ietf-netconf-acm API (19.08)

Network Configuration Access Control Model.

Copyright (c) 2012 - 2018 IETF Trust and the persons identified as authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC 8341; see the RFC itself for full legal notices.

nacm

returns ietf.netconf.acm.Nacm

get /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Responses

200

ietf.netconf.acm.Nacm

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:nacm":
    {
    }
}

creates ietf.netconf.acm.Nacm

post /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Request Body schema: application/yang-data+json

ietf.netconf.acm.Nacm to be added to list

denied-data-writes
integer <int32>

Number of times since the server last restarted that a protocol operation request to alter a configuration datastore was denied.

write-default
string (ietf.netconf.acm.WriteDefault)
Enum: "permit" "deny"
read-default
string (ietf.netconf.acm.ReadDefault)
Enum: "permit" "deny"
rule-list
Array of objects (ietf.netconf.acm.nacm.RuleList)

An ordered collection of access control rules.

enable-nacm
boolean
Default: true

Enables or disables all NETCONF access control enforcement. If 'true', then enforcement is enabled. If 'false', then enforcement is disabled.

denied-notifications
integer <int32>

Number of times since the server last restarted that a notification was dropped for a subscription because access to the event type was denied.

exec-default
string (ietf.netconf.acm.ExecDefault)
Enum: "permit" "deny"
groups
object (ietf.netconf.acm.nacm.Groups)
enable-external-groups
boolean
Default: true

Controls whether the server uses the groups reported by the NETCONF transport layer when it assigns the user to a set of NACM groups. If this leaf has the value 'false', any group names reported by the transport layer are ignored by the server.

denied-operations
integer <int32>

Number of times since the server last restarted that a protocol operation request was denied.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "denied-data-writes": 0,
  • "write-default": "permit",
  • "read-default": "permit",
  • "rule-list":
    [
    ],
  • "enable-nacm": true,
  • "denied-notifications": 0,
  • "exec-default": "permit",
  • "groups":
    {
    },
  • "enable-external-groups": true,
  • "denied-operations": 0
}

creates or updates ietf.netconf.acm.Nacm

put /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Request Body schema: application/yang-data+json

ietf.netconf.acm.Nacm to be added or updated

ietf-netconf-acm:nacm
object (ietf.netconf.acm.Nacm)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:nacm":
    {
    }
}

removes ietf.netconf.acm.Nacm

delete /data/ietf-netconf-acm:nacm

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm

Parameters for NETCONF access control model.

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

returns ietf.netconf.acm.nacm.Groups

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Responses

200

ietf.netconf.acm.nacm.Groups

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:groups":
    {
    }
}

creates ietf.netconf.acm.nacm.Groups

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.Groups to be added to list

group
Array of objects (ietf.netconf.acm.nacm.groups.Group)

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "group":
    [
    ]
}

creates or updates ietf.netconf.acm.nacm.Groups

put /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.Groups to be added or updated

ietf-netconf-acm:groups
object (ietf.netconf.acm.nacm.Groups)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:groups":
    {
    }
}

removes ietf.netconf.acm.nacm.Groups

delete /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups

NETCONF access control groups.

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

creates ietf.netconf.acm.nacm.groups.Group

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added to list

user-name
Array of strings

Each entry identifies the username of a member of the group associated with this entry.

name
string

Group name associated with this entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "user-name":
    [
    ],
  • "name": "string"
}

returns ietf.netconf.acm.nacm.groups.Group

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Responses

200

ietf.netconf.acm.nacm.groups.Group

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Response samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:group":
    {
    }
}

creates ietf.netconf.acm.nacm.groups.Group

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added to list

user-name
Array of strings

Each entry identifies the username of a member of the group associated with this entry.

name
string

Group name associated with this entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "user-name":
    [
    ],
  • "name": "string"
}

creates or updates ietf.netconf.acm.nacm.groups.Group

put /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.groups.Group to be added or updated

ietf-netconf-acm:group
object (ietf.netconf.acm.nacm.groups.Group)

Responses

201

Object created

204

Object modified

400

Internal error

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "ietf-netconf-acm:group":
    {
    }
}

removes ietf.netconf.acm.nacm.groups.Group

delete /data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group={name}

One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.

path Parameters
name
required
string

Id of group

Responses

204

Object deleted

400

Internal error

Request samples

Copy
package main

import (
	"fmt"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D"

	req, _ := http.NewRequest("DELETE", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

creates ietf.netconf.acm.nacm.RuleList

post /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list

Example URL

https://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list

An ordered collection of access control rules.

Request Body schema: application/yang-data+json

ietf.netconf.acm.nacm.RuleList to be added to list

name
string

Arbitrary name assigned to the rule-list.

rule
Array of objects (ietf.netconf.acm.nacm.rulelist.Rule)

One access control rule.

          Rules are processed in user-defined order until a match is
          found.  A rule matches if 'module-name', 'rule-type', and
          'access-operations' match the request.  If a rule
          matches, the 'action' leaf determines whether or not
          access is granted.
group
Array of strings

List of administrative groups that will be assigned the associated access rights defined by the 'rule' list.

          The string '*' indicates that all groups apply to the
          entry.

Responses

201

Object created

400

Internal error

409

Object already exists

Request samples

Content type
application/yang-data+json
Copy
Expand all Collapse all
{
  • "name": "string",
  • "rule":
    [
    ],
  • "group":
    [
    ]
}

returns ietf.netconf.acm.nacm.RuleList

get /data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list={name}