From 8016160afd589d269cfcdb09079e329dabd328b8 Mon Sep 17 00:00:00 2001 From: Ravi Pendurty Date: Fri, 27 Nov 2020 13:28:35 +0100 Subject: SDN-R Server provide GUI cut through for ODLUX SDN-R Server provide GUI cut through for ODLUX Issue-ID: SDNC-1396 Change-Id: I9f510a03dcc07ab0efb84522611fc17e546da93f Signed-off-by: Ravi Pendurty --- sdnr/wt/common-yang/iana-crypt-hash/pom.xml | 47 + .../src/main/yang/iana-crypt-hash@2014-08-06.yang | 120 ++ sdnr/wt/common-yang/ietf-alarms/pom.xml | 47 + .../src/main/yang/ietf-alarms@2019-09-11.yang | 1526 ++++++++++++++++++++ sdnr/wt/common-yang/onap/pom.xml | 48 + .../onap/src/main/yang/onap-system.yang | 59 + sdnr/wt/common-yang/pom.xml | 49 + sdnr/wt/common-yang/rfc7317-ietf-system/pom.xml | 59 + .../src/main/yang/ietf-system@2014-08-06.yang | 800 ++++++++++ sdnr/wt/common-yang/rfc8341/pom.xml | 47 + .../rfc8341/src/main/yang/ietf-netconf-acm.yang | 464 ++++++ 11 files changed, 3266 insertions(+) create mode 100755 sdnr/wt/common-yang/iana-crypt-hash/pom.xml create mode 100644 sdnr/wt/common-yang/iana-crypt-hash/src/main/yang/iana-crypt-hash@2014-08-06.yang create mode 100755 sdnr/wt/common-yang/ietf-alarms/pom.xml create mode 100644 sdnr/wt/common-yang/ietf-alarms/src/main/yang/ietf-alarms@2019-09-11.yang create mode 100755 sdnr/wt/common-yang/onap/pom.xml create mode 100644 sdnr/wt/common-yang/onap/src/main/yang/onap-system.yang create mode 100755 sdnr/wt/common-yang/pom.xml create mode 100755 sdnr/wt/common-yang/rfc7317-ietf-system/pom.xml create mode 100644 sdnr/wt/common-yang/rfc7317-ietf-system/src/main/yang/ietf-system@2014-08-06.yang create mode 100755 sdnr/wt/common-yang/rfc8341/pom.xml create mode 100644 sdnr/wt/common-yang/rfc8341/src/main/yang/ietf-netconf-acm.yang (limited to 'sdnr/wt/common-yang') diff --git a/sdnr/wt/common-yang/iana-crypt-hash/pom.xml b/sdnr/wt/common-yang/iana-crypt-hash/pom.xml new file mode 100755 index 000000000..06a2e53f5 --- /dev/null +++ b/sdnr/wt/common-yang/iana-crypt-hash/pom.xml @@ -0,0 +1,47 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + iana-crypt-hash + 1.1.0-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + + org.opendaylight.mdsal.binding.model.ietf + rfc6991-ietf-yang-types + + + diff --git a/sdnr/wt/common-yang/iana-crypt-hash/src/main/yang/iana-crypt-hash@2014-08-06.yang b/sdnr/wt/common-yang/iana-crypt-hash/src/main/yang/iana-crypt-hash@2014-08-06.yang new file mode 100644 index 000000000..44c4674f8 --- /dev/null +++ b/sdnr/wt/common-yang/iana-crypt-hash/src/main/yang/iana-crypt-hash@2014-08-06.yang @@ -0,0 +1,120 @@ +module iana-crypt-hash { + namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash"; + prefix ianach; + + organization "IANA"; + contact + " Internet Assigned Numbers Authority + + Postal: ICANN + 12025 Waterfront Drive, Suite 300 + Los Angeles, CA 90094-2536 + United States + + Tel: +1 310 301 5800 + E-Mail: iana@iana.org>"; + description + "This YANG module defines a type for storing passwords + using a hash function and features to indicate which hash + functions are supported by an implementation. + + The latest revision of this YANG module can be obtained from + the IANA web site. + + Requests for new values should be made to IANA via + email (iana@iana.org). + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 7317; + see the RFC itself for full legal notices."; + + revision 2014-08-06 { + description + "Initial revision."; + reference + "RFC 7317: A YANG Data Model for System Management"; + } + + typedef crypt-hash { + type string { + pattern + '$0$.*' + + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}' + + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}' + + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}'; + } + description + "The crypt-hash type is used to store passwords using + a hash function. The algorithms for applying the hash + function and encoding the result are implemented in + various UNIX systems as the function crypt(3). + + A value of this type matches one of the forms: + + $0$ + $$$ + $$$$ + + The '$0$' prefix signals that the value is clear text. When + such a value is received by the server, a hash value is + calculated, and the string '$$$' or + $$$$ is prepended to the result. This + value is stored in the configuration data store. + If a value starting with '$$', where is not '0', is + received, the server knows that the value already represents a + hashed value and stores it 'as is' in the data store. + + When a server needs to verify a password given by a user, it + finds the stored password hash string for that user, extracts + the salt, and calculates the hash with the salt and given + password as input. If the calculated hash value is the same + as the stored value, the password given by the client is + accepted. + + This type defines the following hash functions: + + id | hash function | feature + ---+---------------+------------------- + 1 | MD5 | crypt-hash-md5 + 5 | SHA-256 | crypt-hash-sha-256 + 6 | SHA-512 | crypt-hash-sha-512 + + The server indicates support for the different hash functions + by advertising the corresponding feature."; + reference + "IEEE Std 1003.1-2008 - crypt() function + RFC 1321: The MD5 Message-Digest Algorithm + FIPS.180-4.2012: Secure Hash Standard (SHS)"; + } + + feature crypt-hash-md5 { + description + "Indicates that the device supports the MD5 + hash function in 'crypt-hash' values."; + reference "RFC 1321: The MD5 Message-Digest Algorithm"; + } + + feature crypt-hash-sha-256 { + description + "Indicates that the device supports the SHA-256 + hash function in 'crypt-hash' values."; + reference "FIPS.180-4.2012: Secure Hash Standard (SHS)"; + } + + feature crypt-hash-sha-512 { + description + "Indicates that the device supports the SHA-512 + hash function in 'crypt-hash' values."; + reference "FIPS.180-4.2012: Secure Hash Standard (SHS)"; + } + +} diff --git a/sdnr/wt/common-yang/ietf-alarms/pom.xml b/sdnr/wt/common-yang/ietf-alarms/pom.xml new file mode 100755 index 000000000..0e0591846 --- /dev/null +++ b/sdnr/wt/common-yang/ietf-alarms/pom.xml @@ -0,0 +1,47 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + ietf-alarms + 1.1.0-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + + org.opendaylight.mdsal.binding.model.ietf + rfc6991-ietf-yang-types + + + diff --git a/sdnr/wt/common-yang/ietf-alarms/src/main/yang/ietf-alarms@2019-09-11.yang b/sdnr/wt/common-yang/ietf-alarms/src/main/yang/ietf-alarms@2019-09-11.yang new file mode 100644 index 000000000..a1c195faf --- /dev/null +++ b/sdnr/wt/common-yang/ietf-alarms/src/main/yang/ietf-alarms@2019-09-11.yang @@ -0,0 +1,1526 @@ +module ietf-alarms { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-alarms"; + prefix al; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types."; + } + + organization + "IETF CCAMP Working Group"; + contact + "WG Web: + WG List: + + Editor: Stefan Vallin + + + Editor: Martin Bjorklund + "; + description + "This module defines an interface for managing alarms. Main + inputs to the module design are the 3GPP Alarm Integration + Reference Point (IRP), ITU-T X.733, and ANSI/ISA-18.2 alarm + standards. + Main features of this module include: + + * Alarm list: + A list of all alarms. Cleared alarms stay in + the list until explicitly purged. + + * Operator actions on alarms: + Acknowledging and closing alarms. + + * Administrative actions on alarms: + Purging alarms from the list according to specific + criteria. + + * Alarm inventory: + A management application can read all + alarm types implemented by the system. + + * Alarm shelving: + Shelving (blocking) alarms according + to specific criteria. + + * Alarm profiles: + A management system can attach further + information to alarm types, for example, + overriding system-default severity + levels. + + This module uses a stateful view on alarms. An alarm is a state + for a specific resource (note that an alarm is not a + notification). An alarm type is a possible alarm state for a + resource. For example, the tuple: + + ('link-alarm', 'GigabitEthernet0/25') + + is an alarm of type 'link-alarm' on the resource + 'GigabitEthernet0/25'. + + Alarm types are identified using YANG identities and an optional + string-based qualifier. The string-based qualifier allows for + dynamic extension of the statically defined alarm types. Alarm + types identify a possible alarm state and not the individual + notifications. For example, the traditional 'link-down' and + 'link-up' notifications are two notifications referring to the + same alarm type 'link-alarm'. + + With this design, there is no ambiguity about how alarm and + alarm clear correlation should be performed; notifications that + report the same resource and alarm type are considered updates + of the same alarm, e.g., clearing an active alarm or changing + the severity of an alarm. The instrumentation can update the + severity and alarm text on an existing alarm. The above alarm + example can therefore look like the following: + + (('link-alarm', 'GigabitEthernet0/25'), + warning, + 'interface down while interface admin state is up') + + There is a clear separation between updates on the alarm from + the underlying resource, like clear, and updates from an + operator, like acknowledging or closing an alarm: + + (('link-alarm', 'GigabitEthernet0/25'), + warning, + 'interface down while interface admin state is up', + cleared, + closed) + + Administrative actions like removing closed alarms older than a + given time is supported. + + This YANG module does not define how the underlying + instrumentation detects and clears the specific alarms. That + belongs to the Standards Development Organization (SDO) or + enterprise that owns that specific technology. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8632; see + the RFC itself for full legal notices."; + + revision 2019-09-11 { + description + "Initial revision."; + reference + "RFC 8632: A YANG Data Model for Alarm Management"; + } + + /* + * Features + */ + + feature operator-actions { + description + "This feature indicates that the system supports operator + states on alarms."; + } + + feature alarm-shelving { + description + "This feature indicates that the system supports shelving + (blocking) alarms. + + Alarm shelving may have an impact on server processing + resources in order to match alarms against shelf + criteria."; + } + + feature alarm-history { + description + "This feature indicates that the server maintains a history + of state changes for each alarm. For example, if an alarm + toggles between cleared and active 10 times, these state + changes are present in a separate list in the alarm. + + Keeping the alarm history may have an impact on server + memory resources."; + } + + feature alarm-summary { + description + "This feature indicates that the server summarizes the number + of alarms per severity and operator state."; + } + + feature alarm-profile { + description + "The system enables clients to configure further information + to each alarm type."; + } + + feature severity-assignment { + description + "The system supports configurable alarm severity levels."; + reference + "ITU-T Recommendation M.3100: + Generic network information model + ITU-T Recommendation M.3160: + Generic, protocol-neutral management information model"; + } + + feature root-cause-analysis { + description + "The system supports identifying candidate root-cause + resources for an alarm, for example, a disk partition + root cause for a logger failure alarm."; + } + + feature service-impact-analysis { + description + "The system supports identifying candidate-impacted + resources for an alarm, for example, an interface state change + resulting in a link alarm, which can refer to a link as being + impacted."; + } + + feature alarm-correlation { + description + "The system supports correlating/grouping alarms + that belong together."; + } + + /* + * Identities + */ + + identity alarm-type-id { + description + "Base identity for alarm types. A unique identification of + the alarm, not including the resource. Different resources + can share alarm types. If the resource reports the same + alarm type, it is considered to be the same alarm. The alarm + type is a simplification of the different X.733 and 3GPP Alarm + IRP correlation mechanisms, and it allows for + hierarchical extensions. + + A string-based qualifier can be used in addition to the + identity in order to have different alarm types based on + information not known at design time, such as values in + textual SNMP Notification varbinds. + + Standards and vendors can define sub-identities to clearly + identify specific alarm types. + + This identity is abstract and MUST NOT be used for alarms."; + } + + /* + * Common types + */ + + typedef resource { + type union { + type instance-identifier { + require-instance false; + } + type yang:object-identifier; + type string; + type yang:uuid; + } + description + "This is an identification of the alarming resource, such as an + interface. It should be as fine-grained as possible to both + guide the operator and guarantee uniqueness of the alarms. + + If the alarming resource is modeled in YANG, this type will + be an instance-identifier. + + If the resource is an SNMP object, the type will be an + 'object-identifier'. + + If the resource is anything else, for example, a distinguished + name or a Common Information Model (CIM) path, this type will + be a string. + + If the alarming object is identified by a Universally Unique + Identifier (UUID), use the uuid type. Be cautious when using + this type, since a UUID is hard to use for an operator. + + If the server supports several models, the precedence should + be in the order as given in the union definition."; + } + + typedef resource-match { + type union { + type yang:xpath1.0; + type yang:object-identifier; + type string; + } + description + "This type is used to match resources of type 'resource'. + Since the type 'resource' is a union of different types, the + 'resource-match' type is also a union of corresponding types. + + If the type is given as an XPath 1.0 expression, a resource + of type 'instance-identifier' matches if the instance is part + of the node set that is the result of evaluating the XPath 1.0 + expression. For example, the XPath 1.0 expression: + + /ietf-interfaces:interfaces/ietf-interfaces:interface + [ietf-interfaces:type='ianaift:ethernetCsmacd'] + + would match the resource instance-identifier: + + /if:interfaces/if:interface[if:name='eth1'], + + assuming that the interface 'eth1' is of type + 'ianaift:ethernetCsmacd'. + + If the type is given as an object identifier, a resource of + type 'object-identifier' matches if the match object + identifier is a prefix of the resource's object identifier. + For example, the value: + + 1.3.6.1.2.1.2.2 + + would match the resource object identifier: + + 1.3.6.1.2.1.2.2.1.1.5 + + If the type is given as an UUID or a string, it is interpreted + as an XML Schema regular expression, which matches a resource + of type 'yang:uuid' or 'string' if the given regular + expression matches the resource string. + + If the type is given as an XPath expression, it is evaluated + in the following XPath context: + + o The set of namespace declarations is the set of prefix + and namespace pairs for all YANG modules implemented by + the server, where the prefix is the YANG module name and + the namespace is as defined by the 'namespace' statement + in the YANG module. + + If a leaf of this type is encoded in XML, all namespace + declarations in scope on the leaf element are added to + the set of namespace declarations. If a prefix found in + the XML is already present in the set of namespace + declarations, the namespace in the XML is used. + + o The set of variable bindings is empty. + + o The function library is the core function library, and + the functions are defined in Section 10 of RFC 7950. + + o The context node is the root node in the data tree."; + reference + "XML Schema Part 2: Datatypes Second Edition, + World Wide Web Consortium Recommendation + REC-xmlschema-2-20041028"; + } + + typedef alarm-text { + type string; + description + "The string used to inform operators about the alarm. This + MUST contain enough information for an operator to be able to + understand the problem and how to resolve it. If this string + contains structure, this format should be clearly documented + for programs to be able to parse that information."; + } + + typedef severity { + type enumeration { + enum indeterminate { + value 2; + description + "Indicates that the severity level could not be + determined. This level SHOULD be avoided."; + } + enum warning { + value 3; + description + "The 'warning' severity level indicates the detection of a + potential or impending service-affecting fault, before any + significant effects have been felt. Action should be + taken to further diagnose (if necessary) and correct the + problem in order to prevent it from becoming a more + serious service-affecting fault."; + } + enum minor { + value 4; + description + "The 'minor' severity level indicates the existence of a + non-service-affecting fault condition and that corrective + action should be taken in order to prevent a more serious + (for example, service-affecting) fault. Such a severity + can be reported, for example, when the detected alarm + condition is not currently degrading the capacity of the + resource."; + } + enum major { + value 5; + description + "The 'major' severity level indicates that a service- + affecting condition has developed and an urgent corrective + action is required. Such a severity can be reported, for + example, when there is a severe degradation in the + capability of the resource and its full capability must be + restored."; + } + enum critical { + value 6; + description + "The 'critical' severity level indicates that a service- + affecting condition has occurred and an immediate + corrective action is required. Such a severity can be + reported, for example, when a resource becomes totally out + of service and its capability must be restored."; + } + } + description + "The severity level of the alarm. Note well that the value + 'clear' is not included. Whether or not an alarm is cleared + is a separate boolean flag."; + reference + "ITU-T Recommendation X.733: Information Technology + - Open Systems Interconnection + - System Management: Alarm Reporting Function"; + } + + typedef severity-with-clear { + type union { + type enumeration { + enum cleared { + value 1; + description + "The alarm is cleared by the instrumentation."; + } + } + type severity; + } + description + "The severity level of the alarm including clear. This is used + only in notifications reporting state changes for an alarm."; + } + + typedef writable-operator-state { + type enumeration { + enum none { + value 1; + description + "The alarm is not being taken care of."; + } + enum ack { + value 2; + description + "The alarm is being taken care of. Corrective action not + taken yet or has failed"; + } + enum closed { + value 3; + description + "Corrective action taken successfully."; + } + } + description + "Operator states on an alarm. The 'closed' state indicates + that an operator considers the alarm being resolved. This is + separate from the alarm's 'is-cleared' leaf."; + } + + typedef operator-state { + type union { + type writable-operator-state; + type enumeration { + enum shelved { + value 4; + description + "The alarm is shelved. Alarms in /alarms/shelved-alarms/ + MUST be assigned this operator state by the server as + the last entry in the 'operator-state-change' list. The + text for that entry SHOULD include the shelf name."; + } + enum un-shelved { + value 5; + description + "The alarm is moved back to 'alarm-list' from a shelf. + Alarms that are moved from /alarms/shelved-alarms/ to + /alarms/alarm-list MUST be assigned this state by the + server as the last entry in the 'operator-state-change' + list. The text for that entry SHOULD include the shelf + name."; + } + } + } + description + "Operator states on an alarm. The 'closed' state indicates + that an operator considers the alarm being resolved. This is + separate from the alarm's 'is-cleared' leaf."; + } + + /* Alarm type */ + + typedef alarm-type-id { + type identityref { + base alarm-type-id; + } + description + "Identifies an alarm type. The description of the alarm type + id MUST indicate whether or not the alarm type is abstract. + An abstract alarm type is used as a base for other alarm type + ids and will not be used as a value for an alarm or be present + in the alarm inventory."; + } + + typedef alarm-type-qualifier { + type string; + description + "If an alarm type cannot be fully specified at design time by + 'alarm-type-id', this string qualifier is used in addition to + fully define a unique alarm type. + + The definition of alarm qualifiers is considered to be part of + the instrumentation and is out of scope for this module. An + empty string is used when this is part of a key."; + } + + /* + * Groupings + */ + + grouping common-alarm-parameters { + description + "Common parameters for an alarm. + + This grouping is used both in the alarm list and in the + notification representing an alarm-state change."; + leaf resource { + type resource; + mandatory true; + description + "The alarming resource. See also 'alt-resource'. This could + be, for example, a reference to the alarming interface"; + } + leaf alarm-type-id { + type alarm-type-id; + mandatory true; + description + "This leaf and the leaf 'alarm-type-qualifier' together + provide a unique identification of the alarm type."; + } + leaf alarm-type-qualifier { + type alarm-type-qualifier; + description + "This leaf is used when the 'alarm-type-id' leaf cannot + uniquely identify the alarm type. Normally, this is not the + case, and this leaf is the empty string."; + } + leaf-list alt-resource { + type resource; + description + "Used if the alarming resource is available over other + interfaces. This field can contain SNMP OIDs, CIM paths, or + 3GPP distinguished names, for example."; + } + list related-alarm { + if-feature "alarm-correlation"; + key "resource alarm-type-id alarm-type-qualifier"; + description + "References to related alarms. Note that the related alarm + might have been purged from the alarm list."; + leaf resource { + type leafref { + path "/alarms/alarm-list/alarm/resource"; + require-instance false; + } + description + "The alarming resource for the related alarm."; + } + leaf alarm-type-id { + type leafref { + path "/alarms/alarm-list/alarm" + + "[resource=current()/../resource]" + + "/alarm-type-id"; + require-instance false; + } + description + "The alarm type identifier for the related alarm."; + } + leaf alarm-type-qualifier { + type leafref { + path "/alarms/alarm-list/alarm" + + "[resource=current()/../resource]" + + "[alarm-type-id=current()/../alarm-type-id]" + + "/alarm-type-qualifier"; + require-instance false; + } + description + "The alarm qualifier for the related alarm."; + } + } + leaf-list impacted-resource { + if-feature "service-impact-analysis"; + type resource; + description + "Resources that might be affected by this alarm. If the + system creates an alarm on a resource and also has a mapping + to other resources that might be impacted, these resources + can be listed in this leaf-list. In this way, the system + can create one alarm instead of several. For example, if an + interface has an alarm, the 'impacted-resource' can + reference the aggregated port channels."; + } + leaf-list root-cause-resource { + if-feature "root-cause-analysis"; + type resource; + description + "Resources that are candidates for causing the alarm. If the + system has a mechanism to understand the candidate root + causes of an alarm, this leaf-list can be used to list the + root-cause candidate resources. In this way, the system can + create one alarm instead of several. An example might be a + logging system (alarm resource) that fails; the alarm can + reference the file system in the 'root-cause-resource' + leaf-list. Note that the intended use is not to also send + an alarm with the 'root-cause-resource' as an alarming + resource. The 'root-cause-resource' leaf-list is a hint and + should not also generate an alarm for the same problem."; + } + } + + grouping alarm-state-change-parameters { + description + "Parameters for an alarm-state change. + + This grouping is used both in the alarm list's status-change + list and in the notification representing an alarm-state + change."; + leaf time { + type yang:date-and-time; + mandatory true; + description + "The time the status of the alarm changed. The value + represents the time the real alarm-state change appeared in + the resource and not when it was added to the alarm + list. The /alarm-list/alarm/last-changed MUST be set to the + same value."; + } + leaf perceived-severity { + type severity-with-clear; + mandatory true; + description + "The severity of the alarm as defined by X.733. Note that + this may not be the original severity since the alarm may + have changed severity."; + reference + "ITU-T Recommendation X.733: Information Technology + - Open Systems Interconnection + - System Management: Alarm Reporting Function"; + } + leaf alarm-text { + type alarm-text; + mandatory true; + description + "A user-friendly text describing the alarm-state change."; + reference + "ITU-T Recommendation X.733: Information Technology + - Open Systems Interconnection + - System Management: Alarm Reporting Function"; + } + } + + grouping operator-parameters { + description + "This grouping defines parameters that can be changed by an + operator."; + leaf time { + type yang:date-and-time; + mandatory true; + description + "Timestamp for operator action on the alarm."; + } + leaf operator { + type string; + mandatory true; + description + "The name of the operator that has acted on this alarm."; + } + leaf state { + type operator-state; + mandatory true; + description + "The operator's view of the alarm state."; + } + leaf text { + type string; + description + "Additional optional textual information provided by the + operator."; + } + } + + grouping resource-alarm-parameters { + description + "Alarm parameters that originate from the resource view."; + leaf is-cleared { + type boolean; + mandatory true; + description + "Indicates the current clearance state of the alarm. An + alarm might toggle from active alarm to cleared alarm and + back to active again."; + } + leaf last-raised { + type yang:date-and-time; + mandatory true; + description + "An alarm may change severity level and toggle between + active and cleared during its lifetime. This leaf indicates + the last time it was raised ('is-cleared' = 'false')."; + } + leaf last-changed { + type yang:date-and-time; + mandatory true; + description + "A timestamp when the 'status-change' or + 'operator-state-change' list was last changed."; + } + leaf perceived-severity { + type severity; + mandatory true; + description + "The last severity of the alarm. + + If an alarm was raised with severity 'warning' but later + changed to 'major', this leaf will show 'major'."; + } + leaf alarm-text { + type alarm-text; + mandatory true; + description + "The last reported alarm text. This text should contain + information for an operator to be able to understand the + problem and how to resolve it."; + } + list status-change { + if-feature "alarm-history"; + key "time"; + min-elements 1; + description + "A list of status-change events for this alarm. + + The entry with latest timestamp in this list MUST + correspond to the leafs 'is-cleared', 'perceived-severity', + and 'alarm-text' for the alarm. + + This list is ordered according to the timestamps of alarm + state changes. The first item corresponds to the latest + state change. + + The following state changes create an entry in this + list: + - changed severity (warning, minor, major, critical) + - clearance status; this also updates the 'is-cleared' + leaf + - alarm-text update"; + uses alarm-state-change-parameters; + } + } + + grouping filter-input { + description + "Grouping to specify a filter construct on alarm information."; + leaf alarm-clearance-status { + type enumeration { + enum any { + description + "Ignore alarm-clearance status."; + } + enum cleared { + description + "Filter cleared alarms."; + } + enum not-cleared { + description + "Filter not-cleared alarms."; + } + } + mandatory true; + description + "The clearance status of the alarm."; + } + container older-than { + presence "Age specification"; + description + "Matches the 'last-status-change' leaf in the alarm."; + choice age-spec { + description + "Filter using date and time age."; + case seconds { + leaf seconds { + type uint16; + description + "Age expressed in seconds."; + } + } + case minutes { + leaf minutes { + type uint16; + description + "Age expressed in minutes."; + } + } + case hours { + leaf hours { + type uint16; + description + "Age expressed in hours."; + } + } + case days { + leaf days { + type uint16; + description + "Age expressed in days."; + } + } + case weeks { + leaf weeks { + type uint16; + description + "Age expressed in weeks."; + } + } + } + } + container severity { + presence "Severity filter"; + choice sev-spec { + description + "Filter based on severity level."; + leaf below { + type severity; + description + "Severity less than this leaf."; + } + leaf is { + type severity; + description + "Severity level equal to this leaf."; + } + leaf above { + type severity; + description + "Severity level higher than this leaf."; + } + } + description + "Filter based on severity."; + } + container operator-state-filter { + if-feature "operator-actions"; + presence "Operator state filter"; + leaf state { + type operator-state; + description + "Filter on operator state."; + } + leaf user { + type string; + description + "Filter based on which operator."; + } + description + "Filter based on operator state."; + } + } + + /* + * The /alarms data tree + */ + + container alarms { + description + "The top container for this module."; + container control { + description + "Configuration to control the alarm behavior."; + leaf max-alarm-status-changes { + type union { + type uint16; + type enumeration { + enum infinite { + description + "The status-change entries are accumulated + infinitely."; + } + } + } + default "32"; + description + "The 'status-change' entries are kept in a circular list + per alarm. When this number is exceeded, the oldest + status change entry is automatically removed. If the + value is 'infinite', the status-change entries are + accumulated infinitely."; + } + leaf notify-status-changes { + type enumeration { + enum all-state-changes { + description + "Send notifications for all status changes."; + } + enum raise-and-clear { + description + "Send notifications only for raise, clear, and + re-raise. Notifications for severity-level changes or + alarm-text changes are not sent."; + } + enum severity-level { + description + "Only send notifications for alarm-state changes + crossing the level specified in + 'notify-severity-level'. Always send clear + notifications."; + } + } + must '. != "severity-level" or ../notify-severity-level' { + description + "When notify-status-changes is 'severity-level', a value + must be given for 'notify-severity-level'."; + } + default "all-state-changes"; + description + "This leaf controls the notifications sent for alarm status + updates. There are three options: + + 1. Notifications are sent for all updates, severity-level + changes, and alarm-text changes. + + 2. Notifications are only sent for alarm raise and clear. + + 3. Notifications are sent for status changes equal to or + above the specified severity level. Clear + notifications shall always be sent. Notifications + shall also be sent for state changes that make an + alarm less severe than the specified level. + + For example, in option 3, assume that the severity level + is set to major and that the alarm has the following state + changes: + + [(Time, severity, clear)]: + [(T1, major, -), (T2, minor, -), (T3, warning, -), + (T4, minor, -), (T5, major, -), (T6, critical, -), + (T7, major. -), (T8, major, clear)] + + In that case, notifications will be sent at times + T1, T2, T5, T6, T7, and T8."; + } + leaf notify-severity-level { + when '../notify-status-changes = "severity-level"'; + type severity; + description + "Only send notifications for alarm-state changes crossing + the specified level. Always send clear notifications."; + } + container alarm-shelving { + if-feature "alarm-shelving"; + description + "The 'alarm-shelving/shelf' list is used to shelve + (block/filter) alarms. The conditions in the shelf + criteria are logically ANDed. The first matching shelf is + used, and an alarm is shelved only for this first match. + Matching alarms MUST appear in the + /alarms/shelved-alarms/shelved-alarm list, and + non-matching /alarms MUST appear in the + /alarms/alarm-list/alarm list. The server does not send + any notifications for shelved alarms. + + The server MUST maintain states (e.g., severity + changes) for the shelved alarms. + + Alarms that match the criteria shall have an + operator state 'shelved'. When the shelf + configuration removes an alarm from the shelf, the server + shall add the operator state 'un-shelved'."; + list shelf { + key "name"; + ordered-by user; + leaf name { + type string; + description + "An arbitrary name for the alarm shelf."; + } + description + "Each entry defines the criteria for shelving alarms. + Criteria are ANDed. If no criteria are specified, + all alarms will be shelved."; + leaf-list resource { + type resource-match; + description + "Shelve alarms for matching resources."; + } + list alarm-type { + key "alarm-type-id alarm-type-qualifier-match"; + description + "Any alarm matching the combined criteria of + 'alarm-type-id' and 'alarm-type-qualifier-match' + MUST be matched."; + leaf alarm-type-id { + type alarm-type-id; + description + "Shelve all alarms that have an 'alarm-type-id' that + is equal to or derived from the given + 'alarm-type-id'."; + } + leaf alarm-type-qualifier-match { + type string; + description + "An XML Schema regular expression that is used to + match an alarm type qualifier. Shelve all alarms + that match this regular expression for the alarm + type qualifier."; + reference + "XML Schema Part 2: Datatypes Second Edition, + World Wide Web Consortium Recommendation + REC-xmlschema-2-20041028"; + } + } + leaf description { + type string; + description + "An optional textual description of the shelf. This + description should include the reason for shelving + these alarms."; + } + } + } + } + container alarm-inventory { + config false; + description + "The 'alarm-inventory/alarm-type' list contains all possible + alarm types for the system. + + If the system knows for which resources a specific alarm + type can appear, it is also identified in the inventory. + The list also tells if each alarm type has a corresponding + clear state. The inventory shall only contain concrete + alarm types. + + The alarm inventory MUST be updated by the system when new + alarms can appear. This can be the case when installing new + software modules or inserting new card types. A + notification 'alarm-inventory-changed' is sent when the + inventory is changed."; + list alarm-type { + key "alarm-type-id alarm-type-qualifier"; + description + "An entry in this list defines a possible alarm."; + leaf alarm-type-id { + type alarm-type-id; + description + "The statically defined alarm type identifier for this + possible alarm."; + } + leaf alarm-type-qualifier { + type alarm-type-qualifier; + description + "The optionally dynamically defined alarm type identifier + for this possible alarm."; + } + leaf-list resource { + type resource-match; + description + "Optionally, specifies for which resources the alarm type + is valid."; + } + leaf will-clear { + type boolean; + mandatory true; + description + "This leaf tells the operator if the alarm will be + cleared when the correct corrective action has been + taken. Implementations SHOULD strive for detecting the + cleared state for all alarm types. + + If this leaf is 'true', the operator can monitor the + alarm until it becomes cleared after the corrective + action has been taken. + + If this leaf is 'false', the operator needs to validate + that the alarm is no longer active using other + mechanisms. Alarms can lack a corresponding clear due + to missing instrumentation or no logical + corresponding clear state."; + } + leaf-list severity-level { + type severity; + description + "This leaf-list indicates the possible severity levels of + this alarm type. Note well that 'clear' is not part of + the severity type. In general, the severity level + should be defined by the instrumentation based on the + dynamic state, rather than being defined statically by + the alarm type, in order to provide a relevant severity + level based on dynamic state and context. However, most + alarm types have a defined set of possible severity + levels, and this should be provided here."; + } + leaf description { + type string; + mandatory true; + description + "A description of the possible alarm. It SHOULD include + information on possible underlying root causes and + corrective actions."; + } + } + } + container summary { + if-feature "alarm-summary"; + config false; + description + "This container gives a summary of the number of alarms."; + list alarm-summary { + key "severity"; + description + "A global summary of all alarms in the system. The summary + does not include shelved alarms."; + leaf severity { + type severity; + description + "Alarm summary for this severity level."; + } + leaf total { + type yang:gauge32; + description + "Total number of alarms of this severity level."; + } + leaf not-cleared { + type yang:gauge32; + description + "Total number of alarms of this severity level + that are not cleared."; + } + leaf cleared { + type yang:gauge32; + description + "For this severity level, the number of alarms that are + cleared."; + } + leaf cleared-not-closed { + if-feature "operator-actions"; + type yang:gauge32; + description + "For this severity level, the number of alarms that are + cleared but not closed."; + } + leaf cleared-closed { + if-feature "operator-actions"; + type yang:gauge32; + description + "For this severity level, the number of alarms that are + cleared and closed."; + } + leaf not-cleared-closed { + if-feature "operator-actions"; + type yang:gauge32; + description + "For this severity level, the number of alarms that are + not cleared but closed."; + } + leaf not-cleared-not-closed { + if-feature "operator-actions"; + type yang:gauge32; + description + "For this severity level, the number of alarms that are + not cleared and not closed."; + } + } + leaf shelves-active { + if-feature "alarm-shelving"; + type empty; + description + "This is a hint to the operator that there are active + alarm shelves. This leaf MUST exist if the + /alarms/shelved-alarms/number-of-shelved-alarms is > 0."; + } + } + container alarm-list { + config false; + description + "The alarms in the system."; + leaf number-of-alarms { + type yang:gauge32; + description + "This object shows the total number of + alarms in the system, i.e., the total number + of entries in the alarm list."; + } + leaf last-changed { + type yang:date-and-time; + description + "A timestamp when the alarm list was last + changed. The value can be used by a manager to + initiate an alarm resynchronization procedure."; + } + list alarm { + key "resource alarm-type-id alarm-type-qualifier"; + description + "The list of alarms. Each entry in the list holds one + alarm for a given alarm type and resource. An alarm can + be updated from the underlying resource or by the user. + The following leafs are maintained by the resource: + 'is-cleared', 'last-change', 'perceived-severity', and + 'alarm-text'. An operator can change 'operator-state' and + 'operator-text'. + + Entries appear in the alarm list the first time an alarm + becomes active for a given alarm type and resource. + Entries do not get deleted when the alarm is cleared. + Clear status is represented as a boolean flag. + + Alarm entries are removed, i.e., purged, from the list by + an explicit purge action. For example, purge all alarms + that are cleared and in closed operator state that are + older than 24 hours. Purged alarms are removed from the + alarm list. If the alarm resource state changes after a + purge, the alarm will reappear in the alarm list. + + Systems may also remove alarms based on locally configured + policies; this is out of scope for this module."; + uses common-alarm-parameters; + leaf time-created { + type yang:date-and-time; + mandatory true; + description + "The timestamp when this alarm entry was created. This + represents the first time the alarm appeared; it can + also represent that the alarm reappeared after a purge. + Further state changes of the same alarm do not change + this leaf; these changes will update the 'last-changed' + leaf."; + } + uses resource-alarm-parameters; + list operator-state-change { + if-feature "operator-actions"; + key "time"; + description + "This list is used by operators to indicate the state of + human intervention on an alarm. For example, if an + operator has seen an alarm, the operator can add a new + item to this list indicating that the alarm is + acknowledged."; + uses operator-parameters; + } + action set-operator-state { + if-feature "operator-actions"; + description + "This is a means for the operator to indicate the level + of human intervention on an alarm."; + input { + leaf state { + type writable-operator-state; + mandatory true; + description + "Set this operator state."; + } + leaf text { + type string; + description + "Additional optional textual information."; + } + } + } + notification operator-action { + if-feature "operator-actions"; + description + "This notification is used to report that an operator + acted upon an alarm."; + uses operator-parameters; + } + } + action purge-alarms { + description + "This operation requests that the server delete entries + from the alarm list according to the supplied criteria. + + Typically, this operation is used to delete alarms that + are in closed operator state and older than a specified + time. + + The number of purged alarms is returned as an output + parameter."; + input { + uses filter-input; + } + output { + leaf purged-alarms { + type uint32; + description + "Number of purged alarms."; + } + } + } + action compress-alarms { + if-feature "alarm-history"; + description + "This operation requests that the server compress + entries in the alarm list by removing all but the + latest 'status-change' entry for all matching alarms. + Conditions in the input are logically ANDed. If no + input condition is given, all alarms are compressed."; + input { + leaf resource { + type resource-match; + description + "Compress the alarms matching this resource."; + } + leaf alarm-type-id { + type leafref { + path "/alarms/alarm-list/alarm/alarm-type-id"; + require-instance false; + } + description + "Compress alarms with this 'alarm-type-id'."; + } + leaf alarm-type-qualifier { + type leafref { + path "/alarms/alarm-list/alarm/alarm-type-qualifier"; + require-instance false; + } + description + "Compress the alarms with this + 'alarm-type-qualifier'."; + } + } + output { + leaf compressed-alarms { + type uint32; + description + "Number of compressed alarm entries."; + } + } + } + } + container shelved-alarms { + if-feature "alarm-shelving"; + config false; + description + "The shelved alarms. Alarms appear here if they match the + criteria in /alarms/control/alarm-shelving. This list does + not generate any notifications. The list represents alarms + that are considered not relevant by the operator. Alarms in + this list have an 'operator-state' of 'shelved'. This + cannot be changed."; + leaf number-of-shelved-alarms { + type yang:gauge32; + description + "This object shows the total number of current + alarms, i.e., the total number of entries + in the alarm list."; + } + leaf shelved-alarms-last-changed { + type yang:date-and-time; + description + "A timestamp when the shelved-alarm list was last changed. + The value can be used by a manager to initiate an alarm + resynchronization procedure."; + } + list shelved-alarm { + key "resource alarm-type-id alarm-type-qualifier"; + description + "The list of shelved alarms. Shelved alarms can only be + updated from the underlying resource; no operator actions + are supported."; + uses common-alarm-parameters; + leaf shelf-name { + type leafref { + path "/alarms/control/alarm-shelving/shelf/name"; + require-instance false; + } + description + "The name of the shelf."; + } + uses resource-alarm-parameters; + list operator-state-change { + if-feature "operator-actions"; + key "time"; + description + "This list is used by operators to indicate the state of + human intervention on an alarm. For shelved alarms, the + system has set the list item in the list to 'shelved'."; + uses operator-parameters; + } + } + action purge-shelved-alarms { + description + "This operation requests that the server delete entries from + the shelved-alarm list according to the supplied criteria. + In the shelved-alarm list, it makes sense to delete alarms + that are not relevant anymore. + + The number of purged alarms is returned as an output + parameter."; + input { + uses filter-input; + } + output { + leaf purged-alarms { + type uint32; + description + "Number of purged alarms."; + } + } + } + action compress-shelved-alarms { + if-feature "alarm-history"; + description + "This operation requests that the server compress entries + in the shelved-alarm list by removing all but the latest + 'status-change' entry for all matching shelved alarms. + Conditions in the input are logically ANDed. If no input + condition is given, all alarms are compressed."; + input { + leaf resource { + type leafref { + path "/alarms/shelved-alarms/shelved-alarm/resource"; + require-instance false; + } + description + "Compress the alarms with this resource."; + } + leaf alarm-type-id { + type leafref { + path "/alarms/shelved-alarms/shelved-alarm" + + "/alarm-type-id"; + require-instance false; + } + description + "Compress alarms with this 'alarm-type-id'."; + } + leaf alarm-type-qualifier { + type leafref { + path "/alarms/shelved-alarms/shelved-alarm" + + "/alarm-type-qualifier"; + require-instance false; + } + description + "Compress the alarms with this + 'alarm-type-qualifier'."; + } + } + output { + leaf compressed-alarms { + type uint32; + description + "Number of compressed alarm entries."; + } + } + } + } + list alarm-profile { + if-feature "alarm-profile"; + key "alarm-type-id alarm-type-qualifier-match resource"; + ordered-by user; + description + "This list is used to assign further information or + configuration for each alarm type. This module supports a + mechanism where the client can override the system-default + alarm severity levels. The 'alarm-profile' is also a useful + augmentation point for specific additions to alarm types."; + leaf alarm-type-id { + type alarm-type-id; + description + "The alarm type identifier to match."; + } + leaf alarm-type-qualifier-match { + type string; + description + "An XML Schema regular expression that is used to match the + alarm type qualifier."; + reference + "XML Schema Part 2: Datatypes Second Edition, + World Wide Web Consortium Recommendation + REC-xmlschema-2-20041028"; + } + leaf resource { + type resource-match; + description + "Specifies which resources to match."; + } + leaf description { + type string; + mandatory true; + description + "A description of the alarm profile."; + } + container alarm-severity-assignment-profile { + if-feature "severity-assignment"; + description + "The client can override the system-default severity + level."; + reference + "ITU-T Recommendation M.3100: + Generic network information model + ITU-T Recommendation M.3160: + Generic, protocol-neutral management information model"; + leaf-list severity-level { + type severity; + ordered-by user; + description + "Specifies the configured severity level(s) for the + matching alarm. If the alarm has several severity + levels, the leaf-list shall be given in rising severity + order. The original M3100/M3160 ASAP function only + allows for a one-to-one mapping between alarm type and + severity, but since YANG module supports stateful + alarms, the mapping must allow for several severity + levels. + + Assume a high-utilization alarm type with two thresholds + with the system-default severity levels of threshold1 = + warning and threshold2 = minor. Setting this leaf-list + to (minor, major) will assign the severity levels as + threshold1 = minor and threshold2 = major"; + } + } + } + } + + /* + * Notifications + */ + + notification alarm-notification { + description + "This notification is used to report a state change for an + alarm. The same notification is used for reporting a newly + raised alarm, a cleared alarm, or changing the text and/or + severity of an existing alarm."; + uses common-alarm-parameters; + uses alarm-state-change-parameters; + } + + notification alarm-inventory-changed { + description + "This notification is used to report that the list of possible + alarms has changed. This can happen when, for example, a new + software module is installed or a new physical card is + inserted."; + } +} diff --git a/sdnr/wt/common-yang/onap/pom.xml b/sdnr/wt/common-yang/onap/pom.xml new file mode 100755 index 000000000..4c2c9d89d --- /dev/null +++ b/sdnr/wt/common-yang/onap/pom.xml @@ -0,0 +1,48 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + onap-system + 1.1.0-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + + org.onap.ccsdk.features.sdnr.wt + rfc7317-ietf-system + 1.1.0-SNAPSHOT + + + diff --git a/sdnr/wt/common-yang/onap/src/main/yang/onap-system.yang b/sdnr/wt/common-yang/onap/src/main/yang/onap-system.yang new file mode 100644 index 000000000..3e194298e --- /dev/null +++ b/sdnr/wt/common-yang/onap/src/main/yang/onap-system.yang @@ -0,0 +1,59 @@ +module onap-system { + yang-version 1.1; + namespace "urn:onap:system"; + prefix os; + + import ietf-inet-types { + prefix inet; + } + import ietf-system { + prefix sys; + } + + organization + "ONAP - Open Network Automation Platform"; + contact + "Web: + Editors: + Alex Stancu + Adrian Lita + Martin Skorupski "; + description + "This module augments ietf-system with ONAP details. + + Copyright 2020 the O-RAN Alliance. + + Licensed under the Apache License, Version 2.0 (the 'License'); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an 'AS IS' BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License."; + + revision 2020-10-26 { + description + "Initial revision for the ietf-system augmentation for ONAP."; + reference + "https://jira.onap.org/browse/SDNC-1396"; + } + + augment "/sys:system" { + leaf name { + type string; + description + "The name of the system."; + } + leaf web-ui { + type inet:uri; + description + "The URI of the system Web UI."; + } + description + "Enhancing the system information."; + } +} diff --git a/sdnr/wt/common-yang/pom.xml b/sdnr/wt/common-yang/pom.xml new file mode 100755 index 000000000..5c86f498d --- /dev/null +++ b/sdnr/wt/common-yang/pom.xml @@ -0,0 +1,49 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + odlparent-lite + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + common-yang + 1.1.0-SNAPSHOT + pom + + ccsdk-features :: ${project.artifactId} + + + onap + iana-crypt-hash + rfc8341 + rfc7317-ietf-system + ietf-alarms + + + diff --git a/sdnr/wt/common-yang/rfc7317-ietf-system/pom.xml b/sdnr/wt/common-yang/rfc7317-ietf-system/pom.xml new file mode 100755 index 000000000..6d9dc6a3d --- /dev/null +++ b/sdnr/wt/common-yang/rfc7317-ietf-system/pom.xml @@ -0,0 +1,59 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + rfc7317-ietf-system + 1.1.0-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + + org.onap.ccsdk.features.sdnr.wt + rfc8341 + ${project.version} + + + org.onap.ccsdk.features.sdnr.wt + iana-crypt-hash + ${project.version} + + + org.opendaylight.mdsal.binding.model.ietf + rfc6991-ietf-inet-types + + + diff --git a/sdnr/wt/common-yang/rfc7317-ietf-system/src/main/yang/ietf-system@2014-08-06.yang b/sdnr/wt/common-yang/rfc7317-ietf-system/src/main/yang/ietf-system@2014-08-06.yang new file mode 100644 index 000000000..1618242bc --- /dev/null +++ b/sdnr/wt/common-yang/rfc7317-ietf-system/src/main/yang/ietf-system@2014-08-06.yang @@ -0,0 +1,800 @@ +module ietf-system { + namespace "urn:ietf:params:xml:ns:yang:ietf-system"; + prefix "sys"; + + import ietf-yang-types { + prefix yang; + } + + import ietf-inet-types { + prefix inet; + } + + import ietf-netconf-acm { + prefix nacm; + } + + import iana-crypt-hash { + prefix ianach; + } + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: + WG List: + + WG Chair: Thomas Nadeau + + + WG Chair: Juergen Schoenwaelder + + + Editor: Andy Bierman + + + Editor: Martin Bjorklund + "; + + description + "This module contains a collection of YANG definitions for the + configuration and identification of some common system + properties within a device containing a NETCONF server. This + includes data node definitions for system identification, + time-of-day management, user management, DNS resolver + configuration, and some protocol operations for system + management. + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 7317; see + the RFC itself for full legal notices."; + + revision 2014-08-06 { + description + "Initial revision."; + reference + "RFC 7317: A YANG Data Model for System Management"; + } + + /* + * Typedefs + */ + + typedef timezone-name { + type string; + description + "A time zone name as used by the Time Zone Database, + sometimes referred to as the 'Olson Database'. + + The exact set of valid values is an implementation-specific + matter. Client discovery of the exact set of time zone names + for a particular server is out of scope."; + reference + "RFC 6557: Procedures for Maintaining the Time Zone Database"; + } + + /* + * Features + */ + + feature radius { + description + "Indicates that the device can be configured as a RADIUS + client."; + reference + "RFC 2865: Remote Authentication Dial In User Service (RADIUS)"; + } + + feature authentication { + description + "Indicates that the device supports configuration of + user authentication."; + } + + feature local-users { + if-feature authentication; + description + "Indicates that the device supports configuration of + local user authentication."; + } + + feature radius-authentication { + if-feature radius; + if-feature authentication; + description + "Indicates that the device supports configuration of user + authentication over RADIUS."; + reference + "RFC 2865: Remote Authentication Dial In User Service (RADIUS) + RFC 5607: Remote Authentication Dial-In User Service (RADIUS) + Authorization for Network Access Server (NAS) + Management"; + } + + feature ntp { + description + "Indicates that the device can be configured to use one or + more NTP servers to set the system date and time."; + } + + feature ntp-udp-port { + if-feature ntp; + description + "Indicates that the device supports the configuration of + the UDP port for NTP servers. + + This is a 'feature', since many implementations do not support + any port other than the default port."; + } + + feature timezone-name { + description + "Indicates that the local time zone on the device + can be configured to use the TZ database + to set the time zone and manage daylight saving time."; + reference + "RFC 6557: Procedures for Maintaining the Time Zone Database"; + } + + feature dns-udp-tcp-port { + description + "Indicates that the device supports the configuration of + the UDP and TCP port for DNS servers. + + This is a 'feature', since many implementations do not support + any port other than the default port."; + } + + /* + * Identities + */ + + identity authentication-method { + description + "Base identity for user authentication methods."; + } + + identity radius { + base authentication-method; + description + "Indicates user authentication using RADIUS."; + reference + "RFC 2865: Remote Authentication Dial In User Service (RADIUS) + RFC 5607: Remote Authentication Dial-In User Service (RADIUS) + Authorization for Network Access Server (NAS) + Management"; + } + + identity local-users { + base authentication-method; + description + "Indicates password-based authentication of locally + configured users."; + } + + identity radius-authentication-type { + description + "Base identity for RADIUS authentication types."; + } + + identity radius-pap { + base radius-authentication-type; + description + "The device requests Password Authentication Protocol (PAP) + authentication from the RADIUS server."; + reference + "RFC 2865: Remote Authentication Dial In User Service (RADIUS)"; + } + + identity radius-chap { + base radius-authentication-type; + description + "The device requests Challenge Handshake Authentication + Protocol (CHAP) authentication from the RADIUS server."; + reference + "RFC 2865: Remote Authentication Dial In User Service (RADIUS)"; + } + + /* + * Configuration data nodes + */ + + container system { + description + "System group configuration."; + + leaf contact { + type string; + description + "The administrator contact information for the system. + + A server implementation MAY map this leaf to the sysContact + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and sysContact. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 3418: Management Information Base (MIB) for the + Simple Network Management Protocol (SNMP) + SNMPv2-MIB.sysContact"; + } + leaf hostname { + type inet:domain-name; + description + "The name of the host. This name can be a single domain + label or the fully qualified domain name of the host."; + } + leaf location { + type string; + description + "The system location. + + A server implementation MAY map this leaf to the sysLocation + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and sysLocation. The definition + of such a mechanism is outside the scope of this document."; + reference + "RFC 3418: Management Information Base (MIB) for the + Simple Network Management Protocol (SNMP) + SNMPv2-MIB.sysLocation"; + } + + container clock { + description + "Configuration of the system date and time properties."; + + choice timezone { + description + "The system time zone information."; + + case timezone-name { + if-feature timezone-name; + leaf timezone-name { + type timezone-name; + description + "The TZ database name to use for the system, such + as 'Europe/Stockholm'."; + } + } + case timezone-utc-offset { + leaf timezone-utc-offset { + type int16 { + range "-1500 .. 1500"; + } + units "minutes"; + description + "The number of minutes to add to UTC time to + identify the time zone for this system. For example, + 'UTC - 8:00 hours' would be represented as '-480'. + Note that automatic daylight saving time adjustment + is not provided if this object is used."; + } + } + } + } + + container ntp { + if-feature ntp; + presence + "Enables the NTP client unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Configuration of the NTP client."; + + leaf enabled { + type boolean; + default true; + description + "Indicates that the system should attempt to + synchronize the system clock with an NTP server + from the 'ntp/server' list."; + } + list server { + key name; + description + "List of NTP servers to use for system clock + synchronization. If '/system/ntp/enabled' + is 'true', then the system will attempt to + contact and utilize the specified NTP servers."; + + leaf name { + type string; + description + "An arbitrary name for the NTP server."; + } + choice transport { + mandatory true; + description + "The transport-protocol-specific parameters for this + server."; + + case udp { + container udp { + description + "Contains UDP-specific configuration parameters + for NTP."; + leaf address { + type inet:host; + mandatory true; + description + "The address of the NTP server."; + } + leaf port { + if-feature ntp-udp-port; + type inet:port-number; + default 123; + description + "The port number of the NTP server."; + } + } + } + } + leaf association-type { + type enumeration { + enum server { + description + "Use client association mode. This device + will not provide synchronization to the + configured NTP server."; + } + enum peer { + description + "Use symmetric active association mode. + This device may provide synchronization + to the configured NTP server."; + } + enum pool { + description + "Use client association mode with one or + more of the NTP servers found by DNS + resolution of the domain name given by + the 'address' leaf. This device will not + provide synchronization to the servers."; + } + } + default server; + description + "The desired association type for this NTP server."; + } + leaf iburst { + type boolean; + default false; + description + "Indicates whether this server should enable burst + synchronization or not."; + } + leaf prefer { + type boolean; + default false; + description + "Indicates whether this server should be preferred + or not."; + } + } + } + + container dns-resolver { + description + "Configuration of the DNS resolver."; + + leaf-list search { + type inet:domain-name; + ordered-by user; + description + "An ordered list of domains to search when resolving + a host name."; + } + list server { + key name; + ordered-by user; + description + "List of the DNS servers that the resolver should query. + + When the resolver is invoked by a calling application, it + sends the query to the first name server in this list. If + no response has been received within 'timeout' seconds, + the resolver continues with the next server in the list. + If no response is received from any server, the resolver + continues with the first server again. When the resolver + has traversed the list 'attempts' times without receiving + any response, it gives up and returns an error to the + calling application. + + Implementations MAY limit the number of entries in this + list."; + + leaf name { + type string; + description + "An arbitrary name for the DNS server."; + } + choice transport { + mandatory true; + description + "The transport-protocol-specific parameters for this + server."; + + case udp-and-tcp { + container udp-and-tcp { + description + "Contains UDP- and TCP-specific configuration + parameters for DNS."; + reference + "RFC 1035: Domain Names - Implementation and + Specification + RFC 5966: DNS Transport over TCP - Implementation + Requirements"; + + leaf address { + type inet:ip-address; + mandatory true; + description + "The address of the DNS server."; + } + leaf port { + if-feature dns-udp-tcp-port; + type inet:port-number; + default 53; + description + "The UDP and TCP port number of the DNS server."; + } + } + } + } + } + container options { + description + "Resolver options. The set of available options has been + limited to those that are generally available across + different resolver implementations and generally useful."; + leaf timeout { + type uint8 { + range "1..max"; + } + units "seconds"; + default "5"; + description + "The amount of time the resolver will wait for a + response from each remote name server before + retrying the query via a different name server."; + } + leaf attempts { + type uint8 { + range "1..max"; + } + default "2"; + description + "The number of times the resolver will send a query to + all of its name servers before giving up and returning + an error to the calling application."; + } + } + } + + container radius { + if-feature radius; + + description + "Configuration of the RADIUS client."; + + list server { + key name; + ordered-by user; + description + "List of RADIUS servers used by the device. + + When the RADIUS client is invoked by a calling + application, it sends the query to the first server in + this list. If no response has been received within + 'timeout' seconds, the client continues with the next + server in the list. If no response is received from any + server, the client continues with the first server again. + When the client has traversed the list 'attempts' times + without receiving any response, it gives up and returns an + error to the calling application."; + + leaf name { + type string; + description + "An arbitrary name for the RADIUS server."; + } + choice transport { + mandatory true; + description + "The transport-protocol-specific parameters for this + server."; + + case udp { + container udp { + description + "Contains UDP-specific configuration parameters + for RADIUS."; + leaf address { + type inet:host; + mandatory true; + description + "The address of the RADIUS server."; + } + + leaf authentication-port { + type inet:port-number; + default "1812"; + description + "The port number of the RADIUS server."; + } + leaf shared-secret { + type string; + mandatory true; + nacm:default-deny-all; + description + "The shared secret, which is known to both the + RADIUS client and server."; + reference + "RFC 2865: Remote Authentication Dial In User + Service (RADIUS)"; + } + } + } + } + leaf authentication-type { + type identityref { + base radius-authentication-type; + } + default radius-pap; + description + "The authentication type requested from the RADIUS + server."; + } + } + container options { + description + "RADIUS client options."; + + leaf timeout { + type uint8 { + range "1..max"; + } + units "seconds"; + default "5"; + description + "The number of seconds the device will wait for a + response from each RADIUS server before trying with a + different server."; + } + + leaf attempts { + type uint8 { + range "1..max"; + } + default "2"; + description + "The number of times the device will send a query to + all of its RADIUS servers before giving up."; + } + } + } + + container authentication { + nacm:default-deny-write; + if-feature authentication; + + description + "The authentication configuration subtree."; + + leaf-list user-authentication-order { + type identityref { + base authentication-method; + } + must '(. != "sys:radius" or ../../radius/server)' { + error-message + "When 'radius' is used, a RADIUS server" + + " must be configured."; + description + "When 'radius' is used as an authentication method, + a RADIUS server must be configured."; + } + ordered-by user; + + description + "When the device authenticates a user with a password, + it tries the authentication methods in this leaf-list in + order. If authentication with one method fails, the next + method is used. If no method succeeds, the user is + denied access. + + An empty user-authentication-order leaf-list still allows + authentication of users using mechanisms that do not + involve a password. + + If the 'radius-authentication' feature is advertised by + the NETCONF server, the 'radius' identity can be added to + this list. + + If the 'local-users' feature is advertised by the + NETCONF server, the 'local-users' identity can be + added to this list."; + } + + list user { + if-feature local-users; + key name; + description + "The list of local users configured on this device."; + + leaf name { + type string; + description + "The user name string identifying this entry."; + } + leaf password { + type ianach:crypt-hash; + description + "The password for this entry."; + } + list authorized-key { + key name; + description + "A list of public SSH keys for this user. These keys + are allowed for SSH authentication, as described in + RFC 4253."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + + leaf name { + type string; + description + "An arbitrary name for the SSH key."; + } + + leaf algorithm { + type string; + mandatory true; + description + "The public key algorithm name for this SSH key. + + Valid values are the values in the IANA 'Secure Shell + (SSH) Protocol Parameters' registry, Public Key + Algorithm Names."; + reference + "IANA 'Secure Shell (SSH) Protocol Parameters' + registry, Public Key Algorithm Names"; + } + leaf key-data { + type binary; + mandatory true; + description + "The binary public key data for this SSH key, as + specified by RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + } + } + } + } + } + + /* + * Operational state data nodes + */ + + container system-state { + config false; + description + "System group operational state."; + + container platform { + description + "Contains vendor-specific information for + identifying the system platform and operating system."; + reference + "IEEE Std 1003.1-2008 - sys/utsname.h"; + + leaf os-name { + type string; + description + "The name of the operating system in use - + for example, 'Linux'."; + reference + "IEEE Std 1003.1-2008 - utsname.sysname"; + } + leaf os-release { + type string; + description + "The current release level of the operating + system in use. This string MAY indicate + the OS source code revision."; + reference + "IEEE Std 1003.1-2008 - utsname.release"; + } + leaf os-version { + type string; + description + "The current version level of the operating + system in use. This string MAY indicate + the specific OS build date and target variant + information."; + reference + "IEEE Std 1003.1-2008 - utsname.version"; + } + leaf machine { + type string; + description + "A vendor-specific identifier string representing + the hardware in use."; + reference + "IEEE Std 1003.1-2008 - utsname.machine"; + } + } + + container clock { + description + "Monitoring of the system date and time properties."; + + leaf current-datetime { + type yang:date-and-time; + description + "The current system date and time."; + } + + leaf boot-datetime { + type yang:date-and-time; + description + "The system date and time when the system last restarted."; + } + } + } + + rpc set-current-datetime { + nacm:default-deny-all; + description + "Set the /system-state/clock/current-datetime leaf + to the specified value. + + If the system is using NTP (i.e., /system/ntp/enabled + is set to 'true'), then this operation will fail with + error-tag 'operation-failed' and error-app-tag value of + 'ntp-active'."; + input { + leaf current-datetime { + type yang:date-and-time; + mandatory true; + description + "The current system date and time."; + } + } + } + + rpc system-restart { + nacm:default-deny-all; + description + "Request that the entire system be restarted immediately. + A server SHOULD send an rpc reply to the client before + restarting the system."; + } + + rpc system-shutdown { + nacm:default-deny-all; + description + "Request that the entire system be shut down immediately. + A server SHOULD send an rpc reply to the client before + shutting down the system."; + } + +} diff --git a/sdnr/wt/common-yang/rfc8341/pom.xml b/sdnr/wt/common-yang/rfc8341/pom.xml new file mode 100755 index 000000000..696f57f3f --- /dev/null +++ b/sdnr/wt/common-yang/rfc8341/pom.xml @@ -0,0 +1,47 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.1.0-SNAPSHOT + + + + org.onap.ccsdk.features.sdnr.wt + rfc8341 + 1.1.0-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + + org.opendaylight.mdsal.binding.model.ietf + rfc6991-ietf-yang-types + + + diff --git a/sdnr/wt/common-yang/rfc8341/src/main/yang/ietf-netconf-acm.yang b/sdnr/wt/common-yang/rfc8341/src/main/yang/ietf-netconf-acm.yang new file mode 100644 index 000000000..bf4855faf --- /dev/null +++ b/sdnr/wt/common-yang/rfc8341/src/main/yang/ietf-netconf-acm.yang @@ -0,0 +1,464 @@ +module ietf-netconf-acm { + + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm"; + + prefix nacm; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + "; + + description + "Network Configuration Access Control Model. + + Copyright (c) 2012 - 2018 IETF Trust and the persons + identified as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8341; see + the RFC itself for full legal notices."; + + revision "2018-02-14" { + description + "Added support for YANG 1.1 actions and notifications tied to + data nodes. Clarified how NACM extensions can be used by + other data models."; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + revision "2012-02-22" { + description + "Initial version."; + reference + "RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model"; + } + + /* + * Extension statements + */ + + extension default-deny-write { + description + "Used to indicate that the data model node + represents a sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have write access to the node. An + explicit access control rule is required for all other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-write' extension MAY appear within a data + definition statement. It is ignored otherwise."; + } + + extension default-deny-all { + description + "Used to indicate that the data model node + controls a very sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have read, write, or execute access to + the node. An explicit access control rule is required for all + other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-all' extension MAY appear within a data + definition statement, 'rpc' statement, or 'notification' + statement. It is ignored otherwise."; + } + + /* + * Derived types + */ + + typedef user-name-type { + type string { + length "1..max"; + } + description + "General-purpose username string."; + } + + typedef matchall-string-type { + type string { + pattern '\*'; + } + description + "The string containing a single asterisk '*' is used + to conceptually represent all possible values + for the particular leaf using this data type."; + } + + typedef access-operations-type { + type bits { + bit create { + description + "Any protocol operation that creates a + new data node."; + } + bit read { + description + "Any protocol operation or notification that + returns the value of a data node."; + } + bit update { + description + "Any protocol operation that alters an existing + data node."; + } + bit delete { + description + "Any protocol operation that removes a data node."; + } + bit exec { + description + "Execution access to the specified protocol operation."; + } + } + description + "Access operation."; + } + + typedef group-name-type { + type string { + length "1..max"; + pattern '[^\*].*'; + } + description + "Name of administrative group to which + users can be assigned."; + } + + typedef action-type { + type enumeration { + enum permit { + description + "Requested action is permitted."; + } + enum deny { + description + "Requested action is denied."; + } + } + description + "Action taken by the server when a particular + rule matches."; + } + + typedef node-instance-identifier { + type yang:xpath1.0; + description + "Path expression used to represent a special + data node, action, or notification instance-identifier + string. + + A node-instance-identifier value is an + unrestricted YANG instance-identifier expression. + All the same rules as an instance-identifier apply, + except that predicates for keys are optional. If a key + predicate is missing, then the node-instance-identifier + represents all possible server instances for that key. + + This XML Path Language (XPath) expression is evaluated in the + following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the + current session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree. + + The accessible tree includes actions and notifications tied + to data nodes."; + } + + /* + * Data definition statements + */ + + container nacm { + nacm:default-deny-all; + + description + "Parameters for NETCONF access control model."; + + leaf enable-nacm { + type boolean; + default "true"; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; + } + + leaf read-default { + type action-type; + default "permit"; + description + "Controls whether read access is granted if + no appropriate rule is found for a + particular read request."; + } + + leaf write-default { + type action-type; + default "deny"; + description + "Controls whether create, update, or delete access + is granted if no appropriate rule is found for a + particular write request."; + } + + leaf exec-default { + type action-type; + default "permit"; + description + "Controls whether exec access is granted if no appropriate + rule is found for a particular protocol operation request."; + } + + leaf enable-external-groups { + type boolean; + default "true"; + description + "Controls whether the server uses the groups reported by the + NETCONF transport layer when it assigns the user to a set of + NACM groups. If this leaf has the value 'false', any group + names reported by the transport layer are ignored by the + server."; + } + + leaf denied-operations { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request was denied."; + } + + leaf denied-data-writes { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request to alter + a configuration datastore was denied."; + } + + leaf denied-notifications { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that + a notification was dropped for a subscription because + access to the event type was denied."; + } + + container groups { + description + "NETCONF access control groups."; + + list group { + key name; + + description + "One NACM group entry. This list will only contain + configured entries, not any entries learned from + any transport protocols."; + + leaf name { + type group-name-type; + description + "Group name associated with this entry."; + } + + leaf-list user-name { + type user-name-type; + description + "Each entry identifies the username of + a member of the group associated with + this entry."; + } + } + } + + list rule-list { + key name; + ordered-by user; + description + "An ordered collection of access control rules."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule-list."; + } + leaf-list group { + type union { + type matchall-string-type; + type group-name-type; + } + description + "List of administrative groups that will be + assigned the associated access rights + defined by the 'rule' list. + + The string '*' indicates that all groups apply to the + entry."; + } + + list rule { + key name; + ordered-by user; + description + "One access control rule. + + Rules are processed in user-defined order until a match is + found. A rule matches if 'module-name', 'rule-type', and + 'access-operations' match the request. If a rule + matches, the 'action' leaf determines whether or not + access is granted."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule."; + } + + leaf module-name { + type union { + type matchall-string-type; + type string; + } + default "*"; + description + "Name of the module associated with this rule. + + This leaf matches if it has the value '*' or if the + object being accessed is defined in the module with the + specified module name."; + } + choice rule-type { + description + "This choice matches if all leafs present in the rule + match the request. If no leafs are present, the + choice matches all requests."; + case protocol-operation { + leaf rpc-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if + its value equals the requested protocol operation + name."; + } + } + case notification { + leaf notification-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if its + value equals the requested notification name."; + } + } + + case data-node { + leaf path { + type node-instance-identifier; + mandatory true; + description + "Data node instance-identifier associated with the + data node, action, or notification controlled by + this rule. + + Configuration data or state data + instance-identifiers start with a top-level + data node. A complete instance-identifier is + required for this type of path value. + + The special value '/' refers to all possible + datastore contents."; + } + } + } + + leaf access-operations { + type union { + type matchall-string-type; + type access-operations-type; + } + default "*"; + description + "Access operations associated with this rule. + + This leaf matches if it has the value '*' or if the + bit corresponding to the requested operation is set."; + } + + leaf action { + type action-type; + mandatory true; + description + "The access control action associated with the + rule. If a rule has been determined to match a + particular request, then this object is used + to determine whether to permit or deny the + request."; + } + + leaf comment { + type string; + description + "A textual description of the access rule."; + } + } + } + } +} -- cgit 1.2.3-korg