// Table Initialization
// First make sure the keyspace exists.

USE authz;

//
// CORE Table function
//

// Namespace - establish hierarchical authority to modify
// Permissions and Roles
// "scope" is flag to determine Policy.  Typical important scope
// is "company" (1)
CREATE TABLE ns (
  name			varchar,
  scope			int,  // deprecated 2.0.11
  description   	varchar,
  parent 		varchar,
  type			int,
  PRIMARY KEY (name)  
);
CREATE INDEX ns_parent on ns(parent);
  
CREATE TABLE ns_attrib (
  ns            varchar,
  key           varchar,
  value         varchar,
  PRIMARY KEY (ns,key)
);
create index ns_attrib_key on ns_attrib(key);

// Will be cached
CREATE TABLE role (
  ns	    varchar,
  name		varchar,
  perms		set<varchar>, // Use "Key" of "name|type|action"
  description varchar,
  PRIMARY KEY (ns,name)
);
CREATE INDEX role_name  ON role(name);
 
// Will be cached
CREATE TABLE perm (
  ns	    varchar,
  type 		varchar,
  instance	varchar,
  action	varchar,
  roles		set<varchar>, // Need to find Roles given Permissions
  description varchar,
  PRIMARY KEY (ns,type,instance,action)
);

// This table is user for Authorization
CREATE TABLE user_role (
    user		varchar,
    role		varchar, // deprecated: change to ns/rname after 2.0.11
    ns			varchar,
    rname		varchar,
    expires		timestamp,
    PRIMARY KEY(user,role)
  );
CREATE INDEX user_role_ns ON user_role(ns);
CREATE INDEX user_role_role ON user_role(role);

// This table is only for the case where return User Credential (MechID) Authentication
CREATE TABLE cred (
    id    varchar,
    type  int,
    expires timestamp,  
    ns    varchar,
    other int,
    notes varchar,
    cred  blob,
    prev  blob,
    PRIMARY KEY (id,type,expires)
  );
CREATE INDEX cred_ns ON cred(ns);

// Certificate Cross Table
//   coordinated with CRED type 2
CREATE TABLE cert (
    fingerprint blob,
    id    	varchar,
    x500	varchar,
    expires 	timestamp,  
    PRIMARY KEY (fingerprint)
  );
CREATE INDEX cert_id ON cert(id);
CREATE INDEX cert_x500 ON cert(x500);

CREATE TABLE notify (
  user 		text,
  type 		int,
  last 		timestamp,
  checksum 	int,
  PRIMARY KEY (user,type)
);

CREATE TABLE x509 (
  ca     text,
  serial blob,
  id     text,
  x500   text,
  x509   text,
  PRIMARY KEY (ca,serial)
);


CREATE INDEX x509_id   ON x509 (id);
CREATE INDEX x509_x500 ON x509 (x500);

// 
// Deployment Artifact (for Certman)
//
CREATE TABLE artifact (
  mechid        text,
  machine       text,
  type          Set<text>,
  sponsor       text,
  ca            text,
  dir           text,
  os_user       text,
  ns	        text,
  notify        text,
  expires	timestamp,
  renewDays     int,
  sans		Set<text>,
  PRIMARY KEY (mechid,machine)
);
CREATE INDEX artifact_machine ON artifact(machine); 
CREATE INDEX artifact_ns ON artifact(ns); 

//
// Non-Critical Table functions
//
// Table Info - for Caching
CREATE TABLE cache (
   name		varchar,
   seg		int, 		// cache Segment
   touched	timestamp,
   PRIMARY KEY(name,seg)
);

CREATE TABLE history (
  id			timeuuid,
  yr_mon		int,
  user			varchar,
  action 		varchar,
  target		varchar,   // user, user_role, 
  subject		varchar,   // field for searching main portion of target key
  memo			varchar,   //description of the action
  reconstruct 	blob,      //serialized form of the target
  // detail 	Map<varchar, varchar>,  // additional information
  PRIMARY KEY (id)
);
CREATE INDEX history_yr_mon ON history(yr_mon);
CREATE INDEX history_user ON history(user); 
CREATE INDEX history_subject ON history(subject); 

// 
// A place to hold objects to be created at a future time.
//
CREATE TABLE future (
  id        uuid,  		// uniquify
  target    varchar,   		// Target Table
  memo	    varchar,    	// Description
  start     timestamp, 		// When it should take effect
  expires   timestamp, 		// When not longer valid
  construct blob, 		// How to construct this object (like History)
  PRIMARY KEY(id)
);
CREATE INDEX future_idx ON future(target);
CREATE INDEX future_start_idx ON future(start);


CREATE TABLE approval (
  id	    timeuuid,	      // unique Key
  ticket    uuid,	      // Link to Future Record
  user 	    varchar,          // the user who needs to be approved
  approver  varchar, 	      // user approving
  type      varchar,          // approver types i.e. Supervisor, Owner
  status    varchar,          // approval status. pending, approved, denied
  memo      varchar,          // Text for Approval to know what's going on
  operation varchar,	      // List operation to perform
  last_notified timestamp,    // Timestamp for the last time approver was notified
  PRIMARY KEY(id)
 );
CREATE INDEX appr_approver_idx ON approval(approver);
CREATE INDEX appr_user_idx ON approval(user);
CREATE INDEX appr_ticket_idx ON approval(ticket);
CREATE INDEX appr_status_idx ON approval(status);

CREATE TABLE approved (
  id        timeuuid,         // unique Key
  user      varchar,          // the user who needs to be approved
  approver  varchar,          // user approving
  type      varchar,          // approver types i.e. Supervisor, Owner
  status    varchar,          // approval status. pending, approved, denied
  memo      varchar,          // Text for Approval to know what's going on
  operation varchar,          // List operation to perform
  PRIMARY KEY(id)
 );
CREATE INDEX approved_approver_idx ON approved(approver);
CREATE INDEX approved_user_idx ON approved(user);

CREATE TABLE delegate (
  user      varchar,
  delegate  varchar,
  expires   timestamp,
  PRIMARY KEY (user)  
);
CREATE INDEX delg_delg_idx ON delegate(delegate);

// OAuth Tokens
CREATE TABLE oauth_token (
  id            text,                   // Reference
  client_id     text,                   // Creating Client ID
  user          text,                   // User requesting
  active	boolean,		// Active or not
  type		int,			// Type of Token
  refresh       text,                   // Refresh Token
  expires       timestamp,              // Expiration time/Date (signed long)
  exp_sec	bigint,			// Seconds from Jan 1, 1970
  content       text,                   // Content of Token
  scopes        Set<text>,	 	// Scopes
  state		text,			// Context string (Optional)
  req_ip	text,			// Requesting IP (for logging purpose)
  PRIMARY KEY(id)
) with default_time_to_live = 21600;    // 6 hours
CREATE INDEX oauth_token_user_idx ON oauth_token(user);

CREATE TABLE locate (
  name		text,			// Component/Server name
  hostname	text,			// FQDN of Service/Component
  port		int,			// Port of Service
  major		int,			// Version, Major
  minor		int,			// Version, Minor
  patch		int,			// Version, Patch
  pkg		int,			// Version, Package (if available)
  latitude	float,			// Latitude
  longitude	float,			// Longitude
  protocol	text,			// Protocol (i.e. http https)
  subprotocol   set<text>,		// Accepted SubProtocols, ie. TLS1.1 for https
  port_key      uuid,			// Key into locate_ports
  PRIMARY KEY(name,hostname,port)
) with default_time_to_live = 1200;	// 20 mins

CREATE TABLE locate_ports (
  id		uuid,			// Id into locate
  port		int,			// SubPort
  name		text,			// Name of Other Port
  protocol	text,			// Protocol of Other (i.e. JMX, DEBUG)
  subprotocol   set<text>,		// Accepted sub protocols or versions
  PRIMARY KEY(id, port)
) with default_time_to_live = 1200;	// 20 mins; 

//
// Used by authz-batch processes to ensure only 1 runs at a time
//
CREATE TABLE run_lock (
  class text,
  host text,
  start timestamp,
  PRIMARY KEY ((class))
);

CREATE TABLE config (
  name          varchar,
  tag           varchar,
  value         varchar,
  PRIMARY KEY (name,tag)
);