liquibase.db.changelog-authz-1.0.0.yaml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of kangaroo-server-authz Show documentation
Show all versions of kangaroo-server-authz Show documentation
Kangaroo's Administration API.
databaseChangeLog:
- changeSet:
id: 1
author: krotscheck
changes:
# The Configuration table.
- createTable:
tableName: configuration
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_configuration_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: section
type: varchar(255)
constraints:
nullable: false
- column:
name: configKey
type: varchar(255)
constraints:
nullable: false
- column:
name: configValue
type: varchar(255)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: section
type: varchar(255)
indexName: idx_configuration_section
tableName: configuration
- createIndex:
columns:
- column:
name: configKey
type: varchar(255)
indexName: idx_configuration_configKey
tableName: configuration
- addUniqueConstraint:
columnNames: section, configKey
constraintName: uq_configuration_section_configKey
tableName: configuration
# The HTTP Browser Session table.
- createTable:
tableName: http_sessions
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_http_sessions_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: sessionTimeout
type: int
constraints:
nullable: false
# The Application table, the root resource from which everything else
# is derived.
- createTable:
tableName: applications
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_applications_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: owner
type: BINARY(16)
- column:
name: defaultRole
type: BINARY(16)
- column:
name: name
type: varchar(255)
constraints:
nullable: false
# An application may have multiple user-defined scopes.
- createTable:
tableName: application_scopes
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_application_scopes_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: application
type: BINARY(16)
constraints:
nullable: false
- column:
name: name
type: varchar(255)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: application
type: BINARY(16)
indexName: idx_application_scopes_application
tableName: application_scopes
- createIndex:
columns:
- column:
name: name
type: varchar(255)
indexName: idx_application_scopes_name
tableName: application_scopes
- addUniqueConstraint:
columnNames: application, name
constraintName: uq_application_scopes_application_name
tableName: application_scopes
- addForeignKeyConstraint:
baseColumnNames: application
baseTableName: application_scopes
constraintName: fk_application_scopes_application
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: applications
# Every application has certain user roles. We need to make sure that
# every application has at least one "owner" role, and that this role
# cannot be deleted.
- createTable:
tableName: roles
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_roles_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: application
type: BINARY(16)
constraints:
nullable: false
- column:
name: name
type: varchar(255)
constraints:
nullable: false
- addForeignKeyConstraint:
baseColumnNames: application
baseTableName: roles
constraintName: fk_roles_application
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: applications
- addUniqueConstraint:
columnNames: application, name
constraintName: uq_role_application_name
tableName: roles
# Roles may be authorized to access specific lists of scopes.
- createTable:
tableName: role_scopes
columns:
- column:
name: role
type: BINARY(16)
constraints:
nullable: false
- column:
name: scope
type: BINARY(16)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: role
type: BINARY(16)
indexName: idx_role_scopes_role
tableName: role_scopes
- createIndex:
columns:
- column:
name: scope
type: BINARY(16)
indexName: idx_role_scopes_scope
tableName: role_scopes
- addForeignKeyConstraint:
baseColumnNames: scope
baseTableName: role_scopes
constraintName: fk_role_scopes_scope
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: application_scopes
- addForeignKeyConstraint:
baseColumnNames: role
baseTableName: role_scopes
constraintName: fk_role_scopes_role
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: roles
- addUniqueConstraint:
columnNames: role, scope
constraintName: uq_role_scopes_role_scopes
tableName: role_scopes
# Every application has users, and every user has a role.
- createTable:
tableName: users
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_users_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: application
type: BINARY(16)
constraints:
nullable: false
- column:
name: role
type: BINARY(16)
constraints:
nullable: true
- addForeignKeyConstraint:
baseColumnNames: application
baseTableName: users
constraintName: fk_users_applications
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: applications
- addForeignKeyConstraint:
baseColumnNames: role
baseTableName: users
constraintName: fk_users_roles
onDelete: SET NULL
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: roles
# This key constraint locks down owners of applications.
- addForeignKeyConstraint:
baseColumnNames: owner
baseTableName: applications
constraintName: fk_applications_owner
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: users
# Every application can have more than one 'client' from which an
# authentication request may be issued.
- createTable:
tableName: clients
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_clients_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: application
type: BINARY(16)
constraints:
nullable: false
- column:
name: name
type: varchar(255)
constraints:
nullable: false
- column:
name: type
type: varchar(18)
constraints:
nullable: false
- column:
name: clientSecret
type: varchar(255)
constraints:
nullable: true
- addForeignKeyConstraint:
baseColumnNames: application
baseTableName: clients
constraintName: fk_clients_application
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: applications
# Some clients may have a list of application-unique referrers. These
# should be fully qualified Host URL's with a host, protocol, and port.
# Other parameters (such as fragments, paths, and query strings) are
# not used.
- createTable:
tableName: client_referrers
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_client_referrers_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: client
type: BINARY(16)
constraints:
nullable: false
- column:
name: uri
type: varchar(255)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: client
type: BINARY(16)
indexName: idx_client_referrers_client
tableName: client_referrers
- addUniqueConstraint:
columnNames: client, uri
constraintName: uq_client_referrers_client_uri
tableName: client_referrers
- addForeignKeyConstraint:
baseColumnNames: client
baseTableName: client_referrers
constraintName: fk_client_referrers_clients
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: clients
# Some clients may have a list of application-unique redirection url's,
# used for authorization paths that require a redirect.
- createTable:
tableName: client_redirects
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_client_redirects_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: client
type: BINARY(16)
constraints:
nullable: false
- column:
name: uri
type: varchar(255)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: client
type: BINARY(16)
indexName: idx_client_redirects_client
tableName: client_redirects
- addUniqueConstraint:
columnNames: client, uri
constraintName: uq_client_redirects_client_uri
tableName: client_redirects
- addForeignKeyConstraint:
baseColumnNames: client
baseTableName: client_redirects
constraintName: fk_client_redirects_clients
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: clients
# An client may have multiple configuration options that govern
# its behavior.
- createTable:
tableName: client_configs
columns:
- column:
name: client
type: BINARY(16)
constraints:
nullable: false
- column:
name: configKey
type: varchar(255)
constraints:
nullable: false
- column:
name: configValue
type: varchar(255)
constraints:
nullable: true
- createIndex:
columns:
- column:
name: client
type: BINARY(16)
indexName: idx_client_configs_client
tableName: client_configs
- createIndex:
columns:
- column:
name: configKey
type: varchar(255)
indexName: idx_client_configs_name
tableName: client_configs
- addUniqueConstraint:
columnNames: client, configKey
constraintName: uq_client_configs_client_key
tableName: client_configs
- addForeignKeyConstraint:
baseColumnNames: client
baseTableName: client_configs
constraintName: fk_client_configs_client
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: clients
# Every application can have multiple 'authenticators' which describe a
# remote authentication/identity provider that may be used as an
# authorization endpoint. The type refers to the in-code implemented
# authenticator.
- createTable:
tableName: authenticators
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_authenticators_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: client
type: BINARY(16)
constraints:
nullable: false
- column:
name: type
type: varchar(255)
constraints:
nullable: false
- addForeignKeyConstraint:
baseColumnNames: client
baseTableName: authenticators
constraintName: fk_authenticators_client
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: clients
# Each authenticator may require several custom configuration
# parameters. Note that this table does not follow the
# id/createdDate/modifiedDate pattern.
- createTable:
tableName: authenticator_params
columns:
- column:
name: authenticator
type: BINARY(16)
constraints:
nullable: false
- column:
name: name
type: varchar(255)
constraints:
nullable: false
- column:
name: value
type: varchar(255)
constraints:
nullable: true
- createIndex:
columns:
- column:
name: authenticator
type: varchar(255)
indexName: idx_authenticator_params_authenticator
tableName: authenticator_params
- createIndex:
columns:
- column:
name: name
type: varchar(255)
indexName: idx_authenticator_params_name
tableName: authenticator_params
- addUniqueConstraint:
columnNames: authenticator, name
constraintName: uq_authenticator_params_authenticator_name
tableName: authenticator_params
- addForeignKeyConstraint:
baseColumnNames: authenticator
baseTableName: authenticator_params
constraintName: fk_authenticator_params_authenticators
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: authenticators
# Every authenticator will have a per-request 'state', which contains
# original user request parameters, as well as parameters sent to the
# authenticator itself. It's intended to act as a storage cache for data
# while a user-agent has been passed to the authenticator.
- createTable:
tableName: authenticator_states
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_authenticator_states_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: authenticator
type: BINARY(16)
constraints:
nullable: false
- column:
name: clientState
type: varchar(255)
constraints:
nullable: true
- column:
name: clientRedirect
type: varchar(255)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: clientState
type: varchar(255)
indexName: idx_authenticator_states_client_state
tableName: authenticator_states
- addForeignKeyConstraint:
baseColumnNames: authenticator
baseTableName: authenticator_states
constraintName: fk_authenticator_states_authenticators
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: authenticators
# An intermediate authenticator state must keep track of the requested
# scopes.
- createTable:
tableName: authenticator_state_scopes
columns:
- column:
name: authenticator_state
type: BINARY(16)
constraints:
nullable: false
- column:
name: scope
type: BINARY(16)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: authenticator_state
type: BINARY(16)
indexName: idx_authenticator_state_scopes_authenticator_state
tableName: authenticator_state_scopes
- createIndex:
columns:
- column:
name: scope
type: BINARY(16)
indexName: idx_authenticator_state_scopes_scope
tableName: authenticator_state_scopes
- addForeignKeyConstraint:
baseColumnNames: scope
baseTableName: authenticator_state_scopes
constraintName: fk_authenticator_state_scopes_scope
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: application_scopes
- addForeignKeyConstraint:
baseColumnNames: authenticator_state
baseTableName: authenticator_state_scopes
constraintName: fk_authenticator_state_scopes_authenticator_state
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: authenticator_states
- addUniqueConstraint:
columnNames: authenticator_state, scope
constraintName: uq_authenticator_state_scopes_authenticator_state_scopes
tableName: authenticator_state_scopes
# Every user in an application will have a series of 'identities',
# which are equivalent to a user claim provided by an authenticator.
# This effectively serves to store the remote-id of a particular claim
# from an authenticator.
- createTable:
tableName: user_identities
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_user_identities_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: user
type: BINARY(16)
constraints:
nullable: false
- column:
name: type
type: varchar(255)
constraints:
nullable: false
- column:
name: remoteId
type: varchar(255)
constraints:
nullable: false
- column:
name: password
type: varchar(255)
constraints:
nullable: true
- column:
name: salt
type: varchar(255)
constraints:
nullable: true
- createIndex:
columns:
- column:
name: remoteId
type: varchar(255)
indexName: idx_user_identities_remote_id
tableName: user_identities
- addUniqueConstraint:
columnNames: type, user, remoteId
constraintName: uq_user_identities_authType_user_remoteId
tableName: user_identities
- addForeignKeyConstraint:
baseColumnNames: user
baseTableName: user_identities
constraintName: fk_user_identities_clients
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: users
# Each authenticator will make claims on a particular identity, such as
# names and/or emails. This table stores those claims.
- createTable:
tableName: user_identity_claims
columns:
- column:
name: user_identity
type: BINARY(16)
constraints:
nullable: false
- column:
name: claimKey
type: varchar(255)
constraints:
nullable: false
- column:
name: claimValue
type: varchar(255)
constraints:
nullable: true
- createIndex:
columns:
- column:
name: user_identity
type: varchar(255)
indexName: idx_user_identity_claims_user_identity
tableName: user_identity_claims
- createIndex:
columns:
- column:
name: claimKey
type: varchar(255)
indexName: idx_user_identity_claims_name
tableName: user_identity_claims
- addUniqueConstraint:
columnNames: user_identity, claimKey
constraintName: uq_user_identity_claims_user_identity_name
tableName: user_identity_claims
- addForeignKeyConstraint:
baseColumnNames: user_identity
baseTableName: user_identity_claims
constraintName: fk_user_identity_claims_user_identities
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: user_identities
# An OAuth Token is issued to a given, valid, identity, on one
# particular application client.
- createTable:
tableName: oauth_tokens
columns:
- column:
name: id
type: BINARY(16)
constraints:
primaryKey: true
nullable: false
primaryKeyName: pk_oauth_tokens_id
- column:
name: createdDate
type: bigint
- column:
name: modifiedDate
type: bigint
- column:
name: identity
type: BINARY(16)
constraints:
nullable: true
- column:
name: authToken
type: BINARY(16)
constraints:
nullable: true
- column:
name: httpSession
type: BINARY(16)
constraints:
nullable: true
- column:
name: client
type: BINARY(16)
constraints:
nullable: false
- column:
name: tokenType
type: varchar(13)
constraints:
nullable: false
- column:
name: expiresIn
type: bigint
constraints:
nullable: false
- column:
name: redirect
type: varchar(255)
constraints:
nullable: true
- addForeignKeyConstraint:
baseColumnNames: identity
baseTableName: oauth_tokens
constraintName: fk_oauth_tokens_user_identities
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: user_identities
- addForeignKeyConstraint:
baseColumnNames: client
baseTableName: oauth_tokens
constraintName: fk_oauth_tokens_clients
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: clients
- addForeignKeyConstraint:
baseColumnNames: authToken
baseTableName: oauth_tokens
constraintName: fk_oauth_tokens_oauth_tokens_authToken
onDelete: SET NULL
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: oauth_tokens
- addForeignKeyConstraint:
baseColumnNames: httpSession
baseTableName: oauth_tokens
constraintName: fk_oauth_tokens_http_sessions_httpSession
onDelete: SET NULL
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: http_sessions
# OAuth Tokens have a limited list of scopes.
- createTable:
tableName: oauth_token_scopes
columns:
- column:
name: token
type: BINARY(16)
constraints:
nullable: false
- column:
name: scope
type: BINARY(16)
constraints:
nullable: false
- createIndex:
columns:
- column:
name: token
type: BINARY(16)
indexName: idx_oauth_token_scopes_token
tableName: oauth_token_scopes
- createIndex:
columns:
- column:
name: scope
type: BINARY(16)
indexName: idx_oauth_token_scopes_scope
tableName: oauth_token_scopes
- addForeignKeyConstraint:
baseColumnNames: scope
baseTableName: oauth_token_scopes
constraintName: fk_oauth_token_scopes_scope
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: application_scopes
- addForeignKeyConstraint:
baseColumnNames: token
baseTableName: oauth_token_scopes
constraintName: fk_oauth_token_scopes_token
onDelete: CASCADE
onUpdate: CASCADE
referencedColumnNames: id
referencedTableName: oauth_tokens
- addUniqueConstraint:
columnNames: token, scope
constraintName: uq_oauth_token_scopes_oauth_token_scopes
tableName: oauth_token_scopes
rollback:
- dropTable:
tableName: oauth_token_scopes
- dropTable:
tableName: oauth_tokens
- dropTable:
tableName: user_identity_claims
- dropTable:
tableName: user_identities
- dropTable:
tableName: authenticator_state_scopes
- dropTable:
tableName: authenticator_states
- dropTable:
tableName: authenticator_params
- dropTable:
tableName: authenticators
- dropTable:
tableName: client_configs
- dropTable:
tableName: client_redirects
- dropTable:
tableName: client_referrers
- dropTable:
tableName: clients
- dropForeignKeyConstraint:
constraintName: fk_applications_owner
baseTableName: applications
- dropTable:
tableName: users
- dropTable:
tableName: role_scopes
- dropTable:
tableName: roles
- dropTable:
tableName: application_scopes
- dropTable:
tableName: applications
- dropTable:
tableName: http_sessions
- dropTable:
tableName: configuration