submodule openconfig-aaa-tacacs {

  yang-version "1";

  belongs-to "openconfig-aaa" {
    prefix "oc-aaa";
  }

  // import some basic types
  import openconfig-inet-types { prefix oc-inet; }
  import openconfig-extensions { prefix oc-ext; }
  import openconfig-aaa-types { prefix oc-aaa-types; }
  import openconfig-types { prefix oc-types; }


  // meta
  organization "OpenConfig working group";

  contact
    "OpenConfig working group
    www.openconfig.net";

  description
    "This module defines configuration and operational state data
    related to the TACACS+ protocol for authentication,
    authorization, and accounting.";

  oc-ext:openconfig-version "1.0.0";

  revision "2022-07-29" {
    description
      "Update user role to be mandatory.";
      reference "1.0.0";
  }

  revision "2020-07-30" {
    description
      "Add secret-key-hashed.";
    reference "0.5.0";
  }

  revision "2018-11-21" {
    description
      "Add OpenConfig module metadata extensions.";
    reference "0.4.1";
  }

  revision "2017-09-18" {
    description
      "Updated to use OpenConfig types modules";
    reference "0.3.0";
  }

  revision "2017-07-06" {
    description
      "Move to oc-inet types, add IETF attribution, add RADIUS
      counters, changed password leaf names to indicate hashed";
    reference "0.2.0";
  }

  revision "2017-01-29" {
    description
      "Initial public release";
    reference "0.1.0";
  }

  // extension statements

  // feature statements

  // identity statements

  identity TACACS {
    base oc-aaa-types:AAA_SERVER_TYPE;
    description
      "Terminal Access Controller Access Control System (TACACS+)
      AAA server";
    reference
      "The TACACS+ Protocol (draft-ietf-opsawg-tacacs-05)
      RFC 1492 - An Access Control Protocol, Sometimes Called
      TACACS";
  }

  // typedef statements

  // grouping statements

  grouping aaa-tacacs-server-config {
    description
      "Configuration data for a TACACS+ server";

    leaf port {
      type oc-inet:port-number;
      default 49;
      description
        "The port number on which to contact the TACACS server";
    }

    leaf secret-key {
      type oc-types:routing-password;
      description
        "The unencrypted shared key used between the authentication
        server and the device.";
    }

    leaf secret-key-hashed {
      type oc-aaa-types:crypt-password-type;
      description
        "The hashed shared key used between the authentication
        server and the device.";
    }

    leaf source-address {
      type oc-inet:ip-address;
      description
        "Source IP address to use in messages to the TACACS server";
    }
  }

  grouping aaa-tacacs-server-state {
    description
      "Operational state data for a TACACS+ server";
  }

  grouping aaa-tacacs-server-top {
    description
      "Top-level grouping for TACACS+ sever data";

    container tacacs {
      description
        "Top-level container for TACACS+ server data";

      container config {
        description
          "Configuration data for TACACS+ server";

        uses aaa-tacacs-server-config;
      }

      container state {

        config false;

        description
          "Operational state data for TACACS+ server";

        uses aaa-tacacs-server-config;
        uses aaa-tacacs-server-state;
      }
    }
  }

  // data definition statements

  // augment statements

  // rpc statements

  // notification statements

}