module aaa-authz-service-impl { yang-version 1; namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv"; prefix "aaa-authz-srv-impl"; import config { prefix config; revision-date 2013-04-05; } import rpc-context { prefix rpcx; revision-date 2013-06-17; } import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; } import opendaylight-md-sal-dom {prefix dom;} import authorization-schema { prefix authzs; revision-date 2014-07-22; } import ietf-inet-types {prefix inet; revision-date 2010-09-24;} description "This module contains the base YANG definitions for AuthZ implementation."; revision "2014-07-01" { description "Initial revision."; } // This is the definition of the service implementation as a module identity. identity aaa-authz-service { base config:module-type; // Specifies the prefix for generated java classes. config:java-name-prefix AuthzSrv; config:provided-service dom:dom-broker-osgi-registry; } // Augments the 'configuration' choice node under modules/module. augment "/config:modules/config:module/config:configuration" { case aaa-authz-service { when "/config:modules/config:module/config:type = 'aaa-authz-service'"; //Defines reference to the intended broker under the AuthZ broker container dom-broker { uses config:service-ref { refine type { mandatory true; config:required-identity dom:dom-broker-osgi-registry; } } } container data-broker { uses config:service-ref { refine type { mandatory true; config:required-identity mdsal:binding-data-broker; } } } //Simple Authz data leafs: leaf authz-role { type string; } leaf service { type authzs:service-type; } // ENUMs cannot be used right now (config subsystem + netconf cannot properly serialize enums), using strings instead // In the generated module use Enum.valueOf from that string. // Expected values are following strnigs: create, read, update, delete, execute, subscribe, any; leaf action { type string; description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any"; //type authzs:action-type; } leaf resource { type authzs:resource-type; } leaf role { type authzs:role-type; } //TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator. //uses authzs:authorization-grp; list policies { key "service"; leaf service { type authzs:service-type; } // Grouping uses ENUMs and enums are not correctly serialized in Config + Netconf // Same as with action one level ip leaf action { type string; description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any"; //type authzs:action-type; } leaf resource { type authzs:resource-type; } leaf role { type authzs:role-type; } } } } }