Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / c687ff57a4e68acce2112968649fa2d0a51e2fed / . / auth / auth-cass / cass_init / init.cql
blob: bf75998d5ccc56f401149d52124119d2a5683de0 [file] [log] [blame]
Instrumental80289992018-04-20 07:07:26 -0500[diff] [blame]1
2// Table Initialization
3// First make sure the keyspace exists.
4
5USE authz;
6
7//
8// CORE Table function
9//
10
11// Namespace - establish hierarchical authority to modify
12// Permissions and Roles
13// "scope" is flag to determine Policy. Typical important scope
14// is "company" (1)
15CREATE TABLE ns (
16 name varchar,
17 scope int, // deprecated 2.0.11
18 description varchar,
19 parent varchar,
20 type int,
21 PRIMARY KEY (name)
22);
23CREATE INDEX ns_parent on ns(parent);
24
25CREATE TABLE ns_attrib (
26 ns varchar,
27 key varchar,
28 value varchar,
29 PRIMARY KEY (ns,key)
30);
31create index ns_attrib_key on ns_attrib(key);
32
33// Will be cached
34CREATE TABLE role (
35 ns varchar,
36 name varchar,
37 perms set<varchar>, // Use "Key" of "name|type|action"
38 description varchar,
39 PRIMARY KEY (ns,name)
40);
41CREATE INDEX role_name ON role(name);
42
43// Will be cached
44CREATE TABLE perm (
45 ns varchar,
46 type varchar,
47 instance varchar,
48 action varchar,
49 roles set<varchar>, // Need to find Roles given Permissions
50 description varchar,
51 PRIMARY KEY (ns,type,instance,action)
52);
53
54// This table is user for Authorization
55CREATE TABLE user_role (
56 user varchar,
57 role varchar, // deprecated: change to ns/rname after 2.0.11
58 ns varchar,
59 rname varchar,
60 expires timestamp,
61 PRIMARY KEY(user,role)
62 );
63CREATE INDEX user_role_ns ON user_role(ns);
64CREATE INDEX user_role_role ON user_role(role);
65
66// This table is only for the case where return User Credential (MechID) Authentication
67CREATE TABLE cred (
68 id varchar,
69 type int,
70 expires timestamp,
71 ns varchar,
72 other int,
73 notes varchar,
74 cred blob,
75 prev blob,
76 PRIMARY KEY (id,type,expires)
77 );
78CREATE INDEX cred_ns ON cred(ns);
79
80// Certificate Cross Table
81// coordinated with CRED type 2
82CREATE TABLE cert (
83 fingerprint blob,
84 id varchar,
85 x500 varchar,
86 expires timestamp,
87 PRIMARY KEY (fingerprint)
88 );
89CREATE INDEX cert_id ON cert(id);
90CREATE INDEX cert_x500 ON cert(x500);
91
92CREATE TABLE notify (
93 user text,
94 type int,
95 last timestamp,
96 checksum int,
97 PRIMARY KEY (user,type)
98);
99
100CREATE TABLE x509 (
101 ca text,
102 serial blob,
103 id text,
104 x500 text,
105 x509 text,
106 PRIMARY KEY (ca,serial)
107);
108
109
110CREATE INDEX x509_id ON x509 (id);
111CREATE INDEX x509_x500 ON x509 (x500);
112
113//
114// Deployment Artifact (for Certman)
115//
116CREATE TABLE artifact (
117 mechid text,
118 machine text,
119 type Set<text>,
120 sponsor text,
121 ca text,
122 dir text,
123 os_user text,
124 ns text,
125 notify text,
126 expires timestamp,
127 renewDays int,
128 sans Set<text>,
129 PRIMARY KEY (mechid,machine)
130);
131CREATE INDEX artifact_machine ON artifact(machine);
132CREATE INDEX artifact_ns ON artifact(ns);
133
134//
135// Non-Critical Table functions
136//
137// Table Info - for Caching
138CREATE TABLE cache (
139 name varchar,
140 seg int, // cache Segment
141 touched timestamp,
142 PRIMARY KEY(name,seg)
143);
144
145CREATE TABLE history (
146 id timeuuid,
147 yr_mon int,
148 user varchar,
149 action varchar,
150 target varchar, // user, user_role,
151 subject varchar, // field for searching main portion of target key
152 memo varchar, //description of the action
153 reconstruct blob, //serialized form of the target
154 // detail Map<varchar, varchar>, // additional information
155 PRIMARY KEY (id)
156);
157CREATE INDEX history_yr_mon ON history(yr_mon);
158CREATE INDEX history_user ON history(user);
159CREATE INDEX history_subject ON history(subject);
160
161//
162// A place to hold objects to be created at a future time.
163//
164CREATE TABLE future (
165 id uuid, // uniquify
166 target varchar, // Target Table
167 memo varchar, // Description
168 start timestamp, // When it should take effect
169 expires timestamp, // When not longer valid
170 construct blob, // How to construct this object (like History)
171 PRIMARY KEY(id)
172);
173CREATE INDEX future_idx ON future(target);
174CREATE INDEX future_start_idx ON future(start);
175
176
177CREATE TABLE approval (
178 id timeuuid, // unique Key
179 ticket uuid, // Link to Future Record
180 user varchar, // the user who needs to be approved
181 approver varchar, // user approving
182 type varchar, // approver types i.e. Supervisor, Owner
183 status varchar, // approval status. pending, approved, denied
184 memo varchar, // Text for Approval to know what's going on
185 operation varchar, // List operation to perform
186 last_notified timestamp, // Timestamp for the last time approver was notified
187 PRIMARY KEY(id)
188 );
189CREATE INDEX appr_approver_idx ON approval(approver);
190CREATE INDEX appr_user_idx ON approval(user);
191CREATE INDEX appr_ticket_idx ON approval(ticket);
192CREATE INDEX appr_status_idx ON approval(status);
193
194CREATE TABLE approved (
195 id timeuuid, // unique Key
196 user varchar, // the user who needs to be approved
197 approver varchar, // user approving
198 type varchar, // approver types i.e. Supervisor, Owner
199 status varchar, // approval status. pending, approved, denied
200 memo varchar, // Text for Approval to know what's going on
201 operation varchar, // List operation to perform
202 PRIMARY KEY(id)
203 );
204CREATE INDEX approved_approver_idx ON approved(approver);
205CREATE INDEX approved_user_idx ON approved(user);
206
207CREATE TABLE delegate (
208 user varchar,
209 delegate varchar,
210 expires timestamp,
211 PRIMARY KEY (user)
212);
213CREATE INDEX delg_delg_idx ON delegate(delegate);
214
215// OAuth Tokens
216CREATE TABLE oauth_token (
217 id text, // Reference
218 client_id text, // Creating Client ID
219 user text, // User requesting
220 active boolean, // Active or not
221 type int, // Type of Token
222 refresh text, // Refresh Token
223 expires timestamp, // Expiration time/Date (signed long)
224 exp_sec bigint, // Seconds from Jan 1, 1970
225 content text, // Content of Token
226 scopes Set<text>, // Scopes
227 state text, // Context string (Optional)
228 req_ip text, // Requesting IP (for logging purpose)
229 PRIMARY KEY(id)
230) with default_time_to_live = 21600; // 6 hours
231CREATE INDEX oauth_token_user_idx ON oauth_token(user);
232
233CREATE TABLE locate (
234 name text, // Component/Server name
235 hostname text, // FQDN of Service/Component
236 port int, // Port of Service
237 major int, // Version, Major
238 minor int, // Version, Minor
239 patch int, // Version, Patch
240 pkg int, // Version, Package (if available)
241 latitude float, // Latitude
242 longitude float, // Longitude
243 protocol text, // Protocol (i.e. http https)
244 subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
245 port_key uuid, // Key into locate_ports
246 PRIMARY KEY(name,hostname,port)
247) with default_time_to_live = 1200; // 20 mins
248
249CREATE TABLE locate_ports (
250 id uuid, // Id into locate
251 port int, // SubPort
252 name text, // Name of Other Port
253 protocol text, // Protocol of Other (i.e. JMX, DEBUG)
254 subprotocol set<text>, // Accepted sub protocols or versions
255 PRIMARY KEY(id, port)
256) with default_time_to_live = 1200; // 20 mins;
257
258//
259// Used by authz-batch processes to ensure only 1 runs at a time
260//
261CREATE TABLE run_lock (
262 class text,
263 host text,
264 start timestamp,
265 PRIMARY KEY ((class))
266);
Instrumental4ad47632018-07-13 15:49:26 -0500[diff] [blame]267
268CREATE TABLE config (
269 name varchar,
270 tag varchar,
271 value varchar,
272 PRIMARY KEY (name,tag)
273);