mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
kanidm/server/daemon/src/opt.rs

290 lines
10 KiB
Rust
Raw Normal View History

Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Args)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
struct CommonOpt {
Changing to allow startup without a config file (#2582) * Changing to allow startup without a config file, using environment variables
2024-02-27 06:40:00 +01:00
/// Path to the server's configuration file.
Upgraded clap, removing atty as a dependency (#1849) * upgraded clap, removing atty as a dependency * changing the PR template so when you add a list up the top it doesn't break the bottom
2023-07-13 04:19:28 +02:00
#[clap(short, long = "config", env = "KANIDM_CONFIG")]
1788 admin unix socket (#1880)
2023-07-24 02:05:10 +02:00
config_path: Option<PathBuf>,
Update to account recovery UX (#859) * JSON-formatted output for recover_account, moved a bunch of logs to debug instead of info * updated documentation
2022-06-26 10:02:16 +02:00
/// Log format (still in very early development)
CLI integration test beginnings (#2261) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy
2023-10-30 07:10:54 +01:00
#[clap(short, long = "output", env = "KANIDM_OUTPUT", default_value = "text")]
Update to account recovery UX (#859) * JSON-formatted output for recover_account, moved a bunch of logs to debug instead of info * updated documentation
2022-06-26 10:02:16 +02:00
output_mode: String,
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Args)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
struct BackupOpt {
Upgraded clap, removing atty as a dependency (#1849) * upgraded clap, removing atty as a dependency * changing the PR template so when you add a list up the top it doesn't break the bottom
2023-07-13 04:19:28 +02:00
#[clap(value_parser)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
/// Output path for the backup content.
path: PathBuf,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(flatten)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
commonopts: CommonOpt,
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Args)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
struct RestoreOpt {
Upgraded clap, removing atty as a dependency (#1849) * upgraded clap, removing atty as a dependency * changing the PR template so when you add a list up the top it doesn't break the bottom
2023-07-13 04:19:28 +02:00
#[clap(value_parser)]
adding env vars, making clippy happier, cleaning up some error messages (#438)
2021-05-09 14:06:58 +02:00
/// Restore from this path. Should be created with "backup".
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
path: PathBuf,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(flatten)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
commonopts: CommonOpt,
}
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
#[derive(Debug, Subcommand)]
enum DomainSettingsCmds {
Add tools for remigration and domain level raising (#2481)
2024-02-06 11:01:06 +01:00
/// Show the current domain
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
#[clap(name = "show")]
Add tools for remigration and domain level raising (#2481)
2024-02-06 11:01:06 +01:00
Show {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Change the IDM domain name based on the values in the configuration
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
#[clap(name = "rename")]
Add tools for remigration and domain level raising (#2481)
2024-02-06 11:01:06 +01:00
Change {
#[clap(flatten)]
commonopts: CommonOpt,
},
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
/// Perform a pre-upgrade-check of this domains content. This will report possible
/// incompatibilities that can block a successful upgrade to the next version of
/// Kanidm. This is a safe read only operation.
#[clap(name = "upgrade-check")]
UpgradeCheck {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// ⚠️ Do not use this command unless directed by a project member. ⚠️
/// - Raise the functional level of this domain to the maximum available.
Add tools for remigration and domain level raising (#2481)
2024-02-06 11:01:06 +01:00
#[clap(name = "raise")]
Raise {
#[clap(flatten)]
commonopts: CommonOpt,
},
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
/// ⚠️ Do not use this command unless directed by a project member. ⚠️
/// - Rerun migrations of this domains database, optionally nominating the level
20240530 nightly warnings (#2806) * Cleaneup * Lots of ram saving
2024-05-30 12:22:19 +02:00
/// to start from.
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
#[clap(name = "remigrate")]
Add tools for remigration and domain level raising (#2481)
2024-02-06 11:01:06 +01:00
Remigrate {
#[clap(flatten)]
commonopts: CommonOpt,
level: Option<u32>,
},
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
}
#[derive(Debug, Subcommand)]
enum DbCommands {
#[clap(name = "vacuum")]
/// Vacuum the database to reclaim space or change db_fs_type/page_size (offline)
Vacuum(CommonOpt),
#[clap(name = "backup")]
/// Backup the database content (offline)
Backup(BackupOpt),
#[clap(name = "restore")]
/// Restore the database content (offline)
Restore(RestoreOpt),
#[clap(name = "verify")]
/// Verify database and entity consistency.
Verify(CommonOpt),
#[clap(name = "reindex")]
/// Reindex the database (offline)
Reindex(CommonOpt),
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Args)]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
struct DbScanListIndex {
/// The name of the index to list
index_name: String,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(flatten)]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
commonopts: CommonOpt,
}
CLI integration test beginnings (#2261) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy
2023-10-30 07:10:54 +01:00
#[derive(Debug, Parser)]
Adding healthcheck functionality to kanidmd (#1330) * closes #1220, adds healthcheck functionality to kanidmd * ssl is old and busted, tls is great
2023-01-23 10:58:13 +01:00
struct HealthCheckArgs {
/// Disable TLS verification
#[clap(short, long, action)]
Fixing the kanidmd healthcheck (#1789) * fixing the health check * fixing pages while I am here * flipping options like I flip burgers * using the config-supplied cert
2023-06-28 11:41:24 +02:00
verify_tls: bool,
/// Check the 'origin' URL from the server configuration file, instead of the 'address'
CLI integration test beginnings (#2261) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy
2023-10-30 07:10:54 +01:00
#[clap(short = 'O', long, action)]
Fixing the kanidmd healthcheck (#1789) * fixing the health check * fixing pages while I am here * flipping options like I flip burgers * using the config-supplied cert
2023-06-28 11:41:24 +02:00
check_origin: bool,
Adding healthcheck functionality to kanidmd (#1330) * closes #1220, adds healthcheck functionality to kanidmd * ssl is old and busted, tls is great
2023-01-23 10:58:13 +01:00
#[clap(flatten)]
commonopts: CommonOpt,
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Args)]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
struct DbScanGetId2Entry {
/// The id of the entry to display
id: u64,
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(flatten)]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
commonopts: CommonOpt,
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Subcommand)]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
enum DbScanOpt {
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "list-all-indexes")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// List all index tables that exist on the system.
ListIndexes(CommonOpt),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "list-index")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// List all content of a named index
ListIndex(DbScanListIndex),
// #[structopt(name = "get_index")]
// /// Display the content of a single index key
// GetIndex(DbScanGetIndex),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "list-id2entry")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// List all id2entry values with reduced entry content
ListId2Entry(CommonOpt),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "get-id2entry")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// View the data of a specific entry from id2entry
GetId2Entry(DbScanGetId2Entry),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "list-index-analysis")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// List all content of index analysis
ListIndexAnalysis(CommonOpt),
Resolve issues with dyngroup members (#1986)
2023-08-17 07:52:12 +02:00
#[clap(name = "quarantine-id2entry")]
/// Given an entry id, quarantine the entry in a hidden db partition
QuarantineId2Entry {
/// The id of the entry to display
id: u64,
#[clap(flatten)]
commonopts: CommonOpt,
},
#[clap(name = "list-quarantined")]
/// List the entries in quarantine
ListQuarantined {
#[clap(flatten)]
commonopts: CommonOpt,
},
#[clap(name = "restore-quarantined")]
/// Given an entry id, restore the entry from the hidden db partition
RestoreQuarantined {
/// The id of the entry to display
id: u64,
#[clap(flatten)]
commonopts: CommonOpt,
},
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Parser)]
CLI integration test beginnings (#2261) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy
2023-10-30 07:10:54 +01:00
#[command(name = "kanidmd")]
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
struct KanidmdParser {
Upgraded clap, removing atty as a dependency (#1849) * upgraded clap, removing atty as a dependency * changing the PR template so when you add a list up the top it doesn't break the bottom
2023-07-13 04:19:28 +02:00
#[command(subcommand)]
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
commands: KanidmdOpt,
}
Changing to allow startup without a config file (#2582) * Changing to allow startup without a config file, using environment variables
2024-02-27 06:40:00 +01:00
impl KanidmdParser {
/// Returns the configuration path that was specified on the command line, if any.
fn config_path(&self) -> Option<PathBuf> {
match self.commands {
KanidmdOpt::Server(ref c) => c.config_path.clone(),
KanidmdOpt::ConfigTest(ref c) => c.config_path.clone(),
KanidmdOpt::CertGenerate(ref c) => c.config_path.clone(),
KanidmdOpt::RecoverAccount { ref commonopts, .. } => commonopts.config_path.clone(),
KanidmdOpt::ShowReplicationCertificate { ref commonopts, .. } => {
commonopts.config_path.clone()
}
KanidmdOpt::RenewReplicationCertificate { ref commonopts, .. } => {
commonopts.config_path.clone()
}
KanidmdOpt::RefreshReplicationConsumer { ref commonopts, .. } => {
commonopts.config_path.clone()
}
KanidmdOpt::DbScan { ref commands } => match commands {
DbScanOpt::ListIndexes(ref c) => c.config_path.clone(),
DbScanOpt::ListIndex(ref c) => c.commonopts.config_path.clone(),
DbScanOpt::ListId2Entry(ref c) => c.config_path.clone(),
DbScanOpt::GetId2Entry(ref c) => c.commonopts.config_path.clone(),
DbScanOpt::ListIndexAnalysis(ref c) => c.config_path.clone(),
DbScanOpt::QuarantineId2Entry { ref commonopts, .. } => {
commonopts.config_path.clone()
}
DbScanOpt::ListQuarantined { ref commonopts } => commonopts.config_path.clone(),
DbScanOpt::RestoreQuarantined { ref commonopts, .. } => {
commonopts.config_path.clone()
}
},
KanidmdOpt::Database { ref commands } => match commands {
DbCommands::Vacuum(ref c) => c.config_path.clone(),
DbCommands::Backup(ref c) => c.commonopts.config_path.clone(),
DbCommands::Restore(ref c) => c.commonopts.config_path.clone(),
DbCommands::Verify(ref c) => c.config_path.clone(),
DbCommands::Reindex(ref c) => c.config_path.clone(),
},
KanidmdOpt::DomainSettings { ref commands } => match commands {
DomainSettingsCmds::Show { ref commonopts } => commonopts.config_path.clone(),
DomainSettingsCmds::Change { ref commonopts } => commonopts.config_path.clone(),
20240301 systemd uid (#2602) Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range. Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. The second is that systemd allocates 524288 through 1879048191 to itself for nspawn. This leaves with with only a few usable ranges. 1000 through 60000 60578 through 61183 65520 through 65533 65536 through 524287 1879048192 through 2147483647 The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. There are now two major issues. We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. As a result we need to make two concessions. We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
2024-03-07 04:25:54 +01:00
DomainSettingsCmds::UpgradeCheck { ref commonopts } => commonopts.config_path.clone(),
Changing to allow startup without a config file (#2582) * Changing to allow startup without a config file, using environment variables
2024-02-27 06:40:00 +01:00
DomainSettingsCmds::Raise { ref commonopts } => commonopts.config_path.clone(),
DomainSettingsCmds::Remigrate { ref commonopts, .. } => {
commonopts.config_path.clone()
}
},
KanidmdOpt::HealthCheck(ref c) => c.commonopts.config_path.clone(),
KanidmdOpt::Version(ref c) => c.config_path.clone(),
}
}
}
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[derive(Debug, Subcommand)]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
enum KanidmdOpt {
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(name = "server")]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
/// Start the IDM Server
Server(CommonOpt),
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
#[clap(name = "configtest")]
Change how domain names are handled in our configuration. (#639)
2022-02-15 07:17:43 +01:00
/// Test the IDM Server configuration, without starting network listeners.
ConfigTest(CommonOpt),
Add tls generator to main kanidmd (#1743)
2023-06-19 12:51:44 +02:00
#[clap(name = "cert-generate")]
/// Create a self-signed ca and tls certificate in the locations listed from the
/// configuration. These certificates should *not* be used in production, they
/// are for testing and evaluation only!
CertGenerate(CommonOpt),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "recover-account")]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
/// Recover an account's password
1788 admin unix socket (#1880)
2023-07-24 02:05:10 +02:00
RecoverAccount {
#[clap(value_parser)]
/// The account name to recover credentials for.
name: String,
#[clap(flatten)]
commonopts: CommonOpt,
},
68 20230919 replication configuration (#2131)
2023-09-29 04:02:13 +02:00
/// Display this server's replication certificate
ShowReplicationCertificate {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Renew this server's replication certificate
RenewReplicationCertificate {
#[clap(flatten)]
commonopts: CommonOpt,
},
68 20230929 replication finalisation (#2160) Replication is now ready for test deployments!
2023-10-05 03:11:27 +02:00
/// Refresh this servers database content with the content from a supplier. This means
/// that all local content will be deleted and replaced with the supplier content.
RefreshReplicationConsumer {
#[clap(flatten)]
commonopts: CommonOpt,
/// Acknowledge that this database content will be refreshed from a supplier.
#[clap(long = "i-want-to-refresh-this-servers-database")]
proceed: bool,
},
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
// #[clap(name = "reset_server_id")]
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
// ResetServerId(CommonOpt),
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2023-03-02 03:47:23 +01:00
#[clap(name = "db-scan")]
511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
2021-07-01 06:51:25 +02:00
/// Inspect the internal content of the database datastructures.
Clap Migration (#817)
2022-06-11 07:24:29 +02:00
DbScan {
#[clap(subcommand)]
commands: DbScanOpt,
},
Domain Display Name (#872)
2022-07-07 05:03:08 +02:00
/// Database maintenance, backups, restoration etc.
#[clap(name = "database")]
Database {
#[clap(subcommand)]
commands: DbCommands,
},
/// Change domain settings
#[clap(name = "domain")]
DomainSettings {
#[clap(subcommand)]
commands: DomainSettingsCmds,
},
1788 admin unix socket (#1880)
2023-07-24 02:05:10 +02:00
Adding healthcheck functionality to kanidmd (#1330) * closes #1220, adds healthcheck functionality to kanidmd * ssl is old and busted, tls is great
2023-01-23 10:58:13 +01:00
/// Load the server config and check services are listening
#[clap(name = "healthcheck")]
HealthCheck(HealthCheckArgs),
Version argument for kanidm and kanidmd (#991)
2022-08-18 02:36:45 +02:00
/// Print the program version and exit
CLI integration test beginnings (#2261) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy
2023-10-30 07:10:54 +01:00
#[clap(name = "version")]
Version(CommonOpt),
306 command complete (#354) Fixes #306 adding command line autocompletion. These are generated to: CARGO_TARGET_DIR/item-hash/out/. These will need to be packaged for distros later, it's unclear how we could use cargo install with these as cargo doesn't support arbitrary artefacts like this (yet?).
2021-02-13 04:46:22 +01:00
}
Reference in a new issue Copy permalink