openconfig-gnsi-certz

This module provides a data model for the metadata of gRPC credentials installed on a networking device.

  • Version: 2024-02-13

    openconfig-gnsi-certz@2024-02-13


    
      module openconfig-gnsi-certz {
    
        yang-version 1;
    
        namespace
          "https://github.com/openconfig/yang/gnsi/certz";
    
        prefix oc-gnsi-certz;
    
        import openconfig-extensions {
          prefix oc-ext;
        }
        import openconfig-system {
          prefix oc-sys;
        }
        import openconfig-system-grpc {
          prefix oc-sys-grpc;
        }
        import openconfig-types {
          prefix oc-types;
        }
        import openconfig-yang-types {
          prefix oc-yang;
        }
        import openconfig-gnsi {
          prefix oc-gnsi;
        }
    
        organization "OpenConfig Working Group";
    
        contact
          "OpenConfig working group
        netopenconfig@googlegroups.com";
    
        description
          "This module provides a data model for the metadata of gRPC credentials
        installed on a networking device.";
    
        revision "2024-02-13" {
          description
            "Major style updates and move to openconfig/public from openconfig/gnsi.
          Last commit at
          https://github.com/openconfig/gnsi/commit/347935aac66135d5649dadb9583ed0914578aab0";
          reference
            "0.5.0";
    
        }
    
        revision "2023-08-24" {
          description "Adds ssl-profile-id leaf";
          reference
            "0.4.0";
    
        }
    
        revision "2023-05-10" {
          description
            "Adds authentication policy freshness information.";
          reference
            "0.3.0";
    
        }
    
        revision "2022-10-30" {
          description
            "Adds success/failure counters.";
          reference
            "0.2.0";
    
        }
    
        revision "2022-09-20" {
          description "Initial revision.";
          reference
            "0.1.0";
    
        }
    
        oc-ext:openconfig-version "0.5.0";
    
        typedef version {
          type string;
          description
            "The version ID of the credential as provided by the credential
          manager when the credential was pushed. This leaf persists through
          a reboot.";
        }
    
        typedef created-on {
          type oc-types:timeticks64;
          description
            "The creation time of the credential as reported by the credential
          manager when the credential was pushed to the device. This value is
          reported as nanoseconds since epoch (January 1st, 1970 00:00:00 GMT).
          This leaf persists through a reboot.";
        }
    
        grouping grpc-server-certz-counters {
          description
            "A collection of counters that were collected while evaluating
          access to the gRPC server.";
          container certz-counters {
            config false;
            description
              "A collection of counters that were collected by the gRPC during
            the authentication process.";
            leaf access-rejects {
              type oc-yang:counter64;
              description
                "The total number of times a TLS handshake failure has occurred and
              the gRPC server denied access a client.";
            }
    
            leaf last-access-reject {
              type oc-types:timeticks64;
              description
                "A timestamp of the last time the gRPC denied access to
              the server.";
            }
    
            leaf access-accepts {
              type oc-yang:counter64;
              description
                "The total number of times a successful TLS handshake is completed
              and the gPRC server allows access to a client.";
            }
    
            leaf last-access-accept {
              type oc-types:timeticks64;
              description
                "A timestamp of the last time the gRPC allowed access to
              the server.";
            }
          }  // container certz-counters
        }  // grouping grpc-server-certz-counters
    
        grouping grpc-server-credentials-state {
          description
            "gRPC server credentials freshness-related data.";
          leaf certificate-version {
            type version;
            description
              "The version of the certificate (and associated
            private key) that is used by this gRPC server.";
          }
    
          leaf certificate-created-on {
            type created-on;
            description
              "The timestamp of the moment when the certificate
            (and associated private key) that is currently used
            by this gRPC server was created.";
          }
    
          leaf ca-trust-bundle-version {
            type version;
            description
              "The version of the bundle of the Certificate
            Authority certificates a.k.a. trust bundle used by
            this gRPC server.";
          }
    
          leaf ca-trust-bundle-created-on {
            type created-on;
            description
              "The timestamp of the moment when the bundle of
            the Certificate Authority certificates (a.k.a.
                trust bundle) was created.";
          }
    
          leaf certificate-revocation-list-bundle-version {
            type version;
            description
              "The version of the Certificate Revocation List bundle used by
            this gRPC server.";
          }
    
          leaf certificate-revocation-list-bundle-created-on {
            type created-on;
            description
              "The timestamp of the moment when the Certificate Revocation
            List bundle was created.";
          }
    
          leaf authentication-policy-version {
            type version;
            description
              "The version of the authentication policy that is used by
            this gRPC server.";
          }
    
          leaf authentication-policy-created-on {
            type created-on;
            description
              "The timestamp of the moment when the authentication policy
            that is currently used by this gRPC server was created.";
          }
    
          leaf ssl-profile-id {
            type string;
            description
              "The ID of this gRPC server's SSL profile
            as used by the gNSI Certz service";
          }
        }  // grouping grpc-server-credentials-state
    
        augment /oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state {
          when
            "../config[contains(services, 'oc-gnsi:GNSI')]/enable = 'true'";
          description
            "A gRPC server credentials freshness information.";
          uses grpc-server-credentials-state;
        }
    
        augment /oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state {
          when
            "../config[contains(services, 'oc-gnsi:GNSI')]/enable = 'true'";
          description
            "gNSI certz server access counters.";
          uses grpc-server-certz-counters;
        }
      }  // module openconfig-gnsi-certz
    

© 2023 YumaWorks, Inc. All rights reserved.