Blame - auth/auth-cass/cass_init/init.cql - onap/aaf/authz

blob: f280de0085bae4f4c5195ee943c6cfdb6d858f50 [file] [log] [blame]

Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	1
				2	// Table Initialization
				3	// First make sure the keyspace exists.
				4
				5	USE authz;
				6
				7	//
				8	// CORE Table function
				9	//
				10
				11	// Namespace - establish hierarchical authority to modify
				12	// Permissions and Roles
				13	// "scope" is flag to determine Policy. Typical important scope
				14	// is "company" (1)
				15	CREATE TABLE ns (
				16	name varchar,
				17	scope int, // deprecated 2.0.11
				18	description varchar,
				19	parent varchar,
				20	type int,
				21	PRIMARY KEY (name)
				22	);
				23	CREATE INDEX ns_parent on ns(parent);
				24
				25	CREATE TABLE ns_attrib (
				26	ns varchar,
				27	key varchar,
				28	value varchar,
				29	PRIMARY KEY (ns,key)
				30	);
				31	create index ns_attrib_key on ns_attrib(key);
				32
				33	// Will be cached
				34	CREATE TABLE role (
				35	ns varchar,
				36	name varchar,
				37	perms set<varchar>, // Use "Key" of "name\|type\|action"
				38	description varchar,
				39	PRIMARY KEY (ns,name)
				40	);
				41	CREATE INDEX role_name ON role(name);
				42
				43	// Will be cached
				44	CREATE TABLE perm (
				45	ns varchar,
				46	type varchar,
				47	instance varchar,
				48	action varchar,
				49	roles set<varchar>, // Need to find Roles given Permissions
				50	description varchar,
				51	PRIMARY KEY (ns,type,instance,action)
				52	);
				53
				54	// This table is user for Authorization
				55	CREATE TABLE user_role (
				56	user varchar,
				57	role varchar, // deprecated: change to ns/rname after 2.0.11
				58	ns varchar,
				59	rname varchar,
				60	expires timestamp,
				61	PRIMARY KEY(user,role)
				62	);
				63	CREATE INDEX user_role_ns ON user_role(ns);
				64	CREATE INDEX user_role_role ON user_role(role);
				65
				66	// This table is only for the case where return User Credential (MechID) Authentication
				67	CREATE TABLE cred (
				68	id varchar,
				69	type int,
				70	expires timestamp,
				71	ns varchar,
				72	other int,
				73	notes varchar,
				74	cred blob,
				75	prev blob,
Instrumental	2b46f76	2019-02-20 11:14:41 -0600	[diff] [blame]	76	tag varchar,
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	77	PRIMARY KEY (id,type,expires)
				78	);
				79	CREATE INDEX cred_ns ON cred(ns);
				80
				81	// Certificate Cross Table
				82	// coordinated with CRED type 2
				83	CREATE TABLE cert (
				84	fingerprint blob,
				85	id varchar,
				86	x500 varchar,
				87	expires timestamp,
				88	PRIMARY KEY (fingerprint)
				89	);
				90	CREATE INDEX cert_id ON cert(id);
				91	CREATE INDEX cert_x500 ON cert(x500);
				92
Instrumental	889a989	2019-03-13 17:33:51 -0500	[diff] [blame]	93	CREATE TABLE notified (
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	94	user text,
Instrumental	889a989	2019-03-13 17:33:51 -0500	[diff] [blame]	95	target text,
				96	key text,
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	97	last timestamp,
Instrumental	889a989	2019-03-13 17:33:51 -0500	[diff] [blame]	98	PRIMARY KEY (user,target,key)
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	99	);
				100
				101	CREATE TABLE x509 (
				102	ca text,
				103	serial blob,
				104	id text,
				105	x500 text,
				106	x509 text,
				107	PRIMARY KEY (ca,serial)
				108	);
				109
				110
				111	CREATE INDEX x509_id ON x509 (id);
				112	CREATE INDEX x509_x500 ON x509 (x500);
				113
				114	//
				115	// Deployment Artifact (for Certman)
				116	//
				117	CREATE TABLE artifact (
				118	mechid text,
				119	machine text,
				120	type Set<text>,
				121	sponsor text,
				122	ca text,
				123	dir text,
				124	os_user text,
				125	ns text,
				126	notify text,
				127	expires timestamp,
				128	renewDays int,
				129	sans Set<text>,
				130	PRIMARY KEY (mechid,machine)
				131	);
				132	CREATE INDEX artifact_machine ON artifact(machine);
				133	CREATE INDEX artifact_ns ON artifact(ns);
				134
				135	//
				136	// Non-Critical Table functions
				137	//
				138	// Table Info - for Caching
				139	CREATE TABLE cache (
				140	name varchar,
				141	seg int, // cache Segment
				142	touched timestamp,
				143	PRIMARY KEY(name,seg)
				144	);
				145
				146	CREATE TABLE history (
				147	id timeuuid,
				148	yr_mon int,
				149	user varchar,
				150	action varchar,
				151	target varchar, // user, user_role,
				152	subject varchar, // field for searching main portion of target key
				153	memo varchar, //description of the action
				154	reconstruct blob, //serialized form of the target
				155	// detail Map<varchar, varchar>, // additional information
				156	PRIMARY KEY (id)
				157	);
				158	CREATE INDEX history_yr_mon ON history(yr_mon);
				159	CREATE INDEX history_user ON history(user);
				160	CREATE INDEX history_subject ON history(subject);
				161
				162	//
				163	// A place to hold objects to be created at a future time.
				164	//
				165	CREATE TABLE future (
				166	id uuid, // uniquify
				167	target varchar, // Target Table
				168	memo varchar, // Description
				169	start timestamp, // When it should take effect
				170	expires timestamp, // When not longer valid
Instrumental	a174f8d	2019-03-07 12:58:39 -0600	[diff] [blame]	171	target_key varchar, // Item Key (or 2nd key, assuming user is first)
				172	target_date timestamp, // Item's relevant date/stamp
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	173	construct blob, // How to construct this object (like History)
				174	PRIMARY KEY(id)
				175	);
				176	CREATE INDEX future_idx ON future(target);
				177	CREATE INDEX future_start_idx ON future(start);
Instrumental	889a989	2019-03-13 17:33:51 -0500	[diff] [blame]	178	CREATE INDEX future_target_key ON authz.future (target_key);
Instrumental	8028999	2018-04-20 07:07:26 -0500	[diff] [blame]	179
				180
				181	CREATE TABLE approval (
				182	id timeuuid, // unique Key
				183	ticket uuid, // Link to Future Record
				184	user varchar, // the user who needs to be approved
				185	approver varchar, // user approving
				186	type varchar, // approver types i.e. Supervisor, Owner
				187	status varchar, // approval status. pending, approved, denied
				188	memo varchar, // Text for Approval to know what's going on
				189	operation varchar, // List operation to perform
				190	last_notified timestamp, // Timestamp for the last time approver was notified
				191	PRIMARY KEY(id)
				192	);
				193	CREATE INDEX appr_approver_idx ON approval(approver);
				194	CREATE INDEX appr_user_idx ON approval(user);
				195	CREATE INDEX appr_ticket_idx ON approval(ticket);
				196	CREATE INDEX appr_status_idx ON approval(status);
				197
				198	CREATE TABLE approved (
				199	id timeuuid, // unique Key
				200	user varchar, // the user who needs to be approved
				201	approver varchar, // user approving
				202	type varchar, // approver types i.e. Supervisor, Owner
				203	status varchar, // approval status. pending, approved, denied
				204	memo varchar, // Text for Approval to know what's going on
				205	operation varchar, // List operation to perform
				206	PRIMARY KEY(id)
				207	);
				208	CREATE INDEX approved_approver_idx ON approved(approver);
				209	CREATE INDEX approved_user_idx ON approved(user);
				210
				211	CREATE TABLE delegate (
				212	user varchar,
				213	delegate varchar,
				214	expires timestamp,
				215	PRIMARY KEY (user)
				216	);
				217	CREATE INDEX delg_delg_idx ON delegate(delegate);
				218
				219	// OAuth Tokens
				220	CREATE TABLE oauth_token (
				221	id text, // Reference
				222	client_id text, // Creating Client ID
				223	user text, // User requesting
				224	active boolean, // Active or not
				225	type int, // Type of Token
				226	refresh text, // Refresh Token
				227	expires timestamp, // Expiration time/Date (signed long)
				228	exp_sec bigint, // Seconds from Jan 1, 1970
				229	content text, // Content of Token
				230	scopes Set<text>, // Scopes
				231	state text, // Context string (Optional)
				232	req_ip text, // Requesting IP (for logging purpose)
				233	PRIMARY KEY(id)
				234	) with default_time_to_live = 21600; // 6 hours
				235	CREATE INDEX oauth_token_user_idx ON oauth_token(user);
				236
				237	CREATE TABLE locate (
				238	name text, // Component/Server name
				239	hostname text, // FQDN of Service/Component
				240	port int, // Port of Service
				241	major int, // Version, Major
				242	minor int, // Version, Minor
				243	patch int, // Version, Patch
				244	pkg int, // Version, Package (if available)
				245	latitude float, // Latitude
				246	longitude float, // Longitude
				247	protocol text, // Protocol (i.e. http https)
				248	subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
				249	port_key uuid, // Key into locate_ports
				250	PRIMARY KEY(name,hostname,port)
				251	) with default_time_to_live = 1200; // 20 mins
				252
				253	CREATE TABLE locate_ports (
				254	id uuid, // Id into locate
				255	port int, // SubPort
				256	name text, // Name of Other Port
				257	protocol text, // Protocol of Other (i.e. JMX, DEBUG)
				258	subprotocol set<text>, // Accepted sub protocols or versions
				259	PRIMARY KEY(id, port)
				260	) with default_time_to_live = 1200; // 20 mins;
				261
				262	//
				263	// Used by authz-batch processes to ensure only 1 runs at a time
				264	//
				265	CREATE TABLE run_lock (
				266	class text,
				267	host text,
				268	start timestamp,
				269	PRIMARY KEY ((class))
				270	);
Instrumental	4ad4763	2018-07-13 15:49:26 -0500	[diff] [blame]	271
				272	CREATE TABLE config (
				273	name varchar,
				274	tag varchar,
				275	value varchar,
				276	PRIMARY KEY (name,tag)
				277	);