Bye poetry, hi uv for python things (#3627)

* fix: moving from poetry to uv for python packaging
* fix: updating rlm_python to use uv for things

.github/workflows/kanidm_individual_book.yml

@@ -63,10 +63,9 @@ jobs:
           mv ./target/doc/* ./docs/${{ inputs.tag }}/rustdoc/
       - name: pykanidm docs
         run: |
-          python -m pip install poetry
+          python -m pip install uv
           cd pykanidm
-          poetry install
-          poetry run mkdocs build
+          uv run --group docs mkdocs build
           cd ..
           mv pykanidm/site ./docs/${{ inputs.tag }}/pykanidm
         continue-on-error: true

.github/workflows/pykanidm.yml

@@ -10,32 +10,30 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 jobs:
-  tests:
+  python_tests:
     runs-on: ubuntu-latest
+    env:
+      UV_LINK_MODE: "copy"
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0    # Fetch all history for .GitInfo and .Lastmod
-      - name: Install poetry
-        run: pipx install poetry
       - name: Set up Python 3.10
         uses: actions/setup-python@v5
         with:
           python-version: '3.10'
-          cache: 'poetry'
+      - name: Install uv
+        run: pip install --root-user-action=ignore  uv
       - name: Running mypy
         run: |
           cd pykanidm
-          python --version
-          poetry install
-          poetry run mypy --strict kanidm tests
+          uv run mypy --strict kanidm tests
+          uv run ty check
       - name: Running Linting
         run: |
           cd pykanidm
-          poetry install
-          poetry run ruff check kanidm tests
+          uv run ruff check kanidm tests
       - name: Running pytest
         run: |
           cd pykanidm
-          poetry install
-          poetry run pytest -v -m 'not network'
+          uv run pytest -v -m 'not network'

Makefile

@@ -170,7 +170,7 @@ codespell:
 	codespell -c \
 	-D .codespell_dictionary \
 	--ignore-words .codespell_ignore \
-	--skip='./target,./pykanidm/.venv,./pykanidm/.mypy_cache,./.mypy_cache,./pykanidm/poetry.lock' \
+	--skip='./target,./pykanidm/.venv,./pykanidm/.mypy_cache,./.mypy_cache,./pykanidm/uv.lock' \
 	--skip='./book/*.js' \
 	--skip='./book/book/*' \
 	--skip='./book/src/images/*' \
@@ -184,21 +184,17 @@ codespell:
 .PHONY: test/pykanidm/pytest
 test/pykanidm/pytest: ## python library testing
 	cd pykanidm && \
-	poetry install && \
-	poetry run pytest -vv
+	uv run pytest -vv
 
 .PHONY: test/pykanidm/lint
 test/pykanidm/lint: ## python library linting
 	cd pykanidm && \
-	poetry install && \
-	poetry run ruff check tests kanidm
+	uv run ruff check tests kanidm
 
 .PHONY: test/pykanidm/mypy
 test/pykanidm/mypy: ## python library type checking
 	cd pykanidm && \
-	poetry install && \
-	echo "Running mypy" && \
-	poetry run mypy --strict tests kanidm
+	uv run mypy --strict tests kanidm
 
 .PHONY: test/pykanidm
 test/pykanidm: ## run the kanidm python module test suite (mypy/lint/pytest)
@@ -261,15 +257,13 @@ clean_book:
 docs/pykanidm/build: ## Build the mkdocs
 docs/pykanidm/build:
 	cd pykanidm && \
-	poetry install && \
-	poetry run mkdocs build
+	uv run --group docs mkdocs build
 
 .PHONY: docs/pykanidm/serve
 docs/pykanidm/serve: ## Run the local mkdocs server
 docs/pykanidm/serve:
 	cd pykanidm && \
-	poetry install && \
-	poetry run mkdocs serve
+	uv run --group docs mkdocs serve
 
 ########################################################################
 

book/src/developers/python_module.md

@@ -11,13 +11,13 @@ So far it includes:
 
 TODO: a lot of things.
 
-## Setting up your dev environment.
+## Setting up your dev environment
 
 Setting up a dev environment can be a little complex because of the mono-repo.
 
-1. Install poetry: `python -m pip install poetry`. This is what we use to manage the packages, and
+1. Install uv: `python -m pip install uv`. This is what we use to manage the packages, and
    allows you to set up virtual python environments easier.
-2. Build the base environment. From within the `pykanidm` directory, run: `poetry install` This'll
+2. Build the base environment. From within the `pykanidm` directory, run: `uv sync` This'll
    set up a virtual environment and install all the required packages (and development-related ones)
 3. Start editing!
 

book/src/developers/radius_module_development.md

@@ -2,10 +2,10 @@
 
 Setting up a dev environment has some extra complexity due to the mono-repo design.
 
-1. Install poetry: `python -m pip install poetry`. This is what we use to manage the packages, and
+1. Install uv: `python -m pip install uv`. This is what we use to manage the packages, and
    allows you to set up virtual python environments easier.
-2. Build the base environment. From within the kanidm_rlm_python directory, run: `poetry install`
-3. Install the `kanidm` python library: `poetry run python -m pip install ../pykanidm`
+2. Build the base environment. From within the kanidm_rlm_python directory, run: `uv sync`
+3. Install the `kanidm` python library: `uv run python -m pip install ../pykanidm`
 4. Start editing!
 
 Most IDEs will be happier if you open the `kanidm_rlm_python` or `pykanidm` directories as the base

pykanidm/README.md

@@ -15,14 +15,14 @@ python -m pip install kanidm
 
 Documentation can be generated by [cloning the repository](https://github.com/kanidm/kanidm) and
 running `make docs/pykanidm/build`. The documentation will appear in `./pykanidm/site`. You'll need
-make and the [poetry](https://pypi.org/project/poetry/) package installed.
+make and the [uv](https://pypi.org/project/uv/) package installed.
 
 ## Testing
 
-Set up your dev environment using `poetry` - `python -m pip install poetry && poetry install`.
+Set up your dev environment using `uv` - `python -m pip install uv && uv sync`.
 
 Pytest it used for testing, if you don't have a live server to test against and config set up, use
-`poetry run pytest -m 'not network'`.
+`uv run pytest -m 'not network'`.
 
 ## Changelog
 
@@ -31,3 +31,4 @@ Pytest it used for testing, if you don't have a live server to test against and
 | 0.0.1   | 2022-08-16 | Initial release                                       |
 | 0.0.2   | 2022-08-16 | Updated license, including test code in package       |
 | 0.0.3   | 2022-08-17 | Updated test suite to allow skipping of network tests |
+| 1.2.0   | 2025-05-13 | Replaced poetry with uv for packaging |

pykanidm/kanidm/__init__.py

@@ -12,6 +12,7 @@ import ssl
 from typing import Any, Dict, List, Optional, Tuple, Union
 
 import aiohttp
+import aiohttp.client
 from pydantic import ValidationError
 import yarl
 
@@ -528,7 +529,7 @@ class KanidmClient:
         response: ClientResponse[IOauth2Rs] = await self.call_get(endpoint)
         if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get oauth2 resource server: {response.content}")
-        return RawOAuth2Rs(**response.data).as_oauth2_rs
+        return RawOAuth2Rs.model_validate(response.data).as_oauth2_rs
 
     async def oauth2_rs_secret_get(self, rs_name: str) -> str:
         """get an OAuth2 client secret"""
@@ -588,7 +589,7 @@ class KanidmClient:
         response: ClientResponse[IServiceAccount] = await self.call_get(endpoint)
         if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get service account: {response.content}")
-        return RawServiceAccount(**response.data).as_service_account
+        return RawServiceAccount.model_validate(response.data).as_service_account
 
     async def service_account_create(self, name: str, displayname: str) -> ClientResponse[None]:
         """Create a service account"""
@@ -675,7 +676,7 @@ class KanidmClient:
         response: ClientResponse[IGroup] = await self.call_get(endpoint)
         if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get group: {response.content}")
-        return RawGroup(**response.data).as_group
+        return RawGroup.model_validate(response.data).as_group
 
     async def group_create(self, name: str) -> ClientResponse[None]:
         """Create a group"""
@@ -720,7 +721,7 @@ class KanidmClient:
         response: ClientResponse[IPerson] = await self.call_get(endpoint)
         if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get person: {response.content}")
-        return RawPerson(**response.data).as_person
+        return RawPerson.model_validate(response.data).as_person
 
     async def person_account_create(self, name: str, displayname: str) -> ClientResponse[None]:
         """Create a person account"""

pykanidm/kanidm/radius/__init__.py

@@ -49,13 +49,13 @@ def instantiate(_: Any) -> Any:
     if config_path is None:
         logging.error("Failed to find configuration file, checked (%s), quitting!", CONFIG_PATHS)
         sys.exit(1)
-
-    kanidm_client = KanidmClient(config_file=config_path)
-    if kanidm_client.config.auth_token is None:
-        logging.error("You need to specify auth_token in the configuration file!")
-        sys.exit(1)
-    os.environ["KANIDM_CONFIG_FILE"] = config_path.as_posix()
-    logging.info("Config file: %s", config_path.as_posix())
+    else:
+        kanidm_client = KanidmClient(config_file=config_path)
+        if kanidm_client.config.auth_token is None:
+            logging.error("You need to specify auth_token in the configuration file!")
+            sys.exit(1)
+        os.environ["KANIDM_CONFIG_FILE"] = config_path.as_posix()
+        logging.info("Config file: %s", os.environ["KANIDM_CONFIG_FILE"])
     return radiusd.RLM_MODULE_OK
 
 

pykanidm/pyproject.toml

@@ -1,18 +1,21 @@
-[tool.poetry]
+
+[project]
+authors = [{ name = "James Hodgkinson", email = "james@terminaloutcomes.com" }]
+license = { text = "MPL-2.0" }
+requires-python = "<4.0,>=3.9"
+dependencies = [
+    "toml>=0.10.2",
+    "pydantic>=2.0.0",
+    "aiohttp>=3.8.1",
+    "Authlib>=1.2.0",
+]
 name = "kanidm"
-version = "1.0.1"
 description = "Kanidm client library"
-license = "MPL-2.0"
-
-authors = ["James Hodgkinson <james@terminaloutcomes.com>"]
-
+version = "1.2.0"
 readme = "README.md"
-repository = "https://github.com/kanidm/kanidm"
-homepage = "https://kanidm.com/"
-
-packages = [{ include = "kanidm" }]
 
 keywords = ["kanidm", "idm", "api"]
+
 classifiers = [
     "Development Status :: 3 - Alpha",
     "Programming Language :: Python :: 3",
@@ -20,40 +23,47 @@ classifiers = [
     "Programming Language :: Python :: 3.10",
     "Operating System :: OS Independent",
 ]
-[tool.poetry.dependencies]
-python = "^3.9"
-toml = "^0.10.2"
-pydantic = ">=2.0.0,<3.0.0"
-aiohttp = "^3.8.1"
-Authlib = "^1.2.0"
 
+[project.urls]
+homepage = "https://kanidm.com/"
+repository = "https://github.com/kanidm/kanidm"
 
-[tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.11.10"
-pytest = "^8.3.4"
-mypy = "^1.14.1"
-types-requests = "^2.32.0.20241016"
-pytest-aiohttp = "^1.1.0"
-pytest-mock = "^3.14.0"
-types-toml = "^0.10.8.20240310"
-pylint-pydantic = "^0.3.5"
-coverage = "^7.6.10"
-mkdocs = "^1.6.1"
-mkdocs-material = "^9.6.1"
-mkdocstrings = ">=0.27,<0.30"
-mkdocstrings-python = "^1.13.0"
-pook = "^2.1.3"
+[dependency-groups]
+dev = [
+    "ruff>=0.5.1",
+    "pytest>=8.3.4",
+    "mypy>=1.14.1,<2.0.0",
+    "types-requests>=2.32.0.20241016",
+    "pytest-aiohttp>=1.1.0",
+    "pytest-mock>=3.14.0",
+    "types-toml>=0.10.8.20240310",
+    "pylint-pydantic>=0.3.5",
+    "coverage>=7.6.10",
+    "pook>=2.1.3",
+    "ty>=0.0.0a8",
+]
+docs = [
+    "mkdocs>=1.6.1",
+    "mkdocs-material>=9.6.13",
+    "mkdocstrings>=0.29.1",
+    "mkdocstrings-python>=1.16.10",
+]
 
 [build-system]
-requires = ["poetry-core>=1.0.0"]
-build-backend = "poetry.core.masonry.api"
+requires = ["pdm-backend"]
+build-backend = "pdm.backend"
 
-[tool.pylint.MASTER]
-max-line-length = 150
-disable = "W0511,raise-missing-from"
-extension-pkg-allow-list = "pydantic"
-# https://github.com/samuelcolvin/pydantic/issues/1961#issuecomment-759522422
-load-plugins = "pylint_pydantic,pylint_pytest"
+
+[tool.pdm.build]
+includes = ["kanidm"]
+
+
+# [tool.pylint.MASTER]
+# max-line-length = 150
+# disable = "W0511,raise-missing-from"
+# extension-pkg-allow-list = "pydantic"
+# # https://github.com/samuelcolvin/pydantic/issues/1961#issuecomment-759522422
+# load-plugins = "pylint_pydantic,pylint_pytest"
 
 [tool.ruff]
 line-length = 150
@@ -64,9 +74,9 @@ line-length = 150
     "F811", # pytest fixtures
 ]
 
-
 [tool.pytest.ini_options]
 asyncio_mode = "auto"
+asyncio_default_fixture_loop_scope = "function"
 markers = [
     "network: Tests that require network access and a working backend server",
     "interactive: Requires specific config and a working backend server",
@@ -77,4 +87,6 @@ source = ["kanidm"]
 omit = ["tests"]
 
 [tool.mypy]
+strict = true
 plugins = "pydantic.mypy"
+disable_error_code = "unused-ignore"

pykanidm/run_coverage.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
-poetry run coverage run -m pytest -vvx && \
-	poetry run coverage html
+uv run coverage run -m pytest -vvx && \
+	uv run coverage html
 

pykanidm/tests/test_authenticate.py

@@ -7,7 +7,7 @@ import pytest
 from pytest_mock import MockerFixture
 
 # pylint: disable=unused-import
-from testutils import client, client_configfile, MockResponse
+from .testutils import client, client_configfile, MockResponse
 
 from kanidm import KanidmClient
 from kanidm.exceptions import AuthCredFailed, AuthInitFailed
@@ -25,9 +25,11 @@ async def test_auth_init(client_configfile: KanidmClient) -> None:
     print("Starting client...")
     print(f"Doing auth_init for {client_configfile.config.username}")
 
-    if client_configfile.config.username is None:
-        pytest.skip("Can't run auth test without a username/password")
-    result = await client_configfile.auth_init(client_configfile.config.username)
+    username = client_configfile.config.username
+
+    if username is None:
+        raise pytest.skip("Can't run auth test without a username/password")  # type: ignore[call-non-callable]
+    result = await client_configfile.auth_init(username)
     print(f"{result=}")
     print(result.model_dump_json())
     assert result.sessionid
@@ -39,9 +41,11 @@ async def test_auth_begin(client_configfile: KanidmClient) -> None:
     """tests the auth begin step"""
     print(f"Doing auth_init for {client_configfile.config.username}")
 
-    if client_configfile.config.username is None:
-        pytest.skip("Can't run auth test without a username/password")
-    result = await client_configfile.auth_init(client_configfile.config.username)
+    username = client_configfile.config.username
+
+    if username is None:
+        raise pytest.skip("Can't run auth test without a username/password")  # type: ignore[call-non-callable]
+    result = await client_configfile.auth_init(username)
     print(f"{result=}")
     print("Result dict:")
     print(result.model_dump_json())
@@ -60,7 +64,7 @@ async def test_auth_begin(client_configfile: KanidmClient) -> None:
     retval = begin_result.data
 
     if retval is None:
-        raise pytest.fail("Failed to do begin_result")
+        raise pytest.fail("Failed to do begin_result")  # type: ignore[call-non-callable]
 
     retval["response"] = begin_result.model_dump()
 
@@ -72,7 +76,7 @@ async def test_auth_begin(client_configfile: KanidmClient) -> None:
 async def test_authenticate_flow(client_configfile: KanidmClient) -> None:
     """tests the authenticate() flow"""
     if client_configfile.config.username is None or client_configfile.config.password is None:
-        pytest.skip("Can't run this without a username and password set in the config file")
+        pytest.skip("Can't run this without a username and password set in the config file")  # type: ignore[call-non-callable]
 
     client_configfile.config.auth_token = None
     print(f"Doing client.authenticate for {client_configfile.config.username}")
@@ -96,10 +100,10 @@ async def test_authenticate_anonymous(client_configfile: KanidmClient) -> None:
 async def test_authenticate_flow_fail(client_configfile: KanidmClient) -> None:
     """tests the authenticate() flow with a valid (hopefully) username and invalid password"""
     if not bool(os.getenv("RUN_SCARY_TESTS", None)):
-        pytest.skip(reason="Skipping because env var RUN_SCARY_TESTS isn't set")
+        pytest.skip("Skipping because env var RUN_SCARY_TESTS isn't set")  # type: ignore[call-non-callable]
     print("Starting client...")
     if client_configfile.config.uri is None or client_configfile.config.username is None or client_configfile.config.password is None:
-        pytest.skip("Please ensure you have a username, password and uri in the config")
+        pytest.skip("Please ensure you have a username, password and uri in the config")  # type: ignore[call-non-callable]
     print(f"Doing client.authenticate for {client_configfile.config.username}")
 
     client_configfile.config.auth_token = None

pykanidm/tests/test_config_loader.py

@@ -27,8 +27,7 @@ async def client() -> KanidmClient:
 def test_load_config_file() -> None:
     """tests that the file loads"""
     if not Path(EXAMPLE_CONFIG_FILE).expanduser().resolve().exists():
-        print("Can't find client config file", file=sys.stderr)
-        pytest.skip()
+        pytest.skip(f"Can't find client config file {EXAMPLE_CONFIG_FILE}")  # type: ignore[call-non-callable]
     print("Loading config file")
     config = load_config(EXAMPLE_CONFIG_FILE)
     assert config.get("uri") == "https://localhost:8443"

pykanidm/tests/test_jwt.py

@@ -69,7 +69,7 @@ def test_tokenstuff() -> None:
     info = token_store.token_info("idm_admin")
     print(f"Parsed token: {info}")
     if info is None:
-        pytest.skip()
+        pytest.skip("No token!")  # type: ignore[call-non-callable]
     print(info.expiry_datetime)
     assert (
         datetime(

pykanidm/tests/test_oauth2.py

@@ -16,7 +16,7 @@ async def client() -> KanidmClient:
             config_file=Path(__file__).parent.parent.parent / "examples/config_localhost",
         )
     except FileNotFoundError as error:
-        raise pytest.skip(f"File not found: {error}")
+        pytest.skip(f"File not found: {error}")  # type: ignore[call-non-callable]
     return client
 
 
@@ -32,7 +32,7 @@ async def test_oauth2_rs_list(client: KanidmClient) -> None:
     password = os.getenv("KANIDM_PASSWORD")
     if password is None:
         print("No KANIDM_PASSWORD env var set for testing")
-        raise pytest.skip("No KANIDM_PASSWORD env var set for testing")
+        pytest.skip("No KANIDM_PASSWORD env var set for testing")  # type: ignore[call-non-callable]
 
     auth_resp = await client.authenticate_password(username, password, update_internal_auth_token=True)
     if auth_resp.state is None:

pykanidm/tests/test_radius_token.py

@@ -6,7 +6,7 @@ import logging
 import pytest
 
 # pylint: disable=unused-import
-from testutils import client, client_configfile
+from .testutils import client, client_configfile
 from kanidm import KanidmClient
 
 logging.basicConfig(level=logging.DEBUG)
@@ -21,7 +21,7 @@ async def test_radius_call(client_configfile: KanidmClient) -> None:
     print("Doing auth_init using token")
 
     if client_configfile.config.auth_token is None:
-        pytest.skip("You can't test auth if you don't have an auth_token in ~/.config/kanidm")
+        pytest.skip("You can't test auth if you don't have an auth_token in ~/.config/kanidm")  # type: ignore[call-non-callable]
     result = await client_configfile.get_radius_token(RADIUS_TEST_USER)
 
     print(f"{result=}")

pykanidm/tests/test_session_header.py

@@ -3,7 +3,7 @@
 import pytest
 
 import aiohttp.client_exceptions
-from testutils import client
+from .testutils import client
 
 from kanidm import KanidmClient
 

pykanidm/tests/test_ssl_ca.py

@@ -187,7 +187,7 @@ async def test_ssl_untrusted_root_configured() -> None:
     testcert = Path("./tests/badssl_trusted_ca.pem").resolve()
 
     if not testcert.exists():
-        pytest.skip(f"The trusted cert is missing from {testcert}")
+        pytest.skip(f"The trusted cert is missing from {testcert}")  # type: ignore[call-non-callable]
 
     client = KanidmClient(
         uri="https://untrusted-root.badssl.com/",

pykanidm/tests/testutils.py

@@ -2,30 +2,30 @@
 
 from logging import DEBUG, basicConfig, getLogger
 from pathlib import Path
-from typing import Any
+from typing import Any, Optional
 
 import pytest
 from kanidm import KanidmClient
 
 
 @pytest.fixture(scope="function")
-async def client() -> KanidmClient:
+async def client() -> Optional[KanidmClient]:
     """sets up a client with a basic thing"""
     try:
         basicConfig(level=DEBUG)
 
         return KanidmClient(uri="https://idm.example.com")
     except FileNotFoundError:
-        raise pytest.skip("Couldn't find config file...")
+        pytest.skip("Couldn't find config file...")  # type: ignore[call-non-callable]
 
 
 @pytest.fixture(scope="function")
-async def client_configfile() -> KanidmClient:
+async def client_configfile() -> Optional[KanidmClient]:
     """sets up a client from a config file"""
     try:
         return KanidmClient(config_file=Path("~/.config/kanidm"))
     except FileNotFoundError:
-        raise pytest.skip("Couldn't find config file...")
+        pytest.skip("Couldn't find config file...")  # type: ignore[call-non-callable]
 
 
 class MockResponse:

rlm_python/.python-version

@@ -0,0 +1 @@
+3.12

rlm_python/README.md

@@ -0,0 +1,3 @@
+# rlm_python
+
+Kanidm FreeRADIUS module.

rlm_python/pyproject.toml

@@ -1,2 +1,13 @@
-[tool.ruff]
-line-length = 150
+[project]
+name = "rlm-python"
+version = "0.1.0"
+description = "FreeRADIUS Kanidm module"
+readme = "README.md"
+requires-python = ">=3.10"
+dependencies = ["kanidm"]
+
+[dependency-groups]
+dev = ["mypy>=1.15.0", "pytest>=8.3.5", "ruff>=0.11.9", "ty>=0.0.0a8"]
+
+[tool.uv.sources]
+kanidm = { path = "../pykanidm" }

rlm_python/radius_entrypoint.py

@@ -1,4 +1,4 @@
-""" entrypoint for kanidm's RADIUS module """
+"""entrypoint for kanidm's RADIUS module"""
 
 import atexit
 import os
@@ -7,15 +7,16 @@ import subprocess
 import shutil
 import signal
 import sys
-from typing import Any
+from typing import Any, Optional
 
 # import toml
 import kanidm.radius
+from kanidm.radius import CONFIG_PATHS
 from kanidm.types import KanidmClientConfig
 from kanidm.utils import load_config
 
 DEBUG = True
-if os.environ.get('DEBUG', False):
+if os.environ.get("DEBUG", False):
     DEBUG = True
 
 CERT_SERVER_DEST = "/etc/raddb/certs/server.pem"
@@ -23,54 +24,62 @@ CERT_CA_DEST = "/etc/raddb/certs/ca.pem"
 CERT_CA_DIR = "/etc/raddb/certs/"
 CERT_DH_DEST = "/etc/raddb/certs/dh.pem"
 
+
 # pylint: disable=unused-argument
 def _sigchild_handler(
     *args: Any,
     **kwargs: Any,
-    ) -> None:
-    """ handler for SIGCHLD call"""
+) -> None:
+    """handler for SIGCHLD call"""
     print("Received SIGCHLD ...", file=sys.stderr)
     os.waitpid(-1, os.WNOHANG)
 
+
 def write_clients_conf(
     kanidm_config_object: KanidmClientConfig,
-    ) -> None:
-    """ writes out the config file """
+) -> None:
+    """writes out the config file"""
     raddb_config_file = Path("/etc/raddb/clients.conf")
 
-    with raddb_config_file.open('w', encoding='utf-8') as file_handle:
+    with raddb_config_file.open("w", encoding="utf-8") as file_handle:
         for client in kanidm_config_object.radius_clients:
-            file_handle.write(f"client {client.name} {{\n" )
+            file_handle.write(f"client {client.name} {{\n")
             file_handle.write(f"    ipaddr = {client.ipaddr}\n")
-            file_handle.write(f"    secret = {client.secret}\n" )
-            file_handle.write('    proto = *\n')
-            file_handle.write('}\n')
+            file_handle.write(f"    secret = {client.secret}\n")
+            file_handle.write("    proto = *\n")
+            file_handle.write("}\n")
+
 
 def setup_certs(
     kanidm_config_object: KanidmClientConfig,
-    ) -> None:
-    """ sets up certificates """
+) -> None:
+    """sets up certificates"""
 
     if kanidm_config_object.radius_ca_path:
         cert_ca = Path(kanidm_config_object.radius_ca_path).expanduser().resolve()
         if not cert_ca.exists():
-            print(f"Failed to find radiusd ca file ({cert_ca}), quitting!", file=sys.stderr)
+            print(
+                f"Failed to find radiusd ca file ({cert_ca}), quitting!",
+                file=sys.stderr,
+            )
             sys.exit(1)
-        if cert_ca != CERT_CA_DEST:
+        if cert_ca != Path(CERT_CA_DEST):
             print(f"Copying {cert_ca} to {CERT_CA_DEST}")
             try:
                 shutil.copyfile(cert_ca, CERT_CA_DEST)
             except shutil.SameFileError:
                 pass
 
-
     # This dir can also contain crls!
     if kanidm_config_object.radius_ca_dir:
         cert_ca_dir = Path(kanidm_config_object.radius_ca_dir).expanduser().resolve()
         if not cert_ca_dir.exists():
-            print(f"Failed to find radiusd ca dir ({cert_ca_dir}), quitting!", file=sys.stderr)
+            print(
+                f"Failed to find radiusd ca dir ({cert_ca_dir}), quitting!",
+                file=sys.stderr,
+            )
             sys.exit(1)
-        if cert_ca_dir != CERT_CA_DIR:
+        if cert_ca_dir != Path(CERT_CA_DIR):
             print(f"Copying {cert_ca_dir} to {CERT_CA_DIR}")
             shutil.copytree(cert_ca_dir, CERT_CA_DIR, dirs_exist_ok=True)
 
@@ -83,7 +92,7 @@ def setup_certs(
         print(
             f"Failed to find server keyfile ({server_key}), quitting!",
             file=sys.stderr,
-            )
+        )
         sys.exit(1)
 
     server_cert = Path(kanidm_config_object.radius_cert_path).expanduser().resolve()
@@ -91,18 +100,19 @@ def setup_certs(
         print(
             f"Failed to find server cert file ({server_cert}), quitting!",
             file=sys.stderr,
-            )
+        )
         sys.exit(1)
     # concat key + cert into /etc/raddb/certs/server.pem
-    with open(CERT_SERVER_DEST, 'w', encoding='utf-8') as file_handle:
+    with open(CERT_SERVER_DEST, "w", encoding="utf-8") as file_handle:
         file_handle.write(server_cert.read_text(encoding="utf-8"))
-        file_handle.write('\n')
+        file_handle.write("\n")
         file_handle.write(server_key.read_text(encoding="utf-8"))
 
+
 def kill_radius(
-    proc: subprocess.Popen,
-    ) -> None:
-    """ handler to kill the radius server once the script exits """
+    proc: subprocess.Popen[Any],
+) -> None:
+    """handler to kill the radius server once the script exits"""
     if proc is None:
         pass
     else:
@@ -116,8 +126,9 @@ def kill_radius(
 
     proc.wait()
 
-def find_freeradius_bin() -> str:
-    """ finds the binary """
+
+def find_freeradius_bin() -> Optional[str]:
+    """finds the binary"""
     binary_paths = [
         "/usr/sbin/radiusd",
         "/usr/sbin/freeradius",
@@ -129,37 +140,44 @@ def find_freeradius_bin() -> str:
     print(f"Failed to find FreeRADIUS binary, looked in {lookedin}")
     sys.exit(1)
 
+
 def run_radiusd() -> None:
-    """ run the server """
+    """run the server"""
 
     if DEBUG:
-        cmd_args = [ "-X" ]
+        cmd_args = ["-X"]
     else:
-        cmd_args = [ "-f", "-l", "stdout" ]
-    with subprocess.Popen(
-        [find_freeradius_bin()] + cmd_args,
-        stderr=subprocess.STDOUT,
+        cmd_args = ["-f", "-l", "stdout"]
+    freeradius_bin = find_freeradius_bin()
+    if freeradius_bin is None:
+        print("Failed to find FreeRADIUS binary, quitting!", file=sys.stderr)
+        sys.exit(1)
+    else:
+        with subprocess.Popen(
+            [freeradius_bin] + cmd_args,
+            stderr=subprocess.STDOUT,
         ) as proc:
-        # print(proc, file=sys.stderr)
-        atexit.register(kill_radius, proc)
-        proc.wait()
+            # print(proc, file=sys.stderr)
+            atexit.register(kill_radius, proc)
+            proc.wait()
 
-if __name__ == '__main__':
+
+if __name__ == "__main__":
     signal.signal(signal.SIGCHLD, _sigchild_handler)
 
     config_file = kanidm.radius.find_radius_config_path()
     if config_file is None:
         print(
-            "Failed to find configuration file ({config_file}), quitting!",
+            f"Failed to find configuration file in ({CONFIG_PATHS}), quitting!",
             file=sys.stderr,
-            )
+        )
         sys.exit(1)
-
-    kanidm_config = KanidmClientConfig.model_validate(load_config(config_file))
-    setup_certs(kanidm_config)
-    write_clients_conf(kanidm_config)
-    print("Configuration set up, starting...")
-    try:
-        run_radiusd()
-    except KeyboardInterrupt as ki:
-        print(ki)
+    else:
+        kanidm_config = KanidmClientConfig.model_validate(load_config(config_file))
+        setup_certs(kanidm_config)
+        write_clients_conf(kanidm_config)
+        print("Configuration set up, starting...")
+        try:
+            run_radiusd()
+        except KeyboardInterrupt as ki:
+            print(ki)

scripts/pykanidm/run.sh

@@ -10,9 +10,9 @@ if [ ! -d ".venv" ]; then
     # shellcheck disable=SC1091
     source .venv/bin/activate
     pip install --upgrade pip
-    pip install poetry pytest ruff mypy black
+    pip install uv
     echo "Installing in virtualenv"
-    pip install -e pykanidm
+    pip install -e .
 fi
 
 # shellcheck disable=SC1091

server/daemon/Cargo.toml

@@ -72,7 +72,7 @@ priority = "optional"
 changelog = "../../target/debian/changelog"  # Generated by platform/debian/build_debs.sh
 assets = [
     [ "target/release/kanidmd", "usr/bin/", "755" ],
-  	[ "debian/group.conf", "usr/lib/sysusers.d/kandimd.conf", "644" ],
+  	[ "debian/group.conf", "usr/lib/sysusers.d/kanidmd.conf", "644" ],
     [ "debian/server.toml", "etc/kanidmd/server.toml", "640" ],
     [ "../../examples/server.toml", "usr/share/kanidmd/", "444" ],
     [ "../core/static/**/*", "usr/share/kanidmd/static", "444" ],