module gnmi-certificate-storage { yang-version 1; namespace "urn:opendaylight:gnmi:certificate:storage"; prefix "gnmi-cs"; description "Model used for storing connection keys for gNMI nodes. Copyright (c) 2021 PANTHEON.tech, s.r.o. and others. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at http://www.eclipse.org/legal/epl-v10.html"; revision "2021-05-04" { description "Initial revision of gNMI certification storage"; } grouping keystore-id { leaf keystore-id { description "Identification for client certificates"; mandatory true; type string; } } grouping cert-group { uses keystore-id; leaf ca-certificate { description "Certification authority"; mandatory true; type string; } leaf client-key { description "Client key. DO NOT write this directly into the data store, use the provided RPCs as these will encrypt the key before the entry is written into the data store."; mandatory true; type string; } leaf passphrase { description "If the provided key is encrypted by a passphrase this needs to be included. DO NOT write write this directly into the data store, use the provided RPCs as these will encrypt the passphrase before the entry is written into the data store"; type string; } leaf client-cert { description "Client certificate"; mandatory true; type string; } } list keystore { description "Client certificates storage"; config false; key keystore-id; uses cert-group; } rpc add-keystore-certificate { input { uses cert-group; } } rpc remove-keystore-certificate { input { uses keystore-id; } } }