module aaa { yang-version 1; namespace "urn:opendaylight:params:xml:ns:yang:aaa"; prefix "aaa"; revision "2016-12-14" { description "Initial revision of aaa model"; } grouping user { leaf userid { type string; description "An internal wiring detail in the form 'name@domain'."; } leaf name { type string; description "The name of the user."; } leaf description { type string; default ""; description "A description for the user; defaults to the empty string."; } leaf enabled { type boolean; default true; description "Whether or not the user is enabled; defaults to true."; } leaf email { type string; default ""; description "An email address for the user; defaults to the empty string."; } leaf password { type string; description "A one-way hashed and salted version of the users password."; } leaf salt { type string; description "A user-specific salt used for password hashing."; } leaf domainid { type string; description "The domain to which the user belongs."; } } grouping domain { leaf domainid { type string; description "An internal wiring detail in the form 'name'."; } leaf name { type string; description "The name of the domain."; } leaf description { type string; default ""; description "A description for the domain; defaults to the empty string."; } } grouping role { leaf roleid { type string; description "An internal wiring detail in the form 'name'."; } leaf name { type string; description "The name for the role."; } leaf description { type string; default ""; description "A description of the role; defaults to the empty string."; } leaf domainid { type string; description "The domain associated with the role."; } } grouping grant { leaf grantid { type string; description "An internal wiring detail in the form 'userid@roleid@domainid'."; } leaf domainid { type string; description "A reference to the domain."; } leaf userid { type string; description "A reference to the user."; } leaf roleid { type string; description "A reference to the role."; } } container authentication { container domains { list domains { key domainid; uses domain; } } container users { list users { key userid; uses user; } } container roles { list roles { key roleid; uses role; } } container grants { list grants { key grantid; uses grant; } } } grouping http-permission { leaf resource { type string; default "*"; } leaf index { type uint32; mandatory true; } list permissions { leaf-list actions { type enumeration { enum get; enum put; enum post; enum patch; enum delete; } } leaf role { type string; } } leaf description { type string; default ""; } } container http-authorization { container policies { list policies { key "resource"; unique "index"; uses http-permission; ordered-by user; } } } }