gnsi: add ssl-profile-id leaf

This was discussed in: #1050 where it seemed that the /system/grpc-servers/grpc-server/config/certificate_id leaf from https://github.com/brianneville/oc-public/blob/7d21dfc82acb9e39ee8b23a05ba3f5101f33b196/release/models/system/openconfig-system-grpc.yang#L162 had effectively been hijacked/repurposed to provide this utility. The leaf added here is explicitly to allow for configuration of the ssl-profile-id of a gRPC server.
openconfig · Mar 7, 2024 · be9c77d · be9c77d
1 parent 7d21dfc
commit be9c77d
Showing 1 changed file with 30 additions and 10 deletions.
diff --git a/release/models/gnsi/openconfig-gnsi-certz.yang b/release/models/gnsi/openconfig-gnsi-certz.yang
@@ -30,7 +30,13 @@ module openconfig-gnsi-certz {
     "This module provides a data model for the metadata of gRPC credentials
     installed on a networking device.";
 
-  oc-ext:openconfig-version "0.6.0";
+  oc-ext:openconfig-version "0.7.0";
+
+  revision 2024-03-07 {
+    description
+      "add leaf to configure ssl-profile-id";
+    reference "0.7.0";
+  }
 
   revision 2024-03-05 {
     description
@@ -126,6 +132,18 @@ module openconfig-gnsi-certz {
     }
   }
 
+  grouping grpc-server-certz-ssl-profile-config {
+    description
+      "gRPC server ssl profile configuration";
+
+    leaf ssl-profile-id {
+      type string;
+      description
+        "The ID of this gRPC server's SSL profile
+        as used by the gNSI Certz service";
+    }    
+  }
+
   // TODO(earies): move to a system-wide subtree:
   // https://github.com/openconfig/public/issues/1049
   grouping grpc-server-credentials-state {
@@ -183,15 +201,8 @@ module openconfig-gnsi-certz {
         "The timestamp of the moment when the authentication policy
         that is currently used by this gRPC server was created.";
     }
-    // TODO(earies): Consider aligning this with grpc-server key after moving
-    // to a system-wide subtree:
-    // https://github.com/openconfig/public/issues/1050
-    leaf ssl-profile-id {
-      type string;
-      description
-        "The ID of this gRPC server's SSL profile
-        as used by the gNSI Certz service";
-    }
+
+    uses grpc-server-certz-ssl-profile-config;
   }
 
   // Augments section.
@@ -212,4 +223,13 @@ module openconfig-gnsi-certz {
     description
       "gNSI certz server access counters.";
   }
+
+  augment "/oc-sys:system/oc-sys-grpc:grpc-servers/oc-sys-grpc:grpc-server/" +
+          "oc-sys-grpc:config" {
+    when "../config[contains(services, 'oc-gnsi:GNSI')]/enable = 'true'";
+    description
+      "gRPC server ssl profile configuration";
+
+    uses grpc-server-certz-ssl-profile-config;
+  }
 }