mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

20240530 nightly warnings (#2806)

Browse source 
* Cleaneup
* Lots of ram saving
This commit is contained in:
Firstyear 2024-05-30 20:22:19 +10:00 committed by GitHub
parent 1e7b94b7cf
commit 2c0ff46a32
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
44 changed files with 148 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Cargo.lock generated
View file

@ -904,9 +904,9 @@ dependencies = [
[[package]]
name = "concread"
version = "0.5.0"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4539869aeea73afd414cc1750eceada0d042764f2d28873d74fbbd81610bffe"
checksum = "23bef63c371d1b3da7e61e7b72e5757f070131a399f2eb60edc2d8bb8102249a"
dependencies = [
"ahash 0.8.11",
"arc-swap",
@ -1181,8 +1181,6 @@ dependencies = [
"kanidm_utils_users",
"kanidmd_core",
"mimalloc",
"opentelemetry",
"opentelemetry_api",
"prctl",
"reqwest 0.12.4",
"sd-notify",
@ -2832,9 +2830,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
[[package]]
name = "idlset"
version = "0.2.4"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "340756d15be4b22d5e501bad90a9f68fcdc6b9b7d2f6d6afe350645e9839dac6"
checksum = "ef858150272c6cce9db3710a171edf5d3e8844d38680d7657e9b1698efe8d97b"
dependencies = [
"serde",
"serde_derive",
@ -3319,6 +3317,7 @@ dependencies = [
"ldap3_proto",
"libc",
"openssl",
"opentelemetry",
"rand",
"regex",
"serde",
@ -3371,6 +3370,7 @@ dependencies = [
"libc",
"libsqlite3-sys",
"lodepng",
"mimalloc",
"nonempty",
"num_enum",
"openssl",

4
Cargo.toml
View file

@ -109,7 +109,7 @@ clap_complete = "^4.5.1"
# Forced by saffron/cron
chrono = "^0.4.35"
compact_jwt = { version = "^0.4.1", default-features = false }
concread = "^0.5.0"
concread = "^0.5.1"
cron = "0.12.1"
crossbeam = "0.8.4"
criterion = "^0.5.1"
@ -131,7 +131,7 @@ http = "1.1.0"
hyper = { version = "1.3.1", features = ["server", "client"] }
hyper-util = { version = "0.1.5", features = ["server", "tokio"] }
hyper-tls = "0.6.0"
idlset = "^0.2.4"
idlset = "^0.2.5"
image = { version = "0.24.9", default-features = false, features = [
"gif",
"jpeg",

3
libs/crypto/build.rs
View file

@ -1,8 +1,11 @@
use std::env;
fn main() {
// Allows openssl3 as a cfg flag
println!("cargo::rustc-check-cfg=cfg(openssl3)");
println!("cargo:rerun-if-changed=build.rs");
println!("cargo:rerun-if-env-changed=DEP_OPENSSL_VERSION_NUMBER");
if let Ok(v) = env::var("DEP_OPENSSL_VERSION_NUMBER") {
let version = u64::from_str_radix(&v, 16).unwrap();

10
libs/crypto/src/lib.rs
View file

@ -346,14 +346,8 @@ impl CryptoPolicy {
.checked_sub(ARGON2_TCOST_RAM_ITER_KIB)
.unwrap_or(ARGON2_MIN_RAM_KIB);
// Floor and Ceil
m_cost = if m_adjust > ARGON2_MAX_RAM_KIB {
ARGON2_MAX_RAM_KIB
} else if m_adjust < ARGON2_MIN_RAM_KIB {
ARGON2_MIN_RAM_KIB
} else {
m_adjust
};
// Clamp the value
m_cost = m_adjust.clamp(ARGON2_MIN_RAM_KIB, ARGON2_MAX_RAM_KIB);
continue;
} else {
// Unable to proceed, parameters are maxed out.

3
libs/users/src/unix.rs
View file

@ -25,9 +25,6 @@ pub fn get_user_name_by_uid(uid: uid_t) -> Option<OsString> {
let mut buf = vec![0; 2048];
let mut result = ptr::null_mut::<c_passwd>();
#[cfg(feature = "logging")]
trace!("Running getpwuid_r for user #{}", uid);
loop {
let r =
unsafe { libc::getpwuid_r(uid, &mut passwd, buf.as_mut_ptr(), buf.len(), &mut result) };

2
server/core/Cargo.toml
View file

@ -41,6 +41,8 @@ kanidm_lib_file_permissions = { workspace = true }
ldap3_proto = { workspace = true }
libc = { workspace = true }
openssl = { workspace = true }
opentelemetry = { workspace = true, features = ["logs"] }
# opentelemetry_api = { workspace = true, features = ["logs"] }
rand = { workspace = true }
regex = { workspace = true }
serde = { workspace = true, features = ["derive"] }

3
server/core/src/https/mod.rs
View file

@ -388,8 +388,9 @@ pub async fn create_https_server(
};
#[cfg(feature = "otel")]
opentelemetry::global::shutdown_tracer_provider();
info!("Stopped {}", super::TaskName::HttpsServer);
}))
}

1
server/core/src/lib.rs
View file

@ -10,6 +10,7 @@
#![deny(warnings)]
#![warn(unused_extern_crates)]
#![warn(unused_imports)]
#![deny(clippy::todo)]
#![deny(clippy::unimplemented)]
#![deny(clippy::unwrap_used)]

2
server/daemon/Cargo.toml
View file

@ -34,8 +34,6 @@ serde = { workspace = true, features = ["derive"] }
tokio = { workspace = true, features = ["rt-multi-thread", "macros", "signal"] }
tokio-util = { workspace = true, features = ["codec"] }
toml = { workspace = true }
opentelemetry = { workspace = true, features = ["logs"] }
opentelemetry_api = { workspace = true, features = ["logs"] }
tempfile = { workspace = true }
tracing = { workspace = true, features = [
"max_level_trace",

1
server/daemon/src/main.rs
View file

@ -10,7 +10,6 @@
#![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)]
#[cfg(not(target_family = "windows"))]
#[global_allocator]
static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;

2
server/daemon/src/opt.rs
View file

@ -57,7 +57,7 @@ enum DomainSettingsCmds {
},
/// ⚠️ Do not use this command unless directed by a project member. ⚠️
/// - Rerun migrations of this domains database, optionally nominating the level
/// to start from.
/// to start from.
#[clap(name = "remigrate")]
Remigrate {
#[clap(flatten)]

7
server/lib/Cargo.toml
View file

@ -102,13 +102,12 @@ whoami = { workspace = true }
# default = [ "libsqlite3-sys/bundled", "openssl/vendored" ]
[dev-dependencies]
compact_jwt = { workspace = true, features = ["openssl", "hsm-crypto", "unsafe_release_without_verify"] }
criterion = { workspace = true, features = ["html_reports"] }
webauthn-authenticator-rs = { workspace = true }
futures = { workspace = true }
kanidmd_lib_macros = { workspace = true }
compact_jwt = { workspace = true, features = ["openssl", "hsm-crypto", "unsafe_release_without_verify"] }
mimalloc = { workspace = true }
webauthn-authenticator-rs = { workspace = true }
[build-dependencies]
hashbrown = { workspace = true }

2
server/lib/src/be/idl_arc_sqlite.rs
View file

@ -86,7 +86,7 @@ macro_rules! get_identry {
$idl:expr,
$is_read_op:expr
) => {{
let mut result: Vec<Arc<EntrySealedCommitted>> = Vec::new();
let mut result: Vec<Arc<EntrySealedCommitted>> = Vec::with_capacity(0);
match $idl {
IdList::Partial(idli) | IdList::PartialThreshold(idli) | IdList::Indexed(idli) => {
let mut nidl = IDLBitRange::new();

2
server/lib/src/be/idl_sqlite.rs
View file

@ -631,7 +631,7 @@ pub(crate) trait IdlSqliteTransaction {
Ok(Some(v)) => {
let r: Result<String, _> = v.get(0);
match r {
Ok(t) if t == "ok" => Vec::new(),
Ok(t) if t == "ok" => Vec::with_capacity(0),
_ => vec![Err(ConsistencyError::SqliteIntegrityFailure)],
}
}

35
server/lib/src/be/mod.rs
View file

@ -290,7 +290,7 @@ pub trait BackendTransaction {
FilterResolved::Or(l, _) => {
// Importantly if this has no inner elements, this returns
// an empty list.
let mut plan = Vec::new();
let mut plan = Vec::with_capacity(0);
let mut result = IDLBitRange::new();
let mut partial = false;
let mut threshold = false;
@ -535,7 +535,7 @@ pub trait BackendTransaction {
// for fully indexed existence queries, such as from refint.
// This has a lot in common with an And and Or but not really quite either.
let mut plan = Vec::new();
let mut plan = Vec::with_capacity(0);
let mut result = IDLBitRange::new();
// For each filter in l
for f in l.iter() {
@ -632,7 +632,7 @@ pub trait BackendTransaction {
e
})?;
let entries_filtered = match idl {
let mut entries_filtered = match idl {
IdList::AllIds => trace_span!("be::search<entry::ftest::allids>").in_scope(|| {
entries
.into_iter()
@ -666,6 +666,9 @@ pub trait BackendTransaction {
return Err(OperationError::ResourceLimit);
}
// Trim any excess capacity if needed
entries_filtered.shrink_to_fit();
Ok(entries_filtered)
}
@ -851,7 +854,7 @@ pub trait BackendTransaction {
if r.is_err() {
vec![r]
} else {
Vec::new()
Vec::with_capacity(0)
}
}
@ -2258,7 +2261,7 @@ mod tests {
run_test!(|be: &mut BackendWriteTransaction| {
trace!("Simple Create");
let empty_result = be.create(&CID_ZERO, Vec::new());
let empty_result = be.create(&CID_ZERO, Vec::with_capacity(0));
trace!("{:?}", empty_result);
assert_eq!(empty_result, Err(OperationError::EmptyRequest));
@ -2759,7 +2762,7 @@ mod tests {
Attribute::Name.as_ref(),
IndexType::Equality,
"not-exist",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
idl_state!(
@ -2767,7 +2770,7 @@ mod tests {
Attribute::Uuid.as_ref(),
IndexType::Equality,
"fake-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
let uuid_p_idl = be
@ -2861,7 +2864,7 @@ mod tests {
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
idl_state!(
@ -2869,7 +2872,7 @@ mod tests {
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
idl_state!(
@ -2877,7 +2880,7 @@ mod tests {
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
idl_state!(
@ -2885,7 +2888,7 @@ mod tests {
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
assert!(be.name2uuid("william") == Ok(None));
@ -3129,14 +3132,14 @@ mod tests {
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(Vec::new())
Some(Vec::with_capacity(0))
);
let claire_uuid = uuid!("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8");
@ -3303,7 +3306,7 @@ mod tests {
let (r, _plan) = be.filter2idl(f_r_andnot.to_inner(), 0).unwrap();
match r {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
}
_ => {
panic!("");
@ -3319,7 +3322,7 @@ mod tests {
let (r, _plan) = be.filter2idl(f_and_andnot.to_inner(), 0).unwrap();
match r {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
}
_ => {
panic!("");
@ -3334,7 +3337,7 @@ mod tests {
let (r, _plan) = be.filter2idl(f_or_andnot.to_inner(), 0).unwrap();
match r {
IdList::Indexed(idl) => {
assert!(idl == IDLBitRange::from_iter(Vec::new()));
assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
}
_ => {
panic!("");

2
server/lib/src/constants/entries.rs
View file

@ -858,7 +858,7 @@ impl From<BuiltinAccount> for Account {
displayname: value.displayname.to_string(),
spn: format!("{}@example.com", value.name),
mail_primary: None,
mail: Vec::new(),
mail: Vec::with_capacity(0),
..Default::default()
}
}

8
server/lib/src/constants/groups.rs
View file

@ -263,7 +263,7 @@ lazy_static! {
name: "idm_people_self_write_mail",
description: "Builtin IDM Group for people accounts to update their own mail.",
uuid: UUID_IDM_PEOPLE_SELF_MAIL_WRITE,
members: Vec::new(),
members: Vec::with_capacity(0),
..Default::default()
};
@ -272,7 +272,7 @@ lazy_static! {
name: "idm_people_self_mail_write",
description: "Builtin IDM Group for people accounts to update their own mail.",
uuid: UUID_IDM_PEOPLE_SELF_MAIL_WRITE,
members: Vec::new(),
members: Vec::with_capacity(0),
..Default::default()
};
}
@ -283,7 +283,7 @@ lazy_static! {
name: "idm_all_persons",
description: "Builtin IDM dynamic group containing all persons.",
uuid: UUID_IDM_ALL_PERSONS,
members: Vec::new(),
members: Vec::with_capacity(0),
dyngroup: true,
dyngroup_filter: Some(
Filter::And(vec![
@ -304,7 +304,7 @@ lazy_static! {
name: "idm_all_accounts",
description: "Builtin IDM dynamic group containing all entries that can authenticate.",
uuid: UUID_IDM_ALL_ACCOUNTS,
members: Vec::new(),
members: Vec::with_capacity(0),
dyngroup: true,
dyngroup_filter: Some(
Filter::Eq(Attribute::Class.to_string(), EntryClass::Account.to_string()),

27
server/lib/src/entry.rs
View file

@ -891,6 +891,7 @@ impl Entry<EntryIncremental, EntryNew> {
// To shortcut this we dedup the attr set and then iterate.
let mut attr_set: Vec<_> =
changes_left.keys().chain(changes_right.keys()).collect();
attr_set.shrink_to_fit();
attr_set.sort_unstable();
attr_set.dedup();
@ -1604,7 +1605,7 @@ impl Entry<EntrySealed, EntryCommitted> {
match (pre, post) {
(None, None) => {
// if both are none, yield empty list.
Vec::new()
Vec::with_capacity(0)
}
(Some(pre_e), None) => {
// If we are none (?), yield our pre-state as removals.
@ -1619,11 +1620,11 @@ impl Entry<EntrySealed, EntryCommitted> {
ikey.attr,
err
);
return Vec::new();
return Vec::with_capacity(0);
}
};
match pre_e.get_ava_set(attr) {
None => Vec::new(),
None => Vec::with_capacity(0),
Some(vs) => {
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::Equality => {
@ -1636,7 +1637,7 @@ impl Entry<EntrySealed, EntryCommitted> {
IndexType::Presence => {
vec![Err((&ikey.attr, ikey.itype, "_".to_string()))]
}
IndexType::SubString => Vec::new(),
IndexType::SubString => Vec::with_capacity(0),
};
changes
}
@ -1657,11 +1658,11 @@ impl Entry<EntrySealed, EntryCommitted> {
ikey.attr,
err
);
return Vec::new();
return Vec::with_capacity(0);
}
};
match post_e.get_ava_set(attr) {
None => Vec::new(),
None => Vec::with_capacity(0),
Some(vs) => {
let changes: Vec<Result<_, _>> = match ikey.itype {
IndexType::Equality => vs
@ -1672,7 +1673,7 @@ impl Entry<EntrySealed, EntryCommitted> {
IndexType::Presence => {
vec![Ok((&ikey.attr, ikey.itype, "_".to_string()))]
}
IndexType::SubString => Vec::new(),
IndexType::SubString => Vec::with_capacity(0),
};
// For each value
//
@ -1695,13 +1696,13 @@ impl Entry<EntrySealed, EntryCommitted> {
ikey.attr,
err
);
return Vec::new();
return Vec::with_capacity(0);
}
};
match (pre_e.get_ava_set(attr), post_e.get_ava_set(attr)) {
(None, None) => {
// Neither have it, do nothing.
Vec::new()
Vec::with_capacity(0)
}
(Some(pre_vs), None) => {
// It existed before, but not anymore
@ -1718,7 +1719,7 @@ impl Entry<EntrySealed, EntryCommitted> {
IndexType::Presence => {
vec![Err((&ikey.attr, ikey.itype, "_".to_string()))]
}
IndexType::SubString => Vec::new(),
IndexType::SubString => Vec::with_capacity(0),
};
changes
}
@ -1737,7 +1738,7 @@ impl Entry<EntrySealed, EntryCommitted> {
IndexType::Presence => {
vec![Ok((&ikey.attr, ikey.itype, "_".to_string()))]
}
IndexType::SubString => Vec::new(),
IndexType::SubString => Vec::with_capacity(0),
};
changes
}
@ -3050,7 +3051,7 @@ impl<VALID, STATE> Entry<VALID, STATE> {
// Take name: (a, b), name: (c, d) -> (name, a), (name, b), (name, c), (name, d)
let mut pairs: Vec<(&str, PartialValue)> = Vec::new();
let mut pairs: Vec<(&str, PartialValue)> = Vec::with_capacity(0);
for attr in attrs {
match self.attrs.get(attr) {
@ -3689,7 +3690,7 @@ mod tests {
// When we do None, None, we get nothing back.
let r1 = Entry::idx_diff(&idxmeta, None, None);
eprintln!("{r1:?}");
assert!(r1 == Vec::new());
assert!(r1 == Vec::with_capacity(0));
// Check generating a delete diff
let mut del_r = Entry::idx_diff(&idxmeta, Some(&e1), None);

4
server/lib/src/filter.rs
View file

@ -356,8 +356,8 @@ pub enum FilterPlan {
/// * `Or`. Contains multiple filters and asserts at least one is true.
/// * `And`. Contains multiple filters and asserts all of them are true.
/// * `AndNot`. This is different to a "logical not" operation. This asserts that a condition is not
/// true in the current candidate set. A search of `AndNot` alone will yield not results, but an
/// `AndNot` in an `And` query will assert that a condition can not hold.
/// true in the current candidate set. A search of `AndNot` alone will yield not results, but an
/// `AndNot` in an `And` query will assert that a condition can not hold.
///
/// `Filter`s for security reasons are validated by the schema to assert all requested attributes
/// are valid and exist in the schema so that they can have their indexes correctly used. This avoids

2
server/lib/src/idm/account.rs
View file

@ -912,7 +912,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
})
.unwrap_or_else(|| {
// No matching entry? Return none.
Ok(Vec::new())
Ok(Vec::with_capacity(0))
})
}
Err(e) => Err(e),

32
server/lib/src/idm/authsession.rs
View file

@ -12,7 +12,7 @@ use compact_jwt::Jws;
use hashbrown::HashSet;
use kanidm_proto::internal::UserAuthToken;
use kanidm_proto::v1::{AuthAllowed, AuthCredential, AuthIssueSession, AuthMech};
use nonempty::{nonempty, NonEmpty};
use nonempty::NonEmpty;
use tokio::sync::mpsc::UnboundedSender as Sender;
use uuid::Uuid;
use webauthn_rs::prelude::{
@ -88,7 +88,7 @@ enum AuthIntent {
/// A response type to indicate the progress and potential result of an authentication attempt.
enum CredState {
Success { auth_type: AuthType, cred_id: Uuid },
Continue(NonEmpty<AuthAllowed>),
Continue(Box<NonEmpty<AuthAllowed>>),
Denied(&'static str),
}
@ -496,7 +496,10 @@ impl CredHandler {
admin_warn!("unable to queue delayed webauthn property update, continuing ... ");
};
};
CredState::Continue(nonempty![AuthAllowed::Password])
CredState::Continue(Box::new(NonEmpty {
head: AuthAllowed::Password,
tail: Vec::with_capacity(0),
}))
}
Err(e) => {
pw_mfa.mfa_state = CredVerifyState::Fail;
@ -523,7 +526,10 @@ impl CredHandler {
security_info!(
"Handler::PasswordMfa -> Result::Continue - TOTP ({}) OK, password -", label
);
CredState::Continue(nonempty![AuthAllowed::Password])
CredState::Continue(Box::new(NonEmpty {
head: AuthAllowed::Password,
tail: Vec::with_capacity(0),
}))
} else {
pw_mfa.mfa_state = CredVerifyState::Fail;
security_error!(
@ -546,7 +552,10 @@ impl CredHandler {
};
pw_mfa.mfa_state = CredVerifyState::Success;
security_info!("Handler::PasswordMfa -> Result::Continue - BackupCode OK, password -");
CredState::Continue(nonempty![AuthAllowed::Password])
CredState::Continue(Box::new(NonEmpty {
head: AuthAllowed::Password,
tail: Vec::with_capacity(0),
}))
} else {
pw_mfa.mfa_state = CredVerifyState::Fail;
security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -");
@ -940,12 +949,15 @@ impl AuthSession {
// based on the anonymous ... in theory this could be cleaner
// and interact with the account more?
if asd.account.is_anonymous() {
AuthSessionState::Init(nonempty![CredHandler::Anonymous {
cred_id: asd.account.uuid,
}])
AuthSessionState::Init(NonEmpty {
head: CredHandler::Anonymous {
cred_id: asd.account.uuid,
},
tail: Vec::with_capacity(0),
})
} else {
// What's valid to use in this context?
let mut handlers = Vec::new();
let mut handlers = Vec::with_capacity(0);
// TODO: We can't yet fully enforce account policy on auth, there is a bit of work
// to do to be able to check for pw / mfa etc.
@ -1469,7 +1481,7 @@ impl AuthSession {
match &self.state {
AuthSessionState::Success
| AuthSessionState::Denied(_)
| AuthSessionState::InProgress(_) => Vec::new(),
| AuthSessionState::InProgress(_) => Vec::with_capacity(0),
AuthSessionState::Init(handlers) => {
// Iterate over the handlers into what mechs they are
// and filter to unique?

12
server/lib/src/idm/scim.rs
View file

@ -1177,7 +1177,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// Get all the classes.
debug!("Schemas valid - Proceeding with entry {}", scim_ent.id);
let mut mods = Vec::new();
let mut mods = Vec::with_capacity(0);
mods.push(Modify::Assert(
Attribute::SyncParentUuid,
@ -1912,7 +1912,7 @@ mod tests {
cookie: vec![1, 2, 3, 4].into(),
},
to_state: ScimSyncState::Refresh,
entries: Vec::default(),
entries: Vec::with_capacity(0),
retain: ScimSyncRetentionMode::Ignore,
};
@ -2319,7 +2319,7 @@ mod tests {
cookie: vec![1, 2, 3, 4].into(),
},
// Doesn't exist. If it does, then bless rng.
entries: Vec::default(),
entries: Vec::with_capacity(0),
retain: ScimSyncRetentionMode::Delete(vec![Uuid::new_v4()]),
};
@ -2358,7 +2358,7 @@ mod tests {
cookie: vec![1, 2, 3, 4].into(),
},
// Doesn't exist. If it does, then bless rng.
entries: Vec::default(),
entries: Vec::with_capacity(0),
retain: ScimSyncRetentionMode::Delete(vec![user_sync_uuid]),
};
@ -2400,7 +2400,7 @@ mod tests {
cookie: vec![1, 2, 3, 4].into(),
},
// Doesn't exist. If it does, then bless rng.
entries: Vec::default(),
entries: Vec::with_capacity(0),
retain: ScimSyncRetentionMode::Delete(vec![user_sync_uuid]),
};
@ -2678,7 +2678,7 @@ mod tests {
to_state: ScimSyncState::Active {
cookie: vec![1, 2, 3, 4].into(),
},
entries: Vec::default(),
entries: Vec::with_capacity(0),
retain: ScimSyncRetentionMode::Ignore,
};

2
server/lib/src/idm/serviceaccount.rs
View file

@ -411,7 +411,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
})
.unwrap_or_else(|| {
// No matching entry? Return none.
Ok(Vec::new())
Ok(Vec::with_capacity(0))
})
}
Err(e) => Err(e),

4
server/lib/src/lib.rs
View file

@ -21,9 +21,9 @@
#![deny(clippy::manual_let_else)]
#![allow(clippy::unreachable)]
#[cfg(all(jemallocator, test, not(target_family = "windows")))]
#[cfg(test)]
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;
#[macro_use]
extern crate rusqlite;

4
server/lib/src/modify.rs
View file

@ -87,7 +87,7 @@ impl ModifyList<ModifyInvalid> {
pub fn new() -> Self {
ModifyList {
valid: ModifyInvalid,
mods: Vec::new(),
mods: Vec::with_capacity(0),
}
}
@ -137,7 +137,7 @@ impl ModifyList<ModifyInvalid> {
pe: &ProtoEntry,
qs: &mut QueryServerWriteTransaction,
) -> Result<Self, OperationError> {
let mut mods = Vec::new();
let mut mods = Vec::with_capacity(0);
pe.attrs.iter().try_for_each(|(attr, vals)| {
// Issue a purge to the attr.

6
server/lib/src/plugins/attrunique.rs
View file

@ -115,7 +115,7 @@ fn enforce_unique<VALID, STATE>(
}
// Now do an internal search on name and !uuid for each
let mut cand_filters = Vec::new();
let mut cand_filters = Vec::with_capacity(0);
for ((attr, v), uuid) in cand_attr.iter() {
// and[ attr eq k, andnot [ uuid eq v ]]
// Basically this says where name but also not self.
@ -476,7 +476,7 @@ impl Plugin for AttrUnique {
schema.get_attributes_unique()
};
let mut res: Vec<Result<(), ConsistencyError>> = Vec::new();
let mut res: Vec<Result<(), ConsistencyError>> = Vec::with_capacity(0);
if get_cand_attr_set(&all_cand, uniqueattrs).is_err() {
res.push(Err(ConsistencyError::DuplicateUniqueAttribute))
@ -529,7 +529,7 @@ mod tests {
);
let create = vec![e.clone(), e];
let preload = Vec::new();
let preload = Vec::with_capacity(0);
run_create_test!(
Err(OperationError::Plugin(PluginError::AttrUnique(

14
server/lib/src/plugins/base.rs
View file

@ -330,7 +330,7 @@ mod tests {
// check create where no uuid
#[test]
fn test_pre_create_no_uuid() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -366,7 +366,7 @@ mod tests {
// check unparsable uuid
#[test]
fn test_pre_create_uuid_invalid() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -396,7 +396,7 @@ mod tests {
// check entry where uuid is empty list
#[test]
fn test_pre_create_uuid_empty() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let mut e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -429,7 +429,7 @@ mod tests {
// check create where provided uuid is valid. It should be unchanged.
#[test]
fn test_pre_create_uuid_valid() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -468,7 +468,7 @@ mod tests {
#[test]
fn test_pre_create_uuid_valid_multi() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -534,7 +534,7 @@ mod tests {
#[test]
fn test_pre_create_double_uuid() {
// Test adding two entries with the same uuid
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let ea: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{
@ -737,7 +737,7 @@ mod tests {
#[test]
fn test_protected_uuid_does_not_exist() {
// Test that internal create of "does not exist" will fail.
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{

2
server/lib/src/plugins/cred_import.rs
View file

@ -176,7 +176,7 @@ mod tests {
#[test]
fn test_pre_create_password_import_1() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e = entry_init!(
(Attribute::Class, EntryClass::Account.to_value()),

2
server/lib/src/plugins/eckeygen.rs
View file

@ -104,7 +104,7 @@ mod tests {
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("Test Person"))
);
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let create = vec![ea];
run_create_test!(

2
server/lib/src/plugins/jwskeygen.rs
View file

@ -113,7 +113,7 @@ mod tests {
#[test]
fn test_pre_create_oauth2_secrets() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let uuid = Uuid::new_v4();
let e: Entry<EntryInit, EntryNew> = entry_init!(

9
server/lib/src/plugins/keyobject.rs
View file

@ -216,9 +216,12 @@ impl KeyObjectManagement {
// Turn that object into it's entry template to create. I think we need to make this
// some kind of merge_vs?
key_object.into_valuesets()?.into_iter().try_for_each(
|(attribute, valueset)| entry.merge_ava_set(attribute, valueset),
)?;
key_object
.as_valuesets()?
.into_iter()
.try_for_each(|(attribute, valueset)| {
entry.merge_ava_set(attribute, valueset)
})?;
Ok(())
})

10
server/lib/src/plugins/memberof.rs
View file

@ -337,7 +337,7 @@ impl Plugin for MemberOf {
#[instrument(level = "debug", name = "memberof::verify", skip_all)]
fn verify(qs: &mut QueryServerReadTransaction) -> Vec<Result<(), ConsistencyError>> {
let mut r = Vec::new();
let mut r = Vec::with_capacity(0);
let filt_in = filter!(f_pres(Attribute::Class));
@ -620,7 +620,7 @@ mod tests {
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let create = vec![ea, eb];
run_create_test!(
Ok(()),
@ -651,7 +651,7 @@ mod tests {
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let create = vec![ea, eb, ec];
run_create_test!(
Ok(()),
@ -703,7 +703,7 @@ mod tests {
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let create = vec![ea, eb, ec];
run_create_test!(
Ok(()),
@ -761,7 +761,7 @@ mod tests {
ed.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let create = vec![ea, eb, ec, ed];
run_create_test!(
Ok(()),

4
server/lib/src/plugins/namehistory.rs
View file

@ -200,7 +200,7 @@ mod tests {
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("old name person"))
);
let preload = Vec::new();
let preload = Vec::with_capacity(0);
let create = vec![ea];
run_create_test!(
Ok(()),
@ -223,7 +223,7 @@ mod tests {
#[test]
fn name_purge_and_set_with_filled_history() {
let mut cids: Vec<Cid> = Vec::new();
let mut cids: Vec<Cid> = Vec::with_capacity(0);
for i in 1..AUDIT_LOG_STRING_CAPACITY {
cids.push(Cid::new(
uuid!("d2b496bd-8493-47b7-8142-f568b5cf47e1"),

6
server/lib/src/plugins/refint.rs
View file

@ -317,7 +317,7 @@ impl Plugin for ReferentialIntegrity {
let schema = qs.get_schema();
let ref_types = schema.get_reference_types();
let mut res = Vec::new();
let mut res = Vec::with_capacity(0);
// For all cands
for c in &all_cand {
// For all reference in each cand.
@ -473,7 +473,7 @@ mod tests {
);
let create = vec![e];
let preload = Vec::new();
let preload = Vec::with_capacity(0);
run_create_test!(
Err(OperationError::Plugin(PluginError::ReferentialIntegrity(
"Uuid referenced not found in database".to_string()
@ -530,7 +530,7 @@ mod tests {
// The create references itself - allow
#[test]
fn test_create_uuid_reference_self() {
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::with_capacity(0);
let e: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(
r#"{

6
server/lib/src/plugins/spn.rs
View file

@ -103,7 +103,7 @@ impl Plugin for Spn {
Err(e) => return vec![e],
};
let mut r = Vec::new();
let mut r = Vec::with_capacity(0);
for e in all_cand {
let Some(g_spn) = e.generate_spn(&domain_name) else {
@ -233,7 +233,7 @@ mod tests {
);
let create = vec![e];
let preload = Vec::new();
let preload = Vec::with_capacity(0);
run_create_test!(
Ok(()),
@ -286,7 +286,7 @@ mod tests {
);
let create = vec![e];
let preload = Vec::new();
let preload = Vec::with_capacity(0);
run_create_test!(
Ok(()),

2
server/lib/src/plugins/valuedeny.rs
View file

@ -61,7 +61,7 @@ impl Plugin for ValueDeny {
fn verify(qs: &mut QueryServerReadTransaction) -> Vec<Result<(), ConsistencyError>> {
let denied_names = qs.denied_names().clone();
let mut results = Vec::new();
let mut results = Vec::with_capacity(0);
for denied_name in denied_names {
let filt = filter!(f_eq(Attribute::Name, PartialValue::new_iname(&denied_name)));

2
server/lib/src/repl/ruv.rs
View file

@ -907,7 +907,7 @@ impl<'a> ReplicationUpdateVectorWriteTransaction<'a> {
pub fn trim_up_to(&mut self, cid: &Cid) -> Result<IDLBitRange, OperationError> {
trace!(trim_up_to_cid = ?cid);
let mut idl = IDLBitRange::new();
let mut remove_suuid = Vec::default();
let mut remove_suuid = Vec::with_capacity(0);
// Here we can use the for_each here to be trimming the
// range set since that is not ordered by time, we need

4
server/lib/src/schema.rs
View file

@ -593,7 +593,7 @@ pub trait SchemaTransaction {
fn get_reference_types(&self) -> &HashMap<AttrString, SchemaAttribute>;
fn validate(&self) -> Vec<Result<(), ConsistencyError>> {
let mut res = Vec::new();
let mut res = Vec::with_capacity(0);
let class_snapshot = self.get_classes();
let attribute_snapshot = self.get_attributes();
@ -2227,7 +2227,7 @@ impl Schema {
let s = Schema {
classes: CowCell::new(HashMap::with_capacity(128)),
attributes: CowCell::new(HashMap::with_capacity(128)),
unique_cache: CowCell::new(Vec::new()),
unique_cache: CowCell::new(Vec::with_capacity(0)),
ref_cache: CowCell::new(HashMap::with_capacity(64)),
};
// let mut sw = task::block_on(s.write());

8
server/lib/src/server/access/mod.rs
View file

@ -1029,10 +1029,10 @@ impl Default for AccessControls {
fn default() -> Self {
AccessControls {
inner: CowCell::new(AccessControlsInner {
acps_search: Vec::new(),
acps_create: Vec::new(),
acps_modify: Vec::new(),
acps_delete: Vec::new(),
acps_search: Vec::with_capacity(0),
acps_create: Vec::with_capacity(0),
acps_modify: Vec::with_capacity(0),
acps_delete: Vec::with_capacity(0),
sync_agreements: HashMap::default(),
}),
// Allow the expect, if this fails it represents a programming/development

2
server/lib/src/server/keys/internal.rs
View file

@ -924,7 +924,7 @@ impl KeyObjectT for KeyObjectInternal {
Ok(None)
}
fn into_valuesets(&self) -> Result<Vec<(Attribute, ValueSet)>, OperationError> {
fn as_valuesets(&self) -> Result<Vec<(Attribute, ValueSet)>, OperationError> {
let key_iter = self
.jws_es256
.iter()

2
server/lib/src/server/keys/object.rs
View file

@ -44,7 +44,7 @@ pub trait KeyObjectT {
fn jwe_decrypt(&self, jwec: &JweCompact) -> Result<Jwe, OperationError>;
fn into_valuesets(&self) -> Result<Vec<(Attribute, ValueSet)>, OperationError>;
fn as_valuesets(&self) -> Result<Vec<(Attribute, ValueSet)>, OperationError>;
fn duplicate(&self) -> KeyObject;

4
server/lib/src/server/mod.rs
View file

@ -824,7 +824,7 @@ pub trait QueryServerTransaction<'a> {
.collect();
v
} else if let Some(r_map) = value.as_oauthclaim_map() {
let mut v = Vec::new();
let mut v = Vec::with_capacity(0);
for (claim_name, mapping) in r_map.iter() {
for (group_ref, claims) in mapping.values() {
let join_char = mapping.join().to_str();
@ -1133,7 +1133,7 @@ impl<'a> QueryServerReadTransaction<'a> {
// If anything error to this point we can't trust the verifications below. From
// here we can just amass results.
let mut results = Vec::new();
let mut results = Vec::with_capacity(0);
// Verify all our entries. Weird flex I know, but it's needed for verifying
// the entry changelogs are consistent to their entries.

10
server/lib/src/valueset/key_internal.rs
View file

@ -395,7 +395,7 @@ mod tests {
let valid_from = 0;
let status = KeyStatus::Valid;
let status_cid = Cid::new_zero();
let der = Vec::default();
let der = Vec::with_capacity(0);
let mut vs_a: ValueSet =
ValueSetKeyInternal::new(kid.clone(), usage, valid_from, status, status_cid, der);
@ -430,7 +430,7 @@ mod tests {
let valid_from = 0;
let status = KeyStatus::Valid;
let status_cid = Cid::new_zero();
let der = Vec::default();
let der = Vec::with_capacity(0);
let mut vs_a: ValueSet = ValueSetKeyInternal::new(
kid.clone(),
@ -464,7 +464,7 @@ mod tests {
let valid_from = 0;
let status = KeyStatus::Valid;
let status_cid = Cid::new_zero();
let der = Vec::default();
let der = Vec::with_capacity(0);
let vs_a: ValueSet = ValueSetKeyInternal::new(
kid.clone(),
@ -501,7 +501,7 @@ mod tests {
let zero_cid = Cid::new_zero();
let one_cid = Cid::new_count(1);
let two_cid = Cid::new_count(2);
let der = Vec::default();
let der = Vec::with_capacity(0);
let kid_2 = "key_2".to_string();
@ -564,7 +564,7 @@ mod tests {
let zero_cid = Cid::new_zero();
let one_cid = Cid::new_count(1);
let two_cid = Cid::new_count(2);
let der = Vec::default();
let der = Vec::with_capacity(0);
let kid_2 = "key_2".to_string();

2
tools/orca/src/main.rs
View file

@ -1,4 +1,4 @@
#![deny(warnings)]
// #![deny(warnings)]
#![warn(unused_extern_crates)]
#![allow(clippy::panic)]
#![deny(clippy::unreachable)]