module ietf-admin-access-statistics {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-admin-access-statistics";
  prefix stat;

  import ietf-inet-types {
    prefix inet;
      reference
        "RFC 6991 - Common YANG Data Types.";
  }

  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991 - Common YANG Data Types.";
  }

  organization
    "IETF SACM (Security Automation and Continuous Monitoring) Working Group";

  contact
    "WG Web: http://tools.ietf.org/wg/sacm/
    WG List: sacm@ietf.org

    Editor: Qiushi Lin
            linqiushi@huawei.com;
    Editor: Liang Xia
            frank.xialiang@huawei.com
        Editor: Henk Birkholz
            henk.birkholz@sit.fraunhofer.de";

  description
    "This YANG module defines ietf-admin-access-statistics YANG module, which contains online administrator lists, ip addresses authentication failure or blocked ip addresses.";

  revision 2018-10-16 {
    description "Initial version.";
        reference
      "draft-lin-sacm-nid-mp-security-baseline-04: The Data Model of Network Infrastructure Device Management Plane Security Baseline";
  }

  /*
  * features
  */
  feature display-online-info {
    description
      "If the device supports reporting the details of administrative accounts that are currenlty online.";
  }

  /*
  * typedef
  */
  typedef ip-block-state-type {
    type enumeration {
      enum "authenfail" {
        description
          "Authentication fialed State";
      }
      enum "blocked" {
        description
          "BLOCKED State";
      }
    }
    description
      "The status of an login failed IP address.";
  }

  /*
  * containers
  */
  container online {
    leaf total-online-users {
      type uint32;
      config false;
      description
        "The number of administrators that are current online.";
    }
    container online-admin-list {
      if-feature display-online-info;
      list online-users {
        key "account-name";
        leaf account-name {
          type string;
          description
            "The account name of the online account.";
        }
        leaf ip-address {
          type inet:ip-address-no-zone;
          config false;
                  description
            "The ip address of the online account.";
        }
        leaf mac-address {
          type yang:mac-address;
          config false;
                  description
            "The MAC address of the online account.";
        }
        description
          "Online adminstrator list.";
      }
      description
        "If the device supports providing information of online administrators, a list of account details are provided.";
    }
    description
      "Online administrator statistics and details.";
  }

  container ip-block-list {
    list blocked-ip {
      key "ip-address";
      leaf ip-address {
        type inet:ip-address-no-zone;
        description
          "The blocked IP address.";
      }
      leaf vpn-instance {
        type string;
        config false;
        description
          "The VPN instance of the blocked IP address.";
          }
      leaf state {
        type ip-block-state-type;
        config false;
        description
          "The status of an login failed IP address.";
          }
      leaf authen-fail-account {
        type uint32;
        config false;
        description
          "The number of the login failed attempts.";
          }
      description
        "The list of blocked IP addresses and related information.";
    }
    description
      "The information of blocked IP addresses and related information.";
  }
}