/* * * Copyright 2017 RIFT.IO Inc * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ module rw-project-mano { namespace "http://riftio.com/ns/riftware-1.0/rw-project-mano"; prefix "rw-project-mano"; import rw-rbac-base { prefix "rw-rbac-base"; } import rw-project { prefix "rw-project"; } import rw-rbac-internal { prefix "rw-rbac-internal"; } revision 2017-03-08 { description "Initial revision. This YANG file defines the MANO extentions for project based tenancy"; reference "Derived from earlier versions of base YANG files"; } identity catalog-oper { base rw-project:project-role; description "The catalog-oper Role has read permission to the VNFD and NSD catalogs within a Project. The catalog-oper Role may also have execute permission to specific non-mutating RPCs."; } identity catalog-admin { base rw-project:project-role; description "The catalog-admin Role has full CRUDX permissions to the VNFD and NSD catalogs within a Project. The catalog-admin Role does not provide general CRUDX permissions to the Project as a whole, nor to the RIFT.ware platform in general."; } identity lcm-oper { base rw-project:project-role; description "The lcm-oper Role has read permission to the VL, VNF and NS records within a Project. The lcm-oper Role may also have execute permission to specific non-mutating RPCs."; } identity lcm-admin { base rw-project:project-role; description "The lcm-admin Role has full CRUDX permissions to the VL, VNF and NS records within a Project. The lcm-admin Role does not provide general CRUDX permissions to the Project as a whole, nor to the RIFT.ware platform in general."; } identity account-oper { base rw-project:project-role; description "The account-oper Role has read permission to the VIM, SDN, VCA and RO accounts within a Project. The account-oper Role may also have execute permission to specific non-mutating RPCs."; } identity account-admin { base rw-project:project-role; description "The account-admin Role has full CRUDX permissions to the VIM, SDN, VCA and RO accounts within a Project. The account-admin Role does not provide general CRUDX permissions to the Project as a whole, nor to the RIFT.ware platform in general."; } augment /rw-project:project/rw-project:project-config/rw-project:user { description "Configuration for MANO application-specific Roles."; list mano-role { description "The list of MANO application-specific Roles the User has been assigned, within the enclosing Project."; key "role"; uses rw-rbac-base:simple-role; } } augment /rw-project:project/rw-project:project-state/rw-project:user { description "The state for MANO application-specific Roles."; list mano-role { description "The state of the MANO application-specific Role the User has been assigned."; key "role"; uses rw-rbac-base:simple-role; leaf state { description "The assignment of a User to a Role may be an asynchronous operation. This value indicates whether the Role assignment is active. If the value is 'active', then the assignment is complete and active. Any other value indicates that Role assignment is in a transitional or failed state, as described in the value."; type string; } } } augment /rw-project:project/rw-project:project-state { description "State for MANO application-specific Roles."; list mano-role { description "The set of Roles that may be configured into /rw-project:project/rw-project:project-config/rw-project:user/ rw-project-mano:mano-role/rw-project-mano:role."; key "role"; uses rw-rbac-base:simple-role; leaf description { description "A description of the Role."; type string; } } } }