Add openconfig-snmp YANG model for SNMP configuration and monitoring

[nleiva]

Change Scope

This PR adds a new YANG module openconfig-snmp under release/models/system/
for managing SNMP services on network devices. The model covers community-based
SNMPv1/v2c configuration including:

• Global SNMP settings (contact, location)
• Community definitions with access modes (read-only, read-write)
• Client prefix restrictions per community
• Trap/notification receivers
• Notification event filtering (authentication, line-status, etc.)

SNMPv3 is explicitly out of scope for this module.

The module is imported by openconfig-system.yang under the system hierarchy.

Platform Implementations

• Implementation A: SNMPv1/v2c Configuration
• Implementation C: SNMP Configuration Guide, Cisco IOS XE 17

Tree View

module: openconfig-system
  +--rw system
     ...
     +--rw snmp
        +--rw config
        |  +--rw contact?    string
        |  +--rw location?   string
        +--ro state
        |  +--ro contact?    string
        |  +--ro location?   string
        +--rw communities
        |  +--rw community* [name]
        |     +--rw name       -> ../config/name
        |     +--rw config
        |     |  +--rw name?          string
        |     |  +--rw access-mode?   snmp-access-mode
        |     |  +--rw version?       snmp-version
        |     |  +--rw access-list?   -> /oc-acl:acl/acl-sets/acl-set/config/name
        |     +--ro state
        |     |  +--ro name?          string
        |     |  +--ro access-mode?   snmp-access-mode
        |     |  +--ro version?       snmp-version
        |     |  +--ro access-list?   -> /oc-acl:acl/acl-sets/acl-set/config/name
        |     +--rw clients
        |        +--rw client* [prefix]
        |           +--rw prefix    -> ../config/prefix
        |           +--rw config
        |           |  +--rw prefix?   oc-inet:ip-prefix
        |           +--ro state
        |              +--ro prefix?   oc-inet:ip-prefix
        +--rw notifications
           +--rw config
           |  +--rw event-type*   identityref
           +--ro state
           |  +--ro event-type*   identityref
           +--rw receivers
              +--rw receiver* [name]
                 +--rw name      -> ../config/name
                 +--rw config
                 |  +--rw name?         string
                 |  +--rw address?      oc-inet:ip-address
                 |  +--rw port?         inet:port-number
                 |  +--rw version?      snmp-version
                 |  +--rw community?    string
                 |  +--rw event-type*   identityref
                 +--ro state
                    +--ro name?                    string
                    +--ro address?                 oc-inet:ip-address
                    +--ro port?                    inet:port-number
                    +--ro version?                 snmp-version
                    +--ro community?               string
                    +--ro event-type*              identityref
                    +--ro notifications-sent?      yang:counter64
                    +--ro notifications-dropped?   yang:counter64

[gemini-code-assist]

Code Review

This pull request introduces the openconfig-snmp module for community-based SNMP configuration and state, integrating it into the system model. Feedback identifies that the snmp-top grouping is not yet instantiated in the system container and that the access-list reference is ambiguous because it lacks the ACL type required for the composite key. Suggestions were also made to use oc-inet:port-number with a default value for notification ports and to add must statements to prevent combining the 'ALL' event type with specific identities.

[gemini-code-assist]

The description states that the ALL identity should not be combined with other specific event types. This constraint should be enforced with a must statement to prevent invalid configurations.

    leaf-list event-type {
      type identityref {
        base SNMP_NOTIFICATION_EVENT;
      }
      must "not(count(.) > 1 and . = 'oc-snmp:ALL')" {
        error-message "Specific event types cannot be combined with ALL";
      }
      description
        "Event types enabled for this specific receiver.
        If empty, the receiver inherits the globally
        configured event-type list under
        notifications/config. If both are empty, no
        notifications are sent. If the global list
        contains ALL, all event types are sent unless
        this receiver-level list restricts them to a
        subset.";
    }

[gemini-code-assist]

Similar to the receiver-level configuration, the global event-type list should also enforce the exclusivity of the ALL identity using a must statement.

    leaf-list event-type {
      type identityref {
        base SNMP_NOTIFICATION_EVENT;
      }
      must "not(count(.) > 1 and . = 'oc-snmp:ALL')" {
        error-message "Specific event types cannot be combined with ALL";
      }
      description
        "Globally enabled notification event types.
        This list provides a default set of events for
        all receivers. Individual receivers may override
        this by specifying their own event-type list.
        If ALL is included, all event types are enabled
        globally; specific identities should not be
        combined with ALL.";
    }

[ElodinLaarz]

/gcbrun

[OpenConfigBot]

No major YANG version changes in commit 84d2588

[dplore]

/gcbrun