/* * Copyright (c) 2015 Huawei Technologies and others. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ module resolved-policy { yang-version 1; namespace "urn:opendaylight:groupbasedpolicy:resolved-policy"; prefix "resolved-policy"; import ietf-inet-types { prefix "inet"; revision-date 2010-09-24; } import gbp-common { prefix gbp-common; } import endpoint { prefix endpoint; } import policy { prefix policy; } description "This module defines the resolved policy for all tenants in interest for renderers."; revision "2015-08-28" { description "Initial revision."; } grouping has-endpoint-conditions { container endpoint-conditions { description "A set of conditions for endpoint."; list all-condition { description "All specified conditions must match."; key name; leaf name { description "A user-visible name for the condition."; type gbp-common:condition-name; } } list none-condition { description "None of the specified conditions can match."; key name; leaf name { description "A user-visible name for the condition."; type gbp-common:condition-name; } } list any-condition { description "At least one of the specified conditions must match."; leaf name { description "A user-visible name for the condition."; type gbp-common:condition-name; } } } } grouping has-endpoint-constraints { description "Constraints for an endpoint."; uses has-endpoint-conditions; uses policy:has-endpoint-identification-constraints; } grouping has-classifiers { list classifier { key name; leaf name { description "A name for the classifier instance"; type gbp-common:classifier-name; mandatory true; } leaf classifier-definition-id { type leafref { path "/policy:subject-feature-definitions/policy:classifier-definition/policy:id"; } } leaf connection-tracking { description "Set up connection tracking for this classifier, which allows the traffic in the reverse direction as connections are established. This enables rules that allow connections to be initiated only from one side, but once initiated the two sides can communicate for that connection."; default normal; type enumeration { enum normal { description "Match only traffic matching the classifier strictly"; } enum reflexive { description "Additionally match reverse traffic for connections"; } } } uses policy:has-direction; uses policy:subject-feature-instance; } } grouping has-actions { list action { key "name"; leaf name { description "A name for the action."; type gbp-common:action-name; mandatory true; } leaf action-definition-id { type leafref { path "/policy:subject-feature-definitions/policy:action-definition/policy:id"; } } uses policy:has-order; uses policy:subject-feature-instance; } } grouping has-consumer-epg-key { leaf consumer-tenant-id { description "The consumer tenant id"; mandatory true; type gbp-common:tenant-id; } leaf consumer-epg-id { description "The consumer endpoint group id"; mandatory true; type gbp-common:endpoint-group-id; } } grouping has-provider-epg-key { leaf provider-tenant-id { description "The provider tenant id"; mandatory true; type gbp-common:tenant-id; } leaf provider-epg-id { description "The provider endpoint group id"; mandatory true; type gbp-common:endpoint-group-id; } } grouping has-resolved-rules { list resolved-rule { key name; leaf name { description "A name for the rule"; type gbp-common:rule-name; mandatory true; } uses has-classifiers; uses has-actions; uses policy:has-order; } } grouping has-contract-key { leaf tenant-id { description "Related tenant id"; type gbp-common:tenant-id; } leaf contract-id { description "Related contract id"; type gbp-common:contract-id; } } grouping has-subject-key { uses has-contract-key; leaf subject-name { description "Related subject name."; type gbp-common:subject-name; } } container resolved-policies { config false; list resolved-policy { description "Policies between consumer endpoint groups and provider endpoint groups"; key "consumer-tenant-id consumer-epg-id provider-tenant-id provider-epg-id"; uses has-consumer-epg-key; uses has-provider-epg-key; leaf external-implicit-group { description "If present, denotes which EPG in key is an external implicit group."; type enumeration { enum consumer-epg; enum provider-epg; } } list policy-rule-group-with-endpoint-constraints { description "The policy rule groups that apply to a single pair of endpoint groups"; container consumer-endpoint-constraints { description "Constraints for consumer endpoints"; uses has-endpoint-constraints; } container provider-endpoint-constraints { description "Constraints for provider endpoints"; uses has-endpoint-constraints; } list policy-rule-group { description "A specific policy rule group that apply to each pair of endpoints meeting constraints. The policy rule group represents the subject with resolved rules."; key "tenant-id contract-id subject-name"; uses has-subject-key; uses policy:has-order; uses has-resolved-rules; } } } } }