mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 21:17:01 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity
kanidm/rsidmd/src/lib/constants.rs

468 lines
14 KiB
Rust
Raw Normal View History

20190730 66 value types (#76) This implements strongly typed storage of data types in attribute values. This means that have the future ability to have tagged, hidden, complex or other datatypes in values rather than relying on string manipulations. It helps also to lift the burden on schema to only checking the values types on input from the protocol types, so that comparisons and other conversions will be faster. It also helps to strengthen and check values are valid earlier in conversions.
2019-08-27 01:36:54 +02:00
use uuid::Uuid;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
// On test builds, define to 60 seconds
#[cfg(test)]
pub static PURGE_TIMEOUT: u64 = 60;
// For production, 1 hour.
#[cfg(not(test))]
Add tombstone lifecycle functionaly
2019-02-22 07:15:48 +01:00
pub static PURGE_TIMEOUT: u64 = 3600;
60 authsession gc (#80) Implements #60 authsession garbage collection. If we assume that an authsession is around 1024 bytes (this assumes a 16 char name + groups + claims) then this means that in 1Gb of ram we can store about 1 million in progress auth attempts. Obviously, we don't want infinite memory growth, but we can't use an LRU cache due to the future desire to use concurrent trees. So instead we prune the tree based on a timeout when we start and auth operation. Auth session id's are generated from a timestamp similar to how we'll generate replication csn's. We can then apply a diff that will split all items lower than the csn/sid and remove them from future consideration. We set the default timeout to 5 minutes. This means that assuming 10,000 auths per second, we would require 3GB of ram to process these sessions before they are expired. We expect any deployment with such large loadings can affort 3Gb of ram :)
2019-09-06 05:04:58 +02:00
// 5 minute auth session window.
pub static AUTH_SESSION_TIMEOUT: u64 = 300;
Add tombstone lifecycle functionaly
2019-02-22 07:15:48 +01:00
20190730 66 value types (#76) This implements strongly typed storage of data types in attribute values. This means that have the future ability to have tagged, hidden, complex or other datatypes in values rather than relying on string manipulations. It helps also to lift the burden on schema to only checking the values types on input from the protocol types, so that comparisons and other conversions will be faster. It also helps to strengthen and check values are valid earlier in conversions.
2019-08-27 01:36:54 +02:00
pub static STR_UUID_ADMIN: &'static str = "00000000-0000-0000-0000-000000000000";
pub static STR_UUID_ANONYMOUS: &'static str = "00000000-0000-0000-0000-ffffffffffff";
pub static STR_UUID_DOES_NOT_EXIST: &'static str = "00000000-0000-0000-0000-fffffffffffe";
lazy_static! {
pub static ref UUID_ADMIN: Uuid = Uuid::parse_str(STR_UUID_ADMIN).unwrap();
pub static ref UUID_DOES_NOT_EXIST: Uuid = Uuid::parse_str(STR_UUID_DOES_NOT_EXIST).unwrap();
pub static ref UUID_ANONYMOUS: Uuid = Uuid::parse_str(STR_UUID_ANONYMOUS).unwrap();
}
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static JSON_ADMIN_V1: &'static str = r#"{
"valid": {
"uuid": "00000000-0000-0000-0000-000000000000"
},
"state": null,
"attrs": {
"class": ["account", "object"],
"name": ["admin"],
"uuid": ["00000000-0000-0000-0000-000000000000"],
"description": ["Builtin Admin account."],
"displayname": ["Administrator"]
}
}"#;
Refactor migrations code to be cleaner (and testable)
2019-01-20 02:40:13 +01:00
Implement Access Control Profiles (#52) This implements access controls, including a huge amount of refactor to support them and their resolution with the "SelfUUID" keyword. Additionally, parts of the event structure was improved to help, normalised was added as an entry state and more. And there are access controls! They work, have tests, and appear sane.
2019-06-07 11:19:09 +02:00
pub static _UUID_IDM_ADMINS: &'static str = "00000000-0000-0000-0000-000000000001";
pub static JSON_IDM_ADMINS_V1: &'static str = r#"{
"valid": {
"uuid": "00000000-0000-0000-0000-000000000001"
},
"state": null,
"attrs": {
"class": ["group", "object"],
"name": ["idm_admins"],
"uuid": ["00000000-0000-0000-0000-000000000001"],
"description": ["Builtin IDM Administrators Group."],
"member": ["00000000-0000-0000-0000-000000000000"]
}
}"#;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
pub static _UUID_SYSTEM_INFO: &'static str = "00000000-0000-0000-0000-ffffff000001";
pub static JSON_SYSTEM_INFO_V1: &'static str = r#"{
"valid": {
"uuid": "00000000-0000-0000-0000-ffffff000001"
},
"state": null,
"attrs": {
"class": ["object", "system_info"],
"uuid": ["00000000-0000-0000-0000-ffffff000001"],
"description": ["System info and metadata object."],
"version": ["1"],
"domain": ["example.com"]
}
}"#;
Implement Access Control Profiles (#52) This implements access controls, including a huge amount of refactor to support them and their resolution with the "SelfUUID" keyword. Additionally, parts of the event structure was improved to help, normalised was added as an entry state and more. And there are access controls! They work, have tests, and appear sane.
2019-06-07 11:19:09 +02:00
pub static _UUID_IDM_ADMINS_ACP_SEARCH_V1: &'static str = "00000000-0000-0000-0000-ffffff000002";
pub static JSON_IDM_ADMINS_ACP_SEARCH_V1: &'static str = r#"{
"valid": {
"uuid": "00000000-0000-0000-0000-ffffff000002"
},
"state": null,
"attrs": {
"class": ["object", "access_control_profile", "access_control_search"],
"name": ["idm_admins_acp_search"],
"uuid": ["00000000-0000-0000-0000-ffffff000002"],
"description": ["Builtin IDM Administrators Access Controls."],
"acp_enable": ["true"],
"acp_receiver": [
"{\"Eq\":[\"memberof\",\"00000000-0000-0000-0000-000000000001\"]}"
],
"acp_targetscope": [
"{\"Pres\":\"class\"}"
],
"acp_search_attr": ["name", "class", "uuid"]
}
}"#;
pub static _UUID_IDM_ADMINS_ACP_REVIVE_V1: &'static str = "00000000-0000-0000-0000-ffffff000003";
pub static JSON_IDM_ADMINS_ACP_REVIVE_V1: &'static str = r#"{
"valid": {
"uuid": "00000000-0000-0000-0000-ffffff000003"
},
"state": null,
"attrs": {
"class": ["object", "access_control_profile", "access_control_modify"],
"name": ["idm_admins_acp_revive"],
"uuid": ["00000000-0000-0000-0000-ffffff000003"],
"description": ["Builtin IDM Administrators Access Controls."],
"acp_enable": ["true"],
"acp_receiver": [
"{\"Eq\":[\"memberof\",\"00000000-0000-0000-0000-000000000001\"]}"
],
"acp_targetscope": [
"{\"Eq\":[\"class\",\"recycled\"]}"
],
"acp_modify_removedattr": ["class"],
"acp_modify_class": ["recycled"]
}
}"#;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
pub static _UUID_IDM_SELF_ACP_READ_V1: &'static str = "00000000-0000-0000-0000-ffffff000004";
pub static JSON_IDM_SELF_ACP_READ_V1: &'static str = r#"{
20190508 UUID on entry (#50) * Make UUID a proper type on entries * Add auth and ID data to relevant structures - this means we can start access controls!
2019-05-15 02:36:18 +02:00
"valid": {
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
"uuid": "00000000-0000-0000-0000-ffffff000004"
20190508 UUID on entry (#50) * Make UUID a proper type on entries * Add auth and ID data to relevant structures - this means we can start access controls!
2019-05-15 02:36:18 +02:00
},
Fixed all test!
2019-01-29 07:52:42 +01:00
"state": null,
Refactor migrations code to be cleaner (and testable)
2019-01-20 02:40:13 +01:00
"attrs": {
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
"class": ["object", "access_control_profile", "access_control_search"],
"name": ["idm_self_acp_read"],
"uuid": ["00000000-0000-0000-0000-ffffff000004"],
"description": ["Builtin IDM Control for self read - required for whoami."],
"acp_enable": ["true"],
"acp_receiver": [
"\"Self\""
],
"acp_targetscope": [
"\"Self\""
],
"acp_search_attr": ["name", "uuid"]
Refactor migrations code to be cleaner (and testable)
2019-01-20 02:40:13 +01:00
}
}"#;
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
pub static JSON_ANONYMOUS_V1: &'static str = r#"{
20190508 UUID on entry (#50) * Make UUID a proper type on entries * Add auth and ID data to relevant structures - this means we can start access controls!
2019-05-15 02:36:18 +02:00
"valid": {
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
"uuid": "00000000-0000-0000-0000-ffffffffffff"
20190508 UUID on entry (#50) * Make UUID a proper type on entries * Add auth and ID data to relevant structures - this means we can start access controls!
2019-05-15 02:36:18 +02:00
},
Fixed all test!
2019-01-29 07:52:42 +01:00
"state": null,
Refactor migrations code to be cleaner (and testable)
2019-01-20 02:40:13 +01:00
"attrs": {
20190607 authentication (#55) Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
2019-07-12 07:28:46 +02:00
"class": ["account", "object"],
"name": ["anonymous"],
"uuid": ["00000000-0000-0000-0000-ffffffffffff"],
"description": ["Anonymous access account."],
"displayname": ["Anonymous"]
Refactor migrations code to be cleaner (and testable)
2019-01-20 02:40:13 +01:00
}
}"#;
Finished major transaction refactor
2018-12-30 03:17:09 +01:00
// Core
More todos done!
2019-07-27 14:35:44 +02:00
// Schema uuids start at 00000000-0000-0000-0000-ffff00000000
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_ATTR_CLASS: &'static str = "00000000-0000-0000-0000-ffff00000000";
pub static UUID_SCHEMA_ATTR_UUID: &'static str = "00000000-0000-0000-0000-ffff00000001";
pub static UUID_SCHEMA_ATTR_NAME: &'static str = "00000000-0000-0000-0000-ffff00000002";
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
pub static UUID_SCHEMA_ATTR_ATTRIBUTENAME: &'static str = "00000000-0000-0000-0000-ffff00000048";
pub static UUID_SCHEMA_ATTR_CLASSNAME: &'static str = "00000000-0000-0000-0000-ffff00000049";
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_ATTR_PRINCIPAL_NAME: &'static str = "00000000-0000-0000-0000-ffff00000003";
pub static UUID_SCHEMA_ATTR_DESCRIPTION: &'static str = "00000000-0000-0000-0000-ffff00000004";
pub static UUID_SCHEMA_ATTR_MULTIVALUE: &'static str = "00000000-0000-0000-0000-ffff00000005";
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
pub static UUID_SCHEMA_ATTR_UNIQUE: &'static str = "00000000-0000-0000-0000-ffff00000047";
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_ATTR_INDEX: &'static str = "00000000-0000-0000-0000-ffff00000006";
pub static UUID_SCHEMA_ATTR_SYNTAX: &'static str = "00000000-0000-0000-0000-ffff00000007";
pub static UUID_SCHEMA_ATTR_SYSTEMMAY: &'static str = "00000000-0000-0000-0000-ffff00000008";
pub static UUID_SCHEMA_ATTR_MAY: &'static str = "00000000-0000-0000-0000-ffff00000009";
pub static UUID_SCHEMA_ATTR_SYSTEMMUST: &'static str = "00000000-0000-0000-0000-ffff00000010";
pub static UUID_SCHEMA_ATTR_MUST: &'static str = "00000000-0000-0000-0000-ffff00000011";
pub static UUID_SCHEMA_ATTR_MEMBEROF: &'static str = "00000000-0000-0000-0000-ffff00000012";
pub static UUID_SCHEMA_ATTR_MEMBER: &'static str = "00000000-0000-0000-0000-ffff00000013";
pub static UUID_SCHEMA_ATTR_DIRECTMEMBEROF: &'static str = "00000000-0000-0000-0000-ffff00000014";
pub static UUID_SCHEMA_ATTR_VERSION: &'static str = "00000000-0000-0000-0000-ffff00000015";
pub static UUID_SCHEMA_ATTR_DOMAIN: &'static str = "00000000-0000-0000-0000-ffff00000016";
pub static UUID_SCHEMA_ATTR_ACP_ENABLE: &'static str = "00000000-0000-0000-0000-ffff00000017";
pub static UUID_SCHEMA_ATTR_ACP_RECEIVER: &'static str = "00000000-0000-0000-0000-ffff00000018";
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_ATTR_ACP_TARGETSCOPE: &'static str = "00000000-0000-0000-0000-ffff00000019";
pub static UUID_SCHEMA_ATTR_ACP_SEARCH_ATTR: &'static str = "00000000-0000-0000-0000-ffff00000020";
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_ATTR_ACP_CREATE_CLASS: &'static str = "00000000-0000-0000-0000-ffff00000021";
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_ATTR_ACP_CREATE_ATTR: &'static str = "00000000-0000-0000-0000-ffff00000022";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_ATTR_ACP_MODIFY_REMOVEDATTR: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000023";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_ATTR_ACP_MODIFY_PRESENTATTR: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000024";
pub static UUID_SCHEMA_ATTR_ACP_MODIFY_CLASS: &'static str = "00000000-0000-0000-0000-ffff00000025";
Finished major transaction refactor
2018-12-30 03:17:09 +01:00
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_CLASS_ATTRIBUTETYPE: &'static str = "00000000-0000-0000-0000-ffff00000026";
pub static UUID_SCHEMA_CLASS_CLASSTYPE: &'static str = "00000000-0000-0000-0000-ffff00000027";
pub static UUID_SCHEMA_CLASS_OBJECT: &'static str = "00000000-0000-0000-0000-ffff00000028";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static UUID_SCHEMA_CLASS_EXTENSIBLEOBJECT: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000029";
pub static UUID_SCHEMA_CLASS_MEMBEROF: &'static str = "00000000-0000-0000-0000-ffff00000030";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
Finish up todo audit
2019-07-28 13:18:25 +02:00
pub static UUID_SCHEMA_CLASS_RECYCLED: &'static str = "00000000-0000-0000-0000-ffff00000031";
pub static UUID_SCHEMA_CLASS_TOMBSTONE: &'static str = "00000000-0000-0000-0000-ffff00000032";
pub static UUID_SCHEMA_CLASS_SYSTEM_INFO: &'static str = "00000000-0000-0000-0000-ffff00000033";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_CLASS_ACCESS_CONTROL_PROFILE: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000034";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_CLASS_ACCESS_CONTROL_SEARCH: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000035";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_CLASS_ACCESS_CONTROL_DELETE: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000036";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_CLASS_ACCESS_CONTROL_MODIFY: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000037";
20190510 access profiles foundations (#51) * Large refactor to improve the ava get interface * Improve ACP parsing test * ACP parsing complete * Fix txn type tech debt * Clean up queryserver name issue * Integrate acp to query server, and add reload hooks * Starting to write search acp enforcement * Refactor event to take entry rather than UUID to allow acp to filter on the event properly. * Most of the filter refactor is done * Finish filter refactor! * Write and implement basic filter optimiser with redundant term folding
2019-05-24 07:11:06 +02:00
pub static UUID_SCHEMA_CLASS_ACCESS_CONTROL_CREATE: &'static str =
Finish up todo audit
2019-07-28 13:18:25 +02:00
"00000000-0000-0000-0000-ffff00000038";
pub static UUID_SCHEMA_CLASS_SYSTEM: &'static str = "00000000-0000-0000-0000-ffff00000039";
Implement Access Control Profiles (#52) This implements access controls, including a huge amount of refactor to support them and their resolution with the "SelfUUID" keyword. Additionally, parts of the event structure was improved to help, normalised was added as an entry state and more. And there are access controls! They work, have tests, and appear sane.
2019-06-07 11:19:09 +02:00
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
// system supplementary
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_ATTR_DISPLAYNAME: &'static str = "00000000-0000-0000-0000-ffff00000040";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_ATTR_DISPLAYNAME: &'static str = r#"{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000040"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"attributetype"
],
"description": [
"The publicly visible display name of this person"
],
"index": [
"EQUALITY"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"unique": [
"false"
],
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"multivalue": [
"false"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"attributename": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"displayname"
],
"syntax": [
"UTF8STRING"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000040"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}"#;
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_ATTR_MAIL: &'static str = "00000000-0000-0000-0000-ffff00000041";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_ATTR_MAIL: &'static str = r#"
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000041"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"attributetype"
],
"description": [
"mail addresses of the object"
],
"index": [
"EQUALITY"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"unique": [
"true"
],
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"multivalue": [
"true"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"attributename": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"mail"
],
"syntax": [
"UTF8STRING"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000041"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_ATTR_SSH_PUBLICKEY: &'static str = "00000000-0000-0000-0000-ffff00000042";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_ATTR_SSH_PUBLICKEY: &'static str = r#"
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000042"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"attributetype"
],
"description": [
"SSH public keys of the object"
],
"index": [],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"unique": [
"false"
],
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"multivalue": [
"true"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"attributename": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"ssh_publickey"
],
"syntax": [
"UTF8STRING"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000042"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
pub static UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL: &'static str =
"00000000-0000-0000-0000-ffff00000043";
pub static JSON_SCHEMA_ATTR_PRIMARY_CREDENTIAL: &'static str = r#"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000043"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"attributetype"
],
"description": [
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
"Primary credential material of the account for authentication interactively."
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
],
"index": [],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"unique": [
"false"
],
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"multivalue": [
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
"false"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"attributename": [
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
"primary_credential"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
],
"syntax": [
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
"CREDENTIAL"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000043"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_CLASS_PERSON: &'static str = "00000000-0000-0000-0000-ffff00000044";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_CLASS_PERSON: &'static str = r#"
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000044"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"classtype"
],
"description": [
"Object representation of a person"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"classname": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"person"
],
"systemmay": [
"mail",
"memberof"
],
"systemmust": [
"displayname",
"name"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000044"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_CLASS_GROUP: &'static str = "00000000-0000-0000-0000-ffff00000045";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_CLASS_GROUP: &'static str = r#"
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000045"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"classtype"
],
"description": [
"Object representation of a group"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"classname": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"group"
],
"systemmay": [
"member"
],
"systemmust": [
"name"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000045"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
More todos done!
2019-07-27 14:35:44 +02:00
pub static UUID_SCHEMA_CLASS_ACCOUNT: &'static str = "00000000-0000-0000-0000-ffff00000046";
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
pub static JSON_SCHEMA_CLASS_ACCOUNT: &'static str = r#"
{
"valid": {
More todos done!
2019-07-27 14:35:44 +02:00
"uuid": "00000000-0000-0000-0000-ffff00000046"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
},
"state": null,
"attrs": {
"class": [
"object",
Complete system protected objects implementation. This allows class: system to be tagged to types that should not be externally edited.
2019-07-20 04:04:38 +02:00
"system",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"classtype"
],
"description": [
"Object representation of a person"
],
Implement attribute uniqueness. (#82) Implements #72, attribute uniqueness. This extends schema to have a field "unique" which means a value should be unique for that object, and all other live objects (recycle and tombstones excluded). Note UUID has to retain special handling in base.rs and can't usethis due to needing to check with recycled too..
2019-09-08 12:26:35 +02:00
"classname": [
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"account"
],
"systemmay": [
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib.
2019-09-04 03:06:37 +02:00
"primary_credential",
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
"ssh_publickey"
],
"systemmust": [
"displayname",
"name"
],
"uuid": [
More todos done!
2019-07-27 14:35:44 +02:00
"00000000-0000-0000-0000-ffff00000046"
Dynamic schema. This allows classes and attributes to be added and modified "live", so that restarts to affect object schema are not required. This is good to allow customisation and other extensions for advanced users, and doing it now makes it "easier" to supply extra schema from the project core into the initialise_idm function.
2019-07-15 08:56:55 +02:00
]
}
}
"#;
Implement Access Control Profiles (#52) This implements access controls, including a huge amount of refactor to support them and their resolution with the "SelfUUID" keyword. Additionally, parts of the event structure was improved to help, normalised was added as an entry state and more. And there are access controls! They work, have tests, and appear sane.
2019-06-07 11:19:09 +02:00
// ============ TEST DATA ============
#[cfg(test)]
pub static JSON_TESTPERSON1: &'static str = r#"{
"valid": null,
"state": null,
"attrs": {
"class": ["object"],
"name": ["testperson1"],
"uuid": ["cc8e95b4-c24f-4d68-ba54-8bed76f63930"]
}
}"#;
#[cfg(test)]
pub static JSON_TESTPERSON2: &'static str = r#"{
"valid": null,
"state": null,
"attrs": {
"class": ["object"],
"name": ["testperson2"],
"uuid": ["538faac7-4d29-473b-a59d-23023ac19955"]
}
}"#;
Reference in a new issue Copy permalink