Skip to content

Commit

Permalink
gnsi/certz: rename certz counters (#156)
Browse files Browse the repository at this point in the history 
rename the access-accepts/access-rejects
counters and timestamps to
connection-accepts/connection-rejects

This is more indicative of the fact that these
counters are not really controlling access
(which would be authorization/authz) but rather just
whether a connection can be established
based on the SSL profile
  • Loading branch information
@brianneville
brianneville authored Feb 13, 2024
1 parent a1530cc commit 26b2e73
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 42 deletions.
16 changes: 8 additions & 8 deletions certz/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,10 +209,10 @@ module: gnsi-certz
+--ro authentication-policy-created-on? created-on
+--ro ssl-profile-id? string
+--ro counters
+--ro access-rejects? oc-yang:counter64
+--ro last-access-reject? oc-types:timeticks64
+--ro access-accepts? oc-yang:counter64
+--ro last-access-accept? oc-types:timeticks64
+--ro connection-rejects? oc-yang:counter64
+--ro last-connection-reject? oc-types:timeticks64
+--ro connection-accepts? oc-yang:counter64
+--ro last-connection-accept? oc-types:timeticks64
```

### `openconfig-system` tree
Expand Down Expand Up @@ -656,9 +656,9 @@ module: openconfig-system
+--ro gnsi-certz:authentication-policy-created-on? created-on
+--ro gnsi-certz:ssl-profile-id? string
+--ro gnsi-certz:counters
+--ro gnsi-certz:access-rejects? oc-yang:counter64
+--ro gnsi-certz:last-access-reject? oc-types:timeticks64
+--ro gnsi-certz:access-accepts? oc-yang:counter64
+--ro gnsi-certz:last-access-accept? oc-types:timeticks64
+--ro gnsi-certz:connection-rejects? oc-yang:counter64
+--ro gnsi-certz:last-connection-reject? oc-types:timeticks64
+--ro gnsi-certz:connection-accepts? oc-yang:counter64
+--ro gnsi-certz:last-connection-accept? oc-types:timeticks64
```
39 changes: 20 additions & 19 deletions certz/gnsi-certz.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5115,7 +5115,7 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>
<div id=9999 class=tier11>
<a class="leaf">&nbsp;</a>
<attr title="Received Access-Accept messages."> <em> access-accepts </em></abbr>
<attr title="Received Access-Accept messages."> <em> connection-accepts </em></abbr>

</div>
</td>
Expand All @@ -5127,14 +5127,14 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys:aaa/oc-sys:server-groups/oc-sys:server-group/oc-sys:servers/oc-sys:server/oc-sys:radius/oc-sys:state/oc-sys:counters/oc-sys:access-accepts</td>
<td nowrap>/oc-sys:system/oc-sys:aaa/oc-sys:server-groups/oc-sys:server-group/oc-sys:servers/oc-sys:server/oc-sys:radius/oc-sys:state/oc-sys:counters/oc-sys:connection-accepts</td>
</tr>
<tr id="1-1-9-32-48-32-65-29-22-21-3" class="a">

<td nowrap>
<div id=9999 class=tier11>
<a class="leaf">&nbsp;</a>
<attr title="Received Access-Reject messages."> <em> access-rejects </em></abbr>
<attr title="Received Access-Reject messages."> <em> connection-rejects </em></abbr>

</div>
</td>
Expand All @@ -5146,7 +5146,7 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys:aaa/oc-sys:server-groups/oc-sys:server-group/oc-sys:servers/oc-sys:server/oc-sys:radius/oc-sys:state/oc-sys:counters/oc-sys:access-rejects</td>
<td nowrap>/oc-sys:system/oc-sys:aaa/oc-sys:server-groups/oc-sys:server-group/oc-sys:servers/oc-sys:server/oc-sys:radius/oc-sys:state/oc-sys:counters/oc-sys:connection-rejects</td>
</tr>
<tr id="1-1-9-32-48-32-65-29-22-21-4" class="a">

Expand Down Expand Up @@ -8496,8 +8496,9 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>
<div id=9999 class=tier7>
<a class="leaf">&nbsp;</a>
<attr title="The total number of times the gRPC denied access to the server."> <em> gnsi-certz:access-rejects </em></abbr>

<attr title="The total number of times that gRPC clients have succeeded
in establishing a connection to the server."> <em> gnsi-certz:connection-rejects </em></abbr>

</div>
</td>
<td nowrap>leaf</td>
Expand All @@ -8508,16 +8509,16 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:access-rejects</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:connection-rejects</td>
</tr>
<tr id="1-1-16-42-65-95-139" class="a">

<td nowrap>
<div id=9999 class=tier7>
<a class="leaf">&nbsp;</a>
<attr title="A timestamp of the last time the gRPC denied access to
the server."> <em> gnsi-certz:last-access-reject </em></abbr>
<attr title="A timestamp of the last time a gRPC client failed
in establishing a connection to the server."> <em> gnsi-certz:last-connection-reject </em></abbr>

</div>
</td>
<td nowrap>leaf</td>
Expand All @@ -8528,16 +8529,16 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:last-access-reject</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:last-connection-reject</td>
</tr>
<tr id="1-1-16-42-65-95-140" class="a">

<td nowrap>
<div id=9999 class=tier7>
<a class="leaf">&nbsp;</a>
<attr title="The total number of times the gPRC allowed access to
the server."> <em> gnsi-certz:access-accepts </em></abbr>
<attr title="The total number of times that gRPC clients have succeeded
in establishing a connection to the server."> <em> gnsi-certz:connection-accepts </em></abbr>

</div>
</td>
<td nowrap>leaf</td>
Expand All @@ -8548,16 +8549,16 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:access-accepts</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:connection-accepts</td>
</tr>
<tr id="1-1-16-42-65-95-141" class="a">

<td nowrap>
<div id=9999 class=tier7>
<a class="leaf">&nbsp;</a>
<attr title="A timestamp of the last time the gRPC allowed access to
the server."> <em> gnsi-certz:last-access-accept </em></abbr>
<attr title="A timestamp of the last time a gRPC client succeeded
in establishing a connection to the server."> <em> gnsi-certz:last-connection-accept </em></abbr>

</div>
</td>
<td nowrap>leaf</td>
Expand All @@ -8568,7 +8569,7 @@ <h1> Module: <font color=blue>gnsi-certz</font>, Namespace:
<td nowrap>no config</td>
<td>?</td>
<td>current</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:last-access-accept</td>
<td nowrap>/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/oc-sys-grpc:state/gnsi-certz:counters/gnsi-certz:last-connection-accept</td>
</tr>
</table>
</div>
Expand Down
33 changes: 20 additions & 13 deletions certz/gnsi-certz.yang
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ module gnsi-certz {
"This module provides a data model for the metadata of gRPC credentials
installed on a networking device.";

revision 2023-02-13 {
description
"rename access/reject counters";
reference "0.5.0";
}

revision 2023-08-24 {
description
"Adds ssl-profile-id leaf";
Expand Down Expand Up @@ -69,37 +75,38 @@ module gnsi-certz {
// Success/failure counters.
grouping counters {
description
"A collection of counters that were collected while evaluating
access to the gRPC server.";
"A collection of counters that were collected while attempting
to establish connections to the gRPC server.";

container counters {
config false;
description
"A collection of counters that were collected by the gRPC during
the authentication process.";

leaf access-rejects {
leaf connection-rejects {
type oc-yang:counter64;
description
"The total number of times the gRPC denied access to the server.";
"The total number of times that gRPC clients have succeeded
in establishing a connection to the server.";
}
leaf last-access-reject {
leaf last-connection-reject {
type oc-types:timeticks64;
description
"A timestamp of the last time the gRPC denied access to
the server.";
"A timestamp of the last time a gRPC client failed
in establishing a connection to the server."
}
leaf access-accepts {
leaf connection-accepts {
type oc-yang:counter64;
description
"The total number of times the gPRC allowed access to
the server.";
"The total number of times that gRPC clients have succeeded
in establishing a connection to the server.";
}
leaf last-access-accept {
leaf last-connection-accept {
type oc-types:timeticks64;
description
"A timestamp of the last time the gRPC allowed access to
the server.";
"A timestamp of the last time a gRPC client succeeded
in establishing a connection to the server."
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion version/version.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion version/version.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ package gnsi;

import "github.com/openconfig/gnoi/types/types.proto";

option (gnoi.types.gnoi_version) = "1.6.0";
option (gnoi.types.gnoi_version) = "1.6.1";
option go_package = "github.com/openconfig/gnsi/version";

0 comments on commit 26b2e73

Please sign in to comment.