70 lines
2.7 KiB
SQL
70 lines
2.7 KiB
SQL
-- ============================================================================
|
|
-- PostgreSQL initialization for StellaOps
|
|
-- This script runs automatically on first container start
|
|
-- ============================================================================
|
|
|
|
-- Enable pg_stat_statements extension for query performance analysis
|
|
CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
|
|
|
|
-- Enable other useful extensions
|
|
CREATE EXTENSION IF NOT EXISTS pg_trgm; -- Fuzzy text search
|
|
CREATE EXTENSION IF NOT EXISTS btree_gin; -- GIN indexes for scalar types
|
|
CREATE EXTENSION IF NOT EXISTS pgcrypto; -- Cryptographic functions
|
|
|
|
-- ============================================================================
|
|
-- Create schemas for all modules
|
|
-- Migrations will create tables within these schemas
|
|
-- ============================================================================
|
|
|
|
-- Core Platform
|
|
CREATE SCHEMA IF NOT EXISTS authority; -- Authentication, authorization, OAuth/OIDC
|
|
|
|
-- Data Ingestion
|
|
CREATE SCHEMA IF NOT EXISTS vuln; -- Concelier vulnerability data
|
|
CREATE SCHEMA IF NOT EXISTS vex; -- Excititor VEX documents
|
|
|
|
-- Scanning & Analysis
|
|
CREATE SCHEMA IF NOT EXISTS scanner; -- Container scanning, SBOM generation
|
|
|
|
-- Scheduling & Orchestration
|
|
CREATE SCHEMA IF NOT EXISTS scheduler; -- Job scheduling
|
|
CREATE SCHEMA IF NOT EXISTS taskrunner; -- Task execution
|
|
|
|
-- Policy & Risk
|
|
CREATE SCHEMA IF NOT EXISTS policy; -- Policy engine
|
|
CREATE SCHEMA IF NOT EXISTS unknowns; -- Unknown component tracking
|
|
|
|
-- Artifacts & Evidence
|
|
CREATE SCHEMA IF NOT EXISTS proofchain; -- Attestor proof chains
|
|
CREATE SCHEMA IF NOT EXISTS attestor; -- Attestor submission queue
|
|
CREATE SCHEMA IF NOT EXISTS signer; -- Key management
|
|
|
|
-- Notifications
|
|
CREATE SCHEMA IF NOT EXISTS notify; -- Notification delivery
|
|
|
|
-- Signals & Observability
|
|
CREATE SCHEMA IF NOT EXISTS signals; -- Runtime signals
|
|
|
|
-- Registry
|
|
CREATE SCHEMA IF NOT EXISTS packs; -- Task packs registry
|
|
|
|
-- Audit
|
|
CREATE SCHEMA IF NOT EXISTS audit; -- System-wide audit log
|
|
|
|
-- ============================================================================
|
|
-- Grant usage to application user (for single-user mode)
|
|
-- Per-module users are created in 02-create-users.sql
|
|
-- ============================================================================
|
|
DO $$
|
|
DECLARE
|
|
schema_name TEXT;
|
|
BEGIN
|
|
FOR schema_name IN SELECT unnest(ARRAY[
|
|
'authority', 'vuln', 'vex', 'scanner', 'scheduler', 'taskrunner',
|
|
'policy', 'unknowns', 'proofchain', 'attestor', 'signer',
|
|
'notify', 'signals', 'packs', 'audit'
|
|
]) LOOP
|
|
EXECUTE format('GRANT USAGE ON SCHEMA %I TO PUBLIC', schema_name);
|
|
END LOOP;
|
|
END $$;
|