summaryrefslogtreecommitdiffstats
path: root/schema/pgsql.schema.sql
diff options
context:
space:
mode:
Diffstat (limited to 'schema/pgsql.schema.sql')
-rw-r--r--schema/pgsql.schema.sql162
1 files changed, 162 insertions, 0 deletions
diff --git a/schema/pgsql.schema.sql b/schema/pgsql.schema.sql
new file mode 100644
index 0000000..1d93ef3
--- /dev/null
+++ b/schema/pgsql.schema.sql
@@ -0,0 +1,162 @@
+CREATE DOMAIN uint2 AS int4
+ CHECK(VALUE >= 0 AND VALUE < 65536);
+CREATE DOMAIN biguint AS bigint CONSTRAINT positive CHECK ( VALUE IS NULL OR 0 <= VALUE );
+CREATE TYPE boolenum AS ENUM ('n', 'y');
+CREATE TYPE certificate_version AS ENUM('1','2','3');
+CREATE TYPE dn_type AS ENUM('issuer','subject');
+CREATE TYPE pubkey_algo AS ENUM('unknown','RSA','DSA','DH','EC');
+
+-- Used when sorting certificates by expiration date.
+CREATE OR REPLACE FUNCTION UNIX_TIMESTAMP(datetime timestamptz DEFAULT NOW())
+ RETURNS biguint
+ LANGUAGE plpgsql
+ PARALLEL SAFE
+ AS $$
+BEGIN
+ RETURN EXTRACT(EPOCH FROM datetime);
+END;
+$$;
+
+-- IPL ORM renders SQL queries with LIKE operators for all suggestions in the search bar,
+-- which fails for numeric and enum types on PostgreSQL. Just like in Icinga DB Web.
+CREATE OR REPLACE FUNCTION anynonarrayliketext(anynonarray, text)
+ RETURNS bool
+ LANGUAGE plpgsql
+ IMMUTABLE
+ PARALLEL SAFE
+ AS $$
+BEGIN
+ RETURN $1::TEXT LIKE $2;
+END;
+$$;
+CREATE OPERATOR ~~ (LEFTARG=anynonarray, RIGHTARG=text, PROCEDURE=anynonarrayliketext);
+
+CREATE TABLE x509_certificate (
+ id serial PRIMARY KEY,
+ subject varchar(255) NOT NULL,
+ subject_hash bytea NOT NULL,
+ issuer varchar(255) NOT NULL,
+ issuer_hash bytea NOT NULL,
+ issuer_certificate_id int DEFAULT NULL,
+ version certificate_version NOT NULL,
+ self_signed boolenum NOT NULL DEFAULT 'n',
+ ca boolenum NOT NULL,
+ trusted boolenum NOT NULL DEFAULT 'n',
+ pubkey_algo pubkey_algo NOT NULL,
+ pubkey_bits uint2 NOT NULL,
+ signature_algo varchar(255) NOT NULL,
+ signature_hash_algo varchar(255) NOT NULL,
+ valid_from biguint NOT NULL,
+ valid_to biguint NOT NULL,
+ fingerprint bytea NOT NULL,
+ serial bytea NOT NULL,
+ certificate bytea NOT NULL,
+ ctime biguint NOT NULL,
+ mtime biguint DEFAULT NULL,
+ CONSTRAINT x509_idx_certificate_fingerprint UNIQUE(fingerprint),
+ CONSTRAINT x509_fk_certificate_issuer_certificate_id FOREIGN KEY (issuer_certificate_id) REFERENCES x509_certificate (id) ON DELETE SET NULL ON UPDATE CASCADE
+);
+
+CREATE TABLE x509_certificate_chain (
+ id serial PRIMARY KEY,
+ target_id int NOT NULL,
+ length uint2 NOT NULL,
+ valid boolenum NOT NULL DEFAULT 'n',
+ invalid_reason varchar(255) NULL DEFAULT NULL,
+ ctime biguint NOT NULL
+);
+
+CREATE TABLE x509_certificate_chain_link (
+ certificate_chain_id int NOT NULL,
+ certificate_id int NOT NULL,
+ "order" uint2 NOT NULL,
+ ctime biguint NOT NULL,
+ PRIMARY KEY(certificate_chain_id,certificate_id,"order"),
+ CONSTRAINT x509_fk_certificate_chain_link_certificate_chain_id FOREIGN KEY (certificate_chain_id) REFERENCES x509_certificate_chain (id) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT x509_fk_certificate_chain_link_certificate_id FOREIGN KEY (certificate_id) REFERENCES x509_certificate (id) ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE TABLE x509_certificate_subject_alt_name (
+ certificate_id int NOT NULL,
+ hash bytea NOT NULL,
+ type varchar(255) NOT NULL,
+ value varchar(255) NOT NULL,
+ ctime biguint NOT NULL,
+ PRIMARY KEY (certificate_id,hash),
+ CONSTRAINT x509_fk_certificate_subject_alt_name_certificate_id FOREIGN KEY (certificate_id) REFERENCES x509_certificate (id) ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE TABLE x509_dn (
+ hash bytea NOT NULL,
+ type dn_type NOT NULL,
+ "order" uint2 NOT NULL,
+ key varchar(255) NOT NULL,
+ value varchar(255) NOT NULL,
+ ctime biguint NOT NULL,
+ PRIMARY KEY (hash,type,"order")
+);
+
+CREATE TABLE x509_target (
+ id serial PRIMARY KEY,
+ ip bytea NOT NULL,
+ port uint2 NOT NULL,
+ hostname varchar(255) NULL DEFAULT NULL,
+ latest_certificate_chain_id int NULL DEFAULT NULL,
+ last_scan biguint NOT NULL,
+ ctime biguint NOT NULL,
+ mtime biguint DEFAULT NULL
+);
+
+CREATE INDEX x509_idx_target ON x509_target (ip,port,hostname);
+
+CREATE TABLE x509_job (
+ id serial PRIMARY KEY,
+ name varchar(255) NOT NULL,
+ author varchar(255) NOT NULL,
+ cidrs text NOT NULL,
+ ports text NOT NULL,
+ exclude_targets text DEFAULT NULL,
+ ctime bigint NOT NULL,
+ mtime bigint NOT NULL,
+
+ UNIQUE (name)
+);
+
+CREATE TABLE x509_schedule (
+ id serial PRIMARY KEY,
+ job_id int NOT NULL,
+ name varchar(255) NOT NULL,
+ author varchar(255) NOT NULL,
+ config text NOT NULL, -- json
+ ctime bigint NOT NULL,
+ mtime bigint NOT NULL,
+
+ CONSTRAINT fk_x509_schedule_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE
+);
+
+CREATE TABLE x509_job_run (
+ id serial PRIMARY KEY,
+ job_id int NOT NULL,
+ schedule_id int DEFAULT NULL,
+ total_targets int NOT NULL,
+ finished_targets int NOT NULL,
+ start_time biguint NULL DEFAULT NULL,
+ end_time biguint NULL DEFAULT NULL,
+
+ CONSTRAINT fk_x509_job_run_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE,
+ CONSTRAINT fk_x509_job_run_schedule FOREIGN KEY (schedule_id) REFERENCES x509_schedule (id) ON DELETE CASCADE
+);
+
+CREATE TABLE x509_schema (
+ id serial,
+ version varchar(64) NOT NULL,
+ timestamp bigint NOT NULL,
+ success boolenum DEFAULT NULL,
+ reason text DEFAULT NULL,
+
+ CONSTRAINT pk_x509_schema PRIMARY KEY (id),
+ CONSTRAINT idx_x509_schema_version UNIQUE (version)
+);
+
+INSERT INTO x509_schema (version, timestamp, success)
+ VALUES ('1.3.0', UNIX_TIMESTAMP() * 1000, 'y');