module openconfig-system-management {

    yang-version 1;

    namespace
      "http://openconfig.net/yang/system/management";

    prefix oc-sys-mgmt;

    import openconfig-extensions {
      prefix oc-ext;
    }
    import openconfig-inet-types {
      prefix oc-inet;
    }

    organization "OpenConfig working group";

    contact
      "OpenConfig working group
    www.openconfig.net";

    description
      "This module defines configuration and operational state data
    related to management services.";

    revision "2020-01-14" {
      description
        "Add default to enable gRPC transport security";
      reference
        "0.3.0";

    }

    revision "2019-07-10" {
      description
        "Add gRPC default port and metadata authentication";
      reference
        "0.2.0";

    }

    revision "2018-11-21" {
      description
        "Add OpenConfig module metadata extensions.";
      reference
        "0.1.2";

    }

    revision "2018-08-28" {
      description
        "Update description of the ANY enum.";
      reference
        "0.1.1";

    }

    revision "2018-07-26" {
      description "Initial public release";
      reference
        "0.1.0";

    }

    oc-ext:openconfig-version "0.3.0";
    oc-ext:regexp-posix;
    oc-ext:catalog-organization "openconfig";
    oc-ext:origin "openconfig";

    grouping system-grpc-server-config {
      description
        "Configuration data for the gRPC server";
      leaf enable {
        type boolean;
        default 'true';
        description
          "Enables the gRPC server. The gRPC server is enabled by
        default";
      }

      leaf port {
        type oc-inet:port-number;
        default '9339';
        description
          "TCP port on which the gRPC server should listen";
      }

      leaf transport-security {
        type boolean;
        default 'true';
        description
          "Use gRPC transport security (e.g., TLS or SSL). Enabled by default.
         This allows disabling transport security for use cases where it is not
         needed like lab testing.";
      }

      leaf certificate-id {
        type string;
        description
          "The certificate ID to be used for authentication";
      }

      leaf metadata-authentication {
        type boolean;
        default 'false';
        description
          "Enables gRPC METADATA authentication. See
	 https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-authentication.md#credentials-and-authentication
	 for more info.";
      }

      leaf-list listen-addresses {
        type union {
          type oc-inet:ip-address;
          type enumeration {
            enum "ANY" {
              value 0;
              description
                "The gRPC daemon should listen on any address
              bound to an interface on the system.";
            }
          }
        }
        description
          "The IP addresses that the gRPC server should listen
        on. This may be an IPv4 or an IPv6 address";
      }
    }  // grouping system-grpc-server-config

    grouping system-grpc-server-top {
      description
        "Top-level grouping for system gRPC server data";
      container grpc-server {
        description
          "Top-level container for the gRPC server";
        container config {
          description
            "Configuration data for the system gRPC server";
          uses system-grpc-server-config;
        }  // container config

        container state {
          config false;
          description
            "Operational state data for the system gRPC server";
          uses system-grpc-server-config;
        }  // container state
      }  // container grpc-server
    }  // grouping system-grpc-server-top
  }  // module openconfig-system-management