diff options
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-authz/aaa-authz-model')
-rw-r--r-- | odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml | 95 | ||||
-rw-r--r-- | odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang | 190 |
2 files changed, 0 insertions, 285 deletions
diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml deleted file mode 100644 index ee6108bd..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/pom.xml +++ /dev/null @@ -1,95 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.opendaylight.aaa</groupId> - <artifactId>aaa-parent</artifactId> - <version>0.3.2-Beryllium-SR2</version> - <relativePath>../../parent</relativePath> - </parent> - - <artifactId>aaa-authz-model</artifactId> - <name>${project.artifactId}</name> - - <dependencies> - <dependency> - <groupId>org.opendaylight.mdsal</groupId> - <artifactId>yang-binding</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>ietf-inet-types</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>ietf-yang-types</artifactId> - </dependency> - <dependency> - <groupId>org.opendaylight.mdsal.model</groupId> - <artifactId>yang-ext</artifactId> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <extensions>true</extensions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <configuration> - <stylesheet>maven</stylesheet> - </configuration> - <executions> - <execution> - <goals> - <goal>aggregate</goal> - </goals> - <phase>site</phase> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.opendaylight.yangtools</groupId> - <artifactId>yang-maven-plugin</artifactId> - <version>${yangtools.version}</version> - <executions> - <execution> - <goals> - <goal>generate-sources</goal> - </goals> - <configuration> - <yangFilesRootDir>src/main/yang</yangFilesRootDir> - <codeGenerators> - <generator> - <codeGeneratorClass> - org.opendaylight.yangtools.maven.sal.api.gen.plugin.CodeGeneratorImpl - </codeGeneratorClass> - <outputBaseDir>${salGeneratorPath}</outputBaseDir> - </generator> - </codeGenerators> - <inspectDependencies>true</inspectDependencies> - </configuration> - </execution> - </executions> - - <dependencies> - <dependency> - <groupId>org.opendaylight.mdsal</groupId> - <artifactId>maven-sal-api-gen-plugin</artifactId> - <version>${yangtools.version}</version> - <type>jar</type> - </dependency> - </dependencies> - </plugin> - </plugins> - </build> - <packaging>bundle</packaging> - -</project> diff --git a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang b/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang deleted file mode 100644 index 2e0cf9cb..00000000 --- a/odl-aaa-moon/aaa/aaa-authz/aaa-authz-model/src/main/yang/authorization-schema.yang +++ /dev/null @@ -1,190 +0,0 @@ -module authorization-schema { - yang-version 1; - namespace "urn:aaa:yang:authz:ds"; - prefix "authz"; - organization "TBD"; - - contact "wdec@cisco.com"; - - revision 2014-07-22 { - description - "Initial revision."; - } - - //Main module begins - - //TODO: Refactor service type as URI - - //Define the servicetype; Service is used to identify the requestors' name, which would correspond to an ODL component eg Restconf. Possibly - //the naming will derive from the OSGi bundle name of the AuthZ requesting party. - - typedef service-type { - type string; - } - - //Resource denotes the actual resource that is the subject of the AuthZ request. - - typedef resource-type { - type string; - default "*"; - - //Examples of resources: - //Data : /operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1 - //Wildcarded data: /operational/opendaylight-inventory:nodes/node/*/node-connector/* - //RPC: /operations/example-ops:reboot - //Wildcarded RPC: /operations/example-ops:* - //Notification: /notifications/example-ops:startup - } - - //Role denotes the normalized role that is attributed to the AuthZ requestor, eg "admin" - - typedef role-type { - type string; - } - - //Domain denotes the customer domain that is the attributed of the AuthZ requestor, eg cisco.com - - typedef domain-type { - type string; - } - - //Action denotes the requested AuthZ action on the resource - //TODO: Refactor as identities to allow for augmentation. - - typedef action-type { - type enumeration { - enum put; - enum commit; - enum exists; - enum getIdentifier; - enum read; - enum cancel; - enum submit; - enum delete; - enum merge; - enum any; - } - default "any"; - } - - typedef authorization-response-type { - type enumeration { - enum not-authorized { value 0; } - enum authorized { value 1; } - } - } - - typedef authorization-duration-type { - type uint32; - } - - // Following grouping is the core AuthZ policy permissions data-structure, dual keyed by service and action. - // Permissions will be set-up per application. NOTE: Group and role can be equivalent. do we need both? - - grouping authorization-grp { - list policies { - key "service"; - leaf service { - type service-type; - } - leaf action { - type action-type; - } - leaf resource { - type resource-type; - mandatory true; - } - leaf role { - type role-type; - mandatory true; - } - leaf authorization { - type authorization-response-type; - } - } - } - - // Following container provides the simple, non-domain specific AuthZ policy data-structure, dual keyed by service and action. - - container simple-authorization { - uses authorization-grp; - } - - // Following container provides the domain AuthZ policy data-structure. Each Policy is extended with a authz-domain-chain, - // which contains a prioritized list of the leafrefs to additional domain policies that also apply to this domain. - // The construct allows the chaining of policies like foo.com -> customer.sp.com -> customer.carrier.com. - - - container domain-authorization { - list domains { - key "domain-name"; - leaf domain-name { - type domain-type; - } - uses authorization-grp; - list authz-domain-chain { - key "priority"; - leaf priority { - type uint32; - } - leaf domain-name { - type leafref { - path "/additional-domain-authz/domains/domain-name"; - } - } - } - } -} - -container additional-domain-authz { - list domains { - key "domain-name"; - leaf domain-name { - type domain-type; - } - uses authorization-grp; - } - } - - - - /* The following is the AuthZ RPC definition */ - - rpc req-authorization { - description - "Check Authorization for a given combination of action and role. - A not-authorized will be returned if unsuccessful."; - - input { - leaf domain-name { - type domain-type; - } - leaf service { - type service-type; - } - leaf action { - type action-type; - mandatory true; - } - - leaf resource { - type resource-type; - mandatory true; - } - leaf role { - type role-type; - mandatory true; - } - - } - - output { - - leaf authorization-response { - type authorization-response-type; - mandatory true; - } - - } - } -} |