summaryrefslogtreecommitdiffstats
path: root/source/schema/access-control-models.yang
blob: 7b4684cf2e8442deae041eda177d99343700930c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

module access-control-models {
  prefix acm;
  namespace "urn:opnfv:promise:acm";

  import complex-types { prefix ct; }
  import ietf-yang-types { prefix yang; }
  import ietf-inet-types { prefix inet; }

  typedef password {
    type string {
      length 1..255;
    }
  }

  grouping access-credentials {
    leaf strategy {
      type enumeration {
        enum oauth;
        enum keystone;
      }
      default oauth;
    }
    leaf endpoint {
      type inet:uri;
      description "The target endpoint for authentication";
      mandatory true;
    }
    leaf username {
      type string;
      mandatory true;
    }
    leaf password {
      type acm:password;
      mandatory true;
    }
  }
  
  /*********************************************
   * Identity Models
   *********************************************/

  ct:complex-type Identity {
    ct:abstract true;
    description "Identity represents an administrative access model entity";

    key "id";
    leaf id { type yang:uuid; mandatory true; }
    leaf name { type string; mandatory true; }
    leaf description { type string; }
    leaf enabled { type boolean; default true; }
  }

  ct:complex-type User {
    ct:extends Identity;

    leaf credential {
      //type instance-identifier { ct:instance-type IdentityCredential; }
      type string;
      mandatory true;
    }
    
    container contact {
      leaf fullName { type string; }
      leaf email { type string; }
    }

    leaf-list groups { type instance-identifer { ct:instance-type Group; } }
    leaf domain { type instance-identifier { ct:instance-type Domain; } }
  }

  ct:complex-type Group {
    ct:extends Identity;
    
    leaf-list users { type instance-identifier { ct:instance-type User; } }
    leaf domain { type instance-identifier { ct:instance-type Domain; } }
  }

  ct:complex-type Domain {
    ct:extends Identity;
    description
      "Domain represent a distinct administrative domain across
       collection of users and groups.";

    ct:instance-list users { ct:instance-type User; }
    ct:instance-list groups { ct:instance-type Group; }
  }

  rpc create-user;
  rpc remove-user;
  rpc create-group;
  rpc remove-group;
}