2 // Table Initialization
3 // First make sure the keyspace exists.
11 // Namespace - establish hierarchical authority to modify
12 // Permissions and Roles
13 // "scope" is flag to determine Policy. Typical important scope
17 scope int, // deprecated 2.0.11
23 CREATE INDEX ns_parent on ns(parent);
25 CREATE TABLE ns_attrib (
31 create index ns_attrib_key on ns_attrib(key);
37 perms set<varchar>, // Use "Key" of "name|type|action"
41 CREATE INDEX role_name ON role(name);
49 roles set<varchar>, // Need to find Roles given Permissions
51 PRIMARY KEY (ns,type,instance,action)
54 // This table is user for Authorization
55 CREATE TABLE user_role (
57 role varchar, // deprecated: change to ns/rname after 2.0.11
61 PRIMARY KEY(user,role)
63 CREATE INDEX user_role_ns ON user_role(ns);
64 CREATE INDEX user_role_role ON user_role(role);
66 // This table is only for the case where return User Credential (MechID) Authentication
77 PRIMARY KEY (id,type,expires)
79 CREATE INDEX cred_ns ON cred(ns);
81 // Certificate Cross Table
82 // coordinated with CRED type 2
88 PRIMARY KEY (fingerprint)
90 CREATE INDEX cert_id ON cert(id);
91 CREATE INDEX cert_x500 ON cert(x500);
93 CREATE TABLE notified (
98 PRIMARY KEY (user,target,key)
107 PRIMARY KEY (ca,serial)
111 CREATE INDEX x509_id ON x509 (id);
112 CREATE INDEX x509_x500 ON x509 (x500);
115 // Deployment Artifact (for Certman)
117 CREATE TABLE artifact (
130 PRIMARY KEY (mechid,machine)
132 CREATE INDEX artifact_machine ON artifact(machine);
133 CREATE INDEX artifact_ns ON artifact(ns);
136 // Non-Critical Table functions
138 // Table Info - for Caching
141 seg int, // cache Segment
143 PRIMARY KEY(name,seg)
146 CREATE TABLE history (
151 target varchar, // user, user_role,
152 subject varchar, // field for searching main portion of target key
153 memo varchar, //description of the action
154 reconstruct blob, //serialized form of the target
155 // detail Map<varchar, varchar>, // additional information
158 CREATE INDEX history_yr_mon ON history(yr_mon);
159 CREATE INDEX history_user ON history(user);
160 CREATE INDEX history_subject ON history(subject);
163 // A place to hold objects to be created at a future time.
165 CREATE TABLE future (
167 target varchar, // Target Table
168 memo varchar, // Description
169 start timestamp, // When it should take effect
170 expires timestamp, // When not longer valid
171 target_key varchar, // Item Key (or 2nd key, assuming user is first)
172 target_date timestamp, // Item's relevant date/stamp
173 construct blob, // How to construct this object (like History)
176 CREATE INDEX future_idx ON future(target);
177 CREATE INDEX future_start_idx ON future(start);
178 CREATE INDEX future_target_key ON authz.future (target_key);
181 CREATE TABLE approval (
182 id timeuuid, // unique Key
183 ticket uuid, // Link to Future Record
184 user varchar, // the user who needs to be approved
185 approver varchar, // user approving
186 type varchar, // approver types i.e. Supervisor, Owner
187 status varchar, // approval status. pending, approved, denied
188 memo varchar, // Text for Approval to know what's going on
189 operation varchar, // List operation to perform
190 last_notified timestamp, // Timestamp for the last time approver was notified
193 CREATE INDEX appr_approver_idx ON approval(approver);
194 CREATE INDEX appr_user_idx ON approval(user);
195 CREATE INDEX appr_ticket_idx ON approval(ticket);
196 CREATE INDEX appr_status_idx ON approval(status);
198 CREATE TABLE approved (
199 id timeuuid, // unique Key
200 user varchar, // the user who needs to be approved
201 approver varchar, // user approving
202 type varchar, // approver types i.e. Supervisor, Owner
203 status varchar, // approval status. pending, approved, denied
204 memo varchar, // Text for Approval to know what's going on
205 operation varchar, // List operation to perform
208 CREATE INDEX approved_approver_idx ON approved(approver);
209 CREATE INDEX approved_user_idx ON approved(user);
211 CREATE TABLE delegate (
217 CREATE INDEX delg_delg_idx ON delegate(delegate);
220 CREATE TABLE oauth_token (
221 id text, // Reference
222 client_id text, // Creating Client ID
223 user text, // User requesting
224 active boolean, // Active or not
225 type int, // Type of Token
226 refresh text, // Refresh Token
227 expires timestamp, // Expiration time/Date (signed long)
228 exp_sec bigint, // Seconds from Jan 1, 1970
229 content text, // Content of Token
230 scopes Set<text>, // Scopes
231 state text, // Context string (Optional)
232 req_ip text, // Requesting IP (for logging purpose)
234 ) with default_time_to_live = 21600; // 6 hours
235 CREATE INDEX oauth_token_user_idx ON oauth_token(user);
237 CREATE TABLE locate (
238 name text, // Component/Server name
239 hostname text, // FQDN of Service/Component
240 port int, // Port of Service
241 major int, // Version, Major
242 minor int, // Version, Minor
243 patch int, // Version, Patch
244 pkg int, // Version, Package (if available)
245 latitude float, // Latitude
246 longitude float, // Longitude
247 protocol text, // Protocol (i.e. http https)
248 subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
249 port_key uuid, // Key into locate_ports
250 PRIMARY KEY(name,hostname,port)
251 ) with default_time_to_live = 1200; // 20 mins
253 CREATE TABLE locate_ports (
254 id uuid, // Id into locate
256 name text, // Name of Other Port
257 protocol text, // Protocol of Other (i.e. JMX, DEBUG)
258 subprotocol set<text>, // Accepted sub protocols or versions
259 PRIMARY KEY(id, port)
260 ) with default_time_to_live = 1200; // 20 mins;
263 // Used by authz-batch processes to ensure only 1 runs at a time
265 CREATE TABLE run_lock (
269 PRIMARY KEY ((class))
272 CREATE TABLE config (
276 PRIMARY KEY (name,tag)