3 * Copyright 2017 RIFT.IO Inc
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 module rw-project-mano
21 namespace "http://riftio.com/ns/riftware-1.0/rw-project-mano";
22 prefix "rw-project-mano";
25 prefix "rw-rbac-base";
36 import rw-rbac-internal {
37 prefix "rw-rbac-internal";
42 "Initial revision. This YANG file defines the
43 MANO extentions for project based tenancy";
45 "Derived from earlier versions of base YANG files";
48 identity catalog-oper {
49 base rw-project:project-role;
51 "The catalog-oper Role has read permission to the VNFD and NSD
52 catalogs within a Project. The catalog-oper Role may also have
53 execute permission to specific non-mutating RPCs.";
56 identity catalog-admin {
57 base rw-project:project-role;
59 "The catalog-admin Role has full CRUDX permissions to the VNFD
60 and NSD catalogs within a Project. The catalog-admin Role does
61 not provide general CRUDX permissions to the Project as a whole,
62 nor to the RIFT.ware platform in general.";
66 base rw-project:project-role;
68 "The lcm-oper Role has read permission to the VL, VNF and NS
69 records within a Project. The lcm-oper Role may also have
70 execute permission to specific non-mutating RPCs.";
74 base rw-project:project-role;
76 "The lcm-admin Role has full CRUDX permissions to the VL, VNF
77 and NS records within a Project. The lcm-admin Role does
78 not provide general CRUDX permissions to the Project as a whole,
79 nor to the RIFT.ware platform in general.";
82 identity account-oper {
83 base rw-project:project-role;
85 "The account-oper Role has read permission to the VIM, SDN, VCA
86 and RO accounts within a Project. The account-oper Role may also have
87 execute permission to specific non-mutating RPCs.";
90 identity account-admin {
91 base rw-project:project-role;
93 "The account-admin Role has full CRUDX permissions to the VIM, SDN, VCA
94 and RO accounts within a Project. The account-admin Role does
95 not provide general CRUDX permissions to the Project as a whole,
96 nor to the RIFT.ware platform in general.";
99 augment /rw-project:project/rw-project:project-config/rw-project:user {
101 "Configuration for MANO application-specific Roles.";
105 "The list of MANO application-specific Roles the User has been
106 assigned, within the enclosing Project.";
109 uses rw-rbac-base:simple-role;
113 augment /rw-project:project/rw-project:project-state/rw-project:user {
115 "The state for MANO application-specific Roles.";
119 "The state of the MANO application-specific Role the User has
123 uses rw-rbac-base:simple-role;
127 "The assignment of a User to a Role may be an asynchronous
128 operation. This value indicates whether the Role
129 assignment is active. If the value is 'active', then the
130 assignment is complete and active. Any other value
131 indicates that Role assignment is in a transitional or
132 failed state, as described in the value.";
138 augment /rw-project:project/rw-project:project-state {
140 "State for MANO application-specific Roles.";
144 "The set of Roles that may be configured into
145 /rw-project:project/rw-project:project-config/rw-project:user/
146 rw-project-mano:mano-role/rw-project-mano:role.";
149 uses rw-rbac-base:simple-role;
153 "A description of the Role.";