2 * Copyright (c) 2015 Huawei Technologies and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 module resolved-policy {
12 namespace "urn:opendaylight:groupbasedpolicy:resolved-policy";
13 prefix "resolved-policy";
15 import ietf-inet-types { prefix "inet"; revision-date 2010-09-24; }
17 import gbp-common { prefix gbp-common; }
18 import endpoint { prefix endpoint; }
19 import policy { prefix policy; }
22 "This module defines the resolved policy for all tenants in interest
25 revision "2015-08-28" {
30 grouping has-endpoint-conditions {
31 container endpoint-conditions {
32 description "A set of conditions for endpoint.";
34 description "All specified conditions must match.";
37 description "A user-visible name for the condition.";
38 type gbp-common:condition-name;
42 description "None of the specified conditions can match.";
45 description "A user-visible name for the condition.";
46 type gbp-common:condition-name;
50 description "At least one of the specified conditions must match.";
52 description "A user-visible name for the condition.";
53 type gbp-common:condition-name;
59 grouping has-endpoint-constraints {
60 description "Constraints for an endpoint.";
61 uses has-endpoint-conditions;
62 uses policy:has-endpoint-identification-constraints;
65 grouping has-classifiers {
69 description "A name for the classifier instance";
70 type gbp-common:classifier-name;
73 leaf classifier-definition-id {
75 path "/policy:subject-feature-definitions/policy:classifier-definition/policy:id";
78 leaf connection-tracking {
80 "Set up connection tracking for this classifier,
81 which allows the traffic in the reverse direction
82 as connections are established. This enables
83 rules that allow connections to be initiated only
84 from one side, but once initiated the two sides
85 can communicate for that connection.";
91 "Match only traffic matching the classifier
96 "Additionally match reverse traffic for
101 uses policy:has-direction;
102 uses policy:subject-feature-instance;
106 grouping has-actions {
110 description "A name for the action.";
111 type gbp-common:action-name;
114 leaf action-definition-id {
116 path "/policy:subject-feature-definitions/policy:action-definition/policy:id";
119 uses policy:has-order;
120 uses policy:subject-feature-instance;
124 grouping has-consumer-epg-key {
125 leaf consumer-tenant-id {
126 description "The consumer tenant id";
128 type gbp-common:tenant-id;
131 leaf consumer-epg-id {
132 description "The consumer endpoint group id";
134 type gbp-common:endpoint-group-id;
138 grouping has-provider-epg-key {
139 leaf provider-tenant-id {
140 description "The provider tenant id";
142 type gbp-common:tenant-id;
145 leaf provider-epg-id {
146 description "The provider endpoint group id";
148 type gbp-common:endpoint-group-id;
152 grouping has-resolved-rules {
156 description "A name for the rule";
157 type gbp-common:rule-name;
160 uses has-classifiers;
162 uses policy:has-order;
166 grouping has-contract-key {
168 description "Related tenant id";
169 type gbp-common:tenant-id;
173 description "Related contract id";
174 type gbp-common:contract-id;
178 grouping has-subject-key {
179 uses has-contract-key;
182 description "Related subject name.";
183 type gbp-common:subject-name;
187 container resolved-policies {
189 list resolved-policy {
190 description "Policies between consumer endpoint groups and provider
192 key "consumer-tenant-id consumer-epg-id provider-tenant-id provider-epg-id";
193 uses has-consumer-epg-key;
194 uses has-provider-epg-key;
196 leaf external-implicit-group {
197 description "If present, denotes which EPG in key is an external implicit group.";
204 list policy-rule-group-with-endpoint-constraints {
205 description "The policy rule groups that apply to a single pair of endpoint
208 container consumer-endpoint-constraints {
209 description "Constraints for consumer endpoints";
210 uses has-endpoint-constraints;
213 container provider-endpoint-constraints {
214 description "Constraints for provider endpoints";
215 uses has-endpoint-constraints;
218 list policy-rule-group {
219 description "A specific policy rule group that apply to each pair of endpoints meeting constraints.
220 The policy rule group represents the subject with resolved rules.";
221 key "tenant-id contract-id subject-name";
222 uses has-subject-key;
223 uses policy:has-order;
224 uses has-resolved-rules;