kanidm/server/lib/src/valueset/ssh.rs

use std::collections::btree_map::Entry as BTreeEntry;
use std::collections::BTreeMap;

use crate::be::dbvalue::DbValueTaggedStringV1;
use crate::prelude::*;
use crate::repl::proto::ReplAttrV1;
use crate::schema::SchemaAttribute;
use crate::valueset::{DbValueSetV2, ValueSet};

use sshkey_attest::proto::PublicKey as SshPublicKey;

#[derive(Debug, Clone)]
pub struct ValueSetSshKey {
    map: BTreeMap<String, SshPublicKey>,
}

impl ValueSetSshKey {
    pub fn new(t: String, k: SshPublicKey) -> Box<Self> {
        let mut map = BTreeMap::new();
        map.insert(t, k);
        Box::new(ValueSetSshKey { map })
    }

    pub fn push(&mut self, t: String, k: SshPublicKey) -> bool {
        self.map.insert(t, k).is_none()
    }

    pub fn from_dbvs2(data: Vec<DbValueTaggedStringV1>) -> Result<ValueSet, OperationError> {
        let map = data
            .into_iter()
            .filter_map(|DbValueTaggedStringV1 { tag, data }| {
                SshPublicKey::from_string(&data)
                    .map_err(|err| {
                        warn!(%tag, ?err, "discarding corrupted ssh public key");
                    })
                    .map(|pk| (tag, pk))
                    .ok()
            })
            .collect();
        Ok(Box::new(ValueSetSshKey { map }))
    }

    pub fn from_repl_v1(data: &[(String, String)]) -> Result<ValueSet, OperationError> {
        let map = data
            .iter()
            .map(|(tag, data)| {
                SshPublicKey::from_string(data)
                    .map_err(|err| {
                        warn!(%tag, ?err, "discarding corrupted ssh public key");
                        OperationError::VS0001IncomingReplSshPublicKey
                    })
                    .map(|pk| (tag.clone(), pk))
            })
            .collect::<Result<BTreeMap<_, _>, _>>()?;

        Ok(Box::new(ValueSetSshKey { map }))
    }

    // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
    // types, and tuples are always foreign.
    #[allow(clippy::should_implement_trait)]
    pub fn from_iter<T>(iter: T) -> Option<Box<Self>>
    where
        T: IntoIterator<Item = (String, SshPublicKey)>,
    {
        let map = iter.into_iter().collect();
        Some(Box::new(ValueSetSshKey { map }))
    }
}

impl ValueSetT for ValueSetSshKey {
    fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
        match value {
            Value::SshKey(t, k) => {
                if let BTreeEntry::Vacant(e) = self.map.entry(t) {
                    e.insert(k);
                    Ok(true)
                } else {
                    Ok(false)
                }
            }
            _ => Err(OperationError::InvalidValueState),
        }
    }

    fn clear(&mut self) {
        self.map.clear();
    }

    fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
        match pv {
            PartialValue::SshKey(t) => self.map.remove(t.as_str()).is_some(),
            _ => false,
        }
    }

    fn contains(&self, pv: &PartialValue) -> bool {
        match pv {
            PartialValue::SshKey(t) => self.map.contains_key(t.as_str()),
            _ => false,
        }
    }

    fn substring(&self, _pv: &PartialValue) -> bool {
        false
    }

    fn startswith(&self, _pv: &PartialValue) -> bool {
        false
    }

    fn endswith(&self, _pv: &PartialValue) -> bool {
        false
    }

    fn lessthan(&self, _pv: &PartialValue) -> bool {
        false
    }

    fn len(&self) -> usize {
        self.map.len()
    }

    fn generate_idx_eq_keys(&self) -> Vec<String> {
        self.map.keys().cloned().collect()
    }

    fn syntax(&self) -> SyntaxType {
        SyntaxType::SshKey
    }

    fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
        self.map.iter().all(|(s, _key)| {
            Value::validate_str_escapes(s)
                // && Value::validate_iname(s)
                && Value::validate_singleline(s)
        })
    }

    fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
        Box::new(self.map.iter().map(|(tag, pk)| format!("{}: {}", tag, pk)))
    }

    fn to_db_valueset_v2(&self) -> DbValueSetV2 {
        DbValueSetV2::SshKey(
            self.map
                .iter()
                .map(|(tag, key)| DbValueTaggedStringV1 {
                    tag: tag.clone(),
                    data: key.to_string(),
                })
                .collect(),
        )
    }

    fn to_repl_v1(&self) -> ReplAttrV1 {
        ReplAttrV1::SshKey {
            set: self
                .map
                .iter()
                .map(|(tag, key)| (tag.clone(), key.to_string()))
                .collect(),
        }
    }

    fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
        Box::new(self.map.keys().cloned().map(PartialValue::SshKey))
    }

    fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
        Box::new(
            self.map
                .iter()
                .map(|(t, k)| Value::SshKey(t.clone(), k.clone())),
        )
    }

    fn equal(&self, other: &ValueSet) -> bool {
        if let Some(other) = other.as_sshkey_map() {
            &self.map == other
        } else {
            debug_assert!(false);
            false
        }
    }

    fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
        if let Some(b) = other.as_sshkey_map() {
            mergemaps!(self.map, b)
        } else {
            debug_assert!(false);
            Err(OperationError::InvalidValueState)
        }
    }

    fn as_sshkey_map(&self) -> Option<&BTreeMap<String, SshPublicKey>> {
        Some(&self.map)
    }

    fn get_ssh_tag(&self, tag: &str) -> Option<&SshPublicKey> {
        self.map.get(tag)
    }

    fn as_sshpubkey_string_iter(&self) -> Option<Box<dyn Iterator<Item = String> + '_>> {
        Some(Box::new(self.map.values().map(|pk| pk.to_string())))
    }
}
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`use std::collections::btree_map::Entry as BTreeEntry;`
			`use std::collections::BTreeMap;`

			`use crate::be::dbvalue::DbValueTaggedStringV1;`
Rework deps (#1079) 2022-10-01 08:08:51 +02:00			`use crate::prelude::*;`
20230130 hackweek replication (#1358) Add initial support for refreshing the content of a new server in a replication topology. This is embedded in test cases only for now. 2023-02-15 01:25:51 +01:00			`use crate::repl::proto::ReplAttrV1;`
Rework deps (#1079) 2022-10-01 08:08:51 +02:00			`use crate::schema::SchemaAttribute;`
			`use crate::valueset::{DbValueSetV2, ValueSet};`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`use sshkey_attest::proto::PublicKey as SshPublicKey;`
Improve string validation (#1497) 2023-03-28 04:42:06 +02:00
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`#[derive(Debug, Clone)]`
			`pub struct ValueSetSshKey {`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`map: BTreeMap<String, SshPublicKey>,`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`}`

			`impl ValueSetSshKey {`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`pub fn new(t: String, k: SshPublicKey) -> Box<Self> {`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`let mut map = BTreeMap::new();`
			`map.insert(t, k);`
			`Box::new(ValueSetSshKey { map })`
			`}`

20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`pub fn push(&mut self, t: String, k: SshPublicKey) -> bool {`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`self.map.insert(t, k).is_none()`
			`}`

			`pub fn from_dbvs2(data: Vec<DbValueTaggedStringV1>) -> Result<ValueSet, OperationError> {`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`let map = data`
			`.into_iter()`
			`.filter_map(\|DbValueTaggedStringV1 { tag, data }\| {`
			`SshPublicKey::from_string(&data)`
			`.map_err(\|err\| {`
			`warn!(%tag, ?err, "discarding corrupted ssh public key");`
			`})`
			`.map(\|pk\| (tag, pk))`
			`.ok()`
			`})`
			`.collect();`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`Ok(Box::new(ValueSetSshKey { map }))`
			`}`

20230130 hackweek replication (#1358) Add initial support for refreshing the content of a new server in a replication topology. This is embedded in test cases only for now. 2023-02-15 01:25:51 +01:00			`pub fn from_repl_v1(data: &[(String, String)]) -> Result<ValueSet, OperationError> {`
			`let map = data`
			`.iter()`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`.map(\|(tag, data)\| {`
cargo fmt + clippy (#2241) Signed-off-by: Samuel Cabrero <scabrero@suse.de> 2023-10-27 06:40:24 +02:00			`SshPublicKey::from_string(data)`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`.map_err(\|err\| {`
			`warn!(%tag, ?err, "discarding corrupted ssh public key");`
			`OperationError::VS0001IncomingReplSshPublicKey`
			`})`
			`.map(\|pk\| (tag.clone(), pk))`
			`})`
			`.collect::<Result<BTreeMap<_, _>, _>>()?;`

20230130 hackweek replication (#1358) Add initial support for refreshing the content of a new server in a replication topology. This is embedded in test cases only for now. 2023-02-15 01:25:51 +01:00			`Ok(Box::new(ValueSetSshKey { map }))`
			`}`

Be calm clippy (#1015) 2022-09-05 15:00:48 +02:00			`// We need to allow this, because rust doesn't allow us to impl FromIterator on foreign`
			`// types, and tuples are always foreign.`
			`#[allow(clippy::should_implement_trait)]`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`pub fn from_iter<T>(iter: T) -> Option<Box<Self>>`
			`where`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`T: IntoIterator<Item = (String, SshPublicKey)>,`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`{`
			`let map = iter.into_iter().collect();`
			`Some(Box::new(ValueSetSshKey { map }))`
			`}`
			`}`

			`impl ValueSetT for ValueSetSshKey {`
			`fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {`
			`match value {`
			`Value::SshKey(t, k) => {`
			`if let BTreeEntry::Vacant(e) = self.map.entry(t) {`
			`e.insert(k);`
			`Ok(true)`
			`} else {`
			`Ok(false)`
			`}`
			`}`
			`_ => Err(OperationError::InvalidValueState),`
			`}`
			`}`

			`fn clear(&mut self) {`
			`self.map.clear();`
			`}`

68 20230912 session consistency (#2110) This adds support for special-casing sessions in replication to allow them to internally trim and merge so that session revocations and creations are not lost between replicas. 2023-09-16 01:22:11 +02:00			`fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`match pv {`
			`PartialValue::SshKey(t) => self.map.remove(t.as_str()).is_some(),`
			`_ => false,`
			`}`
			`}`

			`fn contains(&self, pv: &PartialValue) -> bool {`
			`match pv {`
			`PartialValue::SshKey(t) => self.map.contains_key(t.as_str()),`
			`_ => false,`
			`}`
			`}`

			`fn substring(&self, _pv: &PartialValue) -> bool {`
			`false`
			`}`

20231120 2320 sssd compat (#2328) 2023-11-22 01:18:03 +01:00			`fn startswith(&self, _pv: &PartialValue) -> bool {`
			`false`
			`}`

			`fn endswith(&self, _pv: &PartialValue) -> bool {`
			`false`
			`}`

At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`fn lessthan(&self, _pv: &PartialValue) -> bool {`
			`false`
			`}`

			`fn len(&self) -> usize {`
			`self.map.len()`
			`}`

			`fn generate_idx_eq_keys(&self) -> Vec<String> {`
			`self.map.keys().cloned().collect()`
			`}`

			`fn syntax(&self) -> SyntaxType {`
			`SyntaxType::SshKey`
			`}`

			`fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`self.map.iter().all(\|(s, _key)\| {`
			`Value::validate_str_escapes(s)`
			`// && Value::validate_iname(s)`
Improve string validation (#1497) 2023-03-28 04:42:06 +02:00			`&& Value::validate_singleline(s)`
			`})`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`}`

			`fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {`
Return sshkey label to cli fields (#2440) * Return ssh label to cli fields 2024-01-20 08:17:57 +01:00			`Box::new(self.map.iter().map(\|(tag, pk)\| format!("{}: {}", tag, pk)))`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`}`

			`fn to_db_valueset_v2(&self) -> DbValueSetV2 {`
			`DbValueSetV2::SshKey(`
			`self.map`
			`.iter()`
			`.map(\|(tag, key)\| DbValueTaggedStringV1 {`
			`tag: tag.clone(),`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`data: key.to_string(),`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`})`
			`.collect(),`
			`)`
			`}`

20230130 hackweek replication (#1358) Add initial support for refreshing the content of a new server in a replication topology. This is embedded in test cases only for now. 2023-02-15 01:25:51 +01:00			`fn to_repl_v1(&self) -> ReplAttrV1 {`
			`ReplAttrV1::SshKey {`
			`set: self`
			`.map`
			`.iter()`
20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`.map(\|(tag, key)\| (tag.clone(), key.to_string()))`
20230130 hackweek replication (#1358) Add initial support for refreshing the content of a new server in a replication topology. This is embedded in test cases only for now. 2023-02-15 01:25:51 +01:00			`.collect(),`
			`}`
			`}`

At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {`
			`Box::new(self.map.keys().cloned().map(PartialValue::SshKey))`
			`}`

			`fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {`
			`Box::new(`
			`self.map`
			`.iter()`
			`.map(\|(t, k)\| Value::SshKey(t.clone(), k.clone())),`
			`)`
			`}`

			`fn equal(&self, other: &ValueSet) -> bool {`
			`if let Some(other) = other.as_sshkey_map() {`
			`&self.map == other`
			`} else {`
			`debug_assert!(false);`
			`false`
			`}`
			`}`

			`fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {`
			`if let Some(b) = other.as_sshkey_map() {`
			`mergemaps!(self.map, b)`
			`} else {`
			`debug_assert!(false);`
			`Err(OperationError::InvalidValueState)`
			`}`
			`}`

20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`fn as_sshkey_map(&self) -> Option<&BTreeMap<String, SshPublicKey>> {`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`Some(&self.map)`
			`}`

20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`fn get_ssh_tag(&self, tag: &str) -> Option<&SshPublicKey> {`
			`self.map.get(tag)`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`}`

20231014 account policy (#2218) * Start to prep for unix+ssh keys in credupdate session 2023-10-19 03:40:06 +02:00			`fn as_sshpubkey_string_iter(&self) -> Option<Box<dyn Iterator<Item = String> + '_>> {`
			`Some(Box::new(self.map.values().map(\|pk\| pk.to_string())))`
At some point, you have to pay for your tech debt. (#759) This replaces the unmaintained serde_cbor with serde_json in both db and IPC contexts. It changes the database on disk format to align better to how we structure values in memory making it faster to load entries when they aren't cached. And this breaks down the horrible ValueSet enum to dyn trait types, which has a huge performance improvement to the server. 2022-05-24 02:49:34 +02:00			`}`
			`}`