Updated oc interface models, bug fixes and few new nodes support

config/transformer/models_list

@@ -1,4 +1,6 @@
 #List yang models transformer need to load
+ietf-interfaces.yang
+iana-if-type.yang
 openconfig-acl.yang
 openconfig-acl-annot.yang
 openconfig-sampling-sflow.yang

models/yang/annotations/openconfig-interfaces-annot.yang

@@ -63,6 +63,60 @@ module openconfig-interfaces-annot {
         }
     }
 
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:type {
+        deviate add {
+            sonic-ext:field-transformer "intf_type_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:config/oc-intf:type {
+        deviate add {
+            sonic-ext:field-transformer "intf_type_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:description {
+        deviate add {
+            sonic-ext:field-transformer "intf_description_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:ifindex {
+        deviate add {
+            sonic-ext:field-transformer "intf_ifindex_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:oper-status {
+        deviate add {
+            sonic-ext:field-transformer "intf_oper_status_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:last-change {
+        deviate add {
+            sonic-ext:field-transformer "intf_last_change_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:management {
+        deviate add {
+            sonic-ext:field-transformer "intf_mgmt_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:cpu {
+        deviate add {
+            sonic-ext:field-transformer "intf_cpu_xfmr";
+        }
+    }
+
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:state/oc-intf:logical {
+        deviate add {
+            sonic-ext:field-transformer "intf_logical_xfmr";
+        }
+    }
+
     deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:config/oc-intf:mtu {
         deviate add {
             sonic-ext:field-transformer "intf_mtu_xfmr";
@@ -219,6 +273,12 @@ module openconfig-interfaces-annot {
         }
     }
 
+    deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:subinterfaces/oc-intf:subinterface/oc-ip:ipv6/oc-ip:state {
+        deviate add {
+            sonic-ext:db-name "APPL_DB";
+        }
+    }
+
     deviation /oc-intf:interfaces/oc-intf:interface/oc-intf:subinterfaces/oc-intf:subinterface/oc-ip:ipv6/oc-ip:state/oc-ip:enabled {
         deviate add {
             sonic-ext:field-transformer "ipv6_enabled_xfmr";

models/yang/common/openconfig-if-8021x.yang

@@ -0,0 +1,318 @@
+module openconfig-if-8021x {
+
+  yang-version "1";
+
+  // namespace
+  namespace "http://openconfig.net/yang/interfaces/8021x";
+
+  prefix "oc-1x";
+
+  // import some basic types
+  import openconfig-yang-types { prefix oc-yang; }
+  import openconfig-extensions { prefix oc-ext; }
+  import openconfig-interfaces { prefix oc-if; }
+  import openconfig-if-ethernet { prefix oc-eth; }
+  import openconfig-vlan { prefix oc-vlan; }
+  import openconfig-vlan-types { prefix oc-vlan-types; }
+
+  // meta
+  organization "OpenConfig working group";
+
+  contact
+    "OpenConfig working group
+    netopenconfig@googlegroups.com";
+
+  description
+    "Model for managing 8021X. Augments the OpenConfig models for
+    wired interfaces and wireless SSIDs for configuration and state.";
+
+  oc-ext:openconfig-version "0.0.1";
+
+  revision "2020-01-28" {
+    description
+      "Initial draft of model, including only the most common 802.1X
+      configuration and state use-cases.";
+    reference "0.0.1";
+  }
+
+  // grouping statements
+
+  grouping vlan-map-config {
+    description
+      "Configuration data for mapping from VLAN name to VLAN id.";
+
+    leaf vlan-name {
+     type string;
+     mandatory true;
+     description
+       "The VLAN name to be mapped to the VLAN id.";
+    }
+
+    leaf id {
+     type oc-vlan-types:vlan-id;
+     mandatory true;
+     description
+       "The VLAN id to be mapped to the VLAN name.";
+    }
+  }
+
+  grouping dot1x-port-config {
+    description
+      "802.1X port-based configuration.";
+
+    leaf authenticate-port {
+      type boolean;
+      description
+        "Enable 802.1X port control on an interface.";
+    }
+
+    leaf host-mode {
+      type enumeration {
+        enum SINGLE_HOST {
+          description
+            "Only single supplicant can communicate through the port.
+            If the supplicant logs off or the port state is changed,
+            the port becomes unauthenticated.";
+        }
+        enum MULTI_HOST {
+          description
+            "Multiple hosts can communicate over a single port.
+            Only the first supplicant is authenticated while
+            subsequent hosts have network access without having to
+            authenticate.";
+        }
+        enum MULTI_DOMAIN {
+          description
+            "Allows for authentication of multiple clients
+            individually on one authenticator port.";
+        }
+      }
+      description
+        "Allow for single or multiple hosts to communicate through
+        an 802.1X controlled port.";
+    }
+
+    leaf reauthenticate-interval {
+      type uint16;
+      units seconds;
+      description
+        "Enable periodic re-authentication of the device connected
+        to this port. Setting a value of 0 disabled reauthentication
+        on this port.";
+    }
+
+    leaf retransmit-interval {
+      type uint16;
+      units seconds;
+      description
+        "How long the interface waits for a response from an
+        EAPoL Start before restarting 802.1X authentication on the
+        port.";
+    }
+
+    leaf supplicant-timeout {
+      type uint16;
+      units seconds;
+      description
+        "Time to wait for a response from the supplicant before
+        restarting the 802.1X authentication process.";
+    }
+
+    leaf max-requests {
+      type uint16;
+      description
+        "Maximum number of times an EAPoL request packet is retransmitted
+        to the supplicant before the authentication session fails.";
+    }
+
+    leaf server-fail-vlan {
+      type union {
+        type string;
+        type oc-vlan-types:vlan-id;
+      }
+      description
+        "If RADIUS is unresponsive, the supplicant shall be placed in
+        this VLAN. If this VLAN is configured as a VLAN name, the
+        vlan-map must be populated for the Authenticator to map this
+        VLAN name to a VLAN id.";
+    }
+
+    leaf auth-fail-vlan {
+      type union {
+        type string;
+        type oc-vlan-types:vlan-id;
+      }
+      description
+        "Upon failure to authenticate, the port is set to this VLAN.
+        If this VLAN is a configured as a VLAN name, the vlan-map must
+        be populated for the Authenticator to map this VLAN name to a
+        VLAN id.";
+    }
+  }
+
+  grouping vlan-map-top {
+    description
+      "Top-level grouping for vlan-map configuration and Operational
+      state data.";
+
+    container dot1x-vlan-map {
+      description
+        "Enclosing container for mapping a VLAN name to VLAN id";
+
+      list vlan-name {
+        key "vlan-name";
+        description
+         "A list of mappings from VLAN name to VLAN id.
+          Entries in this list are utilized for DVA using a VLAN
+          name; eg when RADIUS returns a VLAN name as the
+          tunnel-private-group-id.";
+        reference
+         "RFC 2868: RADIUS Attributes for Tunnel Protocol Support";
+
+        leaf vlan-name {
+          type leafref  {
+            path "../config/vlan-name";
+          }
+          description "References the configured VLAN name";
+        }
+
+        container config {
+          description "Configuration data for each configured VLAN
+          name in the VLAN ID to VLAN name mapping";
+
+          uses vlan-map-config;
+        }
+
+        container state {
+          config false;
+          description
+            "Operational state data for each VLAN id
+            to VLAN name mapping.";
+
+          uses vlan-map-config;
+        }
+      }
+    }
+  }
+
+  grouping dot1x-sessions-top {
+    description
+      "Top-level grouping for 802.1X sessions.";
+    container authenticated-sessions {
+        description
+          "Top level container for authenticated sessions state data.";
+
+      list authenticated-session {
+        key "mac";
+        config false;
+        description
+          "The list of authenticated sessions on this device.";
+
+        leaf mac {
+          type leafref {
+            path "../state/mac";
+          }
+          description
+            "Device MAC address.";
+        }
+
+        container state {
+          config false;
+          description
+            "Top level state container for 802.1X.";
+
+          leaf mac {
+            type oc-yang:mac-address;
+            description
+              "Device MAC address.";
+          }
+          uses dot1x-sessions-state;
+        }
+      }
+    }
+  }
+
+  grouping dot1x-sessions-state {
+    description
+      "Grouping for 802.1X sessions State data.";
+
+    leaf session-id {
+      type string;
+      description
+        "The locally-significant session id which this authenticated
+        session applies to. Typically used for RADIUS accounting or
+        other system level telemetry.";
+      }
+
+    leaf status {
+      type enumeration {
+        enum AUTHENTICATED {
+          description
+            "The session has succesfully completed one of the authentication
+            methods allowed on the port.";
+        }
+        enum AUTHENTICATING {
+          description
+            "The session is in the process of authenticating.";
+        }
+        enum FAILED_AUTHENTICATION {
+          description
+            "An authentication has been attempted for this session,
+            and has failed.";
+        }
+        enum SUPPLICANT_TIMEOUT {
+          description
+            "An authentication has been attempted for this session,
+            however the supplicant has not responded. This is likely
+            due to the attached devices lack of 802.1X support.";
+        }
+      }
+      description
+        "The status of the 802.1X session for a device.";
+    }
+  }
+
+  grouping dot1x-top {
+    description
+      "Top-level grouping for 802.1X configuration and operational
+      state data.";
+
+    container dot1x {
+      description
+        "Top level container for 802.1X configuration and
+        state data.";
+
+      container config {
+        description
+          "Top level configuration container for 802.1X.";
+
+        uses dot1x-port-config;
+      }
+
+      container state {
+        config false;
+        description
+          "Top level state container for 802.1X.";
+
+        uses dot1x-port-config;
+      }
+    }
+    uses dot1x-sessions-top;
+  }
+
+  // Augment statements
+  augment "/oc-if:interfaces/oc-if:interface/oc-eth:ethernet" {
+    description
+      "Adds 802.1X settings to individual Ethernet interfaces";
+
+    uses dot1x-top;
+  }
+
+  augment "/oc-if:interfaces/oc-if:interface/oc-eth:ethernet/" +
+          "oc-vlan:switched-vlan" {
+    description
+      "Adds vlan-map to switched-vlans.";
+
+    uses vlan-map-top;
+  }
+}