A bunch of Jinja2 templates and YAML object files to output YANG in NETCONF compatible XML ACL rules.

Based on the current ietf YANG model draft

• ACL Template - A collection of services, description and target hosts.
• SACP - Service Access Control Policy. YAML mappings containing a list of rules and the owner of the service.
• Rules - YAML mappings containing a rule definition, including source/destination IPs and ports and the action.
• Objects - YAML mappings of common host/network/ip variables. Can be recursive using Jinja2 variable syntax.
• Ruleset - A compiled access list in YAML format still containing Jinja2 variables referencing objects.
• Compiled ACL - The end result, as either CLI configuration or YANG XML, generated by an Ansible playbook and Jinja2 templates.
• Templates - The Jinja2 template files that convert a compiled ACL in to either CLI compatible config, or NETCONF compatible XML.

Step 1:

Update definition files in:

./objects/          - Any object variables
./rules/            - ACL rule definitions
./services/         - Service definitions containing the above rule definitions
./ACL_templates/    - An ACL template containing multiple services

Note: Any new object files added need to be included in the playbook.yml

Step 2:

Generate an ACL.yaml template file with:

./tools/generateRuleset.py <ruleset>

Step 3:

Edit example_playbook.yaml to reference the appropriate objects and ACL file.

Run:

ansible-playbook -i hosts example_playbook.yaml

• /tools/SRtoYAML.py - Feed it an SROS/TiMOS ACL configlet and some YAML object definitions it'll spit out YAML that we can consume

• /tools/yamilfy.py - Consumes legacy World of ACL object files and spits out YAML object definitions for use above

• /tools/netconf-tool.py - A small script to interact with a device via NETCONF