added copy of github.com/opnfv/promise source into the source directory

Change-Id: Ib212302a4132aa492f7b701a7ca02f54a7d0a6af

1 files changed, 92 insertions, 0 deletions

diff --git a/source/schema/access-control-models.yang b/source/schema/access-control-models.yang
new file mode 100644
index 0000000..7b4684c
--- /dev/null
+++ b/source/schema/access-control-models.yang
@@ -0,0 +1,92 @@
+module access-control-models {
+  prefix acm;
+  namespace "urn:opnfv:promise:acm";
+
+  import complex-types { prefix ct; }
+  import ietf-yang-types { prefix yang; }
+  import ietf-inet-types { prefix inet; }
+
+  typedef password {
+    type string {
+      length 1..255;
+    }
+  }
+
+  grouping access-credentials {
+    leaf strategy {
+      type enumeration {
+        enum oauth;
+        enum keystone;
+      }
+      default oauth;
+    }
+    leaf endpoint {
+      type inet:uri;
+      description "The target endpoint for authentication";
+      mandatory true;
+    }
+    leaf username {
+      type string;
+      mandatory true;
+    }
+    leaf password {
+      type acm:password;
+      mandatory true;
+    }
+  }
+  
+  /*********************************************
+   * Identity Models
+   *********************************************/
+
+  ct:complex-type Identity {
+    ct:abstract true;
+    description "Identity represents an administrative access model entity";
+
+    key "id";
+    leaf id { type yang:uuid; mandatory true; }
+    leaf name { type string; mandatory true; }
+    leaf description { type string; }
+    leaf enabled { type boolean; default true; }
+  }
+
+  ct:complex-type User {
+    ct:extends Identity;
+
+    leaf credential {
+      //type instance-identifier { ct:instance-type IdentityCredential; }
+      type string;
+      mandatory true;
+    }
+    
+    container contact {
+      leaf fullName { type string; }
+      leaf email { type string; }
+    }
+
+    leaf-list groups { type instance-identifer { ct:instance-type Group; } }
+    leaf domain { type instance-identifier { ct:instance-type Domain; } }
+  }
+
+  ct:complex-type Group {
+    ct:extends Identity;
+    
+    leaf-list users { type instance-identifier { ct:instance-type User; } }
+    leaf domain { type instance-identifier { ct:instance-type Domain; } }
+  }
+
+  ct:complex-type Domain {
+    ct:extends Identity;
+    description
+      "Domain represent a distinct administrative domain across
+       collection of users and groups.";
+
+    ct:instance-list users { ct:instance-type User; }
+    ct:instance-list groups { ct:instance-type Group; }
+  }
+
+  rpc create-user;
+  rpc remove-user;
+  rpc create-group;
+  rpc remove-group;
+}