├── azure-simple ├── terraform │ ├── keys │ │ └── .gitkeep │ ├── cloudinit │ │ └── compute-template.yaml.tpl │ ├── README.md │ ├── terraform.tfvars │ ├── output.tf │ ├── scripts │ │ └── database-template.sh.tpl │ ├── datasources.tf │ ├── variables.tf │ └── main.tf └── packer │ ├── ansible-is │ ├── files │ │ ├── .gitkeep │ │ ├── lib │ │ │ └── .gitkeep │ │ ├── packs │ │ │ └── .gitkeep │ │ └── system │ │ │ └── etc │ │ │ ├── security │ │ │ └── limits.conf │ │ │ └── sysctl.conf │ ├── scripts │ │ ├── update_logs │ │ │ └── .gitkeep │ │ ├── update_README.md │ │ └── update.sh │ ├── dev │ │ ├── inventory │ │ ├── host_vars │ │ │ └── is_1.yml │ │ └── group_vars │ │ │ └── is.yml │ ├── docs │ │ ├── images │ │ │ └── Deployment-pattern-1-diagram.png │ │ └── Pattern1.md │ ├── roles │ │ ├── is │ │ │ ├── templates │ │ │ │ ├── wso2is.service.j2 │ │ │ │ └── carbon-home │ │ │ │ │ ├── repository │ │ │ │ │ └── conf │ │ │ │ │ │ └── deployment.toml.j2 │ │ │ │ │ └── bin │ │ │ │ │ └── wso2server.sh.j2 │ │ │ └── tasks │ │ │ │ ├── custom.yml │ │ │ │ └── main.yml │ │ └── common │ │ │ └── tasks │ │ │ ├── custom.yml │ │ │ └── main.yml │ ├── site.yml │ └── README.md │ ├── variables.json │ ├── README.md │ ├── scripts │ ├── cleanup.sh │ └── init.sh │ ├── Vagrantfile │ ├── centos-custom.json │ ├── centos-base.json │ └── dbscripts │ ├── mysql-shared.sql │ └── mysql-identity.sql ├── .gitignore ├── issue_template.md ├── README.md ├── pull_request_template.md └── LICENSE /azure-simple/terraform/keys/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/files/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/files/lib/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/files/packs/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/scripts/update_logs/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/dev/inventory: -------------------------------------------------------------------------------- 1 | [is] 2 | is_1 ansible_host=localhost ansible_user=centos ansible_connection=local 3 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/docs/images/Deployment-pattern-1-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2-attic/terraform-is/HEAD/azure-simple/packer/ansible-is/docs/images/Deployment-pattern-1-diagram.png -------------------------------------------------------------------------------- /azure-simple/packer/variables.json: -------------------------------------------------------------------------------- 1 | { 2 | "azure-subscription-id": "*********************", 3 | "azure-client-id": "*********************", 4 | "azure-client-secret": "*********************", 5 | "azure-tenant-id": "*********************", 6 | 7 | "azure-resource-group": "WSO2-installers", 8 | "azure-region": "East US", 9 | 10 | "vm-size": "Standard_A1_v2", 11 | "storage-account" : "wso2installer" 12 | } 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | 25 | *.idea 26 | *.DS_Store 27 | *.terraform 28 | -------------------------------------------------------------------------------- /azure-simple/terraform/cloudinit/compute-template.yaml.tpl: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | mounts: 4 | - [ "//isstorageshare.file.core.windows.net/isshare", /mnt/sharedfs, "cifs", "vers=3.0,username=isstorageshare,password=${storage_access_key},dir_mode=0777,file_mode=0777,serverino", "0", "0"] 5 | 6 | runcmd: 7 | - sed -i 's|CONNECTION_STRING|${db_connection_strings}|g' /tmp/ansible-is/dev/group_vars/is.yml 8 | - cd /tmp/ansible-is && ansible-playbook -i dev/inventory site.yml 9 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/is/templates/wso2is.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=WSO2 Identity Server 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart={{ carbon_home }}/bin/wso2server.sh start 7 | ExecStop={{ carbon_home }}/bin/wso2server.sh stop 8 | ExecRestart={{ carbon_home }}/bin/wso2server.sh restart 9 | PIDFile={{ carbon_home }}/wso2carbon.pid 10 | User={{ wso2_user }} 11 | Group={{ wso2_group }} 12 | Type=forking 13 | Restart=on-failure 14 | RestartSec=5 15 | StartLimitInterval=60s 16 | StartLimitBurst=3 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/scripts/update_README.md: -------------------------------------------------------------------------------- 1 | # Continuous Update Delivery for WSO2 Identity Server 2 | 3 | ### Prequisites 4 | * Product packs should be provided in the `/files/packs` directory 5 | 6 | ### Usage 7 | While executing the update script, provide the profile name. The pack corresponding to the profile will begin updating. 8 | ```bash 9 | ./update.sh -p 10 | ``` 11 | Any of the following profile names can be provided as arguments: 12 | * is 13 | 14 | example: 15 | ```bash 16 | ./update.sh -p is 17 | ``` 18 | 19 | If any file that is used as a template is updated, a warning will be displayed. Update the relevant template files accordingly before pushing updates to the nodes. 20 | -------------------------------------------------------------------------------- /azure-simple/terraform/README.md: -------------------------------------------------------------------------------- 1 | Included Terraform scripts for complete infrastructure automation for Identity Server node setup. Azure subscription details are included in `terraform.tfvars`. 2 | 3 | Terraform Files 4 | ---------------- 5 | 6 | `datasources.tf` 7 | included relevant terraform scripts of database server and databases creation for Identity Server product. 8 | 9 | `main.tf` 10 | included network infrastructure creation including virtual network, subnets and security gourps for Azure VMs and Application Gateway with scalesets, storage accounts and storage containers for the VM scalesets. 11 | 12 | `output.tf` 13 | included loab-balancer Public ip address to be needed to configure as host entry for access the Identity Server console. 14 | -------------------------------------------------------------------------------- /issue_template.md: -------------------------------------------------------------------------------- 1 | **Description:** 2 | 3 | 4 | **Suggested Labels:** 5 | 6 | 7 | **Suggested Assignees:** 8 | 9 | 10 | **Affected Product Version:** 11 | 12 | **OS, DB, other environment details and versions:** 13 | 14 | **Steps to reproduce:** 15 | 16 | 17 | **Related Issues:** 18 | -------------------------------------------------------------------------------- /azure-simple/packer/README.md: -------------------------------------------------------------------------------- 1 | Included Packer configurations scripts to create the WSO2 Identity Server Azure machine image. Later this builds Packer image is been referred by the Terraform scripts for provision for Identity Server 2 node setup. 2 | Azure subscription details are included in "variables.json". 3 | 4 | 5 | Packer Directories and Files 6 | ---------------- 7 | 8 | `ansible-apim/` - 9 | included relevant terraform scripts of database server and databases creation for Identity Server product. 10 | 11 | `scripts/` - 12 | included relevant Identity Server runtime configurations and clean up scripts 13 | 14 | `dbscripts/` - 15 | included relevant Identity Server database schemas and tables files 16 | 17 | `centos-base.json` - 18 | contained relavant packer configurations for build the Azure machine image 19 | 20 | `Vagrantfile` - 21 | contained relavant vagrant configurations for test the Ansible playbook changes in locally 22 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/common/tasks/custom.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | # Add configs for the custom files that are needed to be copied/replaced to all the nodes here. 18 | -------------------------------------------------------------------------------- /azure-simple/terraform/terraform.tfvars: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # 3 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 4 | # 5 | # WSO2 Inc. licenses this file to you under the Apache License, 6 | # Version 2.0 (the "License"); you may not use this file except 7 | # in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | # ---------------------------------------------------------------------------- 20 | 21 | subscription_id = "*********************" 22 | client_id = "*********************" 23 | client_secret = "*********************" 24 | tenant_id = "*********************" 25 | -------------------------------------------------------------------------------- /azure-simple/terraform/output.tf: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # 3 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 4 | # 5 | # WSO2 Inc. licenses this file to you under the Apache License, 6 | # Version 2.0 (the "License"); you may not use this file except 7 | # in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | # ---------------------------------------------------------------------------- 20 | 21 | output "README" { 22 | value = "Please add this '${azurerm_public_ip.wso2_loadbalacer_pip.ip_address} is.wso2test.com' to '/etc/hosts' file for access the WSO2 Identity Server portal." 23 | } 24 | -------------------------------------------------------------------------------- /azure-simple/packer/scripts/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #---------------------------------------------------------------------------- 3 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | #---------------------------------------------------------------------------- 17 | 18 | # Remove Linux headers 19 | yum -y remove gcc kernel-devel kernel-headers perl cpp 20 | yum -y clean all 21 | 22 | # Cleanup log files 23 | find /var/log -type f | while read f; do echo -ne '' > $f; done; 24 | 25 | # remove under tmp directory 26 | #rm -rf /tmp/* 27 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/site.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | --- 18 | # This playbook deploys the whole application stack in this site. 19 | 20 | - name: Apply common configuration to all nodes 21 | hosts: all 22 | roles: 23 | - common 24 | 25 | - name: Apply Identity Server configuration to is nodes 26 | hosts: 27 | - is_1 28 | roles: 29 | - is 30 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/is/tasks/custom.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | # Add configs for the custom files that are needed to be copied/replaced here. 18 | # An example is provided below. 19 | # - name: "Copy custom file" 20 | # template: 21 | # src: path/to/example/file/example.xml.j2 22 | # dest: destination/example.xml 23 | # when: "(inventory_hostname in groups['is'])" 24 | -------------------------------------------------------------------------------- /azure-simple/packer/scripts/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #---------------------------------------------------------------------------- 3 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | #---------------------------------------------------------------------------- 17 | 18 | #Update the Centos 7 image 19 | yum update -y 20 | yum install -y -q epel-release cloud-init ansible nfs-utils ccze mysql 21 | 22 | #Create synapse-configs shared directory 23 | mkdir -p /mnt/sharedfs 24 | 25 | #Disable the Firewall Daemon 26 | systemctl stop firewalld.service 27 | systemctl disable firewalld.service 28 | 29 | #Disable the Selinux Security 30 | sed -i 's/enforcing/disabled/g' /etc/selinux/config 31 | -------------------------------------------------------------------------------- /azure-simple/terraform/scripts/database-template.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -o errexit 4 | set -o pipefail 5 | set -o nounset 6 | # set -o xtrace 7 | 8 | LOG_DIRECTORY='/tmp' 9 | 10 | ADMIN_USER='mysqladmin@wso2isdb' 11 | ADMIN_PASSWORD='${db_admin_password}' 12 | CONNECTION_STRING='${db_connection_strings}' 13 | DB_HOME='/tmp/dbscripts' 14 | USER_PASSWORD="BEstr11ng_#12" 15 | 16 | 17 | mysql -s < $LOG_DIRECTORY/query.log -h $CONNECTION_STRING -u mysqladmin@wso2isdb -p$ADMIN_PASSWORD 18 | 19 | CREATE DATABASE shared_db; 20 | CREATE USER shared_user IDENTIFIED BY "$USER_PASSWORD"; 21 | GRANT ALL ON shared_db.* TO shared_user@'%' IDENTIFIED BY "$USER_PASSWORD"; 22 | 23 | CREATE DATABASE identity_db; 24 | CREATE USER identity_user IDENTIFIED BY "$USER_PASSWORD"; 25 | GRANT ALL ON identity_db.* TO identity_user@'%' IDENTIFIED BY "$USER_PASSWORD"; 26 | 27 | FLUSH PRIVILEGES; 28 | EOF 29 | 30 | mysql -s < $LOG_DIRECTORY/query.log -h $CONNECTION_STRING -u shared_user@wso2isdb -p$USER_PASSWORD 31 | 32 | USE shared_db; 33 | SOURCE $DB_HOME/mysql-shared.sql 34 | 35 | EOF 36 | 37 | mysql -s < $LOG_DIRECTORY/query.log -h $CONNECTION_STRING -u identity_user@wso2isdb -p$USER_PASSWORD 38 | 39 | USE identity_db; 40 | SOURCE $DB_HOME/mysql-identity.sql 41 | 42 | EOF 43 | -------------------------------------------------------------------------------- /azure-simple/terraform/datasources.tf: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # 3 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 4 | # 5 | # WSO2 Inc. licenses this file to you under the Apache License, 6 | # Version 2.0 (the "License"); you may not use this file except 7 | # in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | # ---------------------------------------------------------------------------- 20 | 21 | data "template_file" "bastion_tempalte_script" { 22 | template = file("scripts/database-template.sh.tpl") 23 | 24 | vars = { 25 | db_admin_password = var.db_admin_password 26 | db_connection_strings = azurerm_mysql_server.wso2_mysql_instance.fqdn 27 | } 28 | 29 | } 30 | 31 | data "template_file" "compute_template_script" { 32 | template = file("cloudinit/compute-template.yaml.tpl") 33 | 34 | vars = { 35 | db_connection_strings = azurerm_mysql_server.wso2_mysql_instance.fqdn 36 | storage_access_key = azurerm_storage_account.wso2_storage_account.primary_access_key 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/docs/Pattern1.md: -------------------------------------------------------------------------------- 1 | # Pattern 1 - HA clustered deployment of WSO2 Identity Server 2 | 3 | ## Deployment diagram 4 | ![HA clustered deployment of WSO2 Identity Server](images/Deployment-pattern-1-diagram.png) 5 | 6 | ## Changing hostname and ports 7 | 1. Uncomment the parameters in the `is_2.yml` and give the values for both `is_1.yml` and `is_2.yml`, following the [documentation](https://is.docs.wso2.com/en/latest/setup/deployment-guide/) to deploy pattern 1. 8 | 9 | 2. Uncomment the following lines in the `site.yml` file. 10 | ``` 11 | hosts: 12 | - is_1 13 | - is_2 14 | ``` 15 | 16 | 3. Go to `host_vars` and uncomment the following lines in the yaml files. 17 | ``` 18 | proxy_port_https: proxyPort="443" 19 | proxy_port_http: proxyPort="80" 20 | ``` 21 | 4. In the same files, change the `hostname` and the `mgt_hostname` to the hostname of your servers. 22 | ``` 23 | carbon: 24 | hostname: wso2.is.com 25 | mgt_hostname: wso2.is.com 26 | ``` 27 | NOTE: This hostname is used by the cluster. It must be defined in the /etc/hosts file. 28 | 29 | 30 | ## Adding a new file to the templates to parameterize 31 | 32 | 1. Add the parameterized file to the `templates/carbon-home` directory. This maintains the exact folder structure of the WSO2 Identity Server pack. 33 | 34 | 2. Add the action you need to take on the above file to the `customs.yml` file as mentioned in [here](master#step-2). 35 | 36 | 3. Based on the parameters, add the values to the yml files under `group_vars` or `host_vars`. An example is given in the file itself. 37 | -------------------------------------------------------------------------------- /azure-simple/packer/Vagrantfile: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | # -*- mode: ruby -*- 18 | # vi: set ft=ruby : 19 | 20 | #Vagrantfile to locally test the ansible playbook changes 21 | 22 | Vagrant.configure(2) do |config| 23 | config.vm.box = "centos/7" 24 | config.vm.network "private_network", ip: "192.168.56.12" 25 | config.vm.hostname = "azure-wso2is" 26 | config.hostmanager.enabled = true 27 | config.hostmanager.ignore_private_ip = false 28 | config.vm.synced_folder "ansible-is/", "/home/vagrant/ansible-is" 29 | config.vm.provider "virtualbox" do |vb| 30 | vb.memory = "4096" 31 | vb.cpus = 2 32 | vb.name = "azure-wso2" 33 | end 34 | #config.vm.provision :shell, path: "./scripts/init.sh" 35 | #config.vm.provision "ansible" do |ansible| 36 | # ansible.playbook = "ansible-is/site.yml" 37 | # ansible.inventory_path = "ansible-is/dev" 38 | # ansible.limit = 'all' 39 | #end 40 | end 41 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # This repository is no longer maintained. 2 | Issue reports and pull requests will not be attended. 3 | 4 | #### ⚠️ DISCLAIMER 5 | 6 | Use these artefacts as a reference to build your deployment artefacts. Existing artefacts only developed to demonstrate a reference deployment and should not be used as is in production 7 | 8 | ------------------------------------------------------------------ 9 | 10 | # Terraform Resources for WSO2 Identity Server 11 | 12 | ## Installation 13 | 14 | ### Prerequisites 15 | 16 | * Install and set up [Packer](https://www.packer.io/) (>= v1.4.0 ) 17 | * Install and set up [Terraform](https://www.terraform.io/) (>= v0.12.00 ) 18 | 19 | 20 | ### Instructions: 21 | 22 | 1. Download the WSO2 Identity Server terraform resource. 23 | 24 | ```bash 25 | $ git clone https://github.com/wso2/terraform-is.git 26 | ``` 27 | 28 | 2. Build the Identity Server custom image using centos-base.json packer file. 29 | 30 | **Note:** If you have an Azure subscription, update user variables `centos-base.json` in root directory `azure-simple/packer` to include your subscription credentials. The WSO2 Identity Server 5.10.0 distribution needs to download into the `azure-simple/packer/ansible-is/files/packs/` directory. 31 | 32 | ```bash 33 | $ packer build centos-base.json 34 | ``` 35 | 36 | 3. Changed the directory to `azure-simple/terraform` and update the build `baseimage` in `variables.tf` and `terraform.tfvars` files inclusive of Azure subscription credentials. 37 | 38 | ```bash 39 | $ terraform apply 40 | ``` 41 | 42 | **Note:** Add the host entry ` is.wso2test.com` in `/etc/hosts` file to access the WSO2 Identity Server console. 43 | 44 | 4. Try navigating to the following consoles from your favorite browser. 45 | 46 | **https://is.wso2test.com** 47 | -------------------------------------------------------------------------------- /azure-simple/packer/centos-custom.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "azure-subscription-id": "********************", 4 | "azure-client-id": "********************", 5 | "azure-client-secret": "********************", 6 | "azure-tenant-id": "********************", 7 | "azure-resource-group": "WSO2-installers", 8 | "azure-region": "East US", 9 | "vm-size": "Standard_A1_v2", 10 | "storage-account": "wso2installer", 11 | "ssh_username": "centos", 12 | "ssh_password": "password" 13 | }, 14 | "builders": [ 15 | { 16 | "type": "azure-arm", 17 | "client_id": "{{user `azure-client-id`}}", 18 | "client_secret": "{{user `azure-client-secret`}}", 19 | "subscription_id": "{{user `azure-subscription-id`}}", 20 | "tenant_id": "{{user `azure-tenant-id`}}", 21 | "managed_image_resource_group_name": "{{user `azure-resource-group`}}", 22 | "managed_image_name": "packer-wso2is-{{ isotime \"2006-01-02-1504\" }}", 23 | "os_type": "Linux", 24 | "custom_managed_image_name": "*********************", 25 | "custom_managed_image_resource_group_name": "{{user `azure-resource-group`}}", 26 | "ssh_username": "{{user `ssh_username`}}", 27 | "ssh_password": "{{user `ssh_password`}}", 28 | "ssh_pty": "true", 29 | "azure_tags": { 30 | "dept": "wso2product" 31 | }, 32 | "location": "{{user `azure-region`}}", 33 | "vm_size": "{{user `vm-size`}}" 34 | } 35 | ], 36 | "provisioners": [ 37 | { 38 | "type": "file", 39 | "source": "./ansible-is/roles/is/tasks/main.yml", 40 | "destination": "/tmp/ansible-is/roles/is/tasks/main.yml" 41 | }, 42 | { 43 | "execute_command": "echo '{{user `ssh_password`}}' | {{ .Vars }} sudo -S -E sh '{{ .Path }}'", 44 | "inline": [ 45 | "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"], 46 | "inline_shebang": "/bin/sh -x", 47 | "type": "shell", 48 | "skip_clean": true 49 | } 50 | ] 51 | } 52 | -------------------------------------------------------------------------------- /azure-simple/packer/centos-base.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "azure-subscription-id": "*********************", 4 | "azure-client-id": "*********************", 5 | "azure-client-secret": "*********************", 6 | "azure-tenant-id": "*********************", 7 | "azure-resource-group": "WSO2-installers", 8 | "azure-region": "East US", 9 | "vm-size": "Standard_DS1_v2", 10 | "storage-account": "wso2installer", 11 | "ssh_username": "centos", 12 | "ssh_password": "password" 13 | }, 14 | "builders": [ 15 | { 16 | "type": "azure-arm", 17 | "client_id": "{{user `azure-client-id`}}", 18 | "client_secret": "{{user `azure-client-secret`}}", 19 | "subscription_id": "{{user `azure-subscription-id`}}", 20 | "tenant_id": "{{user `azure-tenant-id`}}", 21 | "managed_image_resource_group_name": "{{user `azure-resource-group`}}", 22 | "managed_image_name": "packer-wso2ei-{{ isotime \"2006-01-02-1504\" }}", 23 | "os_type": "linux", 24 | "image_publisher": "OpenLogic", 25 | "image_offer": "CentOS", 26 | "image_sku": "7.5", 27 | "ssh_username": "{{user `ssh_username`}}", 28 | "ssh_password": "{{user `ssh_password`}}", 29 | "ssh_pty": "true", 30 | "azure_tags": { 31 | "dept": "engineering" 32 | }, 33 | "location": "{{user `azure-region`}}", 34 | "vm_size": "{{user `vm-size`}}" 35 | } 36 | ], 37 | "provisioners": [ 38 | { 39 | "type": "file", 40 | "source": "./scripts", 41 | "destination": "/tmp" 42 | }, 43 | { 44 | "type": "file", 45 | "source": "./dbscripts", 46 | "destination": "/tmp" 47 | }, 48 | { 49 | "type": "file", 50 | "source": "./ansible-ei", 51 | "destination": "/tmp" 52 | }, 53 | { 54 | "execute_command": "echo '{{user `ssh_password`}}' | {{ .Vars }} sudo -S -E sh '{{ .Path }}'", 55 | "inline": [ 56 | "bash /tmp/scripts/init.sh", 57 | "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"], 58 | "inline_shebang": "/bin/sh -x", 59 | "type": "shell", 60 | "skip_clean": true 61 | } 62 | ] 63 | } 64 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | --- 17 | - block: 18 | - name: Create group 19 | group: name=wso2 state=present gid=802 20 | 21 | - name: Add wso2carbon user 22 | user: name="{{ wso2_user }}" shell=/bin/bash group=wso2 state=present uid=802 23 | 24 | - name: System performance tuning 25 | copy: 26 | src: "{{ item.src }}" 27 | dest: "{{ item.dest }}" 28 | loop: "{{ performance_tuning_file_list }}" 29 | when: enable_performance_tuning 30 | 31 | - name: Create Java directory 32 | file: 33 | path: "{{ java_home }}" 34 | state: directory 35 | 36 | - name: Unarchive JDK distribution from local source 37 | unarchive: 38 | src: "{{ product_package_location }}/lib/{{ jdk_name }}.tar.gz" 39 | dest: "{{ java_home }}" 40 | extra_opts: [--strip-components=1] 41 | when: pack_location == "local" 42 | 43 | - name: Unarchive JDK distribution from remote source 44 | unarchive: 45 | src: "{{ remote_jdk }}" 46 | dest: "{{ java_home}}" 47 | extra_opts: [--strip-components=1] 48 | remote_src: yes 49 | when: pack_location == "remote" 50 | 51 | - name: Create Java symbolic link 52 | file: 53 | src: "{{ java_home }}" 54 | dest: "{{ java_symlink }}" 55 | state: link 56 | 57 | - name: Install unzip package 58 | package: 59 | name: unzip 60 | state: present 61 | 62 | become: true 63 | become_user: root 64 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/dev/host_vars/is_1.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | --- 18 | # NOTE: The parameterized values has the default values from the original pack. Please change them according to your 19 | # requirements. If you need to add additional configurations, please use the custom.yml under each role. 20 | 21 | hostname: is.wso2test.com 22 | port_offset: 0 23 | 24 | # KeyStore which will be used for encrypting/decrypting passwords and other sensitive information. 25 | keystore_location: wso2carbon.jks 26 | keystore_type: JKS 27 | keystore_password: wso2carbon 28 | keystore_key_alias: wso2carbon 29 | keystore_key_password: wso2carbon 30 | 31 | # The KeyStore which is used for encrypting/decrypting internal data. This block is read by Carbon Crypto Service. 32 | internal_keystore_location: wso2carbon.jks 33 | internal_keystore_type: JKS 34 | internal_keystore_password: wso2carbon 35 | internal_keystore_key_alias: wso2carbon 36 | internal_keystore_key_password: wso2carbon 37 | 38 | # System wide trust-store which is used to maintain the certificates of all the trusted parties. 39 | truststore_location: client-truststore.jks 40 | truststore_type: JKS 41 | truststore_password: wso2carbon 42 | 43 | # Configure proxy ports. Note that this is a optional attribute. 44 | # catalina_server_connector_http_proxy_port: 80 45 | catalina_server_connector_http_max_threads: 250 46 | catalina_server_connector_http_accept_count: 200 47 | # catalina_server_connector_https_proxy_port: 443 48 | catalina_server_connector_https_max_threads: 250 49 | catalina_server_connector_https_accept_count: 200 50 | -------------------------------------------------------------------------------- /azure-simple/terraform/variables.tf: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # 3 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 4 | # 5 | # WSO2 Inc. licenses this file to you under the Apache License, 6 | # Version 2.0 (the "License"); you may not use this file except 7 | # in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | # ---------------------------------------------------------------------------- 20 | 21 | # Define variables. 22 | variable "subscription_id" {} 23 | variable "client_id" {} 24 | variable "client_secret" {} 25 | variable "tenant_id" {} 26 | 27 | variable "product" { 28 | default = "identity-server" 29 | } 30 | 31 | variable "product_name" { 32 | default = "wso2is" 33 | } 34 | 35 | variable "route_table_name" { 36 | default = "dmz-route-table" 37 | } 38 | 39 | variable "resource_group_name" { 40 | default = "WSO2-installers" 41 | } 42 | 43 | variable "location" { 44 | default = "East US" 45 | } 46 | 47 | variable "virtual_network_name" { 48 | default = "wso2network" 49 | } 50 | 51 | variable "virtual_network_address_space" { 52 | default = ["10.0.0.0/16"] 53 | } 54 | 55 | variable "subnet_address_space_mapping" { 56 | type = "map" 57 | default = { 58 | public_prefix_01 = "10.0.0.0/24" 59 | public_prefix_02 = "10.0.1.0/24" 60 | } 61 | } 62 | 63 | variable "db_server_version" { 64 | default = "5.7" 65 | } 66 | 67 | variable "loadbalancer_name" { 68 | default = "islb" 69 | } 70 | 71 | variable "instance_size" { 72 | // default = "Standard_D2s_v3" 73 | default = "Standard_DS1_v2" 74 | } 75 | 76 | variable "instance_disksize" { 77 | default = "30" 78 | } 79 | 80 | variable "baseimage" { 81 | default = "" 82 | } 83 | 84 | variable "admin_username" { 85 | default = "centos" 86 | } 87 | 88 | variable "admin_password" { 89 | default = "Password1234!" 90 | } 91 | 92 | variable "db_admin_password" { 93 | default = "H@Sh1CoR3!" 94 | } 95 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/files/system/etc/security/limits.conf: -------------------------------------------------------------------------------- 1 | # /etc/security/limits.conf 2 | # 3 | #Each line describes a limit for a user in the form: 4 | # 5 | # 6 | # 7 | #Where: 8 | # can be: 9 | # - a user name 10 | # - a group name, with @group syntax 11 | # - the wildcard *, for default entry 12 | # - the wildcard %, can be also used with %group syntax, 13 | # for maxlogin limit 14 | # - NOTE: group and wildcard limits are not applied to root. 15 | # To apply a limit to the root user, must be 16 | # the literal username root. 17 | # 18 | # can have the two values: 19 | # - "soft" for enforcing the soft limits 20 | # - "hard" for enforcing hard limits 21 | # 22 | # can be one of the following: 23 | # - core - limits the core file size (KB) 24 | # - data - max data size (KB) 25 | # - fsize - maximum filesize (KB) 26 | # - memlock - max locked-in-memory address space (KB) 27 | # - nofile - max number of open files 28 | # - rss - max resident set size (KB) 29 | # - stack - max stack size (KB) 30 | # - cpu - max CPU time (MIN) 31 | # - nproc - max number of processes 32 | # - as - address space limit (KB) 33 | # - maxlogins - max number of logins for this user 34 | # - maxsyslogins - max number of logins on the system 35 | # - priority - the priority to run user process with 36 | # - locks - max number of file locks the user can hold 37 | # - sigpending - max number of pending signals 38 | # - msgqueue - max memory used by POSIX message queues (bytes) 39 | # - nice - max nice priority allowed to raise to values: [-20, 19] 40 | # - rtprio - max realtime priority 41 | # - chroot - change root to directory (Debian-specific) 42 | # 43 | # 44 | # 45 | 46 | * soft nofile 4096 47 | * hard nofile 65535 48 | * soft nproc 20000 49 | * hard nproc 20000 50 | #* soft core 0 51 | #root hard core 100000 52 | #* hard rss 10000 53 | #@student hard nproc 20 54 | #@faculty soft nproc 20 55 | #@faculty hard nproc 50 56 | #ftp hard nproc 0 57 | #ftp - chroot /ftp 58 | #@student - maxlogins 4 59 | 60 | # End of file 61 | -------------------------------------------------------------------------------- /pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Purpose 2 | > Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. 3 | 4 | ## Goals 5 | > Describe the solutions that this feature/fix will introduce to resolve the problems described above 6 | 7 | ## Approach 8 | > Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. 9 | 10 | ## User stories 11 | > Summary of user stories addressed by this change> 12 | 13 | ## Release note 14 | > Brief description of the new feature or bug fix as it will appear in the release notes 15 | 16 | ## Documentation 17 | > Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact 18 | 19 | ## Training 20 | > Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable 21 | 22 | ## Certification 23 | > Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why. 24 | 25 | ## Marketing 26 | > Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable 27 | 28 | ## Automation tests 29 | - Unit tests 30 | > Code coverage information 31 | - Integration tests 32 | > Details about the test cases and coverage 33 | 34 | ## Security checks 35 | - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no 36 | - Ran FindSecurityBugs plugin and verified report? yes/no 37 | - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no 38 | 39 | ## Samples 40 | > Provide high-level details about the samples related to this feature 41 | 42 | ## Related PRs 43 | > List any other related PRs 44 | 45 | ## Migrations (if applicable) 46 | > Describe migration steps and platforms on which migration has been tested 47 | 48 | ## Test environment 49 | > List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested 50 | 51 | ## Learning 52 | > Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/files/system/etc/sysctl.conf: -------------------------------------------------------------------------------- 1 | # /etc/sysctl.conf - Configuration file for setting system variables 2 | # See /etc/sysctl.d/ for additional system variables. 3 | # See sysctl.conf (5) for information. 4 | # 5 | 6 | #kernel.domainname = example.com 7 | 8 | # Uncomment the following to stop low-level messages on console 9 | #kernel.printk = 3 4 1 3 10 | 11 | ##############################################################3 12 | # Functions previously found in netbase 13 | # 14 | 15 | # Uncomment the next two lines to enable Spoof protection (reverse-path filter) 16 | # Turn on Source Address Verification in all interfaces to 17 | # prevent some spoofing attacks 18 | #net.ipv4.conf.default.rp_filter=1 19 | #net.ipv4.conf.all.rp_filter=1 20 | 21 | # Uncomment the next line to enable TCP/IP SYN cookies 22 | # See http://lwn.net/Articles/277146/ 23 | # Note: This may impact IPv6 TCP sessions too 24 | #net.ipv4.tcp_syncookies=1 25 | 26 | # Uncomment the next line to enable packet forwarding for IPv4 27 | #net.ipv4.ip_forward=1 28 | 29 | # Uncomment the next line to enable packet forwarding for IPv6 30 | # Enabling this option disables Stateless Address Autoconfiguration 31 | # based on Router Advertisements for this host 32 | #net.ipv6.conf.all.forwarding=1 33 | 34 | net.ipv4.tcp_fin_timeout = 30 35 | fs.file-max = 2097152 36 | net.ipv4.tcp_tw_recycle = 1 37 | net.ipv4.tcp_tw_reuse = 1 38 | net.core.rmem_default = 524288 39 | net.core.wmem_default = 524288 40 | net.core.rmem_max = 67108864 41 | net.core.wmem_max = 67108864 42 | net.ipv4.tcp_rmem = 4096 87380 16777216 43 | net.ipv4.tcp_wmem = 4096 65536 16777216 44 | net.ipv4.ip_local_port_range = 1024 65535 45 | 46 | ################################################################### 47 | # Additional settings - these settings can improve the network 48 | # security of the host and prevent against some network attacks 49 | # including spoofing attacks and man in the middle attacks through 50 | # redirection. Some network environments, however, require that these 51 | # settings are disabled so review and enable them as needed. 52 | # 53 | # Do not accept ICMP redirects (prevent MITM attacks) 54 | #net.ipv4.conf.all.accept_redirects = 0 55 | #net.ipv6.conf.all.accept_redirects = 0 56 | # _or_ 57 | # Accept ICMP redirects only for gateways listed in our default 58 | # gateway list (enabled by default) 59 | # net.ipv4.conf.all.secure_redirects = 1 60 | # 61 | # Do not send ICMP redirects (we are not a router) 62 | #net.ipv4.conf.all.send_redirects = 0 63 | # 64 | # Do not accept IP source route packets (we are not a router) 65 | #net.ipv4.conf.all.accept_source_route = 0 66 | #net.ipv6.conf.all.accept_source_route = 0 67 | # 68 | # Log Martian Packets 69 | #net.ipv4.conf.all.log_martians = 1 70 | # 71 | 72 | ################################################################### 73 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/is/templates/carbon-home/repository/conf/deployment.toml.j2: -------------------------------------------------------------------------------- 1 | [server] 2 | hostname = "{{ hostname }}" 3 | node_ip = "127.0.0.1" 4 | base_path = "https://$ref{server.hostname}:${carbon.management.port}" 5 | offset = {{ port_offset }} 6 | 7 | [super_admin] 8 | username = "admin" 9 | password = "admin" 10 | create_admin_account = true 11 | 12 | [user_store] 13 | type = "read_write_ldap_unique_id" 14 | connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}" 15 | connection_name = "uid=admin,ou=system" 16 | connection_password = "admin" 17 | base_dn = "dc=wso2,dc=org" #refers the base dn on which the user and group search bases will be generated 18 | 19 | [database.identity_db] 20 | type = "{{ wso2is_identity_db_type }}" 21 | url = "{{ wso2is_identity_db_url }}" 22 | username = "{{ wso2is_identity_db_username }}" 23 | password = "{{ wso2is_identity_db_password }}" 24 | [database.identity_db.pool_options] 25 | validationQuery = "{{ wso2is_identity_db_validation_query }}" 26 | 27 | [database.shared_db] 28 | type = "{{ wso2is_shared_db_type }}" 29 | url = "{{ wso2is_shared_db_url }}" 30 | username = "{{ wso2is_shared_db_username }}" 31 | password = "{{ wso2is_shared_db_password }}" 32 | [database.shared_db.pool_options] 33 | validationQuery = "{{ wso2is_shared_db_validation_query }}" 34 | 35 | [database.bps_database] 36 | type = "{{ wso2is_bps_db_type }}" 37 | url = "{{ wso2is_bps_db_url }}" 38 | username = "{{ wso2is_bps_db_username }}" 39 | password = "{{ wso2is_bps_db_password }}" 40 | driver = "{{ wso2is_bps_db_driver }}" 41 | [database.bps_database.pool_options] 42 | validationQuery = "{{ wso2is_bps_db_validation_query }}" 43 | 44 | [[datasource]] 45 | id = "{{ wso2is_consent_db_id }}" 46 | type = "{{ wso2is_consent_db_type }}" 47 | url = "{{ wso2is_consent_db_url }}" 48 | username = "{{ wso2is_consent_db_username }}" 49 | password = "{{ wso2is_consent_db_password }}" 50 | driver = "{{ wso2is_consent_db_driver }}" 51 | pool_options.validationQuery = "{{ wso2is_consent_db_validation_query }}" 52 | 53 | [authentication.consent] 54 | data_source="jdbc/{{ wso2is_consent_db_id }}" 55 | 56 | [event.default_listener.application_authentication] 57 | enable = "{{ wso2is_enable_event_listener }}" 58 | 59 | [identity_mgt.events.schemes.analyticsLoginDataPublisher.properties] 60 | enable = "{{ wso2is_enable_handler_for_login_stats }}" 61 | 62 | [identity_mgt.events.schemes.analyticsSessionDataPublisher.properties] 63 | enable = "{{ wso2is_enable_handler_for_session_stats }}" 64 | 65 | [keystore.primary] 66 | name = "{{ keystore_location }}" 67 | type = "{{ keystore_type }}" 68 | password = "{{ keystore_password }}" 69 | alias = "{{ keystore_key_alias }}" 70 | key_password = "{{ keystore_key_password }}" 71 | 72 | [keystore.internal] 73 | filename = "{{ internal_keystore_location }}" 74 | type = "{{ internal_keystore_type }}" 75 | password = "{{ internal_keystore_password }}" 76 | alias = "{{ internal_keystore_key_alias }}" 77 | key_password = "{{ internal_keystore_key_password }}" 78 | 79 | [truststore] 80 | file_name = "{{ truststore_location }}" 81 | type = "{{ truststore_type }}" 82 | password = "{{ truststore_password }}" 83 | 84 | [transport.http.properties] 85 | maxThreads = "{{ catalina_server_connector_http_max_threads }}" 86 | acceptCount = "{{ catalina_server_connector_http_accept_count }}" 87 | 88 | [transport.https.properties] 89 | maxThreads = "{{ catalina_server_connector_https_max_threads }}" 90 | acceptCount = "{{ catalina_server_connector_https_accept_count }}" 91 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/is/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | --- 17 | - block: 18 | # Set installation directory information 19 | - name: Installation Information 20 | set_fact: 21 | product_dir: "{{ target }}/is" 22 | carbon_home: "{{ target }}/is/{{ product_name }}-{{ product_version }}" 23 | 24 | - name: Generate the random number 25 | set_fact: 26 | random_number: "{{ (3,5,7,9,11,13) | random }}" 27 | run_once: yes 28 | 29 | - name: Wait for "{{ random_number }}"s before parallel execution 30 | wait_for: 31 | timeout: "{{ random_number }}" 32 | delegate_to: localhost 33 | 34 | # WSO2 Distribution 35 | - name: Create product directory 36 | file: 37 | path: "{{ product_dir }}" 38 | state: directory 39 | mode: 0755 40 | 41 | - name: Copy WSO2IS service file 42 | template: 43 | src: "wso2is.service.j2" 44 | dest: /etc/systemd/system/wso2is.service 45 | 46 | - name: Stop wso2is as a service 47 | systemd: 48 | name: wso2is 49 | state: stopped 50 | 51 | - name: Remove existing setup 52 | file: 53 | path: "{{ carbon_home }}" 54 | state: absent 55 | 56 | - name: Unzip WSO2 Identity Server Package from local source 57 | unarchive: 58 | src: "{{ product_package_location }}/packs/{{ product_name }}-{{ product_version }}.zip" 59 | dest: "{{ product_dir }}" 60 | mode: u=rw,g=r,o=r 61 | when: pack_location == "local" 62 | 63 | - name: Unzip WSO2 Identity Server Package from remote source 64 | unarchive: 65 | src: "{{ remote_pack }}" 66 | dest: "{{ product_dir }}" 67 | mode: u=rw,g=r,o=r 68 | remote_src: yes 69 | when: pack_location == "remote" 70 | 71 | - name: Copy JDBC Driver 72 | copy: 73 | src: "{{ product_package_location }}/lib/{{ jdbc_driver }}" 74 | dest: "{{ carbon_home }}/repository/components/lib" 75 | when: jdbc_driver is defined 76 | 77 | - name: Copy configuration templates 78 | template: 79 | src: "{{ item.src }}" 80 | dest: "{{ item.dest }}" 81 | loop: "{{ config_files }}" 82 | 83 | # Enable customization by uncommenting the following and adding the changes to the custom.yml 84 | # - import_tasks: custom.yml 85 | 86 | - name: Change the owner of WSO2 directory 87 | file: 88 | path: "{{ target }}" 89 | state: directory 90 | recurse: true 91 | owner: "{{ wso2_user }}" 92 | group: "{{ wso2_group }}" 93 | mode: 0755 94 | 95 | when: "(inventory_hostname in groups['is'])" 96 | become: true 97 | become_method: sudo 98 | become_user: root 99 | 100 | - block: 101 | - name: Start wso2-is as a service 102 | systemd: 103 | name: wso2is 104 | state: started 105 | daemon_reload: yes 106 | 107 | become: true 108 | become_user: root 109 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/README.md: -------------------------------------------------------------------------------- 1 | # WSO2 Identity Server Ansible scripts 2 | 3 | This repository contains the Ansible scripts for installing and configuring WSO2 Identity Server and Identity Server Analytics. 4 | 5 | ## Supported Operating Systems 6 | 7 | - Ubuntu 16.04 or higher 8 | - CentOS 7 9 | 10 | ## Supported Ansible Versions 11 | 12 | - Ansible 2.8.0 13 | 14 | ## Directory Structure 15 | ``` 16 | . 17 | ├── dev 18 | │   ├── group_vars 19 | │   │   └── is.yml 20 | │   ├── host_vars 21 | │   │   └── is_1.yml 22 | │   └── inventory 23 | ├── docs 24 | │   ├── images 25 | │   │   ├── Deployment-pattern-1-diagram.png 26 | │   │   └── Deployment-pattern-2-diagram.png 27 | │   ├── Pattern1.md 28 | │   └── Pattern2.md 29 | ├── files 30 | │   ├── lib 31 | │ │ ├── amazon-corretto-8.242.08.1-linux-x64.tar.gz 32 | │ │ └── mysql-connector-java-5.1.48-bin.jar 33 | │   └── packs 34 | │ └── wso2is-5.10.0.zip 35 | ├── issue_template.md 36 | ├── LICENSE 37 | ├── pull_request_template.md 38 | ├── README.md 39 | ├── roles 40 | │   ├── common 41 | │   │   └── tasks 42 | │   │   ├── custom.yml 43 | │   │   └── main.yml 44 | │   └── is 45 | │      ├── tasks 46 | │      │   ├── custom.yml 47 | │      │   └── main.yml 48 | │      └── templates 49 | │      ├── carbon-home 50 | │      │   ├── bin 51 | │      │   │   └── wso2server.sh.j2 52 | │      │   └── repository 53 | │      │   └── conf 54 | │      │      └── deployment.toml.j2 55 | │      └── wso2is.service.j2 56 | ├── scripts 57 | │   ├── update.sh 58 | │   └── update_README.md 59 | └── site.yml 60 | ``` 61 | 62 | Packs could be either copied to a local directory, or downloaded from a remote location. 63 | 64 | ## Packs to be Copied 65 | 66 | Copy the following files to `files/packs` directory. 67 | 68 | 1. [WSO2 Identity Server 5.10.0 package](https://wso2.com/identity-and-access-management/install) 69 | 70 | Copy the following files to `files/lib` directory. 71 | 72 | 1. [MySQL Connector/J (5.1.48)](https://dev.mysql.com/downloads/connector/j/5.1.html) 73 | 2. [Amazon Coretto for Linux x64 JDK (amazon-corretto-8.242.08.1)](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html) 74 | 75 | ## Downloading from remote location 76 | 77 | In **group_vars**, change the values of the following variables in all groups: 78 | 1. The value of `pack_location` should be changed from "local" to "remote" 79 | 2. The value of `remote_jdk` should be changed to the URL in which the JDK should be downloaded from, and remove it as a comment. 80 | 3. The value of `remote_pack` should be changed to the URL in which the package should be downloaded from, and remove it as a comment. 81 | 82 | ## Running WSO2 Identity Server Ansible scripts 83 | 84 | ### 1. Run the existing scripts without customization 85 | The existing Ansible scripts contain the configurations to set-up a single node WSO2 Identity Server pattern. In order to deploy the pattern, you need to replace the `[ip_address]` given in the `inventory` file under `dev` folder by the IP of the location where you need to host the Identity Server. An example is given below. 86 | ``` 87 | [is] 88 | is_1 ansible_host=localhost ansible_user=wso2carbon ansible_connection=local 89 | ``` 90 | 91 | Run the following command to run the scripts. 92 | 93 | `ansible-playbook -i dev/inventory site.yml` 94 | 95 | If you need to alter the configurations given, please change the parameterized values in the yaml files under `group_vars` and `host_vars`. 96 | 97 | ### 2. Customize the WSO2 Ansible scripts 98 | 99 | The templates that are used by the Ansible scripts are in j2 format in-order to enable parameterization. 100 | 101 | 102 | #### Step 1 103 | Uncomment the following line in `main.yml` under the role you want to customize. 104 | ``` 105 | - import_tasks: custom.yml 106 | ``` 107 | 108 | #### Step 2 109 | Add the configurations to the `custom.yml`. A sample is given below. 110 | 111 | ``` 112 | - name: "Copy custom file" 113 | template: 114 | src: path/to/example/file/example.xml.j2 115 | dest: destination/example.xml.j2 116 | when: "(inventory_hostname in groups['is'])" 117 | ``` 118 | 119 | Follow the steps mentioned under `docs` directory to customize/create new Ansible scripts and deploy the recommended patterns. 120 | 121 | ## Performance Tuning 122 | 123 | System configurations can be changed through Ansible to optimize OS level performance. Performance tuning can be enabled by changing `enable_performance_tuning` in `dev/group_vars/is.yml` to `true`. 124 | 125 | System files that will be updated when performance tuning are enabled is available in `files/system`. Update the configuration values according to the requirements of your deployment. 126 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/dev/group_vars/is.yml: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2020 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | wso2_group: wso2 18 | wso2_user: wso2carbon 19 | product_name: wso2is 20 | product_version: 5.10.0 21 | target: /mnt 22 | product_package_location: files 23 | jdbc_driver: mysql-connector-java-5.1.48-bin.jar 24 | 25 | # Performance tuning configurations 26 | enable_performance_tuning: false 27 | performance_tuning_file_list: 28 | - { src: '{{ product_package_location }}/system/etc/sysctl.conf', 29 | dest: '/etc/sysctl.conf' } 30 | - { src: '{{ product_package_location }}/system/etc/security/limits.conf', 31 | dest: '/etc/security/limits.conf' } 32 | 33 | # Set the location the product packages should reside in (eg: "local" in the /files directory, "remote" in a remote location) 34 | pack_location: local 35 | #pack_location: remote 36 | #remote_jdk: "" 37 | #remote_pack: "" 38 | 39 | # JDK Distributions 40 | jdk_name: amazon-corretto-8.242.08.1-linux-x64 41 | java_dir: /opt 42 | java_symlink: "{{ java_dir }}/java" 43 | java_home: "{{ java_dir }}/{{ jdk_name }}" 44 | 45 | is_analytics_hostname: localhost 46 | 47 | # Data source configurations for the shared database which hosts registry and user management tables 48 | wso2is_shared_db_type: mysql 49 | wso2is_shared_db_url: jdbc:mysql://CONNECTION_STRING:3306/shared_db 50 | wso2is_shared_db_username: shared_user@wso2isdb 51 | wso2is_shared_db_password: BEstr11ng_#12 52 | wso2is_shared_db_validation_query: "SELECT 1" 53 | 54 | # Data source configurations for the database which hosts identity tables 55 | wso2is_identity_db_type: mysql 56 | wso2is_identity_db_url: jdbc:mysql://CONNECTION_STRING:3306/identity_db 57 | wso2is_identity_db_username: identity_user@wso2isdb 58 | wso2is_identity_db_password: BEstr11ng_#12 59 | wso2is_identity_db_validation_query: "SELECT 1" 60 | 61 | # Data source configurations for the database which hosts workflow (WSO2 product BPS) tables 62 | wso2is_bps_db_type: h2 63 | wso2is_bps_db_url: jdbc:h2:file:./repository/database/jpadb;DB_CLOSE_ON_EXIT=FALSE;MVCC=TRUE 64 | wso2is_bps_db_username: wso2carbon 65 | wso2is_bps_db_password: wso2carbon 66 | wso2is_bps_db_driver: org.h2.Driver 67 | wso2is_bps_db_validation_query: "SELECT 1" 68 | 69 | # Data source configurations for the database which hosts consent management tables 70 | wso2is_consent_db_id: WSO2ConsentDS 71 | wso2is_consent_db_type: h2 72 | wso2is_consent_db_url: jdbc:h2:./repository/database/WSO2IDENTITY_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000 73 | wso2is_consent_db_username: wso2carbon 74 | wso2is_consent_db_password: wso2carbon 75 | wso2is_consent_db_driver: org.h2.Driver 76 | wso2is_consent_db_validation_query: "SELECT 1" 77 | 78 | # Enable statistic publishing 79 | wso2is_enable_event_listener: true 80 | wso2is_enable_handler_for_login_stats: false 81 | wso2is_enable_handler_for_session_stats: false 82 | 83 | # KeyStore which will be used for encrypting/decrypting passwords and other sensitive information. 84 | keystore_location: wso2carbon.jks 85 | keystore_type: JKS 86 | keystore_password: wso2carbon 87 | keystore_key_alias: wso2carbon 88 | keystore_key_password: wso2carbon 89 | 90 | # System wide trust-store which is used to maintain the certificates of all the trusted parties. 91 | truststore_location: client-truststore.jks 92 | truststore_type: JKS 93 | truststore_password: wso2carbon 94 | 95 | # List of configuration file templates, and the paths they should be written to 96 | config_files: 97 | - { src: 'carbon-home/repository/conf/deployment.toml.j2', 98 | dest: '{{ carbon_home }}/repository/conf/deployment.toml' } 99 | - { src: 'carbon-home/bin/wso2server.sh.j2', 100 | dest: '{{ carbon_home }}/bin/wso2server.sh' } 101 | 102 | # Add any new changes you want to add for the group/profile below. 103 | # If you add a new file under templates and parameterized the file, the values for those parameters should be added 104 | # below. 105 | # Example: 106 | # Changes applied to example.xml file. 107 | # example_driver_class_name: com.mysql.jdbc.Driver 108 | # example_url: jdbc:mysql://wso2is-pattern1-mysql-service:3306/WSO2_IDENTITY_DB autoReconnect=true&verifyServerCertificate=false&useSSL=true 109 | # example_username: wso2carbon 110 | # example_password: wso2carbon 111 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/scripts/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # 4 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 5 | # 6 | # WSO2 Inc. licenses this file to you under the Apache License, 7 | # Version 2.0 (the "License"); you may not use this file except 8 | # in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # ---------------------------------------------------------------------------- 21 | 22 | set -e 23 | 24 | # Build artifacts and is_analytics_versions 25 | : ${is_version:="5.10.0"} 26 | : ${packs_dir:=$(pwd)/../files/packs/} 27 | 28 | usage() { echo "Usage: $0 -p " 1>&2; exit 1; } 29 | 30 | unzip_pack() { 31 | if [[ -d ${packs_dir}/${1} ]] 32 | then 33 | echo "The current directory contains a directory ${1}. Please move the directory to another location." 34 | fi 35 | echo "Unzipping ${1}.zip..." 36 | unzip -q ${packs_dir}/${1}.zip 37 | } 38 | 39 | update_pack() { 40 | if ! [ -x "$(command -v zip)" ]; then 41 | echo 'Error: zip is not installed.' >&2 42 | rm -rf ${packs_dir}/${1} 43 | exit 1 44 | fi 45 | rm ${packs_dir}/${1}.zip 46 | cd ${packs_dir} 47 | echo "Repackaging ${1}..." 48 | zip -qr ${1}.zip ${1} 49 | rm -rf ${1} 50 | } 51 | 52 | while getopts ":p:" o; do 53 | case "${o}" in 54 | p) 55 | profile=${OPTARG} 56 | ;; 57 | *) 58 | usage 59 | ;; 60 | esac 61 | done 62 | shift $((OPTIND-1)) 63 | 64 | if [[ -z "${profile}" ]]; then 65 | usage 66 | fi 67 | 68 | # Set variables relevant to each profile 69 | case "${profile}" in 70 | is) 71 | pack="wso2is-"${is_version} 72 | updated_roles=("is") 73 | ;; 74 | *) 75 | echo "Invalid profile. Please provide one of the following profiles: 76 | is" 77 | exit 1 78 | ;; 79 | esac 80 | 81 | carbon_home=${packs_dir}/${pack} 82 | 83 | # Create updates directory if it doesn't exist 84 | updates_dir=$(pwd)/update_logs/${pack} 85 | if [[ ! -d ${updates_dir} ]] 86 | then 87 | mkdir -p ${updates_dir} 88 | fi 89 | 90 | # Getting update status 91 | # 0 - first/last update successful 92 | # 1 - Error occurred in last update 93 | # 2 - In-place has been updated 94 | # 3 - conflicts encountered in last update 95 | status=0 96 | if [[ -f ${updates_dir}/status ]] 97 | then 98 | status=$(cat ${updates_dir}/status) 99 | fi 100 | 101 | cd ${packs_dir} 102 | 103 | # The pack should not be unzipped if a conflict is being resolved 104 | if [[ ${status} -ne 3 ]] 105 | then 106 | unzip_pack ${pack} 107 | fi 108 | 109 | if [[ ! -f ${carbon_home}/bin/update_linux ]] 110 | then 111 | echo "Update executable not found." 112 | rm -rf ${packs_dir}/${pack} 113 | exit 1 114 | fi 115 | 116 | # Move into binaries directory 117 | cd ${carbon_home}/bin 118 | 119 | # Run in-place update 120 | if [[ ${status} -eq 0 ]] || [[ ${status} -eq 1 ]] || [[ ${status} -eq 2 ]] 121 | then 122 | ./update_linux --verbose 2>&1 | tee ${updates_dir}/output.txt 123 | update_status=${PIPESTATUS[0]} 124 | elif [[ ${status} -eq 3 ]] 125 | then 126 | ./update_linux --verbose --continue 2>&1 | tee ${updates_dir}/output.txt 127 | update_status=${PIPESTATUS[0]} 128 | 129 | # Handle user running update script without resolving conflicts 130 | if [[ ${update_status} -eq 1 ]] 131 | then 132 | echo "Error occurred while attempting to resolve conflicts." 133 | rm -rf ${packs_dir}/${pack} 134 | exit 1 135 | fi 136 | else 137 | echo "status file is invalid. Please delete or clear file content." 138 | rm -rf ${packs_dir}/${pack} 139 | exit 1 140 | fi 141 | 142 | # Handle the In-place tool being updated 143 | if [[ ${update_status} -eq 2 ]] 144 | then 145 | echo "In-place tool has been updated. Running update again." 146 | ./update_linux --verbose 2>&1 | tee ${updates_dir}/output.txt 147 | update_status=${PIPESTATUS[0]} 148 | fi 149 | 150 | # Update status 151 | echo ${update_status} > ${updates_dir}/status 152 | if [[ ${update_status} -eq 0 ]] 153 | then 154 | echo 155 | echo "Update completed successfully." 156 | update_pack ${pack} 157 | elif [[ ${update_status} -eq 3 ]] 158 | then 159 | echo "Conflicts encountered. Please resolve conflicts in ${packs_dir}/${pack} and run the update script again." 160 | else 161 | echo "Update error occurred. Stopped with exit code ${update_status}" 162 | rm -rf ${packs_dir}/${pack} 163 | exit ${update_status} 164 | fi 165 | 166 | # Get list of merged files 167 | if [[ ${update_status} -eq 0 ]] # If update is successful 168 | then 169 | sed -n '/Merge successful for the following files./,/Successfully completed merging files/p' ${updates_dir}/output.txt > ${updates_dir}/merged_files.txt 170 | elif [[ ${update_status} -eq 3 ]] # If conflicts were encountered during update 171 | then 172 | sed -n '/Merge successful for the following files./,/Merging/p' ${updates_dir}/output.txt > ${updates_dir}/merged_files.txt 173 | fi 174 | 175 | if [[ -s ${updates_dir}/merged_files.txt ]] 176 | then 177 | sed -i '1d' ${updates_dir}/merged_files.txt # Remove first line from file 178 | sed -i '$ d' ${updates_dir}/merged_files.txt # Remove last line from file 179 | 180 | while read -r line; do 181 | filepath=${line##*${pack}/} 182 | 183 | for role in "${updated_roles[@]}" 184 | do 185 | template_file=${packs_dir}/../../roles/${role}/templates/carbon-home/${filepath}.j2 186 | if [[ -f ${template_file} ]] 187 | then 188 | updated_templates+=(${template_file##*${packs_dir}/../../}) 189 | fi 190 | done 191 | done < ${updates_dir}/merged_files.txt 192 | 193 | # Display template files to be changed 194 | if [[ -n ${updated_templates} ]] 195 | then 196 | DATE=`date +%Y-%m-%d` 197 | update_file_name="update_${DATE}.log" 198 | echo 199 | echo "Update has made changes to the following files. Please update the templates accordingly before running the next update." | tee -a ${updates_dir}/${update_file_name} 200 | printf '%s\n' "${updated_templates[@]}" | tee -a ${updates_dir}/${update_file_name} 201 | fi 202 | fi 203 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /azure-simple/terraform/main.tf: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # 3 | # Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 4 | # 5 | # WSO2 Inc. licenses this file to you under the Apache License, 6 | # Version 2.0 (the "License"); you may not use this file except 7 | # in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | # ---------------------------------------------------------------------------- 20 | 21 | provider "azurerm" { 22 | subscription_id = var.subscription_id 23 | client_id = var.client_id 24 | client_secret = var.client_secret 25 | features {} 26 | tenant_id = var.tenant_id 27 | } 28 | 29 | variable "wso2_tags" { 30 | description = "Two node Identity Server HA setup with backend mysql database" 31 | type = map 32 | 33 | default = { 34 | environment = "wso2is" 35 | } 36 | } 37 | 38 | resource "azurerm_virtual_network" "wso2_virtual_network" { 39 | name = var.virtual_network_name 40 | address_space = var.virtual_network_address_space 41 | location = var.location 42 | resource_group_name = var.resource_group_name 43 | 44 | tags = { 45 | product = var.product_name 46 | } 47 | } 48 | 49 | resource "azurerm_subnet" "wso2_public_subnet" { 50 | depends_on = ["azurerm_virtual_network.wso2_virtual_network"] 51 | virtual_network_name = var.virtual_network_name 52 | name = "public-subnet" 53 | address_prefixes = ["10.0.250.0/24"] 54 | resource_group_name = var.resource_group_name 55 | } 56 | 57 | resource "azurerm_subnet" "wso2_private_subnet" { 58 | depends_on = ["azurerm_virtual_network.wso2_virtual_network"] 59 | virtual_network_name = var.virtual_network_name 60 | name = "private-subnet" 61 | address_prefixes = ["10.0.1.0/24"] 62 | resource_group_name = var.resource_group_name 63 | } 64 | 65 | 66 | resource "azurerm_network_security_group" "wso2_bastion_nsg" { 67 | name = "bastion-nsg" 68 | location = var.location 69 | resource_group_name = var.resource_group_name 70 | 71 | security_rule { 72 | name = "allow-ssh-traffic" 73 | priority = 100 74 | direction = "Inbound" 75 | access = "Allow" 76 | protocol = "TCP" 77 | source_port_range = "*" 78 | destination_port_range = "22" 79 | source_address_prefix = "0.0.0.0/0" 80 | destination_address_prefix = "*" 81 | } 82 | 83 | } 84 | 85 | resource "azurerm_route_table" "wso2_routetb" { 86 | name = var.route_table_name 87 | location = var.location 88 | resource_group_name = var.resource_group_name 89 | 90 | route { 91 | name = "External" 92 | address_prefix = "0.0.0.0/0" 93 | next_hop_type = "Internet" 94 | } 95 | 96 | route { 97 | name = "Local" 98 | address_prefix = "10.0.0.0/16" 99 | next_hop_type = "VnetLocal" 100 | } 101 | 102 | tags = { 103 | product = var.product_name 104 | } 105 | } 106 | 107 | // Bastion server resources 108 | 109 | resource "random_string" "fqdn" { 110 | length = 6 111 | special = false 112 | upper = false 113 | number = false 114 | } 115 | 116 | resource "azurerm_public_ip" "wso2_bastion_pip" { 117 | name = "bastion-pip" 118 | location = var.location 119 | resource_group_name = var.resource_group_name 120 | allocation_method = "Static" 121 | domain_name_label = "${random_string.fqdn.result}-ssh" 122 | tags = var.wso2_tags 123 | } 124 | 125 | resource "azurerm_network_interface" "wso2_bastion_nic" { 126 | name = "bastion-nic" 127 | location = var.location 128 | resource_group_name = var.resource_group_name 129 | 130 | ip_configuration { 131 | name = "bastion-pip" 132 | subnet_id = azurerm_subnet.wso2_public_subnet.id 133 | private_ip_address_allocation = "dynamic" 134 | public_ip_address_id = azurerm_public_ip.wso2_bastion_pip.id 135 | } 136 | 137 | tags = var.wso2_tags 138 | } 139 | 140 | // MySql server resources 141 | 142 | resource "azurerm_mysql_server" "wso2_mysql_instance" { 143 | name = "wso2isdb" 144 | location = var.location 145 | resource_group_name = var.resource_group_name 146 | 147 | sku_name = "B_Gen5_2" 148 | 149 | administrator_login = "mysqladmin" 150 | administrator_login_password = var.db_admin_password 151 | version = var.db_server_version 152 | storage_mb = "10240" 153 | ssl_enforcement_enabled = false 154 | } 155 | 156 | resource "azurerm_mysql_firewall_rule" "wso2_mysql_firewall_rule" { 157 | depends_on = ["azurerm_mysql_server.wso2_mysql_instance"] 158 | name = "local-connection-rule" 159 | resource_group_name = var.resource_group_name 160 | server_name = "wso2isdb" 161 | start_ip_address = "0.0.0.0" 162 | end_ip_address = "255.255.255.255" 163 | } 164 | 165 | // Bastion instance resources 166 | 167 | resource "azurerm_virtual_machine" "wso2_bastion" { 168 | depends_on = ["azurerm_mysql_server.wso2_mysql_instance"] 169 | name = "bastion" 170 | location = var.location 171 | resource_group_name = var.resource_group_name 172 | network_interface_ids = [azurerm_network_interface.wso2_bastion_nic.id] 173 | vm_size = "Standard_DS1_v2" 174 | delete_os_disk_on_termination = true 175 | delete_data_disks_on_termination = true 176 | 177 | 178 | storage_image_reference { 179 | id = var.baseimage 180 | } 181 | 182 | storage_os_disk { 183 | name = "bastion-osdisk" 184 | caching = "ReadWrite" 185 | create_option = "FromImage" 186 | managed_disk_type = "Standard_LRS" 187 | } 188 | 189 | os_profile { 190 | computer_name = "wso2-bastion" 191 | admin_username = var.admin_username 192 | admin_password = var.admin_password 193 | custom_data = base64encode(data.template_file.bastion_tempalte_script.rendered) 194 | 195 | } 196 | 197 | os_profile_linux_config { 198 | disable_password_authentication = false 199 | } 200 | 201 | tags = var.wso2_tags 202 | } 203 | 204 | // Shared storage resources 205 | resource "azurerm_storage_account" "wso2_storage_account" { 206 | name = "isstorageshare" 207 | resource_group_name = var.resource_group_name 208 | location = var.location 209 | account_tier = "Standard" 210 | account_replication_type = "LRS" 211 | 212 | tags = var.wso2_tags 213 | 214 | } 215 | 216 | resource "azurerm_storage_share" "wso2_storage_share" { 217 | name = "isshare" 218 | storage_account_name = azurerm_storage_account.wso2_storage_account.name 219 | quota = 20 220 | } 221 | 222 | // EI loadbalacer resources 223 | 224 | resource "azurerm_public_ip" "wso2_loadbalacer_pip" { 225 | // depends_on = ["azurerm_virtual_machine_scale_set.wso2_scale_set"] 226 | name = "wso2is-pip" 227 | location = var.location 228 | resource_group_name = var.resource_group_name 229 | allocation_method = "Static" 230 | } 231 | 232 | resource "azurerm_lb" "wso2_lb" { 233 | name = var.loadbalancer_name 234 | location = var.location 235 | resource_group_name = var.resource_group_name 236 | 237 | 238 | frontend_ip_configuration { 239 | name = "islb-fip" 240 | public_ip_address_id = azurerm_public_ip.wso2_loadbalacer_pip.id 241 | } 242 | 243 | tags = var.wso2_tags 244 | 245 | } 246 | 247 | resource "azurerm_lb_backend_address_pool" "wso2_address_pool" { 248 | name = "eilb-instance-pool" 249 | resource_group_name = var.resource_group_name 250 | loadbalancer_id = azurerm_lb.wso2_lb.id 251 | } 252 | 253 | resource "azurerm_virtual_machine_scale_set" "wso2_scale_set" { 254 | depends_on = ["azurerm_virtual_machine.wso2_bastion", "azurerm_storage_share.wso2_storage_share", "azurerm_lb.wso2_lb"] 255 | name = "is-scaleset" 256 | location = var.location 257 | resource_group_name = var.resource_group_name 258 | upgrade_policy_mode = "Rolling" 259 | 260 | rolling_upgrade_policy { 261 | max_batch_instance_percent = 20 262 | max_unhealthy_instance_percent = 20 263 | max_unhealthy_upgraded_instance_percent = 5 264 | pause_time_between_batches = "PT0S" 265 | } 266 | 267 | health_probe_id = azurerm_lb_probe.wso2_lb_probe.id 268 | 269 | sku { 270 | name = var.instance_size 271 | tier = "Standard" 272 | capacity = 2 273 | } 274 | 275 | storage_profile_image_reference { 276 | id = var.baseimage 277 | } 278 | 279 | 280 | storage_profile_os_disk { 281 | caching = "ReadWrite" 282 | create_option = "FromImage" 283 | managed_disk_type = "Standard_LRS" 284 | } 285 | 286 | os_profile { 287 | computer_name_prefix = "is" 288 | admin_username = var.admin_username 289 | admin_password = var.admin_password 290 | custom_data = base64encode(data.template_file.compute_template_script.rendered) 291 | } 292 | 293 | os_profile_linux_config { 294 | disable_password_authentication = false 295 | 296 | ssh_keys { 297 | path = "/home/${var.admin_username}/.ssh/authorized_keys" 298 | key_data = file("./keys/azure-key.pub") 299 | } 300 | } 301 | 302 | network_profile { 303 | name = "is-scaleset-nps" 304 | primary = true 305 | 306 | ip_configuration { 307 | name = "is-scaleset-ips" 308 | subnet_id = azurerm_subnet.wso2_private_subnet.id 309 | load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.wso2_address_pool.id] 310 | primary = true 311 | } 312 | } 313 | 314 | tags = var.wso2_tags 315 | } 316 | 317 | resource "azurerm_lb_probe" "wso2_lb_probe" { 318 | resource_group_name = var.resource_group_name 319 | loadbalancer_id = azurerm_lb.wso2_lb.id 320 | name = "https-probe" 321 | protocol = "tcp" 322 | port = "9443" 323 | interval_in_seconds = "5" 324 | number_of_probes = "3" 325 | } 326 | 327 | resource "azurerm_lb_rule" "wso2_lb_portal_rule" { 328 | resource_group_name = var.resource_group_name 329 | loadbalancer_id = azurerm_lb.wso2_lb.id 330 | name = "portal-rule" 331 | protocol = "tcp" 332 | frontend_port = "9443" 333 | backend_port = "9443" 334 | frontend_ip_configuration_name = "islb-fip" 335 | enable_floating_ip = false 336 | backend_address_pool_id = azurerm_lb_backend_address_pool.wso2_address_pool.id 337 | idle_timeout_in_minutes = 5 338 | load_distribution = "SourceIPProtocol" 339 | 340 | probe_id = azurerm_lb_probe.wso2_lb_probe.id 341 | // depends_on = [azurerm_lb_probe.wso2_lb_probe] 342 | } 343 | 344 | resource "azurerm_lb_rule" "wso2_lb_gateway_rule" { 345 | resource_group_name = var.resource_group_name 346 | loadbalancer_id = azurerm_lb.wso2_lb.id 347 | name = "gateway-rule" 348 | protocol = "tcp" 349 | frontend_port = "8243" 350 | backend_port = "8243" 351 | frontend_ip_configuration_name = "islb-fip" 352 | enable_floating_ip = false 353 | backend_address_pool_id = azurerm_lb_backend_address_pool.wso2_address_pool.id 354 | idle_timeout_in_minutes = 5 355 | load_distribution = "SourceIPProtocol" 356 | } 357 | -------------------------------------------------------------------------------- /azure-simple/packer/ansible-is/roles/is/templates/carbon-home/bin/wso2server.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2005-2020 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # ---------------------------------------------------------------------------- 18 | # Main Script for the WSO2 Carbon Server 19 | # 20 | # Environment Variable Prequisites 21 | # 22 | # CARBON_HOME Home of WSO2 Carbon installation. If not set I will try 23 | # to figure it out. 24 | # 25 | # JAVA_HOME Must point at your Java Development Kit installation. 26 | # 27 | # JAVA_OPTS (Optional) Java runtime options used when the commands 28 | # is executed. 29 | # 30 | # NOTE: Borrowed generously from Apache Tomcat startup scripts. 31 | # ----------------------------------------------------------------------------- 32 | 33 | # OS specific support. $var _must_ be set to either true or false. 34 | #ulimit -n 100000 35 | 36 | # set the Java Home (JAVA_HOME) environment variable prior to server startup 37 | export JAVA_HOME={{ java_symlink }}; 38 | 39 | cygwin=false; 40 | darwin=false; 41 | os400=false; 42 | mingw=false; 43 | case "`uname`" in 44 | CYGWIN*) cygwin=true;; 45 | MINGW*) mingw=true;; 46 | OS400*) os400=true;; 47 | Darwin*) darwin=true 48 | if [ -z "$JAVA_VERSION" ] ; then 49 | JAVA_VERSION="CurrentJDK" 50 | else 51 | echo "Using Java version: $JAVA_VERSION" 52 | fi 53 | if [ -z "$JAVA_HOME" ] ; then 54 | JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home 55 | fi 56 | ;; 57 | esac 58 | 59 | # resolve links - $0 may be a softlink 60 | PRG="$0" 61 | 62 | while [ -h "$PRG" ]; do 63 | ls=`ls -ld "$PRG"` 64 | link=`expr "$ls" : '.*-> \(.*\)$'` 65 | if expr "$link" : '.*/.*' > /dev/null; then 66 | PRG="$link" 67 | else 68 | PRG=`dirname "$PRG"`/"$link" 69 | fi 70 | done 71 | 72 | # Get standard environment variables 73 | PRGDIR=`dirname "$PRG"` 74 | 75 | # Only set CARBON_HOME if not already set 76 | [ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` 77 | 78 | # Set AXIS2_HOME. Needed for One Click JAR Download 79 | AXIS2_HOME="$CARBON_HOME" 80 | 81 | # For Cygwin, ensure paths are in UNIX format before anything is touched 82 | if $cygwin; then 83 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 84 | [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 85 | [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 86 | fi 87 | 88 | # For OS400 89 | if $os400; then 90 | # Set job priority to standard for interactive (interactive - 6) by using 91 | # the interactive priority - 6, the helper threads that respond to requests 92 | # will be running at the same priority as interactive jobs. 93 | COMMAND='chgjob job('$JOBNAME') runpty(6)' 94 | system $COMMAND 95 | 96 | # Enable multi threading 97 | QIBM_MULTI_THREADED=Y 98 | export QIBM_MULTI_THREADED 99 | fi 100 | 101 | # For Migwn, ensure paths are in UNIX format before anything is touched 102 | if $mingw ; then 103 | [ -n "$CARBON_HOME" ] && 104 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 107 | [ -n "$AXIS2_HOME" ] && 108 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 109 | # TODO classpath? 110 | fi 111 | 112 | if [ -z "$JAVACMD" ] ; then 113 | if [ -n "$JAVA_HOME" ] ; then 114 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 115 | # IBM's JDK on AIX uses strange locations for the executables 116 | JAVACMD="$JAVA_HOME/jre/sh/java" 117 | else 118 | JAVACMD="$JAVA_HOME/bin/java" 119 | fi 120 | else 121 | JAVACMD=java 122 | fi 123 | fi 124 | 125 | if [ ! -x "$JAVACMD" ] ; then 126 | echo "Error: JAVA_HOME is not defined correctly." 127 | echo " CARBON cannot execute $JAVACMD" 128 | exit 1 129 | fi 130 | 131 | # if JAVA_HOME is not set we're not happy 132 | if [ -z "$JAVA_HOME" ]; then 133 | echo "You must set the JAVA_HOME variable before running CARBON." 134 | exit 1 135 | fi 136 | 137 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 138 | PID=`cat "$CARBON_HOME"/wso2carbon.pid` 139 | fi 140 | 141 | # ----- Process the input command ---------------------------------------------- 142 | args="" 143 | for c in $* 144 | do 145 | if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then 146 | CMD="--debug" 147 | continue 148 | elif [ "$CMD" = "--debug" ]; then 149 | if [ -z "$PORT" ]; then 150 | PORT=$c 151 | fi 152 | elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then 153 | CMD="stop" 154 | elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then 155 | CMD="start" 156 | elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then 157 | CMD="version" 158 | elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then 159 | CMD="restart" 160 | elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then 161 | CMD="test" 162 | else 163 | args="$args $c" 164 | fi 165 | done 166 | 167 | if [ "$CMD" = "--debug" ]; then 168 | if [ "$PORT" = "" ]; then 169 | echo " Please specify the debug port after the --debug option" 170 | exit 1 171 | fi 172 | if [ -n "$JAVA_OPTS" ]; then 173 | echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." 174 | fi 175 | CMD="RUN" 176 | JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" 177 | echo "Please start the remote debugging client to continue..." 178 | elif [ "$CMD" = "start" ]; then 179 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 180 | if ps -p $PID > /dev/null ; then 181 | echo "Process is already running" 182 | exit 0 183 | fi 184 | fi 185 | export CARBON_HOME="$CARBON_HOME" 186 | # using nohup sh to avoid erros in solaris OS.TODO 187 | nohup sh "$CARBON_HOME"/bin/wso2server.sh $args > /dev/null 2>&1 & 188 | exit 0 189 | elif [ "$CMD" = "stop" ]; then 190 | export CARBON_HOME="$CARBON_HOME" 191 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 192 | exit 0 193 | elif [ "$CMD" = "restart" ]; then 194 | export CARBON_HOME="$CARBON_HOME" 195 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 196 | process_status=0 197 | pid=`cat "$CARBON_HOME"/wso2carbon.pid` 198 | while [ "$process_status" -eq "0" ] 199 | do 200 | sleep 1; 201 | ps -p$pid 2>&1 > /dev/null 202 | process_status=$? 203 | done 204 | 205 | # using nohup sh to avoid erros in solaris OS.TODO 206 | nohup sh "$CARBON_HOME"/bin/wso2server.sh $args > /dev/null 2>&1 & 207 | exit 0 208 | elif [ "$CMD" = "test" ]; then 209 | JAVACMD="exec "$JAVACMD"" 210 | elif [ "$CMD" = "version" ]; then 211 | cat "$CARBON_HOME"/bin/version.txt 212 | cat "$CARBON_HOME"/bin/wso2carbon-version.txt 213 | exit 0 214 | fi 215 | 216 | # ---------- Handle the SSL Issue with proper JDK version -------------------- 217 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 218 | java_version_formatted=$(echo "$java_version" | awk -F. '{printf("%02d%02d",$1,$2);}') 219 | if [ $java_version_formatted -lt 0107 ] || [ $java_version_formatted -gt 1100 ]; then 220 | echo " Starting WSO2 Carbon (in unsupported JDK)" 221 | echo " [ERROR] CARBON is supported only on JDK 1.7, 1.8, 9, 10 and 11" 222 | fi 223 | 224 | CARBON_XBOOTCLASSPATH="" 225 | for f in "$CARBON_HOME"/lib/xboot/*.jar 226 | do 227 | if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then 228 | CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f 229 | fi 230 | done 231 | 232 | 233 | CARBON_CLASSPATH="" 234 | if [ -e "$JAVA_HOME/lib/tools.jar" ]; then 235 | CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" 236 | fi 237 | for f in "$CARBON_HOME"/bin/*.jar 238 | do 239 | if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then 240 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$f 241 | fi 242 | done 243 | for t in "$CARBON_HOME"/lib/*.jar 244 | do 245 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 246 | done 247 | 248 | 249 | # For Cygwin, switch paths to Windows format before running java 250 | if $cygwin; then 251 | JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` 252 | CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 253 | AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 254 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 255 | CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` 256 | CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` 257 | fi 258 | 259 | # ----- Execute The Requested Command ----------------------------------------- 260 | 261 | echo JAVA_HOME environment variable is set to $JAVA_HOME 262 | echo CARBON_HOME environment variable is set to "$CARBON_HOME" 263 | 264 | cd "$CARBON_HOME" 265 | 266 | TMP_DIR="$CARBON_HOME"/tmp 267 | if [ -d "$TMP_DIR" ]; then 268 | rm -rf "$TMP_DIR"/* 269 | fi 270 | 271 | START_EXIT_STATUS=121 272 | status=$START_EXIT_STATUS 273 | 274 | if [ -z "$JVM_MEM_OPTS" ]; then 275 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 276 | JVM_MEM_OPTS="-Xms256m -Xmx1024m" 277 | if [ "$java_version" \< "1.8" ]; then 278 | JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=256m" 279 | fi 280 | fi 281 | echo "Using Java memory options: $JVM_MEM_OPTS" 282 | 283 | #To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. 284 | # -Djava.rmi.server.hostname="your.IP.goes.here" 285 | 286 | JAVA_VER_BASED_OPTS="" 287 | 288 | NASHRON_ARGS="" 289 | 290 | if [ $java_version_formatted -ge 1100 ]; then 291 | NASHRON_ARGS="--no-deprecation-warning" 292 | JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED" 293 | fi 294 | 295 | 296 | while [ "$status" = "$START_EXIT_STATUS" ] 297 | do 298 | $JAVACMD \ 299 | -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ 300 | $JVM_MEM_OPTS \ 301 | -XX:+HeapDumpOnOutOfMemoryError \ 302 | -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ 303 | $JAVA_OPTS \ 304 | -Dcom.sun.management.jmxremote \ 305 | -classpath "$CARBON_CLASSPATH" \ 306 | $JAVA_VER_BASED_OPTS \ 307 | -Djava.io.tmpdir="$CARBON_HOME/tmp" \ 308 | -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ 309 | -Dwso2.server.standalone=true \ 310 | -Dcarbon.registry.root=/ \ 311 | -Djava.command="$JAVACMD" \ 312 | -Dcarbon.home="$CARBON_HOME" \ 313 | -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ 314 | -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ 315 | -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ 316 | -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ 317 | -Dconf.location="$CARBON_HOME/repository/conf"\ 318 | -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ 319 | -Dcom.atomikos.icatch.hide_init_file_path=true \ 320 | -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ 321 | -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ 322 | -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ 323 | -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ 324 | -Dorg.terracotta.quartz.skipUpdateCheck=true \ 325 | -Djava.security.egd=file:/dev/./urandom \ 326 | -Dfile.encoding=UTF8 \ 327 | -Djava.net.preferIPv4Stack=true \ 328 | -Dcom.ibm.cacheLocalHost=true \ 329 | -DworkerNode=false \ 330 | -DenableCorrelationLogs=false \ 331 | -Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \ 332 | -Dorg.apache.xml.security.ignoreLineBreaks=false \ 333 | -Dnashorn.args="$NASHRON_ARGS" \ 334 | -Dcarbon.new.config.dir.path="$CARBON_HOME/repository/resources/conf" \ 335 | org.wso2.carbon.bootstrap.Bootstrap $* 336 | status=$? 337 | done 338 | -------------------------------------------------------------------------------- /azure-simple/packer/dbscripts/mysql-shared.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE IF NOT EXISTS REG_CLUSTER_LOCK ( 2 | REG_LOCK_NAME VARCHAR (20), 3 | REG_LOCK_STATUS VARCHAR (20), 4 | REG_LOCKED_TIME TIMESTAMP, 5 | REG_TENANT_ID INTEGER DEFAULT 0, 6 | PRIMARY KEY (REG_LOCK_NAME) 7 | )ENGINE INNODB; 8 | 9 | CREATE TABLE IF NOT EXISTS REG_LOG ( 10 | REG_LOG_ID INTEGER AUTO_INCREMENT, 11 | REG_PATH VARCHAR (750), 12 | REG_USER_ID VARCHAR (31) NOT NULL, 13 | REG_LOGGED_TIME TIMESTAMP NOT NULL, 14 | REG_ACTION INTEGER NOT NULL, 15 | REG_ACTION_DATA VARCHAR (500), 16 | REG_TENANT_ID INTEGER DEFAULT 0, 17 | PRIMARY KEY (REG_LOG_ID, REG_TENANT_ID) 18 | )ENGINE INNODB; 19 | 20 | CREATE INDEX REG_LOG_IND_BY_REGLOG USING HASH ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID); 21 | 22 | -- The REG_PATH_VALUE should be less than 767 bytes, and hence was fixed at 750. 23 | -- See CARBON-5917. 24 | 25 | CREATE TABLE IF NOT EXISTS REG_PATH( 26 | REG_PATH_ID INTEGER NOT NULL AUTO_INCREMENT, 27 | REG_PATH_VALUE VARCHAR(750) NOT NULL, 28 | REG_PATH_PARENT_ID INTEGER, 29 | REG_TENANT_ID INTEGER DEFAULT 0, 30 | CONSTRAINT PK_REG_PATH PRIMARY KEY(REG_PATH_ID, REG_TENANT_ID), 31 | CONSTRAINT UNIQUE_REG_PATH_TENANT_ID UNIQUE (REG_PATH_VALUE,REG_TENANT_ID) 32 | )ENGINE INNODB; 33 | 34 | CREATE INDEX REG_PATH_IND_BY_PATH_PARENT_ID USING HASH ON REG_PATH(REG_PATH_PARENT_ID, REG_TENANT_ID); 35 | 36 | CREATE TABLE IF NOT EXISTS REG_CONTENT ( 37 | REG_CONTENT_ID INTEGER NOT NULL AUTO_INCREMENT, 38 | REG_CONTENT_DATA LONGBLOB, 39 | REG_TENANT_ID INTEGER DEFAULT 0, 40 | CONSTRAINT PK_REG_CONTENT PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) 41 | )ENGINE INNODB; 42 | 43 | CREATE TABLE IF NOT EXISTS REG_CONTENT_HISTORY ( 44 | REG_CONTENT_ID INTEGER NOT NULL, 45 | REG_CONTENT_DATA LONGBLOB, 46 | REG_DELETED SMALLINT, 47 | REG_TENANT_ID INTEGER DEFAULT 0, 48 | CONSTRAINT PK_REG_CONTENT_HISTORY PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) 49 | )ENGINE INNODB; 50 | 51 | CREATE TABLE IF NOT EXISTS REG_RESOURCE ( 52 | REG_PATH_ID INTEGER NOT NULL, 53 | REG_NAME VARCHAR(256), 54 | REG_VERSION INTEGER NOT NULL AUTO_INCREMENT, 55 | REG_MEDIA_TYPE VARCHAR(500), 56 | REG_CREATOR VARCHAR(31) NOT NULL, 57 | REG_CREATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 58 | REG_LAST_UPDATOR VARCHAR(31), 59 | REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 60 | REG_DESCRIPTION VARCHAR(1000), 61 | REG_CONTENT_ID INTEGER, 62 | REG_TENANT_ID INTEGER DEFAULT 0, 63 | REG_UUID VARCHAR(100) NOT NULL, 64 | CONSTRAINT PK_REG_RESOURCE PRIMARY KEY(REG_VERSION, REG_TENANT_ID) 65 | )ENGINE INNODB; 66 | 67 | ALTER TABLE REG_RESOURCE ADD CONSTRAINT REG_RESOURCE_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 68 | ALTER TABLE REG_RESOURCE ADD CONSTRAINT REG_RESOURCE_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT (REG_CONTENT_ID, REG_TENANT_ID); 69 | CREATE INDEX REG_RESOURCE_IND_BY_NAME USING HASH ON REG_RESOURCE(REG_NAME, REG_TENANT_ID); 70 | CREATE INDEX REG_RESOURCE_IND_BY_PATH_ID_NAME USING HASH ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); 71 | CREATE INDEX REG_RESOURCE_IND_BY_UUID USING HASH ON REG_RESOURCE(REG_UUID); 72 | CREATE INDEX REG_RESOURCE_IND_BY_TENAN USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_UUID); 73 | CREATE INDEX REG_RESOURCE_IND_BY_TYPE USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE); 74 | 75 | CREATE TABLE IF NOT EXISTS REG_RESOURCE_HISTORY ( 76 | REG_PATH_ID INTEGER NOT NULL, 77 | REG_NAME VARCHAR(256), 78 | REG_VERSION INTEGER NOT NULL, 79 | REG_MEDIA_TYPE VARCHAR(500), 80 | REG_CREATOR VARCHAR(31) NOT NULL, 81 | REG_CREATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 82 | REG_LAST_UPDATOR VARCHAR(31), 83 | REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 84 | REG_DESCRIPTION VARCHAR(1000), 85 | REG_CONTENT_ID INTEGER, 86 | REG_DELETED SMALLINT, 87 | REG_TENANT_ID INTEGER DEFAULT 0, 88 | REG_UUID VARCHAR(100) NOT NULL, 89 | CONSTRAINT PK_REG_RESOURCE_HISTORY PRIMARY KEY(REG_VERSION, REG_TENANT_ID) 90 | )ENGINE INNODB; 91 | 92 | ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT REG_RESOURCE_HIST_FK_BY_PATHID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 93 | ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT REG_RESOURCE_HIST_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT_HISTORY (REG_CONTENT_ID, REG_TENANT_ID); 94 | CREATE INDEX REG_RESOURCE_HISTORY_IND_BY_NAME USING HASH ON REG_RESOURCE_HISTORY(REG_NAME, REG_TENANT_ID); 95 | CREATE INDEX REG_RESOURCE_HISTORY_IND_BY_PATH_ID_NAME USING HASH ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); 96 | 97 | CREATE TABLE IF NOT EXISTS REG_COMMENT ( 98 | REG_ID INTEGER NOT NULL AUTO_INCREMENT, 99 | REG_COMMENT_TEXT VARCHAR(500) NOT NULL, 100 | REG_USER_ID VARCHAR(31) NOT NULL, 101 | REG_COMMENTED_TIME TIMESTAMP NOT NULL, 102 | REG_TENANT_ID INTEGER DEFAULT 0, 103 | CONSTRAINT PK_REG_COMMENT PRIMARY KEY(REG_ID, REG_TENANT_ID) 104 | )ENGINE INNODB; 105 | 106 | CREATE TABLE IF NOT EXISTS REG_RESOURCE_COMMENT ( 107 | REG_COMMENT_ID INTEGER NOT NULL, 108 | REG_VERSION INTEGER, 109 | REG_PATH_ID INTEGER, 110 | REG_RESOURCE_NAME VARCHAR(256), 111 | REG_TENANT_ID INTEGER DEFAULT 0 112 | )ENGINE INNODB; 113 | 114 | ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT REG_RESOURCE_COMMENT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 115 | ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT REG_RESOURCE_COMMENT_FK_BY_COMMENT_ID FOREIGN KEY (REG_COMMENT_ID, REG_TENANT_ID) REFERENCES REG_COMMENT (REG_ID, REG_TENANT_ID); 116 | CREATE INDEX REG_RESOURCE_COMMENT_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_COMMENT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); 117 | CREATE INDEX REG_RESOURCE_COMMENT_IND_BY_VERSION USING HASH ON REG_RESOURCE_COMMENT(REG_VERSION, REG_TENANT_ID); 118 | 119 | CREATE TABLE IF NOT EXISTS REG_RATING ( 120 | REG_ID INTEGER NOT NULL AUTO_INCREMENT, 121 | REG_RATING INTEGER NOT NULL, 122 | REG_USER_ID VARCHAR(31) NOT NULL, 123 | REG_RATED_TIME TIMESTAMP NOT NULL, 124 | REG_TENANT_ID INTEGER DEFAULT 0, 125 | CONSTRAINT PK_REG_RATING PRIMARY KEY(REG_ID, REG_TENANT_ID) 126 | )ENGINE INNODB; 127 | 128 | CREATE TABLE IF NOT EXISTS REG_RESOURCE_RATING ( 129 | REG_RATING_ID INTEGER NOT NULL, 130 | REG_VERSION INTEGER, 131 | REG_PATH_ID INTEGER, 132 | REG_RESOURCE_NAME VARCHAR(256), 133 | REG_TENANT_ID INTEGER DEFAULT 0 134 | )ENGINE INNODB; 135 | 136 | ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT REG_RESOURCE_RATING_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 137 | ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT REG_RESOURCE_RATING_FK_BY_RATING_ID FOREIGN KEY (REG_RATING_ID, REG_TENANT_ID) REFERENCES REG_RATING (REG_ID, REG_TENANT_ID); 138 | CREATE INDEX REG_RESOURCE_RATING_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_RATING(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); 139 | CREATE INDEX REG_RESOURCE_RATING_IND_BY_VERSION USING HASH ON REG_RESOURCE_RATING(REG_VERSION, REG_TENANT_ID); 140 | 141 | 142 | CREATE TABLE IF NOT EXISTS REG_TAG ( 143 | REG_ID INTEGER NOT NULL AUTO_INCREMENT, 144 | REG_TAG_NAME VARCHAR(500) NOT NULL, 145 | REG_USER_ID VARCHAR(31) NOT NULL, 146 | REG_TAGGED_TIME TIMESTAMP NOT NULL, 147 | REG_TENANT_ID INTEGER DEFAULT 0, 148 | CONSTRAINT PK_REG_TAG PRIMARY KEY(REG_ID, REG_TENANT_ID) 149 | )ENGINE INNODB; 150 | 151 | CREATE TABLE IF NOT EXISTS REG_RESOURCE_TAG ( 152 | REG_TAG_ID INTEGER NOT NULL, 153 | REG_VERSION INTEGER, 154 | REG_PATH_ID INTEGER, 155 | REG_RESOURCE_NAME VARCHAR(256), 156 | REG_TENANT_ID INTEGER DEFAULT 0 157 | )ENGINE INNODB; 158 | 159 | ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT REG_RESOURCE_TAG_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 160 | ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT REG_RESOURCE_TAG_FK_BY_TAG_ID FOREIGN KEY (REG_TAG_ID, REG_TENANT_ID) REFERENCES REG_TAG (REG_ID, REG_TENANT_ID); 161 | CREATE INDEX REG_RESOURCE_TAG_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_TAG(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); 162 | CREATE INDEX REG_RESOURCE_TAG_IND_BY_VERSION USING HASH ON REG_RESOURCE_TAG(REG_VERSION, REG_TENANT_ID); 163 | 164 | CREATE TABLE IF NOT EXISTS REG_PROPERTY ( 165 | REG_ID INTEGER NOT NULL AUTO_INCREMENT, 166 | REG_NAME VARCHAR(100) NOT NULL, 167 | REG_VALUE VARCHAR(1000), 168 | REG_TENANT_ID INTEGER DEFAULT 0, 169 | CONSTRAINT PK_REG_PROPERTY PRIMARY KEY(REG_ID, REG_TENANT_ID) 170 | )ENGINE INNODB; 171 | 172 | CREATE TABLE IF NOT EXISTS REG_RESOURCE_PROPERTY ( 173 | REG_PROPERTY_ID INTEGER NOT NULL, 174 | REG_VERSION INTEGER, 175 | REG_PATH_ID INTEGER, 176 | REG_RESOURCE_NAME VARCHAR(256), 177 | REG_TENANT_ID INTEGER DEFAULT 0 178 | )ENGINE INNODB; 179 | 180 | ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT REG_RESOURCE_PROPERTY_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 181 | ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT REG_RESOURCE_PROPERTY_FK_BY_TAG_ID FOREIGN KEY (REG_PROPERTY_ID, REG_TENANT_ID) REFERENCES REG_PROPERTY (REG_ID, REG_TENANT_ID); 182 | CREATE INDEX REG_RESOURCE_PROPERTY_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_PROPERTY(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); 183 | CREATE INDEX REG_RESOURCE_PROPERTY_IND_BY_VERSION USING HASH ON REG_RESOURCE_PROPERTY(REG_VERSION, REG_TENANT_ID); 184 | 185 | -- CREATE TABLE IF NOT EXISTS REG_ASSOCIATIONS ( 186 | -- SRC_PATH_ID INTEGER, 187 | -- SRC_RESOURCE_NAME VARCHAR(256), 188 | -- SRC_VERSION INTEGER, 189 | -- TGT_PATH_ID INTEGER, 190 | -- TGT_RESOURCE_NAME VARCHAR(256), 191 | -- TGT_VERSION INTEGER 192 | -- )ENGINE INNODB; 193 | -- 194 | -- ALTER TABLE REG_ASSOCIATIONS ADD CONSTRAINT REG_ASSOCIATIONS_FK_BY_SRC_PATH_ID FOREIGN KEY (SRC_PATH_ID) REFERENCES REG_PATH (PATH_ID); 195 | -- ALTER TABLE REG_ASSOCIATIONS ADD CONSTRAINT REG_ASSOCIATIONS_FK_BY_TGT_PATH_ID FOREIGN KEY (TGT_PATH_ID) REFERENCES REG_PATH (PATH_ID); 196 | -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_SRC_VERSION ON REG_ASSOCIATIONS(SRC_VERSION); 197 | -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_TGT_VERSION ON REG_ASSOCIATIONS(TGT_VERSION); 198 | -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_SRC_RESOURCE_NAME ON REG_ASSOCIATIONS(SRC_RESOURCE_NAME); 199 | -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_TGT_RESOURCE_NAME ON REG_ASSOCIATIONS(TGT_RESOURCE_NAME); 200 | 201 | 202 | 203 | CREATE TABLE IF NOT EXISTS REG_ASSOCIATION ( 204 | REG_ASSOCIATION_ID INTEGER AUTO_INCREMENT, 205 | REG_SOURCEPATH VARCHAR (750) NOT NULL, 206 | REG_TARGETPATH VARCHAR (750) NOT NULL, 207 | REG_ASSOCIATION_TYPE VARCHAR (2000) NOT NULL, 208 | REG_TENANT_ID INTEGER DEFAULT 0, 209 | PRIMARY KEY (REG_ASSOCIATION_ID, REG_TENANT_ID) 210 | )ENGINE INNODB; 211 | 212 | CREATE TABLE IF NOT EXISTS REG_SNAPSHOT ( 213 | REG_SNAPSHOT_ID INTEGER NOT NULL AUTO_INCREMENT, 214 | REG_PATH_ID INTEGER NOT NULL, 215 | REG_RESOURCE_NAME VARCHAR(255), 216 | REG_RESOURCE_VIDS LONGBLOB NOT NULL, 217 | REG_TENANT_ID INTEGER DEFAULT 0, 218 | CONSTRAINT PK_REG_SNAPSHOT PRIMARY KEY(REG_SNAPSHOT_ID, REG_TENANT_ID) 219 | )ENGINE INNODB; 220 | 221 | CREATE INDEX REG_SNAPSHOT_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_SNAPSHOT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); 222 | 223 | ALTER TABLE REG_SNAPSHOT ADD CONSTRAINT REG_SNAPSHOT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); 224 | 225 | 226 | -- ################################ 227 | -- USER MANAGER TABLES 228 | -- ################################ 229 | 230 | CREATE TABLE UM_TENANT ( 231 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 232 | UM_DOMAIN_NAME VARCHAR(255) NOT NULL, 233 | UM_EMAIL VARCHAR(255), 234 | UM_ACTIVE BOOLEAN DEFAULT FALSE, 235 | UM_CREATED_DATE TIMESTAMP NOT NULL, 236 | UM_USER_CONFIG LONGBLOB, 237 | PRIMARY KEY (UM_ID), 238 | UNIQUE(UM_DOMAIN_NAME) 239 | )ENGINE INNODB; 240 | 241 | CREATE TABLE UM_DOMAIN( 242 | UM_DOMAIN_ID INTEGER NOT NULL AUTO_INCREMENT, 243 | UM_DOMAIN_NAME VARCHAR(255) NOT NULL, 244 | UM_TENANT_ID INTEGER DEFAULT 0, 245 | PRIMARY KEY (UM_DOMAIN_ID, UM_TENANT_ID), 246 | UNIQUE(UM_DOMAIN_NAME,UM_TENANT_ID) 247 | )ENGINE INNODB; 248 | 249 | CREATE UNIQUE INDEX INDEX_UM_TENANT_UM_DOMAIN_NAME 250 | ON UM_TENANT (UM_DOMAIN_NAME); 251 | 252 | CREATE TABLE UM_USER ( 253 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 254 | UM_USER_ID VARCHAR(255) NOT NULL, 255 | UM_USER_NAME VARCHAR(255) NOT NULL, 256 | UM_USER_PASSWORD VARCHAR(255) NOT NULL, 257 | UM_SALT_VALUE VARCHAR(31), 258 | UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, 259 | UM_CHANGED_TIME TIMESTAMP NOT NULL, 260 | UM_TENANT_ID INTEGER DEFAULT 0, 261 | PRIMARY KEY (UM_ID, UM_TENANT_ID), 262 | UNIQUE(UM_USER_ID, UM_TENANT_ID) 263 | )ENGINE INNODB; 264 | 265 | CREATE TABLE UM_SYSTEM_USER ( 266 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 267 | UM_USER_NAME VARCHAR(255) NOT NULL, 268 | UM_USER_PASSWORD VARCHAR(255) NOT NULL, 269 | UM_SALT_VALUE VARCHAR(31), 270 | UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, 271 | UM_CHANGED_TIME TIMESTAMP NOT NULL, 272 | UM_TENANT_ID INTEGER DEFAULT 0, 273 | PRIMARY KEY (UM_ID, UM_TENANT_ID), 274 | UNIQUE(UM_USER_NAME, UM_TENANT_ID) 275 | )ENGINE INNODB; 276 | 277 | CREATE TABLE UM_ROLE ( 278 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 279 | UM_ROLE_NAME VARCHAR(255) NOT NULL, 280 | UM_TENANT_ID INTEGER DEFAULT 0, 281 | UM_SHARED_ROLE BOOLEAN DEFAULT FALSE, 282 | PRIMARY KEY (UM_ID, UM_TENANT_ID), 283 | UNIQUE(UM_ROLE_NAME, UM_TENANT_ID) 284 | )ENGINE INNODB; 285 | 286 | 287 | CREATE TABLE UM_MODULE( 288 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 289 | UM_MODULE_NAME VARCHAR(100), 290 | UNIQUE(UM_MODULE_NAME), 291 | PRIMARY KEY(UM_ID) 292 | )ENGINE INNODB; 293 | 294 | CREATE TABLE UM_MODULE_ACTIONS( 295 | UM_ACTION VARCHAR(255) NOT NULL, 296 | UM_MODULE_ID INTEGER NOT NULL, 297 | PRIMARY KEY(UM_ACTION, UM_MODULE_ID), 298 | FOREIGN KEY (UM_MODULE_ID) REFERENCES UM_MODULE(UM_ID) ON DELETE CASCADE 299 | )ENGINE INNODB; 300 | 301 | CREATE TABLE UM_PERMISSION ( 302 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 303 | UM_RESOURCE_ID VARCHAR(255) NOT NULL, 304 | UM_ACTION VARCHAR(255) NOT NULL, 305 | UM_TENANT_ID INTEGER DEFAULT 0, 306 | UM_MODULE_ID INTEGER DEFAULT 0, 307 | UNIQUE(UM_RESOURCE_ID,UM_ACTION, UM_TENANT_ID), 308 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 309 | )ENGINE INNODB; 310 | 311 | CREATE INDEX INDEX_UM_PERMISSION_UM_RESOURCE_ID_UM_ACTION ON UM_PERMISSION (UM_RESOURCE_ID, UM_ACTION, UM_TENANT_ID); 312 | 313 | CREATE TABLE UM_ROLE_PERMISSION ( 314 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 315 | UM_PERMISSION_ID INTEGER NOT NULL, 316 | UM_ROLE_NAME VARCHAR(255) NOT NULL, 317 | UM_IS_ALLOWED SMALLINT NOT NULL, 318 | UM_TENANT_ID INTEGER DEFAULT 0, 319 | UM_DOMAIN_ID INTEGER, 320 | UNIQUE (UM_PERMISSION_ID, UM_ROLE_NAME, UM_TENANT_ID, UM_DOMAIN_ID), 321 | FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, 322 | FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, 323 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 324 | )ENGINE INNODB; 325 | 326 | -- REMOVED UNIQUE (UM_PERMISSION_ID, UM_ROLE_ID) 327 | CREATE TABLE UM_USER_PERMISSION ( 328 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 329 | UM_PERMISSION_ID INTEGER NOT NULL, 330 | UM_USER_NAME VARCHAR(255) NOT NULL, 331 | UM_IS_ALLOWED SMALLINT NOT NULL, 332 | UM_TENANT_ID INTEGER DEFAULT 0, 333 | FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, 334 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 335 | )ENGINE INNODB; 336 | 337 | -- REMOVED UNIQUE (UM_PERMISSION_ID, UM_USER_ID) 338 | CREATE TABLE UM_USER_ROLE ( 339 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 340 | UM_ROLE_ID INTEGER NOT NULL, 341 | UM_USER_ID INTEGER NOT NULL, 342 | UM_TENANT_ID INTEGER DEFAULT 0, 343 | UNIQUE (UM_USER_ID, UM_ROLE_ID, UM_TENANT_ID), 344 | FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_ROLE(UM_ID, UM_TENANT_ID), 345 | FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID), 346 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 347 | )ENGINE INNODB; 348 | 349 | CREATE TABLE UM_SHARED_USER_ROLE( 350 | UM_ROLE_ID INTEGER NOT NULL, 351 | UM_USER_ID INTEGER NOT NULL, 352 | UM_USER_TENANT_ID INTEGER NOT NULL, 353 | UM_ROLE_TENANT_ID INTEGER NOT NULL, 354 | UNIQUE(UM_USER_ID,UM_ROLE_ID,UM_USER_TENANT_ID, UM_ROLE_TENANT_ID), 355 | FOREIGN KEY(UM_ROLE_ID,UM_ROLE_TENANT_ID) REFERENCES UM_ROLE(UM_ID,UM_TENANT_ID) ON DELETE CASCADE, 356 | FOREIGN KEY(UM_USER_ID,UM_USER_TENANT_ID) REFERENCES UM_USER(UM_ID,UM_TENANT_ID) ON DELETE CASCADE 357 | )ENGINE INNODB; 358 | 359 | CREATE TABLE UM_ACCOUNT_MAPPING( 360 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 361 | UM_USER_NAME VARCHAR(255) NOT NULL, 362 | UM_TENANT_ID INTEGER NOT NULL, 363 | UM_USER_STORE_DOMAIN VARCHAR(100), 364 | UM_ACC_LINK_ID INTEGER NOT NULL, 365 | UNIQUE(UM_USER_NAME, UM_TENANT_ID, UM_USER_STORE_DOMAIN, UM_ACC_LINK_ID), 366 | FOREIGN KEY (UM_TENANT_ID) REFERENCES UM_TENANT(UM_ID) ON DELETE CASCADE, 367 | PRIMARY KEY (UM_ID) 368 | )ENGINE INNODB; 369 | 370 | 371 | CREATE TABLE UM_USER_ATTRIBUTE ( 372 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 373 | UM_ATTR_NAME VARCHAR(255) NOT NULL, 374 | UM_ATTR_VALUE VARCHAR(1024), 375 | UM_PROFILE_ID VARCHAR(255), 376 | UM_USER_ID INTEGER, 377 | UM_TENANT_ID INTEGER DEFAULT 0, 378 | FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID), 379 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 380 | )ENGINE INNODB; 381 | 382 | CREATE INDEX UM_USER_ID_INDEX ON UM_USER_ATTRIBUTE(UM_USER_ID); 383 | 384 | CREATE TABLE UM_DIALECT( 385 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 386 | UM_DIALECT_URI VARCHAR(255) NOT NULL, 387 | UM_TENANT_ID INTEGER DEFAULT 0, 388 | UNIQUE(UM_DIALECT_URI, UM_TENANT_ID), 389 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 390 | )ENGINE INNODB; 391 | 392 | CREATE TABLE UM_CLAIM( 393 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 394 | UM_DIALECT_ID INTEGER NOT NULL, 395 | UM_CLAIM_URI VARCHAR(255) NOT NULL, 396 | UM_DISPLAY_TAG VARCHAR(255), 397 | UM_DESCRIPTION VARCHAR(255), 398 | UM_MAPPED_ATTRIBUTE_DOMAIN VARCHAR(255), 399 | UM_MAPPED_ATTRIBUTE VARCHAR(255), 400 | UM_REG_EX VARCHAR(255), 401 | UM_SUPPORTED SMALLINT, 402 | UM_REQUIRED SMALLINT, 403 | UM_DISPLAY_ORDER INTEGER, 404 | UM_CHECKED_ATTRIBUTE SMALLINT, 405 | UM_READ_ONLY SMALLINT, 406 | UM_TENANT_ID INTEGER DEFAULT 0, 407 | UNIQUE(UM_DIALECT_ID, UM_CLAIM_URI, UM_TENANT_ID,UM_MAPPED_ATTRIBUTE_DOMAIN), 408 | FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), 409 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 410 | )ENGINE INNODB; 411 | 412 | 413 | CREATE TABLE UM_PROFILE_CONFIG( 414 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 415 | UM_DIALECT_ID INTEGER NOT NULL, 416 | UM_PROFILE_NAME VARCHAR(255), 417 | UM_TENANT_ID INTEGER DEFAULT 0, 418 | FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), 419 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 420 | )ENGINE INNODB; 421 | 422 | CREATE TABLE IF NOT EXISTS UM_CLAIM_BEHAVIOR( 423 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 424 | UM_PROFILE_ID INTEGER, 425 | UM_CLAIM_ID INTEGER, 426 | UM_BEHAVIOUR SMALLINT, 427 | UM_TENANT_ID INTEGER DEFAULT 0, 428 | FOREIGN KEY(UM_PROFILE_ID, UM_TENANT_ID) REFERENCES UM_PROFILE_CONFIG(UM_ID,UM_TENANT_ID), 429 | FOREIGN KEY(UM_CLAIM_ID, UM_TENANT_ID) REFERENCES UM_CLAIM(UM_ID,UM_TENANT_ID), 430 | PRIMARY KEY(UM_ID, UM_TENANT_ID) 431 | )ENGINE INNODB; 432 | 433 | CREATE TABLE UM_HYBRID_ROLE( 434 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 435 | UM_ROLE_NAME VARCHAR(255) NOT NULL, 436 | UM_TENANT_ID INTEGER DEFAULT 0, 437 | PRIMARY KEY (UM_ID, UM_TENANT_ID), 438 | UNIQUE(UM_ROLE_NAME,UM_TENANT_ID) 439 | )ENGINE INNODB; 440 | 441 | CREATE INDEX UM_ROLE_NAME_IND ON UM_HYBRID_ROLE(UM_ROLE_NAME); 442 | 443 | CREATE TABLE UM_HYBRID_USER_ROLE( 444 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 445 | UM_USER_NAME VARCHAR(255), 446 | UM_ROLE_ID INTEGER NOT NULL, 447 | UM_TENANT_ID INTEGER DEFAULT 0, 448 | UM_DOMAIN_ID INTEGER, 449 | UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID, UM_DOMAIN_ID), 450 | FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, 451 | FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, 452 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 453 | )ENGINE INNODB; 454 | 455 | CREATE TABLE UM_SYSTEM_ROLE( 456 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 457 | UM_ROLE_NAME VARCHAR(255) NOT NULL, 458 | UM_TENANT_ID INTEGER DEFAULT 0, 459 | PRIMARY KEY (UM_ID, UM_TENANT_ID), 460 | UNIQUE(UM_ROLE_NAME,UM_TENANT_ID) 461 | )ENGINE INNODB; 462 | 463 | CREATE TABLE UM_SYSTEM_USER_ROLE( 464 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 465 | UM_USER_NAME VARCHAR(255), 466 | UM_ROLE_ID INTEGER NOT NULL, 467 | UM_TENANT_ID INTEGER DEFAULT 0, 468 | UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID), 469 | FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_SYSTEM_ROLE(UM_ID, UM_TENANT_ID), 470 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 471 | )ENGINE INNODB; 472 | 473 | 474 | CREATE TABLE UM_HYBRID_REMEMBER_ME( 475 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 476 | UM_USER_NAME VARCHAR(255) NOT NULL, 477 | UM_COOKIE_VALUE VARCHAR(1024), 478 | UM_CREATED_TIME TIMESTAMP, 479 | UM_TENANT_ID INTEGER DEFAULT 0, 480 | PRIMARY KEY (UM_ID, UM_TENANT_ID) 481 | )ENGINE INNODB; 482 | 483 | CREATE TABLE IF NOT EXISTS UM_UUID_DOMAIN_MAPPER ( 484 | UM_ID INTEGER NOT NULL AUTO_INCREMENT, 485 | UM_USER_ID VARCHAR(255) NOT NULL, 486 | UM_DOMAIN_ID INTEGER NOT NULL, 487 | UM_TENANT_ID INTEGER DEFAULT 0, 488 | PRIMARY KEY (UM_ID), 489 | UNIQUE (UM_USER_ID), 490 | FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE 491 | )ENGINE INNODB; 492 | 493 | CREATE INDEX UUID_DM_UID_TID ON UM_UUID_DOMAIN_MAPPER(UM_USER_ID, UM_TENANT_ID); 494 | -------------------------------------------------------------------------------- /azure-simple/packer/dbscripts/mysql-identity.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE IF NOT EXISTS IDN_BASE_TABLE ( 2 | PRODUCT_NAME VARCHAR(20), 3 | PRIMARY KEY (PRODUCT_NAME) 4 | )ENGINE INNODB; 5 | 6 | INSERT INTO IDN_BASE_TABLE values ('WSO2 Identity Server'); 7 | 8 | CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS ( 9 | ID INTEGER NOT NULL AUTO_INCREMENT, 10 | CONSUMER_KEY VARCHAR(255), 11 | CONSUMER_SECRET VARCHAR(2048), 12 | USERNAME VARCHAR(255), 13 | TENANT_ID INTEGER DEFAULT 0, 14 | USER_DOMAIN VARCHAR(50), 15 | APP_NAME VARCHAR(255), 16 | OAUTH_VERSION VARCHAR(128), 17 | CALLBACK_URL VARCHAR(2048), 18 | GRANT_TYPES VARCHAR (1024), 19 | PKCE_MANDATORY CHAR(1) DEFAULT '0', 20 | PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0', 21 | APP_STATE VARCHAR (25) DEFAULT 'ACTIVE', 22 | USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, 23 | APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, 24 | REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600, 25 | ID_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, 26 | CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY), 27 | PRIMARY KEY (ID) 28 | )ENGINE INNODB; 29 | 30 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS ( 31 | APP_ID INTEGER NOT NULL, 32 | SCOPE_VALIDATOR VARCHAR (128) NOT NULL, 33 | PRIMARY KEY (APP_ID,SCOPE_VALIDATOR), 34 | FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE 35 | )ENGINE INNODB; 36 | 37 | CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_REQUEST_TOKEN ( 38 | REQUEST_TOKEN VARCHAR(255), 39 | REQUEST_TOKEN_SECRET VARCHAR(512), 40 | CONSUMER_KEY_ID INTEGER, 41 | CALLBACK_URL VARCHAR(2048), 42 | SCOPE VARCHAR(2048), 43 | AUTHORIZED VARCHAR(128), 44 | OAUTH_VERIFIER VARCHAR(512), 45 | AUTHZ_USER VARCHAR(512), 46 | TENANT_ID INTEGER DEFAULT -1, 47 | PRIMARY KEY (REQUEST_TOKEN), 48 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE 49 | )ENGINE INNODB; 50 | 51 | CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_ACCESS_TOKEN ( 52 | ACCESS_TOKEN VARCHAR(255), 53 | ACCESS_TOKEN_SECRET VARCHAR(512), 54 | CONSUMER_KEY_ID INTEGER, 55 | SCOPE VARCHAR(2048), 56 | AUTHZ_USER VARCHAR(512), 57 | TENANT_ID INTEGER DEFAULT -1, 58 | PRIMARY KEY (ACCESS_TOKEN), 59 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE 60 | )ENGINE INNODB; 61 | 62 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN ( 63 | TOKEN_ID VARCHAR (255), 64 | ACCESS_TOKEN VARCHAR(2048), 65 | REFRESH_TOKEN VARCHAR(2048), 66 | CONSUMER_KEY_ID INTEGER, 67 | AUTHZ_USER VARCHAR (100), 68 | TENANT_ID INTEGER, 69 | USER_DOMAIN VARCHAR(50), 70 | USER_TYPE VARCHAR (25), 71 | GRANT_TYPE VARCHAR (50), 72 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 73 | REFRESH_TOKEN_TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 74 | VALIDITY_PERIOD BIGINT, 75 | REFRESH_TOKEN_VALIDITY_PERIOD BIGINT, 76 | TOKEN_SCOPE_HASH VARCHAR(32), 77 | TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE', 78 | TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE', 79 | SUBJECT_IDENTIFIER VARCHAR(255), 80 | ACCESS_TOKEN_HASH VARCHAR(512), 81 | REFRESH_TOKEN_HASH VARCHAR(512), 82 | IDP_ID INTEGER DEFAULT -1 NOT NULL, 83 | TOKEN_BINDING_REF VARCHAR (32) DEFAULT 'NONE', 84 | PRIMARY KEY (TOKEN_ID), 85 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE, 86 | CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH, 87 | TOKEN_STATE,TOKEN_STATE_ID,IDP_ID,TOKEN_BINDING_REF) 88 | )ENGINE INNODB; 89 | 90 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_BINDING ( 91 | TOKEN_ID VARCHAR (255), 92 | TOKEN_BINDING_TYPE VARCHAR (32), 93 | TOKEN_BINDING_REF VARCHAR (32), 94 | TOKEN_BINDING_VALUE VARCHAR (1024), 95 | TENANT_ID INTEGER DEFAULT -1, 96 | PRIMARY KEY (TOKEN_ID), 97 | FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE 98 | )ENGINE INNODB; 99 | 100 | 101 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_AUDIT ( 102 | TOKEN_ID VARCHAR (255), 103 | ACCESS_TOKEN VARCHAR(2048), 104 | REFRESH_TOKEN VARCHAR(2048), 105 | CONSUMER_KEY_ID INTEGER, 106 | AUTHZ_USER VARCHAR (100), 107 | TENANT_ID INTEGER, 108 | USER_DOMAIN VARCHAR(50), 109 | USER_TYPE VARCHAR (25), 110 | GRANT_TYPE VARCHAR (50), 111 | TIME_CREATED TIMESTAMP NULL, 112 | REFRESH_TOKEN_TIME_CREATED TIMESTAMP NULL, 113 | VALIDITY_PERIOD BIGINT, 114 | REFRESH_TOKEN_VALIDITY_PERIOD BIGINT, 115 | TOKEN_SCOPE_HASH VARCHAR(32), 116 | TOKEN_STATE VARCHAR(25), 117 | TOKEN_STATE_ID VARCHAR (128) , 118 | SUBJECT_IDENTIFIER VARCHAR(255), 119 | ACCESS_TOKEN_HASH VARCHAR(512), 120 | REFRESH_TOKEN_HASH VARCHAR(512), 121 | INVALIDATED_TIME TIMESTAMP NULL, 122 | IDP_ID INTEGER DEFAULT -1 NOT NULL 123 | ); 124 | 125 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE ( 126 | CODE_ID VARCHAR (255), 127 | AUTHORIZATION_CODE VARCHAR(2048), 128 | CONSUMER_KEY_ID INTEGER, 129 | CALLBACK_URL VARCHAR(2048), 130 | SCOPE VARCHAR(2048), 131 | AUTHZ_USER VARCHAR (100), 132 | TENANT_ID INTEGER, 133 | USER_DOMAIN VARCHAR(50), 134 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 135 | VALIDITY_PERIOD BIGINT, 136 | STATE VARCHAR (25) DEFAULT 'ACTIVE', 137 | TOKEN_ID VARCHAR(255), 138 | SUBJECT_IDENTIFIER VARCHAR(255), 139 | PKCE_CODE_CHALLENGE VARCHAR(255), 140 | PKCE_CODE_CHALLENGE_METHOD VARCHAR(128), 141 | AUTHORIZATION_CODE_HASH VARCHAR(512), 142 | IDP_ID INTEGER DEFAULT -1 NOT NULL, 143 | PRIMARY KEY (CODE_ID), 144 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE 145 | )ENGINE INNODB; 146 | 147 | 148 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHZ_CODE_SCOPE( 149 | CODE_ID VARCHAR(255), 150 | SCOPE VARCHAR(60), 151 | TENANT_ID INTEGER DEFAULT -1, 152 | PRIMARY KEY (CODE_ID, SCOPE), 153 | FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE (CODE_ID) ON DELETE CASCADE 154 | )ENGINE INNODB; 155 | 156 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW ( 157 | CODE_ID VARCHAR(255), 158 | DEVICE_CODE VARCHAR(255), 159 | USER_CODE VARCHAR(25), 160 | CONSUMER_KEY_ID INTEGER, 161 | LAST_POLL_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 162 | EXPIRY_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 163 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 164 | POLL_TIME BIGINT, 165 | STATUS VARCHAR (25) DEFAULT 'PENDING', 166 | AUTHZ_USER VARCHAR (100), 167 | TENANT_ID INTEGER, 168 | USER_DOMAIN VARCHAR(50), 169 | IDP_ID INTEGER, 170 | PRIMARY KEY (DEVICE_CODE), 171 | UNIQUE (CODE_ID), 172 | UNIQUE (USER_CODE), 173 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE 174 | )ENGINE INNODB; 175 | 176 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW_SCOPES ( 177 | ID INTEGER NOT NULL AUTO_INCREMENT, 178 | SCOPE_ID VARCHAR(255), 179 | SCOPE VARCHAR(255), 180 | PRIMARY KEY (ID), 181 | FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_DEVICE_FLOW(CODE_ID) ON DELETE CASCADE 182 | )ENGINE INNODB; 183 | 184 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE ( 185 | TOKEN_ID VARCHAR (255), 186 | TOKEN_SCOPE VARCHAR (60), 187 | TENANT_ID INTEGER DEFAULT -1, 188 | PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE), 189 | FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE 190 | )ENGINE INNODB; 191 | 192 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE ( 193 | SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT, 194 | NAME VARCHAR(255) NOT NULL, 195 | DISPLAY_NAME VARCHAR(255) NOT NULL, 196 | DESCRIPTION VARCHAR(512), 197 | TENANT_ID INTEGER NOT NULL DEFAULT -1, 198 | SCOPE_TYPE VARCHAR(255) NOT NULL, 199 | PRIMARY KEY (SCOPE_ID), 200 | UNIQUE (NAME, TENANT_ID) 201 | )ENGINE INNODB; 202 | 203 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING ( 204 | SCOPE_ID INTEGER NOT NULL, 205 | SCOPE_BINDING VARCHAR(255) NOT NULL, 206 | BINDING_TYPE VARCHAR(255) NOT NULL, 207 | FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE, 208 | UNIQUE (SCOPE_ID, SCOPE_BINDING, BINDING_TYPE) 209 | )ENGINE INNODB; 210 | 211 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_RESOURCE_SCOPE ( 212 | RESOURCE_PATH VARCHAR(255) NOT NULL, 213 | SCOPE_ID INTEGER NOT NULL, 214 | TENANT_ID INTEGER DEFAULT -1, 215 | PRIMARY KEY (RESOURCE_PATH), 216 | FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE 217 | )ENGINE INNODB; 218 | 219 | CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP ( 220 | ID INTEGER AUTO_INCREMENT, 221 | TENANT_ID INTEGER NOT NULL, 222 | ROLE_NAME VARCHAR(255) NOT NULL, 223 | ATTR_NAME VARCHAR(1024) NOT NULL, 224 | ATTR_VALUE VARCHAR(1024), 225 | PRIMARY KEY (ID) 226 | )ENGINE INNODB; 227 | 228 | 229 | 230 | CREATE TABLE IF NOT EXISTS IDN_OPENID_REMEMBER_ME ( 231 | USER_NAME VARCHAR(255) NOT NULL, 232 | TENANT_ID INTEGER DEFAULT 0, 233 | COOKIE_VALUE VARCHAR(1024), 234 | CREATED_TIME TIMESTAMP, 235 | PRIMARY KEY (USER_NAME, TENANT_ID) 236 | )ENGINE INNODB; 237 | 238 | CREATE TABLE IF NOT EXISTS IDN_OPENID_USER_RPS ( 239 | USER_NAME VARCHAR(255) NOT NULL, 240 | TENANT_ID INTEGER DEFAULT 0, 241 | RP_URL VARCHAR(255) NOT NULL, 242 | TRUSTED_ALWAYS VARCHAR(128) DEFAULT 'FALSE', 243 | LAST_VISIT DATE NOT NULL, 244 | VISIT_COUNT INTEGER DEFAULT 0, 245 | DEFAULT_PROFILE_NAME VARCHAR(255) DEFAULT 'DEFAULT', 246 | PRIMARY KEY (USER_NAME, TENANT_ID, RP_URL) 247 | )ENGINE INNODB; 248 | 249 | CREATE TABLE IF NOT EXISTS IDN_OPENID_ASSOCIATIONS ( 250 | HANDLE VARCHAR(255) NOT NULL, 251 | ASSOC_TYPE VARCHAR(255) NOT NULL, 252 | EXPIRE_IN TIMESTAMP NOT NULL, 253 | MAC_KEY VARCHAR(255) NOT NULL, 254 | ASSOC_STORE VARCHAR(128) DEFAULT 'SHARED', 255 | TENANT_ID INTEGER DEFAULT -1, 256 | PRIMARY KEY (HANDLE) 257 | )ENGINE INNODB; 258 | 259 | CREATE TABLE IF NOT EXISTS IDN_STS_STORE ( 260 | ID INTEGER AUTO_INCREMENT, 261 | TOKEN_ID VARCHAR(255) NOT NULL, 262 | TOKEN_CONTENT BLOB(1024) NOT NULL, 263 | CREATE_DATE TIMESTAMP NOT NULL, 264 | EXPIRE_DATE TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 265 | STATE INTEGER DEFAULT 0, 266 | PRIMARY KEY (ID) 267 | )ENGINE INNODB; 268 | 269 | CREATE TABLE IF NOT EXISTS IDN_IDENTITY_USER_DATA ( 270 | TENANT_ID INTEGER DEFAULT -1234, 271 | USER_NAME VARCHAR(255) NOT NULL, 272 | DATA_KEY VARCHAR(255) NOT NULL, 273 | DATA_VALUE VARCHAR(2048), 274 | PRIMARY KEY (TENANT_ID, USER_NAME, DATA_KEY) 275 | )ENGINE INNODB; 276 | 277 | CREATE TABLE IF NOT EXISTS IDN_IDENTITY_META_DATA ( 278 | USER_NAME VARCHAR(255) NOT NULL, 279 | TENANT_ID INTEGER DEFAULT -1234, 280 | METADATA_TYPE VARCHAR(255) NOT NULL, 281 | METADATA VARCHAR(255) NOT NULL, 282 | VALID VARCHAR(255) NOT NULL, 283 | PRIMARY KEY (TENANT_ID, USER_NAME, METADATA_TYPE,METADATA) 284 | )ENGINE INNODB; 285 | 286 | CREATE TABLE IF NOT EXISTS IDN_THRIFT_SESSION ( 287 | SESSION_ID VARCHAR(255) NOT NULL, 288 | USER_NAME VARCHAR(255) NOT NULL, 289 | CREATED_TIME VARCHAR(255) NOT NULL, 290 | LAST_MODIFIED_TIME VARCHAR(255) NOT NULL, 291 | TENANT_ID INTEGER DEFAULT -1, 292 | PRIMARY KEY (SESSION_ID) 293 | )ENGINE INNODB; 294 | 295 | CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_STORE ( 296 | SESSION_ID VARCHAR (100) NOT NULL, 297 | SESSION_TYPE VARCHAR(100) NOT NULL, 298 | OPERATION VARCHAR(10) NOT NULL, 299 | SESSION_OBJECT BLOB, 300 | TIME_CREATED BIGINT, 301 | TENANT_ID INTEGER DEFAULT -1, 302 | EXPIRY_TIME BIGINT, 303 | PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) 304 | )ENGINE INNODB; 305 | 306 | 307 | 308 | 309 | CREATE TABLE IF NOT EXISTS IDN_AUTH_TEMP_SESSION_STORE ( 310 | SESSION_ID VARCHAR (100) NOT NULL, 311 | SESSION_TYPE VARCHAR(100) NOT NULL, 312 | OPERATION VARCHAR(10) NOT NULL, 313 | SESSION_OBJECT BLOB, 314 | TIME_CREATED BIGINT, 315 | TENANT_ID INTEGER DEFAULT -1, 316 | EXPIRY_TIME BIGINT, 317 | PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) 318 | )ENGINE INNODB; 319 | 320 | CREATE TABLE IF NOT EXISTS IDN_AUTH_USER ( 321 | USER_ID VARCHAR(255) NOT NULL, 322 | USER_NAME VARCHAR(255) NOT NULL, 323 | TENANT_ID INTEGER NOT NULL, 324 | DOMAIN_NAME VARCHAR(255) NOT NULL, 325 | IDP_ID INTEGER NOT NULL, 326 | PRIMARY KEY (USER_ID), 327 | CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID)); 328 | 329 | CREATE TABLE IF NOT EXISTS IDN_AUTH_USER_SESSION_MAPPING ( 330 | USER_ID VARCHAR(255) NOT NULL, 331 | SESSION_ID VARCHAR(255) NOT NULL, 332 | CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID)); 333 | 334 | CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_APP_INFO ( 335 | SESSION_ID VARCHAR (100) NOT NULL, 336 | SUBJECT VARCHAR (100) NOT NULL, 337 | APP_ID INTEGER NOT NULL, 338 | INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL, 339 | PRIMARY KEY (SESSION_ID, SUBJECT, APP_ID, INBOUND_AUTH_TYPE) 340 | )ENGINE INNODB; 341 | 342 | CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_META_DATA ( 343 | SESSION_ID VARCHAR (100) NOT NULL, 344 | PROPERTY_TYPE VARCHAR (100) NOT NULL, 345 | VALUE VARCHAR (255) NOT NULL, 346 | PRIMARY KEY (SESSION_ID, PROPERTY_TYPE, VALUE) 347 | )ENGINE INNODB; 348 | 349 | CREATE TABLE IF NOT EXISTS SP_APP ( 350 | ID INTEGER NOT NULL AUTO_INCREMENT, 351 | TENANT_ID INTEGER NOT NULL, 352 | APP_NAME VARCHAR (255) NOT NULL , 353 | USER_STORE VARCHAR (255) NOT NULL, 354 | USERNAME VARCHAR (255) NOT NULL , 355 | DESCRIPTION VARCHAR (1024), 356 | ROLE_CLAIM VARCHAR (512), 357 | AUTH_TYPE VARCHAR (255) NOT NULL, 358 | PROVISIONING_USERSTORE_DOMAIN VARCHAR (512), 359 | IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1', 360 | IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0', 361 | IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0', 362 | IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1', 363 | IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1', 364 | ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0', 365 | SUBJECT_CLAIM_URI VARCHAR (512), 366 | IS_SAAS_APP CHAR(1) DEFAULT '0', 367 | IS_DUMB_MODE CHAR(1) DEFAULT '0', 368 | UUID CHAR(36), 369 | IMAGE_URL VARCHAR(1024), 370 | ACCESS_URL VARCHAR(1024), 371 | IS_DISCOVERABLE CHAR(1) DEFAULT '0', 372 | 373 | PRIMARY KEY (ID) 374 | )ENGINE INNODB; 375 | 376 | ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_NAME_CONSTRAINT UNIQUE(APP_NAME, TENANT_ID); 377 | ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_UUID_CONSTRAINT UNIQUE(UUID); 378 | 379 | CREATE TABLE IF NOT EXISTS SP_METADATA ( 380 | ID INTEGER AUTO_INCREMENT, 381 | SP_ID INTEGER, 382 | NAME VARCHAR(255) NOT NULL, 383 | VALUE VARCHAR(255) NOT NULL, 384 | DISPLAY_NAME VARCHAR(255), 385 | TENANT_ID INTEGER DEFAULT -1, 386 | PRIMARY KEY (ID), 387 | CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME), 388 | FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE 389 | )ENGINE INNODB; 390 | 391 | CREATE TABLE IF NOT EXISTS SP_INBOUND_AUTH ( 392 | ID INTEGER NOT NULL AUTO_INCREMENT, 393 | TENANT_ID INTEGER NOT NULL, 394 | INBOUND_AUTH_KEY VARCHAR (255), 395 | INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL, 396 | INBOUND_CONFIG_TYPE VARCHAR (255) NOT NULL, 397 | PROP_NAME VARCHAR (255), 398 | PROP_VALUE VARCHAR (1024) , 399 | APP_ID INTEGER NOT NULL, 400 | PRIMARY KEY (ID) 401 | )ENGINE INNODB; 402 | 403 | ALTER TABLE SP_INBOUND_AUTH ADD CONSTRAINT APPLICATION_ID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 404 | 405 | CREATE TABLE IF NOT EXISTS SP_AUTH_STEP ( 406 | ID INTEGER NOT NULL AUTO_INCREMENT, 407 | TENANT_ID INTEGER NOT NULL, 408 | STEP_ORDER INTEGER DEFAULT 1, 409 | APP_ID INTEGER NOT NULL , 410 | IS_SUBJECT_STEP CHAR(1) DEFAULT '0', 411 | IS_ATTRIBUTE_STEP CHAR(1) DEFAULT '0', 412 | PRIMARY KEY (ID) 413 | )ENGINE INNODB; 414 | 415 | ALTER TABLE SP_AUTH_STEP ADD CONSTRAINT APPLICATION_ID_CONSTRAINT_STEP FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 416 | 417 | CREATE TABLE IF NOT EXISTS SP_FEDERATED_IDP ( 418 | ID INTEGER NOT NULL, 419 | TENANT_ID INTEGER NOT NULL, 420 | AUTHENTICATOR_ID INTEGER NOT NULL, 421 | PRIMARY KEY (ID, AUTHENTICATOR_ID) 422 | )ENGINE INNODB; 423 | 424 | ALTER TABLE SP_FEDERATED_IDP ADD CONSTRAINT STEP_ID_CONSTRAINT FOREIGN KEY (ID) REFERENCES SP_AUTH_STEP (ID) ON DELETE CASCADE; 425 | 426 | CREATE TABLE IF NOT EXISTS SP_CLAIM_DIALECT ( 427 | ID INTEGER NOT NULL AUTO_INCREMENT, 428 | TENANT_ID INTEGER NOT NULL, 429 | SP_DIALECT VARCHAR (512) NOT NULL, 430 | APP_ID INTEGER NOT NULL, 431 | PRIMARY KEY (ID)); 432 | 433 | ALTER TABLE SP_CLAIM_DIALECT ADD CONSTRAINT DIALECTID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 434 | 435 | CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING ( 436 | ID INTEGER NOT NULL AUTO_INCREMENT, 437 | TENANT_ID INTEGER NOT NULL, 438 | IDP_CLAIM VARCHAR (512) NOT NULL , 439 | SP_CLAIM VARCHAR (512) NOT NULL , 440 | APP_ID INTEGER NOT NULL, 441 | IS_REQUESTED VARCHAR(128) DEFAULT '0', 442 | IS_MANDATORY VARCHAR(128) DEFAULT '0', 443 | DEFAULT_VALUE VARCHAR(255), 444 | PRIMARY KEY (ID) 445 | )ENGINE INNODB; 446 | 447 | ALTER TABLE SP_CLAIM_MAPPING ADD CONSTRAINT CLAIMID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 448 | 449 | CREATE TABLE IF NOT EXISTS SP_ROLE_MAPPING ( 450 | ID INTEGER NOT NULL AUTO_INCREMENT, 451 | TENANT_ID INTEGER NOT NULL, 452 | IDP_ROLE VARCHAR (255) NOT NULL , 453 | SP_ROLE VARCHAR (255) NOT NULL , 454 | APP_ID INTEGER NOT NULL, 455 | PRIMARY KEY (ID) 456 | )ENGINE INNODB; 457 | 458 | ALTER TABLE SP_ROLE_MAPPING ADD CONSTRAINT ROLEID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 459 | 460 | CREATE TABLE IF NOT EXISTS SP_REQ_PATH_AUTHENTICATOR ( 461 | ID INTEGER NOT NULL AUTO_INCREMENT, 462 | TENANT_ID INTEGER NOT NULL, 463 | AUTHENTICATOR_NAME VARCHAR (255) NOT NULL , 464 | APP_ID INTEGER NOT NULL, 465 | PRIMARY KEY (ID) 466 | )ENGINE INNODB; 467 | 468 | ALTER TABLE SP_REQ_PATH_AUTHENTICATOR ADD CONSTRAINT REQ_AUTH_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 469 | 470 | CREATE TABLE IF NOT EXISTS SP_PROVISIONING_CONNECTOR ( 471 | ID INTEGER NOT NULL AUTO_INCREMENT, 472 | TENANT_ID INTEGER NOT NULL, 473 | IDP_NAME VARCHAR (255) NOT NULL , 474 | CONNECTOR_NAME VARCHAR (255) NOT NULL , 475 | APP_ID INTEGER NOT NULL, 476 | IS_JIT_ENABLED CHAR(1) NOT NULL DEFAULT '0', 477 | BLOCKING CHAR(1) NOT NULL DEFAULT '0', 478 | RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0', 479 | PRIMARY KEY (ID) 480 | )ENGINE INNODB; 481 | 482 | ALTER TABLE SP_PROVISIONING_CONNECTOR ADD CONSTRAINT PRO_CONNECTOR_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; 483 | 484 | CREATE TABLE SP_AUTH_SCRIPT ( 485 | ID INTEGER AUTO_INCREMENT NOT NULL, 486 | TENANT_ID INTEGER NOT NULL, 487 | APP_ID INTEGER NOT NULL, 488 | TYPE VARCHAR(255) NOT NULL, 489 | CONTENT BLOB DEFAULT NULL, 490 | IS_ENABLED CHAR(1) NOT NULL DEFAULT '0', 491 | PRIMARY KEY (ID)); 492 | 493 | CREATE TABLE IF NOT EXISTS SP_TEMPLATE ( 494 | ID INTEGER AUTO_INCREMENT NOT NULL, 495 | TENANT_ID INTEGER NOT NULL, 496 | NAME VARCHAR(255) NOT NULL, 497 | DESCRIPTION VARCHAR(1023), 498 | CONTENT BLOB DEFAULT NULL, 499 | PRIMARY KEY (ID), 500 | CONSTRAINT SP_TEMPLATE_CONSTRAINT UNIQUE (TENANT_ID, NAME)); 501 | 502 | CREATE TABLE IF NOT EXISTS IDN_AUTH_WAIT_STATUS ( 503 | ID INTEGER AUTO_INCREMENT NOT NULL, 504 | TENANT_ID INTEGER NOT NULL, 505 | LONG_WAIT_KEY VARCHAR(255) NOT NULL, 506 | WAIT_STATUS CHAR(1) NOT NULL DEFAULT '1', 507 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 508 | EXPIRE_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 509 | PRIMARY KEY (ID), 510 | CONSTRAINT IDN_AUTH_WAIT_STATUS_KEY UNIQUE (LONG_WAIT_KEY)); 511 | 512 | CREATE TABLE IF NOT EXISTS IDP ( 513 | ID INTEGER AUTO_INCREMENT, 514 | TENANT_ID INTEGER, 515 | NAME VARCHAR(254) NOT NULL, 516 | IS_ENABLED CHAR(1) NOT NULL DEFAULT '1', 517 | IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0', 518 | HOME_REALM_ID VARCHAR(254), 519 | IMAGE MEDIUMBLOB, 520 | CERTIFICATE BLOB, 521 | ALIAS VARCHAR(254), 522 | INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0', 523 | INBOUND_PROV_USER_STORE_ID VARCHAR(254), 524 | USER_CLAIM_URI VARCHAR(254), 525 | ROLE_CLAIM_URI VARCHAR(254), 526 | DESCRIPTION VARCHAR (1024), 527 | DEFAULT_AUTHENTICATOR_NAME VARCHAR(254), 528 | DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254), 529 | PROVISIONING_ROLE VARCHAR(128), 530 | IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0', 531 | IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0', 532 | DISPLAY_NAME VARCHAR(255), 533 | IMAGE_URL VARCHAR(1024), 534 | UUID CHAR(36) NOT NULL, 535 | PRIMARY KEY (ID), 536 | UNIQUE (TENANT_ID, NAME), 537 | UNIQUE (UUID) 538 | )ENGINE INNODB; 539 | 540 | CREATE TABLE IF NOT EXISTS IDP_ROLE ( 541 | ID INTEGER AUTO_INCREMENT, 542 | IDP_ID INTEGER, 543 | TENANT_ID INTEGER, 544 | ROLE VARCHAR(254), 545 | PRIMARY KEY (ID), 546 | UNIQUE (IDP_ID, ROLE), 547 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 548 | )ENGINE INNODB; 549 | 550 | CREATE TABLE IF NOT EXISTS IDP_ROLE_MAPPING ( 551 | ID INTEGER AUTO_INCREMENT, 552 | IDP_ROLE_ID INTEGER, 553 | TENANT_ID INTEGER, 554 | USER_STORE_ID VARCHAR (253), 555 | LOCAL_ROLE VARCHAR(253), 556 | PRIMARY KEY (ID), 557 | UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE), 558 | FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE 559 | )ENGINE INNODB; 560 | 561 | CREATE TABLE IF NOT EXISTS IDP_CLAIM ( 562 | ID INTEGER AUTO_INCREMENT, 563 | IDP_ID INTEGER, 564 | TENANT_ID INTEGER, 565 | CLAIM VARCHAR(254), 566 | PRIMARY KEY (ID), 567 | UNIQUE (IDP_ID, CLAIM), 568 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 569 | )ENGINE INNODB; 570 | 571 | CREATE TABLE IF NOT EXISTS IDP_CLAIM_MAPPING ( 572 | ID INTEGER AUTO_INCREMENT, 573 | IDP_CLAIM_ID INTEGER, 574 | TENANT_ID INTEGER, 575 | LOCAL_CLAIM VARCHAR(253), 576 | DEFAULT_VALUE VARCHAR(255), 577 | IS_REQUESTED VARCHAR(128) DEFAULT '0', 578 | PRIMARY KEY (ID), 579 | UNIQUE (IDP_CLAIM_ID, TENANT_ID, LOCAL_CLAIM), 580 | FOREIGN KEY (IDP_CLAIM_ID) REFERENCES IDP_CLAIM(ID) ON DELETE CASCADE 581 | )ENGINE INNODB; 582 | 583 | CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR ( 584 | ID INTEGER AUTO_INCREMENT, 585 | TENANT_ID INTEGER, 586 | IDP_ID INTEGER, 587 | NAME VARCHAR(255) NOT NULL, 588 | IS_ENABLED CHAR (1) DEFAULT '1', 589 | DISPLAY_NAME VARCHAR(255), 590 | PRIMARY KEY (ID), 591 | UNIQUE (TENANT_ID, IDP_ID, NAME), 592 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 593 | )ENGINE INNODB; 594 | 595 | CREATE TABLE IF NOT EXISTS IDP_METADATA ( 596 | ID INTEGER AUTO_INCREMENT, 597 | IDP_ID INTEGER, 598 | NAME VARCHAR(255) NOT NULL, 599 | VALUE VARCHAR(255) NOT NULL, 600 | DISPLAY_NAME VARCHAR(255), 601 | TENANT_ID INTEGER DEFAULT -1, 602 | PRIMARY KEY (ID), 603 | CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME), 604 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 605 | )ENGINE INNODB; 606 | 607 | CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR_PROPERTY ( 608 | ID INTEGER AUTO_INCREMENT, 609 | TENANT_ID INTEGER, 610 | AUTHENTICATOR_ID INTEGER, 611 | PROPERTY_KEY VARCHAR(255) NOT NULL, 612 | PROPERTY_VALUE VARCHAR(2047), 613 | IS_SECRET CHAR (1) DEFAULT '0', 614 | PRIMARY KEY (ID), 615 | UNIQUE (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY), 616 | FOREIGN KEY (AUTHENTICATOR_ID) REFERENCES IDP_AUTHENTICATOR(ID) ON DELETE CASCADE 617 | )ENGINE INNODB; 618 | 619 | CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_CONFIG ( 620 | ID INTEGER AUTO_INCREMENT, 621 | TENANT_ID INTEGER, 622 | IDP_ID INTEGER, 623 | PROVISIONING_CONNECTOR_TYPE VARCHAR(255) NOT NULL, 624 | IS_ENABLED CHAR (1) DEFAULT '0', 625 | IS_BLOCKING CHAR (1) DEFAULT '0', 626 | IS_RULES_ENABLED CHAR (1) DEFAULT '0', 627 | PRIMARY KEY (ID), 628 | UNIQUE (TENANT_ID, IDP_ID, PROVISIONING_CONNECTOR_TYPE), 629 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 630 | )ENGINE INNODB; 631 | 632 | CREATE TABLE IF NOT EXISTS IDP_PROV_CONFIG_PROPERTY ( 633 | ID INTEGER AUTO_INCREMENT, 634 | TENANT_ID INTEGER, 635 | PROVISIONING_CONFIG_ID INTEGER, 636 | PROPERTY_KEY VARCHAR(255) NOT NULL, 637 | PROPERTY_VALUE VARCHAR(2048), 638 | PROPERTY_BLOB_VALUE BLOB, 639 | PROPERTY_TYPE CHAR(32) NOT NULL, 640 | IS_SECRET CHAR (1) DEFAULT '0', 641 | PRIMARY KEY (ID), 642 | UNIQUE (TENANT_ID, PROVISIONING_CONFIG_ID, PROPERTY_KEY), 643 | FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE 644 | )ENGINE INNODB; 645 | 646 | CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_ENTITY ( 647 | ID INTEGER AUTO_INCREMENT, 648 | PROVISIONING_CONFIG_ID INTEGER, 649 | ENTITY_TYPE VARCHAR(255) NOT NULL, 650 | ENTITY_LOCAL_USERSTORE VARCHAR(255) NOT NULL, 651 | ENTITY_NAME VARCHAR(255) NOT NULL, 652 | ENTITY_VALUE VARCHAR(255), 653 | TENANT_ID INTEGER, 654 | ENTITY_LOCAL_ID VARCHAR(255), 655 | PRIMARY KEY (ID), 656 | UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID), 657 | UNIQUE (PROVISIONING_CONFIG_ID, ENTITY_TYPE, ENTITY_VALUE), 658 | FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE 659 | )ENGINE INNODB; 660 | 661 | CREATE TABLE IF NOT EXISTS IDP_LOCAL_CLAIM ( 662 | ID INTEGER AUTO_INCREMENT, 663 | TENANT_ID INTEGER, 664 | IDP_ID INTEGER, 665 | CLAIM_URI VARCHAR(255) NOT NULL, 666 | DEFAULT_VALUE VARCHAR(255), 667 | IS_REQUESTED VARCHAR(128) DEFAULT '0', 668 | PRIMARY KEY (ID), 669 | UNIQUE (TENANT_ID, IDP_ID, CLAIM_URI), 670 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 671 | )ENGINE INNODB; 672 | 673 | CREATE TABLE IF NOT EXISTS IDN_ASSOCIATED_ID ( 674 | ID INTEGER AUTO_INCREMENT, 675 | IDP_USER_ID VARCHAR(255) NOT NULL, 676 | TENANT_ID INTEGER DEFAULT -1234, 677 | IDP_ID INTEGER NOT NULL, 678 | DOMAIN_NAME VARCHAR(255) NOT NULL, 679 | USER_NAME VARCHAR(255) NOT NULL, 680 | ASSOCIATION_ID CHAR(36) NOT NULL, 681 | PRIMARY KEY (ID), 682 | UNIQUE(IDP_USER_ID, TENANT_ID, IDP_ID), 683 | FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE 684 | )ENGINE INNODB; 685 | 686 | CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION ( 687 | ASSOCIATION_KEY VARCHAR(255) NOT NULL, 688 | TENANT_ID INTEGER, 689 | DOMAIN_NAME VARCHAR(255) NOT NULL, 690 | USER_NAME VARCHAR(255) NOT NULL, 691 | PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME) 692 | )ENGINE INNODB; 693 | 694 | CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE ( 695 | TENANT_ID INTEGER, 696 | DOMAIN_NAME VARCHAR(255) NOT NULL, 697 | USER_NAME VARCHAR(45) NOT NULL, 698 | TIME_REGISTERED TIMESTAMP, 699 | KEY_HANDLE VARCHAR(200) NOT NULL, 700 | DEVICE_DATA VARCHAR(2048) NOT NULL, 701 | PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE) 702 | )ENGINE INNODB; 703 | 704 | CREATE TABLE IF NOT EXISTS FIDO2_DEVICE_STORE ( 705 | TENANT_ID INTEGER, 706 | DOMAIN_NAME VARCHAR(255) NOT NULL, 707 | USER_NAME VARCHAR(45) NOT NULL, 708 | TIME_REGISTERED TIMESTAMP, 709 | USER_HANDLE VARCHAR(64) NOT NULL, 710 | CREDENTIAL_ID VARCHAR(200) NOT NULL, 711 | PUBLIC_KEY_COSE VARCHAR(1024) NOT NULL, 712 | SIGNATURE_COUNT BIGINT, 713 | USER_IDENTITY VARCHAR(512) NOT NULL, 714 | DISPLAY_NAME VARCHAR(255), 715 | IS_USERNAMELESS_SUPPORTED CHAR(1) DEFAULT '0', 716 | PRIMARY KEY (CREDENTIAL_ID, USER_HANDLE) 717 | )ENGINE INNODB; 718 | 719 | CREATE TABLE IF NOT EXISTS WF_REQUEST ( 720 | UUID VARCHAR (45), 721 | CREATED_BY VARCHAR (255), 722 | TENANT_ID INTEGER DEFAULT -1, 723 | OPERATION_TYPE VARCHAR (50), 724 | CREATED_AT TIMESTAMP, 725 | UPDATED_AT TIMESTAMP DEFAULT CURRENT_TIMESTAMP, 726 | STATUS VARCHAR (30), 727 | REQUEST BLOB, 728 | PRIMARY KEY (UUID) 729 | )ENGINE INNODB; 730 | 731 | CREATE TABLE IF NOT EXISTS WF_BPS_PROFILE ( 732 | PROFILE_NAME VARCHAR(45), 733 | HOST_URL_MANAGER VARCHAR(255), 734 | HOST_URL_WORKER VARCHAR(255), 735 | USERNAME VARCHAR(45), 736 | PASSWORD VARCHAR(1023), 737 | CALLBACK_HOST VARCHAR (45), 738 | CALLBACK_USERNAME VARCHAR (45), 739 | CALLBACK_PASSWORD VARCHAR (255), 740 | TENANT_ID INTEGER DEFAULT -1, 741 | PRIMARY KEY (PROFILE_NAME, TENANT_ID) 742 | )ENGINE INNODB; 743 | 744 | CREATE TABLE IF NOT EXISTS WF_WORKFLOW( 745 | ID VARCHAR (45), 746 | WF_NAME VARCHAR (45), 747 | DESCRIPTION VARCHAR (255), 748 | TEMPLATE_ID VARCHAR (45), 749 | IMPL_ID VARCHAR (45), 750 | TENANT_ID INTEGER DEFAULT -1, 751 | PRIMARY KEY (ID) 752 | )ENGINE INNODB; 753 | 754 | CREATE TABLE IF NOT EXISTS WF_WORKFLOW_ASSOCIATION( 755 | ID INTEGER NOT NULL AUTO_INCREMENT, 756 | ASSOC_NAME VARCHAR (45), 757 | EVENT_ID VARCHAR(45), 758 | ASSOC_CONDITION VARCHAR (2000), 759 | WORKFLOW_ID VARCHAR (45), 760 | IS_ENABLED CHAR (1) DEFAULT '1', 761 | TENANT_ID INTEGER DEFAULT -1, 762 | PRIMARY KEY(ID), 763 | FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE 764 | )ENGINE INNODB; 765 | 766 | CREATE TABLE IF NOT EXISTS WF_WORKFLOW_CONFIG_PARAM( 767 | WORKFLOW_ID VARCHAR (45), 768 | PARAM_NAME VARCHAR (45), 769 | PARAM_VALUE VARCHAR (1000), 770 | PARAM_QNAME VARCHAR (45), 771 | PARAM_HOLDER VARCHAR (45), 772 | TENANT_ID INTEGER DEFAULT -1, 773 | PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER), 774 | FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE 775 | )ENGINE INNODB; 776 | 777 | CREATE TABLE IF NOT EXISTS WF_REQUEST_ENTITY_RELATIONSHIP( 778 | REQUEST_ID VARCHAR (45), 779 | ENTITY_NAME VARCHAR (255), 780 | ENTITY_TYPE VARCHAR (50), 781 | TENANT_ID INTEGER DEFAULT -1, 782 | PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID), 783 | FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE 784 | )ENGINE INNODB; 785 | 786 | CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION( 787 | RELATIONSHIP_ID VARCHAR (45), 788 | WORKFLOW_ID VARCHAR (45), 789 | REQUEST_ID VARCHAR (45), 790 | UPDATED_AT TIMESTAMP, 791 | STATUS VARCHAR (30), 792 | TENANT_ID INTEGER DEFAULT -1, 793 | PRIMARY KEY (RELATIONSHIP_ID), 794 | FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE, 795 | FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE 796 | )ENGINE INNODB; 797 | 798 | CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA ( 799 | USER_NAME VARCHAR(255) NOT NULL, 800 | USER_DOMAIN VARCHAR(127) NOT NULL, 801 | TENANT_ID INTEGER DEFAULT -1, 802 | CODE VARCHAR(255) NOT NULL, 803 | SCENARIO VARCHAR(255) NOT NULL, 804 | STEP VARCHAR(127) NOT NULL, 805 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 806 | REMAINING_SETS VARCHAR(2500) DEFAULT NULL, 807 | PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP), 808 | UNIQUE(CODE) 809 | )ENGINE INNODB; 810 | 811 | CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( 812 | ID INTEGER NOT NULL AUTO_INCREMENT, 813 | USER_NAME VARCHAR(255) NOT NULL, 814 | USER_DOMAIN VARCHAR(127) NOT NULL, 815 | TENANT_ID INTEGER DEFAULT -1, 816 | SALT_VALUE VARCHAR(255), 817 | HASH VARCHAR(255) NOT NULL, 818 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 819 | PRIMARY KEY(ID), 820 | UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) 821 | )ENGINE INNODB; 822 | 823 | CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT ( 824 | ID INTEGER NOT NULL AUTO_INCREMENT, 825 | DIALECT_URI VARCHAR (255) NOT NULL, 826 | TENANT_ID INTEGER NOT NULL, 827 | PRIMARY KEY (ID), 828 | CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID) 829 | )ENGINE INNODB; 830 | 831 | CREATE TABLE IF NOT EXISTS IDN_CLAIM ( 832 | ID INTEGER NOT NULL AUTO_INCREMENT, 833 | DIALECT_ID INTEGER NOT NULL, 834 | CLAIM_URI VARCHAR (255) NOT NULL, 835 | TENANT_ID INTEGER NOT NULL, 836 | PRIMARY KEY (ID), 837 | FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE, 838 | CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID) 839 | )ENGINE INNODB; 840 | 841 | CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE ( 842 | ID INTEGER NOT NULL AUTO_INCREMENT, 843 | LOCAL_CLAIM_ID INTEGER, 844 | USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL, 845 | ATTRIBUTE_NAME VARCHAR (255) NOT NULL, 846 | TENANT_ID INTEGER NOT NULL, 847 | PRIMARY KEY (ID), 848 | FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, 849 | CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID) 850 | )ENGINE INNODB; 851 | 852 | CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY ( 853 | ID INTEGER NOT NULL AUTO_INCREMENT, 854 | LOCAL_CLAIM_ID INTEGER, 855 | PROPERTY_NAME VARCHAR (255) NOT NULL, 856 | PROPERTY_VALUE VARCHAR (255) NOT NULL, 857 | TENANT_ID INTEGER NOT NULL, 858 | PRIMARY KEY (ID), 859 | FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, 860 | CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID) 861 | )ENGINE INNODB; 862 | 863 | CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING ( 864 | ID INTEGER NOT NULL AUTO_INCREMENT, 865 | EXT_CLAIM_ID INTEGER NOT NULL, 866 | MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL, 867 | TENANT_ID INTEGER NOT NULL, 868 | PRIMARY KEY (ID), 869 | FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, 870 | FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, 871 | CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID) 872 | )ENGINE INNODB; 873 | 874 | CREATE TABLE IF NOT EXISTS IDN_SAML2_ASSERTION_STORE ( 875 | ID INTEGER NOT NULL AUTO_INCREMENT, 876 | SAML2_ID VARCHAR(255) , 877 | SAML2_ISSUER VARCHAR(255) , 878 | SAML2_SUBJECT VARCHAR(255) , 879 | SAML2_SESSION_INDEX VARCHAR(255) , 880 | SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255) , 881 | SAML2_ASSERTION VARCHAR(4096) , 882 | ASSERTION BLOB , 883 | PRIMARY KEY (ID) 884 | )ENGINE INNODB; 885 | 886 | CREATE TABLE IDN_SAML2_ARTIFACT_STORE ( 887 | ID INT(11) NOT NULL AUTO_INCREMENT, 888 | SOURCE_ID VARCHAR(255) NOT NULL, 889 | MESSAGE_HANDLER VARCHAR(255) NOT NULL, 890 | AUTHN_REQ_DTO BLOB NOT NULL, 891 | SESSION_ID VARCHAR(255) NOT NULL, 892 | EXP_TIMESTAMP TIMESTAMP NOT NULL, 893 | INIT_TIMESTAMP TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 894 | ASSERTION_ID VARCHAR(255), 895 | PRIMARY KEY (`ID`) 896 | )ENGINE INNODB; 897 | 898 | CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI ( 899 | JWT_ID VARCHAR(255) NOT NULL, 900 | EXP_TIME TIMESTAMP NOT NULL , 901 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , 902 | PRIMARY KEY (JWT_ID) 903 | )ENGINE INNODB; 904 | 905 | CREATE TABLE IF NOT EXISTS IDN_OIDC_PROPERTY ( 906 | ID INTEGER NOT NULL AUTO_INCREMENT, 907 | TENANT_ID INTEGER, 908 | CONSUMER_KEY VARCHAR(255) , 909 | PROPERTY_KEY VARCHAR(255) NOT NULL, 910 | PROPERTY_VALUE VARCHAR(2047) , 911 | PRIMARY KEY (ID), 912 | FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE 913 | )ENGINE INNODB; 914 | 915 | CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE ( 916 | ID INTEGER NOT NULL AUTO_INCREMENT, 917 | CONSUMER_KEY_ID INTEGER , 918 | CODE_ID VARCHAR(255) , 919 | TOKEN_ID VARCHAR(255) , 920 | SESSION_DATA_KEY VARCHAR(255), 921 | PRIMARY KEY (ID), 922 | FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE, 923 | FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE, 924 | FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE 925 | )ENGINE INNODB; 926 | 927 | CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS ( 928 | ID INTEGER NOT NULL AUTO_INCREMENT, 929 | REQ_OBJECT_ID INTEGER, 930 | CLAIM_ATTRIBUTE VARCHAR(255) , 931 | ESSENTIAL CHAR(1) NOT NULL DEFAULT '0' , 932 | VALUE VARCHAR(255) , 933 | IS_USERINFO CHAR(1) NOT NULL DEFAULT '0', 934 | PRIMARY KEY (ID), 935 | FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE 936 | )ENGINE INNODB; 937 | 938 | CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES ( 939 | ID INTEGER NOT NULL AUTO_INCREMENT, 940 | REQ_OBJECT_CLAIMS_ID INTEGER , 941 | CLAIM_VALUES VARCHAR(255) , 942 | PRIMARY KEY (ID), 943 | FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE 944 | )ENGINE INNODB; 945 | 946 | CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE ( 947 | ID INTEGER NOT NULL AUTO_INCREMENT, 948 | NAME VARCHAR(100), 949 | CERTIFICATE_IN_PEM BLOB, 950 | TENANT_ID INTEGER DEFAULT 0, 951 | PRIMARY KEY(ID), 952 | CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID) 953 | )ENGINE INNODB; 954 | 955 | CREATE TABLE IF NOT EXISTS IDN_OIDC_SCOPE_CLAIM_MAPPING ( 956 | ID INTEGER NOT NULL AUTO_INCREMENT, 957 | SCOPE_ID INTEGER NOT NULL, 958 | EXTERNAL_CLAIM_ID INTEGER NOT NULL, 959 | PRIMARY KEY (ID), 960 | FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE, 961 | FOREIGN KEY (EXTERNAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, 962 | UNIQUE (SCOPE_ID, EXTERNAL_CLAIM_ID) 963 | )ENGINE INNODB; 964 | 965 | CREATE TABLE IF NOT EXISTS IDN_FUNCTION_LIBRARY ( 966 | NAME VARCHAR(255) NOT NULL, 967 | DESCRIPTION VARCHAR(1023), 968 | TYPE VARCHAR(255) NOT NULL, 969 | TENANT_ID INTEGER NOT NULL, 970 | DATA BLOB NOT NULL, 971 | PRIMARY KEY (TENANT_ID,NAME) 972 | )ENGINE INNODB; 973 | 974 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_AUTH_CODE ( 975 | AUTH_CODE_KEY CHAR (36), 976 | AUTH_REQ_ID CHAR (36), 977 | ISSUED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 978 | CONSUMER_KEY VARCHAR(255), 979 | LAST_POLLED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 980 | POLLING_INTERVAL INTEGER, 981 | EXPIRES_IN INTEGER, 982 | AUTHENTICATED_USER_NAME VARCHAR(255), 983 | USER_STORE_DOMAIN VARCHAR(100), 984 | TENANT_ID INTEGER, 985 | AUTH_REQ_STATUS VARCHAR (100) DEFAULT 'REQUESTED', 986 | IDP_ID INTEGER, 987 | UNIQUE(AUTH_REQ_ID), 988 | PRIMARY KEY (AUTH_CODE_KEY), 989 | FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE 990 | )ENGINE INNODB; 991 | 992 | CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_REQUEST_SCOPES ( 993 | AUTH_CODE_KEY CHAR (36), 994 | SCOPE VARCHAR (255), 995 | FOREIGN KEY (AUTH_CODE_KEY) REFERENCES IDN_OAUTH2_CIBA_AUTH_CODE(AUTH_CODE_KEY) ON DELETE CASCADE 996 | )ENGINE INNODB; 997 | 998 | CREATE TABLE IF NOT EXISTS IDN_FED_AUTH_SESSION_MAPPING ( 999 | IDP_SESSION_ID VARCHAR(255) NOT NULL, 1000 | SESSION_ID VARCHAR(255) NOT NULL, 1001 | IDP_NAME VARCHAR(255) NOT NULL, 1002 | AUTHENTICATOR_ID VARCHAR(255), 1003 | PROTOCOL_TYPE VARCHAR(255), 1004 | TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 1005 | PRIMARY KEY (IDP_SESSION_ID) 1006 | )ENGINE INNODB; 1007 | 1008 | -- --------------------------- INDEX CREATION ----------------------------- 1009 | -- IDN_OAUTH2_ACCESS_TOKEN -- 1010 | CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); 1011 | CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH); 1012 | CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE); 1013 | CREATE INDEX IDX_AT_TI_UD ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, TENANT_ID, TOKEN_STATE, USER_DOMAIN); 1014 | CREATE INDEX IDX_AT_AU_TID_UD_TS_CKID ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, TENANT_ID, USER_DOMAIN, TOKEN_STATE, CONSUMER_KEY_ID); 1015 | CREATE INDEX IDX_AT_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN); 1016 | CREATE INDEX IDX_AT_AU_CKID_TS_UT ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, CONSUMER_KEY_ID, TOKEN_STATE, USER_TYPE); 1017 | CREATE INDEX IDX_AT_RTH ON IDN_OAUTH2_ACCESS_TOKEN(REFRESH_TOKEN_HASH); 1018 | CREATE INDEX IDX_AT_RT ON IDN_OAUTH2_ACCESS_TOKEN(REFRESH_TOKEN); 1019 | CREATE INDEX IDX_AT_CKID_AU_TID_UD_TSH_TS ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, TOKEN_SCOPE_HASH, TOKEN_STATE); 1020 | 1021 | -- IDN_OAUTH2_AUTHORIZATION_CODE -- 1022 | CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH, CONSUMER_KEY_ID); 1023 | CREATE INDEX IDX_AUTHORIZATION_CODE_AU_TI ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHZ_USER, TENANT_ID, USER_DOMAIN, STATE); 1024 | CREATE INDEX IDX_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(CONSUMER_KEY_ID); 1025 | CREATE INDEX IDX_AC_TID ON IDN_OAUTH2_AUTHORIZATION_CODE(TOKEN_ID); 1026 | CREATE INDEX IDX_AC_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(AUTHORIZATION_CODE, CONSUMER_KEY_ID); 1027 | 1028 | -- IDN_SCIM_GROUP -- 1029 | CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME); 1030 | CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN_AN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME, ATTR_NAME(500)); 1031 | 1032 | -- IDN_AUTH_SESSION_STORE -- 1033 | CREATE INDEX IDX_IDN_AUTH_SESSION_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED); 1034 | 1035 | -- IDN_AUTH_TEMP_SESSION_STORE -- 1036 | CREATE INDEX IDX_IDN_AUTH_TMP_SESSION_TIME ON IDN_AUTH_TEMP_SESSION_STORE (TIME_CREATED); 1037 | 1038 | -- IDN_OIDC_SCOPE_CLAIM_MAPPING -- 1039 | CREATE INDEX IDX_AT_SI_ECI ON IDN_OIDC_SCOPE_CLAIM_MAPPING(SCOPE_ID, EXTERNAL_CLAIM_ID); 1040 | 1041 | -- IDN_OAUTH2_SCOPE -- 1042 | CREATE INDEX IDX_SC_TID ON IDN_OAUTH2_SCOPE(TENANT_ID); 1043 | 1044 | -- IDN_OAUTH2_SCOPE_BINDING -- 1045 | CREATE INDEX IDX_SB_SCPID ON IDN_OAUTH2_SCOPE_BINDING(SCOPE_ID); 1046 | 1047 | -- IDN_OIDC_REQ_OBJECT_REFERENCE -- 1048 | CREATE INDEX IDX_OROR_TID ON IDN_OIDC_REQ_OBJECT_REFERENCE(TOKEN_ID); 1049 | 1050 | -- IDN_OAUTH2_ACCESS_TOKEN_SCOPE -- 1051 | CREATE INDEX IDX_ATS_TID ON IDN_OAUTH2_ACCESS_TOKEN_SCOPE(TOKEN_ID); 1052 | 1053 | -- SP_TEMPLATE -- 1054 | CREATE INDEX IDX_SP_TEMPLATE ON SP_TEMPLATE (TENANT_ID, NAME); 1055 | 1056 | -- IDN_AUTH_USER -- 1057 | CREATE INDEX IDX_AUTH_USER_UN_TID_DN ON IDN_AUTH_USER (USER_NAME, TENANT_ID, DOMAIN_NAME); 1058 | CREATE INDEX IDX_AUTH_USER_DN_TOD ON IDN_AUTH_USER (DOMAIN_NAME, TENANT_ID); 1059 | 1060 | -- IDN_AUTH_USER_SESSION_MAPPING -- 1061 | CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID); 1062 | CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID); 1063 | 1064 | -- IDN_OAUTH_CONSUMER_APPS -- 1065 | CREATE INDEX IDX_OCA_UM_TID_UD_APN ON IDN_OAUTH_CONSUMER_APPS(USERNAME,TENANT_ID,USER_DOMAIN, APP_NAME); 1066 | 1067 | -- IDX_SPI_APP -- 1068 | CREATE INDEX IDX_SPI_APP ON SP_INBOUND_AUTH(APP_ID); 1069 | 1070 | -- IDN_OIDC_PROPERTY -- 1071 | CREATE INDEX IDX_IOP_TID_CK ON IDN_OIDC_PROPERTY(TENANT_ID,CONSUMER_KEY); 1072 | 1073 | -- IDN_FIDO2_PROPERTY -- 1074 | CREATE INDEX IDX_FIDO2_STR ON FIDO2_DEVICE_STORE(USER_NAME, TENANT_ID, DOMAIN_NAME, CREDENTIAL_ID, USER_HANDLE); 1075 | 1076 | -- IDN_ASSOCIATED_ID -- 1077 | CREATE INDEX IDX_AI_DN_UN_AI ON IDN_ASSOCIATED_ID(DOMAIN_NAME, USER_NAME, ASSOCIATION_ID); 1078 | 1079 | -- IDN_OAUTH2_TOKEN_BINDING -- 1080 | CREATE INDEX IDX_IDN_AUTH_BIND ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_REF); 1081 | 1082 | -- IDN_FED_AUTH_SESSION_MAPPING -- 1083 | CREATE INDEX IDX_FEDERATED_AUTH_SESSION_ID ON IDN_FED_AUTH_SESSION_MAPPING (SESSION_ID); 1084 | --------------------------------------------------------------------------------