--- /dev/null
+/*
+ *
+ * Copyright 2017 RIFT.IO Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+module rw-project-mano
+{
+ namespace "http://riftio.com/ns/riftware-1.0/rw-project-mano";
+ prefix "rw-project-mano";
+
+ import rw-rbac-base {
+ prefix "rw-rbac-base";
+ }
+
+ import rw-project {
+ prefix "rw-project";
+ }
+
+ import rw-rbac-internal {
+ prefix "rw-rbac-internal";
+ }
+
+ revision 2017-03-08 {
+ description
+ "Initial revision. This YANG file defines the
+ MANO extentions for project based tenancy";
+ reference
+ "Derived from earlier versions of base YANG files";
+ }
+
+ identity catalog-oper {
+ base rw-project:project-role;
+ description
+ "The catalog-oper Role has read permission to the VNFD and NSD
+ catalogs within a Project. The catalog-oper Role may also have
+ execute permission to specific non-mutating RPCs.";
+ }
+
+ identity catalog-admin {
+ base rw-project:project-role;
+ description
+ "The catalog-admin Role has full CRUDX permissions to the VNFD
+ and NSD catalogs within a Project. The catalog-admin Role does
+ not provide general CRUDX permissions to the Project as a whole,
+ nor to the RIFT.ware platform in general.";
+ }
+
+ identity lcm-oper {
+ base rw-project:project-role;
+ description
+ "The lcm-oper Role has read permission to the VL, VNF and NS
+ records within a Project. The lcm-oper Role may also have
+ execute permission to specific non-mutating RPCs.";
+ }
+
+ identity lcm-admin {
+ base rw-project:project-role;
+ description
+ "The lcm-admin Role has full CRUDX permissions to the VL, VNF
+ and NS records within a Project. The lcm-admin Role does
+ not provide general CRUDX permissions to the Project as a whole,
+ nor to the RIFT.ware platform in general.";
+ }
+
+ identity account-oper {
+ base rw-project:project-role;
+ description
+ "The account-oper Role has read permission to the VIM, SDN, VCA
+ and RO accounts within a Project. The account-oper Role may also have
+ execute permission to specific non-mutating RPCs.";
+ }
+
+ identity account-admin {
+ base rw-project:project-role;
+ description
+ "The account-admin Role has full CRUDX permissions to the VIM, SDN, VCA
+ and RO accounts within a Project. The account-admin Role does
+ not provide general CRUDX permissions to the Project as a whole,
+ nor to the RIFT.ware platform in general.";
+ }
+
+ augment /rw-project:project/rw-project:project-config/rw-project:user {
+ description
+ "Configuration for MANO application-specific Roles.";
+
+ list mano-role {
+ description
+ "The list of MANO application-specific Roles the User has been
+ assigned, within the enclosing Project.";
+
+ key "role";
+ uses rw-rbac-base:simple-role;
+ }
+ }
+
+ augment /rw-project:project/rw-project:project-state/rw-project:user {
+ description
+ "The state for MANO application-specific Roles.";
+
+ list mano-role {
+ description
+ "The state of the MANO application-specific Role the User has
+ been assigned.";
+
+ key "role";
+ uses rw-rbac-base:simple-role;
+
+ leaf state {
+ description
+ "The assignment of a User to a Role may be an asynchronous
+ operation. This value indicates whether the Role
+ assignment is active. If the value is 'active', then the
+ assignment is complete and active. Any other value
+ indicates that Role assignment is in a transitional or
+ failed state, as described in the value.";
+ type string;
+ }
+ }
+ }
+
+ augment /rw-project:project/rw-project:project-state {
+ description
+ "State for MANO application-specific Roles.";
+
+ list mano-role {
+ description
+ "The set of Roles that may be configured into
+ /rw-project:project/rw-project:project-config/rw-project:user/
+ rw-project-mano:mano-role/rw-project-mano:role.";
+
+ key "role";
+ uses rw-rbac-base:simple-role;
+
+ leaf description {
+ description
+ "A description of the Role.";
+ type string;
+ }
+ }
+ }
+}