diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 637f51d74bb..fd430e38d84 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -143,6 +143,8 @@ jobs: run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_rse_protocol_rclone.py - name: Test Conveyor run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_conveyor.py + - name: Test Token Deletion + run: docker exec -t dev_rucio_1 tools/pytest.sh -v --tb=short tests/test_reaper.py::test_deletion_with_tokens - name: Execute transfer and export FTS transfer details id: tpc shell: bash diff --git a/etc/certs/generate.sh b/etc/certs/generate.sh index 82e481067e2..617a01f513b 100755 --- a/etc/certs/generate.sh +++ b/etc/certs/generate.sh @@ -29,7 +29,7 @@ openssl x509 -req -days $DAYS -CAcreateserial -extfile <(printf "keyUsage = crit cat "ruciouser.pem" "ruciouser.key.pem" > "ruciouser.certkey.pem" # The service certificates -for CN in rucio fts xrd1 xrd2 xrd3 xrd4 minio +for CN in rucio fts xrd1 xrd2 xrd3 xrd4 minio indigoiam keycloak do SAN="subjectAltName=DNS:$CN,DNS:localhost,DNS:$CN.default.svc.cluster.local" openssl req -new -newkey rsa:2048 -noenc -keyout "hostcert_$CN.key.pem" -subj "/CN=$CN" > "hostcert_$CN.csr" diff --git a/etc/certs/hostcert_indigoiam.key.pem b/etc/certs/hostcert_indigoiam.key.pem new file mode 100644 index 00000000000..8ff14ef145c --- /dev/null +++ b/etc/certs/hostcert_indigoiam.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCtxEtXK2Xe5+pP +0ixW+PTLOPMZ1/Jzbmg/XhJS6mFK34fFBSBTOufkO875bu1xjAoSUnHbg2bjejs0 ++5mM/Nx9px7WJwAQgQjt4kSC9xBJX0vY2sQPeF1JjpR+cafukji3UvD7xyTUDWWN +NnYVuNQf9Vt7SQI6z3+X60kVeQdgyqg9ZmEcMdLdoMs/qAcPLb2ouE1znCuzUiVw +OhDIZTV79tMcmhtnOAKVUXJZo+IRSII8OdP261hCEkrLQPLJtRS8jxb4TSyOFjQH ++xLP8QAB982pVtl2AOHQzHiJHSNWYcPnLPlU3jPWtKvBE/AXT40I/hzWOywdhBnZ +cCPqgIqLAgMBAAECggEAT55T+QZpAGgZ++XsrBMZMu6OsOY58HsDqBlF4xkCaEig +kH0nUQt6CiD/Vlnl0POd/8Qn6DE+mPc+Hqozsp5/ttE2t2AaTvWYrkrRIoLqwvu3 +qI6gbAg2EkiSsJcKH61+8DzAL1URgln7EGeGVrCf/V6yQnxy2ZiOuYC0tXKFl2qy +FneRM/Br3O/aUSs0fRt11rEMDd6JVtIxCmuG7GTYRYZIG2gW6dwHbJOREK4XbbU9 +7f81Ts/uGBzlHExIJdwzYb7mZmQVIhsCrpnORcDc0erZnjbsUZ/QLOj6HOLtgtRl +4F0uEcZ7X9/if8Qt4ouVw9USijFnbpi8TSicwoGV4QKBgQDlKbClWbi95IWOLPPb +hcReYl5/wCd9shdJv/5J6cOjAbIzbiRh5abiVbGYGBZTMWgDLmZP632V1+NFrbMV +MiLrk8ODZUzt32hVIvQ0u2MS6jrHDy9/u2ZkGUKcJLK+CMT2ej6myLQqnkBUuttI +werCt2yYSba+nZb1H6w9DAVZYQKBgQDCHdP5qmRz2gNV/fy+eZxLOfbwRGwfc4k2 ++tziP8YeUoknGVW0lDdh9uMfvSecx+gjVDfJeVabDsNvEu2qA2DKAWKKQgdHKLmn +hJ10PS88WXU9HtgoyP9JYO3qyLTEN3gPqhLNcGwy9y7cQEj/3teRMRWb3PdVg5Le +4Rn147ePawKBgQCdJRqSONV7ulJvbZoHxlIjWxdsSUuLYW2g0DzDWL8kb8xQgk4G +p+HpwVPYdWQRxoaJ7+6PDXCAKZwbMwLkHQ5fN2PSHcxELngwMZj+9CT7Wo3V5S7w +S4TqTXwk8PF1aTQPxUJjQqxxsTVyJPSsjvW6cufQAnSDgDN9giutbSnZ4QKBgQCv +YRmiSUNGtGMtLzNJuD/wa2divr7dT5paNR6Zvzq1LKbDz4zygLLk7JVZmKGQccCX +IsDgY6NOpnEGCpj1cOXivIuWFH/U18OcySEk4x6pLL3SwepUNv0HA+8Qn9NKMD9m +D6e7OuZWyaLp1Z7epiwm/qziTCqedSid+8xjryCqDwKBgQC9TFiNCUP6FSOCFBjK +WMUr9BTjANuLeaVtYtgthI4LfWkLnXBlfNck16s5ZnV/scnxbklPvlsCihzE5+59 +f26ZLRaA7F3Kr4oti796tcly2dOow7JlRZB5KsQOsC2bSMgSd4PH3++Rpz3dXgLJ +nsoFcx/izhtlefBMbIbzetn8Ww== +-----END PRIVATE KEY----- diff --git a/etc/certs/hostcert_indigoiam.pem b/etc/certs/hostcert_indigoiam.pem new file mode 100644 index 00000000000..4b7fb8d3730 --- /dev/null +++ b/etc/certs/hostcert_indigoiam.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5kwDQYJKoZIhvcNAQEL +BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMxMjEyMTEy +MDA1WhcNNDgwODAyMTEyMDA1WjAUMRIwEAYDVQQDDAlpbmRpZ29pYW0wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtxEtXK2Xe5+pP0ixW+PTLOPMZ1/Jz +bmg/XhJS6mFK34fFBSBTOufkO875bu1xjAoSUnHbg2bjejs0+5mM/Nx9px7WJwAQ +gQjt4kSC9xBJX0vY2sQPeF1JjpR+cafukji3UvD7xyTUDWWNNnYVuNQf9Vt7SQI6 +z3+X60kVeQdgyqg9ZmEcMdLdoMs/qAcPLb2ouE1znCuzUiVwOhDIZTV79tMcmhtn +OAKVUXJZo+IRSII8OdP261hCEkrLQPLJtRS8jxb4TSyOFjQH+xLP8QAB982pVtl2 +AOHQzHiJHSNWYcPnLPlU3jPWtKvBE/AXT40I/hzWOywdhBnZcCPqgIqLAgMBAAGj +gYkwgYYwRAYDVR0RBD0wO4IJaW5kaWdvaWFtgglsb2NhbGhvc3SCI2luZGlnb2lh +bS5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB0GA1UdDgQWBBQsJE2vd9LskHtE +lJig3pW5WDeA7jAfBgNVHSMEGDAWgBSApEBpOOCBJC8+We2zfCWOdPyuqTANBgkq +hkiG9w0BAQsFAAOCAQEAh0Kx3iYQA8GH3T6JhWCp8VDDpv6EBwHRLR+neKIxNm7E +i1Mv/KrXy9UD8zg2qfz/Fei1nSOjbI4Pw8LGcfMU4JHKjLQOoPGGijLCU3xFXVmU +HfiTbffUcWEdvkYwoYfj787hyz/9epewVQpgG/DnfhRmX/wxUpQ291/Tt+GswozL +kkZ31wQaozzJ4TcZM9BFobTuqljNUJIhXvFfM6zDqTnOuQiTXOtnvPFWbUpDmeOg +cNN2Vbd8HTmR64B6y2v7A1VvaZ3bVynR2X9au93toOvlNhVJuyHkbGhELd8fs/4y +Fi7S3siaP4s/R4Qwa9BJX+JnnfXH+9ZYl1V3VAy6MQ== +-----END CERTIFICATE----- diff --git a/etc/certs/hostcert_keycloak.key.pem b/etc/certs/hostcert_keycloak.key.pem new file mode 100644 index 00000000000..dd7b5bcfc75 --- /dev/null +++ b/etc/certs/hostcert_keycloak.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCw4vMV9VirYh9T +up4rFmDIfJcXnJkWTU3ceaWQVCBCK/wLcXp1bw7DYb3uCwumnTbk1I5WTDxsus02 +n5vvsOVqvrW82/Jn616tpeaZ0pyh8+O5J9QwBbIVSWpg+atNBR074f4Y0F2YgvQm +UJPO7B6XGyLCeKvR873p2lZdW5wS2kA1uPUCxAIXjiLdqSxVXJDR+F4iqbQoOPLU +i+hUEbwOFwfHZ7RasJ13PBtUd3KJl2dgShP5By+edgLOvLQ0JEvyK8pSHo99iKjz +5pXjntlL0x/k0a43opTItcJ2Stbtkt5BYnpYBRzv/KVA3e6TJeWOSKRooKFiuwdd +7pkcG8bnAgMBAAECggEABNb+LLciU8ojA6D4YUMYUdQANFVaEPSmMTv42OVHCVh3 +vykTNIcIjIsDmIb1LNFiEPUfPI2THQHSyfBTDXC1zkEP6u4fs1KK1s3SbJoJJBtE +EKsI0L7ke6r0aK6GzobZy8DSuYNrVC1ybbadsgyJh7vmgb4DLC2doCTpC7Pie4Ix +NfJ8Nbi9zlTu6btMN3FDJDkTLxRJ2V9Qmv2MvKGZiftVD+6dqOyWIbct8+pl7Nj+ +M+aTBxmPe1rdr9bwV1R2TOPsts3s1ieoYe2kljybwvf3H6Dw8CrfthHX4dP6MXxs +pig/1WPkYnIMkLCeaQtrIty5Flp1IDd9KQ40c5GtxQKBgQDqC8EHwA2/x7tdZJ0U +PwRHpa8sYx/mlvvgQbEk6Aq1FDt0on3oge5dMhO3aKRWMzCdoCF9eQUI3lOn9Iky +DcsAlNk2pRFiQVTWU9cUMDh3/3cQ1YgTSwrCWQ1/LHRaY6fJH8atXTi5IzTwBa7g +t3wt2nUXgfcDYb58TMHgESzNmwKBgQDBepot/5iPZN7lKq/sZBU+/cLwGix4H7Ge +cGDt5Gy/CPYlfMJbP2UW5ZSOyNI0mJuy5lULnPoY6hrUe10xi3pNSgRsHxOOovIl +WEU1JhVENgIm3Tcz7ZhvJtb6N160Sxvpk5i1c4VZZryqfWBXT4pg+w/gHySou99L +SvEqVabmpQKBgQCPoVT9x5vodM+EOgm38hBTU9eT2uUp4sCCWG444vonNFpkco/o +T0yT/vZgmSQ5DkMoiKvkz48KaT5XlVdY02QgYDiJM3XeoY9J1LvqVMliwvEz8IcI +qAXbTUFeKU7iZcQDRq/rlokH/RYwspwmphPcI/O10Hlhput6ZrSYKJIhPwKBgQCD +/kZM90B3IxPFN9gI50ZvUOO6tcB8uvKL6pLV+K4PredvL6vQYHFwq3Mr7ekqJKqj +4+tFHvSoJp3jM74iXMs1Czf1I0ZOWu/jdlLQrYh4nnfdV7GfZYpG2jJzRW8AhPUn +5p+ZupPQp/wyO5KMPiFjhCQSfGygCHuPfDMG9KQGWQKBgQCT9FPPfKbgRpKxv4kn +R1yLMSuPf1vFkWooRdei5NMIxrrEXQR7+M5i0UxvgUtHFYKehCdyJgQXSdanAp2+ +nksrjJ8Ji82qR+7RFFKjtiR7VBGvwLUxxf2cOFwW5UYVIDD+UtDoAaGqNw3r4t76 +SVy2+M3HFC+U2KwNf/3sRm88Hw== +-----END PRIVATE KEY----- diff --git a/etc/certs/hostcert_keycloak.pem b/etc/certs/hostcert_keycloak.pem new file mode 100644 index 00000000000..9bcf8bb1a6d --- /dev/null +++ b/etc/certs/hostcert_keycloak.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5owDQYJKoZIhvcNAQEL +BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMxMjEyMTEy +MDQ4WhcNNDgwODAyMTEyMDQ4WjATMREwDwYDVQQDDAhrZXljbG9hazCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALDi8xX1WKtiH1O6nisWYMh8lxecmRZN +Tdx5pZBUIEIr/AtxenVvDsNhve4LC6adNuTUjlZMPGy6zTafm++w5Wq+tbzb8mfr +Xq2l5pnSnKHz47kn1DAFshVJamD5q00FHTvh/hjQXZiC9CZQk87sHpcbIsJ4q9Hz +venaVl1bnBLaQDW49QLEAheOIt2pLFVckNH4XiKptCg48tSL6FQRvA4XB8dntFqw +nXc8G1R3comXZ2BKE/kHL552As68tDQkS/IrylIej32IqPPmleOe2UvTH+TRrjei +lMi1wnZK1u2S3kFielgFHO/8pUDd7pMl5Y5IpGigoWK7B13umRwbxucCAwEAAaOB +hzCBhDBCBgNVHREEOzA5gghrZXljbG9ha4IJbG9jYWxob3N0giJrZXljbG9hay5k +ZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsMB0GA1UdDgQWBBSWJb2GH++dve3l/qg1 +o4RL4uM8hjAfBgNVHSMEGDAWgBSApEBpOOCBJC8+We2zfCWOdPyuqTANBgkqhkiG +9w0BAQsFAAOCAQEApnxNUKaXMJ78n/EeYpeztKJu42m2LkJu1Jz4n/t9Rj9QvnOk +QdrE0V4SNWckJhuY1fj75Rczjv3pk5bKgy8bkZckSENTtVEGPLPa5fYOtR58YKq4 +VhG4YcvCYNrBUZaTIZ5pqjeWDFyEwM3wFk69iLRZhv+jaOqZ7Dnq5AC3ZLeK6bUR +U4Dg9URmZP7dIEoBzbW6luXCOuxKx9bto6mp3Ddc2WiMaUnvYAxM+iCFki6mQFfX +h4Q2EEIUiWgvZD1GMbK5Wrexh/K8Es9LBqZtAgFi5isJ5L1ojdd+XCr5Q+gYIv80 +dECdhlcBKok+orDvhUnJvzx0W9yGP5nTGnCvGw== +-----END CERTIFICATE----- diff --git a/etc/certs/rucio_ca.srl b/etc/certs/rucio_ca.srl index 28faf2f4691..8d7521a9907 100644 --- a/etc/certs/rucio_ca.srl +++ b/etc/certs/rucio_ca.srl @@ -1 +1 @@ -557A59C5FB5A50CC2BC2093AC184757069749797 +557A59C5FB5A50CC2BC2093AC18475706974979A diff --git a/etc/docker/dev/docker-compose.ports.yml b/etc/docker/dev/docker-compose.ports.yml index a4b0edd04d1..7a3997bd556 100644 --- a/etc/docker/dev/docker-compose.ports.yml +++ b/etc/docker/dev/docker-compose.ports.yml @@ -64,12 +64,12 @@ services: grafana: ports: - "127.0.0.1:3000:3000" - db-iam: + indigoiam-db: ports: - "127.0.0.1:3307:3306" - nginx-iam: + indigoiam: ports: - "127.0.0.1:9443:443" - iam: + indigoiam-login-service: ports: - "127.0.0.1:8090:8090" diff --git a/etc/docker/dev/docker-compose.yml b/etc/docker/dev/docker-compose.yml index c6324fa0040..c8351c2211a 100644 --- a/etc/docker/dev/docker-compose.yml +++ b/etc/docker/dev/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: rucioclient: image: docker.io/rucio/rucio-dev:latest-alma9 - entrypoint: ["/rucio_source/etc/docker/dev/rucio_entrypoint.sh"] + entrypoint: ["/rucio_source/etc/docker/dev/rucio/entrypoint.sh"] command: ["sleep", "infinity"] profiles: - client @@ -11,11 +11,12 @@ services: - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - ../../certs/rucio_ca.pem:/opt/rucio/etc/rucio_ca.pem:z - - ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z - - ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z + - ../../certs/ruciouser.pem:/tmp/usercert.pem:z + - ../../certs/ruciouser.key.pem:/tmp/userkey.pem:z - ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z - ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z - ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z + - ./rucio/idpsecrets.json:/opt/rucio/etc/idpsecrets.json:ro - ../../../tools:/opt/rucio/tools:Z - ../../../bin:/opt/rucio/bin:Z - ../../../lib:/opt/rucio/lib:Z @@ -23,23 +24,22 @@ services: - ../../../:/rucio_source:ro environment: - RUCIO_SOURCE_DIR=/rucio_source - - X509_USER_CERT=/opt/rucio/etc/usercert.pem - - X509_USER_KEY=/opt/rucio/etc/userkey.pem - RDBMS rucio: image: docker.io/rucio/rucio-dev:latest-alma9 - entrypoint: ["/rucio_source/etc/docker/dev/rucio_entrypoint.sh"] + entrypoint: ["/rucio_source/etc/docker/dev/rucio/entrypoint.sh"] command: ["httpd","-D","FOREGROUND"] volumes: - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - ../../certs/rucio_ca.pem:/opt/rucio/etc/rucio_ca.pem:z - - ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z - - ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z + - ../../certs/ruciouser.pem:/tmp/usercert.pem:z + - ../../certs/ruciouser.key.pem:/tmp/userkey.pem:z - ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z - ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z - ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z + - ./rucio/idpsecrets.json:/opt/rucio/etc/idpsecrets.json:ro - ../../../tools:/opt/rucio/tools:Z - ../../../bin:/opt/rucio/bin:Z - ../../../lib:/opt/rucio/lib:Z @@ -47,8 +47,6 @@ services: - ../../../:/rucio_source:ro environment: - RUCIO_SOURCE_DIR=/rucio_source - - X509_USER_CERT=/opt/rucio/etc/usercert.pem - - X509_USER_KEY=/opt/rucio/etc/userkey.pem - RDBMS ruciodb: image: docker.io/postgres:14 @@ -72,6 +70,8 @@ services: image: docker.io/elasticsearch:7.4.0 environment: - discovery.type=single-node + profiles: + - elastic activemq: image: docker.io/webcenter/activemq:latest environment: @@ -187,9 +187,11 @@ services: image: docker.io/rucio/xrootd profiles: - storage - environment: - - XRDPORT=1097 volumes: + - ./xrd4/xrootd.cfg:/etc/xrootd/xrdrucio.cfg:ro + - ./xrd4/entrypoint.sh:/docker-entrypoint.sh:ro + - ./xrd4/scitokens.cfg:/etc/xrootd/scitokens.cfg:ro + - ./xrd4/Authfile:/etc/xrootd/Authfile:ro - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - ../../certs/hostcert_xrd4.pem:/tmp/xrdcert.pem:Z - ../../certs/hostcert_xrd4.key.pem:/tmp/xrdkey.pem:Z @@ -242,44 +244,53 @@ services: image: docker.io/grafana/grafana:latest profiles: - monitoring - db-iam: + indigoiam-db: image: mariadb:10.11 profiles: - iam + healthcheck: + test: mysql -u indigoiam -psecret indigoiam -e "select * from client_details where client_name='rucio'" | grep 'rucio' > /dev/null + interval: 5s + retries: 10 environment: - TZ=Europe/Paris - MYSQL_ROOT_PASSWORD=supersecret - - MYSQL_USER=iam + - MYSQL_USER=indigoiam - MYSQL_PASSWORD=secret - - MYSQL_DATABASE=iam_db - nginx-iam: + - MYSQL_DATABASE=indigoiam + volumes: + - ./indigoiam/indigoiam_test_db.sql:/docker-entrypoint-initdb.d/init.sql:ro + indigoiam: image: nginx profiles: - iam dns_search: cern.ch environment: TZ: Europe/Paris - NGINX_HOST: iam + NGINX_HOST: indigoiam NGINX_PORT: 443 volumes: - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - # - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - # - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - - /etc/grid-security/:/etc/grid-security/ + - ../../certs/hostcert_indigoiam.pem:/etc/grid-security/hostcert.pem:z + - ../../certs/hostcert_indigoiam.key.pem:/etc/grid-security/hostkey.pem:z - /dev/urandom:/dev/random - - ../../iam-assets/iam.conf:/etc/nginx/conf.d/default.conf:ro - iam: + - ./indigoiam/indigoiam_nginx.conf:/etc/nginx/conf.d/default.conf:ro + depends_on: + - indigoiam-login-service + ports: + - "127.0.0.1:443:443" + indigoiam-login-service: profiles: - iam image: indigoiam/iam-login-service:v1.8.2 volumes: - - ../../iam-assets/keystore.jwks:/keystore.jwks:ro + - ./indigoiam/indigoiam_keystore.jwks:/keystore.jwks:ro environment: - IAM_JAVA_OPTS=-Djava.security.egd=file:/dev/urandom -Dspring.profiles.active=prod,oidc,cern,registration,wlcg-scopes -agentlib:jdwp=transport=dt_socket,server=y,address=1044,suspend=n -Dlogging.file.name=/var/log/iam/iam.log - - IAM_HOST= + - IAM_HOST=indigoiam - IAM_PORT=8090 - - IAM_BASE_URL=https:// - - IAM_ISSUER=https:// + - IAM_BASE_URL=https://indigoiam/ + - IAM_ISSUER=https://indigoiam/ - IAM_FORWARD_HEADERS_STRATEGY=native - IAM_KEY_STORE_LOCATION=file:/keystore.jwks - IAM_JWK_CACHE_LIFETIME=21600 @@ -293,8 +304,19 @@ services: - IAM_LOCAL_RESOURCES_LOCATION=file:/indigo-iam/local-resources - IAM_ORGANISATION_NAME=rucio-dc - IAM_TOPBAR_TITLE="INDIGO IAM for rucio-dc" - - IAM_DB_HOST= - - IAM_DB_PORT=3307 - - IAM_DB_NAME=iam_db - - IAM_DB_USERNAME=iam + - IAM_DB_HOST=indigoiam-db + - IAM_DB_PORT=3306 + - IAM_DB_NAME=indigoiam + - IAM_DB_USERNAME=indigoiam - IAM_DB_PASSWORD=secret + depends_on: + indigoiam-db: + condition: service_healthy + keycloak: + command: ['start-dev', '--features=token-exchange'] + profiles: + - iam + image: quay.io/keycloak/keycloak:23.0.1 + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=secret diff --git a/etc/iam-assets/keystore.jwks b/etc/docker/dev/indigoiam/indigoiam_keystore.jwks similarity index 100% rename from etc/iam-assets/keystore.jwks rename to etc/docker/dev/indigoiam/indigoiam_keystore.jwks diff --git a/etc/iam-assets/iam.conf b/etc/docker/dev/indigoiam/indigoiam_nginx.conf similarity index 88% rename from etc/iam-assets/iam.conf rename to etc/docker/dev/indigoiam/indigoiam_nginx.conf index 0093d7fecba..5fbd7555780 100644 --- a/etc/iam-assets/iam.conf +++ b/etc/docker/dev/indigoiam/indigoiam_nginx.conf @@ -1,6 +1,6 @@ server { - listen 443 ssl; - server_name ; + listen 443 ssl default_server; + server_name indigoiam; access_log /var/log/nginx/iam.access.log combined; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; @@ -8,7 +8,7 @@ server { ssl_certificate_key /etc/grid-security/hostkey.pem; location / { - proxy_pass http://:8090; + proxy_pass http://indigoiam-login-service:8090; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; diff --git a/etc/docker/dev/indigoiam/indigoiam_test_db.sql b/etc/docker/dev/indigoiam/indigoiam_test_db.sql new file mode 100644 index 00000000000..e92934a11cc --- /dev/null +++ b/etc/docker/dev/indigoiam/indigoiam_test_db.sql @@ -0,0 +1,2432 @@ +-- MariaDB dump 10.19 Distrib 10.11.6-MariaDB, for debian-linux-gnu (x86_64) +-- +-- Host: localhost Database: indigoiam +-- ------------------------------------------------------ +-- Server version 10.11.6-MariaDB-1:10.11.6+maria~ubu2204 + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8mb4 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `access_token` +-- + +DROP TABLE IF EXISTS `access_token`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `access_token` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `token_value` varchar(4096) DEFAULT NULL, + `expiration` timestamp NULL DEFAULT NULL, + `token_type` varchar(256) DEFAULT NULL, + `refresh_token_id` bigint(20) DEFAULT NULL, + `client_id` bigint(20) DEFAULT NULL, + `auth_holder_id` bigint(20) DEFAULT NULL, + `id_token_id` bigint(20) DEFAULT NULL, + `approved_site_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `token_value` (`token_value`(766)), + KEY `at_tv_idx` (`token_value`(767)), + KEY `at_exp_idx` (`expiration`), + KEY `at_ahi_idx` (`auth_holder_id`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `access_token` +-- + +LOCK TABLES `access_token` WRITE; +/*!40000 ALTER TABLE `access_token` DISABLE KEYS */; +INSERT INTO `access_token` VALUES + (1,'eyJraWQiOiJyc2ExIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI4NWU2ZjdhNS01ODBiLTRhMWMtYTZkMi0zOTA1NTE0MzA2M2QiLCJhdWQiOiJ4cmQ0IiwiaXNzIjoiaHR0cHM6XC9cL2luZGlnb2lhbVwvIiwiZXhwIjoxNzAyNDYyMDE0LCJpYXQiOjE3MDI0NTg0MTQsImp0aSI6ImE4NWM4MzJlLTQxYjQtNGI0NS05MGM2LWE5OTBkYTc1NWUwNCIsImNsaWVudF9pZCI6Ijg1ZTZmN2E1LTU4MGItNGExYy1hNmQyLTM5MDU1MTQzMDYzZCJ9.R8gZHyvD22Py45QFQ3blhrbTJpY2xHHe0uR7iBznnuvScer_hvzNQ1ABkK77_yRf_QAmqfJGb544g-Cs-hm51t3SvfRFva4_ME3dA8WGCH-AGO4sgPiWJqDNZ1OG1MeYvLAUa1T56lCdjPnNDf1HW6eg2Rn99V6JcZJ1Su-Nn60','2023-12-13 09:06:54','Bearer',NULL,2,1,NULL,NULL); +/*!40000 ALTER TABLE `access_token` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `access_token_permissions` +-- + +DROP TABLE IF EXISTS `access_token_permissions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `access_token_permissions` ( + `access_token_id` bigint(20) NOT NULL, + `permission_id` bigint(20) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `access_token_permissions` +-- + +LOCK TABLES `access_token_permissions` WRITE; +/*!40000 ALTER TABLE `access_token_permissions` DISABLE KEYS */; +/*!40000 ALTER TABLE `access_token_permissions` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `address` +-- + +DROP TABLE IF EXISTS `address`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `address` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `formatted` varchar(256) DEFAULT NULL, + `street_address` varchar(256) DEFAULT NULL, + `locality` varchar(256) DEFAULT NULL, + `region` varchar(256) DEFAULT NULL, + `postal_code` varchar(256) DEFAULT NULL, + `country` varchar(256) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `address` +-- + +LOCK TABLES `address` WRITE; +/*!40000 ALTER TABLE `address` DISABLE KEYS */; +/*!40000 ALTER TABLE `address` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `approved_site` +-- + +DROP TABLE IF EXISTS `approved_site`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `approved_site` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `user_id` varchar(256) DEFAULT NULL, + `client_id` varchar(256) DEFAULT NULL, + `creation_date` timestamp NULL DEFAULT NULL, + `access_date` timestamp NULL DEFAULT NULL, + `timeout_date` timestamp NULL DEFAULT NULL, + `whitelisted_site_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `approved_site` +-- + +LOCK TABLES `approved_site` WRITE; +/*!40000 ALTER TABLE `approved_site` DISABLE KEYS */; +/*!40000 ALTER TABLE `approved_site` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `approved_site_scope` +-- + +DROP TABLE IF EXISTS `approved_site_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `approved_site_scope` ( + `owner_id` bigint(20) DEFAULT NULL, + `scope` varchar(256) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `approved_site_scope` +-- + +LOCK TABLES `approved_site_scope` WRITE; +/*!40000 ALTER TABLE `approved_site_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `approved_site_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder` +-- + +DROP TABLE IF EXISTS `authentication_holder`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `user_auth_id` bigint(20) DEFAULT NULL, + `approved` tinyint(1) DEFAULT NULL, + `redirect_uri` varchar(2048) DEFAULT NULL, + `client_id` varchar(256) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder` +-- + +LOCK TABLES `authentication_holder` WRITE; +/*!40000 ALTER TABLE `authentication_holder` DISABLE KEYS */; +INSERT INTO `authentication_holder` VALUES + (1,NULL,1,NULL,'85e6f7a5-580b-4a1c-a6d2-39055143063d'); +/*!40000 ALTER TABLE `authentication_holder` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_authority` +-- + +DROP TABLE IF EXISTS `authentication_holder_authority`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_authority` ( + `owner_id` bigint(20) DEFAULT NULL, + `authority` varchar(256) DEFAULT NULL, + KEY `aha_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_authority` +-- + +LOCK TABLES `authentication_holder_authority` WRITE; +/*!40000 ALTER TABLE `authentication_holder_authority` DISABLE KEYS */; +INSERT INTO `authentication_holder_authority` VALUES + (1,'ROLE_CLIENT'); +/*!40000 ALTER TABLE `authentication_holder_authority` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_extension` +-- + +DROP TABLE IF EXISTS `authentication_holder_extension`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_extension` ( + `owner_id` bigint(20) DEFAULT NULL, + `extension` varchar(2048) DEFAULT NULL, + `val` varchar(2048) DEFAULT NULL, + KEY `ahe_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_extension` +-- + +LOCK TABLES `authentication_holder_extension` WRITE; +/*!40000 ALTER TABLE `authentication_holder_extension` DISABLE KEYS */; +INSERT INTO `authentication_holder_extension` VALUES + (1,'aud','xrd4'); +/*!40000 ALTER TABLE `authentication_holder_extension` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_request_parameter` +-- + +DROP TABLE IF EXISTS `authentication_holder_request_parameter`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_request_parameter` ( + `owner_id` bigint(20) DEFAULT NULL, + `param` varchar(2048) DEFAULT NULL, + `val` varchar(2048) DEFAULT NULL, + KEY `ahrp_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_request_parameter` +-- + +LOCK TABLES `authentication_holder_request_parameter` WRITE; +/*!40000 ALTER TABLE `authentication_holder_request_parameter` DISABLE KEYS */; +INSERT INTO `authentication_holder_request_parameter` VALUES + (1,'scope','storage.modify:/rucio storage.read:/rucio'), + (1,'audience','xrd4'), + (1,'grant_type','client_credentials'); +/*!40000 ALTER TABLE `authentication_holder_request_parameter` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_resource_id` +-- + +DROP TABLE IF EXISTS `authentication_holder_resource_id`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_resource_id` ( + `owner_id` bigint(20) DEFAULT NULL, + `resource_id` varchar(2048) DEFAULT NULL, + KEY `ahri_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_resource_id` +-- + +LOCK TABLES `authentication_holder_resource_id` WRITE; +/*!40000 ALTER TABLE `authentication_holder_resource_id` DISABLE KEYS */; +/*!40000 ALTER TABLE `authentication_holder_resource_id` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_response_type` +-- + +DROP TABLE IF EXISTS `authentication_holder_response_type`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_response_type` ( + `owner_id` bigint(20) DEFAULT NULL, + `response_type` varchar(2048) DEFAULT NULL, + KEY `ahrt_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_response_type` +-- + +LOCK TABLES `authentication_holder_response_type` WRITE; +/*!40000 ALTER TABLE `authentication_holder_response_type` DISABLE KEYS */; +/*!40000 ALTER TABLE `authentication_holder_response_type` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authentication_holder_scope` +-- + +DROP TABLE IF EXISTS `authentication_holder_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authentication_holder_scope` ( + `owner_id` bigint(20) DEFAULT NULL, + `scope` varchar(2048) DEFAULT NULL, + KEY `ahs_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authentication_holder_scope` +-- + +LOCK TABLES `authentication_holder_scope` WRITE; +/*!40000 ALTER TABLE `authentication_holder_scope` DISABLE KEYS */; +INSERT INTO `authentication_holder_scope` VALUES + (1,'storage.read:/rucio'), + (1,'storage.modify:/rucio'); +/*!40000 ALTER TABLE `authentication_holder_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `authorization_code` +-- + +DROP TABLE IF EXISTS `authorization_code`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `authorization_code` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `code` varchar(256) DEFAULT NULL, + `auth_holder_id` bigint(20) DEFAULT NULL, + `expiration` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `ac_ahi_idx` (`auth_holder_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `authorization_code` +-- + +LOCK TABLES `authorization_code` WRITE; +/*!40000 ALTER TABLE `authorization_code` DISABLE KEYS */; +/*!40000 ALTER TABLE `authorization_code` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `blacklisted_site` +-- + +DROP TABLE IF EXISTS `blacklisted_site`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `blacklisted_site` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `uri` varchar(2048) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `blacklisted_site` +-- + +LOCK TABLES `blacklisted_site` WRITE; +/*!40000 ALTER TABLE `blacklisted_site` DISABLE KEYS */; +/*!40000 ALTER TABLE `blacklisted_site` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `claim` +-- + +DROP TABLE IF EXISTS `claim`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `claim` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(256) DEFAULT NULL, + `friendly_name` varchar(1024) DEFAULT NULL, + `claim_type` varchar(1024) DEFAULT NULL, + `claim_value` varchar(1024) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `claim` +-- + +LOCK TABLES `claim` WRITE; +/*!40000 ALTER TABLE `claim` DISABLE KEYS */; +/*!40000 ALTER TABLE `claim` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `claim_issuer` +-- + +DROP TABLE IF EXISTS `claim_issuer`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `claim_issuer` ( + `owner_id` bigint(20) NOT NULL, + `issuer` varchar(1024) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `claim_issuer` +-- + +LOCK TABLES `claim_issuer` WRITE; +/*!40000 ALTER TABLE `claim_issuer` DISABLE KEYS */; +/*!40000 ALTER TABLE `claim_issuer` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `claim_to_permission_ticket` +-- + +DROP TABLE IF EXISTS `claim_to_permission_ticket`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `claim_to_permission_ticket` ( + `permission_ticket_id` bigint(20) NOT NULL, + `claim_id` bigint(20) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `claim_to_permission_ticket` +-- + +LOCK TABLES `claim_to_permission_ticket` WRITE; +/*!40000 ALTER TABLE `claim_to_permission_ticket` DISABLE KEYS */; +/*!40000 ALTER TABLE `claim_to_permission_ticket` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `claim_to_policy` +-- + +DROP TABLE IF EXISTS `claim_to_policy`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `claim_to_policy` ( + `policy_id` bigint(20) NOT NULL, + `claim_id` bigint(20) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `claim_to_policy` +-- + +LOCK TABLES `claim_to_policy` WRITE; +/*!40000 ALTER TABLE `claim_to_policy` DISABLE KEYS */; +/*!40000 ALTER TABLE `claim_to_policy` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `claim_token_format` +-- + +DROP TABLE IF EXISTS `claim_token_format`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `claim_token_format` ( + `owner_id` bigint(20) NOT NULL, + `claim_token_format` varchar(1024) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `claim_token_format` +-- + +LOCK TABLES `claim_token_format` WRITE; +/*!40000 ALTER TABLE `claim_token_format` DISABLE KEYS */; +/*!40000 ALTER TABLE `claim_token_format` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_authority` +-- + +DROP TABLE IF EXISTS `client_authority`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_authority` ( + `owner_id` bigint(20) DEFAULT NULL, + `authority` varchar(256) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_authority` +-- + +LOCK TABLES `client_authority` WRITE; +/*!40000 ALTER TABLE `client_authority` DISABLE KEYS */; +INSERT INTO `client_authority` VALUES + (2,'ROLE_CLIENT'); +/*!40000 ALTER TABLE `client_authority` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_claims_redirect_uri` +-- + +DROP TABLE IF EXISTS `client_claims_redirect_uri`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_claims_redirect_uri` ( + `owner_id` bigint(20) DEFAULT NULL, + `redirect_uri` varchar(2048) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_claims_redirect_uri` +-- + +LOCK TABLES `client_claims_redirect_uri` WRITE; +/*!40000 ALTER TABLE `client_claims_redirect_uri` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_claims_redirect_uri` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_contact` +-- + +DROP TABLE IF EXISTS `client_contact`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_contact` ( + `owner_id` bigint(20) DEFAULT NULL, + `contact` varchar(256) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_contact` +-- + +LOCK TABLES `client_contact` WRITE; +/*!40000 ALTER TABLE `client_contact` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_contact` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_default_acr_value` +-- + +DROP TABLE IF EXISTS `client_default_acr_value`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_default_acr_value` ( + `owner_id` bigint(20) DEFAULT NULL, + `default_acr_value` varchar(2000) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_default_acr_value` +-- + +LOCK TABLES `client_default_acr_value` WRITE; +/*!40000 ALTER TABLE `client_default_acr_value` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_default_acr_value` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_details` +-- + +DROP TABLE IF EXISTS `client_details`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_details` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `client_description` varchar(1024) DEFAULT NULL, + `reuse_refresh_tokens` tinyint(1) NOT NULL DEFAULT 1, + `dynamically_registered` tinyint(1) NOT NULL DEFAULT 0, + `allow_introspection` tinyint(1) NOT NULL DEFAULT 0, + `id_token_validity_seconds` bigint(20) NOT NULL DEFAULT 600, + `client_id` varchar(256) DEFAULT NULL, + `client_secret` text DEFAULT NULL, + `access_token_validity_seconds` bigint(20) DEFAULT NULL, + `refresh_token_validity_seconds` bigint(20) DEFAULT NULL, + `application_type` varchar(256) DEFAULT NULL, + `client_name` varchar(256) DEFAULT NULL, + `token_endpoint_auth_method` varchar(256) DEFAULT NULL, + `subject_type` varchar(256) DEFAULT NULL, + `logo_uri` text DEFAULT NULL, + `policy_uri` text DEFAULT NULL, + `client_uri` text DEFAULT NULL, + `tos_uri` text DEFAULT NULL, + `jwks_uri` text DEFAULT NULL, + `jwks` text DEFAULT NULL, + `sector_identifier_uri` text DEFAULT NULL, + `request_object_signing_alg` varchar(256) DEFAULT NULL, + `user_info_signed_response_alg` varchar(256) DEFAULT NULL, + `user_info_encrypted_response_alg` varchar(256) DEFAULT NULL, + `user_info_encrypted_response_enc` varchar(256) DEFAULT NULL, + `id_token_signed_response_alg` varchar(256) DEFAULT NULL, + `id_token_encrypted_response_alg` varchar(256) DEFAULT NULL, + `id_token_encrypted_response_enc` varchar(256) DEFAULT NULL, + `token_endpoint_auth_signing_alg` varchar(256) DEFAULT NULL, + `default_max_age` bigint(20) DEFAULT NULL, + `require_auth_time` tinyint(1) DEFAULT NULL, + `created_at` timestamp NULL DEFAULT NULL, + `initiate_login_uri` varchar(2048) DEFAULT NULL, + `clear_access_tokens_on_refresh` tinyint(1) NOT NULL DEFAULT 1, + `software_statement` text DEFAULT NULL, + `code_challenge_method` varchar(256) DEFAULT NULL, + `software_id` text DEFAULT NULL, + `software_version` text DEFAULT NULL, + `device_code_validity_seconds` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `client_id` (`client_id`), + KEY `cd_ci_idx` (`client_id`) +) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_details` +-- + +LOCK TABLES `client_details` WRITE; +/*!40000 ALTER TABLE `client_details` DISABLE KEYS */; +INSERT INTO `client_details` VALUES + (1,NULL,1,0,1,600,'client','secret',3600,NULL,NULL,'Test Client','SECRET_BASIC',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,1,NULL,NULL,NULL,NULL,600), + (2,NULL,0,0,1,600,'85e6f7a5-580b-4a1c-a6d2-39055143063d','AIYIneAVGs9PTVvQnxNGqDmh3rNTsyFOrrwRIqy1Zc6ngPN9hQe6I2VzDzN2uGLCPsvQI8nhYxf_V09NHk-yv7o',3600,2592000,NULL,'rucio','SECRET_BASIC',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0,'2023-12-12 07:32:39',NULL,0,NULL,NULL,NULL,NULL,600); +/*!40000 ALTER TABLE `client_details` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_grant_type` +-- + +DROP TABLE IF EXISTS `client_grant_type`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_grant_type` ( + `owner_id` bigint(20) DEFAULT NULL, + `grant_type` varchar(2000) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_grant_type` +-- + +LOCK TABLES `client_grant_type` WRITE; +/*!40000 ALTER TABLE `client_grant_type` DISABLE KEYS */; +INSERT INTO `client_grant_type` VALUES + (1,'authorization_code'), + (1,'refresh_token'), + (2,'client_credentials'); +/*!40000 ALTER TABLE `client_grant_type` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_post_logout_redirect_uri` +-- + +DROP TABLE IF EXISTS `client_post_logout_redirect_uri`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_post_logout_redirect_uri` ( + `owner_id` bigint(20) DEFAULT NULL, + `post_logout_redirect_uri` varchar(2000) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_post_logout_redirect_uri` +-- + +LOCK TABLES `client_post_logout_redirect_uri` WRITE; +/*!40000 ALTER TABLE `client_post_logout_redirect_uri` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_post_logout_redirect_uri` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_redirect_uri` +-- + +DROP TABLE IF EXISTS `client_redirect_uri`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_redirect_uri` ( + `owner_id` bigint(20) DEFAULT NULL, + `redirect_uri` varchar(2048) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_redirect_uri` +-- + +LOCK TABLES `client_redirect_uri` WRITE; +/*!40000 ALTER TABLE `client_redirect_uri` DISABLE KEYS */; +INSERT INTO `client_redirect_uri` VALUES + (1,'https://iam/iam-test-client/openid_connect_login'); +/*!40000 ALTER TABLE `client_redirect_uri` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_request_uri` +-- + +DROP TABLE IF EXISTS `client_request_uri`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_request_uri` ( + `owner_id` bigint(20) DEFAULT NULL, + `request_uri` varchar(2000) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_request_uri` +-- + +LOCK TABLES `client_request_uri` WRITE; +/*!40000 ALTER TABLE `client_request_uri` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_request_uri` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_resource` +-- + +DROP TABLE IF EXISTS `client_resource`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_resource` ( + `owner_id` bigint(20) DEFAULT NULL, + `resource_id` varchar(256) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_resource` +-- + +LOCK TABLES `client_resource` WRITE; +/*!40000 ALTER TABLE `client_resource` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_resource` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_response_type` +-- + +DROP TABLE IF EXISTS `client_response_type`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_response_type` ( + `owner_id` bigint(20) DEFAULT NULL, + `response_type` varchar(2000) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_response_type` +-- + +LOCK TABLES `client_response_type` WRITE; +/*!40000 ALTER TABLE `client_response_type` DISABLE KEYS */; +/*!40000 ALTER TABLE `client_response_type` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `client_scope` +-- + +DROP TABLE IF EXISTS `client_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `client_scope` ( + `owner_id` bigint(20) DEFAULT NULL, + `scope` varchar(2048) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `client_scope` +-- + +LOCK TABLES `client_scope` WRITE; +/*!40000 ALTER TABLE `client_scope` DISABLE KEYS */; +INSERT INTO `client_scope` VALUES + (1,'openid'), + (1,'profile'), + (1,'email'), + (1,'address'), + (1,'phone'), + (1,'offline_access'), + (2,'openid'), + (2,'profile'), + (2,'email'), + (2,'storage.read:/'), + (2,'storage.modify:/'); +/*!40000 ALTER TABLE `client_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `device_code` +-- + +DROP TABLE IF EXISTS `device_code`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `device_code` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `device_code` varchar(1024) DEFAULT NULL, + `user_code` varchar(1024) DEFAULT NULL, + `expiration` timestamp NOT NULL DEFAULT current_timestamp(), + `client_id` varchar(256) DEFAULT NULL, + `approved` tinyint(1) DEFAULT NULL, + `auth_holder_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `device_code` +-- + +LOCK TABLES `device_code` WRITE; +/*!40000 ALTER TABLE `device_code` DISABLE KEYS */; +/*!40000 ALTER TABLE `device_code` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `device_code_request_parameter` +-- + +DROP TABLE IF EXISTS `device_code_request_parameter`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `device_code_request_parameter` ( + `owner_id` bigint(20) DEFAULT NULL, + `param` varchar(2048) DEFAULT NULL, + `val` varchar(2048) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `device_code_request_parameter` +-- + +LOCK TABLES `device_code_request_parameter` WRITE; +/*!40000 ALTER TABLE `device_code_request_parameter` DISABLE KEYS */; +/*!40000 ALTER TABLE `device_code_request_parameter` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `device_code_scope` +-- + +DROP TABLE IF EXISTS `device_code_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `device_code_scope` ( + `owner_id` bigint(20) NOT NULL, + `scope` varchar(256) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `device_code_scope` +-- + +LOCK TABLES `device_code_scope` WRITE; +/*!40000 ALTER TABLE `device_code_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `device_code_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account` +-- + +DROP TABLE IF EXISTS `iam_account`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `active` tinyint(1) NOT NULL DEFAULT 0, + `CREATIONTIME` datetime NOT NULL, + `LASTUPDATETIME` datetime NOT NULL, + `PASSWORD` varchar(128) DEFAULT NULL, + `USERNAME` varchar(128) NOT NULL, + `UUID` varchar(36) NOT NULL, + `user_info_id` bigint(20) DEFAULT NULL, + `confirmation_key` varchar(36) DEFAULT NULL, + `reset_key` varchar(36) DEFAULT NULL, + `provisioned` tinyint(1) NOT NULL DEFAULT 0, + `last_login_time` datetime DEFAULT NULL, + `end_time` datetime DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `USERNAME` (`USERNAME`), + UNIQUE KEY `UUID` (`UUID`), + KEY `FK_iam_account_user_info_id` (`user_info_id`), + KEY `ia_ct_idx` (`CREATIONTIME`), + KEY `ia_lut_idx` (`LASTUPDATETIME`), + KEY `ia_llt_idx` (`last_login_time`), + KEY `ia_et_idx` (`end_time`), + CONSTRAINT `FK_iam_account_user_info_id` FOREIGN KEY (`user_info_id`) REFERENCES `iam_user_info` (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account` +-- + +LOCK TABLES `iam_account` WRITE; +/*!40000 ALTER TABLE `iam_account` DISABLE KEYS */; +INSERT INTO `iam_account` VALUES + (1,1,'2023-12-12 09:27:37','2023-12-12 09:27:37','$2a$10$LRFsDuz9axhOskRfNH5jR.cyUpP463400pY5S6BDelKakdzI6mJ9W','admin','73f16d93-2441-4a50-88ff-85360d78c6b5',1,NULL,NULL,0,'2023-12-13 09:03:23',NULL); +/*!40000 ALTER TABLE `iam_account` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account_attrs` +-- + +DROP TABLE IF EXISTS `iam_account_attrs`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account_attrs` ( + `NAME` varchar(64) NOT NULL, + `val` varchar(256) DEFAULT NULL, + `account_id` bigint(20) DEFAULT NULL, + KEY `INDEX_iam_account_attrs_name` (`NAME`), + KEY `INDEX_iam_account_attrs_name_val` (`NAME`,`val`), + KEY `FK_iam_account_attrs_account_id` (`account_id`), + CONSTRAINT `FK_iam_account_attrs_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account_attrs` +-- + +LOCK TABLES `iam_account_attrs` WRITE; +/*!40000 ALTER TABLE `iam_account_attrs` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_account_attrs` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account_authority` +-- + +DROP TABLE IF EXISTS `iam_account_authority`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account_authority` ( + `account_id` bigint(20) NOT NULL, + `authority_id` bigint(20) NOT NULL, + PRIMARY KEY (`account_id`,`authority_id`), + KEY `FK_iam_account_authority_authority_id` (`authority_id`), + CONSTRAINT `FK_iam_account_authority_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_account_authority_authority_id` FOREIGN KEY (`authority_id`) REFERENCES `iam_authority` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account_authority` +-- + +LOCK TABLES `iam_account_authority` WRITE; +/*!40000 ALTER TABLE `iam_account_authority` DISABLE KEYS */; +INSERT INTO `iam_account_authority` VALUES + (1,1), + (1,2); +/*!40000 ALTER TABLE `iam_account_authority` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account_client` +-- + +DROP TABLE IF EXISTS `iam_account_client`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account_client` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `account_id` bigint(20) NOT NULL, + `client_id` bigint(20) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `UNQ_iam_account_client_0` (`account_id`,`client_id`), + KEY `FK_iam_account_client_client_id` (`client_id`), + CONSTRAINT `FK_iam_account_client_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_account_client_client_id` FOREIGN KEY (`client_id`) REFERENCES `client_details` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account_client` +-- + +LOCK TABLES `iam_account_client` WRITE; +/*!40000 ALTER TABLE `iam_account_client` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_account_client` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account_group` +-- + +DROP TABLE IF EXISTS `iam_account_group`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account_group` ( + `account_id` bigint(20) NOT NULL, + `group_id` bigint(20) NOT NULL, + `creation_time` datetime DEFAULT NULL, + `end_time` datetime DEFAULT NULL, + PRIMARY KEY (`account_id`,`group_id`), + KEY `FK_iam_account_group_group_id` (`group_id`), + CONSTRAINT `FK_iam_account_group_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_account_group_group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account_group` +-- + +LOCK TABLES `iam_account_group` WRITE; +/*!40000 ALTER TABLE `iam_account_group` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_account_group` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_account_labels` +-- + +DROP TABLE IF EXISTS `iam_account_labels`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_account_labels` ( + `NAME` varchar(64) NOT NULL, + `PREFIX` varchar(256) DEFAULT NULL, + `val` varchar(64) DEFAULT NULL, + `account_id` bigint(20) DEFAULT NULL, + KEY `INDEX_iam_account_labels_prefix_name_val` (`PREFIX`,`NAME`,`val`), + KEY `INDEX_iam_account_labels_prefix_name` (`PREFIX`,`NAME`), + KEY `FK_iam_account_labels_account_id` (`account_id`), + CONSTRAINT `FK_iam_account_labels_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_account_labels` +-- + +LOCK TABLES `iam_account_labels` WRITE; +/*!40000 ALTER TABLE `iam_account_labels` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_account_labels` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_address` +-- + +DROP TABLE IF EXISTS `iam_address`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_address` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `COUNTRY` varchar(2) DEFAULT NULL, + `FORMATTED` varchar(128) DEFAULT NULL, + `LOCALITY` varchar(128) DEFAULT NULL, + `POSTALCODE` varchar(16) DEFAULT NULL, + `REGION` varchar(128) DEFAULT NULL, + `STREETADDRESS` varchar(128) DEFAULT NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_address` +-- + +LOCK TABLES `iam_address` WRITE; +/*!40000 ALTER TABLE `iam_address` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_address` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_aup` +-- + +DROP TABLE IF EXISTS `iam_aup`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_aup` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `description` varchar(128) DEFAULT NULL, + `last_update_time` datetime NOT NULL, + `name` varchar(36) NOT NULL, + `sig_validity_days` bigint(20) NOT NULL, + `text` longtext DEFAULT NULL, + `url` varchar(256) DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `name` (`name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_aup` +-- + +LOCK TABLES `iam_aup` WRITE; +/*!40000 ALTER TABLE `iam_aup` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_aup` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_aup_signature` +-- + +DROP TABLE IF EXISTS `iam_aup_signature`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_aup_signature` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `signature_time` datetime NOT NULL, + `account_id` bigint(20) DEFAULT NULL, + `aup_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `UNQ_iam_aup_signature_0` (`aup_id`,`account_id`), + KEY `FK_iam_aup_signature_account_id` (`account_id`), + CONSTRAINT `FK_iam_aup_signature_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_aup_signature_aup_id` FOREIGN KEY (`aup_id`) REFERENCES `iam_aup` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_aup_signature` +-- + +LOCK TABLES `iam_aup_signature` WRITE; +/*!40000 ALTER TABLE `iam_aup_signature` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_aup_signature` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_authority` +-- + +DROP TABLE IF EXISTS `iam_authority`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_authority` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `auth` varchar(128) NOT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `auth` (`auth`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_authority` +-- + +LOCK TABLES `iam_authority` WRITE; +/*!40000 ALTER TABLE `iam_authority` DISABLE KEYS */; +INSERT INTO `iam_authority` VALUES + (1,'ROLE_ADMIN'), + (3,'ROLE_PRE_AUTHENTICATED'), + (2,'ROLE_USER'); +/*!40000 ALTER TABLE `iam_authority` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_email_notification` +-- + +DROP TABLE IF EXISTS `iam_email_notification`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_email_notification` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `UUID` varchar(36) NOT NULL, + `NOTIFICATION_TYPE` varchar(128) NOT NULL, + `SUBJECT` varchar(128) DEFAULT NULL, + `BODY` text DEFAULT NULL, + `CREATION_TIME` timestamp NOT NULL DEFAULT current_timestamp(), + `DELIVERY_STATUS` varchar(128) DEFAULT NULL, + `LAST_UPDATE` timestamp NULL DEFAULT NULL, + `REQUEST_ID` bigint(20) DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `UUID` (`UUID`), + KEY `FK_iam_email_notification_request_id` (`REQUEST_ID`), + CONSTRAINT `FK_iam_email_notification_request_id` FOREIGN KEY (`REQUEST_ID`) REFERENCES `iam_reg_request` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_email_notification` +-- + +LOCK TABLES `iam_email_notification` WRITE; +/*!40000 ALTER TABLE `iam_email_notification` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_email_notification` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_exchange_policy` +-- + +DROP TABLE IF EXISTS `iam_exchange_policy`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_exchange_policy` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `description` varchar(512) DEFAULT NULL, + `last_update_time` datetime NOT NULL, + `rule` varchar(6) NOT NULL, + `dest_m_param` varchar(256) DEFAULT NULL, + `dest_m_type` varchar(8) NOT NULL, + `origin_m_param` varchar(256) DEFAULT NULL, + `origin_m_type` varchar(8) NOT NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_exchange_policy` +-- + +LOCK TABLES `iam_exchange_policy` WRITE; +/*!40000 ALTER TABLE `iam_exchange_policy` DISABLE KEYS */; +INSERT INTO `iam_exchange_policy` VALUES + (1,'2023-12-12 09:27:41','Allow all exchanges','2023-12-12 09:27:41','PERMIT',NULL,'ANY',NULL,'ANY'); +/*!40000 ALTER TABLE `iam_exchange_policy` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_exchange_scope_policies` +-- + +DROP TABLE IF EXISTS `iam_exchange_scope_policies`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_exchange_scope_policies` ( + `param` varchar(256) DEFAULT NULL, + `rule` varchar(6) NOT NULL, + `type` varchar(6) NOT NULL, + `exchange_policy_id` bigint(20) DEFAULT NULL, + KEY `FK_iam_exchange_scope_policies_exchange_policy_id` (`exchange_policy_id`), + CONSTRAINT `FK_iam_exchange_scope_policies_exchange_policy_id` FOREIGN KEY (`exchange_policy_id`) REFERENCES `iam_exchange_policy` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_exchange_scope_policies` +-- + +LOCK TABLES `iam_exchange_scope_policies` WRITE; +/*!40000 ALTER TABLE `iam_exchange_scope_policies` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_exchange_scope_policies` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_ext_authn` +-- + +DROP TABLE IF EXISTS `iam_ext_authn`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_ext_authn` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `authentication_time` datetime NOT NULL, + `expiration_time` datetime NOT NULL, + `saved_authn_id` bigint(20) DEFAULT NULL, + `type` varchar(32) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `saved_authn_id` (`saved_authn_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_ext_authn` +-- + +LOCK TABLES `iam_ext_authn` WRITE; +/*!40000 ALTER TABLE `iam_ext_authn` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_ext_authn` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_ext_authn_attr` +-- + +DROP TABLE IF EXISTS `iam_ext_authn_attr`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_ext_authn_attr` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `value` varchar(512) NOT NULL, + `details_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `FK_iam_ext_authn_attr_details_id` (`details_id`), + CONSTRAINT `FK_iam_ext_authn_attr_details_id` FOREIGN KEY (`details_id`) REFERENCES `iam_ext_authn` (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_ext_authn_attr` +-- + +LOCK TABLES `iam_ext_authn_attr` WRITE; +/*!40000 ALTER TABLE `iam_ext_authn_attr` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_ext_authn_attr` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_group` +-- + +DROP TABLE IF EXISTS `iam_group`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_group` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `CREATIONTIME` datetime NOT NULL, + `DESCRIPTION` varchar(512) DEFAULT NULL, + `LASTUPDATETIME` datetime NOT NULL, + `name` varchar(512) NOT NULL, + `UUID` varchar(36) NOT NULL, + `parent_group_id` bigint(20) DEFAULT NULL, + `default_group` tinyint(1) NOT NULL DEFAULT 0, + PRIMARY KEY (`ID`), + UNIQUE KEY `NAME` (`name`), + UNIQUE KEY `UUID` (`UUID`), + KEY `FK_iam_group_parent_id` (`parent_group_id`), + CONSTRAINT `FK_iam_group_parent_id` FOREIGN KEY (`parent_group_id`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_group` +-- + +LOCK TABLES `iam_group` WRITE; +/*!40000 ALTER TABLE `iam_group` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_group` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_group_attrs` +-- + +DROP TABLE IF EXISTS `iam_group_attrs`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_group_attrs` ( + `NAME` varchar(64) NOT NULL, + `val` varchar(256) DEFAULT NULL, + `group_id` bigint(20) DEFAULT NULL, + KEY `INDEX_iam_group_attrs_name` (`NAME`), + KEY `INDEX_iam_group_attrs_name_val` (`NAME`,`val`), + KEY `FK_iam_group_attrs_group_id` (`group_id`), + CONSTRAINT `FK_iam_group_attrs_group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_group_attrs` +-- + +LOCK TABLES `iam_group_attrs` WRITE; +/*!40000 ALTER TABLE `iam_group_attrs` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_group_attrs` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_group_labels` +-- + +DROP TABLE IF EXISTS `iam_group_labels`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_group_labels` ( + `NAME` varchar(64) NOT NULL, + `PREFIX` varchar(256) DEFAULT NULL, + `val` varchar(64) DEFAULT NULL, + `group_id` bigint(20) DEFAULT NULL, + KEY `INDEX_iam_group_labels_prefix_name_val` (`PREFIX`,`NAME`,`val`), + KEY `INDEX_iam_group_labels_prefix_name` (`PREFIX`,`NAME`), + KEY `FK_iam_group_labels_group_id` (`group_id`), + CONSTRAINT `FK_iam_group_labels_group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_group_labels` +-- + +LOCK TABLES `iam_group_labels` WRITE; +/*!40000 ALTER TABLE `iam_group_labels` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_group_labels` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_group_request` +-- + +DROP TABLE IF EXISTS `iam_group_request`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_group_request` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `UUID` varchar(36) NOT NULL, + `ACCOUNT_ID` bigint(20) DEFAULT NULL, + `GROUP_ID` bigint(20) DEFAULT NULL, + `STATUS` varchar(50) DEFAULT NULL, + `NOTES` text DEFAULT NULL, + `MOTIVATION` text DEFAULT NULL, + `CREATIONTIME` timestamp NOT NULL DEFAULT current_timestamp(), + `LASTUPDATETIME` timestamp NULL DEFAULT '1999-12-31 23:00:00', + PRIMARY KEY (`ID`), + UNIQUE KEY `UUID` (`UUID`), + KEY `FK_iam_group_request_account_id` (`ACCOUNT_ID`), + KEY `FK_iam_group_request_group_id` (`GROUP_ID`), + CONSTRAINT `FK_iam_group_request_account_id` FOREIGN KEY (`ACCOUNT_ID`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_group_request_group_id` FOREIGN KEY (`GROUP_ID`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_group_request` +-- + +LOCK TABLES `iam_group_request` WRITE; +/*!40000 ALTER TABLE `iam_group_request` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_group_request` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_notification_receiver` +-- + +DROP TABLE IF EXISTS `iam_notification_receiver`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_notification_receiver` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `NOTIFICATION_ID` bigint(20) DEFAULT NULL, + `EMAIL_ADDRESS` varchar(254) DEFAULT NULL, + PRIMARY KEY (`ID`), + KEY `FK_iam_notification_receiver_notification_id` (`NOTIFICATION_ID`), + CONSTRAINT `FK_iam_notification_receiver_notification_id` FOREIGN KEY (`NOTIFICATION_ID`) REFERENCES `iam_email_notification` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_notification_receiver` +-- + +LOCK TABLES `iam_notification_receiver` WRITE; +/*!40000 ALTER TABLE `iam_notification_receiver` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_notification_receiver` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_oidc_id` +-- + +DROP TABLE IF EXISTS `iam_oidc_id`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_oidc_id` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `ISSUER` varchar(256) NOT NULL, + `SUBJECT` varchar(256) NOT NULL, + `account_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`ID`), + KEY `FK_iam_oidc_id_account_id` (`account_id`), + CONSTRAINT `FK_iam_oidc_id_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_oidc_id` +-- + +LOCK TABLES `iam_oidc_id` WRITE; +/*!40000 ALTER TABLE `iam_oidc_id` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_oidc_id` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_reg_request` +-- + +DROP TABLE IF EXISTS `iam_reg_request`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_reg_request` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `UUID` varchar(36) NOT NULL, + `CREATIONTIME` timestamp NOT NULL DEFAULT current_timestamp(), + `ACCOUNT_ID` bigint(20) DEFAULT NULL, + `STATUS` varchar(50) DEFAULT NULL, + `LASTUPDATETIME` timestamp NULL DEFAULT NULL, + `notes` text DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `UUID` (`UUID`), + KEY `FK_iam_reg_request_account_id` (`ACCOUNT_ID`), + CONSTRAINT `FK_iam_reg_request_account_id` FOREIGN KEY (`ACCOUNT_ID`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_reg_request` +-- + +LOCK TABLES `iam_reg_request` WRITE; +/*!40000 ALTER TABLE `iam_reg_request` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_reg_request` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_reg_request_labels` +-- + +DROP TABLE IF EXISTS `iam_reg_request_labels`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_reg_request_labels` ( + `NAME` varchar(64) NOT NULL, + `PREFIX` varchar(256) DEFAULT NULL, + `val` varchar(64) DEFAULT NULL, + `request_id` bigint(20) DEFAULT NULL, + KEY `INDEX_iam_reg_request_labels_prefix_name_val` (`PREFIX`,`NAME`,`val`), + KEY `INDEX_iam_reg_request_labels_prefix_name` (`PREFIX`,`NAME`), + KEY `FK_iam_reg_request_labels_request_id` (`request_id`), + CONSTRAINT `FK_iam_reg_request_labels_request_id` FOREIGN KEY (`request_id`) REFERENCES `iam_reg_request` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_reg_request_labels` +-- + +LOCK TABLES `iam_reg_request_labels` WRITE; +/*!40000 ALTER TABLE `iam_reg_request_labels` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_reg_request_labels` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_saml_id` +-- + +DROP TABLE IF EXISTS `iam_saml_id`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_saml_id` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `IDPID` varchar(256) NOT NULL, + `USERID` varchar(256) NOT NULL, + `account_id` bigint(20) DEFAULT NULL, + `attribute_id` varchar(256) NOT NULL, + PRIMARY KEY (`ID`), + KEY `FK_iam_saml_id_account_id` (`account_id`), + KEY `IDX_IAM_SAML_ID_1` (`IDPID`,`attribute_id`,`USERID`), + CONSTRAINT `FK_iam_saml_id_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_saml_id` +-- + +LOCK TABLES `iam_saml_id` WRITE; +/*!40000 ALTER TABLE `iam_saml_id` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_saml_id` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_scope_policy` +-- + +DROP TABLE IF EXISTS `iam_scope_policy`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_scope_policy` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `creation_time` datetime NOT NULL, + `description` varchar(512) DEFAULT NULL, + `last_update_time` datetime NOT NULL, + `rule` varchar(6) NOT NULL, + `account_id` bigint(20) DEFAULT NULL, + `group_id` bigint(20) DEFAULT NULL, + `matching_policy` varchar(6) NOT NULL DEFAULT 'EQ', + PRIMARY KEY (`ID`), + KEY `FK_iam_scope_policy_group_id` (`group_id`), + KEY `FK_iam_scope_policy_account_id` (`account_id`), + CONSTRAINT `FK_iam_scope_policy_account_id` FOREIGN KEY (`account_id`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_scope_policy_group_id` FOREIGN KEY (`group_id`) REFERENCES `iam_group` (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_scope_policy` +-- + +LOCK TABLES `iam_scope_policy` WRITE; +/*!40000 ALTER TABLE `iam_scope_policy` DISABLE KEYS */; +INSERT INTO `iam_scope_policy` VALUES + (1,'2023-12-12 09:27:38','Default Permit ALL policy','2023-12-12 09:27:38','PERMIT',NULL,NULL,'EQ'); +/*!40000 ALTER TABLE `iam_scope_policy` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_scope_policy_scope` +-- + +DROP TABLE IF EXISTS `iam_scope_policy_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_scope_policy_scope` ( + `policy_id` bigint(20) DEFAULT NULL, + `scope` varchar(256) DEFAULT NULL, + UNIQUE KEY `INDEX_iam_scope_policy_scope_policy_id_scope` (`policy_id`,`scope`), + KEY `INDEX_iam_scope_policy_scope_scope` (`scope`), + CONSTRAINT `FK_iam_scope_policy_scope_policy_id` FOREIGN KEY (`policy_id`) REFERENCES `iam_scope_policy` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_scope_policy_scope` +-- + +LOCK TABLES `iam_scope_policy_scope` WRITE; +/*!40000 ALTER TABLE `iam_scope_policy_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_scope_policy_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_ssh_key` +-- + +DROP TABLE IF EXISTS `iam_ssh_key`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_ssh_key` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `fingerprint` varchar(48) NOT NULL, + `LABEL` varchar(36) NOT NULL, + `is_primary` tinyint(1) DEFAULT 0, + `val` longtext DEFAULT NULL, + `ACCOUNT_ID` bigint(20) DEFAULT NULL, + `creation_time` datetime NOT NULL, + `last_update_time` datetime NOT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `fingerprint` (`fingerprint`), + KEY `FK_iam_ssh_key_ACCOUNT_ID` (`ACCOUNT_ID`), + CONSTRAINT `FK_iam_ssh_key_ACCOUNT_ID` FOREIGN KEY (`ACCOUNT_ID`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_ssh_key` +-- + +LOCK TABLES `iam_ssh_key` WRITE; +/*!40000 ALTER TABLE `iam_ssh_key` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_ssh_key` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_totp_mfa` +-- + +DROP TABLE IF EXISTS `iam_totp_mfa`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_totp_mfa` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `active` tinyint(1) NOT NULL DEFAULT 0, + `secret` varchar(255) NOT NULL, + `creation_time` datetime NOT NULL, + `last_update_time` datetime NOT NULL, + `ACCOUNT_ID` bigint(20) DEFAULT NULL, + PRIMARY KEY (`ID`), + KEY `FK_iam_totp_mfa_account_id` (`ACCOUNT_ID`), + CONSTRAINT `FK_iam_totp_mfa_account_id` FOREIGN KEY (`ACCOUNT_ID`) REFERENCES `iam_account` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_totp_mfa` +-- + +LOCK TABLES `iam_totp_mfa` WRITE; +/*!40000 ALTER TABLE `iam_totp_mfa` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_totp_mfa` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_totp_recovery_code` +-- + +DROP TABLE IF EXISTS `iam_totp_recovery_code`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_totp_recovery_code` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `code` varchar(255) NOT NULL, + `totp_mfa_id` bigint(20) NOT NULL, + PRIMARY KEY (`ID`), + KEY `FK_iam_totp_recovery_code_totp_mfa_id` (`totp_mfa_id`), + CONSTRAINT `FK_iam_totp_recovery_code_totp_mfa_id` FOREIGN KEY (`totp_mfa_id`) REFERENCES `iam_totp_mfa` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_totp_recovery_code` +-- + +LOCK TABLES `iam_totp_recovery_code` WRITE; +/*!40000 ALTER TABLE `iam_totp_recovery_code` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_totp_recovery_code` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_user_info` +-- + +DROP TABLE IF EXISTS `iam_user_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_user_info` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `BIRTHDATE` varchar(255) DEFAULT NULL, + `EMAIL` varchar(128) NOT NULL, + `EMAILVERIFIED` tinyint(1) DEFAULT 0, + `FAMILYNAME` varchar(64) NOT NULL, + `GENDER` varchar(255) DEFAULT NULL, + `GIVENNAME` varchar(64) NOT NULL, + `LOCALE` varchar(255) DEFAULT NULL, + `MIDDLENAME` varchar(64) DEFAULT NULL, + `NICKNAME` varchar(255) DEFAULT NULL, + `PHONENUMBER` varchar(255) DEFAULT NULL, + `PHONENUMBERVERIFIED` tinyint(1) DEFAULT 0, + `PICTURE` varchar(255) DEFAULT NULL, + `PROFILE` varchar(255) DEFAULT NULL, + `WEBSITE` varchar(255) DEFAULT NULL, + `ZONEINFO` varchar(255) DEFAULT NULL, + `ADDRESS_ID` bigint(20) DEFAULT NULL, + `DTYPE` varchar(31) DEFAULT NULL, + PRIMARY KEY (`ID`), + KEY `iui_em_idx` (`EMAIL`), + KEY `iui_gn_fn_idx` (`GIVENNAME`,`FAMILYNAME`), + KEY `FK_iam_user_info_address_id` (`ADDRESS_ID`), + CONSTRAINT `FK_iam_user_info_address_id` FOREIGN KEY (`ADDRESS_ID`) REFERENCES `iam_address` (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_user_info` +-- + +LOCK TABLES `iam_user_info` WRITE; +/*!40000 ALTER TABLE `iam_user_info` DISABLE KEYS */; +INSERT INTO `iam_user_info` VALUES + (1,NULL,'admin@iam.test',1,'User',NULL,'Admin',NULL,NULL,NULL,NULL,0,NULL,NULL,NULL,NULL,NULL,NULL); +/*!40000 ALTER TABLE `iam_user_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_x509_cert` +-- + +DROP TABLE IF EXISTS `iam_x509_cert`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_x509_cert` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `subject_dn` varchar(256) DEFAULT NULL, + `LABEL` varchar(36) NOT NULL, + `is_primary` tinyint(1) DEFAULT 0, + `ACCOUNT_ID` bigint(20) DEFAULT NULL, + `CERTIFICATE` text DEFAULT NULL, + `issuer_dn` varchar(256) DEFAULT NULL, + `creation_time` datetime NOT NULL, + `last_update_time` datetime NOT NULL, + `proxy_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`ID`), + UNIQUE KEY `subject_dn` (`subject_dn`), + UNIQUE KEY `idx_iam_x509_cert_cerificate` (`CERTIFICATE`(256)), + KEY `FK_iam_x509_cert_ACCOUNT_ID` (`ACCOUNT_ID`), + KEY `FK_iam_x509_cert_proxy_id` (`proxy_id`), + CONSTRAINT `FK_iam_x509_cert_ACCOUNT_ID` FOREIGN KEY (`ACCOUNT_ID`) REFERENCES `iam_account` (`ID`), + CONSTRAINT `FK_iam_x509_cert_proxy_id` FOREIGN KEY (`proxy_id`) REFERENCES `iam_x509_proxy` (`ID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_x509_cert` +-- + +LOCK TABLES `iam_x509_cert` WRITE; +/*!40000 ALTER TABLE `iam_x509_cert` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_x509_cert` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `iam_x509_proxy` +-- + +DROP TABLE IF EXISTS `iam_x509_proxy`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `iam_x509_proxy` ( + `ID` bigint(20) NOT NULL AUTO_INCREMENT, + `CHAIN` longtext NOT NULL, + `exp_time` datetime NOT NULL, + PRIMARY KEY (`ID`), + KEY `IDX_IAM_X509_PXY_EXP_T` (`exp_time`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `iam_x509_proxy` +-- + +LOCK TABLES `iam_x509_proxy` WRITE; +/*!40000 ALTER TABLE `iam_x509_proxy` DISABLE KEYS */; +/*!40000 ALTER TABLE `iam_x509_proxy` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `pairwise_identifier` +-- + +DROP TABLE IF EXISTS `pairwise_identifier`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `pairwise_identifier` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `identifier` varchar(256) DEFAULT NULL, + `sub` varchar(256) DEFAULT NULL, + `sector_identifier` varchar(2048) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `pairwise_identifier` +-- + +LOCK TABLES `pairwise_identifier` WRITE; +/*!40000 ALTER TABLE `pairwise_identifier` DISABLE KEYS */; +/*!40000 ALTER TABLE `pairwise_identifier` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `permission` +-- + +DROP TABLE IF EXISTS `permission`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `permission` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `resource_set_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `permission` +-- + +LOCK TABLES `permission` WRITE; +/*!40000 ALTER TABLE `permission` DISABLE KEYS */; +/*!40000 ALTER TABLE `permission` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `permission_scope` +-- + +DROP TABLE IF EXISTS `permission_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `permission_scope` ( + `owner_id` bigint(20) NOT NULL, + `scope` varchar(256) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `permission_scope` +-- + +LOCK TABLES `permission_scope` WRITE; +/*!40000 ALTER TABLE `permission_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `permission_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `permission_ticket` +-- + +DROP TABLE IF EXISTS `permission_ticket`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `permission_ticket` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `ticket` varchar(256) NOT NULL, + `permission_id` bigint(20) NOT NULL, + `expiration` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `permission_ticket` +-- + +LOCK TABLES `permission_ticket` WRITE; +/*!40000 ALTER TABLE `permission_ticket` DISABLE KEYS */; +/*!40000 ALTER TABLE `permission_ticket` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `policy` +-- + +DROP TABLE IF EXISTS `policy`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `policy` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(1024) DEFAULT NULL, + `resource_set_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `policy` +-- + +LOCK TABLES `policy` WRITE; +/*!40000 ALTER TABLE `policy` DISABLE KEYS */; +/*!40000 ALTER TABLE `policy` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `policy_scope` +-- + +DROP TABLE IF EXISTS `policy_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `policy_scope` ( + `owner_id` bigint(20) NOT NULL, + `scope` varchar(256) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `policy_scope` +-- + +LOCK TABLES `policy_scope` WRITE; +/*!40000 ALTER TABLE `policy_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `policy_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `refresh_token` +-- + +DROP TABLE IF EXISTS `refresh_token`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `refresh_token` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `token_value` varchar(4096) DEFAULT NULL, + `expiration` timestamp NULL DEFAULT NULL, + `auth_holder_id` bigint(20) DEFAULT NULL, + `client_id` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `rf_ahi_idx` (`auth_holder_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `refresh_token` +-- + +LOCK TABLES `refresh_token` WRITE; +/*!40000 ALTER TABLE `refresh_token` DISABLE KEYS */; +/*!40000 ALTER TABLE `refresh_token` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `resource_set` +-- + +DROP TABLE IF EXISTS `resource_set`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `resource_set` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(1024) NOT NULL, + `uri` varchar(1024) DEFAULT NULL, + `icon_uri` varchar(1024) DEFAULT NULL, + `rs_type` varchar(256) DEFAULT NULL, + `owner` varchar(256) NOT NULL, + `client_id` varchar(256) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `resource_set` +-- + +LOCK TABLES `resource_set` WRITE; +/*!40000 ALTER TABLE `resource_set` DISABLE KEYS */; +/*!40000 ALTER TABLE `resource_set` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `resource_set_scope` +-- + +DROP TABLE IF EXISTS `resource_set_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `resource_set_scope` ( + `owner_id` bigint(20) NOT NULL, + `scope` varchar(256) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `resource_set_scope` +-- + +LOCK TABLES `resource_set_scope` WRITE; +/*!40000 ALTER TABLE `resource_set_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `resource_set_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `saved_registered_client` +-- + +DROP TABLE IF EXISTS `saved_registered_client`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `saved_registered_client` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `issuer` varchar(1024) DEFAULT NULL, + `registered_client` varchar(8192) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `saved_registered_client` +-- + +LOCK TABLES `saved_registered_client` WRITE; +/*!40000 ALTER TABLE `saved_registered_client` DISABLE KEYS */; +/*!40000 ALTER TABLE `saved_registered_client` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `saved_user_auth` +-- + +DROP TABLE IF EXISTS `saved_user_auth`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `saved_user_auth` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `name` varchar(1024) DEFAULT NULL, + `authenticated` tinyint(1) DEFAULT NULL, + `source_class` varchar(2048) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `saved_user_auth` +-- + +LOCK TABLES `saved_user_auth` WRITE; +/*!40000 ALTER TABLE `saved_user_auth` DISABLE KEYS */; +/*!40000 ALTER TABLE `saved_user_auth` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `saved_user_auth_authority` +-- + +DROP TABLE IF EXISTS `saved_user_auth_authority`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `saved_user_auth_authority` ( + `owner_id` bigint(20) DEFAULT NULL, + `authority` varchar(256) DEFAULT NULL, + KEY `suaa_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `saved_user_auth_authority` +-- + +LOCK TABLES `saved_user_auth_authority` WRITE; +/*!40000 ALTER TABLE `saved_user_auth_authority` DISABLE KEYS */; +/*!40000 ALTER TABLE `saved_user_auth_authority` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `saved_user_auth_info` +-- + +DROP TABLE IF EXISTS `saved_user_auth_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `saved_user_auth_info` ( + `owner_id` bigint(20) DEFAULT NULL, + `info_key` varchar(256) DEFAULT NULL, + `info_val` varchar(256) DEFAULT NULL, + UNIQUE KEY `owner_id` (`owner_id`,`info_key`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `saved_user_auth_info` +-- + +LOCK TABLES `saved_user_auth_info` WRITE; +/*!40000 ALTER TABLE `saved_user_auth_info` DISABLE KEYS */; +/*!40000 ALTER TABLE `saved_user_auth_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `schema_version` +-- + +DROP TABLE IF EXISTS `schema_version`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `schema_version` ( + `installed_rank` int(11) NOT NULL, + `version` varchar(50) DEFAULT NULL, + `description` varchar(200) NOT NULL, + `type` varchar(20) NOT NULL, + `script` varchar(1000) NOT NULL, + `checksum` int(11) DEFAULT NULL, + `installed_by` varchar(100) NOT NULL, + `installed_on` timestamp NOT NULL DEFAULT current_timestamp(), + `execution_time` int(11) NOT NULL, + `success` tinyint(1) NOT NULL, + PRIMARY KEY (`installed_rank`), + KEY `schema_version_s_idx` (`success`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `schema_version` +-- + +LOCK TABLES `schema_version` WRITE; +/*!40000 ALTER TABLE `schema_version` DISABLE KEYS */; +INSERT INTO `schema_version` VALUES + (1,'1',' init','SQL','V1___init.sql',-673105977,'indigoiam','2023-12-12 08:27:37',1196,1), + (2,'2',' iam tables','SQL','V2___iam_tables.sql',916872168,'indigoiam','2023-12-12 08:27:37',465,1), + (3,'3',' basic configuration','SQL','V3___basic_configuration.sql',1293553913,'indigoiam','2023-12-12 08:27:37',16,1), + (4,'4',' x509 updates','SQL','V4___x509_updates.sql',803590936,'indigoiam','2023-12-12 08:27:37',16,1), + (5,'5',' registration request','SQL','V5___registration_request.sql',844204664,'indigoiam','2023-12-12 08:27:37',65,1), + (6,'6',' remove wrong constraints','SQL','V6___remove_wrong_constraints.sql',2003434964,'indigoiam','2023-12-12 08:27:37',26,1), + (7,'7',' notification tables','SQL','V7___notification_tables.sql',-1136933843,'indigoiam','2023-12-12 08:27:37',126,1), + (8,'8',' mitre update','SQL','V8___mitre_update.sql',608617254,'indigoiam','2023-12-12 08:27:37',13,1), + (9,'9','mitre saved user authn changes','SQL','V9__mitre_saved_user_authn_changes.sql',302744444,'indigoiam','2023-12-12 08:27:37',17,1), + (10,'10','fix internal authz scopes','SQL','V10__fix_internal_authz_scopes.sql',-686432566,'indigoiam','2023-12-12 08:27:37',2,1), + (11,'10.1','Password Update','JDBC','db.migration.mysql.V10_1__Password_Update',NULL,'indigoiam','2023-12-12 08:27:38',224,1), + (12,'10.2',' CheckDuplicateEmails','JDBC','db.migration.mysql.V10_2___CheckDuplicateEmails',NULL,'indigoiam','2023-12-12 08:27:38',1,1), + (13,'11','fix base scim and reg scopes','SQL','V11__fix_base_scim_and_reg_scopes.sql',-2106952067,'indigoiam','2023-12-12 08:27:38',1,1), + (14,'12','iam group nested groups','SQL','V12__iam_group_nested_groups.sql',-2140651111,'indigoiam','2023-12-12 08:27:38',50,1), + (15,'13','add attribute id to saml id table','SQL','V13__add_attribute_id_to_saml_id_table.sql',681840221,'indigoiam','2023-12-12 08:27:38',63,1), + (16,'14',' x509 certs table changes','SQL','V14___x509_certs_table_changes.sql',-310236366,'indigoiam','2023-12-12 08:27:38',162,1), + (17,'15','alter iam group','SQL','V15__alter_iam_group.sql',588116562,'indigoiam','2023-12-12 08:27:38',32,1), + (18,'16','add provisioned column to iam account','SQL','V16__add_provisioned_column_to_iam_account.sql',448586794,'indigoiam','2023-12-12 08:27:38',84,1), + (19,'17','add scope policy tables','SQL','V17__add_scope_policy_tables.sql',460278210,'indigoiam','2023-12-12 08:27:38',239,1), + (20,'18','mitre 1 3 x database changes','SQL','V18__mitre_1_3_x_database_changes.sql',449297336,'indigoiam','2023-12-12 08:27:39',404,1), + (21,'19','aup tables','SQL','V19__aup_tables.sql',567653912,'indigoiam','2023-12-12 08:27:39',229,1), + (22,'20','group membership request','SQL','V20__group_membership_request.sql',-924931434,'indigoiam','2023-12-12 08:27:39',161,1), + (23,'21',' device code default expiration','SQL','V21___device_code_default_expiration.sql',965164897,'indigoiam','2023-12-12 08:27:39',1,1), + (24,'22','add indexes for search queries','SQL','V22__add_indexes_for_search_queries.sql',-748445998,'indigoiam','2023-12-12 08:27:39',197,1), + (25,'23',' CreateGroupManagerAuthorities','JDBC','db.migration.mysql.V23___CreateGroupManagerAuthorities',NULL,'indigoiam','2023-12-12 08:27:39',2,1), + (26,'24',' set timestamp default','SQL','V24___set_timestamp_default.sql',234306337,'indigoiam','2023-12-12 08:27:39',28,1), + (27,'30',' default group support','SQL','V30___default_group_support.sql',-636476445,'indigoiam','2023-12-12 08:27:40',720,1), + (28,'31',' address table fixes','SQL','V31___address_table_fixes.sql',323916075,'indigoiam','2023-12-12 08:27:40',83,1), + (29,'32',' proxy storage','SQL','V32___proxy_storage.sql',851904690,'indigoiam','2023-12-12 08:27:40',139,1), + (30,'33',' proxy api scopes','SQL','V33___proxy_api_scopes.sql',-394160567,'indigoiam','2023-12-12 08:27:40',0,1), + (31,'34',' req request labels','SQL','V34___req_request_labels.sql',-1247430935,'indigoiam','2023-12-12 08:27:41',154,1), + (32,'34.2',' RemoveOrphanTokens','JDBC','db.migration.mysql.V34_2___RemoveOrphanTokens',NULL,'indigoiam','2023-12-12 08:27:41',6,1), + (33,'35',' scope match policies','SQL','V35___scope_match_policies.sql',773238492,'indigoiam','2023-12-12 08:27:41',116,1), + (34,'40',' aup updates','SQL','V40___aup_updates.sql',-1574961084,'indigoiam','2023-12-12 08:27:41',71,1), + (35,'50',' token exchange policy','SQL','V50___token_exchange_policy.sql',708363568,'indigoiam','2023-12-12 08:27:41',87,1), + (36,'51',' fix scope match policies','SQL','V51___fix_scope_match_policies.sql',1742199118,'indigoiam','2023-12-12 08:27:41',2,1), + (37,'52','add eduperson system scopes','SQL','V52__add_eduperson_system_scopes.sql',-669332083,'indigoiam','2023-12-12 08:27:41',1,1), + (38,'53',' add end time to iam acccount','SQL','V53___add_end_time_to_iam_acccount.sql',795128555,'indigoiam','2023-12-12 08:27:41',77,1), + (39,'60',' fix certificate subject length','SQL','V60___fix_certificate_subject_length.sql',437826198,'indigoiam','2023-12-12 08:27:41',148,1), + (40,'61',' add dates for group membership','SQL','V61___add_dates_for_group_membership.sql',-1216009527,'indigoiam','2023-12-12 08:27:41',44,1), + (41,'62',' add dates to ssh keys table','SQL','V62___add_dates_to_ssh_keys_table.sql',345904759,'indigoiam','2023-12-12 08:27:41',39,1), + (42,'70',' totp mfa','SQL','V70___totp_mfa.sql',358166160,'indigoiam','2023-12-12 08:27:41',96,1), + (43,'71',' add pre authenticated authority','SQL','V71___add_pre_authenticated_authority.sql',234328656,'indigoiam','2023-12-12 08:27:41',1,1), + (44,'80',' account clients','SQL','V80___account_clients.sql',-2130998179,'indigoiam','2023-12-12 08:27:42',152,1), + (45,'81','add eduperson assurance scope','SQL','V81__add_eduperson_assurance_scope.sql',1118450873,'indigoiam','2023-12-12 08:27:42',1,1), + (46,'81.2',' RemoveOrphanTokens','JDBC','db.migration.mysql.V81_2___RemoveOrphanTokens',NULL,'indigoiam','2023-12-12 08:27:42',3,1), + (47,'90','fix eduperson entitlement scope','SQL','V90__fix_eduperson_entitlement_scope.sql',-543114581,'indigoiam','2023-12-12 08:27:42',1,1), + (48,'91','update client name','SQL','V91__update_client_name.sql',-113175668,'indigoiam','2023-12-12 08:27:42',1,1), + (49,'92','add iam api scopes','SQL','V92__add_iam_api_scopes.sql',1959900565,'indigoiam','2023-12-12 08:27:42',1,1); +/*!40000 ALTER TABLE `schema_version` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `system_scope` +-- + +DROP TABLE IF EXISTS `system_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `system_scope` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `scope` varchar(256) NOT NULL, + `description` varchar(4096) DEFAULT NULL, + `icon` varchar(256) DEFAULT NULL, + `restricted` tinyint(1) NOT NULL DEFAULT 0, + `default_scope` tinyint(1) NOT NULL DEFAULT 0, + `structured` tinyint(1) NOT NULL DEFAULT 0, + `structured_param_description` varchar(256) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `scope` (`scope`) +) ENGINE=InnoDB AUTO_INCREMENT=25 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `system_scope` +-- + +LOCK TABLES `system_scope` WRITE; +/*!40000 ALTER TABLE `system_scope` DISABLE KEYS */; +INSERT INTO `system_scope` VALUES + (1,'openid','log in using your identity','user',0,1,0,NULL), + (2,'profile','basic profile information','list-alt',0,1,0,NULL), + (3,'email','email address','envelope',0,1,0,NULL), + (4,'address','physical address','home',0,1,0,NULL), + (5,'phone','telephone number','bell',0,1,0,NULL), + (6,'offline_access','offline access','time',0,0,0,NULL), + (7,'scim:read','read access to SCIM user and groups',NULL,1,0,1,'read access to IAM SCIM APIs'), + (8,'scim:write','write access to SCIM user and groups',NULL,1,0,1,'write access to IAM SCIM APIs'), + (9,'registration:read','Grants read access to registration requests',NULL,1,0,1,'read access to IAM registration APIs'), + (10,'registration:write','Grants write access to registration requests',NULL,1,0,1,'write access to IAM registration APIs'), + (11,'scim','Authorizes access to IAM SCIM APIs',NULL,1,0,1,NULL), + (12,'registration','Authorizes access to IAM registration APIs',NULL,1,0,1,NULL), + (13,'proxy:generate','Authorizes access to IAM Proxy APIs',NULL,1,0,1,NULL), + (16,'eduperson_scoped_affiliation','Access to EduPerson scoped affiliation information',NULL,0,0,0,NULL), + (17,'eduperson_entitlement','Access to EduPerson entitlements information',NULL,0,0,0,NULL), + (18,'ssh-keys','Authorizes access to SSH keys linked to IAM accounts via the IAM userinfo endpoint',NULL,1,0,1,NULL), + (19,'eduperson_assurance','Access to EduPerson assurance information',NULL,0,0,0,NULL), + (20,'entitlements','Access to entitlements information',NULL,0,0,0,NULL), + (21,'iam:admin.read','Read access to IAM APIs',NULL,1,0,0,NULL), + (22,'iam:admin.write','Write access to IAM APIs',NULL,1,0,0,NULL), + (23,'storage.read:/','Read access to storage','',0,0,0,NULL), + (24,'storage.modify:/','Write access to storage','',0,0,0,NULL); +/*!40000 ALTER TABLE `system_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `token_scope` +-- + +DROP TABLE IF EXISTS `token_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `token_scope` ( + `owner_id` bigint(20) DEFAULT NULL, + `scope` varchar(2048) DEFAULT NULL, + KEY `ts_oi_idx` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `token_scope` +-- + +LOCK TABLES `token_scope` WRITE; +/*!40000 ALTER TABLE `token_scope` DISABLE KEYS */; +INSERT INTO `token_scope` VALUES + (1,'storage.read:/rucio'), + (1,'storage.modify:/rucio'); +/*!40000 ALTER TABLE `token_scope` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `user_info` +-- + +DROP TABLE IF EXISTS `user_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `user_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `sub` varchar(256) DEFAULT NULL, + `preferred_username` varchar(256) DEFAULT NULL, + `name` varchar(256) DEFAULT NULL, + `given_name` varchar(256) DEFAULT NULL, + `family_name` varchar(256) DEFAULT NULL, + `middle_name` varchar(256) DEFAULT NULL, + `nickname` varchar(256) DEFAULT NULL, + `profile` varchar(256) DEFAULT NULL, + `picture` varchar(256) DEFAULT NULL, + `website` varchar(256) DEFAULT NULL, + `email` varchar(256) DEFAULT NULL, + `email_verified` tinyint(1) DEFAULT NULL, + `gender` varchar(256) DEFAULT NULL, + `zone_info` varchar(256) DEFAULT NULL, + `locale` varchar(256) DEFAULT NULL, + `phone_number` varchar(256) DEFAULT NULL, + `phone_number_verified` tinyint(1) DEFAULT NULL, + `address_id` varchar(256) DEFAULT NULL, + `updated_time` varchar(256) DEFAULT NULL, + `birthdate` varchar(256) DEFAULT NULL, + `src` varchar(4096) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `user_info` +-- + +LOCK TABLES `user_info` WRITE; +/*!40000 ALTER TABLE `user_info` DISABLE KEYS */; +/*!40000 ALTER TABLE `user_info` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `whitelisted_site` +-- + +DROP TABLE IF EXISTS `whitelisted_site`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `whitelisted_site` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `creator_user_id` varchar(256) DEFAULT NULL, + `client_id` varchar(256) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `whitelisted_site` +-- + +LOCK TABLES `whitelisted_site` WRITE; +/*!40000 ALTER TABLE `whitelisted_site` DISABLE KEYS */; +/*!40000 ALTER TABLE `whitelisted_site` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `whitelisted_site_scope` +-- + +DROP TABLE IF EXISTS `whitelisted_site_scope`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `whitelisted_site_scope` ( + `owner_id` bigint(20) DEFAULT NULL, + `scope` varchar(256) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `whitelisted_site_scope` +-- + +LOCK TABLES `whitelisted_site_scope` WRITE; +/*!40000 ALTER TABLE `whitelisted_site_scope` DISABLE KEYS */; +/*!40000 ALTER TABLE `whitelisted_site_scope` ENABLE KEYS */; +UNLOCK TABLES; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2023-12-13 10:09:32 diff --git a/etc/docker/dev/rucio_entrypoint.sh b/etc/docker/dev/rucio/entrypoint.sh similarity index 90% rename from etc/docker/dev/rucio_entrypoint.sh rename to etc/docker/dev/rucio/entrypoint.sh index 49af398ac2d..d0bb42c2362 100755 --- a/etc/docker/dev/rucio_entrypoint.sh +++ b/etc/docker/dev/rucio/entrypoint.sh @@ -30,6 +30,14 @@ generate_rucio_cfg(){ -d "$destination" } +if [ -f /tmp/usercert.pem ]; then + cp /tmp/usercert.pem "$RUCIO_HOME/etc/" +fi +if [ -f /tmp/userkey.pem ]; then + cp /tmp/userkey.pem "$RUCIO_HOME/etc/" + chmod og-rwx "$RUCIO_HOME/etc/userkey.pem" +fi + echo "Generating alembic.ini and rucio.cfg" if [ -z "$RDBMS" ]; then diff --git a/etc/docker/dev/rucio/idpsecrets.json b/etc/docker/dev/rucio/idpsecrets.json new file mode 100644 index 00000000000..d9741bc29fe --- /dev/null +++ b/etc/docker/dev/rucio/idpsecrets.json @@ -0,0 +1,7 @@ +{ + "indigoiam": { + "client_id": "85e6f7a5-580b-4a1c-a6d2-39055143063d", + "client_secret": "AIYIneAVGs9PTVvQnxNGqDmh3rNTsyFOrrwRIqy1Zc6ngPN9hQe6I2VzDzN2uGLCPsvQI8nhYxf_V09NHk-yv7o", + "issuer": "https://indigoiam/" + } +} diff --git a/etc/docker/dev/xrd4/Authfile b/etc/docker/dev/xrd4/Authfile new file mode 100755 index 00000000000..87df8ab46ed --- /dev/null +++ b/etc/docker/dev/xrd4/Authfile @@ -0,0 +1,18 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Copyright European Organization for Nuclear Research (CERN) since 2012 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# https://xrootd.slac.stanford.edu/doc/dev56/sec_config.htm#_Toc119617472 +u * /rucio a diff --git a/etc/docker/dev/xrd4/entrypoint.sh b/etc/docker/dev/xrd4/entrypoint.sh new file mode 100755 index 00000000000..a02c9fd3499 --- /dev/null +++ b/etc/docker/dev/xrd4/entrypoint.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Copyright European Organization for Nuclear Research (CERN) since 2012 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +echo 'Fixing ownership and permissions' +cp /tmp/xrdcert.pem /etc/grid-security/xrd/xrdcert.pem +cp /tmp/xrdkey.pem /etc/grid-security/xrd/xrdkey.pem +chown -R xrootd:xrootd /etc/grid-security/xrd +chmod 0400 /etc/grid-security/xrd/xrdkey.pem + +xrootd -R xrootd -n rucio -c /etc/xrootd/xrdrucio.cfg + +exec "$@" diff --git a/etc/docker/dev/xrd4/scitokens.cfg b/etc/docker/dev/xrd4/scitokens.cfg new file mode 100755 index 00000000000..7ac4cd6c740 --- /dev/null +++ b/etc/docker/dev/xrd4/scitokens.cfg @@ -0,0 +1,24 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Copyright European Organization for Nuclear Research (CERN) since 2012 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[Global] +audience = xrd4 +onmissing = passthrough + +[Issuer IndigoIAM] +issuer = https://indigoiam/ +base_path = /rucio + diff --git a/etc/docker/dev/xrd4/xrootd.cfg b/etc/docker/dev/xrd4/xrootd.cfg new file mode 100755 index 00000000000..190806af37e --- /dev/null +++ b/etc/docker/dev/xrd4/xrootd.cfg @@ -0,0 +1,31 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Copyright European Organization for Nuclear Research (CERN) since 2012 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +all.export /rucio +xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem detail +xrd.tlsca certfile /etc/grid-security/certificates/5fca1cb1.0 certdir /etc/grid-security/certificates/ proxies +xrootd.tls all + +acc.authdb /etc/xrootd/Authfile +xrootd.seclib /usr/lib64/libXrdSec.so +ofs.authorize +ofs.authlib ++ libXrdAccSciTokens.so config=/etc/xrootd/scitokens.cfg +sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds +sec.protocol /usr/lib64 ztn -expiry required -maxsz 20k +xrootd.chksum adler32 /usr/local/bin/xrdadler32.sh +ofs.tpc autorm fcreds gsi =X509_USER_PROXY pgm /usr/bin/xrdcp --server + +xrd.port 1097 \ No newline at end of file diff --git a/etc/docker/test/extra/rucio_default.cfg b/etc/docker/test/extra/rucio_default.cfg index 265695d1a98..010fe19f19e 100644 --- a/etc/docker/test/extra/rucio_default.cfg +++ b/etc/docker/test/extra/rucio_default.cfg @@ -3,6 +3,10 @@ logdir = /var/log/rucio loglevel = DEBUG mailtemplatedir=/opt/rucio/etc/mail_templates +[oidc] +idpsecrets = /opt/rucio/etc/idpsecrets.json +admin_issuer = indigoiam + [client] rucio_host = https://rucio:443 auth_host = https://rucio:443 diff --git a/lib/rucio/rse/protocols/xrootd.py b/lib/rucio/rse/protocols/xrootd.py index 00df07333a5..e88f3aac16c 100644 --- a/lib/rucio/rse/protocols/xrootd.py +++ b/lib/rucio/rse/protocols/xrootd.py @@ -24,6 +24,13 @@ class Default(protocol.RSEProtocol): """ Implementing access to RSEs using the XRootD protocol using GSI authentication.""" + @property + def _auth_env(self): + if self.auth_token: + return f"XrdSecPROTOCOL=ztn BEARER_TOKEN='{self.auth_token}'" + else: + return 'XrdSecPROTOCOL=gsi' + def __init__(self, protocol_attr, rse_settings, logger=logging.log): """ Initializes the object with information about the referred RSE. @@ -66,7 +73,7 @@ def exists(self, pfn): self.logger(logging.DEBUG, 'xrootd.exists: pfn: {}'.format(pfn)) try: path = self.pfn2path(pfn) - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s stat %s' % (self.hostname, self.port, path) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} stat {path}' self.logger(logging.DEBUG, 'xrootd.exists: cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status != 0: @@ -86,7 +93,7 @@ def stat(self, path): :returns: a dict with two keys, filesize and an element of GLOBALLY_SUPPORTED_CHECKSUMS. """ - self.logger(logging.DEBUG, 'xrootd.stat: path: {}'.format(path)) + self.logger(logging.DEBUG, f'xrootd.stat: path: {path}') ret = {} chsum = None if path.startswith('root:'): @@ -94,7 +101,7 @@ def stat(self, path): try: # xrdfs stat for getting filesize - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s stat %s' % (self.hostname, self.port, path) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} stat {path}' self.logger(logging.DEBUG, 'xrootd.stat: filesize cmd: {}'.format(cmd)) status_stat, out, err = execute(cmd) if status_stat == 0: @@ -106,7 +113,7 @@ def stat(self, path): break # xrdfs query checksum for getting checksum - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s query checksum %s' % (self.hostname, self.port, path) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} query checksum {path}' self.logger(logging.DEBUG, 'xrootd.stat: checksum cmd: {}'.format(cmd)) status_query, out, err = execute(cmd) if status_query == 0: @@ -183,7 +190,7 @@ def connect(self): try: # The query stats call is not implemented on some xroot doors. # Workaround: fail, if server does not reply within 10 seconds for static config query - cmd = 'XrdSecPROTOCOL=gsi XRD_REQUESTTIMEOUT=10 xrdfs %s:%s query config %s:%s' % (self.hostname, self.port, self.hostname, self.port) + cmd = f'{self._auth_env} XRD_REQUESTTIMEOUT=10 xrdfs {self.hostname}:{self.port} query config {self.hostname}:{self.port}' self.logger(logging.DEBUG, 'xrootd.connect: cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status != 0: @@ -206,7 +213,7 @@ def get(self, pfn, dest, transfer_timeout=None): """ self.logger(logging.DEBUG, 'xrootd.get: pfn: {}'.format(pfn)) try: - cmd = 'XrdSecPROTOCOL=gsi xrdcp -f %s %s' % (pfn, dest) + cmd = f'{self._auth_env} xrdcp -f {pfn} {dest}' self.logger(logging.DEBUG, 'xrootd.get: cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status == 54: @@ -237,7 +244,7 @@ def put(self, filename, target, source_dir, transfer_timeout=None): if not os.path.exists(source_url): raise exception.SourceNotFound() try: - cmd = 'XrdSecPROTOCOL=gsi xrdcp -f %s %s' % (source_url, path) + cmd = f'{self._auth_env} xrdcp -f {source_url} {path}' self.logger(logging.DEBUG, 'xrootd.put: cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status != 0: @@ -259,7 +266,7 @@ def delete(self, pfn): raise exception.SourceNotFound() try: path = self.pfn2path(pfn) - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s rm %s' % (self.hostname, self.port, path) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} rm {path}' self.logger(logging.DEBUG, 'xrootd.delete: cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status != 0: @@ -283,10 +290,10 @@ def rename(self, pfn, new_pfn): path = self.pfn2path(pfn) new_path = self.pfn2path(new_pfn) new_dir = new_path[:new_path.rindex('/') + 1] - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s mkdir -p %s' % (self.hostname, self.port, new_dir) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} mkdir -p {new_dir}' self.logger(logging.DEBUG, 'xrootd.stat: mkdir cmd: {}'.format(cmd)) status, out, err = execute(cmd) - cmd = 'XrdSecPROTOCOL=gsi xrdfs %s:%s mv %s %s' % (self.hostname, self.port, path, new_path) + cmd = f'{self._auth_env} xrdfs {self.hostname}:{self.port} mv {path} {new_path}' self.logger(logging.DEBUG, 'xrootd.stat: rename cmd: {}'.format(cmd)) status, out, err = execute(cmd) if status != 0: diff --git a/tests/test_reaper.py b/tests/test_reaper.py index 46e282435b2..fd9e0219eb4 100644 --- a/tests/test_reaper.py +++ b/tests/test_reaper.py @@ -36,7 +36,8 @@ from rucio.daemons.reaper.reaper import run as run_reaper from rucio.db.sqla.models import ConstituentAssociationHistory from rucio.db.sqla.session import read_session -from rucio.tests.common import rse_name_generator +from rucio.tests.common import rse_name_generator, skip_rse_tests_with_accounts +from tests.ruciopytest import NoParallelGroups __mock_protocol = {'scheme': 'MOCK', 'hostname': 'localhost', @@ -481,3 +482,18 @@ def test_reaper_without_rse_usage(vo, caches_mock): cache_region.invalidate() reaper(once=True, rses=[], include_rses=rse_name, exclude_rses=None, chunk_size=1000, scheme='MOCK') assert len(list(replica_core.list_replicas(dids, rse_expression=rse_name))) == nb_files - nb_epoch_tombstone + + +@skip_rse_tests_with_accounts +@pytest.mark.dirty(reason="leaves files in XRD containers") +@pytest.mark.noparallel(groups=[NoParallelGroups.XRD]) +@pytest.mark.parametrize("caches_mock", [{"caches_to_mock": [ + 'rucio.daemons.reaper.reaper.REGION' +]}], indirect=True) +def test_deletion_with_tokens(vo, did_factory, root_account, caches_mock): + rse_name = 'XRD4' + did = did_factory.upload_test_file(rse_name) + for rule in list(rule_core.list_associated_rules_for_file(**did)): + rule_core.delete_rule(rule['id']) + + reaper(once=True, rses=[], include_rses=rse_name, exclude_rses=None, chunk_size=1000, greedy=True) diff --git a/tools/docker_activate_rses.sh b/tools/docker_activate_rses.sh index 324fc4f4da9..3b7edd0ac23 100755 --- a/tools/docker_activate_rses.sh +++ b/tools/docker_activate_rses.sh @@ -56,6 +56,7 @@ rucio-admin rse set-attribute --rse XRD2 --key test_container_xrd --value True rucio-admin rse set-attribute --rse XRD3 --key test_container_xrd --value True rucio-admin rse set-attribute --rse XRD4 --key test_container_xrd --value True rucio-admin rse set-attribute --rse SSH1 --key test_container_ssh --value True +rucio-admin rse set-attribute --rse XRD4 --key oidc_support --value True # Workaround, xrootd.py#connect returns with Auth Failed due to execution of the command in subprocess XrdSecPROTOCOL=gsi XRD_REQUESTTIMEOUT=10 XrdSecGSISRVNAMES=xrd1 xrdfs xrd1:1094 query config xrd1:1094 diff --git a/tools/run_tests.sh b/tools/run_tests.sh index d578052a606..d84026e1470 100755 --- a/tools/run_tests.sh +++ b/tools/run_tests.sh @@ -63,8 +63,10 @@ fi echo 'Clearing memcache' echo flush_all > /dev/tcp/127.0.0.1/11211 -echo 'Update dependencies with pip' -pip install --upgrade -r requirements.txt +if [ -f 'requirements.txt' ]; then + echo 'Update dependencies with pip' + pip install --upgrade -r requirements.txt +fi if test ${pip_only}; then exit @@ -116,8 +118,10 @@ if test ${keep_db}; then else echo 'Resetting database tables' - echo 'Removing old SQLite databases' - rm -f /tmp/rucio.db + if [ -f /tmp/rucio.db ]; then + echo 'Removing old SQLite databases' + rm -f /tmp/rucio.db + fi tools/reset_database.py