kanidm/kanidmd/src/lib/config.rs

use rand::prelude::*;
use std::fmt;
use std::path::PathBuf;

#[derive(Serialize, Deserialize, Debug)]
pub struct IntegrationTestConfig {
    pub admin_password: String,
}

#[derive(Serialize, Deserialize, Debug)]
pub struct TlsConfiguration {
    pub ca: String,
    pub cert: String,
    pub key: String,
}

#[derive(Serialize, Deserialize, Debug, Default)]
pub struct Configuration {
    pub address: String,
    pub ldapaddress: Option<String>,
    pub threads: usize,
    // db type later
    pub db_path: String,
    pub maximum_request: usize,
    pub secure_cookies: bool,
    pub tls_config: Option<TlsConfiguration>,
    pub cookie_key: [u8; 32],
    pub integration_test_config: Option<Box<IntegrationTestConfig>>,
}

impl fmt::Display for Configuration {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "address: {}, ", self.address)
            .and_then(|_| match &self.ldapaddress {
                Some(la) => write!(f, "ldap address: {}, ", la),
                None => write!(f, "ldap address: disabled, "),
            })
            .and_then(|_| write!(f, "thread count: {}, ", self.threads))
            .and_then(|_| write!(f, "dbpath: {}, ", self.db_path))
            .and_then(|_| write!(f, "max request size: {}b, ", self.maximum_request))
            .and_then(|_| write!(f, "secure cookies: {}, ", self.secure_cookies))
            .and_then(|_| write!(f, "with TLS: {}, ", self.tls_config.is_some()))
            .and_then(|_| {
                write!(
                    f,
                    "integration mode: {}",
                    self.integration_test_config.is_some()
                )
            })
    }
}

impl Configuration {
    pub fn new() -> Self {
        let mut c = Configuration {
            address: String::from("127.0.0.1:8080"),
            ldapaddress: None,
            threads: num_cpus::get(),
            db_path: String::from(""),
            maximum_request: 262_144, // 256k
            // log type
            // log path
            // TODO #63: default true in prd
            secure_cookies: !cfg!(test),
            tls_config: None,
            cookie_key: [0; 32],
            integration_test_config: None,
        };
        let mut rng = StdRng::from_entropy();
        rng.fill(&mut c.cookie_key);
        c
    }

    pub fn update_db_path(&mut self, p: &PathBuf) {
        match p.to_str() {
            Some(p) => self.db_path = p.to_string(),
            None => {
                error!("Invalid DB path supplied");
                std::process::exit(1);
            }
        }
    }

    pub fn update_bind(&mut self, b: &Option<String>) {
        self.address = b
            .as_ref()
            .cloned()
            .unwrap_or_else(|| String::from("127.0.0.1:8080"));
    }

    pub fn update_ldapbind(&mut self, l: &Option<String>) {
        self.ldapaddress = l.clone();
    }

    pub fn update_tls(
        &mut self,
        ca: &Option<PathBuf>,
        cert: &Option<PathBuf>,
        key: &Option<PathBuf>,
    ) {
        match (ca, cert, key) {
            (None, None, None) => {}
            (Some(cap), Some(certp), Some(keyp)) => {
                let cas = match cap.to_str() {
                    Some(cav) => cav.to_string(),
                    None => {
                        error!("Invalid CA path");
                        std::process::exit(1);
                    }
                };
                let certs = match certp.to_str() {
                    Some(certv) => certv.to_string(),
                    None => {
                        error!("Invalid Cert path");
                        std::process::exit(1);
                    }
                };
                let keys = match keyp.to_str() {
                    Some(keyv) => keyv.to_string(),
                    None => {
                        error!("Invalid Key path");
                        std::process::exit(1);
                    }
                };
                self.tls_config = Some(TlsConfiguration {
                    ca: cas,
                    cert: certs,
                    key: keys,
                })
            }
            _ => {
                error!("Invalid TLS configuration - must provide ca, cert and key!");
                std::process::exit(1);
            }
        }
    }
}
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`use rand::prelude::*;`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`use std::fmt;`
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are not part of this yet. This also adds a few missing files from a previous commit mistake. Opps! 2019-07-15 01:15:25 +02:00			`use std::path::PathBuf;`

3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib. 2019-09-04 03:06:37 +02:00			`#[derive(Serialize, Deserialize, Debug)]`
			`pub struct IntegrationTestConfig {`
			`pub admin_password: String,`
			`}`

65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`#[derive(Serialize, Deserialize, Debug)]`
			`pub struct TlsConfiguration {`
			`pub ca: String,`
			`pub cert: String,`
			`pub key: String,`
			`}`

Address clippy reports attending to #![deny(warnings)] 2020-01-09 11:07:14 +01:00			`#[derive(Serialize, Deserialize, Debug, Default)]`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`pub struct Configuration {`
			`pub address: String,`
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`pub ldapaddress: Option<String>,`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`pub threads: usize,`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`// db type later`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`pub db_path: String,`
			`pub maximum_request: usize,`
Update to rust 2018 and improve some todo notes 2019-04-18 03:28:33 +02:00			`pub secure_cookies: bool,`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`pub tls_config: Option<TlsConfiguration>,`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`pub cookie_key: [u8; 32],`
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib. 2019-09-04 03:06:37 +02:00			`pub integration_test_config: Option<Box<IntegrationTestConfig>>,`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`}`

65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`impl fmt::Display for Configuration {`
			`fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {`
			`write!(f, "address: {}, ", self.address)`
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`.and_then(\|_\| match &self.ldapaddress {`
			`Some(la) => write!(f, "ldap address: {}, ", la),`
			`None => write!(f, "ldap address: disabled, "),`
			`})`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`.and_then(\|_\| write!(f, "thread count: {}, ", self.threads))`
			`.and_then(\|_\| write!(f, "dbpath: {}, ", self.db_path))`
			`.and_then(\|_\| write!(f, "max request size: {}b, ", self.maximum_request))`
			`.and_then(\|_\| write!(f, "secure cookies: {}, ", self.secure_cookies))`
			`.and_then(\|_\| write!(f, "with TLS: {}, ", self.tls_config.is_some()))`
			`.and_then(\|_\| {`
			`write!(`
			`f,`
			`"integration mode: {}",`
			`self.integration_test_config.is_some()`
			`)`
			`})`
			`}`
			`}`

Improvements to integration test 2018-11-26 07:13:22 +01:00			`impl Configuration {`
			`pub fn new() -> Self {`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`let mut c = Configuration {`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`address: String::from("127.0.0.1:8080"),`
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`ldapaddress: None,`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`threads: num_cpus::get(),`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`db_path: String::from(""),`
Address clippy reports attending to #![deny(warnings)] 2020-01-09 11:07:14 +01:00			`maximum_request: 262_144, // 256k`
Update to rust 2018 and improve some todo notes 2019-04-18 03:28:33 +02:00			`// log type`
			`// log path`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`// TODO #63: default true in prd`
Address clippy reports attending to #![deny(warnings)] 2020-01-09 11:07:14 +01:00			`secure_cookies: !cfg!(test),`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`tls_config: None,`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`cookie_key: [0; 32],`
3 authentication (#79) This adds support for authentication and credential storage to the server. It also adds account recovery and options for integration test fixtures, refactors to make the client library easier to manage, and support clean seperation of the proto vs lib. 2019-09-04 03:06:37 +02:00			`integration_test_config: None,`
Open tickets for most todos, fix more. 2019-07-27 08:54:31 +02:00			`};`
			`let mut rng = StdRng::from_entropy();`
			`rng.fill(&mut c.cookie_key);`
			`c`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`}`
Implement backup, restore and server modes This allows backup and restore of the server backend data from the command line. Backups can be taken while the server is running. Automated backups are not part of this yet. This also adds a few missing files from a previous commit mistake. Opps! 2019-07-15 01:15:25 +02:00
			`pub fn update_db_path(&mut self, p: &PathBuf) {`
			`match p.to_str() {`
			`Some(p) => self.db_path = p.to_string(),`
			`None => {`
			`error!("Invalid DB path supplied");`
			`std::process::exit(1);`
			`}`
			`}`
			`}`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00
			`pub fn update_bind(&mut self, b: &Option<String>) {`
			`self.address = b`
			`.as_ref()`
Address clippy reports attending to #![deny(warnings)] 2020-01-09 11:07:14 +01:00			`.cloned()`
65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`.unwrap_or_else(\|\| String::from("127.0.0.1:8080"));`
			`}`

199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`pub fn update_ldapbind(&mut self, l: &Option<String>) {`
			`self.ldapaddress = l.clone();`
			`}`

65 cli options (#85) Add support for command line options to the server. This supports server sid regeneration, persistence, address binding, tls configuration and more. This also improves TLS support in the client tools for CA cert addition to queries. 2019-09-14 10:21:41 +02:00			`pub fn update_tls(`
			`&mut self,`
			`ca: &Option<PathBuf>,`
			`cert: &Option<PathBuf>,`
			`key: &Option<PathBuf>,`
			`) {`
			`match (ca, cert, key) {`
			`(None, None, None) => {}`
			`(Some(cap), Some(certp), Some(keyp)) => {`
			`let cas = match cap.to_str() {`
			`Some(cav) => cav.to_string(),`
			`None => {`
			`error!("Invalid CA path");`
			`std::process::exit(1);`
			`}`
			`};`
			`let certs = match certp.to_str() {`
			`Some(certv) => certv.to_string(),`
			`None => {`
			`error!("Invalid Cert path");`
			`std::process::exit(1);`
			`}`
			`};`
			`let keys = match keyp.to_str() {`
			`Some(keyv) => keyv.to_string(),`
			`None => {`
			`error!("Invalid Key path");`
			`std::process::exit(1);`
			`}`
			`};`
			`self.tls_config = Some(TlsConfiguration {`
			`ca: cas,`
			`cert: certs,`
			`key: keys,`
			`})`
			`}`
			`_ => {`
			`error!("Invalid TLS configuration - must provide ca, cert and key!");`
			`std::process::exit(1);`
			`}`
			`}`
			`}`
Improvements to integration test 2018-11-26 07:13:22 +01:00			`}`