scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 01:32:26 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:correct-storm-control-indentation
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:OLS-848-Schema-Intrusion-detection
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

7 Commits
correct-st ... OLS-848-Sc

Author SHA1 Message Date
Binny
2711412306 ols-848-comments-addressed 2025-10-29 09:44:19 +00:00
Binny
f11d7d8181 ols-848-intrusiondetection-draft-changes 2025-10-08 11:47:20 +00:00
Binny
02f749cc11 Merge pull request #46 from Telecominfraproject/ols-821-mclag-schema-correction 
ols-821-mclag-schema-correcttion-draft Changes
 2025-10-07 12:06:22 +05:30
Mike Hansen
5b00327adc Merge pull request #50 from Telecominfraproject/correct-storm-control-indentation 
Fix indentation for storm-control configuration.
 2025-09-24 12:29:33 -04:00
Binny
c3073a9a45 ols-821-mclag-schema-final-draft 2025-09-16 06:10:50 +00:00
Binny
05849922ed ols-821-mclag-corrections-rev2 2025-08-22 15:19:46 +00:00
Binny
598af29d51 ols-821-mclag-schema-correcttion-draft 2025-08-18 13:38:01 +00:00
8 changed files with 358 additions and 181 deletions
Expand all files Collapse all files

1
capabilities/connect.capabilities.yml
View File

@@ -282,6 +282,7 @@ properties:
- IP-ACL - IP-ACL
- Guest-VLAN - Guest-VLAN
- Storm-Control - Storm-Control
- Access-Lockout
# Services # Services
- Service-SSH - Service-SSH
- Service-RSSH - Service-RSSH

104
schema/switch.yml
View File

@@ -439,58 +439,66 @@ properties:
description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches. description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
type: object type: object
properties: properties:
type: link-type:
description: Defines the type of peer-link, either 'port' or 'trunk-group' description: Defines the type of peer-link, either 'port' or 'trunk-group'
type: string type: string
enum: enum:
- port - port
- trunk-group - trunk-group
default: trunk-group default: trunk-group
value: port-id:
description: Specifies the port or trunk-group ID for the peer-link. description: Specifies the physical port name used as peer-link (only valid if type = port).
type: string
examples:
- "Ethernet1"
- "Ethernet2"
trunk-id:
description: Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).
type: integer type: integer
minimum: 1 minimum: 1
maximum: 64 maximum: 64
mclag-group: mclag-group:
description: Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG. description: Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.
type: object type: array
properties: items:
group-id: type: object
description: Defines the unique MC-LAG group identifier. properties:
type: integer group-id:
minimum: 1 description: Defines the unique MC-LAG group identifier.
maximum: 128 type: integer
members: minimum: 1
description: List of interfaces that participate in the MC-LAG group. maximum: 128
type: array members:
items: description: List of interfaces that participate in the MC-LAG group.
type: string type: array
description: Interface names that are part of the MC-LAG group. items:
examples:
- eth0
- eth1
lacp-config:
description: LACP configuration settings for the MC-LAG group.
type: object
properties:
lacp-enable:
description: Enables or disables LACP for the MC-LAG group.
type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
type: string type: string
enum: description: Interface names that are part of the MC-LAG group.
- actor examples:
- partner - Ethernet0
default: actor - Ethernet1
lacp-timeout: lacp-config:
description: Sets the LACP timeout as either 'short' or 'long'. description: LACP configuration settings for the MC-LAG group.
type: string type: object
enum: properties:
- short lacp-enable:
- long description: Enables or disables LACP for the MC-LAG group.
default: long type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
type: string
enum:
- actor
- partner
default: actor
lacp-timeout:
description: Sets the LACP timeout as either 'short' or 'long'.
type: string
enum:
- short
- long
default: long
system-priority: system-priority:
description: Specifies the system priority used by the switch for LACP negotiations. description: Specifies the system priority used by the switch for LACP negotiations.
type: integer type: integer
@@ -537,6 +545,18 @@ properties:
minLength: 1 minLength: 1
examples: examples:
- "A VoIP Phone" - "A VoIP Phone"
intrusion-detection-access-lockout:
description: Enables protection against unauthorized login attempts by locking user access
after a specified number of failed authentication attempts within a defined period.
type: object
properties:
lockout-attempt-count:
description: Number of consecutive failed login attempts allowed before the user account is locked.
type: integer
minimum: 1
lockout-period-seconds:
description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.
type: integer
arp-inspect: arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/" $ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard: ip-source-guard:
@@ -549,4 +569,4 @@ properties:
description: Define a global list of dns servers. description: Define a global list of dns servers.
type: array type: array
items: items:
type: string type: string

36
state/state.yml
View File

@@ -187,4 +187,38 @@ properties:
description: Total number of topology changes detected. description: Total number of topology changes detected.
last-topology-change-seconds: last-topology-change-seconds:
type: integer type: integer
description: Time (in seconds) since the last topology change. description: Time (in seconds) since the last topology change.
access-lockout:
type: object
description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.
properties:
user-sessions:
type: array
description: Displays a list of user sessions being tracked for failed login attempts.
items:
type: object
properties:
username:
type: string
description: The username associated with the login attempts being tracked.
source-ip:
type: string
description: The IP address from which the login attempts originated.
failed-attempts:
type: integer
description: The number of consecutive failed login attempts recorded for this user session.
status:
type: string
description: Indicates whether the user account is currently locked or active.
enum:
- active
- locked
last-failed-attempt-time:
type: integer
description: UNIX timestamp (in seconds) of the most recent failed login attempt.
lockout-start-time:
type: integer
description: UNIX timestamp (in seconds) when the user account was locked.
lockout-expiry-time:
type: integer
description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored.

1
ucentral.capabilities.pretty.json
View File

@@ -344,6 +344,7 @@
"IP-ACL", "IP-ACL",
"Guest-VLAN", "Guest-VLAN",
"Storm-Control", "Storm-Control",
"Access-Lockout",
"Service-SSH", "Service-SSH",
"Service-RSSH", "Service-RSSH",
"Service-Telnet", "Service-Telnet",

124
ucentral.schema.full.json
View File

@@ -1289,7 +1289,7 @@
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.", "description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object", "type": "object",
"properties": { "properties": {
"type": { "link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'", "description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string", "type": "string",
"enum": [ "enum": [
@@ -1298,8 +1298,16 @@
], ],
"default": "trunk-group" "default": "trunk-group"
}, },
"value": { "port-id": {
"description": "Specifies the port or trunk-group ID for the peer-link.", "description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1,
"maximum": 64 "maximum": 64
@@ -1307,53 +1315,56 @@
} }
}, },
"mclag-group": { "mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.", "description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "object", "type": "array",
"properties": { "items": {
"group-id": { "type": "object",
"description": "Defines the unique MC-LAG group identifier.", "properties": {
"type": "integer", "group-id": {
"minimum": 1, "description": "Defines the unique MC-LAG group identifier.",
"maximum": 128 "type": "integer",
}, "minimum": 1,
"members": { "maximum": 128
"description": "List of interfaces that participate in the MC-LAG group.", },
"type": "array", "members": {
"items": { "description": "List of interfaces that participate in the MC-LAG group.",
"type": "string", "type": "array",
"description": "Interface names that are part of the MC-LAG group.", "items": {
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string", "type": "string",
"enum": [ "description": "Interface names that are part of the MC-LAG group.",
"actor", "examples": [
"partner" "Ethernet0",
], "Ethernet1"
"default": "actor" ]
}, }
"lacp-timeout": { },
"description": "Sets the LACP timeout as either 'short' or 'long'.", "lacp-config": {
"type": "string", "description": "LACP configuration settings for the MC-LAG group.",
"enum": [ "type": "object",
"short", "properties": {
"long" "lacp-enable": {
], "description": "Enables or disables LACP for the MC-LAG group.",
"default": "long" "type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
} }
} }
} }
@@ -1423,6 +1434,21 @@
} }
} }
}, },
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"arp-inspect": { "arp-inspect": {
"type": "object", "type": "object",
"description": "Global configuration for ARP Inspection on the switch.", "description": "Global configuration for ARP Inspection on the switch.",

102
ucentral.schema.json
View File

@@ -1474,7 +1474,7 @@
"peer-link": { "peer-link": {
"type": "object", "type": "object",
"properties": { "properties": {
"type": { "link-type": {
"type": "string", "type": "string",
"enum": [ "enum": [
"port", "port",
@@ -1482,7 +1482,14 @@
], ],
"default": "trunk-group" "default": "trunk-group"
}, },
"value": { "port-id": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1,
"maximum": 64 "maximum": 64
@@ -1490,45 +1497,48 @@
} }
}, },
"mclag-group": { "mclag-group": {
"type": "object", "type": "array",
"properties": { "items": {
"group-id": { "type": "object",
"type": "integer", "properties": {
"minimum": 1, "group-id": {
"maximum": 128 "type": "integer",
}, "minimum": 1,
"members": { "maximum": 128
"type": "array", },
"items": { "members": {
"type": "string", "type": "array",
"examples": [ "items": {
"eth0",
"eth1"
]
}
},
"lacp-config": {
"type": "object",
"properties": {
"lacp-enable": {
"type": "boolean",
"default": true
},
"lacp-role": {
"type": "string", "type": "string",
"enum": [ "examples": [
"actor", "Ethernet0",
"partner" "Ethernet1"
], ]
"default": "actor" }
}, },
"lacp-timeout": { "lacp-config": {
"type": "string", "type": "object",
"enum": [ "properties": {
"short", "lacp-enable": {
"long" "type": "boolean",
], "default": true
"default": "long" },
"lacp-role": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
} }
} }
} }
@@ -1589,6 +1599,18 @@
} }
} }
}, },
"intrusion-detection-access-lockout": {
"type": "object",
"properties": {
"lockout-attempt-count": {
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"type": "integer"
}
}
},
"arp-inspect": { "arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect" "$ref": "#/$defs/switch.arp-inspect"
}, },

124
ucentral.schema.pretty.json
View File

@@ -1747,7 +1747,7 @@
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.", "description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object", "type": "object",
"properties": { "properties": {
"type": { "link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'", "description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string", "type": "string",
"enum": [ "enum": [
@@ -1756,8 +1756,16 @@
], ],
"default": "trunk-group" "default": "trunk-group"
}, },
"value": { "port-id": {
"description": "Specifies the port or trunk-group ID for the peer-link.", "description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1,
"maximum": 64 "maximum": 64
@@ -1765,53 +1773,56 @@
} }
}, },
"mclag-group": { "mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.", "description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "object", "type": "array",
"properties": { "items": {
"group-id": { "type": "object",
"description": "Defines the unique MC-LAG group identifier.", "properties": {
"type": "integer", "group-id": {
"minimum": 1, "description": "Defines the unique MC-LAG group identifier.",
"maximum": 128 "type": "integer",
}, "minimum": 1,
"members": { "maximum": 128
"description": "List of interfaces that participate in the MC-LAG group.", },
"type": "array", "members": {
"items": { "description": "List of interfaces that participate in the MC-LAG group.",
"type": "string", "type": "array",
"description": "Interface names that are part of the MC-LAG group.", "items": {
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string", "type": "string",
"enum": [ "description": "Interface names that are part of the MC-LAG group.",
"actor", "examples": [
"partner" "Ethernet0",
], "Ethernet1"
"default": "actor" ]
}, }
"lacp-timeout": { },
"description": "Sets the LACP timeout as either 'short' or 'long'.", "lacp-config": {
"type": "string", "description": "LACP configuration settings for the MC-LAG group.",
"enum": [ "type": "object",
"short", "properties": {
"long" "lacp-enable": {
], "description": "Enables or disables LACP for the MC-LAG group.",
"default": "long" "type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
} }
} }
} }
@@ -1881,6 +1892,21 @@
} }
} }
}, },
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"arp-inspect": { "arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect" "$ref": "#/$defs/switch.arp-inspect"
}, },

47
ucentral.state.pretty.json
View File

@@ -256,6 +256,53 @@
} }
} }
} }
},
"access-lockout": {
"type": "object",
"description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.",
"properties": {
"user-sessions": {
"type": "array",
"description": "Displays a list of user sessions being tracked for failed login attempts.",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "The username associated with the login attempts being tracked."
},
"source-ip": {
"type": "string",
"description": "The IP address from which the login attempts originated."
},
"failed-attempts": {
"type": "integer",
"description": "The number of consecutive failed login attempts recorded for this user session."
},
"status": {
"type": "string",
"description": "Indicates whether the user account is currently locked or active.",
"enum": [
"active",
"locked"
]
},
"last-failed-attempt-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) of the most recent failed login attempt."
},
"lockout-start-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the user account was locked."
},
"lockout-expiry-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored."
}
}
}
}
}
} }
}, },
"$defs": { "$defs": {