summaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authz/aaa-authz-model
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-authz/aaa-authz-model')
-rw-r--r--odl-aaa-moon/aaa-authz/aaa-authz-model/pom.xml95
-rw-r--r--odl-aaa-moon/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang190
2 files changed, 0 insertions, 285 deletions
diff --git a/odl-aaa-moon/aaa-authz/aaa-authz-model/pom.xml b/odl-aaa-moon/aaa-authz/aaa-authz-model/pom.xml
deleted file mode 100644
index a1d3a28f..00000000
--- a/odl-aaa-moon/aaa-authz/aaa-authz-model/pom.xml
+++ /dev/null
@@ -1,95 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.opendaylight.aaa</groupId>
- <artifactId>aaa-parent</artifactId>
- <version>0.3.1-Beryllium-SR1</version>
- <relativePath>../../parent</relativePath>
- </parent>
-
- <artifactId>aaa-authz-model</artifactId>
- <name>${project.artifactId}</name>
-
- <dependencies>
- <dependency>
- <groupId>org.opendaylight.mdsal</groupId>
- <artifactId>yang-binding</artifactId>
- </dependency>
- <dependency>
- <groupId>org.opendaylight.mdsal.model</groupId>
- <artifactId>ietf-inet-types</artifactId>
- </dependency>
- <dependency>
- <groupId>org.opendaylight.mdsal.model</groupId>
- <artifactId>ietf-yang-types</artifactId>
- </dependency>
- <dependency>
- <groupId>org.opendaylight.mdsal.model</groupId>
- <artifactId>yang-ext</artifactId>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <stylesheet>maven</stylesheet>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>aggregate</goal>
- </goals>
- <phase>site</phase>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.opendaylight.yangtools</groupId>
- <artifactId>yang-maven-plugin</artifactId>
- <version>${yangtools.version}</version>
- <executions>
- <execution>
- <goals>
- <goal>generate-sources</goal>
- </goals>
- <configuration>
- <yangFilesRootDir>src/main/yang</yangFilesRootDir>
- <codeGenerators>
- <generator>
- <codeGeneratorClass>
- org.opendaylight.yangtools.maven.sal.api.gen.plugin.CodeGeneratorImpl
- </codeGeneratorClass>
- <outputBaseDir>${salGeneratorPath}</outputBaseDir>
- </generator>
- </codeGenerators>
- <inspectDependencies>true</inspectDependencies>
- </configuration>
- </execution>
- </executions>
-
- <dependencies>
- <dependency>
- <groupId>org.opendaylight.mdsal</groupId>
- <artifactId>maven-sal-api-gen-plugin</artifactId>
- <version>${yangtools.version}</version>
- <type>jar</type>
- </dependency>
- </dependencies>
- </plugin>
- </plugins>
- </build>
- <packaging>bundle</packaging>
-
-</project>
diff --git a/odl-aaa-moon/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang b/odl-aaa-moon/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang
deleted file mode 100644
index 2e0cf9cb..00000000
--- a/odl-aaa-moon/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang
+++ /dev/null
@@ -1,190 +0,0 @@
-module authorization-schema {
- yang-version 1;
- namespace "urn:aaa:yang:authz:ds";
- prefix "authz";
- organization "TBD";
-
- contact "wdec@cisco.com";
-
- revision 2014-07-22 {
- description
- "Initial revision.";
- }
-
- //Main module begins
-
- //TODO: Refactor service type as URI
-
- //Define the servicetype; Service is used to identify the requestors' name, which would correspond to an ODL component eg Restconf. Possibly
- //the naming will derive from the OSGi bundle name of the AuthZ requesting party.
-
- typedef service-type {
- type string;
- }
-
- //Resource denotes the actual resource that is the subject of the AuthZ request.
-
- typedef resource-type {
- type string;
- default "*";
-
- //Examples of resources:
- //Data : /operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1
- //Wildcarded data: /operational/opendaylight-inventory:nodes/node/*/node-connector/*
- //RPC: /operations/example-ops:reboot
- //Wildcarded RPC: /operations/example-ops:*
- //Notification: /notifications/example-ops:startup
- }
-
- //Role denotes the normalized role that is attributed to the AuthZ requestor, eg "admin"
-
- typedef role-type {
- type string;
- }
-
- //Domain denotes the customer domain that is the attributed of the AuthZ requestor, eg cisco.com
-
- typedef domain-type {
- type string;
- }
-
- //Action denotes the requested AuthZ action on the resource
- //TODO: Refactor as identities to allow for augmentation.
-
- typedef action-type {
- type enumeration {
- enum put;
- enum commit;
- enum exists;
- enum getIdentifier;
- enum read;
- enum cancel;
- enum submit;
- enum delete;
- enum merge;
- enum any;
- }
- default "any";
- }
-
- typedef authorization-response-type {
- type enumeration {
- enum not-authorized { value 0; }
- enum authorized { value 1; }
- }
- }
-
- typedef authorization-duration-type {
- type uint32;
- }
-
- // Following grouping is the core AuthZ policy permissions data-structure, dual keyed by service and action.
- // Permissions will be set-up per application. NOTE: Group and role can be equivalent. do we need both?
-
- grouping authorization-grp {
- list policies {
- key "service";
- leaf service {
- type service-type;
- }
- leaf action {
- type action-type;
- }
- leaf resource {
- type resource-type;
- mandatory true;
- }
- leaf role {
- type role-type;
- mandatory true;
- }
- leaf authorization {
- type authorization-response-type;
- }
- }
- }
-
- // Following container provides the simple, non-domain specific AuthZ policy data-structure, dual keyed by service and action.
-
- container simple-authorization {
- uses authorization-grp;
- }
-
- // Following container provides the domain AuthZ policy data-structure. Each Policy is extended with a authz-domain-chain,
- // which contains a prioritized list of the leafrefs to additional domain policies that also apply to this domain.
- // The construct allows the chaining of policies like foo.com -> customer.sp.com -> customer.carrier.com.
-
-
- container domain-authorization {
- list domains {
- key "domain-name";
- leaf domain-name {
- type domain-type;
- }
- uses authorization-grp;
- list authz-domain-chain {
- key "priority";
- leaf priority {
- type uint32;
- }
- leaf domain-name {
- type leafref {
- path "/additional-domain-authz/domains/domain-name";
- }
- }
- }
- }
-}
-
-container additional-domain-authz {
- list domains {
- key "domain-name";
- leaf domain-name {
- type domain-type;
- }
- uses authorization-grp;
- }
- }
-
-
-
- /* The following is the AuthZ RPC definition */
-
- rpc req-authorization {
- description
- "Check Authorization for a given combination of action and role.
- A not-authorized will be returned if unsuccessful.";
-
- input {
- leaf domain-name {
- type domain-type;
- }
- leaf service {
- type service-type;
- }
- leaf action {
- type action-type;
- mandatory true;
- }
-
- leaf resource {
- type resource-type;
- mandatory true;
- }
- leaf role {
- type role-type;
- mandatory true;
- }
-
- }
-
- output {
-
- leaf authorization-response {
- type authorization-response-type;
- mandatory true;
- }
-
- }
- }
-}