+++ /dev/null
-module access-control-models {
- prefix acm;
- namespace "urn:opnfv:promise:acm";
-
- import complex-types { prefix ct; }
- import ietf-yang-types { prefix yang; }
- import ietf-inet-types { prefix inet; }
-
- typedef password {
- type string {
- length 1..255;
- }
- }
-
- grouping access-credentials {
- leaf strategy {
- type enumeration {
- enum oauth;
- enum keystone;
- }
- default oauth;
- }
- leaf endpoint {
- type inet:uri;
- description "The target endpoint for authentication";
- mandatory true;
- }
- leaf username {
- type string;
- mandatory true;
- }
- leaf password {
- type acm:password;
- mandatory true;
- }
- }
-
- /*********************************************
- * Identity Models
- *********************************************/
-
- ct:complex-type Identity {
- ct:abstract true;
- description "Identity represents an administrative access model entity";
-
- key "id";
- leaf id { type yang:uuid; mandatory true; }
- leaf name { type string; mandatory true; }
- leaf description { type string; }
- leaf enabled { type boolean; default true; }
- }
-
- ct:complex-type User {
- ct:extends Identity;
-
- leaf credential {
- //type instance-identifier { ct:instance-type IdentityCredential; }
- type string;
- mandatory true;
- }
-
- container contact {
- leaf fullName { type string; }
- leaf email { type string; }
- }
-
- leaf-list groups { type instance-identifer { ct:instance-type Group; } }
- leaf domain { type instance-identifier { ct:instance-type Domain; } }
- }
-
- ct:complex-type Group {
- ct:extends Identity;
-
- leaf-list users { type instance-identifier { ct:instance-type User; } }
- leaf domain { type instance-identifier { ct:instance-type Domain; } }
- }
-
- ct:complex-type Domain {
- ct:extends Identity;
- description
- "Domain represent a distinct administrative domain across
- collection of users and groups.";
-
- ct:instance-list users { ct:instance-type User; }
- ct:instance-list groups { ct:instance-type Group; }
- }
-
- rpc create-user;
- rpc remove-user;
- rpc create-group;
- rpc remove-group;
-}