447 lines
14 KiB
XML
447 lines
14 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when2">
|
|
<namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/>
|
|
<prefix value="nacm"/>
|
|
<import module="ietf-yang-types">
|
|
<prefix value="yang"/>
|
|
</import>
|
|
<organization>
|
|
<text>IETF NETCONF (Network Configuration) Working Group</text>
|
|
</organization>
|
|
<contact>
|
|
<text>WG Web: <http://tools.ietf.org/wg/netconf/>
|
|
WG List: <mailto:netconf@ietf.org>
|
|
|
|
WG Chair: Mehmet Ersue
|
|
<mailto:mehmet.ersue@nsn.com>
|
|
|
|
WG Chair: Bert Wijnen
|
|
<mailto:bertietf@bwijnen.net>
|
|
|
|
Editor: Andy Bierman
|
|
<mailto:andy@yumaworks.com>
|
|
|
|
Editor: Martin Bjorklund
|
|
<mailto:mbj@tail-f.com></text>
|
|
</contact>
|
|
<description>
|
|
<text>NETCONF Access Control Model.
|
|
|
|
Copyright (c) 2012 IETF Trust and the persons identified as
|
|
authors of the code. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or
|
|
without modification, is permitted pursuant to, and subject
|
|
to the license terms contained in, the Simplified BSD
|
|
License set forth in Section 4.c of the IETF Trust's
|
|
Legal Provisions Relating to IETF Documents
|
|
(http://trustee.ietf.org/license-info).
|
|
|
|
This version of this YANG module is part of RFC 6536; see
|
|
the RFC itself for full legal notices.</text>
|
|
</description>
|
|
<revision date="2012-02-22">
|
|
<description>
|
|
<text>Initial version</text>
|
|
</description>
|
|
<reference>
|
|
<text>RFC 6536: Network Configuration Protocol (NETCONF)
|
|
Access Control Model</text>
|
|
</reference>
|
|
</revision>
|
|
<extension name="default-deny-write">
|
|
<description>
|
|
<text>Used to indicate that the data model node
|
|
represents a sensitive security system parameter.
|
|
|
|
If present, and the NACM module is enabled (i.e.,
|
|
/nacm/enable-nacm object equals 'true'), the NETCONF server
|
|
will only allow the designated 'recovery session' to have
|
|
write access to the node. An explicit access control rule is
|
|
required for all other users.
|
|
|
|
The 'default-deny-write' extension MAY appear within a data
|
|
definition statement. It is ignored otherwise.</text>
|
|
</description>
|
|
</extension>
|
|
<extension name="default-deny-all">
|
|
<description>
|
|
<text>Used to indicate that the data model node
|
|
controls a very sensitive security system parameter.
|
|
|
|
If present, and the NACM module is enabled (i.e.,
|
|
/nacm/enable-nacm object equals 'true'), the NETCONF server
|
|
will only allow the designated 'recovery session' to have
|
|
read, write, or execute access to the node. An explicit
|
|
access control rule is required for all other users.
|
|
|
|
The 'default-deny-all' extension MAY appear within a data
|
|
definition statement, 'rpc' statement, or 'notification'
|
|
statement. It is ignored otherwise.</text>
|
|
</description>
|
|
</extension>
|
|
<typedef name="user-name-type">
|
|
<type name="string">
|
|
<length value="1..max"/>
|
|
</type>
|
|
<description>
|
|
<text>General Purpose Username string.</text>
|
|
</description>
|
|
</typedef>
|
|
<typedef name="matchall-string-type">
|
|
<type name="string">
|
|
<pattern value="\*"/>
|
|
</type>
|
|
<description>
|
|
<text>The string containing a single asterisk '*' is used
|
|
to conceptually represent all possible values
|
|
for the particular leaf using this data type.</text>
|
|
</description>
|
|
</typedef>
|
|
<typedef name="access-operations-type">
|
|
<type name="bits">
|
|
<bit name="create">
|
|
<description>
|
|
<text>Any protocol operation that creates a
|
|
new data node.</text>
|
|
</description>
|
|
</bit>
|
|
<bit name="read">
|
|
<description>
|
|
<text>Any protocol operation or notification that
|
|
returns the value of a data node.</text>
|
|
</description>
|
|
</bit>
|
|
<bit name="update">
|
|
<description>
|
|
<text>Any protocol operation that alters an existing
|
|
data node.</text>
|
|
</description>
|
|
</bit>
|
|
<bit name="delete">
|
|
<description>
|
|
<text>Any protocol operation that removes a data node.</text>
|
|
</description>
|
|
</bit>
|
|
<bit name="exec">
|
|
<description>
|
|
<text>Execution access to the specified protocol operation.</text>
|
|
</description>
|
|
</bit>
|
|
</type>
|
|
<description>
|
|
<text>NETCONF Access Operation.</text>
|
|
</description>
|
|
</typedef>
|
|
<typedef name="group-name-type">
|
|
<type name="string">
|
|
<length value="1..max"/>
|
|
<pattern value="[^\*].*"/>
|
|
</type>
|
|
<description>
|
|
<text>Name of administrative group to which
|
|
users can be assigned.</text>
|
|
</description>
|
|
</typedef>
|
|
<typedef name="action-type">
|
|
<type name="enumeration">
|
|
<enum name="permit">
|
|
<description>
|
|
<text>Requested action is permitted.</text>
|
|
</description>
|
|
</enum>
|
|
<enum name="deny">
|
|
<description>
|
|
<text>Requested action is denied.</text>
|
|
</description>
|
|
</enum>
|
|
</type>
|
|
<description>
|
|
<text>Action taken by the server when a particular
|
|
rule matches.</text>
|
|
</description>
|
|
</typedef>
|
|
<typedef name="node-instance-identifier">
|
|
<type name="yang:xpath1.0"/>
|
|
<description>
|
|
<text>Path expression used to represent a special
|
|
data node instance identifier string.
|
|
|
|
A node-instance-identifier value is an
|
|
unrestricted YANG instance-identifier expression.
|
|
All the same rules as an instance-identifier apply
|
|
except predicates for keys are optional. If a key
|
|
predicate is missing, then the node-instance-identifier
|
|
represents all possible server instances for that key.
|
|
|
|
This XPath expression is evaluated in the following context:
|
|
|
|
o The set of namespace declarations are those in scope on
|
|
the leaf element where this type is used.
|
|
|
|
o The set of variable bindings contains one variable,
|
|
'USER', which contains the name of the user of the current
|
|
session.
|
|
|
|
o The function library is the core function library, but
|
|
note that due to the syntax restrictions of an
|
|
instance-identifier, no functions are allowed.
|
|
|
|
o The context node is the root node in the data tree.</text>
|
|
</description>
|
|
</typedef>
|
|
<container name="nacm">
|
|
<nacm:default-deny-all/>
|
|
<description>
|
|
<text>Parameters for NETCONF Access Control Model.</text>
|
|
</description>
|
|
<leaf name="enable-nacm">
|
|
<type name="boolean"/>
|
|
<default value="true"/>
|
|
<description>
|
|
<text>Enables or disables all NETCONF access control
|
|
enforcement. If 'true', then enforcement
|
|
is enabled. If 'false', then enforcement
|
|
is disabled.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="read-default">
|
|
<type name="action-type"/>
|
|
<default value="permit"/>
|
|
<description>
|
|
<text>Controls whether read access is granted if
|
|
no appropriate rule is found for a
|
|
particular read request.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="write-default">
|
|
<type name="action-type"/>
|
|
<default value="deny"/>
|
|
<description>
|
|
<text>Controls whether create, update, or delete access
|
|
is granted if no appropriate rule is found for a
|
|
particular write request.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="exec-default">
|
|
<type name="action-type"/>
|
|
<default value="permit"/>
|
|
<description>
|
|
<text>Controls whether exec access is granted if no appropriate
|
|
rule is found for a particular protocol operation request.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="enable-external-groups">
|
|
<type name="boolean"/>
|
|
<default value="true"/>
|
|
<description>
|
|
<text>Controls whether the server uses the groups reported by the
|
|
NETCONF transport layer when it assigns the user to a set of
|
|
NACM groups. If this leaf has the value 'false', any group
|
|
names reported by the transport layer are ignored by the
|
|
server.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="denied-operations">
|
|
<type name="yang:zero-based-counter32"/>
|
|
<config value="false"/>
|
|
<mandatory value="true"/>
|
|
<description>
|
|
<text>Number of times since the server last restarted that a
|
|
protocol operation request was denied.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="denied-data-writes">
|
|
<type name="yang:zero-based-counter32"/>
|
|
<config value="false"/>
|
|
<mandatory value="true"/>
|
|
<when condition="../denied-operations > 0"/>
|
|
<description>
|
|
<text>Number of times since the server last restarted that a
|
|
protocol operation request to alter
|
|
a configuration datastore was denied.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="denied-notifications">
|
|
<type name="yang:zero-based-counter32"/>
|
|
<config value="false"/>
|
|
<mandatory value="true"/>
|
|
<description>
|
|
<text>Number of times since the server last restarted that
|
|
a notification was dropped for a subscription because
|
|
access to the event type was denied.</text>
|
|
</description>
|
|
</leaf>
|
|
<container name="groups">
|
|
<description>
|
|
<text>NETCONF Access Control Groups.</text>
|
|
</description>
|
|
<list name="group">
|
|
<key value="name"/>
|
|
<description>
|
|
<text>One NACM Group Entry. This list will only contain
|
|
configured entries, not any entries learned from
|
|
any transport protocols.</text>
|
|
</description>
|
|
<leaf name="name">
|
|
<type name="group-name-type"/>
|
|
<description>
|
|
<text>Group name associated with this entry.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf-list name="user-name">
|
|
<type name="user-name-type"/>
|
|
<description>
|
|
<text>Each entry identifies the username of
|
|
a member of the group associated with
|
|
this entry.</text>
|
|
</description>
|
|
</leaf-list>
|
|
</list>
|
|
</container>
|
|
<list name="rule-list">
|
|
<key value="name"/>
|
|
<ordered-by value="user"/>
|
|
<description>
|
|
<text>An ordered collection of access control rules.</text>
|
|
</description>
|
|
<leaf name="name">
|
|
<type name="string">
|
|
<length value="1..max"/>
|
|
</type>
|
|
<description>
|
|
<text>Arbitrary name assigned to the rule-list.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf-list name="group">
|
|
<type name="union">
|
|
<type name="matchall-string-type"/>
|
|
<type name="group-name-type"/>
|
|
</type>
|
|
<description>
|
|
<text>List of administrative groups that will be
|
|
assigned the associated access rights
|
|
defined by the 'rule' list.
|
|
|
|
The string '*' indicates that all groups apply to the
|
|
entry.</text>
|
|
</description>
|
|
</leaf-list>
|
|
<list name="rule">
|
|
<key value="name"/>
|
|
<ordered-by value="user"/>
|
|
<description>
|
|
<text>One access control rule.
|
|
|
|
Rules are processed in user-defined order until a match is
|
|
found. A rule matches if 'module-name', 'rule-type', and
|
|
'access-operations' match the request. If a rule
|
|
matches, the 'action' leaf determines if access is granted
|
|
or not.</text>
|
|
</description>
|
|
<leaf name="name">
|
|
<type name="string">
|
|
<length value="1..max"/>
|
|
</type>
|
|
<description>
|
|
<text>Arbitrary name assigned to the rule.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="module-name">
|
|
<type name="union">
|
|
<type name="matchall-string-type"/>
|
|
<type name="string"/>
|
|
</type>
|
|
<default value="*"/>
|
|
<description>
|
|
<text>Name of the module associated with this rule.
|
|
|
|
This leaf matches if it has the value '*' or if the
|
|
object being accessed is defined in the module with the
|
|
specified module name.</text>
|
|
</description>
|
|
</leaf>
|
|
<choice name="rule-type">
|
|
<description>
|
|
<text>This choice matches if all leafs present in the rule
|
|
match the request. If no leafs are present, the
|
|
choice matches all requests.</text>
|
|
</description>
|
|
<case name="protocol-operation">
|
|
<leaf name="rpc-name">
|
|
<type name="union">
|
|
<type name="matchall-string-type"/>
|
|
<type name="string"/>
|
|
</type>
|
|
<description>
|
|
<text>This leaf matches if it has the value '*' or if
|
|
its value equals the requested protocol operation
|
|
name.</text>
|
|
</description>
|
|
</leaf>
|
|
</case>
|
|
<case name="notification">
|
|
<leaf name="notification-name">
|
|
<type name="union">
|
|
<type name="matchall-string-type"/>
|
|
<type name="string"/>
|
|
</type>
|
|
<description>
|
|
<text>This leaf matches if it has the value '*' or if its
|
|
value equals the requested notification name.</text>
|
|
</description>
|
|
</leaf>
|
|
</case>
|
|
<case name="data-node">
|
|
<leaf name="path">
|
|
<type name="node-instance-identifier"/>
|
|
<mandatory value="true"/>
|
|
<description>
|
|
<text>Data Node Instance Identifier associated with the
|
|
data node controlled by this rule.
|
|
|
|
Configuration data or state data instance
|
|
identifiers start with a top-level data node. A
|
|
complete instance identifier is required for this
|
|
type of path value.
|
|
|
|
The special value '/' refers to all possible
|
|
datastore contents.</text>
|
|
</description>
|
|
</leaf>
|
|
</case>
|
|
</choice>
|
|
<leaf name="access-operations">
|
|
<type name="union">
|
|
<type name="matchall-string-type"/>
|
|
<type name="access-operations-type"/>
|
|
</type>
|
|
<default value="*"/>
|
|
<description>
|
|
<text>Access operations associated with this rule.
|
|
|
|
This leaf matches if it has the value '*' or if the
|
|
bit corresponding to the requested operation is set.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="action">
|
|
<type name="action-type"/>
|
|
<mandatory value="true"/>
|
|
<description>
|
|
<text>The access control action associated with the
|
|
rule. If a rule is determined to match a
|
|
particular request, then this object is used
|
|
to determine whether to permit or deny the
|
|
request.</text>
|
|
</description>
|
|
</leaf>
|
|
<leaf name="comment">
|
|
<type name="string"/>
|
|
<description>
|
|
<text>A textual description of the access rule.</text>
|
|
</description>
|
|
</leaf>
|
|
</list>
|
|
</list>
|
|
</container>
|
|
</module>
|