1399 some async cleanup (#1421)

* More cleanerer
* More async!
* Fix up tests

Cargo.lock

@@ -222,7 +222,6 @@ dependencies = [
  "blocking",
  "futures-lite",
  "once_cell",
- "tokio",
 ]
 
 [[package]]
@@ -2410,7 +2409,6 @@ dependencies = [
 name = "kanidmd_lib"
 version = "1.1.0-alpha.12-dev"
 dependencies = [
- "async-std",
  "async-trait",
  "base64 0.13.1",
  "base64urlsafedata",

Cargo.toml

@@ -38,7 +38,6 @@ homepage = "https://github.com/kanidm/kanidm/"
 repository = "https://github.com/kanidm/kanidm/"
 
 [workspace.dependencies]
-async-std = { version = "^1.12.0", features = ["tokio1"] }
 async-trait = "^0.1.62"
 base32 = "^0.4.0"
 base64 = "^0.13.1"

server/core/src/actors/v1_read.rs

@@ -117,7 +117,7 @@ impl QueryServerReadV1 {
         // the credentials provided is sufficient to say if someone is
         // "authenticated" or not.
         let ct = duration_from_epoch_now();
-        let mut idm_auth = self.idms.auth_async().await;
+        let mut idm_auth = self.idms.auth().await;
         security_info!(?sessionid, ?req, "Begin auth event");
 
         // Destructure it.
@@ -840,7 +840,7 @@ impl QueryServerReadV1 {
         eventid: Uuid,
     ) -> Result<Option<UnixUserToken>, OperationError> {
         let ct = duration_from_epoch_now();
-        let mut idm_auth = self.idms.auth_async().await;
+        let mut idm_auth = self.idms.auth().await;
         // resolve the id
         let ident = idm_auth
             .validate_and_parse_token_to_ident(uat.as_deref(), ct)
@@ -980,7 +980,7 @@ impl QueryServerReadV1 {
         eventid: Uuid,
     ) -> Result<CUStatus, OperationError> {
         let ct = duration_from_epoch_now();
-        let idms_cred_update = self.idms.cred_update_transaction_async().await;
+        let idms_cred_update = self.idms.cred_update_transaction().await;
         let session_token = CredentialUpdateSessionToken {
             token_enc: session_token.token,
         };
@@ -1009,7 +1009,7 @@ impl QueryServerReadV1 {
         eventid: Uuid,
     ) -> Result<CUStatus, OperationError> {
         let ct = duration_from_epoch_now();
-        let idms_cred_update = self.idms.cred_update_transaction_async().await;
+        let idms_cred_update = self.idms.cred_update_transaction().await;
         let session_token = CredentialUpdateSessionToken {
             token_enc: session_token.token,
         };

server/core/src/lib.rs

@@ -119,7 +119,7 @@ async fn setup_qs_idms(
 
     // We generate a SINGLE idms only!
 
-    let (idms, idms_delayed) = IdmServer::new(query_server.clone(), &config.origin)?;
+    let (idms, idms_delayed) = IdmServer::new(query_server.clone(), &config.origin).await?;
 
     Ok((query_server, idms, idms_delayed))
 }
@@ -696,7 +696,7 @@ pub async fn create_server_core(
         None => {}
     }
 
-    let ldap = match LdapServer::new(&idms) {
+    let ldap = match LdapServer::new(&idms).await {
         Ok(l) => l,
         Err(e) => {
             error!("Unable to start LdapServer -> {:?}", e);

server/lib/Cargo.toml

@@ -20,7 +20,6 @@ name = "scaling_10k"
 harness = false
 
 [dependencies]
-async-std.workspace = true
 async-trait.workspace = true
 base64.workspace = true
 base64urlsafedata.workspace = true

server/lib/src/be/idl_sqlite.rs

@@ -1552,7 +1552,6 @@ impl IdlSqlite {
     pub fn read(&self) -> IdlSqliteReadTransaction {
         // When we make this async, this will allow us to backoff
         // when we miss-grabbing from the conn-pool.
-        // async_std::task::yield_now().await
         #[allow(clippy::expect_used)]
         let conn = self
             .pool

server/lib/src/idm/account.rs

@@ -683,108 +683,100 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
 #[cfg(test)]
 mod tests {
     use crate::prelude::*;
-    use async_std::task;
     use kanidm_proto::v1::{AuthType, UiHint};
 
     #[test]
     fn test_idm_account_from_anonymous() {
-        let anon_e = entry_str_to_account!(JSON_ANONYMOUS_V1);
+        let anon_e = entry_to_account!(E_ANONYMOUS_V1.clone());
         debug!("{:?}", anon_e);
         // I think that's it? we may want to check anonymous mech ...
     }
 
-    #[test]
+    #[idm_test]
-    fn test_idm_account_ui_hints() {
+    async fn test_idm_account_ui_hints(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
-        run_idm_test!(|_qs: &QueryServer,
+        let ct = duration_from_epoch_now();
-                       idms: &IdmServer,
+        let mut idms_prox_write = idms.proxy_write(ct).await;
-                       _idms_delayed: &mut IdmServerDelayed| {
-            let ct = duration_from_epoch_now();
-            let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
 
-            let target_uuid = Uuid::new_v4();
+        let target_uuid = Uuid::new_v4();
 
-            // Create a user. So far no ui hints.
+        // Create a user. So far no ui hints.
-            // Create a service account
+        // Create a service account
-            let e = entry_init!(
+        let e = entry_init!(
-                ("class", Value::new_class("object")),
+            ("class", Value::new_class("object")),
-                ("class", Value::new_class("account")),
+            ("class", Value::new_class("account")),
-                ("class", Value::new_class("person")),
+            ("class", Value::new_class("person")),
-                ("name", Value::new_iname("testaccount")),
+            ("name", Value::new_iname("testaccount")),
-                ("uuid", Value::Uuid(target_uuid)),
+            ("uuid", Value::Uuid(target_uuid)),
-                ("description", Value::new_utf8s("testaccount")),
+            ("description", Value::new_utf8s("testaccount")),
-                ("displayname", Value::new_utf8s("Test Account"))
+            ("displayname", Value::new_utf8s("Test Account"))
-            );
+        );
 
-            let ce = CreateEvent::new_internal(vec![e]);
+        let ce = CreateEvent::new_internal(vec![e]);
-            assert!(idms_prox_write.qs_write.create(&ce).is_ok());
+        assert!(idms_prox_write.qs_write.create(&ce).is_ok());
 
-            let account = idms_prox_write
+        let account = idms_prox_write
-                .target_to_account(target_uuid)
+            .target_to_account(target_uuid)
-                .expect("account must exist");
+            .expect("account must exist");
-            let session_id = uuid::Uuid::new_v4();
+        let session_id = uuid::Uuid::new_v4();
-            let uat = account
+        let uat = account
-                .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
+            .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
-                .expect("Unable to create uat");
+            .expect("Unable to create uat");
 
-            // Check the ui hints are as expected.
+        // Check the ui hints are as expected.
-            assert!(uat.ui_hints.len() == 1);
+        assert!(uat.ui_hints.len() == 1);
-            assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
+        assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
 
-            // Modify the user to be a posix account, ensure they get the hint.
+        // Modify the user to be a posix account, ensure they get the hint.
-            let me_posix = unsafe {
+        let me_posix = unsafe {
-                ModifyEvent::new_internal_invalid(
+            ModifyEvent::new_internal_invalid(
-                    filter!(f_eq("name", PartialValue::new_iname("testaccount"))),
+                filter!(f_eq("name", PartialValue::new_iname("testaccount"))),
-                    ModifyList::new_list(vec![
+                ModifyList::new_list(vec![
-                        Modify::Present(
+                    Modify::Present(AttrString::from("class"), Value::new_class("posixaccount")),
-                            AttrString::from("class"),
+                    Modify::Present(AttrString::from("gidnumber"), Value::new_uint32(2001)),
-                            Value::new_class("posixaccount"),
+                ]),
-                        ),
+            )
-                        Modify::Present(AttrString::from("gidnumber"), Value::new_uint32(2001)),
+        };
-                    ]),
+        assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
-                )
-            };
-            assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
 
-            // Check the ui hints are as expected.
+        // Check the ui hints are as expected.
-            let account = idms_prox_write
+        let account = idms_prox_write
-                .target_to_account(target_uuid)
+            .target_to_account(target_uuid)
-                .expect("account must exist");
+            .expect("account must exist");
-            let session_id = uuid::Uuid::new_v4();
+        let session_id = uuid::Uuid::new_v4();
-            let uat = account
+        let uat = account
-                .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
+            .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
-                .expect("Unable to create uat");
+            .expect("Unable to create uat");
 
-            assert!(uat.ui_hints.len() == 2);
+        assert!(uat.ui_hints.len() == 2);
-            assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
+        assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
-            assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
+        assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
 
-            // Add a group with a ui hint, and then check they get the hint.
+        // Add a group with a ui hint, and then check they get the hint.
-            let e = entry_init!(
+        let e = entry_init!(
-                ("class", Value::new_class("object")),
+            ("class", Value::new_class("object")),
-                ("class", Value::new_class("group")),
+            ("class", Value::new_class("group")),
-                ("name", Value::new_iname("test_uihint_group")),
+            ("name", Value::new_iname("test_uihint_group")),
-                ("member", Value::Refer(target_uuid)),
+            ("member", Value::Refer(target_uuid)),
-                ("grant_ui_hint", Value::UiHint(UiHint::ExperimentalFeatures))
+            ("grant_ui_hint", Value::UiHint(UiHint::ExperimentalFeatures))
-            );
+        );
 
-            let ce = CreateEvent::new_internal(vec![e]);
+        let ce = CreateEvent::new_internal(vec![e]);
-            assert!(idms_prox_write.qs_write.create(&ce).is_ok());
+        assert!(idms_prox_write.qs_write.create(&ce).is_ok());
 
-            // Check the ui hints are as expected.
+        // Check the ui hints are as expected.
-            let account = idms_prox_write
+        let account = idms_prox_write
-                .target_to_account(target_uuid)
+            .target_to_account(target_uuid)
-                .expect("account must exist");
+            .expect("account must exist");
-            let session_id = uuid::Uuid::new_v4();
+        let session_id = uuid::Uuid::new_v4();
-            let uat = account
+        let uat = account
-                .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
+            .to_userauthtoken(session_id, ct, AuthType::Passkey, None)
-                .expect("Unable to create uat");
+            .expect("Unable to create uat");
 
-            assert!(uat.ui_hints.len() == 3);
+        assert!(uat.ui_hints.len() == 3);
-            assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
+        assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
-            assert!(uat.ui_hints.contains(&UiHint::ExperimentalFeatures));
+        assert!(uat.ui_hints.contains(&UiHint::ExperimentalFeatures));
-            assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
+        assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
 
-            assert!(idms_prox_write.commit().is_ok());
+        assert!(idms_prox_write.commit().is_ok());
-        })
     }
 }

server/lib/src/idm/applinks.rs

@@ -70,119 +70,114 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
 
 #[cfg(test)]
 mod tests {
-    // use crate::prelude::*;
+    use crate::prelude::*;
-    use async_std::task;
     use kanidm_proto::internal::AppLink;
 
-    #[test]
+    #[idm_test]
-    fn test_idm_applinks_list() {
+    async fn test_idm_applinks_list(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
-        run_idm_test!(|_qs: &QueryServer,
+        let ct = duration_from_epoch_now();
-                       idms: &IdmServer,
+        let mut idms_prox_write = idms.proxy_write(ct).await;
-                       _idms_delayed: &mut IdmServerDelayed| {
-            let ct = duration_from_epoch_now();
-            let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
 
-            // Create an RS, the user and a group..
+        // Create an RS, the user and a group..
-            let usr_uuid = Uuid::new_v4();
+        let usr_uuid = Uuid::new_v4();
-            let grp_uuid = Uuid::new_v4();
+        let grp_uuid = Uuid::new_v4();
 
-            let e_rs: Entry<EntryInit, EntryNew> = entry_init!(
+        let e_rs: Entry<EntryInit, EntryNew> = entry_init!(
-                ("class", Value::new_class("object")),
+            ("class", Value::new_class("object")),
-                ("class", Value::new_class("oauth2_resource_server")),
+            ("class", Value::new_class("oauth2_resource_server")),
-                ("class", Value::new_class("oauth2_resource_server_basic")),
+            ("class", Value::new_class("oauth2_resource_server_basic")),
-                ("oauth2_rs_name", Value::new_iname("test_resource_server")),
+            ("oauth2_rs_name", Value::new_iname("test_resource_server")),
-                ("displayname", Value::new_utf8s("test_resource_server")),
+            ("displayname", Value::new_utf8s("test_resource_server")),
-                (
+            (
-                    "oauth2_rs_origin",
+                "oauth2_rs_origin",
-                    Value::new_url_s("https://demo.example.com").unwrap()
+                Value::new_url_s("https://demo.example.com").unwrap()
-                ),
+            ),
-                (
+            (
-                    "oauth2_rs_origin_landing",
+                "oauth2_rs_origin_landing",
-                    Value::new_url_s("https://demo.example.com/landing").unwrap()
+                Value::new_url_s("https://demo.example.com/landing").unwrap()
-                ),
+            ),
-                // System admins
+            // System admins
-                (
+            (
-                    "oauth2_rs_scope_map",
+                "oauth2_rs_scope_map",
-                    Value::new_oauthscopemap(grp_uuid, btreeset!["read".to_string()])
+                Value::new_oauthscopemap(grp_uuid, btreeset!["read".to_string()])
-                        .expect("invalid oauthscope")
+                    .expect("invalid oauthscope")
-                )
+            )
-            );
+        );
 
-            let e_usr = entry_init!(
+        let e_usr = entry_init!(
-                ("class", Value::new_class("object")),
+            ("class", Value::new_class("object")),
-                ("class", Value::new_class("account")),
+            ("class", Value::new_class("account")),
-                ("class", Value::new_class("person")),
+            ("class", Value::new_class("person")),
-                ("name", Value::new_iname("testaccount")),
+            ("name", Value::new_iname("testaccount")),
-                ("uuid", Value::Uuid(usr_uuid)),
+            ("uuid", Value::Uuid(usr_uuid)),
-                ("description", Value::new_utf8s("testaccount")),
+            ("description", Value::new_utf8s("testaccount")),
-                ("displayname", Value::new_utf8s("Test Account"))
+            ("displayname", Value::new_utf8s("Test Account"))
-            );
+        );
 
-            let e_grp = entry_init!(
+        let e_grp = entry_init!(
-                ("class", Value::new_class("object")),
+            ("class", Value::new_class("object")),
-                ("class", Value::new_class("group")),
+            ("class", Value::new_class("group")),
-                ("uuid", Value::Uuid(grp_uuid)),
+            ("uuid", Value::Uuid(grp_uuid)),
-                ("name", Value::new_iname("test_oauth2_group"))
+            ("name", Value::new_iname("test_oauth2_group"))
-            );
+        );
 
-            let ce = CreateEvent::new_internal(vec![e_rs, e_grp, e_usr]);
+        let ce = CreateEvent::new_internal(vec![e_rs, e_grp, e_usr]);
-            assert!(idms_prox_write.qs_write.create(&ce).is_ok());
+        assert!(idms_prox_write.qs_write.create(&ce).is_ok());
-            assert!(idms_prox_write.commit().is_ok());
+        assert!(idms_prox_write.commit().is_ok());
 
-            // Now do an applink query, they will not be there.
+        // Now do an applink query, they will not be there.
-            let mut idms_prox_read = task::block_on(idms.proxy_read());
+        let mut idms_prox_read = idms.proxy_read().await;
 
-            let ident = idms_prox_read
+        let ident = idms_prox_read
-                .qs_read
+            .qs_read
-                .internal_search_uuid(usr_uuid)
+            .internal_search_uuid(usr_uuid)
-                .map(Identity::from_impersonate_entry_readonly)
+            .map(Identity::from_impersonate_entry_readonly)
-                .expect("Failed to impersonate identity");
+            .expect("Failed to impersonate identity");
 
-            let apps = idms_prox_read
+        let apps = idms_prox_read
-                .list_applinks(&ident)
+            .list_applinks(&ident)
-                .expect("Failed to access related apps");
+            .expect("Failed to access related apps");
 
-            assert!(apps.is_empty());
+        assert!(apps.is_empty());
-            drop(idms_prox_read);
+        drop(idms_prox_read);
 
-            // Add them to the group.
+        // Add them to the group.
-            let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
+        let mut idms_prox_write = idms.proxy_write(ct).await;
-            let me_inv_m = unsafe {
+        let me_inv_m = unsafe {
-                ModifyEvent::new_internal_invalid(
+            ModifyEvent::new_internal_invalid(
-                    filter!(f_eq("uuid", PartialValue::Refer(grp_uuid))),
+                filter!(f_eq("uuid", PartialValue::Refer(grp_uuid))),
-                    ModifyList::new_append("member", Value::Refer(usr_uuid)),
+                ModifyList::new_append("member", Value::Refer(usr_uuid)),
-                )
+            )
-            };
+        };
-            assert!(idms_prox_write.qs_write.modify(&me_inv_m).is_ok());
+        assert!(idms_prox_write.qs_write.modify(&me_inv_m).is_ok());
-            assert!(idms_prox_write.commit().is_ok());
+        assert!(idms_prox_write.commit().is_ok());
 
-            let mut idms_prox_read = task::block_on(idms.proxy_read());
+        let mut idms_prox_read = idms.proxy_read().await;
 
-            let ident = idms_prox_read
+        let ident = idms_prox_read
-                .qs_read
+            .qs_read
-                .internal_search_uuid(usr_uuid)
+            .internal_search_uuid(usr_uuid)
-                .map(Identity::from_impersonate_entry_readonly)
+            .map(Identity::from_impersonate_entry_readonly)
-                .expect("Failed to impersonate identity");
+            .expect("Failed to impersonate identity");
 
-            let apps = idms_prox_read
+        let apps = idms_prox_read
-                .list_applinks(&ident)
+            .list_applinks(&ident)
-                .expect("Failed to access related apps");
+            .expect("Failed to access related apps");
 
-            let app = apps.get(0).expect("No apps return!");
+        let app = apps.get(0).expect("No apps return!");
 
-            assert!(match app {
+        assert!(match app {
-                AppLink::Oauth2 {
+            AppLink::Oauth2 {
-                    name,
+                name,
-                    display_name,
+                display_name,
-                    redirect_url,
+                redirect_url,
-                    icon,
+                icon,
-                } => {
+            } => {
-                    name == "test_resource_server"
+                name == "test_resource_server"
-                        && display_name == "test_resource_server"
+                    && display_name == "test_resource_server"
-                        && redirect_url == &Url::parse("https://demo.example.com/landing").unwrap()
+                    && redirect_url == &Url::parse("https://demo.example.com/landing").unwrap()
-                        && icon.is_none()
+                    && icon.is_none()
-                } // _ => false,
+            } // _ => false,
-            })
         })
     }
 }

server/lib/src/idm/authsession.rs

@@ -1037,7 +1037,7 @@ mod tests {
 
         let webauthn = create_webauthn();
 
-        let anon_account = entry_str_to_account!(JSON_ANONYMOUS_V1);
+        let anon_account = entry_to_account!(E_ANONYMOUS_V1.clone());
 
         let (session, state) = AuthSession::new(
             anon_account,
@@ -1107,7 +1107,7 @@ mod tests {
         sketching::test_init();
         let webauthn = create_webauthn();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1.clone());
         // manually load in a cred
         let p = CryptoPolicy::minimum();
         let cred = Credential::new_password_only(&p, "test_password").unwrap();
@@ -1166,7 +1166,7 @@ mod tests {
         let jws_signer = create_jwt_signer();
         let webauthn = create_webauthn();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1.clone());
         // manually load in a cred
         let p = CryptoPolicy::minimum();
         let cred = Credential::new_password_only(&p, "list@no3IBTyqHu$bad").unwrap();
@@ -1258,7 +1258,7 @@ mod tests {
         let webauthn = create_webauthn();
         let jws_signer = create_jwt_signer();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1);
 
         // Setup a fake time stamp for consistency.
         let ts = Duration::from_secs(12345);
@@ -1418,7 +1418,7 @@ mod tests {
         let webauthn = create_webauthn();
         let jws_signer = create_jwt_signer();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1);
 
         // Setup a fake time stamp for consistency.
         let ts = Duration::from_secs(12345);
@@ -1582,7 +1582,7 @@ mod tests {
         let (async_tx, mut async_rx) = unbounded();
         let ts = duration_from_epoch_now();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1.clone());
 
         let (webauthn, mut wa, wan_cred) = setup_webauthn_passkey(account.name.as_str());
         let jws_signer = create_jwt_signer();
@@ -1719,7 +1719,7 @@ mod tests {
         let (async_tx, mut async_rx) = unbounded();
         let ts = duration_from_epoch_now();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1);
 
         let (webauthn, mut wa, wan_cred) = setup_webauthn_securitykey(account.name.as_str());
         let jws_signer = create_jwt_signer();
@@ -1896,7 +1896,7 @@ mod tests {
         let (async_tx, mut async_rx) = unbounded();
         let ts = duration_from_epoch_now();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1);
 
         let (webauthn, mut wa, wan_cred) = setup_webauthn_securitykey(account.name.as_str());
         let jws_signer = create_jwt_signer();
@@ -2145,7 +2145,7 @@ mod tests {
         let jws_signer = create_jwt_signer();
         let webauthn = create_webauthn();
         // create the ent
-        let mut account = entry_str_to_account!(JSON_ADMIN_V1);
+        let mut account = entry_to_account!(E_ADMIN_V1);
 
         // Setup a fake time stamp for consistency.
         let ts = Duration::from_secs(12345);

server/lib/src/idm/credupdatesession.rs

@@ -1741,7 +1741,7 @@ mod tests {
         pw: &str,
         ct: Duration,
     ) -> Option<String> {
-        let mut idms_auth = idms.auth();
+        let mut idms_auth = idms.auth().await;
 
         let auth_init = AuthEvent::named_init("testperson");
 
@@ -1800,7 +1800,7 @@ mod tests {
         token: &Totp,
         ct: Duration,
     ) -> Option<String> {
-        let mut idms_auth = idms.auth();
+        let mut idms_auth = idms.auth().await;
 
         let auth_init = AuthEvent::named_init("testperson");
 
@@ -1873,7 +1873,7 @@ mod tests {
         code: &str,
         ct: Duration,
     ) -> Option<String> {
-        let mut idms_auth = idms.auth();
+        let mut idms_auth = idms.auth().await;
 
         let auth_init = AuthEvent::named_init("testperson");
 
@@ -1948,7 +1948,7 @@ mod tests {
         origin: Url,
         ct: Duration,
     ) -> Option<String> {
-        let mut idms_auth = idms.auth();
+        let mut idms_auth = idms.auth().await;
 
         let auth_init = AuthEvent::named_init("testperson");
 
@@ -2027,7 +2027,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
         let (cust, _) = setup_test_session(idms, ct).await;
 
-        let cutxn = idms.cred_update_transaction_async().await;
+        let cutxn = idms.cred_update_transaction().await;
         // The session exists
         let c_status = cutxn.credential_update_status(&cust, ct);
         assert!(c_status.is_ok());
@@ -2037,7 +2037,7 @@ mod tests {
         let (_cust, _) =
             renew_test_session(idms, ct + MAXIMUM_CRED_UPDATE_TTL + Duration::from_secs(1)).await;
 
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Now fake going back in time .... allows the tokne to decrypt, but the session
         // is gone anyway!
@@ -2057,7 +2057,7 @@ mod tests {
 
         let (cust, _) = setup_test_session(idms, ct).await;
 
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Get the credential status - this should tell
         // us the details of the credentials, as well as
@@ -2088,7 +2088,7 @@ mod tests {
 
         // Test deleting the pw
         let (cust, _) = renew_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         let c_status = cutxn
             .credential_update_status(&cust, ct)
@@ -2125,7 +2125,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
 
         let (cust, _) = setup_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Setup the PW
         let c_status = cutxn
@@ -2188,7 +2188,7 @@ mod tests {
 
         // If we remove TOTP, show it reverts back.
         let (cust, _) = renew_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         let c_status = cutxn
             .credential_primary_remove_totp(&cust, ct, "totp")
@@ -2219,7 +2219,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
 
         let (cust, _) = setup_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Setup the PW
         let c_status = cutxn
@@ -2293,7 +2293,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
 
         let (cust, _) = setup_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Setup the PW
         let _c_status = cutxn
@@ -2369,7 +2369,7 @@ mod tests {
 
         // Renew to start the next steps
         let (cust, _) = renew_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Only 7 codes left.
         let c_status = cutxn
@@ -2430,7 +2430,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
 
         let (cust, _) = setup_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         // Setup the PW
         let c_status = cutxn
@@ -2482,7 +2482,7 @@ mod tests {
         let ct = Duration::from_secs(TEST_CURRENT_TIME);
 
         let (cust, _) = setup_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
         let origin = cutxn.get_origin().clone();
 
         // Create a soft passkey
@@ -2538,7 +2538,7 @@ mod tests {
 
         // Now test removing the token
         let (cust, _) = renew_test_session(idms, ct).await;
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
 
         trace!(?c_status);
         assert!(c_status.primary.is_none());

server/lib/src/idm/reauth.rs

@@ -75,7 +75,7 @@ mod tests {
 
         // Update session is setup.
 
-        let cutxn = idms.cred_update_transaction();
+        let cutxn = idms.cred_update_transaction().await;
         let origin = cutxn.get_origin().clone();
 
         let mut wa = WebauthnAuthenticator::new(SoftPasskey::new());
@@ -120,7 +120,7 @@ mod tests {
         wa: &mut WebauthnAuthenticator<SoftPasskey>,
         idms_delayed: &mut IdmServerDelayed,
     ) -> Option<String> {
-        let mut idms_auth = idms.auth();
+        let mut idms_auth = idms.auth().await;
         let origin = idms_auth.get_origin().clone();
 
         let auth_init = AuthEvent::named_init("testperson");

server/lib/src/macros.rs

@@ -13,7 +13,9 @@ macro_rules! setup_test {
             .expect("Failed to init BE");
 
         let qs = QueryServer::new(be, schema_outer, "example.com".to_string());
-        async_std::task::block_on(qs.initialise_helper(duration_from_epoch_now()))
+        tokio::runtime::Runtime::new()
+            .unwrap()
+            .block_on(qs.initialise_helper(duration_from_epoch_now()))
             .expect("init failed!");
         qs
     }};
@@ -34,11 +36,15 @@ macro_rules! setup_test {
             .expect("Failed to init BE");
 
         let qs = QueryServer::new(be, schema_outer, "example.com".to_string());
-        async_std::task::block_on(qs.initialise_helper(duration_from_epoch_now()))
+        tokio::runtime::Runtime::new()
+            .unwrap()
+            .block_on(qs.initialise_helper(duration_from_epoch_now()))
             .expect("init failed!");
 
         if !$preload_entries.is_empty() {
-            let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
+            let mut qs_write = tokio::runtime::Runtime::new()
+                .unwrap()
+                .block_on(qs.write(duration_from_epoch_now()));
             qs_write
                 .internal_create($preload_entries)
                 .expect("Failed to preload entries");
@@ -48,30 +54,6 @@ macro_rules! setup_test {
     }};
 }
 
-#[cfg(test)]
-macro_rules! entry_str_to_account {
-    ($entry_str:expr) => {{
-        use std::iter::once;
-
-        use crate::entry::{Entry, EntryInvalid, EntryNew};
-        use crate::idm::account::Account;
-        use crate::value::Value;
-
-        let mut e: Entry<EntryInvalid, EntryNew> =
-            unsafe { Entry::unsafe_from_entry_str($entry_str).into_invalid_new() };
-        // Add spn, because normally this is generated but in tests we can't.
-        let spn = e
-            .get_ava_single_iname("name")
-            .map(|s| Value::new_spn_str(s, "example.com"))
-            .expect("Failed to munge spn from name!");
-        e.set_ava("spn", once(spn));
-
-        let e = unsafe { e.into_sealed_committed() };
-
-        Account::try_from_entry_no_groups(&e).expect("Account conversion failure")
-    }};
-}
-
 #[cfg(test)]
 macro_rules! entry_to_account {
     ($entry:expr) => {{
@@ -95,48 +77,6 @@ macro_rules! entry_to_account {
     }};
 }
 
-#[cfg(test)]
-macro_rules! run_idm_test_inner {
-    ($test_fn:expr) => {{
-        #[allow(unused_imports)]
-        use crate::be::{Backend, BackendConfig};
-        #[allow(unused_imports)]
-        use crate::idm::server::{IdmServer, IdmServerDelayed};
-        use crate::prelude::*;
-        #[allow(unused_imports)]
-        use crate::schema::Schema;
-        /*
-        use env_logger;
-        ::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug");
-        let _ = env_logger::builder()
-            .format_timestamp(None)
-            .format_level(false)
-            .is_test(true)
-            .try_init();
-        */
-
-        let test_server = setup_test!();
-
-        let (test_idm_server, mut idms_delayed) =
-            IdmServer::new(test_server.clone(), "https://idm.example.com")
-                .expect("Failed to setup idms");
-
-        $test_fn(&test_server, &test_idm_server, &mut idms_delayed);
-        // Any needed teardown?
-        // Make sure there are no errors.
-        assert!(async_std::task::block_on(test_server.verify()).len() == 0);
-        idms_delayed.check_is_empty_or_panic();
-    }};
-}
-
-#[cfg(test)]
-macro_rules! run_idm_test {
-    ($test_fn:expr) => {{
-        let _ = sketching::test_init();
-        run_idm_test_inner!($test_fn);
-    }};
-}
-
 // Test helpers for all plugins.
 // #[macro_export]
 #[cfg(test)]
@@ -165,7 +105,9 @@ macro_rules! run_create_test {
         };
 
         {
-            let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
+            let mut qs_write = tokio::runtime::Runtime::new()
+                .unwrap()
+                .block_on(qs.write(duration_from_epoch_now()));
             let r = qs_write.create(&ce);
             trace!("test result: {:?}", r);
             assert!(r == $expect);
@@ -181,7 +123,9 @@ macro_rules! run_create_test {
         }
         // Make sure there are no errors.
         trace!("starting verification");
-        let ver = async_std::task::block_on(qs.verify());
+        let ver = tokio::runtime::Runtime::new()
+            .unwrap()
+            .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
         assert!(ver.len() == 0);
     }};
@@ -207,7 +151,9 @@ macro_rules! run_modify_test {
         let qs = setup_test!($preload_entries);
 
         {
-            let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
+            let mut qs_write = tokio::runtime::Runtime::new()
+                .unwrap()
+                .block_on(qs.write(duration_from_epoch_now()));
             $pre_hook(&mut qs_write);
             qs_write.commit().expect("commit failure!");
         }
@@ -220,7 +166,9 @@ macro_rules! run_modify_test {
         };
 
         {
-            let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
+            let mut qs_write = tokio::runtime::Runtime::new()
+                .unwrap()
+                .block_on(qs.write(duration_from_epoch_now()));
             let r = qs_write.modify(&me);
             $check(&mut qs_write);
             trace!("test result: {:?}", r);
@@ -236,7 +184,9 @@ macro_rules! run_modify_test {
         }
         // Make sure there are no errors.
         trace!("starting verification");
-        let ver = async_std::task::block_on(qs.verify());
+        let ver = tokio::runtime::Runtime::new()
+            .unwrap()
+            .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
         assert!(ver.len() == 0);
     }};
@@ -266,7 +216,9 @@ macro_rules! run_delete_test {
         };
 
         {
-            let mut qs_write = async_std::task::block_on(qs.write(duration_from_epoch_now()));
+            let mut qs_write = tokio::runtime::Runtime::new()
+                .unwrap()
+                .block_on(qs.write(duration_from_epoch_now()));
             let r = qs_write.delete(&de);
             trace!("test result: {:?}", r);
             $check(&mut qs_write);
@@ -282,7 +234,9 @@ macro_rules! run_delete_test {
         }
         // Make sure there are no errors.
         trace!("starting verification");
-        let ver = async_std::task::block_on(qs.verify());
+        let ver = tokio::runtime::Runtime::new()
+            .unwrap()
+            .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
         assert!(ver.len() == 0);
     }};

server/lib/src/testkit.rs

@@ -63,5 +63,7 @@ pub async fn setup_idm_test() -> (IdmServer, IdmServerDelayed) {
     qs.initialise_helper(duration_from_epoch_now())
         .await
         .expect("init failed!");
-    IdmServer::new(qs, "https://idm.example.com").expect("Failed to setup idms")
+    IdmServer::new(qs, "https://idm.example.com")
+        .await
+        .expect("Failed to setup idms")
 }