Skip to content

Commit

Permalink
Renamed group field to role and added new field ssh_principal
Browse files Browse the repository at this point in the history
  • Loading branch information
@nmahabaleshwar
nmahabaleshwar committed Jan 16, 2024
2 parents 41bc2b0 + d5abc2e commit 3d01d94
Show file tree
Hide file tree
Showing 9 changed files with 385 additions and 171 deletions.
1 change: 1 addition & 0 deletions .bazelversion
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
6.0.0
9 changes: 8 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,11 @@ services include:
5. Secure Shell (ssh) certificate/key management
6. Associated YANG models for telemetry collection of gNSI systems.

Code and documentation to follow.
## Releases

   - A gNSI server is expected to support single version of gNSI
(e.g. if v2 releases, then the server will only support v1 until
it has support for v2, at which point it will drop support for v1).
   - A gNSI server is expected to be pinned to a release tag on the
gNSI repository.

21 changes: 21 additions & 0 deletions acctz/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,24 @@ retrieved periodically by newly and already connected Collectors. The depth
of this history should be configurable by the administrator. The default
depth and configurability are subject to implementation support, but should
be documented.

## OpenConfig Extension for the gMNI gRPC-based Accounting telemetry
### gnsi-acctz.yang
An overview of the changes defined in the gnsi-acctz.yang file are shown below.

```txt
module: gnsi-acctz
augment /oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server:
+--ro counters
+--ro last-cleared-on? oc-types:timeticks64
+--ro client-counters
| +--ro history_istruncated? oc-yang:counter64
| +--ro IdleTimeouts? oc-yang:counter64
| +--ro RecordRequests? oc-yang:counter64
| +--ro RecordResponses? oc-yang:counter64
+--ro source-counters
+--ro source-records* [service type]
+--ro service service-request
+--ro type service-type
+--ro records? oc-yang:counter64
```
309 changes: 151 additions & 158 deletions acctz/acctz.pb.go
View file

Large diffs are not rendered by default.

15 changes: 6 additions & 9 deletions acctz/acctz.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,17 +128,14 @@ message UserDetail {
// accounting a login that terminated before a username was received.
string identity = 1;

// user's privilege level, user class, user group, task group, etc.,
// which is implementation dependent. Might be omitted if
// authentication fails.
string group = 2;
// user's privilege level, user class, user group, task group,
// user role etc., which is implementation dependent.
// Might be omitted if authentication fails.
string role = 2;

// this indicates the role of the user.
string role = 3;

// this indicates the principal present in SSH certificates populated
// this indicates the principal present in the SSH certificate populated
// when the user is authenticated via SSH certificates.
string principal = 4;
string ssh_principal = 3;
}

// Details of authentication
Expand Down
195 changes: 195 additions & 0 deletions acctz/gnsi-acctz.yang
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
module gnsi-acctz {
yang-version 1.1;
namespace "https://github.com/openconfig/gnsi/acctz/yang";
prefix gnsi-acctz;

import openconfig-system {
prefix oc-sys;
}
import openconfig-system-grpc {
prefix oc-sys-grpc;
}
import openconfig-types {
prefix oc-types;
}
import openconfig-yang-types {
prefix oc-yang;
}
organization
"Google LLC";

contact
"Google LLC";

description
"This module provides a data model for the metadata of the gRPC
accounting operations on a device.";

revision 2023-12-01 {
description
"Initial revision.";
reference "0.1.0";
}

typedef cmd_service {
description "enum CommandService.CmdServiceType";
type enumeration {
enum UNSPECIFIED {
value 0;
}
enum SHELL {
value 1;
}
enum CLI {
value 2;
}
enum WEBUI {
value 3;
}
enum RESTCONF {
value 4;
}
enum NETCONF {
value 5;
}
}
}
typedef grpc_service {
description "enum GrpcService.GrpcServiceType";
type enumeration {
enum UNSPECIFIED {
value 0;
}
enum GNMI {
value 1;
}
enum GNOI {
value 2;
}
enum GNSI {
value 3;
}
enum GRIBI {
value 4;
}
enum P4RT {
value 5;
}
}
}
typedef service-request {
description "enum RecordResponse.service_request";
type enumeration {
enum cmd_service {
value 4;
}
enum grpc_service {
value 5;
}
}
}
typedef service-type {
description "enum cmd or grpc service type";
type union {
type cmd_service;
type grpc_service;
}
}

// gnsi.acctz client statistics
grouping client-counters {
description
"A collection of counters that were collected by the gNSI.acctz
module while servicing acctz clients.";

leaf history_istruncated {
type oc-yang:counter64;
description
"The total number of times that a RecordRequest resulted in
a RecordResponse being marked history_istruncated. ie: a
request was made for a timestamp that did not exist in the
history.";
}
leaf IdleTimeouts {
type oc-yang:counter64;
description
"The total number of times that a client was disconnected
due to missing keepalives (ie: RecordRequests).";
}
leaf RecordRequests {
type oc-yang:counter64;
description
"The total number of RecordRequest RPCs that have been received.";
}
leaf RecordResponses {
type oc-yang:counter64;
description
"The total number of RecordRequest RPCs that have been sent.";
}
}

// gnsi.acctz producer statistics
grouping source-counters {
description
"A collection of counters for gNSI.acctz record production per
service request type.";

list source-records {
key "service type";
// unique "service type";
description
"The total number of times the gNSI.authz module denied access
to a RPC.";

leaf service {
type service-request;
mandatory true;
}
leaf type {
type service-type;
mandatory true;
}
leaf records {
type oc-yang:counter64;
description
"The total number of records produced for the service_request
type.";
}
}
}

grouping grpc-server-acctz-counters {
description
"A collection of counters from the gNSI.acctz module.";

container counters {
description
"A collection of counters from the gNSI.acctz module
for acctz clients and sources.";
config false;

leaf last-cleared-on {
type oc-types:timeticks64;
description
"The last time that the counters were cleared (reset to
zero). This value is reported as nanoseconds since epoch
(January 1st, 1970 00:00:00 GMT).";
}

container client-counters {
uses client-counters;
}
container source-counters {
uses source-counters;
}
}
}

// Augments section.
augment "/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server" {
description
"Counters collected by the gNSI.acctz module.";

uses grpc-server-acctz-counters;
}
}
2 changes: 1 addition & 1 deletion authz/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ expected result of the `gNSI.authz.Probe()` RPC is:

### `gnsi-authz.yang`

An overview of the changes defined in the `gnmi-authz.yang` file are shown
An overview of the changes defined in the `gnsi-authz.yang` file are shown
below.

```txt
Expand Down
2 changes: 1 addition & 1 deletion version/version.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion version/version.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ package gnsi;

import "github.com/openconfig/gnoi/types/types.proto";

option (gnoi.types.gnoi_version) = "1.5.0";
option (gnoi.types.gnoi_version) = "1.6.0";
option go_package = "github.com/openconfig/gnsi/version";

0 comments on commit 3d01d94

Please sign in to comment.