Test perf improvements

Makefile

@@ -11,3 +11,6 @@ vendor-prep:
 
 doc-local:
 	cargo doc --document-private-items
+
+install-tools-local:
+	cd kanidm_tools && cargo install --path . --force

kanidm_book/src/ssh_key_dist.md

@@ -3,13 +3,6 @@
 To support SSH authentication securely to a large set of hosts running SSH, we support distribution
 of SSH public keys via the kanidm server.
 
-## pre-release warning
-
-Currently the tools involved on the client machines do *not* cache the SSH public keys. This means
-that if your primary kanidm server is offline you will *not* be able to SSH to these machines. You
-should adapt and maintain a disaster recovery plan that allows you to access machines if or when
-this situation occurs.
-
 ## Configuring accounts
 
 To view the current ssh public keys on accounts, you can use:
@@ -39,7 +32,9 @@ Uploading a private key or other data will be rejected. For example:
 
 ### Public key caching configuration
 
-If you have kanidm_unixd running, you can use it to locally cache ssh public keys.
+If you have kanidm_unixd running, you can use it to locally cache ssh public keys. This means you
+can still ssh into your machines, even if your network is down, you move away from kanidm, or
+some other interruption occurs.
 
 The kanidm_ssh_authorizedkeys command is part of the kanidm-unix-clients package, so should be installed
 on the servers. It communicates to kanidm_unixd, so you should have a configured pam/nsswitch

kanidmd/Cargo.toml

@@ -66,7 +66,9 @@ sshkeys = "0.1"
 rpassword = "0.4"
 num_cpus = "1.10"
 
-idlset = "0.1"
+idlset = { version = "0.1" , features = ["use_smallvec"] }
+# idlset = { version = "0.1" }
+
 zxcvbn = "2.0"
 
 [dev-dependencies]

kanidmd/src/lib/schema.rs

@@ -28,6 +28,7 @@ use std::collections::{BTreeMap, BTreeSet};
 use uuid::Uuid;
 
 use concread::collections::bptree::*;
+use concread::cowcell::*;
 
 // representations of schema that confines object types, classes
 // and attributes. This ties in deeply with "Entry".
@@ -54,7 +55,10 @@ lazy_static! {
 pub struct Schema {
     classes: BptreeMap<String, SchemaClass>,
     attributes: BptreeMap<String, SchemaAttribute>,
-    idxmeta: BptreeMap<String, IndexType>,
+    /// This is a copy-on-write cache of the index metadata that has been
+    /// extracted from attributes set, in the correct format for the backend
+    /// to consume.
+    idxmeta: CowCell<BTreeSet<(String, IndexType)>>,
 }
 
 /// A writable transaction of the working schema set. You should not change this directly,
@@ -63,14 +67,14 @@ pub struct Schema {
 pub struct SchemaWriteTransaction<'a> {
     classes: BptreeMapWriteTxn<'a, String, SchemaClass>,
     attributes: BptreeMapWriteTxn<'a, String, SchemaAttribute>,
-    idxmeta: BptreeMapWriteTxn<'a, String, IndexType>,
+    idxmeta: CowCellWriteTxn<'a, BTreeSet<(String, IndexType)>>,
 }
 
 /// A readonly transaction of the working schema set.
 pub struct SchemaReadTransaction {
     classes: BptreeMapReadTxn<String, SchemaClass>,
     attributes: BptreeMapReadTxn<String, SchemaAttribute>,
-    idxmeta: BptreeMapReadTxn<String, IndexType>,
+    idxmeta: CowCellReadTxn<BTreeSet<(String, IndexType)>>,
 }
 
 /// An item reperesenting an attribute and the rules that enforce it. These rules enforce if an
@@ -452,7 +456,7 @@ pub struct SchemaInner {
 pub trait SchemaTransaction {
     fn get_classes(&self) -> BptreeMapReadSnapshot<String, SchemaClass>;
     fn get_attributes(&self) -> BptreeMapReadSnapshot<String, SchemaAttribute>;
-    fn get_idxmeta(&self) -> BptreeMapReadSnapshot<String, IndexType>;
+    fn get_idxmeta(&self) -> BTreeSet<(String, IndexType)>;
 
     fn validate(&self, _audit: &mut AuditScope) -> Vec<Result<(), ConsistencyError>> {
         let mut res = Vec::new();
@@ -575,9 +579,6 @@ pub trait SchemaTransaction {
 
     fn get_idxmeta_set(&self) -> BTreeSet<(String, IndexType)> {
         self.get_idxmeta()
-            .iter()
-            .map(|(k, v)| (k.clone(), v.clone()))
-            .collect()
     }
 }
 
@@ -1338,8 +1339,8 @@ impl<'a> SchemaTransaction for SchemaWriteTransaction<'a> {
         self.attributes.to_snapshot()
     }
 
-    fn get_idxmeta(&self) -> BptreeMapReadSnapshot<String, IndexType> {
+    fn get_idxmeta(&self) -> BTreeSet<(String, IndexType)> {
-        self.idxmeta.to_snapshot()
+        self.idxmeta.clone()
     }
 }
 
@@ -1352,8 +1353,8 @@ impl SchemaTransaction for SchemaReadTransaction {
         self.attributes.to_snapshot()
     }
 
-    fn get_idxmeta(&self) -> BptreeMapReadSnapshot<String, IndexType> {
+    fn get_idxmeta(&self) -> BTreeSet<(String, IndexType)> {
-        self.idxmeta.to_snapshot()
+        (*self.idxmeta).clone()
     }
 }
 
@@ -1362,7 +1363,7 @@ impl Schema {
         let s = Schema {
             classes: BptreeMap::new(),
             attributes: BptreeMap::new(),
-            idxmeta: BptreeMap::new(),
+            idxmeta: CowCell::new(BTreeSet::new()),
         };
         let mut sw = s.write();
         let r1 = sw.generate_in_memory(audit);