3 * Copyright 2017 RIFT.IO Inc
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 module rw-project-mano
21 namespace "http://riftio.com/ns/riftware-1.0/rw-project-mano";
22 prefix "rw-project-mano";
25 prefix "rw-rbac-base";
32 import rw-rbac-internal {
33 prefix "rw-rbac-internal";
38 "Initial revision. This YANG file defines the
39 MANO extentions for project based tenancy";
41 "Derived from earlier versions of base YANG files";
44 identity catalog-oper {
45 base rw-project:project-role;
47 "The catalog-oper Role has read permission to the VNFD and NSD
48 catalogs within a Project. The catalog-oper Role may also have
49 execute permission to specific non-mutating RPCs.";
52 identity catalog-admin {
53 base rw-project:project-role;
55 "The catalog-admin Role has full CRUDX permissions to the VNFD
56 and NSD catalogs within a Project. The catalog-admin Role does
57 not provide general CRUDX permissions to the Project as a whole,
58 nor to the RIFT.ware platform in general.";
62 base rw-project:project-role;
64 "The lcm-oper Role has read permission to the VL, VNF and NS
65 records within a Project. The lcm-oper Role may also have
66 execute permission to specific non-mutating RPCs.";
70 base rw-project:project-role;
72 "The lcm-admin Role has full CRUDX permissions to the VL, VNF
73 and NS records within a Project. The lcm-admin Role does
74 not provide general CRUDX permissions to the Project as a whole,
75 nor to the RIFT.ware platform in general.";
78 identity account-oper {
79 base rw-project:project-role;
81 "The account-oper Role has read permission to the VIM, SDN, VCA
82 and RO accounts within a Project. The account-oper Role may also have
83 execute permission to specific non-mutating RPCs.";
86 identity account-admin {
87 base rw-project:project-role;
89 "The account-admin Role has full CRUDX permissions to the VIM, SDN, VCA
90 and RO accounts within a Project. The account-admin Role does
91 not provide general CRUDX permissions to the Project as a whole,
92 nor to the RIFT.ware platform in general.";
95 augment /rw-project:project/rw-project:project-config/rw-project:user {
97 "Configuration for MANO application-specific Roles.";
101 "The list of MANO application-specific Roles the User has been
102 assigned, within the enclosing Project.";
105 uses rw-rbac-base:simple-role;
109 augment /rw-project:project/rw-project:project-state/rw-project:user {
111 "The state for MANO application-specific Roles.";
115 "The state of the MANO application-specific Role the User has
119 uses rw-rbac-base:simple-role;
123 "The assignment of a User to a Role may be an asynchronous
124 operation. This value indicates whether the Role
125 assignment is active. If the value is 'active', then the
126 assignment is complete and active. Any other value
127 indicates that Role assignment is in a transitional or
128 failed state, as described in the value.";
134 augment /rw-project:project/rw-project:project-state {
136 "State for MANO application-specific Roles.";
140 "The set of Roles that may be configured into
141 /rw-project:project/rw-project:project-config/rw-project:user/
142 rw-project-mano:mano-role/rw-project-mano:role.";
145 uses rw-rbac-base:simple-role;
149 "A description of the Role.";