| |
| // Table Initialization |
| // First make sure the keyspace exists. |
| |
| USE authz; |
| |
| // |
| // CORE Table function |
| // |
| |
| // Namespace - establish hierarchical authority to modify |
| // Permissions and Roles |
| // "scope" is flag to determine Policy. Typical important scope |
| // is "company" (1) |
| CREATE TABLE ns ( |
| name varchar, |
| scope int, // deprecated 2.0.11 |
| description varchar, |
| parent varchar, |
| type int, |
| PRIMARY KEY (name) |
| ); |
| CREATE INDEX ns_parent on ns(parent); |
| |
| CREATE TABLE ns_attrib ( |
| ns varchar, |
| key varchar, |
| value varchar, |
| PRIMARY KEY (ns,key) |
| ); |
| create index ns_attrib_key on ns_attrib(key); |
| |
| // Will be cached |
| CREATE TABLE role ( |
| ns varchar, |
| name varchar, |
| perms set<varchar>, // Use "Key" of "name|type|action" |
| description varchar, |
| PRIMARY KEY (ns,name) |
| ); |
| CREATE INDEX role_name ON role(name); |
| |
| // Will be cached |
| CREATE TABLE perm ( |
| ns varchar, |
| type varchar, |
| instance varchar, |
| action varchar, |
| roles set<varchar>, // Need to find Roles given Permissions |
| description varchar, |
| PRIMARY KEY (ns,type,instance,action) |
| ); |
| |
| // This table is user for Authorization |
| CREATE TABLE user_role ( |
| user varchar, |
| role varchar, // deprecated: change to ns/rname after 2.0.11 |
| ns varchar, |
| rname varchar, |
| expires timestamp, |
| PRIMARY KEY(user,role) |
| ); |
| CREATE INDEX user_role_ns ON user_role(ns); |
| CREATE INDEX user_role_role ON user_role(role); |
| |
| // This table is only for the case where return User Credential (MechID) Authentication |
| CREATE TABLE cred ( |
| id varchar, |
| type int, |
| expires timestamp, |
| ns varchar, |
| other int, |
| notes varchar, |
| cred blob, |
| prev blob, |
| tag varchar, |
| PRIMARY KEY (id,type,expires) |
| ); |
| CREATE INDEX cred_ns ON cred(ns); |
| |
| // Certificate Cross Table |
| // coordinated with CRED type 2 |
| CREATE TABLE cert ( |
| fingerprint blob, |
| id varchar, |
| x500 varchar, |
| expires timestamp, |
| PRIMARY KEY (fingerprint) |
| ); |
| CREATE INDEX cert_id ON cert(id); |
| CREATE INDEX cert_x500 ON cert(x500); |
| |
| CREATE TABLE notified ( |
| user text, |
| target text, |
| key text, |
| last timestamp, |
| PRIMARY KEY (user,target,key) |
| ); |
| |
| CREATE TABLE x509 ( |
| ca text, |
| serial blob, |
| id text, |
| x500 text, |
| x509 text, |
| PRIMARY KEY (ca,serial) |
| ); |
| |
| |
| CREATE INDEX x509_id ON x509 (id); |
| CREATE INDEX x509_x500 ON x509 (x500); |
| |
| // |
| // Deployment Artifact (for Certman) |
| // |
| CREATE TABLE artifact ( |
| mechid text, |
| machine text, |
| type Set<text>, |
| sponsor text, |
| ca text, |
| dir text, |
| os_user text, |
| ns text, |
| notify text, |
| expires timestamp, |
| renewDays int, |
| sans Set<text>, |
| PRIMARY KEY (mechid,machine) |
| ); |
| CREATE INDEX artifact_machine ON artifact(machine); |
| CREATE INDEX artifact_ns ON artifact(ns); |
| |
| // |
| // Non-Critical Table functions |
| // |
| // Table Info - for Caching |
| CREATE TABLE cache ( |
| name varchar, |
| seg int, // cache Segment |
| touched timestamp, |
| PRIMARY KEY(name,seg) |
| ); |
| |
| CREATE TABLE history ( |
| id timeuuid, |
| yr_mon int, |
| user varchar, |
| action varchar, |
| target varchar, // user, user_role, |
| subject varchar, // field for searching main portion of target key |
| memo varchar, //description of the action |
| reconstruct blob, //serialized form of the target |
| // detail Map<varchar, varchar>, // additional information |
| PRIMARY KEY (id) |
| ); |
| CREATE INDEX history_yr_mon ON history(yr_mon); |
| CREATE INDEX history_user ON history(user); |
| CREATE INDEX history_subject ON history(subject); |
| |
| // |
| // A place to hold objects to be created at a future time. |
| // |
| CREATE TABLE future ( |
| id uuid, // uniquify |
| target varchar, // Target Table |
| memo varchar, // Description |
| start timestamp, // When it should take effect |
| expires timestamp, // When not longer valid |
| target_key varchar, // Item Key (or 2nd key, assuming user is first) |
| target_date timestamp, // Item's relevant date/stamp |
| construct blob, // How to construct this object (like History) |
| PRIMARY KEY(id) |
| ); |
| CREATE INDEX future_idx ON future(target); |
| CREATE INDEX future_start_idx ON future(start); |
| CREATE INDEX future_target_key ON authz.future (target_key); |
| |
| |
| CREATE TABLE approval ( |
| id timeuuid, // unique Key |
| ticket uuid, // Link to Future Record |
| user varchar, // the user who needs to be approved |
| approver varchar, // user approving |
| type varchar, // approver types i.e. Supervisor, Owner |
| status varchar, // approval status. pending, approved, denied |
| memo varchar, // Text for Approval to know what's going on |
| operation varchar, // List operation to perform |
| last_notified timestamp, // Timestamp for the last time approver was notified |
| PRIMARY KEY(id) |
| ); |
| CREATE INDEX appr_approver_idx ON approval(approver); |
| CREATE INDEX appr_user_idx ON approval(user); |
| CREATE INDEX appr_ticket_idx ON approval(ticket); |
| CREATE INDEX appr_status_idx ON approval(status); |
| |
| CREATE TABLE approved ( |
| id timeuuid, // unique Key |
| user varchar, // the user who needs to be approved |
| approver varchar, // user approving |
| type varchar, // approver types i.e. Supervisor, Owner |
| status varchar, // approval status. pending, approved, denied |
| memo varchar, // Text for Approval to know what's going on |
| operation varchar, // List operation to perform |
| PRIMARY KEY(id) |
| ); |
| CREATE INDEX approved_approver_idx ON approved(approver); |
| CREATE INDEX approved_user_idx ON approved(user); |
| |
| CREATE TABLE delegate ( |
| user varchar, |
| delegate varchar, |
| expires timestamp, |
| PRIMARY KEY (user) |
| ); |
| CREATE INDEX delg_delg_idx ON delegate(delegate); |
| |
| // OAuth Tokens |
| CREATE TABLE oauth_token ( |
| id text, // Reference |
| client_id text, // Creating Client ID |
| user text, // User requesting |
| active boolean, // Active or not |
| type int, // Type of Token |
| refresh text, // Refresh Token |
| expires timestamp, // Expiration time/Date (signed long) |
| exp_sec bigint, // Seconds from Jan 1, 1970 |
| content text, // Content of Token |
| scopes Set<text>, // Scopes |
| state text, // Context string (Optional) |
| req_ip text, // Requesting IP (for logging purpose) |
| PRIMARY KEY(id) |
| ) with default_time_to_live = 21600; // 6 hours |
| CREATE INDEX oauth_token_user_idx ON oauth_token(user); |
| |
| CREATE TABLE locate ( |
| name text, // Component/Server name |
| hostname text, // FQDN of Service/Component |
| port int, // Port of Service |
| major int, // Version, Major |
| minor int, // Version, Minor |
| patch int, // Version, Patch |
| pkg int, // Version, Package (if available) |
| latitude float, // Latitude |
| longitude float, // Longitude |
| protocol text, // Protocol (i.e. http https) |
| subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https |
| port_key uuid, // Key into locate_ports |
| PRIMARY KEY(name,hostname,port) |
| ) with default_time_to_live = 1200; // 20 mins |
| |
| CREATE TABLE locate_ports ( |
| id uuid, // Id into locate |
| port int, // SubPort |
| name text, // Name of Other Port |
| protocol text, // Protocol of Other (i.e. JMX, DEBUG) |
| subprotocol set<text>, // Accepted sub protocols or versions |
| PRIMARY KEY(id, port) |
| ) with default_time_to_live = 1200; // 20 mins; |
| |
| // |
| // Used by authz-batch processes to ensure only 1 runs at a time |
| // |
| CREATE TABLE run_lock ( |
| class text, |
| host text, |
| start timestamp, |
| PRIMARY KEY ((class)) |
| ); |
| |
| CREATE TABLE config ( |
| name varchar, |
| tag varchar, |
| value varchar, |
| PRIMARY KEY (name,tag) |
| ); |