aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang')
-rw-r--r--odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang115
1 files changed, 115 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang b/odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang
new file mode 100644
index 00000000..954d0480
--- /dev/null
+++ b/odl-aaa-moon/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang
@@ -0,0 +1,115 @@
+module aaa-authz-service-impl {
+
+ yang-version 1;
+ namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv";
+ prefix "aaa-authz-srv-impl";
+
+ import config { prefix config; revision-date 2013-04-05; }
+ import rpc-context { prefix rpcx; revision-date 2013-06-17; }
+ import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; }
+ import opendaylight-md-sal-dom {prefix dom;}
+ import authorization-schema { prefix authzs; revision-date 2014-07-22; }
+ import ietf-inet-types {prefix inet; revision-date 2010-09-24;}
+
+ description
+ "This module contains the base YANG definitions for
+ AuthZ implementation.";
+
+ revision "2014-07-01" {
+ description
+ "Initial revision.";
+ }
+
+
+ // This is the definition of the service implementation as a module identity.
+ identity aaa-authz-service {
+ base config:module-type;
+ // Specifies the prefix for generated java classes.
+ config:java-name-prefix AuthzSrv;
+ config:provided-service dom:dom-broker-osgi-registry;
+ }
+
+ // Augments the 'configuration' choice node under modules/module.
+
+ augment "/config:modules/config:module/config:configuration" {
+ case aaa-authz-service {
+ when "/config:modules/config:module/config:type = 'aaa-authz-service'";
+
+//Defines reference to the intended broker under the AuthZ broker
+
+ container dom-broker {
+ uses config:service-ref {
+ refine type {
+ mandatory true;
+ config:required-identity dom:dom-broker-osgi-registry;
+ }
+ }
+ }
+
+ container data-broker {
+ uses config:service-ref {
+ refine type {
+ mandatory true;
+ config:required-identity mdsal:binding-data-broker;
+
+ }
+ }
+ }
+
+//Simple Authz data leafs:
+
+ leaf authz-role {
+ type string;
+ }
+ leaf service {
+ type authzs:service-type;
+ }
+
+ // ENUMs cannot be used right now (config subsystem + netconf cannot properly serialize enums), using strings instead
+ // In the generated module use Enum.valueOf from that string.
+ // Expected values are following strnigs: create, read, update, delete, execute, subscribe, any;
+ leaf action {
+ type string;
+ description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
+ //type authzs:action-type;
+
+ }
+ leaf resource {
+ type authzs:resource-type;
+
+ }
+ leaf role {
+ type authzs:role-type;
+ }
+
+
+
+ //TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator.
+ //uses authzs:authorization-grp;
+ list policies {
+ key "service";
+ leaf service {
+ type authzs:service-type;
+ }
+ // Grouping uses ENUMs and enums are not correctly serialized in Config + Netconf
+ // Same as with action one level ip
+ leaf action {
+ type string;
+ description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
+ //type authzs:action-type;
+ }
+ leaf resource {
+ type authzs:resource-type;
+
+ }
+ leaf role {
+ type authzs:role-type;
+
+ }
+ }
+
+
+ }
+ }
+
+}