1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
module aaa-authz-service-impl {
yang-version 1;
namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv";
prefix "aaa-authz-srv-impl";
import config { prefix config; revision-date 2013-04-05; }
import rpc-context { prefix rpcx; revision-date 2013-06-17; }
import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; }
import opendaylight-md-sal-dom {prefix dom;}
import authorization-schema { prefix authzs; revision-date 2014-07-22; }
import ietf-inet-types {prefix inet; revision-date 2010-09-24;}
description
"This module contains the base YANG definitions for
AuthZ implementation.";
revision "2014-07-01" {
description
"Initial revision.";
}
// This is the definition of the service implementation as a module identity.
identity aaa-authz-service {
base config:module-type;
// Specifies the prefix for generated java classes.
config:java-name-prefix AuthzSrv;
config:provided-service dom:dom-broker-osgi-registry;
}
// Augments the 'configuration' choice node under modules/module.
augment "/config:modules/config:module/config:configuration" {
case aaa-authz-service {
when "/config:modules/config:module/config:type = 'aaa-authz-service'";
//Defines reference to the intended broker under the AuthZ broker
container dom-broker {
uses config:service-ref {
refine type {
mandatory true;
config:required-identity dom:dom-broker-osgi-registry;
}
}
}
container data-broker {
uses config:service-ref {
refine type {
mandatory true;
config:required-identity mdsal:binding-data-broker;
}
}
}
//Simple Authz data leafs:
leaf authz-role {
type string;
}
leaf service {
type authzs:service-type;
}
// ENUMs cannot be used right now (config subsystem + netconf cannot properly serialize enums), using strings instead
// In the generated module use Enum.valueOf from that string.
// Expected values are following strnigs: create, read, update, delete, execute, subscribe, any;
leaf action {
type string;
description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
//type authzs:action-type;
}
leaf resource {
type authzs:resource-type;
}
leaf role {
type authzs:role-type;
}
//TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator.
//uses authzs:authorization-grp;
list policies {
key "service";
leaf service {
type authzs:service-type;
}
// Grouping uses ENUMs and enums are not correctly serialized in Config + Netconf
// Same as with action one level ip
leaf action {
type string;
description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
//type authzs:action-type;
}
leaf resource {
type authzs:resource-type;
}
leaf role {
type authzs:role-type;
}
}
}
}
}
|
