module ietf-mud {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-mud";

    prefix ietf-mud;

    import ietf-access-control-list {
      prefix acl;
    }
    import ietf-yang-types {
      prefix yang;
    }
    import ietf-inet-types {
      prefix inet;
    }

    organization
      "IETF OPSAWG (Operations and Management Area Working Group)";

    contact
      "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
     WG List: opsawg@ietf.org

     Author: Eliot Lear
             lear@cisco.com

     Author: Ralph Droms
             rdroms@gmail.com

     Author: Dan Romascanu
             dromasca@gmail.com
    ";

    description
      "This YANG module defines a component that augments the
     IETF description of an access list.  This specific module
     focuses on additional filters that include local, model,
     and same-manufacturer.

     This module is intended to be serialized via JSON and stored
     as a file, as described in RFC 8520.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2019 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC 8520; see
     the RFC itself for full legal notices.";

    revision "2019-01-28" {
      description
        "Initial proposed standard.";
      reference
        "RFC 8520: Manufacturer Usage Description
        Specification";

    }


    typedef direction {
      type enumeration {
        enum "to-device" {
          value 0;
          description
            "packets or flows destined to the target
           Thing.";
        }
        enum "from-device" {
          value 1;
          description
            "packets or flows destined from
           the target Thing.";
        }
      }
      description
        "Which way are we talking about?";
    }

    container mud {
      presence
        "Enabled for this particular MUD URL";
      description
        "MUD-related information, as specified
       by RFC 8520.";
      leaf mud-version {
        type uint8;
        mandatory true;
        description
          "This is the version of the MUD
specification.  This memo specifies version 1.";
      }

      leaf mud-url {
        type inet:uri;
        mandatory true;
        description
          "This is the MUD URL associated with the entry found
in a MUD file.";
      }

      leaf last-update {
        type yang:date-and-time;
        mandatory true;
        description
          "This is intended to be when the current MUD file
was generated.  MUD managers SHOULD NOT check
for updates between this time plus cache validity.";
      }

      leaf mud-signature {
        type inet:uri;
        description
          "A URI that resolves to a signature as
described in this specification.";
      }

      leaf cache-validity {
        type uint8 {
          range "1..168";
        }
        units "hours";
        default "48";
        description
          "The information retrieved from the MUD server is
valid for these many hours, after which it should
be refreshed.  N.B., MUD manager implementations
need not discard MUD files beyond this period.";
      }

      leaf is-supported {
        type boolean;
        mandatory true;
        description
          "This boolean indicates whether or not the Thing is
currently supported by the manufacturer.";
      }

      leaf systeminfo {
        type string;
        description
          "A UTF-8 description of this Thing.  This
should be a brief description that may be
displayed to the user to determine whether
to allow the Thing on the
network.";
      }

      leaf mfg-name {
        type string;
        description
          "Manufacturer name, as described in
the ietf-hardware YANG module.";
      }

      leaf model-name {
        type string;
        description
          "Model name, as described in the
ietf-hardware YANG module.";
      }

      leaf firmware-rev {
        type string;
        description
          "firmware-rev, as described in the
ietf-hardware YANG module.  Note that this field
MUST NOT be included when the device can be
updated but the MUD URL cannot.";
      }

      leaf software-rev {
        type string;
        description
          "software-rev, as described in the
ietf-hardware YANG module.  Note that this field
MUST NOT be included when the device can be
updated but the MUD URL cannot.";
      }

      leaf documentation {
        type inet:uri;
        description
          "This URL points to documentation that
relates to this device and any classes that it uses
in its MUD file.  A caution: MUD managers need
not resolve this URL on their own but rather simply
provide it to the administrator.  Parsing HTML is
not an intended function of a MUD manager.";
      }

      leaf-list extensions {
        type string {
          length "1..40";
        }
        description
          "A list of extension names that are used in this MUD
file.  Each name is registered with the IANA and
described in an RFC.";
      }

      container from-device-policy {
        description
          "The policies that should be enforced on traffic
coming from the device.  These policies are not
necessarily intended to be enforced at a single
point but may be rendered by the controller to any
relevant enforcement points in the network or
elsewhere.";
        container access-lists {
          description
            "The access lists that should be applied to traffic
to or from the device.";
          list access-list {
            key "name";
            description
              "Each entry on this list refers to an ACL that
should be present in the overall access list
data model.  Each ACL is identified by name and
type.";
            leaf name {
              type leafref {
                path "/acl:acls/acl:acl/acl:name";
              }
              description
                "The name of the ACL for this entry.";
            }
          }  // list access-list
        }  // container access-lists
      }  // container from-device-policy

      container to-device-policy {
        description
          "The policies that should be enforced on traffic
going to the device.  These policies are not
necessarily intended to be enforced at a single
point but may be rendered by the controller to any
relevant enforcement points in the network or
elsewhere.";
        container access-lists {
          description
            "The access lists that should be applied to traffic
to or from the device.";
          list access-list {
            key "name";
            description
              "Each entry on this list refers to an ACL that
should be present in the overall access list
data model.  Each ACL is identified by name and
type.";
            leaf name {
              type leafref {
                path "/acl:acls/acl:acl/acl:name";
              }
              description
                "The name of the ACL for this entry.";
            }
          }  // list access-list
        }  // container access-lists
      }  // container to-device-policy
    }  // container mud
  }  // module ietf-mud