@ -0,0 +1,412 @@
module ietf-netconf-acm-when {
namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm";
prefix nacm;
import ietf-yang-types {
prefix yang;
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
WG Chair: Mehmet Ersue
<mailto:mehmet.ersue@nsn.com>
WG Chair: Bert Wijnen
<mailto:bertietf@bwijnen.net>
Editor: Andy Bierman
<mailto:andy@yumaworks.com>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>";
description
"NETCONF Access Control Model.
Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 6536; see
the RFC itself for full legal notices.";
revision 2012-02-22 {
description
"Initial version";
reference
"RFC 6536: Network Configuration Protocol (NETCONF)
Access Control Model";
}
extension default-deny-write {
description
"Used to indicate that the data model node
represents a sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
write access to the node. An explicit access control rule is
required for all other users.
The 'default-deny-write' extension MAY appear within a data
definition statement. It is ignored otherwise.";
}
extension default-deny-all {
description
"Used to indicate that the data model node
controls a very sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
read, write, or execute access to the node. An explicit
access control rule is required for all other users.
The 'default-deny-all' extension MAY appear within a data
definition statement, 'rpc' statement, or 'notification'
statement. It is ignored otherwise.";
}
typedef user-name-type {
type string {
length "1..max";
}
description
"General Purpose Username string.";
}
typedef matchall-string-type {
type string {
pattern "\\*";
}
description
"The string containing a single asterisk '*' is used
to conceptually represent all possible values
for the particular leaf using this data type.";
}
typedef access-operations-type {
type bits {
bit create {
description
"Any protocol operation that creates a
new data node.";
}
bit read {
description
"Any protocol operation or notification that
returns the value of a data node.";
}
bit update {
description
"Any protocol operation that alters an existing
data node.";
}
bit delete {
description
"Any protocol operation that removes a data node.";
}
bit exec {
description
"Execution access to the specified protocol operation.";
}
}
description
"NETCONF Access Operation.";
}
typedef group-name-type {
type string {
length "1..max";
pattern "[^\\*].*";
}
description
"Name of administrative group to which
users can be assigned.";
}
typedef action-type {
type enumeration {
enum "permit" {
description
"Requested action is permitted.";
}
enum "deny" {
description
"Requested action is denied.";
}
}
description
"Action taken by the server when a particular
rule matches.";
}
typedef node-instance-identifier {
type yang:xpath1.0;
description
"Path expression used to represent a special
data node instance identifier string.
A node-instance-identifier value is an
unrestricted YANG instance-identifier expression.
All the same rules as an instance-identifier apply
except predicates for keys are optional. If a key
predicate is missing, then the node-instance-identifier
represents all possible server instances for that key.
This XPath expression is evaluated in the following context:
o The set of namespace declarations are those in scope on
the leaf element where this type is used.
o The set of variable bindings contains one variable,
'USER', which contains the name of the user of the current
session.
o The function library is the core function library, but
note that due to the syntax restrictions of an
instance-identifier, no functions are allowed.
o The context node is the root node in the data tree.";
}
container nacm {
nacm:default-deny-all;
description
"Parameters for NETCONF Access Control Model.";
leaf enable-nacm {
type boolean;
default "true";
description
"Enables or disables all NETCONF access control
enforcement. If 'true', then enforcement
is enabled. If 'false', then enforcement
is disabled.";
}
leaf read-default {
type action-type;
default "permit";
description
"Controls whether read access is granted if
no appropriate rule is found for a
particular read request.";
}
leaf write-default {
type action-type;
default "deny";
description
"Controls whether create, update, or delete access
is granted if no appropriate rule is found for a
particular write request.";
}
leaf exec-default {
type action-type;
default "permit";
description
"Controls whether exec access is granted if no appropriate
rule is found for a particular protocol operation request.";
}
leaf enable-external-groups {
type boolean;
default "true";
description
"Controls whether the server uses the groups reported by the
NETCONF transport layer when it assigns the user to a set of
NACM groups. If this leaf has the value 'false', any group
names reported by the transport layer are ignored by the
server.";
}
leaf denied-operations {
type yang:zero-based-counter32;
config false;
mandatory true;
description
"Number of times since the server last restarted that a
protocol operation request was denied.";
}
leaf denied-data-writes {
type yang:zero-based-counter32;
config false;
mandatory true;
when "../denied-operations > 0";
description
"Number of times since the server last restarted that a
protocol operation request to alter
a configuration datastore was denied.";
}
leaf denied-notifications {
type yang:zero-based-counter32;
config false;
mandatory true;
description
"Number of times since the server last restarted that
a notification was dropped for a subscription because
access to the event type was denied.";
}
container groups {
description
"NETCONF Access Control Groups.";
list group {
key "name";
description
"One NACM Group Entry. This list will only contain
configured entries, not any entries learned from
any transport protocols.";
leaf name {
type group-name-type;
description
"Group name associated with this entry.";
}
leaf-list user-name {
type user-name-type;
description
"Each entry identifies the username of
a member of the group associated with
this entry.";
}
}
}
list rule-list {
key "name";
ordered-by user;
description
"An ordered collection of access control rules.";
leaf name {
type string {
length "1..max";
}
description
"Arbitrary name assigned to the rule-list.";
}
leaf-list group {
type union {
type matchall-string-type;
type group-name-type;
}
description
"List of administrative groups that will be
assigned the associated access rights
defined by the 'rule' list.
The string '*' indicates that all groups apply to the
entry.";
}
list rule {
key "name";
ordered-by user;
description
"One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.";
leaf name {
type string {
length "1..max";
}
description
"Arbitrary name assigned to the rule.";
}
leaf module-name {
type union {
type matchall-string-type;
type string;
}
default "*";
description
"Name of the module associated with this rule.
This leaf matches if it has the value '*' or if the
object being accessed is defined in the module with the
specified module name.";
}
choice rule-type {
description
"This choice matches if all leafs present in the rule
match the request. If no leafs are present, the
choice matches all requests.";
case protocol-operation {
leaf rpc-name {
type union {
type matchall-string-type;
type string;
}
description
"This leaf matches if it has the value '*' or if
its value equals the requested protocol operation
name.";
}
}
case notification {
leaf notification-name {
type union {
type matchall-string-type;
type string;
}
description
"This leaf matches if it has the value '*' or if its
value equals the requested notification name.";
}
}
case data-node {
leaf path {
type node-instance-identifier;
mandatory true;
description
"Data Node Instance Identifier associated with the
data node controlled by this rule.
Configuration data or state data instance
identifiers start with a top-level data node. A
complete instance identifier is required for this
type of path value.
The special value '/' refers to all possible
datastore contents.";
}
}
}
leaf access-operations {
type union {
type matchall-string-type;
type access-operations-type;
}
default "*";
description
"Access operations associated with this rule.
This leaf matches if it has the value '*' or if the
bit corresponding to the requested operation is set.";
}
leaf action {
type action-type;
mandatory true;
description
"The access control action associated with the
rule. If a rule is determined to match a
particular request, then this object is used
to determine whether to permit or deny the
request.";
}
leaf comment {
type string;
description
"A textual description of the access rule.";
}
}
}
}
}

447
tools/lint/examples/ietf-netconf-acm-when.yin Normal file
View file

@ -0,0 +1,447 @@
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when">
<namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/>
<prefix value="nacm"/>
<import module="ietf-yang-types">
<prefix value="yang"/>
</import>
<organization>
<text>IETF NETCONF (Network Configuration) Working Group</text>
</organization>
<contact>
<text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt;
WG List: &lt;mailto:netconf@ietf.org&gt;
WG Chair: Mehmet Ersue
&lt;mailto:mehmet.ersue@nsn.com&gt;
WG Chair: Bert Wijnen
&lt;mailto:bertietf@bwijnen.net&gt;
Editor: Andy Bierman
&lt;mailto:andy@yumaworks.com&gt;
Editor: Martin Bjorklund
&lt;mailto:mbj@tail-f.com&gt;</text>
</contact>
<description>
<text>NETCONF Access Control Model.
Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 6536; see
the RFC itself for full legal notices.</text>
</description>
<revision date="2012-02-22">
<description>
<text>Initial version</text>
</description>
<reference>
<text>RFC 6536: Network Configuration Protocol (NETCONF)
Access Control Model</text>
</reference>
</revision>
<extension name="default-deny-write">
<description>
<text>Used to indicate that the data model node
represents a sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
write access to the node. An explicit access control rule is
required for all other users.
The 'default-deny-write' extension MAY appear within a data
definition statement. It is ignored otherwise.</text>
</description>
</extension>
<extension name="default-deny-all">
<description>
<text>Used to indicate that the data model node
controls a very sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
read, write, or execute access to the node. An explicit
access control rule is required for all other users.
The 'default-deny-all' extension MAY appear within a data
definition statement, 'rpc' statement, or 'notification'
statement. It is ignored otherwise.</text>
</description>
</extension>
<typedef name="user-name-type">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>General Purpose Username string.</text>
</description>
</typedef>
<typedef name="matchall-string-type">
<type name="string">
<pattern value="\*"/>
</type>
<description>
<text>The string containing a single asterisk '*' is used
to conceptually represent all possible values
for the particular leaf using this data type.</text>
</description>
</typedef>
<typedef name="access-operations-type">
<type name="bits">
<bit name="create">
<description>
<text>Any protocol operation that creates a
new data node.</text>
</description>
</bit>
<bit name="read">
<description>
<text>Any protocol operation or notification that
returns the value of a data node.</text>
</description>
</bit>
<bit name="update">
<description>
<text>Any protocol operation that alters an existing
data node.</text>
</description>
</bit>
<bit name="delete">
<description>
<text>Any protocol operation that removes a data node.</text>
</description>
</bit>
<bit name="exec">
<description>
<text>Execution access to the specified protocol operation.</text>
</description>
</bit>
</type>
<description>
<text>NETCONF Access Operation.</text>
</description>
</typedef>
<typedef name="group-name-type">
<type name="string">
<length value="1..max"/>
<pattern value="[^\*].*"/>
</type>
<description>
<text>Name of administrative group to which
users can be assigned.</text>
</description>
</typedef>
<typedef name="action-type">
<type name="enumeration">
<enum name="permit">
<description>
<text>Requested action is permitted.</text>
</description>
</enum>
<enum name="deny">
<description>
<text>Requested action is denied.</text>
</description>
</enum>
</type>
<description>
<text>Action taken by the server when a particular
rule matches.</text>
</description>
</typedef>
<typedef name="node-instance-identifier">
<type name="yang:xpath1.0"/>
<description>
<text>Path expression used to represent a special
data node instance identifier string.
A node-instance-identifier value is an
unrestricted YANG instance-identifier expression.
All the same rules as an instance-identifier apply
except predicates for keys are optional. If a key
predicate is missing, then the node-instance-identifier
represents all possible server instances for that key.
This XPath expression is evaluated in the following context:
o The set of namespace declarations are those in scope on
the leaf element where this type is used.
o The set of variable bindings contains one variable,
'USER', which contains the name of the user of the current
session.
o The function library is the core function library, but
note that due to the syntax restrictions of an
instance-identifier, no functions are allowed.
o The context node is the root node in the data tree.</text>
</description>
</typedef>
<container name="nacm">
<nacm:default-deny-all/>
<description>
<text>Parameters for NETCONF Access Control Model.</text>
</description>
<leaf name="enable-nacm">
<type name="boolean"/>
<default value="true"/>
<description>
<text>Enables or disables all NETCONF access control
enforcement. If 'true', then enforcement
is enabled. If 'false', then enforcement
is disabled.</text>
</description>
</leaf>
<leaf name="read-default">
<type name="action-type"/>
<default value="permit"/>
<description>
<text>Controls whether read access is granted if
no appropriate rule is found for a
particular read request.</text>
</description>
</leaf>
<leaf name="write-default">
<type name="action-type"/>
<default value="deny"/>
<description>
<text>Controls whether create, update, or delete access
is granted if no appropriate rule is found for a
particular write request.</text>
</description>
</leaf>
<leaf name="exec-default">
<type name="action-type"/>
<default value="permit"/>
<description>
<text>Controls whether exec access is granted if no appropriate
rule is found for a particular protocol operation request.</text>
</description>
</leaf>
<leaf name="enable-external-groups">
<type name="boolean"/>
<default value="true"/>
<description>
<text>Controls whether the server uses the groups reported by the
NETCONF transport layer when it assigns the user to a set of
NACM groups. If this leaf has the value 'false', any group
names reported by the transport layer are ignored by the
server.</text>
</description>
</leaf>
<leaf name="denied-operations">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<description>
<text>Number of times since the server last restarted that a
protocol operation request was denied.</text>
</description>
</leaf>
<leaf name="denied-data-writes">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<when value="../denied-operations > 0"/>
<description>
<text>Number of times since the server last restarted that a
protocol operation request to alter
a configuration datastore was denied.</text>
</description>
</leaf>
<leaf name="denied-notifications">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<description>
<text>Number of times since the server last restarted that
a notification was dropped for a subscription because
access to the event type was denied.</text>
</description>
</leaf>
<container name="groups">
<description>
<text>NETCONF Access Control Groups.</text>
</description>
<list name="group">
<key value="name"/>
<description>
<text>One NACM Group Entry. This list will only contain
configured entries, not any entries learned from
any transport protocols.</text>
</description>
<leaf name="name">
<type name="group-name-type"/>
<description>
<text>Group name associated with this entry.</text>
</description>
</leaf>
<leaf-list name="user-name">
<type name="user-name-type"/>
<description>
<text>Each entry identifies the username of
a member of the group associated with
this entry.</text>
</description>
</leaf-list>
</list>
</container>
<list name="rule-list">
<key value="name"/>
<ordered-by value="user"/>
<description>
<text>An ordered collection of access control rules.</text>
</description>
<leaf name="name">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>Arbitrary name assigned to the rule-list.</text>
</description>
</leaf>
<leaf-list name="group">
<type name="union">
<type name="matchall-string-type"/>
<type name="group-name-type"/>
</type>
<description>
<text>List of administrative groups that will be
assigned the associated access rights
defined by the 'rule' list.
The string '*' indicates that all groups apply to the
entry.</text>
</description>
</leaf-list>
<list name="rule">
<key value="name"/>
<ordered-by value="user"/>
<description>
<text>One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.</text>
</description>
<leaf name="name">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>Arbitrary name assigned to the rule.</text>
</description>
</leaf>
<leaf name="module-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<default value="*"/>
<description>
<text>Name of the module associated with this rule.
This leaf matches if it has the value '*' or if the
object being accessed is defined in the module with the
specified module name.</text>
</description>
</leaf>
<choice name="rule-type">
<description>
<text>This choice matches if all leafs present in the rule
match the request. If no leafs are present, the
choice matches all requests.</text>
</description>
<case name="protocol-operation">
<leaf name="rpc-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<description>
<text>This leaf matches if it has the value '*' or if
its value equals the requested protocol operation
name.</text>
</description>
</leaf>
</case>
<case name="notification">
<leaf name="notification-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<description>
<text>This leaf matches if it has the value '*' or if its
value equals the requested notification name.</text>
</description>
</leaf>
</case>
<case name="data-node">
<leaf name="path">
<type name="node-instance-identifier"/>
<mandatory value="true"/>
<description>
<text>Data Node Instance Identifier associated with the
data node controlled by this rule.
Configuration data or state data instance
identifiers start with a top-level data node. A
complete instance identifier is required for this
type of path value.
The special value '/' refers to all possible
datastore contents.</text>
</description>
</leaf>
</case>
</choice>
<leaf name="access-operations">
<type name="union">
<type name="matchall-string-type"/>
<type name="access-operations-type"/>
</type>
<default value="*"/>
<description>
<text>Access operations associated with this rule.
This leaf matches if it has the value '*' or if the
bit corresponding to the requested operation is set.</text>
</description>
</leaf>
<leaf name="action">
<type name="action-type"/>
<mandatory value="true"/>
<description>
<text>The access control action associated with the
rule. If a rule is determined to match a
particular request, then this object is used
to determine whether to permit or deny the
request.</text>
</description>
</leaf>
<leaf name="comment">
<type name="string"/>
<description>
<text>A textual description of the access rule.</text>
</description>
</leaf>
</list>
</list>
</container>
</module>

447
tools/lint/examples/ietf-netconf-acm-when2.yin Normal file
View file

@ -0,0 +1,447 @@
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when2">
<namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/>
<prefix value="nacm"/>
<import module="ietf-yang-types">
<prefix value="yang"/>
</import>
<organization>
<text>IETF NETCONF (Network Configuration) Working Group</text>
</organization>
<contact>
<text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt;
WG List: &lt;mailto:netconf@ietf.org&gt;
WG Chair: Mehmet Ersue
&lt;mailto:mehmet.ersue@nsn.com&gt;
WG Chair: Bert Wijnen
&lt;mailto:bertietf@bwijnen.net&gt;
Editor: Andy Bierman
&lt;mailto:andy@yumaworks.com&gt;
Editor: Martin Bjorklund
&lt;mailto:mbj@tail-f.com&gt;</text>
</contact>
<description>
<text>NETCONF Access Control Model.
Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 6536; see
the RFC itself for full legal notices.</text>
</description>
<revision date="2012-02-22">
<description>
<text>Initial version</text>
</description>
<reference>
<text>RFC 6536: Network Configuration Protocol (NETCONF)
Access Control Model</text>
</reference>
</revision>
<extension name="default-deny-write">
<description>
<text>Used to indicate that the data model node
represents a sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
write access to the node. An explicit access control rule is
required for all other users.
The 'default-deny-write' extension MAY appear within a data
definition statement. It is ignored otherwise.</text>
</description>
</extension>
<extension name="default-deny-all">
<description>
<text>Used to indicate that the data model node
controls a very sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
read, write, or execute access to the node. An explicit
access control rule is required for all other users.
The 'default-deny-all' extension MAY appear within a data
definition statement, 'rpc' statement, or 'notification'
statement. It is ignored otherwise.</text>
</description>
</extension>
<typedef name="user-name-type">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>General Purpose Username string.</text>
</description>
</typedef>
<typedef name="matchall-string-type">
<type name="string">
<pattern value="\*"/>
</type>
<description>
<text>The string containing a single asterisk '*' is used
to conceptually represent all possible values
for the particular leaf using this data type.</text>
</description>
</typedef>
<typedef name="access-operations-type">
<type name="bits">
<bit name="create">
<description>
<text>Any protocol operation that creates a
new data node.</text>
</description>
</bit>
<bit name="read">
<description>
<text>Any protocol operation or notification that
returns the value of a data node.</text>
</description>
</bit>
<bit name="update">
<description>
<text>Any protocol operation that alters an existing
data node.</text>
</description>
</bit>
<bit name="delete">
<description>
<text>Any protocol operation that removes a data node.</text>
</description>
</bit>
<bit name="exec">
<description>
<text>Execution access to the specified protocol operation.</text>
</description>
</bit>
</type>
<description>
<text>NETCONF Access Operation.</text>
</description>
</typedef>
<typedef name="group-name-type">
<type name="string">
<length value="1..max"/>
<pattern value="[^\*].*"/>
</type>
<description>
<text>Name of administrative group to which
users can be assigned.</text>
</description>
</typedef>
<typedef name="action-type">
<type name="enumeration">
<enum name="permit">
<description>
<text>Requested action is permitted.</text>
</description>
</enum>
<enum name="deny">
<description>
<text>Requested action is denied.</text>
</description>
</enum>
</type>
<description>
<text>Action taken by the server when a particular
rule matches.</text>
</description>
</typedef>
<typedef name="node-instance-identifier">
<type name="yang:xpath1.0"/>
<description>
<text>Path expression used to represent a special
data node instance identifier string.
A node-instance-identifier value is an
unrestricted YANG instance-identifier expression.
All the same rules as an instance-identifier apply
except predicates for keys are optional. If a key
predicate is missing, then the node-instance-identifier
represents all possible server instances for that key.
This XPath expression is evaluated in the following context:
o The set of namespace declarations are those in scope on
the leaf element where this type is used.
o The set of variable bindings contains one variable,
'USER', which contains the name of the user of the current
session.
o The function library is the core function library, but
note that due to the syntax restrictions of an
instance-identifier, no functions are allowed.
o The context node is the root node in the data tree.</text>
</description>
</typedef>
<container name="nacm">
<nacm:default-deny-all/>
<description>
<text>Parameters for NETCONF Access Control Model.</text>
</description>
<leaf name="enable-nacm">
<type name="boolean"/>
<default value="true"/>
<description>
<text>Enables or disables all NETCONF access control
enforcement. If 'true', then enforcement
is enabled. If 'false', then enforcement
is disabled.</text>
</description>
</leaf>
<leaf name="read-default">
<type name="action-type"/>
<default value="permit"/>
<description>
<text>Controls whether read access is granted if
no appropriate rule is found for a
particular read request.</text>
</description>
</leaf>
<leaf name="write-default">
<type name="action-type"/>
<default value="deny"/>
<description>
<text>Controls whether create, update, or delete access
is granted if no appropriate rule is found for a
particular write request.</text>
</description>
</leaf>
<leaf name="exec-default">
<type name="action-type"/>
<default value="permit"/>
<description>
<text>Controls whether exec access is granted if no appropriate
rule is found for a particular protocol operation request.</text>
</description>
</leaf>
<leaf name="enable-external-groups">
<type name="boolean"/>
<default value="true"/>
<description>
<text>Controls whether the server uses the groups reported by the
NETCONF transport layer when it assigns the user to a set of
NACM groups. If this leaf has the value 'false', any group
names reported by the transport layer are ignored by the
server.</text>
</description>
</leaf>
<leaf name="denied-operations">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<description>
<text>Number of times since the server last restarted that a
protocol operation request was denied.</text>
</description>
</leaf>
<leaf name="denied-data-writes">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<when condition="../denied-operations > 0"/>
<description>
<text>Number of times since the server last restarted that a
protocol operation request to alter
a configuration datastore was denied.</text>
</description>
</leaf>
<leaf name="denied-notifications">
<type name="yang:zero-based-counter32"/>
<config value="false"/>
<mandatory value="true"/>
<description>
<text>Number of times since the server last restarted that
a notification was dropped for a subscription because
access to the event type was denied.</text>
</description>
</leaf>
<container name="groups">
<description>
<text>NETCONF Access Control Groups.</text>
</description>
<list name="group">
<key value="name"/>
<description>
<text>One NACM Group Entry. This list will only contain
configured entries, not any entries learned from
any transport protocols.</text>
</description>
<leaf name="name">
<type name="group-name-type"/>
<description>
<text>Group name associated with this entry.</text>
</description>
</leaf>
<leaf-list name="user-name">
<type name="user-name-type"/>
<description>
<text>Each entry identifies the username of
a member of the group associated with
this entry.</text>
</description>
</leaf-list>
</list>
</container>
<list name="rule-list">
<key value="name"/>
<ordered-by value="user"/>
<description>
<text>An ordered collection of access control rules.</text>
</description>
<leaf name="name">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>Arbitrary name assigned to the rule-list.</text>
</description>
</leaf>
<leaf-list name="group">
<type name="union">
<type name="matchall-string-type"/>
<type name="group-name-type"/>
</type>
<description>
<text>List of administrative groups that will be
assigned the associated access rights
defined by the 'rule' list.
The string '*' indicates that all groups apply to the
entry.</text>
</description>
</leaf-list>
<list name="rule">
<key value="name"/>
<ordered-by value="user"/>
<description>
<text>One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.</text>
</description>
<leaf name="name">
<type name="string">
<length value="1..max"/>
</type>
<description>
<text>Arbitrary name assigned to the rule.</text>
</description>
</leaf>
<leaf name="module-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<default value="*"/>
<description>
<text>Name of the module associated with this rule.
This leaf matches if it has the value '*' or if the
object being accessed is defined in the module with the
specified module name.</text>
</description>
</leaf>
<choice name="rule-type">
<description>
<text>This choice matches if all leafs present in the rule
match the request. If no leafs are present, the
choice matches all requests.</text>
</description>
<case name="protocol-operation">
<leaf name="rpc-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<description>
<text>This leaf matches if it has the value '*' or if
its value equals the requested protocol operation
name.</text>
</description>
</leaf>
</case>
<case name="notification">
<leaf name="notification-name">
<type name="union">
<type name="matchall-string-type"/>
<type name="string"/>
</type>
<description>
<text>This leaf matches if it has the value '*' or if its
value equals the requested notification name.</text>
</description>
</leaf>
</case>
<case name="data-node">
<leaf name="path">
<type name="node-instance-identifier"/>
<mandatory value="true"/>
<description>
<text>Data Node Instance Identifier associated with the
data node controlled by this rule.
Configuration data or state data instance
identifiers start with a top-level data node. A
complete instance identifier is required for this
type of path value.
The special value '/' refers to all possible
datastore contents.</text>
</description>
</leaf>
</case>
</choice>
<leaf name="access-operations">
<type name="union">
<type name="matchall-string-type"/>
<type name="access-operations-type"/>
</type>
<default value="*"/>
<description>
<text>Access operations associated with this rule.
This leaf matches if it has the value '*' or if the
bit corresponding to the requested operation is set.</text>
</description>
</leaf>
<leaf name="action">
<type name="action-type"/>
<mandatory value="true"/>
<description>
<text>The access control action associated with the
rule. If a rule is determined to match a
particular request, then this object is used
to determine whether to permit or deny the
request.</text>
</description>
</leaf>
<leaf name="comment">
<type name="string"/>
<description>
<text>A textual description of the access rule.</text>
</description>
</leaf>
</list>
</list>
</container>
</module>

411
tools/lint/examples/ietf-netconf-acm.yang Normal file
View file

@ -0,0 +1,411 @@
module ietf-netconf-acm {
namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm";
prefix nacm;
import ietf-yang-types {
prefix yang;
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
WG Chair: Mehmet Ersue
<mailto:mehmet.ersue@nsn.com>
WG Chair: Bert Wijnen
<mailto:bertietf@bwijnen.net>
Editor: Andy Bierman
<mailto:andy@yumaworks.com>
Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>";
description
"NETCONF Access Control Model.
Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 6536; see
the RFC itself for full legal notices.";
revision 2012-02-22 {
description
"Initial version";
reference
"RFC 6536: Network Configuration Protocol (NETCONF)
Access Control Model";
}
extension default-deny-write {
description
"Used to indicate that the data model node
represents a sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
write access to the node. An explicit access control rule is
required for all other users.
The 'default-deny-write' extension MAY appear within a data
definition statement. It is ignored otherwise.";
}
extension default-deny-all {
description
"Used to indicate that the data model node
controls a very sensitive security system parameter.
If present, and the NACM module is enabled (i.e.,
/nacm/enable-nacm object equals 'true'), the NETCONF server
will only allow the designated 'recovery session' to have
read, write, or execute access to the node. An explicit
access control rule is required for all other users.
The 'default-deny-all' extension MAY appear within a data
definition statement, 'rpc' statement, or 'notification'
statement. It is ignored otherwise.";
}
typedef user-name-type {
type string {
length "1..max";
}
description
"General Purpose Username string.";
}
typedef matchall-string-type {
type string {
pattern "\\*";
}
description
"The string containing a single asterisk '*' is used
to conceptually represent all possible values
for the particular leaf using this data type.";
}
typedef access-operations-type {
type bits {
bit create {
description
"Any protocol operation that creates a
new data node.";
}
bit read {
description
"Any protocol operation or notification that
returns the value of a data node.";
}
bit update {
description
"Any protocol operation that alters an existing
data node.";
}
bit delete {
description
"Any protocol operation that removes a data node.";
}
bit exec {
description
"Execution access to the specified protocol operation.";
}
}
description
"NETCONF Access Operation.";
}
typedef group-name-type {
type string {
length "1..max";
pattern "[^\\*].*";
}
description
"Name of administrative group to which
users can be assigned.";
}
typedef action-type {
type enumeration {
enum "permit" {
description
"Requested action is permitted.";
}
enum "deny" {
description
"Requested action is denied.";
}
}
description
"Action taken by the server when a particular
rule matches.";
}
typedef node-instance-identifier {
type yang:xpath1.0;
description
"Path expression used to represent a special
data node instance identifier string.
A node-instance-identifier value is an
unrestricted YANG instance-identifier expression.
All the same rules as an instance-identifier apply
except predicates for keys are optional. If a key
predicate is missing, then the node-instance-identifier
represents all possible server instances for that key.
This XPath expression is evaluated in the following context:
o The set of namespace declarations are those in scope on
the leaf element where this type is used.
o The set of variable bindings contains one variable,
'USER', which contains the name of the user of the current
session.
o The function library is the core function library, but
note that due to the syntax restrictions of an
instance-identifier, no functions are allowed.
o The context node is the root node in the data tree.";
}
container nacm {
nacm:default-deny-all;
description
"Parameters for NETCONF Access Control Model.";
leaf enable-nacm {
type boolean;
default "true";
description
"Enables or disables all NETCONF access control
enforcement. If 'true', then enforcement
is enabled. If 'false', then enforcement
is disabled.";
}
leaf read-default {
type action-type;
default "permit";
description
"Controls whether read access is granted if
no appropriate rule is found for a
particular read request.";
}
leaf write-default {
type action-type;
default "deny";
description
"Controls whether create, update, or delete access
is granted if no appropriate rule is found for a
particular write request.";
}
leaf exec-default {
type action-type;
default "permit";
description
"Controls whether exec access is granted if no appropriate
rule is found for a particular protocol operation request.";
}
leaf enable-external-groups {
type boolean;
default "true";
description
"Controls whether the server uses the groups reported by the
NETCONF transport layer when it assigns the user to a set of
NACM groups. If this leaf has the value 'false', any group
names reported by the transport layer are ignored by the
server.";
}
leaf denied-operations {
type yang:zero-based-counter32;
config false;
mandatory true;
description
"Number of times since the server last restarted that a
protocol operation request was denied.";
}
leaf denied-data-writes {
type yang:zero-based-counter32;
config false;
mandatory true;
description
"Number of times since the server last restarted that a
protocol operation request to alter
a configuration datastore was denied.";
}
leaf denied-notifications {
type yang:zero-based-counter32;
config false;
mandatory true;
description
"Number of times since the server last restarted that
a notification was dropped for a subscription because
access to the event type was denied.";
}
container groups {
description
"NETCONF Access Control Groups.";
list group {
key "name";
description
"One NACM Group Entry. This list will only contain
configured entries, not any entries learned from
any transport protocols.";
leaf name {
type group-name-type;
description
"Group name associated with this entry.";
}
leaf-list user-name {
type user-name-type;
description
"Each entry identifies the username of
a member of the group associated with
this entry.";
}
}
}
list rule-list {
key "name";
ordered-by user;
description
"An ordered collection of access control rules.";
leaf name {
type string {
length "1..max";
}
description
"Arbitrary name assigned to the rule-list.";
}
leaf-list group {
type union {
type matchall-string-type;
type group-name-type;
}
description
"List of administrative groups that will be
assigned the associated access rights
defined by the 'rule' list.
The string '*' indicates that all groups apply to the
entry.";
}
list rule {
key "name";
ordered-by user;
description
"One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.";
leaf name {
type string {
length "1..max";
}
description
"Arbitrary name assigned to the rule.";
}
leaf module-name {
type union {
type matchall-string-type;
type string;
}
default "*";
description
"Name of the module associated with this rule.
This leaf matches if it has the value '*' or if the
object being accessed is defined in the module with the
specified module name.";
}
choice rule-type {
description
"This choice matches if all leafs present in the rule
match the request. If no leafs are present, the
choice matches all requests.";
case protocol-operation {
leaf rpc-name {
type union {
type matchall-string-type;
type string;
}
description
"This leaf matches if it has the value '*' or if
its value equals the requested protocol operation
name.";
}
}
case notification {
leaf notification-name {
type union {
type matchall-string-type;
type string;
}
description
"This leaf matches if it has the value '*' or if its
value equals the requested notification name.";
}
}
case data-node {
leaf path {
type node-instance-identifier;
mandatory true;
description
"Data Node Instance Identifier associated with the
data node controlled by this rule.
Configuration data or state data instance
identifiers start with a top-level data node. A
complete instance identifier is required for this
type of path value.
The special value '/' refers to all possible
datastore contents.";
}
}
}
leaf access-operations {
type union {
type matchall-string-type;
type access-operations-type;
}
default "*";
description
"Access operations associated with this rule.
This leaf matches if it has the value '*' or if the
bit corresponding to the requested operation is set.";
}
leaf action {
type action-type;
mandatory true;
description
"The access control action associated with the
rule. If a rule is determined to match a
particular request, then this object is used
to determine whether to permit or deny the
request.";
}
leaf comment {
type string;
description
"A textual description of the access rule.";
}
}
}
}
}

5
tools/lint/examples/module1.yang Normal file
View file

@ -0,0 +1,5 @@
module module1 {
namespace "urn:yanglint:module";
prefix m;
leaf m { type string; }
}

5
tools/lint/examples/module1b.yang Normal file
View file

@ -0,0 +1,5 @@
module module1b {
namespace "urn:yanglint:module";
prefix m;
leaf mb { type string; }
}

5
tools/lint/examples/module2.yang Normal file
View file

@ -0,0 +1,5 @@
module module2 {
namespace "urn:yanglint:module";
prefix m;
leaf m { ttype string; }
}

10
tools/lint/examples/module2.yin Normal file
View file

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<module name="module2"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:m="urn:yanglint:module">
<namespace uri="urn:yanglint:module"/>
<prefix value="m"/>
<leaf name="m">
<type value="string"/>
</leaf>
</module>

8
tools/lint/examples/module3.yang Normal file
View file

@ -0,0 +1,8 @@
module module3 {
namespace "urn:yanglint:module";
prefix m;
leaf m { type string; must "../c/a"; }
container c {
leaf b { type string; }
}
}

52
tools/lint/examples/module4.yang Normal file
View file

@ -0,0 +1,52 @@
module module4 {
yang-version 1.1;
namespace "urn:module4";
prefix m4;
container cont1 {
list list {
key "leaf1";
leaf leaf1 {
type string;
}
action act {
input {
leaf leaf2 {
type string;
}
}
output {
leaf leaf3 {
type string;
}
}
}
notification notif1 {
leaf leaf4 {
type string;
}
}
}
}
rpc rpc {
input {
leaf leaf5 {
type string;
}
}
output {
container cont2 {
leaf leaf6 {
type empty;
}
}
}
}
notification notif2 {
leaf leaf7 {
type empty;
}
}
}

8
tools/lint/examples/nested-notification.xml Normal file
View file

@ -0,0 +1,8 @@
<cont1 xmlns="urn:module4">
<list>
<leaf1>key_val</leaf1>
<notif1>
<leaf4>some_value</leaf4>
</notif1>
</list>
</cont1>

3
tools/lint/examples/notification.xml Normal file
View file

@ -0,0 +1,3 @@
<notif2 xmlns="urn:module4">
<leaf7/>
</notif2>

5
tools/lint/examples/rpc-reply.xml Normal file
View file

@ -0,0 +1,5 @@
<rpc xmlns="urn:module4">
<cont2>
<leaf6/>
</cont2>
</rpc>

3
tools/lint/examples/rpc.xml Normal file
View file

@ -0,0 +1,3 @@
<rpc xmlns="urn:module4">
<leaf5>some_input</leaf5>
</rpc>

64
tools/lint/examples/sm-context-extension.xml Normal file
View file

@ -0,0 +1,64 @@
<yang-library xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<module-set>
<name>test-set</name>
<module>
<name>ietf-datastores</name>
<revision>2018-02-14</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-datastores</namespace>
</module>
<module>
<name>ietf-yang-library</name>
<revision>2019-01-04</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace>
</module>
<module>
<name>sm-extension</name>
<namespace>urn:sm-ext</namespace>
</module>
<module>
<name>iana-if-type</name>
<namespace>urn:ietf:params:xml:ns:yang:iana-if-type</namespace>
</module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-types</namespace>
</import-only-module>
<import-only-module>
<name>sm-mod</name>
<revision>2017-01-26</revision>
<namespace>urn:yanglint:sm-mod</namespace>
</import-only-module>
</module-set>
<schema>
<name>test-schema</name>
<module-set>test-set</module-set>
</schema>
<datastore>
<name>ds:running</name>
<schema>test-schema</schema>
</datastore>
<datastore>
<name>ds:operational</name>
<schema>test-schema</schema>
</datastore>
<content-id>1</content-id>
</yang-library>
<modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library">
<module-set-id>1</module-set-id>
</modules-state>
<schema-mounts xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-schema-mount">
<namespace>
<prefix>if</prefix>
<uri>urn:ietf:params:xml:ns:yang:ietf-interfaces</uri>
</namespace>
<mount-point>
<module>sm-main</module>
<label>mnt-root</label>
<shared-schema>
<parent-reference>/if:interfaces/if:interface/if:name</parent-reference>
<parent-reference>/if:interfaces/if:interface/if:type</parent-reference>
</shared-schema>
</mount-point>
</schema-mounts>

54
tools/lint/examples/sm-context-main.xml Normal file
View file

@ -0,0 +1,54 @@
<yang-library xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<module-set>
<name>main-set</name>
<module>
<name>ietf-datastores</name>
<revision>2018-02-14</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-datastores</namespace>
</module>
<module>
<name>ietf-yang-library</name>
<revision>2019-01-04</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace>
</module>
<module>
<name>ietf-yang-schema-mount</name>
<revision>2019-01-14</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-schema-mount</namespace>
</module>
<module>
<name>sm-main</name>
<namespace>urn:sm-main</namespace>
</module>
<module>
<name>iana-if-type</name>
<namespace>urn:ietf:params:xml:ns:yang:iana-if-type</namespace>
</module>
<module>
<name>ietf-interfaces</name>
<namespace>urn:ietf:params:xml:ns:yang:ietf-interfaces</namespace>
</module>
<import-only-module>
<name>ietf-yang-types</name>
<revision>2013-07-15</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-types</namespace>
</import-only-module>
</module-set>
<schema>
<name>main-schema</name>
<module-set>main-set</module-set>
</schema>
<datastore>
<name>ds:running</name>
<schema>main-schema</schema>
</datastore>
<datastore>
<name>ds:operational</name>
<schema>main-schema</schema>
</datastore>
<content-id>1</content-id>
</yang-library>
<modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library">
<module-set-id>2</module-set-id>
</modules-state>

19
tools/lint/examples/sm-data.xml Normal file
View file

@ -0,0 +1,19 @@
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>eth0</name>
<type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type>
</interface>
<interface>
<name>eth1</name>
<type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type>
</interface>
</interfaces>
<root3 xmlns="urn:sm-main">
<my-list>
<name>list item 1</name>
<things xmlns="urn:sm-ext">
<name>eth0</name>
<attribute>1</attribute>
</things>
</my-list>
</root3>

39
tools/lint/examples/sm-extension.yang Normal file
View file

@ -0,0 +1,39 @@
module sm-extension {
yang-version 1.1;
namespace "urn:sm-ext";
prefix "sm-ext";
import ietf-interfaces {
prefix if;
}
import sm-mod {
prefix sm-mod;
}
revision 2022-09-15 {
description
"initial";
reference
"";
}
list things {
key "name";
leaf name {
type leafref {
path "/if:interfaces/if:interface/if:name";
}
}
leaf attribute {
type uint32;
}
}
augment "/if:interfaces/if:interface" {
leaf thing-attribute {
type leafref {
path "/things/attribute";
}
}
}
}

32
tools/lint/examples/sm-main.yang Normal file
View file

@ -0,0 +1,32 @@
module sm-main {
yang-version 1.1;
namespace "urn:sm-main";
prefix "sm-main";
import ietf-yang-schema-mount {
prefix yangmnt;
}
import ietf-interfaces {
prefix if;
}
list root {
key "node";
leaf node {
type string;
}
yangmnt:mount-point "root";
}
container root2 {
yangmnt:mount-point "root";
}
container root3 {
list my-list {
key name;
leaf name {
type string;
}
yangmnt:mount-point "mnt-root";
}
}
}

21
tools/lint/examples/sm-mod.yang Normal file
View file

@ -0,0 +1,21 @@
module sm-mod {
yang-version 1.1;
namespace "urn:yanglint:sm-mod";
prefix "sm-mod";
revision 2017-01-26 {
description
"initial";
reference
"";
}
container not-compiled {
leaf first {
type string;
}
leaf second {
type string;
}
}
}