summaryrefslogtreecommitdiffstats
path: root/source/schema/access-control-models.yang
diff options
context:
space:
mode:
Diffstat (limited to 'source/schema/access-control-models.yang')
-rw-r--r--source/schema/access-control-models.yang92
1 files changed, 92 insertions, 0 deletions
diff --git a/source/schema/access-control-models.yang b/source/schema/access-control-models.yang
new file mode 100644
index 0000000..7b4684c
--- /dev/null
+++ b/source/schema/access-control-models.yang
@@ -0,0 +1,92 @@
+module access-control-models {
+ prefix acm;
+ namespace "urn:opnfv:promise:acm";
+
+ import complex-types { prefix ct; }
+ import ietf-yang-types { prefix yang; }
+ import ietf-inet-types { prefix inet; }
+
+ typedef password {
+ type string {
+ length 1..255;
+ }
+ }
+
+ grouping access-credentials {
+ leaf strategy {
+ type enumeration {
+ enum oauth;
+ enum keystone;
+ }
+ default oauth;
+ }
+ leaf endpoint {
+ type inet:uri;
+ description "The target endpoint for authentication";
+ mandatory true;
+ }
+ leaf username {
+ type string;
+ mandatory true;
+ }
+ leaf password {
+ type acm:password;
+ mandatory true;
+ }
+ }
+
+ /*********************************************
+ * Identity Models
+ *********************************************/
+
+ ct:complex-type Identity {
+ ct:abstract true;
+ description "Identity represents an administrative access model entity";
+
+ key "id";
+ leaf id { type yang:uuid; mandatory true; }
+ leaf name { type string; mandatory true; }
+ leaf description { type string; }
+ leaf enabled { type boolean; default true; }
+ }
+
+ ct:complex-type User {
+ ct:extends Identity;
+
+ leaf credential {
+ //type instance-identifier { ct:instance-type IdentityCredential; }
+ type string;
+ mandatory true;
+ }
+
+ container contact {
+ leaf fullName { type string; }
+ leaf email { type string; }
+ }
+
+ leaf-list groups { type instance-identifer { ct:instance-type Group; } }
+ leaf domain { type instance-identifier { ct:instance-type Domain; } }
+ }
+
+ ct:complex-type Group {
+ ct:extends Identity;
+
+ leaf-list users { type instance-identifier { ct:instance-type User; } }
+ leaf domain { type instance-identifier { ct:instance-type Domain; } }
+ }
+
+ ct:complex-type Domain {
+ ct:extends Identity;
+ description
+ "Domain represent a distinct administrative domain across
+ collection of users and groups.";
+
+ ct:instance-list users { ct:instance-type User; }
+ ct:instance-list groups { ct:instance-type Group; }
+ }
+
+ rpc create-user;
+ rpc remove-user;
+ rpc create-group;
+ rpc remove-group;
+}