extend schema to allow : (colon) in Tag keys

core/zms/src/main/java/com/yahoo/athenz/zms/ZMSSchema.java

@@ -89,6 +89,9 @@ private static Schema build() {
         sb.stringType("AuthorityKeywords")
             .pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*,)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
 
+        sb.stringType("TagKey")
+            .pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*[:\\.])*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
+
         sb.stringType("TagValue")
             .comment("TagValue to contain generic string patterns")
             .pattern("[a-zA-Z0-9_:,\\/][a-zA-Z0-9_:,\\/-]*");
@@ -133,7 +136,7 @@ private static Schema build() {
             .field("azureSubscription", "String", true, "associated azure subscription id (system attribute - uniqueness check - if enabled)")
             .field("gcpProject", "String", true, "associated gcp project id (system attribute - uniqueness check - if enabled)")
             .field("gcpProjectNumber", "String", true, "associated gcp project number (system attribute)")
-            .mapField("tags", "CompoundName", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
+            .mapField("tags", "TagKey", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
             .field("businessService", "String", true, "associated business service with domain")
             .field("memberPurgeExpiryDays", "Int32", true, "purge role/group members with expiry date configured days in the past")
             .field("productId", "String", true, "associated product id (system attribute - uniqueness check - if enabled)")
@@ -210,7 +213,7 @@ private static Schema build() {
             .field("userAuthorityExpiration", "String", true, "expiration enforced by a user authority configured attribute")
             .field("groupExpiryDays", "Int32", true, "all groups in the domain roles will have specified max expiry days")
             .field("groupReviewDays", "Int32", true, "all groups in the domain roles will have specified max review days")
-            .mapField("tags", "CompoundName", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
+            .mapField("tags", "TagKey", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
             .field("description", "String", true, "a description of the role")
             .field("auditEnabled", "Bool", true, "Flag indicates whether or not role updates should be approved by GRC. If true, the auditRef parameter must be supplied(not empty) for any API defining it.", false)
             .field("deleteProtection", "Bool", true, "If true, ask for delete confirmation in audit and review enabled roles.", false)
@@ -318,7 +321,7 @@ private static Schema build() {
             .field("version", "SimpleName", true, "optional version string, defaults to 0")
             .field("active", "Bool", true, "if multi-version policy then indicates active version")
             .field("description", "String", true, "a description of the policy")
-            .mapField("tags", "CompoundName", "TagValueList", true, "key-value pair tags, tag might contain multiple values");
+            .mapField("tags", "TagKey", "TagValueList", true, "key-value pair tags, tag might contain multiple values");
 
         sb.structType("Policies")
             .comment("The representation of list of policy objects")
@@ -345,7 +348,7 @@ private static Schema build() {
             .arrayField("hosts", "String", true, "list of host names that this service can run on")
             .field("user", "String", true, "local (unix) user name this service can run as")
             .field("group", "String", true, "local (unix) group name this service can run as")
-            .mapField("tags", "CompoundName", "TagValueList", true, "key-value pair tags, tag might contain multiple values");
+            .mapField("tags", "TagKey", "TagValueList", true, "key-value pair tags, tag might contain multiple values");
 
         sb.structType("ServiceIdentities")
             .comment("The representation of list of services")
@@ -510,7 +513,7 @@ private static Schema build() {
             .field("userAuthorityExpiration", "String", true, "expiration enforced by a user authority configured attribute")
             .field("memberExpiryDays", "Int32", true, "all user members in the group will have specified max expiry days")
             .field("serviceExpiryDays", "Int32", true, "all services in the group will have specified max expiry days")
-            .mapField("tags", "CompoundName", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
+            .mapField("tags", "TagKey", "TagValueList", true, "key-value pair tags, tag might contain multiple values")
             .field("auditEnabled", "Bool", true, "Flag indicates whether or not group updates should require GRC approval. If true, the auditRef parameter must be supplied(not empty) for any API defining it", false)
             .field("deleteProtection", "Bool", true, "If true, ask for delete confirmation in audit and review enabled groups.", false)
             .field("lastReviewedDate", "Timestamp", true, "last review timestamp of the group")

core/zms/src/main/rdl/Domain.tdl

@@ -25,7 +25,7 @@ type DomainMeta Struct {
     String azureSubscription (optional); //associated azure subscription id (system attribute - uniqueness check - if enabled)
     String gcpProject (optional); //associated gcp project id (system attribute - uniqueness check - if enabled)
     String gcpProjectNumber (optional); //associated gcp project number (system attribute)
-    Map<CompoundName,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
+    Map<TagKey,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
     String businessService (optional, x_allowempty="true"); //associated business service with domain
     Int32 memberPurgeExpiryDays (optional); //purge role/group members with expiry date configured days in the past
     String productId (optional); //associated product id (system attribute - uniqueness check - if enabled)

core/zms/src/main/rdl/Group.tdl

@@ -52,7 +52,7 @@ type GroupMeta Struct {
     String userAuthorityExpiration (optional); //expiration enforced by a user authority configured attribute
     Int32 memberExpiryDays (optional); //all user members in the group will have specified max expiry days
     Int32 serviceExpiryDays (optional); //all services in the group will have specified max expiry days
-    Map<CompoundName,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
+    Map<TagKey,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
     Bool auditEnabled (optional, default=false); //Flag indicates whether or not group updates should require GRC approval. If true, the auditRef parameter must be supplied(not empty) for any API defining it
     Bool deleteProtection (optional, default=false); //If true, ask for delete confirmation in audit and review enabled groups.
     Timestamp lastReviewedDate (optional); //last review timestamp of the group

core/zms/src/main/rdl/Names.tdl

@@ -70,6 +70,8 @@ type MemberName String (pattern="\\*|{DomainName}\\.\\*|{ServiceName}(\\*)?|{Gro
 type AuthorityKeyword String (pattern="{SimpleName}");
 type AuthorityKeywords String (pattern="({AuthorityKeyword},)*{AuthorityKeyword}");
 
+type TagKey String (pattern="({SimpleName}[:\\.])*{SimpleName}");
+
 //TagValue to contain generic string patterns
 type TagValue String (pattern="[a-zA-Z0-9_:,\\/][a-zA-Z0-9_:,\\/-]*");
 

core/zms/src/main/rdl/Policy.tdl

@@ -48,7 +48,7 @@ type Policy Struct {
     SimpleName version (optional); // optional version string, defaults to 0
     Bool active (optional); // if multi-version policy then indicates active version
     String description (optional); //a description of the policy
-    Map<CompoundName,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
+    Map<TagKey,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
 }
 
 //The representation of list of policy objects

core/zms/src/main/rdl/Role.tdl

@@ -50,7 +50,7 @@ type RoleMeta Struct {
     String userAuthorityExpiration (optional); //expiration enforced by a user authority configured attribute
     Int32 groupExpiryDays (optional); //all groups in the domain roles will have specified max expiry days
     Int32 groupReviewDays (optional); //all groups in the domain roles will have specified max review days
-    Map<CompoundName,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
+    Map<TagKey,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
     String description (optional); //a description of the role
     Bool auditEnabled (optional, default=false); //Flag indicates whether or not role updates should be approved by GRC. If true, the auditRef parameter must be supplied(not empty) for any API defining it.
     Bool deleteProtection (optional, default=false); //If true, ask for delete confirmation in audit and review enabled roles.

core/zms/src/main/rdl/ServiceIdentity.tdl

@@ -20,7 +20,7 @@ type ServiceIdentity Struct {
     Array<String> hosts (optional); //list of host names that this service can run on
     String user (optional);         //local (unix) user name this service can run as
     String group (optional);        //local (unix) group name this service can run as
-    Map<CompoundName,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
+    Map<TagKey,TagValueList> tags (optional); //key-value pair tags, tag might contain multiple values
 }
 
 //The representation of list of services