1 files changed, 242 insertions, 0 deletions

diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/resources/config/aaf-cs-data/init.cql
new file mode 100644
index 0000000000..81700f830c
--- /dev/null
+++ b/kubernetes/aaf/resources/config/aaf-cs-data/init.cql
@@ -0,0 +1,242 @@
+// For Developer Machine single instance
+//
+CREATE KEYSPACE authz
+WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+// 
+// From Ravi, 6-17-2014.  User for DEVL->TEST
+//
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
+// 
+// PROD
+// 
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
+//
+//  create user authz with password '<AUTHZ PASSWORD>' superuser;
+//  grant all on keyspace authz to authz;
+//
+// For TEST (aaf_test)
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
+//
+// DEVL
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
+//
+// TEST / PERF
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
+//
+// IST
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
+// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
+//
+// with 6 localized with ccm
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// 
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy.  Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+  name			varchar,
+  scope			int,  // deprecated 2.0.11
+  description   	varchar,
+  parent 		varchar,
+  type			int,
+  PRIMARY KEY (name)  
+);
+CREATE INDEX ns_parent on ns(parent);
+  
+
+// Oct 2015, not performant.  Made Owner and Attrib first class Roles,
+// April, 2015.  Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
+// Therefore, we are taking the separate table approach.  (coder Jeremiah Rohwedder)
+// We had dropped this by making first class objects of Responsible (Owner) and Admin.  We need this again to mark namespaces
+// as having certain tools, like SWM, etc.
+CREATE TABLE ns_attrib (
+  ns            varchar,
+  key           varchar,
+  value         varchar,
+  PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+  ns	    varchar,
+  name		varchar,
+  perms		set<varchar>, // Use "Key" of "name|type|action"
+  description varchar,
+  PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name  ON role(name);
+ 
+// Will be cached
+CREATE TABLE perm (
+  ns	    varchar,
+  type 		varchar,
+  instance	varchar,
+  action	varchar,
+  roles		set<varchar>, // Need to find Roles given Permissions
+  description varchar,
+  PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+    user		varchar,
+    role		varchar, // deprecated: change to ns/rname after 2.0.11
+    ns			varchar,
+    rname		varchar,
+    expires		timestamp,
+    PRIMARY KEY(user,role)
+  );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+    id    varchar,
+    type  int,
+    expires timestamp,  
+    ns    varchar,
+    other int,
+    notes varchar,
+    cred  blob,
+    prev  blob,
+    PRIMARY KEY (id,type,expires)
+  );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+//   coordinated with CRED type 2
+CREATE TABLE cert (
+    fingerprint blob,
+    id    	varchar,
+    x500	varchar,
+    expires 	timestamp,  
+    PRIMARY KEY (fingerprint)
+  );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+  user text,
+  type int,
+  last timestamp,
+  checksum int,
+  PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+  ca     text,
+  serial blob,
+  id     text,
+  x500   text,
+  x509   text,
+  PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id   ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+// 
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+  mechid        text,
+  machine       text,
+  type          Set<text>,
+  sponsor       text,
+  ca            text,
+  dir           text,
+  appName       text,
+  os_user       text,
+  notify        text,
+  expires	timestamp,
+  renewDays   int,
+  PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine); 
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+   name		varchar,
+   seg		int, 		// cache Segment
+   touched	timestamp,
+   PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+  id			timeuuid,
+  yr_mon		int,
+  user			varchar,
+  action 		varchar,
+  target		varchar,   // user, user_role, 
+  subject		varchar,   // field for searching main portion of target key
+  memo			varchar,   //description of the action
+  reconstruct 	blob,      //serialized form of the target
+  // detail 	Map<varchar, varchar>,  // additional information
+  PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user); 
+CREATE INDEX history_subject ON history(subject); 
+
+// 
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+  id        uuid,  		// uniquify
+  target    varchar,   		// Target Table
+  memo	    varchar,    	// Description
+  start     timestamp, 		// When it should take effect
+  expires   timestamp, 		// When not longer valid
+  construct blob, 		// How to construct this object (like History)
+  PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+  id	    timeuuid,	      // unique Key
+  ticket    uuid,	      // Link to Future Record
+  user 	    varchar,          // the user who needs to be approved
+  approver  varchar, 	      // user approving
+  type      varchar,          // approver types i.e. Supervisor, Owner
+  status    varchar,          // approval status. pending, approved, denied
+  memo      varchar,          // Text for Approval to know what's going on
+  operation varchar,	      // List operation to perform
+  PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE delegate (
+  user      varchar,
+  delegate  varchar,
+  expires   timestamp,
+  PRIMARY KEY (user)  
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+  class text,
+  host text,
+  start timestamp,
+  PRIMARY KEY ((class))
+);