From d86b6f07e43ba4d998e1c4b1e3e4e47100bc4e57 Mon Sep 17 00:00:00 2001 From: Swordsteel Date: Sun, 27 Jul 2025 13:55:45 +0200 Subject: [PATCH] update cql files --- cql/00-setup_device_configuration.cql | 67 +++++++++++++++++++++++++-- cql/01-nodes.cql | 4 +- 2 files changed, 65 insertions(+), 6 deletions(-) diff --git a/cql/00-setup_device_configuration.cql b/cql/00-setup_device_configuration.cql index e1e52b6..46823f3 100644 --- a/cql/00-setup_device_configuration.cql +++ b/cql/00-setup_device_configuration.cql @@ -1,6 +1,63 @@ --- Create a keyspace -CREATE KEYSPACE IF NOT EXISTS device_configuration - WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1}; +-- Role: role_administrator +-- DROP ROLE role_administrator; +CREATE ROLE role_administrator WITH LOGIN = false AND SUPERUSER = false; --- Use the keyspace -USE device_configuration; + +-- Role: role_service +-- DROP ROLE role_service; +CREATE ROLE role_service WITH LOGIN = false AND SUPERUSER = false; + + +-- Role: role_maintainer +-- DROP ROLE role_maintainer; +CREATE ROLE role_maintainer WITH LOGIN = false AND SUPERUSER = false; + + +-- Role: role_support +-- DROP ROLE role_support; +CREATE ROLE role_support WITH LOGIN = false AND SUPERUSER = false; + + +-- Owner administrator +-- DROP ROLE administrator; +CREATE ROLE administrator WITH PASSWORD = 'password' AND LOGIN = true; +GRANT role_administrator TO administrator; + + +-- Owner service +-- DROP ROLE service; +CREATE ROLE service WITH PASSWORD = 'password' AND LOGIN = true; +GRANT role_service TO service; + + +-- Owner maintainer +-- DROP ROLE maintainer; +CREATE ROLE maintainer WITH PASSWORD = 'password' AND LOGIN = true; +GRANT role_maintainer TO maintainer; + + +-- Owner support +-- DROP ROLE support; +CREATE ROLE support WITH PASSWORD = 'password' AND LOGIN = true; +GRANT role_support TO support; + + +-- Keyspace +-- DROP KEYSPACE device_configuration; +CREATE KEYSPACE device_configuration + WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1} + AND durable_writes = true; + + +-- Revoke all permissions from existing roles +-- REVOKE ALL PERMISSIONS ON KEYSPACE device_configuration FROM role_administrator; +-- REVOKE ALL PERMISSIONS ON KEYSPACE device_configuration FROM role_service; +-- REVOKE ALL PERMISSIONS ON KEYSPACE device_configuration FROM role_maintainer; +-- REVOKE ALL PERMISSIONS ON KEYSPACE device_configuration FROM role_support; + + +-- Grant permissions +GRANT ALL PERMISSIONS ON KEYSPACE device_configuration TO role_administrator; +GRANT SELECT, MODIFY ON KEYSPACE device_configuration TO role_service; +GRANT SELECT, MODIFY ON KEYSPACE device_configuration TO role_maintainer; +GRANT SELECT ON KEYSPACE device_configuration TO role_support; diff --git a/cql/01-nodes.cql b/cql/01-nodes.cql index 5eb7fed..ca2b6be 100644 --- a/cql/01-nodes.cql +++ b/cql/01-nodes.cql @@ -1,4 +1,6 @@ --- Create a table +-- Table: nodes +-- DROP TABLE IF EXISTS device_configuration.nodes; + CREATE TABLE IF NOT EXISTS device_configuration.nodes ( id UUID PRIMARY KEY,