opentdf · jrschumacher · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024
diff --git a/migrations/20240118000000_create_new_tables.sql b/migrations/20240118000000_create_new_tables.sql
@@ -0,0 +1,89 @@
+-- +goose Up
+-- +goose StatementBegin
+CREATE SCHEMA IF NOT EXISTS opentdf;
+
+CREATE TYPE attribute_definition_rule AS ENUM ('UNSPECIFIED', 'ALL_OF', 'ANY_OF', 'HIERARCHY');
+CREATE TYPE subject_mappings_operator AS ENUM ('UNSPECIFIED', 'IN', 'NOT_IN');
+
+CREATE TABLE IF NOT EXISTS opentdf.namespaces
+(
+    id UUID PRIMARY KEY,
+    name VARCHAR NOT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.attribute_definitions
+(
+    id UUID PRIMARY KEY,
+    namespace_id UUID NOT NULL REFERENCES opentdf.namespaces(id),
+    name VARCHAR NOT NULL,
+    rule attribute_definition_rule NOT NULL,
+    metadata JSONB,
+    UNIQUE (namespace_id, name)
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.attribute_values
+(
+    id UUID PRIMARY KEY,
+    attribute_definition_id UUID NOT NULL REFERENCES opentdf.attribute_definitions(id),
+    value VARCHAR NOT NULL,
+    members UUID[] NOT NULL,
+    metadata JSONB,
+    UNIQUE (attribute_definition_id, value)
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.key_access_servers
+(
+    id UUID PRIMARY KEY,
+    key_access_server VARCHAR NOT NULL UNIQUE,
+    public_key VARCHAR NOT NULL,
+    metadata JSONB
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.attribute_definition_key_access_grants
+(
+    attribute_definition_id UUID NOT NULL REFERENCES opentdf.attribute_definitions(id),
+    key_access_server_id UUID NOT NULL REFERENCES opentdf.key_access_servers(id),
+    PRIMARY KEY (attribute_definition_id, key_access_server_id)
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.attribute_value_key_access_grants
+(
+    attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id),
+    key_access_server_id UUID NOT NULL REFERENCES opentdf.key_access_servers(id),
+    PRIMARY KEY (attribute_value_id, key_access_server_id)
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.resource_mappings
+(
+    id UUID PRIMARY KEY,
+    attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id),
+    name VARCHAR NOT NULL,
+    terms VARCHAR[],
+    metadata JSONB
+);
+
+CREATE TABLE IF NOT EXISTS opentdf.subject_mappings
+(
+    id UUID PRIMARY KEY,
+    attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id),
+    operator subject_mappings_operator NOT NULL,
+    subject_attribute VARCHAR NOT NULL,
+    subject_attribute_values VARCHAR[],
+    metadata JSONB
+);
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE IF EXISTS opentdf.key_access_servers;
+DROP TABLE IF EXISTS opentdf.subject_mappings;
+DROP TABLE IF EXISTS opentdf.resource_mappings;
+DROP TABLE IF EXISTS opentdf.attribute_value_key_access_grants;
+DROP TABLE IF EXISTS opentdf.attribute_definition_key_access_grants;
+DROP TABLE IF EXISTS opentdf.attribute_values;
+DROP TABLE IF EXISTS opentdf.attribute_definitions;
+DROP TABLE IF EXISTS opentdf.namespaces;
+
+DELETE TYPE attribute_definition_rule;
+DELETE TYPE subject_mappings_operator;
+-- +goose StatementEnd
diff --git a/migrations/20240118000000_diagram.md b/migrations/20240118000000_diagram.md
@@ -0,0 +1,89 @@
+# Diagram for 20240118000000_create_new_tables.sql
+
+```mermaid
+---
+title: Database Schema Mermaid Diagram 
+nodes: |
+  Metadata is a jsonb type which will hold a common structure
+
+  To note OCI data we can utilize labels (i.e. map[string]string)
+    "labels": {
+      "oci:version": "1.0.0"
+      "oci:...": "..."
+    }
+
+---
+
+erDiagram
+
+    Namespace ||--|{ AttributeDefinition : has
+    AttributeDefinition ||--|{ AttributeValue : has
+    AttributeDefinition ||--o{ AttributeDefinitionKeyAccessGrant : has
+
+    AttributeValue ||--o{ AttributeValueKeyAccessGrant: has
+    AttributeValue ||--o{ AttributeValue: "has group members"
+
+    AttributeDefinitionKeyAccessGrant ||--|{ KeyAccessServer: has
+    AttributeValueKeyAccessGrant ||--|{ KeyAccessServer: has
+
+    ResourceMapping }o--o{ AttributeValue: relates
+
+    SubjectMapping }o--o{ AttributeValue: relates
+
+    Namespace {
+        uuid        id   PK
+        varchar     name UK
+    }
+
+    AttributeDefinition {
+        uuid         id           PK
+        uuid         namespace_id FK
+        varchar      name
+        enum         rule
+        jsonb        metadata
+        compIdx      comp_key     UK "ns_id + name"
+    }
+
+    AttributeDefinitionKeyAccessGrant {
+        uuid  attribute_definition_id FK
+        uuid  key_access_server_id    FK
+    }
+
+    AttributeValue {
+        uuid         namespace_id            FK
+        uuid         attribute_definition_id FK
+        varchar      value
+        uuid[]       members                 FK "Optional grouping of values"
+        jsonb        metadata
+        compIdx      comp_key                UK "ns_id + ad_id + value"
+    }
+
+    AttributeValueKeyAccessGrant {
+        uuid  attribute_value_id FK
+        uuid  key_access_server_id FK
+    }
+
+    ResourceMapping {
+        uuid         id                 PK
+        uuid         attribute_value_id FK
+        varchar      name
+        varchar[]    terms
+        jsonb        metadata
+    }
+
+    SubjectMapping {
+        uuid           id                          PK
+        uuid           attribute_value_id
+        enum           operator
+        varchar        subject_attribute
+        varchar[]      subject_attribute_values
+        jsonb          metadata
+    }
+
+    KeyAccessServer {
+        uuid       id                PK
+        varchar    key_access_server UK
+        varchar    public_key
+        jsonb      metadata
+    }
+```