From 2ca7d533b6fe01a10fcc3474812183e4c4a8431e Mon Sep 17 00:00:00 2001
From: Peter Lee <peter@corenova.com>
Date: Fri, 29 Jan 2016 15:21:56 -0800
Subject: added copy of github.com/opnfv/promise source into the source
 directory

Change-Id: Ib212302a4132aa492f7b701a7ca02f54a7d0a6af
(cherry picked from commit a46af646972b6ff263fb207d28a59e7ce7417b5c)
---
 source/schema/access-control-models.yang | 92 ++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 source/schema/access-control-models.yang

(limited to 'source/schema/access-control-models.yang')

diff --git a/source/schema/access-control-models.yang b/source/schema/access-control-models.yang
new file mode 100644
index 0000000..7b4684c
--- /dev/null
+++ b/source/schema/access-control-models.yang
@@ -0,0 +1,92 @@
+module access-control-models {
+  prefix acm;
+  namespace "urn:opnfv:promise:acm";
+
+  import complex-types { prefix ct; }
+  import ietf-yang-types { prefix yang; }
+  import ietf-inet-types { prefix inet; }
+
+  typedef password {
+    type string {
+      length 1..255;
+    }
+  }
+
+  grouping access-credentials {
+    leaf strategy {
+      type enumeration {
+        enum oauth;
+        enum keystone;
+      }
+      default oauth;
+    }
+    leaf endpoint {
+      type inet:uri;
+      description "The target endpoint for authentication";
+      mandatory true;
+    }
+    leaf username {
+      type string;
+      mandatory true;
+    }
+    leaf password {
+      type acm:password;
+      mandatory true;
+    }
+  }
+  
+  /*********************************************
+   * Identity Models
+   *********************************************/
+
+  ct:complex-type Identity {
+    ct:abstract true;
+    description "Identity represents an administrative access model entity";
+
+    key "id";
+    leaf id { type yang:uuid; mandatory true; }
+    leaf name { type string; mandatory true; }
+    leaf description { type string; }
+    leaf enabled { type boolean; default true; }
+  }
+
+  ct:complex-type User {
+    ct:extends Identity;
+
+    leaf credential {
+      //type instance-identifier { ct:instance-type IdentityCredential; }
+      type string;
+      mandatory true;
+    }
+    
+    container contact {
+      leaf fullName { type string; }
+      leaf email { type string; }
+    }
+
+    leaf-list groups { type instance-identifer { ct:instance-type Group; } }
+    leaf domain { type instance-identifier { ct:instance-type Domain; } }
+  }
+
+  ct:complex-type Group {
+    ct:extends Identity;
+    
+    leaf-list users { type instance-identifier { ct:instance-type User; } }
+    leaf domain { type instance-identifier { ct:instance-type Domain; } }
+  }
+
+  ct:complex-type Domain {
+    ct:extends Identity;
+    description
+      "Domain represent a distinct administrative domain across
+       collection of users and groups.";
+
+    ct:instance-list users { ct:instance-type User; }
+    ct:instance-list groups { ct:instance-type Group; }
+  }
+
+  rpc create-user;
+  rpc remove-user;
+  rpc create-group;
+  rpc remove-group;
+}
-- 
cgit 1.2.3-korg