2 * Copyright (c) 2015 Brocade Communications Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 module neutron-secgroups {
12 namespace "urn:opendaylight:neutron-secgroups";
14 prefix neutron-secgroups;
16 import ietf-yang-types { prefix "yang"; }
17 // It requires rfc6991 (revision 2013-07-15), but odl don't have it, so this patch verify build will fail.
18 import ietf-inet-types { prefix "inet"; revision-date 2010-09-24; }
19 import neutron-attrs { prefix "attrs"; }
21 organization "OpenDaylight Neutron Group";
23 contact "J. Gregory Hall <ghall@brocade.com>, Kiran Sreenivasa <kkoushik@brocade.com>";
25 description "This YANG module defines Security group objects that are used by Openstack
26 Ice House Neutron YANG modules.";
28 revision "2014-10-02" {
30 "Initial version of Security group objects used by OpenStack Ice House Neutron
34 grouping security-group-attrs {
35 description "OpenStack Layer3 Security group information.";
38 description "Description for the security group.";
41 grouping security-rule-attrs {
42 description "OpenStack Layer3 Security Group rules.";
45 description "Security Rule ID.";
49 description "UUID of the tenant.";
54 description "Ingress direction.";
57 description "Egress direction.";
60 description "The direction in which metering rule is applied.
61 For a compute instance, an ingress security group rule is
62 applied to incoming (ingress) traffic for that instance.
63 An egress rule is applied to traffic leaving the instance.";
66 leaf security-group-id {
68 description "The security group ID to associate with this security group rule.";
70 leaf remote-group-id {
71 description "The remote group ID to be associated with this security group rule.
72 You can specify either remote-ip-prefix or remote-group-id in the request body.";
75 leaf remote-ip-prefix {
76 description "The remote IP Prefix to be associated with this security group rule.
77 You can specify either remote-ip-prefix or remote-group-id in the request body.";
83 description "NULL protocol.";
86 description "ICMP protocol.";
89 description "UDP protocol.";
92 description "TCP protocol.";
95 description "The protocol that is matched by the security group rule.";
98 description "Must be IPv4 or IPv6, and addresses represented in CIDR must
99 match the ingress or egress rules.";
102 description "ipv4 type.";
105 description "ipv6 type.";
109 leaf port-range-min {
111 description "The minimum port number in the range that is matched by the
112 security group rule. If the protocol is TCP or UDP, this value must
113 be less than or equal to the value of the attribute. If the protocol
114 is ICMP, this value must be an ICMP type.";
116 leaf port-range-max {
118 description "The maximum port number in the range that is matched by the
119 security group rule. If the protocol is TCP or UDP, this value must
120 be less than or equal to the value of the attribute. If the protocol
121 is ICMP, this value must be an ICMP type.";
125 grouping security-groups-attributes {
126 container security-groups {
127 description "Container for security groups.";
128 list security-group {
129 uses attrs:base-attrs;
130 uses security-group-attrs;
131 description "List of Metering Labels.";
136 grouping security-rules-attributes {
137 container security-rules {
138 description "Container for security group rules.";
140 uses security-rule-attrs;
141 description "List of Security Group Rules.";