Adding upstream version 2.1.30.upstream/2.1.30

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 447 insertions, 0 deletions

diff --git a/tools/lint/examples/ietf-netconf-acm-when.yin b/tools/lint/examples/ietf-netconf-acm-when.yin
new file mode 100644
index 0000000..cbff758
--- /dev/null
+++ b/tools/lint/examples/ietf-netconf-acm-when.yin
@@ -0,0 +1,447 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when">
+  <namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/>
+  <prefix value="nacm"/>
+  <import module="ietf-yang-types">
+    <prefix value="yang"/>
+  </import>
+  <organization>
+    <text>IETF NETCONF (Network Configuration) Working Group</text>
+  </organization>
+  <contact>
+    <text>WG Web:   &lt;http://tools.ietf.org/wg/netconf/&gt;
+WG List:  &lt;mailto:netconf@ietf.org&gt;
+
+WG Chair: Mehmet Ersue
+          &lt;mailto:mehmet.ersue@nsn.com&gt;
+
+WG Chair: Bert Wijnen
+          &lt;mailto:bertietf@bwijnen.net&gt;
+
+Editor:   Andy Bierman
+          &lt;mailto:andy@yumaworks.com&gt;
+
+Editor:   Martin Bjorklund
+          &lt;mailto:mbj@tail-f.com&gt;</text>
+  </contact>
+  <description>
+    <text>NETCONF Access Control Model.
+
+Copyright (c) 2012 IETF Trust and the persons identified as
+authors of the code.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, is permitted pursuant to, and subject
+to the license terms contained in, the Simplified BSD
+License set forth in Section 4.c of the IETF Trust's
+Legal Provisions Relating to IETF Documents
+(http://trustee.ietf.org/license-info).
+
+This version of this YANG module is part of RFC 6536; see
+the RFC itself for full legal notices.</text>
+  </description>
+  <revision date="2012-02-22">
+    <description>
+      <text>Initial version</text>
+    </description>
+    <reference>
+      <text>RFC 6536: Network Configuration Protocol (NETCONF)
+          Access Control Model</text>
+    </reference>
+  </revision>
+  <extension name="default-deny-write">
+    <description>
+      <text>Used to indicate that the data model node
+represents a sensitive security system parameter.
+
+If present, and the NACM module is enabled (i.e.,
+/nacm/enable-nacm object equals 'true'), the NETCONF server
+will only allow the designated 'recovery session' to have
+write access to the node.  An explicit access control rule is
+required for all other users.
+
+The 'default-deny-write' extension MAY appear within a data
+definition statement.  It is ignored otherwise.</text>
+    </description>
+  </extension>
+  <extension name="default-deny-all">
+    <description>
+      <text>Used to indicate that the data model node
+controls a very sensitive security system parameter.
+
+If present, and the NACM module is enabled (i.e.,
+/nacm/enable-nacm object equals 'true'), the NETCONF server
+will only allow the designated 'recovery session' to have
+read, write, or execute access to the node.  An explicit
+access control rule is required for all other users.
+
+The 'default-deny-all' extension MAY appear within a data
+definition statement, 'rpc' statement, or 'notification'
+statement.  It is ignored otherwise.</text>
+    </description>
+  </extension>
+  <typedef name="user-name-type">
+    <type name="string">
+      <length value="1..max"/>
+    </type>
+    <description>
+      <text>General Purpose Username string.</text>
+    </description>
+  </typedef>
+  <typedef name="matchall-string-type">
+    <type name="string">
+      <pattern value="\*"/>
+    </type>
+    <description>
+      <text>The string containing a single asterisk '*' is used
+to conceptually represent all possible values
+for the particular leaf using this data type.</text>
+    </description>
+  </typedef>
+  <typedef name="access-operations-type">
+    <type name="bits">
+      <bit name="create">
+        <description>
+          <text>Any protocol operation that creates a
+new data node.</text>
+        </description>
+      </bit>
+      <bit name="read">
+        <description>
+          <text>Any protocol operation or notification that
+returns the value of a data node.</text>
+        </description>
+      </bit>
+      <bit name="update">
+        <description>
+          <text>Any protocol operation that alters an existing
+data node.</text>
+        </description>
+      </bit>
+      <bit name="delete">
+        <description>
+          <text>Any protocol operation that removes a data node.</text>
+        </description>
+      </bit>
+      <bit name="exec">
+        <description>
+          <text>Execution access to the specified protocol operation.</text>
+        </description>
+      </bit>
+    </type>
+    <description>
+      <text>NETCONF Access Operation.</text>
+    </description>
+  </typedef>
+  <typedef name="group-name-type">
+    <type name="string">
+      <length value="1..max"/>
+      <pattern value="[^\*].*"/>
+    </type>
+    <description>
+      <text>Name of administrative group to which
+users can be assigned.</text>
+    </description>
+  </typedef>
+  <typedef name="action-type">
+    <type name="enumeration">
+      <enum name="permit">
+        <description>
+          <text>Requested action is permitted.</text>
+        </description>
+      </enum>
+      <enum name="deny">
+        <description>
+          <text>Requested action is denied.</text>
+        </description>
+      </enum>
+    </type>
+    <description>
+      <text>Action taken by the server when a particular
+rule matches.</text>
+    </description>
+  </typedef>
+  <typedef name="node-instance-identifier">
+    <type name="yang:xpath1.0"/>
+    <description>
+      <text>Path expression used to represent a special
+data node instance identifier string.
+
+A node-instance-identifier value is an
+unrestricted YANG instance-identifier expression.
+All the same rules as an instance-identifier apply
+except predicates for keys are optional.  If a key
+predicate is missing, then the node-instance-identifier
+represents all possible server instances for that key.
+
+This XPath expression is evaluated in the following context:
+
+ o  The set of namespace declarations are those in scope on
+    the leaf element where this type is used.
+
+ o  The set of variable bindings contains one variable,
+    'USER', which contains the name of the user of the current
+     session.
+
+ o  The function library is the core function library, but
+    note that due to the syntax restrictions of an
+    instance-identifier, no functions are allowed.
+
+ o  The context node is the root node in the data tree.</text>
+    </description>
+  </typedef>
+  <container name="nacm">
+    <nacm:default-deny-all/>
+    <description>
+      <text>Parameters for NETCONF Access Control Model.</text>
+    </description>
+    <leaf name="enable-nacm">
+      <type name="boolean"/>
+      <default value="true"/>
+      <description>
+        <text>Enables or disables all NETCONF access control
+enforcement.  If 'true', then enforcement
+is enabled.  If 'false', then enforcement
+is disabled.</text>
+      </description>
+    </leaf>
+    <leaf name="read-default">
+      <type name="action-type"/>
+      <default value="permit"/>
+      <description>
+        <text>Controls whether read access is granted if
+no appropriate rule is found for a
+particular read request.</text>
+      </description>
+    </leaf>
+    <leaf name="write-default">
+      <type name="action-type"/>
+      <default value="deny"/>
+      <description>
+        <text>Controls whether create, update, or delete access
+is granted if no appropriate rule is found for a
+particular write request.</text>
+      </description>
+    </leaf>
+    <leaf name="exec-default">
+      <type name="action-type"/>
+      <default value="permit"/>
+      <description>
+        <text>Controls whether exec access is granted if no appropriate
+rule is found for a particular protocol operation request.</text>
+      </description>
+    </leaf>
+    <leaf name="enable-external-groups">
+      <type name="boolean"/>
+      <default value="true"/>
+      <description>
+        <text>Controls whether the server uses the groups reported by the
+NETCONF transport layer when it assigns the user to a set of
+NACM groups.  If this leaf has the value 'false', any group
+names reported by the transport layer are ignored by the
+server.</text>
+      </description>
+    </leaf>
+    <leaf name="denied-operations">
+      <type name="yang:zero-based-counter32"/>
+      <config value="false"/>
+      <mandatory value="true"/>
+      <description>
+        <text>Number of times since the server last restarted that a
+protocol operation request was denied.</text>
+      </description>
+    </leaf>
+    <leaf name="denied-data-writes">
+      <type name="yang:zero-based-counter32"/>
+      <config value="false"/>
+      <mandatory value="true"/>
+      <when value="../denied-operations > 0"/>
+      <description>
+        <text>Number of times since the server last restarted that a
+protocol operation request to alter
+a configuration datastore was denied.</text>
+      </description>
+    </leaf>
+    <leaf name="denied-notifications">
+      <type name="yang:zero-based-counter32"/>
+      <config value="false"/>
+      <mandatory value="true"/>
+      <description>
+        <text>Number of times since the server last restarted that
+a notification was dropped for a subscription because
+access to the event type was denied.</text>
+      </description>
+    </leaf>
+    <container name="groups">
+      <description>
+        <text>NETCONF Access Control Groups.</text>
+      </description>
+      <list name="group">
+        <key value="name"/>
+        <description>
+          <text>One NACM Group Entry.  This list will only contain
+configured entries, not any entries learned from
+any transport protocols.</text>
+        </description>
+        <leaf name="name">
+          <type name="group-name-type"/>
+          <description>
+            <text>Group name associated with this entry.</text>
+          </description>
+        </leaf>
+        <leaf-list name="user-name">
+          <type name="user-name-type"/>
+          <description>
+            <text>Each entry identifies the username of
+a member of the group associated with
+this entry.</text>
+          </description>
+        </leaf-list>
+      </list>
+    </container>
+    <list name="rule-list">
+      <key value="name"/>
+      <ordered-by value="user"/>
+      <description>
+        <text>An ordered collection of access control rules.</text>
+      </description>
+      <leaf name="name">
+        <type name="string">
+          <length value="1..max"/>
+        </type>
+        <description>
+          <text>Arbitrary name assigned to the rule-list.</text>
+        </description>
+      </leaf>
+      <leaf-list name="group">
+        <type name="union">
+          <type name="matchall-string-type"/>
+          <type name="group-name-type"/>
+        </type>
+        <description>
+          <text>List of administrative groups that will be
+assigned the associated access rights
+defined by the 'rule' list.
+
+The string '*' indicates that all groups apply to the
+entry.</text>
+        </description>
+      </leaf-list>
+      <list name="rule">
+        <key value="name"/>
+        <ordered-by value="user"/>
+        <description>
+          <text>One access control rule.
+
+Rules are processed in user-defined order until a match is
+found.  A rule matches if 'module-name', 'rule-type', and
+'access-operations' match the request.  If a rule
+matches, the 'action' leaf determines if access is granted
+or not.</text>
+        </description>
+        <leaf name="name">
+          <type name="string">
+            <length value="1..max"/>
+          </type>
+          <description>
+            <text>Arbitrary name assigned to the rule.</text>
+          </description>
+        </leaf>
+        <leaf name="module-name">
+          <type name="union">
+            <type name="matchall-string-type"/>
+            <type name="string"/>
+          </type>
+          <default value="*"/>
+          <description>
+            <text>Name of the module associated with this rule.
+
+This leaf matches if it has the value '*' or if the
+object being accessed is defined in the module with the
+specified module name.</text>
+          </description>
+        </leaf>
+        <choice name="rule-type">
+          <description>
+            <text>This choice matches if all leafs present in the rule
+match the request.  If no leafs are present, the
+choice matches all requests.</text>
+          </description>
+          <case name="protocol-operation">
+            <leaf name="rpc-name">
+              <type name="union">
+                <type name="matchall-string-type"/>
+                <type name="string"/>
+              </type>
+              <description>
+                <text>This leaf matches if it has the value '*' or if
+its value equals the requested protocol operation
+name.</text>
+              </description>
+            </leaf>
+          </case>
+          <case name="notification">
+            <leaf name="notification-name">
+              <type name="union">
+                <type name="matchall-string-type"/>
+                <type name="string"/>
+              </type>
+              <description>
+                <text>This leaf matches if it has the value '*' or if its
+value equals the requested notification name.</text>
+              </description>
+            </leaf>
+          </case>
+          <case name="data-node">
+            <leaf name="path">
+              <type name="node-instance-identifier"/>
+              <mandatory value="true"/>
+              <description>
+                <text>Data Node Instance Identifier associated with the
+data node controlled by this rule.
+
+Configuration data or state data instance
+identifiers start with a top-level data node.  A
+complete instance identifier is required for this
+type of path value.
+
+The special value '/' refers to all possible
+datastore contents.</text>
+              </description>
+            </leaf>
+          </case>
+        </choice>
+        <leaf name="access-operations">
+          <type name="union">
+            <type name="matchall-string-type"/>
+            <type name="access-operations-type"/>
+          </type>
+          <default value="*"/>
+          <description>
+            <text>Access operations associated with this rule.
+
+This leaf matches if it has the value '*' or if the
+bit corresponding to the requested operation is set.</text>
+          </description>
+        </leaf>
+        <leaf name="action">
+          <type name="action-type"/>
+          <mandatory value="true"/>
+          <description>
+            <text>The access control action associated with the
+rule.  If a rule is determined to match a
+particular request, then this object is used
+to determine whether to permit or deny the
+request.</text>
+          </description>
+        </leaf>
+        <leaf name="comment">
+          <type name="string"/>
+          <description>
+            <text>A textual description of the access rule.</text>
+          </description>
+        </leaf>
+      </list>
+    </list>
+  </container>
+</module>