ietf-netconf-acm API (19.02)

Network Configuration Access Control Model.

Copyright (c) 2012 - 2018 IETF Trust and the persons identified as authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC 8341; see the RFC itself for full legal notices.

nacm

returns ietf.netconf.acm.Nacm

get /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Responses

200

ietf.netconf.acm.Nacm

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:nacm":
    {
    }
}

creates ietf.netconf.acm.Nacm

post /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Request Body schema: application/yang-data+json

ietf.netconf.acm.Nacm to be added to list

denied-data-writes
integer <int32>

Number of times since the server last restarted that a protocol operation request to alter a configuration datastore was denied.

write-default
string (ietf.netconf.acm.WriteDefault)
Enum:"permit" "deny"
read-default
string (ietf.netconf.acm.ReadDefault)
Enum:"permit" "deny"
rule-list
Array of objects (ietf.netconf.acm.nacm.RuleList)

An ordered collection of access control rules.

enable-nacm
boolean
Default: true

Enables or disables all NETCONF access control enforcement. If 'true', then enforcement is enabled. If 'false', then enforcement is disabled.

denied-notifications
integer <int32>

Number of times since the server last restarted that a notification was dropped for a subscription because access to the event type was denied.

exec-default
string (ietf.netconf.acm.ExecDefault)
Enum:"permit" "deny"
groups
object (ietf.netconf.acm.nacm.Groups)
enable-external-groups
boolean
Default: true

Controls whether the server uses the groups reported by the NETCONF transport layer when it assigns the user to a set of NACM groups. If this leaf has the value 'false', any group names reported by the transport layer are ignored by the server.

denied-operations
integer <int32>

Number of times since the server last restarted that a protocol operation request was denied.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "denied-data-writes": 0,
  • "write-default": "permit",
  • "read-default": "permit",
  • "rule-list":
    [
    ],
  • "enable-nacm": true,
  • "denied-notifications": 0,
  • "exec-default": "permit",
  • "groups":
    {
    },
  • "enable-external-groups": true,
  • "denied-operations": 0
}

creates or updates ietf.netconf.acm.Nacm

put /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Request Body schema: application/yang-data+json

ietf.netconf.acm.Nacm to be added or updated

ietf-netconf-acm:nacm
object (ietf.netconf.acm.Nacm)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:nacm":
    {
    }
}

removes ietf.netconf.acm.Nacm

delete /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

returns ietf.netconf.acm.nacm.Groups

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Responses

200

ietf.netconf.acm.nacm.Groups

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:groups":
    {
    }
}

creates ietf.netconf.acm.nacm.Groups

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.Groups to be added to list

group
Array of objects (ietf.netconf.acm.nacm.groups.Group)

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "group":
    [
    ]
}

creates or updates ietf.netconf.acm.nacm.Groups

put /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.Groups to be added or updated

ietf-netconf-acm:groups
object (ietf.netconf.acm.nacm.Groups)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:groups":
    {
    }
}

removes ietf.netconf.acm.nacm.Groups

delete /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

creates ietf.netconf.acm.nacm.groups.Group

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added to list

user-name
Array of strings

Each entry identifies the username of a member of the group associated with this entry.

name
string

Group name associated with this entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "user-name":
    [
    ],
  • "name": "string"
}

returns ietf.netconf.acm.nacm.groups.Group

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Responses

200

ietf.netconf.acm.nacm.groups.Group

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:group":
    {
    }
}

creates ietf.netconf.acm.nacm.groups.Group

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added to list

user-name
Array of strings

Each entry identifies the username of a member of the group associated with this entry.

name
string

Group name associated with this entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "user-name":
    [
    ],
  • "name": "string"
}

creates or updates ietf.netconf.acm.nacm.groups.Group

put /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added or updated

ietf-netconf-acm:group
object (ietf.netconf.acm.nacm.groups.Group)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:group":
    {
    }
}

removes ietf.netconf.acm.nacm.groups.Group

delete /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

creates ietf.netconf.acm.nacm.RuleList

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list

An ordered collection of access control rules.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.RuleList to be added to list

name
string

Arbitrary name assigned to the rule-list.

rule
Array of objects (ietf.netconf.acm.nacm.rulelist.Rule)

One access control rule.

       Rules are processed in user-defined order until a match is
       found.  A rule matches if 'module-name', 'rule-type', and
       'access-operations' match the request.  If a rule
       matches, the 'action' leaf determines whether or not
       access is granted.
group
Array of strings

List of administrative groups that will be assigned the associated access rights defined by the 'rule' list.

       The string '*' indicates that all groups apply to the
       entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "name": "string",
  • "rule":
    [
    ],
  • "group":
    [
    ]
}

returns ietf.netconf.acm.nacm.RuleList

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

An ordered collection of access control rules.

path Parameters
name
required
string

Id of rule-list

Responses

200

ietf.netconf.acm.nacm.RuleList

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:rule-list":
    {
    }
}

creates ietf.netconf.acm.nacm.RuleList

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

An ordered collection of access control rules.

path Parameters
name
required
string

Id of rule-list

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.RuleList to be added to list

name
string

Arbitrary name assigned to the rule-list.

rule
Array of objects (ietf.netconf.acm.nacm.rulelist.Rule)

One access control rule.

       Rules are processed in user-defined order until a match is
       found.  A rule matches if 'module-name', 'rule-type', and
       'access-operations' match the request.  If a rule
       matches, the 'action' leaf determines whether or not
       access is granted.
group
Array of strings

List of administrative groups that will be assigned the associated access rights defined by the 'rule' list.

       The string '*' indicates that all groups apply to the
       entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "name": "string",
  • "rule":
    [
    ],
  • "group":
    [
    ]
}

creates or updates ietf.netconf.acm.nacm.RuleList

put /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

An ordered collection of access control rules.

path Parameters
name
required
string

Id of rule-list

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.RuleList to be added or updated

ietf-netconf-acm:rule-list
object (ietf.netconf.acm.nacm.RuleList)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:rule-list":
    {
    }
}

removes ietf.netconf.acm.nacm.RuleList

delete /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}

An ordered collection of access control rules.

path Parameters
name
required
string

Id of rule-list

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

creates ietf.netconf.acm.nacm.rulelist.Rule

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}/ietf-netconf-acm:rule

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}/ietf-netconf-acm:rule

One access control rule.

       Rules are processed in user-defined order until a match is
       found.  A rule matches if 'module-name', 'rule-type', and
       'access-operations' match the request.  If a rule
       matches, the 'action' leaf determines whether or not
       access is granted.
path Parameters
name
required
string

Id of rule-list

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.rulelist.Rule to be added to list

path
string

Data node instance-identifier associated with the data node, action, or notification controlled by this rule.

             Configuration data or state data
             instance-identifiers start with a top-level
             data node.  A complete instance-identifier is
             required for this type of path value.

             The special value '/' refers to all possible
             datastore contents.
notification-name
string

This leaf matches if it has the value '*' or if its value equals the requested notification name.

access-operations
string
Default: "*"

Access operations associated with this rule.

         This leaf matches if it has the value '*' or if the
         bit corresponding to the requested operation is set.
name
string

Arbitrary name assigned to the rule.

action
string (ietf.netconf.acm.ActionType)
Enum:"permit" "deny"
module-name
string
Default: "*"

Name of the module associated with this rule.

         This leaf matches if it has the value '*' or if the
         object being accessed is defined in the module with the
         specified module name.
comment
string

A textual description of the access rule.

rpc-name
string

This leaf matches if it has the value '*' or if its value equals the requested protocol operation name.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

application/yang-data+json
Copy
Expand all Collapse all
{
  • "path": "string",
  • "notification-name": "string",
  • "access-operations": "*",
  • "name": "string",
  • "action": "permit",
  • "module-name": "*",
  • "comment": "string",
  • "rpc-name": "string"
}

returns ietf.netconf.acm.nacm.rulelist.Rule

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}/ietf-netconf-acm:rule={rule-name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}/ietf-netconf-acm:rule={rule-name}

One access control rule.

       Rules are processed in user-defined order until a match is
       found.  A rule matches if 'module-name', 'rule-type', and
       'access-operations' match the request.  If a rule
       matches, the 'action' leaf determines whether or not
       access is granted.
path Parameters
name
required
string

Id of rule-list

rule-name
required
string

Id of rule

Responses

200

ietf.netconf.acm.nacm.rulelist.Rule

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D/ietf-netconf-acm:rule=%7Brule-name%7D"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples