mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-06-07 16:47:47 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Schema dooby doo ... yon ()

Browse source 
Refers 

Notable changes:

- in server/lib/src/entry.rs - aiming to pass the enum instead of the strings
    - changed signature of add_ava to take Attribute instead of &str (which is used in the entry_init macro... which was fun)
    - set_ava<T> now takes Attribute
- added TryFrom<&AttrString> for Attribute
This commit is contained in:
James Hodgkinson 2023-09-12 11:47:24 +10:00 committed by GitHub
parent d5c1f9de6a
commit 383592d921
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
49 changed files with 4551 additions and 6639 deletions

30
server/lib/benches/scaling_10k.rs
View file

@ -40,15 +40,12 @@ pub fn scaling_user_create_single(c: &mut Criterion) {
let mut idms_prox_write = idms.proxy_write(ct).await;
let name = format!("testperson_{counter}");
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname(&name)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("criterion")
),
(Attribute::DisplayName.as_ref(), Value::new_utf8s(&name))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname(&name)),
(Attribute::Description, Value::new_utf8s("criterion")),
(Attribute::DisplayName, Value::new_utf8s(&name))
);
let cr = idms_prox_write.qs_write.internal_create(vec![e1]);
@ -84,15 +81,12 @@ pub fn scaling_user_create_batched(c: &mut Criterion) {
.map(|i| {
let name = format!("testperson_{i}");
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname(&name)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("criterion")
),
(Attribute::DisplayName.as_ref(), Value::new_utf8s(&name))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname(&name)),
(Attribute::Description, Value::new_utf8s("criterion")),
(Attribute::DisplayName, Value::new_utf8s(&name))
)
})
.collect();

6
server/lib/src/be/dbentry.rs
View file

@ -439,7 +439,7 @@ impl std::fmt::Display for DbEntry {
match &self.ent {
DbEntryVers::V1(dbe_v1) => {
write!(f, "v1 - {{ ")?;
match dbe_v1.attrs.get("uuid") {
match dbe_v1.attrs.get(Attribute::Uuid.as_ref()) {
Some(uuids) => {
for uuid in uuids {
write!(f, "{uuid:?}, ")?;
@ -466,7 +466,7 @@ impl std::fmt::Display for DbEntry {
}
DbEntryVers::V2(dbe_v2) => {
write!(f, "v2 - {{ ")?;
match dbe_v2.attrs.get("uuid") {
match dbe_v2.attrs.get(Attribute::Uuid.as_ref()) {
Some(uuids) => {
write!(f, "{uuids:?}, ")?;
}
@ -478,7 +478,7 @@ impl std::fmt::Display for DbEntry {
if let Some(names) = dbe_v2.attrs.get(Attribute::AttributeName.as_ref()) {
write!(f, "{names:?}, ")?;
}
if let Some(names) = dbe_v2.attrs.get("classname") {
if let Some(names) = dbe_v2.attrs.get(Attribute::ClassName.as_ref()) {
write!(f, "{names:?}, ")?;
}
write!(f, "}}")

418
server/lib/src/be/mod.rs
View file

@ -1125,9 +1125,11 @@ impl<'a> BackendWriteTransaction<'a> {
let ctx_ent_uuid = ctx_ent.get_uuid();
let idx_key = ctx_ent_uuid.as_hyphenated().to_string();
let idl = self
.get_idlayer()
.get_idl("uuid", IndexType::Equality, &idx_key)?;
let idl = self.get_idlayer().get_idl(
Attribute::Uuid.as_ref(),
IndexType::Equality,
&idx_key,
)?;
let entry = match idl {
Some(idl) if idl.is_empty() => {
@ -1496,7 +1498,7 @@ impl<'a> BackendWriteTransaction<'a> {
Some(mut idl) => {
idl.insert_id(e_id);
if cfg!(debug_assertions)
&& attr == "uuid" && itype == IndexType::Equality {
&& attr == Attribute::Uuid.as_ref() && itype == IndexType::Equality {
trace!("{:?}", idl);
debug_assert!(idl.len() <= 1);
}
@ -1516,7 +1518,7 @@ impl<'a> BackendWriteTransaction<'a> {
match self.idlayer.get_idl(attr, itype, &idx_key)? {
Some(mut idl) => {
idl.remove_id(e_id);
if cfg!(debug_assertions) && attr == "uuid" && itype == IndexType::Equality {
if cfg!(debug_assertions) && attr == Attribute::Uuid.as_ref() && itype == IndexType::Equality {
trace!("{:?}", idl);
debug_assert!(idl.len() <= 1);
}
@ -2136,9 +2138,9 @@ mod tests {
assert_eq!(empty_result, Err(OperationError::EmptyRequest));
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e = e.into_sealed_new();
@ -2158,9 +2160,9 @@ mod tests {
trace!("Simple Search");
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("claire"));
e.add_ava(Attribute::UserId, Value::from("claire"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e = e.into_sealed_new();
@ -2191,16 +2193,16 @@ mod tests {
let lims = Limits::unlimited();
// First create some entries (3?)
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e1.add_ava(Attribute::UserId, Value::from("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::UserId.as_ref(), Value::from("alice"));
e2.add_ava(Attribute::UserId, Value::from("alice"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("4b6228ab-1dbe-42a4-a9f5-f6368222438e"),
);
@ -2236,8 +2238,8 @@ mod tests {
// Make some changes to r1, r2.
let pre1 = Arc::new(r1.clone().into_sealed_committed());
let pre2 = Arc::new(r2.clone().into_sealed_committed());
r1.add_ava("testattr", Value::from("modified"));
r2.add_ava("testattr", Value::from("modified"));
r1.add_ava(Attribute::TestAttr, Value::from("modified"));
r2.add_ava(Attribute::TestAttr, Value::from("modified"));
// Now ... cheat.
@ -2247,8 +2249,8 @@ mod tests {
// Modify single
assert!(be.modify(&CID_ZERO, &[pre1], &[vr1.clone()]).is_ok());
// Assert no other changes
assert!(entry_attr_pres!(be, vr1, "testattr"));
assert!(!entry_attr_pres!(be, vr2, "testattr"));
assert!(entry_attr_pres!(be, vr1, Attribute::TestAttr.as_ref()));
assert!(!entry_attr_pres!(be, vr2, Attribute::TestAttr.as_ref()));
// Modify both
assert!(be
@ -2259,8 +2261,8 @@ mod tests {
)
.is_ok());
assert!(entry_attr_pres!(be, vr1, "testattr"));
assert!(entry_attr_pres!(be, vr2, "testattr"));
assert!(entry_attr_pres!(be, vr1, Attribute::TestAttr.as_ref()));
assert!(entry_attr_pres!(be, vr2, Attribute::TestAttr.as_ref()));
});
}
@ -2272,23 +2274,23 @@ mod tests {
// First create some entries (3?)
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e1.add_ava(Attribute::UserId, Value::from("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::UserId.as_ref(), Value::from("alice"));
e2.add_ava(Attribute::UserId, Value::from("alice"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("4b6228ab-1dbe-42a4-a9f5-f6368222438e"),
);
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::UserId.as_ref(), Value::from("lucy"));
e3.add_ava(Attribute::UserId, Value::from("lucy"));
e3.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("7b23c99d-c06b-4a9a-a958-3afa56383e1d"),
);
@ -2377,23 +2379,23 @@ mod tests {
// First create some entries (3?)
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e1.add_ava(Attribute::UserId, Value::from("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::UserId.as_ref(), Value::from("alice"));
e2.add_ava(Attribute::UserId, Value::from("alice"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("4b6228ab-1dbe-42a4-a9f5-f6368222438e"),
);
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::UserId.as_ref(), Value::from("lucy"));
e3.add_ava(Attribute::UserId, Value::from("lucy"));
e3.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("7b23c99d-c06b-4a9a-a958-3afa56383e1d"),
);
@ -2441,23 +2443,23 @@ mod tests {
be.set_db_ts_max(Duration::from_secs(1)).unwrap();
// First create some entries (3?)
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e1.add_ava(Attribute::UserId, Value::from("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::UserId.as_ref(), Value::from("alice"));
e2.add_ava(Attribute::UserId, Value::from("alice"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("4b6228ab-1dbe-42a4-a9f5-f6368222438e"),
);
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::UserId.as_ref(), Value::from("lucy"));
e3.add_ava(Attribute::UserId, Value::from("lucy"));
e3.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("7b23c99d-c06b-4a9a-a958-3afa56383e1d"),
);
@ -2545,17 +2547,17 @@ mod tests {
run_test!(|be: &mut BackendWriteTransaction| {
// Add some test data?
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e1 = e1.into_sealed_new();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
e2.add_ava(Attribute::Name, Value::new_iname("claire"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("bd651620-00dd-426b-aaa0-4494f7b7906f"),
);
let e2 = e2.into_sealed_new();
@ -2573,15 +2575,33 @@ mod tests {
assert!(missing.is_empty());
// check name and uuid ids on eq, sub, pres
idl_state!(be, "name", IndexType::Equality, "william", Some(vec![1]));
idl_state!(be, "name", IndexType::Equality, "claire", Some(vec![2]));
idl_state!(be, "name", IndexType::Presence, "_", Some(vec![1, 2]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(vec![1])
);
idl_state!(
be,
"uuid",
Attribute::Name.as_ref(),
IndexType::Equality,
"claire",
Some(vec![2])
);
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(vec![1, 2])
);
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(vec![1])
@ -2589,19 +2609,25 @@ mod tests {
idl_state!(
be,
"uuid",
Attribute::Uuid.as_ref(),
IndexType::Equality,
"bd651620-00dd-426b-aaa0-4494f7b7906f",
Some(vec![2])
);
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![1, 2]));
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(vec![1, 2])
);
// Show what happens with empty
idl_state!(
be,
"name",
Attribute::Name.as_ref(),
IndexType::Equality,
"not-exist",
Some(Vec::new())
@ -2609,7 +2635,7 @@ mod tests {
idl_state!(
be,
"uuid",
Attribute::Uuid.as_ref(),
IndexType::Equality,
"fake-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
@ -2648,9 +2674,9 @@ mod tests {
// Test that on entry create, the indexes are made correctly.
// this is a similar case to reindex.
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::from("william"));
e1.add_ava(Attribute::Name, Value::from("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e1 = e1.into_sealed_new();
@ -2659,19 +2685,37 @@ mod tests {
let mut rset: Vec<_> = rset.into_iter().map(Arc::new).collect();
let e1 = rset.pop().unwrap();
idl_state!(be, "name", IndexType::Equality, "william", Some(vec![1]));
idl_state!(be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(vec![1])
);
idl_state!(
be,
"uuid",
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(vec![1])
);
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(vec![1])
);
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(vec![1])
);
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("william") == Ok(Some(william_uuid)));
@ -2683,19 +2727,37 @@ mod tests {
assert!(be.modify(&CID_ONE, &[e1], &[e1_ts]).is_ok());
be.reap_tombstones(&CID_TWO).unwrap();
idl_state!(be, "name", IndexType::Equality, "william", Some(Vec::new()));
idl_state!(be, "name", IndexType::Presence, "_", Some(Vec::new()));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(Vec::new())
);
idl_state!(
be,
"uuid",
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(Vec::new())
);
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
);
idl_state!(be, "uuid", IndexType::Presence, "_", Some(Vec::new()));
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(Vec::new())
);
assert!(be.name2uuid("william") == Ok(None));
assert!(be.uuid2spn(william_uuid) == Ok(None));
@ -2712,25 +2774,25 @@ mod tests {
// Test that on entry create, the indexes are made correctly.
// this is a similar case to reindex.
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e1 = e1.into_sealed_new();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
e2.add_ava(Attribute::Name, Value::new_iname("claire"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("bd651620-00dd-426b-aaa0-4494f7b7906f"),
);
let e2 = e2.into_sealed_new();
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::UserId.as_ref(), Value::new_iname("lucy"));
e3.add_ava(Attribute::UserId, Value::new_iname("lucy"));
e3.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("7b23c99d-c06b-4a9a-a958-3afa56383e1d"),
);
let e3 = e3.into_sealed_new();
@ -2747,19 +2809,37 @@ mod tests {
assert!(be.modify(&CID_ONE, &[e1, e3], &[e1_ts, e3_ts]).is_ok());
be.reap_tombstones(&CID_TWO).unwrap();
idl_state!(be, "name", IndexType::Equality, "claire", Some(vec![2]));
idl_state!(be, "name", IndexType::Presence, "_", Some(vec![2]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"claire",
Some(vec![2])
);
idl_state!(
be,
"uuid",
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(vec![2])
);
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Equality,
"bd651620-00dd-426b-aaa0-4494f7b7906f",
Some(vec![2])
);
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![2]));
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(vec![2])
);
let claire_uuid = uuid!("bd651620-00dd-426b-aaa0-4494f7b7906f");
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
@ -2789,12 +2869,12 @@ mod tests {
// us. For the test to be "accurate" we must add one attr, remove one attr
// and change one attr.
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e1.add_ava("testattr", Value::from("test"));
e1.add_ava(Attribute::TestAttr, Value::from("test"));
let e1 = e1.into_sealed_new();
let rset = be.create(&CID_ZERO, vec![e1]).unwrap();
@ -2802,31 +2882,49 @@ mod tests {
// Now, alter the new entry.
let mut ce1 = rset[0].as_ref().clone().into_invalid();
// add something.
ce1.add_ava("testattrnumber", Value::from("test"));
ce1.add_ava(Attribute::TestNumber, Value::from("test"));
// remove something.
ce1.purge_ava("testattr");
ce1.purge_ava(Attribute::TestAttr.as_ref());
// mod something.
ce1.purge_ava("name");
ce1.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
ce1.purge_ava(Attribute::Name.as_ref());
ce1.add_ava(Attribute::Name, Value::new_iname("claire"));
let ce1 = ce1.into_sealed_committed();
be.modify(&CID_ZERO, &rset, &[ce1]).unwrap();
// Now check the idls
idl_state!(be, "name", IndexType::Equality, "claire", Some(vec![1]));
idl_state!(be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"claire",
Some(vec![1])
);
idl_state!(
be,
"testattrnumber",
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(vec![1])
);
idl_state!(
be,
Attribute::TestNumber.as_ref(),
IndexType::Equality,
"test",
Some(vec![1])
);
idl_state!(be, "testattr", IndexType::Equality, "test", Some(vec![]));
idl_state!(
be,
Attribute::TestAttr,
IndexType::Equality,
"test",
Some(vec![])
);
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("william") == Ok(None));
@ -2844,9 +2942,9 @@ mod tests {
// This will be needing to be correct for conflicts when we add
// replication support!
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e1 = e1.into_sealed_new();
@ -2855,38 +2953,62 @@ mod tests {
let rset: Vec<_> = rset.into_iter().map(Arc::new).collect();
// Now, alter the new entry.
let mut ce1 = rset[0].as_ref().clone().into_invalid();
ce1.purge_ava("name");
ce1.purge_ava("uuid");
ce1.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
ce1.purge_ava(Attribute::Name.as_ref());
ce1.purge_ava(Attribute::Uuid.as_ref());
ce1.add_ava(Attribute::Name, Value::new_iname("claire"));
ce1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8"),
);
let ce1 = ce1.into_sealed_committed();
be.modify(&CID_ZERO, &rset, &[ce1]).unwrap();
idl_state!(be, "name", IndexType::Equality, "claire", Some(vec![1]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"claire",
Some(vec![1])
);
idl_state!(
be,
"uuid",
Attribute::Uuid.as_ref(),
IndexType::Equality,
"04091a7a-6ce4-42d2-abf5-c2ce244ac9e8",
Some(vec![1])
);
idl_state!(be, "name", IndexType::Presence, "_", Some(vec![1]));
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![1]));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Presence,
"_",
Some(vec![1])
);
idl_state!(
be,
Attribute::Uuid.as_ref(),
IndexType::Presence,
"_",
Some(vec![1])
);
idl_state!(
be,
"uuid",
Attribute::Uuid.as_ref(),
IndexType::Equality,
"db237e8a-0079-4b8c-8a56-593b22aa44d1",
Some(Vec::new())
);
idl_state!(be, "name", IndexType::Equality, "william", Some(Vec::new()));
idl_state!(
be,
Attribute::Name.as_ref(),
IndexType::Equality,
"william",
Some(Vec::new())
);
let claire_uuid = uuid!("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8");
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
@ -2906,19 +3028,19 @@ mod tests {
// Create a test entry with some indexed / unindexed values.
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e1.add_ava("no-index", Value::from("william"));
e1.add_ava("other-no-index", Value::from("william"));
e1.add_ava(Attribute::NoIndex, Value::from("william"));
e1.add_ava(Attribute::OtherNoIndex, Value::from("william"));
let e1 = e1.into_sealed_new();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
e2.add_ava(Attribute::Name, Value::new_iname("claire"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d2"),
);
let e2 = e2.into_sealed_new();
@ -3199,33 +3321,33 @@ mod tests {
run_test!(|be: &mut BackendWriteTransaction| {
// Create some test entry with some indexed / unindexed values.
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e1.add_ava(Attribute::Name, Value::new_iname("william"));
e1.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e1.add_ava("testattr", Value::from("dupe"));
e1.add_ava("testattrnumber", Value::from("1"));
e1.add_ava(Attribute::TestAttr, Value::from("dupe"));
e1.add_ava(Attribute::TestNumber, Value::from("1"));
let e1 = e1.into_sealed_new();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Name.as_ref(), Value::new_iname("claire"));
e2.add_ava(Attribute::Name, Value::new_iname("claire"));
e2.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d2"),
);
e2.add_ava("testattr", Value::from("dupe"));
e2.add_ava("testattrnumber", Value::from("1"));
e2.add_ava(Attribute::TestAttr, Value::from("dupe"));
e2.add_ava(Attribute::TestNumber, Value::from("1"));
let e2 = e2.into_sealed_new();
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::Name.as_ref(), Value::new_iname("benny"));
e3.add_ava(Attribute::Name, Value::new_iname("benny"));
e3.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d3"),
);
e3.add_ava("testattr", Value::from("dupe"));
e3.add_ava("testattrnumber", Value::from("2"));
e3.add_ava(Attribute::TestAttr, Value::from("dupe"));
e3.add_ava(Attribute::TestNumber, Value::from("2"));
let e3 = e3.into_sealed_new();
let _rset = be.create(&CID_ZERO, vec![e1, e2, e3]).unwrap();
@ -3235,30 +3357,36 @@ mod tests {
assert!(!be.is_idx_slopeyness_generated().unwrap());
let ta_eq_slope = be
.get_idx_slope(&IdxKey::new("testattr", IndexType::Equality))
.get_idx_slope(&IdxKey::new(
Attribute::TestAttr.as_ref(),
IndexType::Equality,
))
.unwrap();
assert_eq!(ta_eq_slope, 45);
let tb_eq_slope = be
.get_idx_slope(&IdxKey::new("testattrnumber", IndexType::Equality))
.get_idx_slope(&IdxKey::new(
Attribute::TestNumber.as_ref(),
IndexType::Equality,
))
.unwrap();
assert_eq!(tb_eq_slope, 45);
let name_eq_slope = be
.get_idx_slope(&IdxKey::new("name", IndexType::Equality))
.get_idx_slope(&IdxKey::new(Attribute::Name.as_ref(), IndexType::Equality))
.unwrap();
assert_eq!(name_eq_slope, 1);
let uuid_eq_slope = be
.get_idx_slope(&IdxKey::new("uuid", IndexType::Equality))
.get_idx_slope(&IdxKey::new(Attribute::Uuid.as_ref(), IndexType::Equality))
.unwrap();
assert_eq!(uuid_eq_slope, 1);
let name_pres_slope = be
.get_idx_slope(&IdxKey::new("name", IndexType::Presence))
.get_idx_slope(&IdxKey::new(Attribute::Name.as_ref(), IndexType::Presence))
.unwrap();
assert_eq!(name_pres_slope, 90);
let uuid_pres_slope = be
.get_idx_slope(&IdxKey::new("uuid", IndexType::Presence))
.get_idx_slope(&IdxKey::new(Attribute::Uuid.as_ref(), IndexType::Presence))
.unwrap();
assert_eq!(uuid_pres_slope, 90);
// Check the slopes are what we expect for hardcoded values.
@ -3269,30 +3397,36 @@ mod tests {
assert!(be.is_idx_slopeyness_generated().unwrap());
let ta_eq_slope = be
.get_idx_slope(&IdxKey::new("testattr", IndexType::Equality))
.get_idx_slope(&IdxKey::new(
Attribute::TestAttr.as_ref(),
IndexType::Equality,
))
.unwrap();
assert_eq!(ta_eq_slope, 200);
let tb_eq_slope = be
.get_idx_slope(&IdxKey::new("testattrnumber", IndexType::Equality))
.get_idx_slope(&IdxKey::new(
Attribute::TestNumber.as_ref(),
IndexType::Equality,
))
.unwrap();
assert_eq!(tb_eq_slope, 133);
let name_eq_slope = be
.get_idx_slope(&IdxKey::new("name", IndexType::Equality))
.get_idx_slope(&IdxKey::new(Attribute::Name.as_ref(), IndexType::Equality))
.unwrap();
assert_eq!(name_eq_slope, 51);
let uuid_eq_slope = be
.get_idx_slope(&IdxKey::new("uuid", IndexType::Equality))
.get_idx_slope(&IdxKey::new(Attribute::Uuid.as_ref(), IndexType::Equality))
.unwrap();
assert_eq!(uuid_eq_slope, 51);
let name_pres_slope = be
.get_idx_slope(&IdxKey::new("name", IndexType::Presence))
.get_idx_slope(&IdxKey::new(Attribute::Name.as_ref(), IndexType::Presence))
.unwrap();
assert_eq!(name_pres_slope, 200);
let uuid_pres_slope = be
.get_idx_slope(&IdxKey::new("uuid", IndexType::Presence))
.get_idx_slope(&IdxKey::new(Attribute::Uuid.as_ref(), IndexType::Presence))
.unwrap();
assert_eq!(uuid_pres_slope, 200);
})
@ -3308,12 +3442,12 @@ mod tests {
lim_deny_allids.unindexed_allow = false;
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e.add_ava(Attribute::NonExist.as_ref(), Value::from("x"));
e.add_ava(Attribute::NonExist, Value::from("x"));
let e = e.into_sealed_new();
let single_result = be.create(&CID_ZERO, vec![e.clone()]);
@ -3346,12 +3480,12 @@ mod tests {
lim_deny.search_max_results = 0;
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e.add_ava(Attribute::NonExist.as_ref(), Value::from("x"));
e.add_ava(Attribute::NonExist, Value::from("x"));
let e = e.into_sealed_new();
let single_result = be.create(&CID_ZERO, vec![e.clone()]);
assert!(single_result.is_ok());
@ -3405,13 +3539,13 @@ mod tests {
lim_deny.search_max_filter_test = 0;
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::Name.as_ref(), Value::new_iname("william"));
e.add_ava(Attribute::Name, Value::new_iname("william"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
e.add_ava(Attribute::NonExist.as_ref(), Value::from("x"));
e.add_ava(Attribute::NonExist.as_ref(), Value::from("y"));
e.add_ava(Attribute::NonExist, Value::from("x"));
e.add_ava(Attribute::NonExist, Value::from("y"));
let e = e.into_sealed_new();
let single_result = be.create(&CID_ZERO, vec![e]);
assert!(single_result.is_ok());
@ -3477,9 +3611,9 @@ mod tests {
// Create into A
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
);
let e = e.into_sealed_new();
@ -3501,9 +3635,9 @@ mod tests {
// Create into B
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("claire"));
e.add_ava(Attribute::UserId, Value::from("claire"));
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::from("0c680959-0944-47d6-9dea-53304d124266"),
);
let e = e.into_sealed_new();

3225
server/lib/src/constants/acp.rs
View file

File diff suppressed because it is too large Load diff

93
server/lib/src/constants/entries.rs
View file

@ -1,6 +1,6 @@
//! Constant Entries for the IDM
use crate::prelude::AttrString;
use enum_iterator::Sequence;
use std::fmt::Display;
use crate::constants::uuids::*;
@ -34,7 +34,7 @@ fn test_valueattribute_round_trip() {
}
}
#[derive(Copy, Clone, Debug, PartialEq, Sequence)]
#[derive(Copy, Clone, Debug, PartialEq, Sequence, Hash)]
pub enum Attribute {
Account,
AccountExpire,
@ -197,6 +197,14 @@ impl TryFrom<&str> for Attribute {
}
}
impl TryFrom<&AttrString> for Attribute {
type Error = OperationError;
fn try_from(value: &AttrString) -> Result<Self, Self::Error> {
Attribute::try_from(value.to_string())
}
}
impl TryFrom<String> for Attribute {
type Error = OperationError;
fn try_from(val: String) -> Result<Self, OperationError> {
@ -488,9 +496,9 @@ impl From<Attribute> for &'static str {
}
}
impl From<Attribute> for crate::prelude::AttrString {
impl From<Attribute> for AttrString {
fn from(val: Attribute) -> Self {
crate::prelude::AttrString::from(val.to_string())
AttrString::from(val.to_string())
}
}
@ -661,14 +669,11 @@ impl TryFrom<BuiltinGroup> for EntryInitNew {
fn try_from(val: BuiltinGroup) -> Result<Self, OperationError> {
let mut entry = EntryInitNew::new();
entry.add_ava(Attribute::Name.as_ref(), Value::new_iname(val.name));
entry.add_ava(
Attribute::Description.as_ref(),
Value::new_utf8s(val.description),
);
entry.add_ava(Attribute::Name, Value::new_iname(val.name));
entry.add_ava(Attribute::Description, Value::new_utf8s(val.description));
// classes for groups
entry.set_ava(
Attribute::Class.as_ref(),
Attribute::Class,
vec![EntryClass::Group.into(), EntryClass::Object.into()],
);
if val.dyngroup {
@ -678,11 +683,9 @@ impl TryFrom<BuiltinGroup> for EntryInitNew {
val.name
)));
}
entry.add_ava(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value());
entry.add_ava(Attribute::Class, EntryClass::DynGroup.to_value());
match val.dyngroup_filter {
Some(filter) => {
entry.add_ava(Attribute::DynGroupFilter.as_ref(), Value::JsonFilt(filter))
}
Some(filter) => entry.add_ava(Attribute::DynGroupFilter, Value::JsonFilt(filter)),
None => {
error!(
"No filter specified for dyngroup '{}' this is going to break things!",
@ -692,9 +695,9 @@ impl TryFrom<BuiltinGroup> for EntryInitNew {
}
};
}
entry.add_ava(Attribute::Uuid.as_ref(), Value::Uuid(val.uuid));
entry.add_ava(Attribute::Uuid, Value::Uuid(val.uuid));
entry.set_ava(
Attribute::Member.as_ref(),
Attribute::Member,
val.members
.into_iter()
.map(Value::Refer)
@ -703,7 +706,7 @@ impl TryFrom<BuiltinGroup> for EntryInitNew {
// add any extra attributes
val.extra_attributes
.into_iter()
.for_each(|(attr, val)| entry.add_ava(attr.as_ref(), val));
.for_each(|(attr, val)| entry.add_ava(attr, val));
// all done!
Ok(entry)
}
@ -1169,25 +1172,25 @@ lazy_static! {
};
pub static ref E_SYSTEM_INFO_V1: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::SystemInfo.to_value()),
(Attribute::Class.as_ref(), EntryClass::System.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_SYSTEM_INFO)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SystemInfo.to_value()),
(Attribute::Class, EntryClass::System.to_value()),
(Attribute::Uuid, Value::Uuid(UUID_SYSTEM_INFO)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("System (local) info and metadata object.")
),
(Attribute::Version.as_ref(), Value::Uint32(14))
(Attribute::Version, Value::Uint32(14))
);
pub static ref E_DOMAIN_INFO_V1: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::DomainInfo.to_value()),
(Attribute::Class.as_ref(), EntryClass::System.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("domain_local")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_DOMAIN_INFO)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::DomainInfo.to_value()),
(Attribute::Class, EntryClass::System.to_value()),
(Attribute::Name, Value::new_iname("domain_local")),
(Attribute::Uuid, Value::Uuid(UUID_DOMAIN_INFO)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("This local domain's info and metadata object.")
)
);
@ -1233,21 +1236,15 @@ impl From<BuiltinAccount> for Account {
impl From<BuiltinAccount> for EntryInitNew {
fn from(value: BuiltinAccount) -> Self {
let mut entry = EntryInitNew::new();
entry.add_ava(Attribute::Name.as_ref(), Value::new_iname(value.name));
entry.add_ava(Attribute::Uuid.as_ref(), Value::Uuid(value.uuid));
entry.add_ava(
Attribute::Description.as_ref(),
Value::new_utf8s(value.description),
);
entry.add_ava(
Attribute::DisplayName.as_ref(),
Value::new_utf8s(value.displayname),
);
entry.add_ava(Attribute::Name, Value::new_iname(value.name));
entry.add_ava(Attribute::Uuid, Value::Uuid(value.uuid));
entry.add_ava(Attribute::Description, Value::new_utf8s(value.description));
entry.add_ava(Attribute::DisplayName, Value::new_utf8s(value.displayname));
entry.add_ava(Attribute::Class.as_ref(), EntryClass::Object.to_value());
entry.add_ava(Attribute::Class.as_ref(), EntryClass::Account.to_value());
entry.add_ava(Attribute::Class, EntryClass::Object.to_value());
entry.add_ava(Attribute::Class, EntryClass::Account.to_value());
entry.set_ava(
Attribute::Class.as_ref(),
Attribute::Class,
value
.classes
.into_iter()
@ -1316,13 +1313,13 @@ pub const JSON_TESTPERSON2: &str = r#"{
#[cfg(test)]
lazy_static! {
pub static ref E_TESTPERSON_1: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TESTPERSON_1))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TESTPERSON_1))
);
pub static ref E_TESTPERSON_2: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson2")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TESTPERSON_2))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("testperson2")),
(Attribute::Uuid, Value::Uuid(UUID_TESTPERSON_2))
);
}

2820
server/lib/src/constants/system_config.rs
View file

File diff suppressed because it is too large Load diff

167
server/lib/src/entry.rs
View file

@ -620,20 +620,16 @@ impl Entry<EntryInit, EntryNew> {
// state, which precedes the generation of the initial Create
// event for the attribute.
/// Add an attribute-value-assertion to this Entry.
pub fn add_ava(&mut self, attr: &str, value: Value) {
// TODO: attr can be replaced with Attribute and this can go away
#[allow(clippy::panic)]
let attr =
Attribute::try_from(attr).unwrap_or_else(|_| panic!("Invalid attribute {}", attr));
pub fn add_ava(&mut self, attr: Attribute, value: Value) {
self.add_ava_int(attr, value);
}
/// Replace the existing content of an attribute set of this Entry, with a new set of Values.
pub fn set_ava<T>(&mut self, attr: &str, iter: T)
pub fn set_ava<T>(&mut self, attr: Attribute, iter: T)
where
T: IntoIterator<Item = Value>,
{
self.set_ava_int(attr, iter)
self.set_ava_int(attr.as_ref(), iter)
}
pub fn get_ava_mut(&mut self, attr: &str) -> Option<&mut ValueSet> {
@ -661,11 +657,12 @@ impl<STATE> Entry<EntryRefresh, STATE> {
) -> Result<Entry<EntryValid, STATE>, SchemaError> {
let uuid: Uuid = self
.attrs
.get("uuid")
.ok_or_else(|| SchemaError::MissingMustAttribute(vec!["uuid".to_string()]))
.get(Attribute::Uuid.as_ref())
.ok_or_else(|| SchemaError::MissingMustAttribute(vec![Attribute::Uuid.to_string()]))
.and_then(|vs| {
vs.to_uuid_single()
.ok_or_else(|| SchemaError::MissingMustAttribute(vec!["uuid".to_string()]))
vs.to_uuid_single().ok_or_else(|| {
SchemaError::MissingMustAttribute(vec![Attribute::Uuid.to_string()])
})
})?;
// Build the new valid entry ...
@ -793,17 +790,14 @@ impl Entry<EntryIncremental, EntryNew> {
cnf_ent.trigger_last_changed();
// Move the current uuid to source_uuid
cnf_ent.add_ava(
Attribute::SourceUuid.as_ref(),
Value::Uuid(db_ent.valid.uuid),
);
cnf_ent.add_ava(Attribute::SourceUuid, Value::Uuid(db_ent.valid.uuid));
// We need to make a random uuid in the conflict gen process.
let new_uuid = Uuid::new_v4();
cnf_ent.purge_ava("uuid");
cnf_ent.add_ava(Attribute::Uuid.as_ref(), Value::Uuid(new_uuid));
cnf_ent.add_ava(Attribute::Class.as_ref(), EntryClass::Recycled.into());
cnf_ent.add_ava(Attribute::Class.as_ref(), EntryClass::Conflict.into());
cnf_ent.purge_ava(Attribute::Uuid.as_ref());
cnf_ent.add_ava(Attribute::Uuid, Value::Uuid(new_uuid));
cnf_ent.add_ava(Attribute::Class, EntryClass::Recycled.into());
cnf_ent.add_ava(Attribute::Class, EntryClass::Conflict.into());
// Now we have to internally bypass some states.
// This is okay because conflict entries aren't subject
@ -1093,7 +1087,9 @@ impl Entry<EntryIncremental, EntryCommitted> {
impl<STATE> Entry<EntryInvalid, STATE> {
// This is only used in tests today, but I don't want to cfg test it.
pub(crate) fn get_uuid(&self) -> Option<Uuid> {
self.attrs.get("uuid").and_then(|vs| vs.to_uuid_single())
self.attrs
.get(Attribute::Uuid.as_ref())
.and_then(|vs| vs.to_uuid_single())
}
/// Validate that this entry and its attribute-value sets are conformant to the system's'
@ -1104,11 +1100,12 @@ impl<STATE> Entry<EntryInvalid, STATE> {
) -> Result<Entry<EntryValid, STATE>, SchemaError> {
let uuid: Uuid = self
.attrs
.get("uuid")
.ok_or_else(|| SchemaError::MissingMustAttribute(vec!["uuid".to_string()]))
.get(Attribute::Uuid.as_ref())
.ok_or_else(|| SchemaError::MissingMustAttribute(vec![Attribute::Uuid.to_string()]))
.and_then(|vs| {
vs.to_uuid_single()
.ok_or_else(|| SchemaError::MissingMustAttribute(vec!["uuid".to_string()]))
vs.to_uuid_single().ok_or_else(|| {
SchemaError::MissingMustAttribute(vec![Attribute::Uuid.to_string()])
})
})?;
// Build the new valid entry ...
@ -1160,7 +1157,7 @@ impl Entry<EntryInvalid, EntryCommitted> {
/// Convert this entry into a recycled entry, that is "in the recycle bin".
pub fn to_recycled(mut self) -> Self {
// This will put the modify ahead of the recycle transition.
self.add_ava(Attribute::Class.as_ref(), EntryClass::Recycled.into());
self.add_ava(Attribute::Class, EntryClass::Recycled.into());
// Change state repl doesn't need this flag
// self.valid.ecstate.recycled(&self.valid.cid);
@ -1177,20 +1174,20 @@ impl Entry<EntryInvalid, EntryCommitted> {
where
T: IntoIterator<Item = Uuid>,
{
self.add_ava(Attribute::Class.as_ref(), EntryClass::Recycled.into());
self.add_ava(Attribute::Class.as_ref(), EntryClass::Conflict.into());
self.add_ava(Attribute::Class, EntryClass::Recycled.into());
self.add_ava(Attribute::Class, EntryClass::Conflict.into());
// Add all the source uuids we conflicted against.
for source_uuid in iter {
self.add_ava(Attribute::SourceUuid.as_ref(), Value::Uuid(source_uuid));
self.add_ava(Attribute::SourceUuid, Value::Uuid(source_uuid));
}
}
/// Extract this entry from the recycle bin into a live state.
pub fn to_revived(mut self) -> Self {
// This will put the modify ahead of the revive transition.
self.remove_ava(ATTR_CLASS, &EntryClass::Recycled.into());
self.remove_ava(ATTR_CLASS, &EntryClass::Conflict.into());
self.purge_ava(ATTR_SOURCE_UUID);
self.remove_ava(Attribute::Class.as_ref(), &EntryClass::Recycled.into());
self.remove_ava(Attribute::Class.as_ref(), &EntryClass::Conflict.into());
self.purge_ava(Attribute::SourceUuid.as_ref());
// Change state repl doesn't need this flag
// self.valid.ecstate.revive(&self.valid.cid);
@ -1390,14 +1387,14 @@ impl Entry<EntrySealed, EntryCommitted> {
// * name
// * gidnumber
let cands = [
Attribute::Spn.as_ref(),
Attribute::Name.as_ref(),
Attribute::GidNumber.as_ref(),
];
let cands = [Attribute::Spn, Attribute::Name, Attribute::GidNumber];
cands
.iter()
.filter_map(|c| self.attrs.get(*c).map(|vs| vs.to_proto_string_clone_iter()))
.filter_map(|c| {
self.attrs
.get((*c).as_ref())
.map(|vs| vs.to_proto_string_clone_iter())
})
.flatten()
.collect()
}
@ -1810,7 +1807,9 @@ impl Entry<EntrySealed, EntryCommitted> {
let attrs = r_attrs.ok()?;
let uuid = attrs.get("uuid").and_then(|vs| vs.to_uuid_single())?;
let uuid = attrs
.get(Attribute::Uuid.as_ref())
.and_then(|vs| vs.to_uuid_single())?;
/*
* ==== The Hack Zoen ====
@ -2864,7 +2863,7 @@ impl<VALID, STATE> Entry<VALID, STATE> {
// conversion - so what do? If we remove it here, we could have CSN issue with
// repl on uuid conflict, but it probably shouldn't be an ava either ...
// as a result, I think we need to keep this continue line to not cause issues.
if k == "uuid" {
if k == Attribute::Uuid.as_ref() {
continue;
}
// Get the schema attribute type out.
@ -2956,12 +2955,10 @@ where
// a list of syntax violations ...
// If this already exists, we silently drop the event. This is because
// we need this to be *state* based where we assert presence.
pub fn add_ava(&mut self, attr: &str, value: Value) {
self.valid.ecstate.change_ava(&self.valid.cid, attr);
// TODO: attr can be replaced with Attribute and this can go away
#[allow(clippy::panic)]
let attr =
Attribute::try_from(attr).unwrap_or_else(|_| panic!("Invalid attribute {}", attr));
pub fn add_ava(&mut self, attr: Attribute, value: Value) {
self.valid
.ecstate
.change_ava(&self.valid.cid, attr.as_ref());
self.add_ava_int(attr, value);
}
@ -3086,7 +3083,7 @@ where
for modify in modlist {
match modify {
Modify::Present(a, v) => {
self.add_ava(a.as_str(), v.clone());
self.add_ava(Attribute::try_from(a)?, v.clone());
}
Modify::Removed(a, v) => {
self.remove_ava(a.as_str(), v);
@ -3226,7 +3223,7 @@ mod tests {
fn test_entry_basic() {
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
}
#[test]
@ -3306,19 +3303,19 @@ mod tests {
let pv10 = PartialValue::new_uint32(10);
let pv15 = PartialValue::new_uint32(15);
e1.add_ava("testattr", Value::new_uint32(10));
e1.add_ava(Attribute::TestAttr, Value::new_uint32(10));
assert!(!e1.attribute_lessthan("testattr", &pv2));
assert!(!e1.attribute_lessthan("testattr", &pv8));
assert!(!e1.attribute_lessthan("testattr", &pv10));
assert!(e1.attribute_lessthan("testattr", &pv15));
assert!(!e1.attribute_lessthan(Attribute::TestAttr.into(), &pv2));
assert!(!e1.attribute_lessthan(Attribute::TestAttr.into(), &pv8));
assert!(!e1.attribute_lessthan(Attribute::TestAttr.into(), &pv10));
assert!(e1.attribute_lessthan(Attribute::TestAttr.into(), &pv15));
e1.add_ava("testattr", Value::new_uint32(8));
e1.add_ava(Attribute::TestAttr, Value::new_uint32(8));
assert!(!e1.attribute_lessthan("testattr", &pv2));
assert!(!e1.attribute_lessthan("testattr", &pv8));
assert!(e1.attribute_lessthan("testattr", &pv10));
assert!(e1.attribute_lessthan("testattr", &pv15));
assert!(!e1.attribute_lessthan(Attribute::TestAttr.into(), &pv2));
assert!(!e1.attribute_lessthan(Attribute::TestAttr.into(), &pv8));
assert!(e1.attribute_lessthan(Attribute::TestAttr.into(), &pv10));
assert!(e1.attribute_lessthan(Attribute::TestAttr.into(), &pv15));
}
#[test]
@ -3396,7 +3393,7 @@ mod tests {
#[test]
fn test_entry_idx_diff() {
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId.as_ref(), Value::from("william"));
e1.add_ava(Attribute::UserId, Value::from("william"));
let mut e1_mod = e1.clone();
e1_mod.add_ava(Attribute::Extra.into(), Value::from("test"));
@ -3404,7 +3401,7 @@ mod tests {
let e1_mod = e1_mod.into_sealed_committed();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::UserId.as_ref(), Value::from("claire"));
e2.add_ava(Attribute::UserId, Value::from("claire"));
let e2 = e2.into_sealed_committed();
let mut idxmeta = HashMap::with_capacity(8);
@ -3531,18 +3528,18 @@ mod tests {
#[test]
fn test_entry_mask_recycled_ts() {
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e1.add_ava(Attribute::Class, EntryClass::Person.to_value());
let e1 = e1.into_sealed_committed();
assert!(e1.mask_recycled_ts().is_some());
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e2.add_ava(Attribute::Class.as_ref(), EntryClass::Recycled.into());
e2.add_ava(Attribute::Class, EntryClass::Person.to_value());
e2.add_ava(Attribute::Class, EntryClass::Recycled.into());
let e2 = e2.into_sealed_committed();
assert!(e2.mask_recycled_ts().is_none());
let mut e3: Entry<EntryInit, EntryNew> = Entry::new();
e3.add_ava(Attribute::Class.as_ref(), EntryClass::Tombstone.into());
e3.add_ava(Attribute::Class, EntryClass::Tombstone.into());
let e3 = e3.into_sealed_committed();
assert!(e3.mask_recycled_ts().is_none());
}
@ -3556,7 +3553,7 @@ mod tests {
// none, some - test adding an entry gives back add sets
{
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e.add_ava(Attribute::Class, EntryClass::Person.to_value());
let e = e.into_sealed_committed();
assert!(Entry::idx_name2uuid_diff(None, Some(&e)) == (Some(Set::new()), None));
@ -3564,15 +3561,15 @@ mod tests {
{
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e.add_ava(Attribute::GidNumber.as_ref(), Value::new_uint32(1300));
e.add_ava(Attribute::Name.as_ref(), Value::new_iname("testperson"));
e.add_ava(Attribute::Class, EntryClass::Person.to_value());
e.add_ava(Attribute::GidNumber, Value::new_uint32(1300));
e.add_ava(Attribute::Name, Value::new_iname("testperson"));
e.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
e.add_ava(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("9fec0398-c46c-4df4-9df5-b0016f7d563f")),
);
let e = e.into_sealed_committed();
@ -3613,18 +3610,18 @@ mod tests {
{
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e1.add_ava(Attribute::Class, EntryClass::Person.to_value());
e1.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
let e1 = e1.into_sealed_committed();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e2.add_ava(Attribute::Name.as_ref(), Value::new_iname("testperson"));
e2.add_ava(Attribute::Class, EntryClass::Person.to_value());
e2.add_ava(Attribute::Name, Value::new_iname("testperson"));
e2.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
let e2 = e2.into_sealed_committed();
@ -3645,17 +3642,17 @@ mod tests {
// Value changed, remove old, add new.
{
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e1.add_ava(Attribute::Class, EntryClass::Person.to_value());
e1.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
let e1 = e1.into_sealed_committed();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(Attribute::Class.as_ref(), EntryClass::Person.to_value());
e2.add_ava(Attribute::Class, EntryClass::Person.to_value());
e2.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("renameperson", "example.com"),
);
let e2 = e2.into_sealed_committed();
@ -3676,14 +3673,14 @@ mod tests {
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
let e1 = e1.into_sealed_committed();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("renameperson", "example.com"),
);
let e2 = e2.into_sealed_committed();
@ -3705,11 +3702,17 @@ mod tests {
assert!(Entry::idx_uuid2rdn_diff(None, None).is_none());
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava("spn", Value::new_spn_str("testperson", "example.com"));
e1.add_ava(
Attribute::Spn,
Value::new_spn_str("testperson", "example.com"),
);
let e1 = e1.into_sealed_committed();
let mut e2: Entry<EntryInit, EntryNew> = Entry::new();
e2.add_ava("spn", Value::new_spn_str("renameperson", "example.com"));
e2.add_ava(
Attribute::Spn,
Value::new_spn_str("renameperson", "example.com"),
);
let e2 = e2.into_sealed_committed();
assert!(

131
server/lib/src/filter.rs
View file

@ -1568,34 +1568,43 @@ mod tests {
#[test]
fn test_lessthan_entry_filter() {
let e = entry_init!(
(Attribute::UserId.as_ref(), Value::new_iutf8("william")),
(Attribute::UserId, Value::new_iutf8("william")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
let f_t1a = filter_resolved!(f_lt("gidnumber", PartialValue::new_uint32(500)));
let f_t1a = filter_resolved!(f_lt(
Attribute::GidNumber.as_ref(),
PartialValue::new_uint32(500)
));
assert!(!e.entry_match_no_index(&f_t1a));
let f_t1b = filter_resolved!(f_lt("gidnumber", PartialValue::new_uint32(1000)));
let f_t1b = filter_resolved!(f_lt(
Attribute::GidNumber.as_ref(),
PartialValue::new_uint32(1000)
));
assert!(!e.entry_match_no_index(&f_t1b));
let f_t1c = filter_resolved!(f_lt("gidnumber", PartialValue::new_uint32(1001)));
let f_t1c = filter_resolved!(f_lt(
Attribute::GidNumber.as_ref(),
PartialValue::new_uint32(1001)
));
assert!(e.entry_match_no_index(&f_t1c));
}
#[test]
fn test_or_entry_filter() {
let e = entry_init!(
(Attribute::UserId.as_ref(), Value::new_iutf8("william")),
(Attribute::UserId, Value::new_iutf8("william")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
@ -1627,12 +1636,12 @@ mod tests {
#[test]
fn test_and_entry_filter() {
let e = entry_init!(
(Attribute::UserId.as_ref(), Value::new_iutf8("william")),
(Attribute::UserId, Value::new_iutf8("william")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
@ -1664,12 +1673,12 @@ mod tests {
#[test]
fn test_not_entry_filter() {
let e1 = entry_init!(
(Attribute::UserId.as_ref(), Value::new_iutf8("william")),
(Attribute::UserId, Value::new_iutf8("william")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
@ -1689,48 +1698,42 @@ mod tests {
#[test]
fn test_nested_entry_filter() {
let e1 = entry_init!(
(Attribute::Class, EntryClass::Person.to_value().clone()),
(
Attribute::Class.as_ref(),
EntryClass::Person.to_value().clone()
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
let e2 = entry_init!(
(Attribute::Class, EntryClass::Person.to_value().clone()),
(
Attribute::Class.as_ref(),
EntryClass::Person.to_value().clone()
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("4b6228ab-1dbe-42a4-a9f5-f6368222438e"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1001))
(Attribute::GidNumber, Value::Uint32(1001))
)
.into_sealed_new();
let e3 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("7b23c99d-c06b-4a9a-a958-3afa56383e1d"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1002))
(Attribute::GidNumber, Value::Uint32(1002))
)
.into_sealed_new();
let e4 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("21d816b5-1f6a-4696-b7c1-6ed06d22ed81"))
),
(Attribute::GidNumber.as_ref(), Value::Uint32(1000))
(Attribute::GidNumber, Value::Uint32(1000))
)
.into_sealed_new();
@ -1780,65 +1783,41 @@ mod tests {
let mut server_txn = server.write(time_p1).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value().clone()),
(Attribute::Name, Value::new_iname("testperson2")),
(
Attribute::Class.as_ref(),
EntryClass::Person.to_value().clone()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson2")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("a67c0c71-0b35-4218-a6b0-22d23d131d27"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson2")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson2")
)
(Attribute::Description, Value::new_utf8s("testperson2")),
(Attribute::DisplayName, Value::new_utf8s("testperson2"))
);
// We need to add these and then push through the state machine.
let e_ts = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value().clone()),
(Attribute::Name, Value::new_iname("testperson3")),
(
Attribute::Class.as_ref(),
EntryClass::Person.to_value().clone()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson3")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson3")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson3")
)
(Attribute::Description, Value::new_utf8s("testperson3")),
(Attribute::DisplayName, Value::new_utf8s("testperson3"))
);
let ce = CreateEvent::new_internal(vec![e1, e2, e_ts]);

41
server/lib/src/idm/account.rs
View file

@ -66,9 +66,11 @@ macro_rules! try_from_entry {
.cloned()
.unwrap_or_default();
let spn = $value.get_ava_single_proto_string("spn").ok_or(
OperationError::InvalidAccountState("Missing attribute: spn".to_string()),
)?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or(OperationError::InvalidAccountState(
"Missing attribute: spn".to_string(),
))?;
let mail_primary = $value.get_ava_mail_primary("mail").map(str::to_string);
@ -828,19 +830,13 @@ mod tests {
// Create a user. So far no ui hints.
// Create a service account
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testaccount")),
(Attribute::Uuid.as_ref(), Value::Uuid(target_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testaccount")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("Test Account")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testaccount")),
(Attribute::Uuid, Value::Uuid(target_uuid)),
(Attribute::Description, Value::new_utf8s("testaccount")),
(Attribute::DisplayName, Value::new_utf8s("Test Account"))
);
let ce = CreateEvent::new_internal(vec![e]);
@ -896,15 +892,12 @@ mod tests {
// Add a group with a ui hint, and then check they get the hint.
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("test_uihint_group")),
(Attribute::Member, Value::Refer(target_uuid)),
(
Attribute::Name.as_ref(),
Value::new_iname("test_uihint_group")
),
(Attribute::Member.as_ref(), Value::Refer(target_uuid)),
(
Attribute::GrantUiHint.as_ref(),
Attribute::GrantUiHint,
Value::UiHint(UiHint::ExperimentalFeatures)
)
);

51
server/lib/src/idm/applinks.rs
View file

@ -40,12 +40,12 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
.iter()
.filter_map(|entry| {
let display_name = entry
.get_ava_single_utf8("displayname")
.get_ava_single_utf8(Attribute::DisplayName.as_ref())
.map(str::to_string)?;
let redirect_url = entry
.get_ava_single_url("oauth2_rs_origin_landing")
.or_else(|| entry.get_ava_single_url("oauth2_rs_origin"))
.or_else(|| entry.get_ava_single_url(Attribute::OAuth2RsOrigin.as_ref()))
.cloned()?;
let name = entry
@ -83,34 +83,34 @@ mod tests {
let grp_uuid = Uuid::new_v4();
let e_rs: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin.as_ref(),
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
(
Attribute::OAuth2RsOriginLanding.as_ref(),
Attribute::OAuth2RsOriginLanding,
Value::new_url_s("https://demo.example.com/landing").unwrap()
),
// System admins
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
grp_uuid,
btreeset![kanidm_proto::constants::OAUTH2_SCOPE_READ.to_string()]
@ -120,29 +120,20 @@ mod tests {
);
let e_usr = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testaccount")),
(Attribute::Uuid.as_ref(), Value::Uuid(usr_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testaccount")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("Test Account")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testaccount")),
(Attribute::Uuid, Value::Uuid(usr_uuid)),
(Attribute::Description, Value::new_utf8s("testaccount")),
(Attribute::DisplayName, Value::new_utf8s("Test Account"))
);
let e_grp = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(grp_uuid)),
(
Attribute::Name.as_ref(),
Value::new_iname("test_oauth2_group")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Uuid, Value::Uuid(grp_uuid)),
(Attribute::Name, Value::new_iname("test_oauth2_group"))
);
let ce = CreateEvent::new_internal(vec![e_rs, e_grp, e_usr]);

103
server/lib/src/idm/credupdatesession.rs
View file

@ -1774,41 +1774,23 @@ mod tests {
let testaccount_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(
Attribute::Name.as_ref(),
Value::new_iname("user_account_only")
),
(Attribute::Uuid.as_ref(), Value::Uuid(testaccount_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testaccount")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testaccount")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Name, Value::new_iname("user_account_only")),
(Attribute::Uuid, Value::Uuid(testaccount_uuid)),
(Attribute::Description, Value::new_utf8s("testaccount")),
(Attribute::DisplayName, Value::new_utf8s("testaccount"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Uuid.as_ref(), Value::Uuid(TESTPERSON_UUID)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::Uuid, Value::Uuid(TESTPERSON_UUID)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
@ -1907,19 +1889,13 @@ mod tests {
let mut idms_prox_write = idms.proxy_write(ct).await;
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Uuid.as_ref(), Value::Uuid(TESTPERSON_UUID)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::Uuid, Value::Uuid(TESTPERSON_UUID)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let ce = CreateEvent::new_internal(vec![e2]);
@ -2771,35 +2747,26 @@ mod tests {
let sync_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Name, Value::new_iname("test_scim_sync")),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("test_scim_sync")),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("A test sync agreement")
)
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::SyncParentUuid.as_ref(), Value::Refer(sync_uuid)),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Uuid.as_ref(), Value::Uuid(TESTPERSON_UUID)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::SyncParentUuid, Value::Refer(sync_uuid)),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::Uuid, Value::Uuid(TESTPERSON_UUID)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let ce = CreateEvent::new_internal(vec![e1, e2]);

20
server/lib/src/idm/group.rs
View file

@ -20,7 +20,7 @@ macro_rules! try_from_account_e {
($value:expr, $qs:expr) => {{
/*
let name = $value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(str::to_string)
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())
@ -28,9 +28,11 @@ macro_rules! try_from_account_e {
*/
// Setup the user private group
let spn = $value.get_ava_single_proto_string("spn").ok_or(
OperationError::InvalidAccountState("Missing attribute: spn".to_string()),
)?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or(OperationError::InvalidAccountState(
"Missing attribute: spn".to_string(),
))?;
let uuid = $value.get_uuid();
@ -111,15 +113,17 @@ impl Group {
// Now extract our needed attributes
/*
let name = value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())
})?;
*/
let spn = value.get_ava_single_proto_string("spn").ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let spn = value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let uuid = value.get_uuid();

28
server/lib/src/idm/identityverification.rs
View file

@ -631,25 +631,25 @@ mod test {
// and wonders to this line of code I'm sorry to have wasted your time
name.truncate(14);
entry_init!(
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::Person.to_value()),
(ATTR_NAME, Value::new_iname(&name)),
(ATTR_UUID, Value::Uuid(uuid)),
(ATTR_DESCRIPTION, Value::new_utf8s("some valid user")),
(ATTR_DISPLAYNAME, Value::new_utf8s("Some valid user"))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname(&name)),
(Attribute::Uuid, Value::Uuid(uuid)),
(Attribute::Description, Value::new_utf8s("some valid user")),
(Attribute::DisplayName, Value::new_utf8s("Some valid user"))
)
}
fn create_invalid_user_account(uuid: Uuid) -> EntryInitNew {
entry_init!(
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::ServiceAccount.to_value()),
(ATTR_NAME, Value::new_iname("invalid_user")),
(ATTR_UUID, Value::Uuid(uuid)),
(ATTR_DESCRIPTION, Value::new_utf8s("invalid_user")),
(ATTR_DISPLAYNAME, Value::new_utf8s("Invalid user"))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Name, Value::new_iname("invalid_user")),
(Attribute::Uuid, Value::Uuid(uuid)),
(Attribute::Description, Value::new_utf8s("invalid_user")),
(Attribute::DisplayName, Value::new_utf8s("Invalid user"))
)
}
}

200
server/lib/src/idm/ldap.rs
View file

@ -182,7 +182,7 @@ impl LdapServer {
(LdapSearchScope::Children, None) | (LdapSearchScope::OneLevel, None) => {
// exclude domain_info
Some(LdapFilter::Not(Box::new(LdapFilter::Equality(
"uuid".to_string(),
Attribute::Uuid.to_string(),
STR_UUID_DOMAIN_INFO.to_string(),
))))
}
@ -193,7 +193,7 @@ impl LdapServer {
(LdapSearchScope::Base, None) => {
// domain_info
Some(LdapFilter::Equality(
"uuid".to_string(),
Attribute::Uuid.to_string(),
STR_UUID_DOMAIN_INFO.to_string(),
))
}
@ -781,14 +781,14 @@ mod tests {
macro_rules! assert_entry_contains {
(
$e:expr,
$entry:expr,
$dn:expr,
$($item:expr),*
) => {{
assert!($e.dn == $dn);
assert!($entry.dn == $dn);
// Build a set from the attrs.
let mut attrs = HashSet::new();
for a in $e.attributes.iter() {
for a in $entry.attributes.iter() {
for v in a.vals.iter() {
attrs.insert((a.atype.as_str(), v.as_slice()));
}
@ -797,7 +797,7 @@ mod tests {
$(
warn!("{}", $item.0);
assert!(attrs.contains(&(
$item.0, $item.1.as_bytes()
$item.0.as_ref(), $item.1.as_bytes()
)));
)*
@ -816,30 +816,21 @@ mod tests {
// Setup a user we want to check.
{
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(Attribute::GidNumber, Value::new_uint32(12345678)),
(Attribute::LoginShell, Value::new_iutf8("/bin/zsh")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(Attribute::GidNumber.as_ref(), Value::new_uint32(12345678)),
(Attribute::LoginShell.as_ref(), Value::new_iutf8("/bin/zsh")),
(
Attribute::SshPublicKey.as_ref(),
Attribute::SshPublicKey,
Value::new_sshkey_str("test", ssh_ed25519)
)
);
@ -874,22 +865,16 @@ mod tests {
assert_entry_contains!(
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::Class.as_ref(), EntryClass::Object.to_string()),
(Attribute::Class.as_ref(), EntryClass::Person.to_string()),
(Attribute::Class.as_ref(), EntryClass::Account.to_string()),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_string()
),
(Attribute::DisplayName.as_ref(), "testperson1"),
(Attribute::Name.as_ref(), "testperson1"),
(Attribute::GidNumber.as_ref(), "12345678"),
(Attribute::LoginShell.as_ref(), "/bin/zsh"),
(Attribute::SshPublicKey.as_ref(), ssh_ed25519),
(
Attribute::Uuid.as_ref(),
"cc8e95b4-c24f-4d68-ba54-8bed76f63930"
)
(Attribute::Class, EntryClass::Object.to_string()),
(Attribute::Class, EntryClass::Person.to_string()),
(Attribute::Class, EntryClass::Account.to_string()),
(Attribute::Class, EntryClass::PosixAccount.to_string()),
(Attribute::DisplayName, "testperson1"),
(Attribute::Name, "testperson1"),
(Attribute::GidNumber, "12345678"),
(Attribute::LoginShell, "/bin/zsh"),
(Attribute::SshPublicKey, ssh_ed25519),
(Attribute::Uuid, "cc8e95b4-c24f-4d68-ba54-8bed76f63930")
);
}
_ => assert!(false),
@ -912,20 +897,23 @@ mod tests {
assert_entry_contains!(
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::ObjectClass.as_ref(), "object"),
(Attribute::ObjectClass.as_ref(), "person"),
(Attribute::ObjectClass.as_ref(), "account"),
(Attribute::ObjectClass.as_ref(), "posixaccount"),
(Attribute::DisplayName.as_ref(), "testperson1"),
(Attribute::Name.as_ref(), "testperson1"),
(Attribute::GidNumber.as_ref(), "12345678"),
(Attribute::LoginShell.as_ref(), "/bin/zsh"),
(Attribute::SshPublicKey.as_ref(), ssh_ed25519),
("entryuuid", "cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
("entrydn", "spn=testperson1@example.com,dc=example,dc=com"),
("uidnumber", "12345678"),
("cn", "testperson1"),
("keys", ssh_ed25519)
(Attribute::ObjectClass, "object"),
(Attribute::ObjectClass, "person"),
(Attribute::ObjectClass, "account"),
(Attribute::ObjectClass, "posixaccount"),
(Attribute::DisplayName, "testperson1"),
(Attribute::Name, "testperson1"),
(Attribute::GidNumber, "12345678"),
(Attribute::LoginShell, "/bin/zsh"),
(Attribute::SshPublicKey, ssh_ed25519),
(Attribute::EntryUuid, "cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
(
Attribute::EntryDn,
"spn=testperson1@example.com,dc=example,dc=com"
),
(Attribute::UidNumber, "12345678"),
(Attribute::Cn, "testperson1"),
(Attribute::LdapKeys, ssh_ed25519)
);
}
_ => assert!(false),
@ -953,10 +941,13 @@ mod tests {
assert_entry_contains!(
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::Name.as_ref(), "testperson1"),
("entrydn", "spn=testperson1@example.com,dc=example,dc=com"),
("uidnumber", "12345678"),
("keys", ssh_ed25519)
(Attribute::Name, "testperson1"),
(
Attribute::EntryDn,
"spn=testperson1@example.com,dc=example,dc=com"
),
(Attribute::UidNumber, "12345678"),
(Attribute::LdapKeys, ssh_ed25519)
);
}
_ => assert!(false),
@ -995,51 +986,36 @@ mod tests {
// Create a service account,
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Uuid, Value::Uuid(sa_uuid)),
(Attribute::Name, Value::new_iname("service_permission_test")),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(sa_uuid)),
(
Attribute::Name.as_ref(),
Value::new_iname("service_permission_test")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("service_permission_test")
)
);
// Setup a person with an email
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(
"mail",
Attribute::Mail,
Value::EmailAddress("testperson1@example.com".to_string(), true)
),
(
"mail",
Attribute::Mail,
Value::EmailAddress("testperson1.alternative@example.com".to_string(), false)
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(Attribute::GidNumber.as_ref(), Value::new_uint32(12345678)),
(Attribute::LoginShell.as_ref(), Value::new_iutf8("/bin/zsh"))
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(Attribute::GidNumber, Value::new_uint32(12345678)),
(Attribute::LoginShell, Value::new_iutf8("/bin/zsh"))
);
// Setup an access control for the service account to view mail attrs.
@ -1091,7 +1067,7 @@ mod tests {
assert_entry_contains!(
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::Name.as_ref(), "testperson1")
(Attribute::Name, "testperson1")
);
}
_ => assert!(false),
@ -1128,8 +1104,11 @@ mod tests {
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::Name.as_ref(), "testperson1"),
("mail", "testperson1@example.com"),
("mail", "testperson1.alternative@example.com"),
(Attribute::Mail.as_ref(), "testperson1@example.com"),
(
Attribute::Mail.as_ref(),
"testperson1.alternative@example.com"
),
("mail;primary", "testperson1@example.com"),
("mail;alternative", "testperson1.alternative@example.com"),
("emailprimary", "testperson1@example.com"),
@ -1152,18 +1131,12 @@ mod tests {
// Setup a user we want to check.
{
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(acct_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(acct_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
@ -1201,12 +1174,9 @@ mod tests {
assert_entry_contains!(
lsre,
"spn=testperson1@example.com,dc=example,dc=com",
(Attribute::Name.as_ref(), "testperson1"),
(Attribute::DisplayName.as_ref(), "testperson1"),
(
Attribute::Uuid.as_ref(),
"cc8e95b4-c24f-4d68-ba54-8bed76f63930"
),
(Attribute::Name, "testperson1"),
(Attribute::DisplayName, "testperson1"),
(Attribute::Uuid, "cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
("entryuuid", "cc8e95b4-c24f-4d68-ba54-8bed76f63930")
);
}
@ -1239,7 +1209,7 @@ mod tests {
assert_entry_contains!(
lsre,
"",
(Attribute::ObjectClass.as_ref(), "top"),
(Attribute::ObjectClass, "top"),
("vendorname", "Kanidm Project"),
("supportedldapversion", "3"),
("defaultnamingcontext", "dc=example,dc=com")
@ -1289,7 +1259,7 @@ mod tests {
assert_entry_contains!(
lsre,
"",
(Attribute::ObjectClass.as_ref(), "top"),
(Attribute::ObjectClass, "top"),
("vendorname", "Kanidm Project"),
("supportedldapversion", "3"),
("defaultnamingcontext", "o=kanidmproject")

48
server/lib/src/idm/oauth2.rs
View file

@ -413,7 +413,7 @@ impl<'a> Oauth2ResourceServersWriteTransaction<'a> {
};
let prefer_short_username = ent
.get_ava_single_bool("oauth2_prefer_short_username")
.get_ava_single_bool(Attribute::OAuth2PreferShortUsername.as_ref())
.unwrap_or(false);
let mut authorization_endpoint = self.inner.origin.clone();
@ -2037,31 +2037,31 @@ mod tests {
let uuid = Uuid::new_v4();
let e: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid)),
(Attribute::Uuid, Value::Uuid(uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin.as_ref(),
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_SYSTEM_ADMINS,
btreeset![OAUTH2_SCOPE_GROUPS.to_string()]
@ -2069,7 +2069,7 @@ mod tests {
.expect("invalid oauthscope")
),
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -2077,7 +2077,7 @@ mod tests {
.expect("invalid oauthscope")
),
(
Attribute::OAuth2RsSupScopeMap.as_ref(),
Attribute::OAuth2RsSupScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset!["supplement".to_string()]
@ -2085,15 +2085,15 @@ mod tests {
.expect("invalid oauthscope")
),
(
Attribute::OAuth2AllowInsecureClientDisablePkce.as_ref(),
Attribute::OAuth2AllowInsecureClientDisablePkce,
Value::new_bool(!enable_pkce)
),
(
Attribute::OAuth2JwtLegacyCryptoEnable.as_ref(),
Attribute::OAuth2JwtLegacyCryptoEnable,
Value::new_bool(enable_legacy_crypto)
),
(
"oauth2_prefer_short_username",
Attribute::OAuth2PreferShortUsername,
Value::new_bool(prefer_short_username)
)
);
@ -2180,36 +2180,36 @@ mod tests {
let uuid = Uuid::new_v4();
let e: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerPublic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid)),
(Attribute::Uuid, Value::Uuid(uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin.as_ref(),
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(UUID_SYSTEM_ADMINS, btreeset!["groups".to_string()])
.expect("invalid oauthscope")
),
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -2217,7 +2217,7 @@ mod tests {
.expect("invalid oauthscope")
),
(
Attribute::OAuth2RsSupScopeMap.as_ref(),
Attribute::OAuth2RsSupScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset!["supplement".to_string()]

2
server/lib/src/idm/radius.rs
View file

@ -38,7 +38,7 @@ impl RadiusAccount {
.to_string();
let name = value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())

20
server/lib/src/idm/reauth.rs
View file

@ -188,19 +188,13 @@ mod tests {
let mut idms_prox_write = idms.proxy_write(ct).await;
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Uuid.as_ref(), Value::Uuid(TESTPERSON_UUID)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::Uuid, Value::Uuid(TESTPERSON_UUID)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let cr = idms_prox_write.qs_write.internal_create(vec![e2]);

93
server/lib/src/idm/scim.rs
View file

@ -35,7 +35,7 @@ macro_rules! try_from_entry {
}
let name = $value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or(OperationError::InvalidAccountState(
"Missing attribute: name".to_string(),
@ -663,10 +663,10 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
.copied()
.map(|u| {
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
(Attribute::SyncParentUuid.as_ref(), Value::Refer(sync_uuid)),
(Attribute::Uuid.as_ref(), Value::Uuid(u))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::SyncParentUuid, Value::Refer(sync_uuid)),
(Attribute::Uuid, Value::Uuid(u))
)
})
.collect();
@ -1513,15 +1513,12 @@ mod tests {
let sync_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Name, Value::new_iname("test_scim_sync")),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("test_scim_sync")),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("A test sync agreement")
)
);
@ -1586,15 +1583,12 @@ mod tests {
let sync_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Name, Value::new_iname("test_scim_sync")),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("test_scim_sync")),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("A test sync agreement")
)
);
@ -1713,15 +1707,12 @@ mod tests {
let sync_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Name, Value::new_iname("test_scim_sync")),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("test_scim_sync")),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::new_utf8s("A test sync agreement")
)
);
@ -1792,7 +1783,7 @@ mod tests {
external_id: Some("dn=william,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("william".to_string()))
),),
}],
@ -1835,8 +1826,8 @@ mod tests {
assert!(idms_prox_write
.qs_write
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(user_sync_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(user_sync_uuid))
)])
.is_ok());
@ -1860,7 +1851,7 @@ mod tests {
external_id: Some("dn=william,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("william".to_string()))
),),
}],
@ -1926,7 +1917,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
}]
@ -1942,7 +1933,7 @@ mod tests {
.internal_search_uuid(user_sync_uuid)
.expect("Unable to access entry");
assert!(ent.get_ava_single_iname("name") == Some("testgroup"));
assert!(ent.get_ava_single_iname(Attribute::Name.as_ref()) == Some("testgroup"));
assert!(
ent.get_ava_single_iutf8("sync_external_id") == Some("cn=testgroup,ou=people,dc=test")
);
@ -1967,11 +1958,11 @@ mod tests {
meta: None,
attrs: btreemap!(
(
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),
(
"uuid".to_string(),
Attribute::Uuid.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String(
"2c019619-f894-4a94-b356-05d371850e3d".to_string()
))
@ -2000,7 +1991,7 @@ mod tests {
meta: None,
attrs: btreemap!(
(
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),
(
@ -2033,7 +2024,7 @@ mod tests {
meta: None,
attrs: btreemap!(
(
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),
(
@ -2064,7 +2055,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
}]
@ -2102,7 +2093,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
}],
@ -2189,8 +2180,8 @@ mod tests {
assert!(idms_prox_write
.qs_write
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(user_sync_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(user_sync_uuid))
)])
.is_ok());
@ -2226,8 +2217,8 @@ mod tests {
assert!(idms_prox_write
.qs_write
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(user_sync_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(user_sync_uuid))
)])
.is_ok());
@ -2286,7 +2277,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
},
@ -2296,7 +2287,7 @@ mod tests {
external_id: Some("cn=anothergroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("anothergroup".to_string()))
),),
},
@ -2370,7 +2361,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
},
@ -2380,7 +2371,7 @@ mod tests {
external_id: Some("cn=anothergroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("anothergroup".to_string()))
),),
},
@ -2467,7 +2458,7 @@ mod tests {
external_id: Some("cn=testgroup,ou=people,dc=test".to_string()),
meta: None,
attrs: btreemap!((
"name".to_string(),
Attribute::Name.to_string(),
ScimAttr::SingleSimple(ScimSimpleAttr::String("testgroup".to_string()))
),),
}],
@ -2500,7 +2491,7 @@ mod tests {
.internal_search_uuid(sync_uuid_a)
.expect("Unable to access entry");
assert!(ent.get_ava_single_iname("name") == Some("testgroup"));
assert!(ent.get_ava_single_iname(Attribute::Name.as_ref()) == Some("testgroup"));
assert!(idms_prox_write.commit().is_ok());
}

60
server/lib/src/idm/server.rs
View file

@ -654,8 +654,12 @@ pub trait IdmServerTransaction<'a> {
let within_valid_window = Account::check_within_valid_time(
ct,
entry.get_ava_single_datetime("account_valid_from").as_ref(),
entry.get_ava_single_datetime("account_expire").as_ref(),
entry
.get_ava_single_datetime(Attribute::AccountValidFrom.as_ref())
.as_ref(),
entry
.get_ava_single_datetime(Attribute::AccountExpire.as_ref())
.as_ref(),
);
if !within_valid_window {
@ -668,11 +672,11 @@ pub trait IdmServerTransaction<'a> {
// We enforce both sessions are present in case of inconsistency
// that may occur with replication.
let oauth2_session_valid = entry
.get_ava_as_oauth2session_map("oauth2_session")
.get_ava_as_oauth2session_map(Attribute::OAuth2Session.as_ref())
.map(|map| map.get(&session_id).is_some())
.unwrap_or(false);
let uat_session_valid = entry
.get_ava_as_session_map("user_auth_token_session")
.get_ava_as_session_map(Attribute::UserAuthTokenSession.as_ref())
.map(|map| map.get(&parent_session_id).is_some())
.unwrap_or(false);
@ -1301,9 +1305,11 @@ impl<'a> IdmServerAuthTransaction<'a> {
}))
}
Token::ApiToken(apit, entry) => {
let spn = entry.get_ava_single_proto_string("spn").ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let spn = entry
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
Ok(Some(LdapBoundToken {
session_id: apit.token_id,
@ -2671,20 +2677,17 @@ mod tests {
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
// Add a posix group that has the admin as a member.
let e: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::PosixGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::PosixGroup.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("01609135-a1c4-43d5-966b-a28227644445"))
),
(Attribute::Description, Value::new_utf8s("testgroup")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testgroup")
),
(
"member",
Attribute::Member,
Value::Refer(uuid::uuid!("00000000-0000-0000-0000-000000000000"))
)
);
@ -3984,22 +3987,13 @@ mod tests {
// Create a service account
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testaccount")),
(Attribute::Uuid.as_ref(), Value::Uuid(target_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testaccount")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("Test Account")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Name, Value::new_iname("testaccount")),
(Attribute::Uuid, Value::Uuid(target_uuid)),
(Attribute::Description, Value::new_utf8s("testaccount")),
(Attribute::DisplayName, Value::new_utf8s("Test Account"))
);
let ce = CreateEvent::new_internal(vec![e]);

34
server/lib/src/idm/serviceaccount.rs
View file

@ -41,9 +41,11 @@ macro_rules! try_from_entry {
));
}
let spn = $value.get_ava_single_proto_string("spn").ok_or(
OperationError::InvalidAccountState("Missing attribute: spn".to_string()),
)?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or(OperationError::InvalidAccountState(
"Missing attribute: spn".to_string(),
))?;
let jws_key = $value
.get_ava_single_jws_key_es256("jws_es256_private_key")
@ -445,25 +447,13 @@ mod tests {
let testaccount_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(
Attribute::Name.as_ref(),
Value::new_iname("test_account_only")
),
(Attribute::Uuid.as_ref(), Value::Uuid(testaccount_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testaccount")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testaccount")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Name, Value::new_iname("test_account_only")),
(Attribute::Uuid, Value::Uuid(testaccount_uuid)),
(Attribute::Description, Value::new_utf8s("testaccount")),
(Attribute::DisplayName, Value::new_utf8s("testaccount"))
);
let ce = CreateEvent::new_internal(vec![e1]);

30
server/lib/src/idm/unix.rs
View file

@ -53,15 +53,17 @@ macro_rules! try_from_entry {
}
let name = $value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())
})?;
let spn = $value.get_ava_single_proto_string("spn").ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let uuid = $value.get_uuid();
@ -331,15 +333,17 @@ macro_rules! try_from_group_e {
}
let name = $value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())
})?;
let spn = $value.get_ava_single_proto_string("spn").ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let uuid = $value.get_uuid();
@ -380,15 +384,17 @@ macro_rules! try_from_account_group_e {
}
let name = $value
.get_ava_single_iname("name")
.get_ava_single_iname(Attribute::Name.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: name".to_string())
})?;
let spn = $value.get_ava_single_proto_string("spn").ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let spn = $value
.get_ava_single_proto_string(Attribute::Spn.as_ref())
.ok_or_else(|| {
OperationError::InvalidAccountState("Missing attribute: spn".to_string())
})?;
let uuid = $value.get_uuid();

157
server/lib/src/plugins/base.rs
View file

@ -42,7 +42,7 @@ impl Plugin for Base {
// For each candidate
for entry in cand.iter_mut() {
// First, ensure we have the 'object', class in the class set.
entry.add_ava(Attribute::Class.as_ref(), EntryClass::Object.to_value());
entry.add_ava(Attribute::Class, EntryClass::Object.to_value());
// if they don't have uuid, create it.
match entry.get_ava_set("uuid").map(|s| s.len()) {
@ -76,7 +76,7 @@ impl Plugin for Base {
for entry in cand.iter() {
let uuid_ref: Uuid = entry
.get_ava_single_uuid("uuid")
.ok_or_else(|| OperationError::InvalidAttribute("uuid".to_string()))?;
.ok_or_else(|| OperationError::InvalidAttribute(Attribute::Uuid.to_string()))?;
if !cand_uuid.insert(uuid_ref) {
trace!("uuid duplicate found in create set! {:?}", uuid_ref);
return Err(OperationError::Plugin(PluginError::Base(
@ -250,129 +250,66 @@ mod tests {
lazy_static! {
pub static ref TEST_ACCOUNT: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(Attribute::Class.as_ref(), EntryClass::MemberOf.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_account_1")),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("test_account_1")
),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT)),
(Attribute::MemberOf.as_ref(), Value::Refer(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Class, EntryClass::MemberOf.to_value()),
(Attribute::Name, Value::new_iname("test_account_1")),
(Attribute::DisplayName, Value::new_utf8s("test_account_1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT)),
(Attribute::MemberOf, Value::Refer(UUID_TEST_GROUP))
);
pub static ref TEST_GROUP: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_group_a")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP)),
(Attribute::Member.as_ref(), Value::Refer(UUID_TEST_ACCOUNT))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("test_group_a")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP)),
(Attribute::Member, Value::Refer(UUID_TEST_ACCOUNT))
);
pub static ref ALLOW_ALL: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlModify.to_value()),
(Attribute::Class, EntryClass::AccessControlCreate.to_value()),
(Attribute::Class, EntryClass::AccessControlDelete.to_value()),
(Attribute::Class, EntryClass::AccessControlSearch.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlModify.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlCreate.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlDelete.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlSearch.to_value()
),
(
Attribute::Name.as_ref(),
Attribute::Name,
Value::new_iname("idm_admins_acp_allow_all_test")
),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACP)),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACP)),
(Attribute::AcpReceiverGroup, Value::Refer(UUID_TEST_GROUP)),
(
Attribute::AcpReceiverGroup.as_ref(),
Value::Refer(UUID_TEST_GROUP)
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"pres\":\"class\"}").expect("filter")
),
(Attribute::AcpSearchAttr.as_ref(), Value::new_iutf8("name")),
(Attribute::AcpSearchAttr, Attribute::Name.to_value()),
(Attribute::AcpSearchAttr, Attribute::Class.to_value()),
(Attribute::AcpSearchAttr, Attribute::Uuid.to_value()),
(Attribute::AcpModifyClass, EntryClass::System.to_value()),
(Attribute::AcpModifyRemovedAttr, Attribute::Class.to_value()),
(
Attribute::AcpSearchAttr.as_ref(),
Attribute::Class.to_value()
Attribute::AcpModifyRemovedAttr,
Attribute::DisplayName.to_value()
),
(Attribute::AcpSearchAttr.as_ref(), Value::new_iutf8("uuid")),
(Attribute::AcpModifyRemovedAttr, Attribute::May.to_value()),
(Attribute::AcpModifyRemovedAttr, Attribute::Must.to_value()),
(Attribute::AcpModifyPresentAttr, Attribute::Class.to_value()),
(
Attribute::AcpModifyClass.as_ref(),
Value::new_iutf8("system")
Attribute::AcpModifyPresentAttr,
Attribute::DisplayName.to_value()
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Attribute::Class.to_value()
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("displayname")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("may")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("must")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Attribute::Class.to_value()
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("displayname")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("may")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("must")
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::Object.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::Person.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::System.to_value()
),
(Attribute::AcpCreateAttr.as_ref(), Value::new_iutf8("name")),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::Class.to_value()
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::Description.to_value()
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("displayname")
),
(Attribute::AcpCreateAttr.as_ref(), Value::new_iutf8("uuid"))
(Attribute::AcpModifyPresentAttr, Attribute::May.to_value()),
(Attribute::AcpModifyPresentAttr, Attribute::Must.to_value()),
(Attribute::AcpCreateClass, EntryClass::Object.to_value()),
(Attribute::AcpCreateClass, EntryClass::Person.to_value()),
(Attribute::AcpCreateClass, EntryClass::System.to_value()),
(Attribute::AcpCreateAttr, Attribute::Name.to_value()),
(Attribute::AcpCreateAttr, Attribute::Class.to_value()),
(Attribute::AcpCreateAttr, Attribute::Description.to_value()),
(Attribute::AcpCreateAttr, Attribute::DisplayName.to_value()),
(Attribute::AcpCreateAttr, Attribute::Uuid.to_value())
);
pub static ref PRELOAD: Vec<EntryInitNew> =
vec![TEST_ACCOUNT.clone(), TEST_GROUP.clone(), ALLOW_ALL.clone()];
@ -436,7 +373,9 @@ mod tests {
let create = vec![e];
run_create_test!(
Err(OperationError::InvalidAttribute("uuid".to_string())),
Err(OperationError::InvalidAttribute(
Attribute::Uuid.to_string()
)),
preload,
create,
None,

57
server/lib/src/plugins/cred_import.rs
View file

@ -86,11 +86,11 @@ impl CredImport {
})?;
// does the entry have a primary cred?
match e.get_ava_single_credential("primary_credential") {
match e.get_ava_single_credential(Attribute::PrimaryCredential.into()) {
Some(c) => {
let c = c.update_password(pw);
e.set_ava(
"primary_credential",
Attribute::PrimaryCredential.into(),
once(Value::new_credential("primary", c)),
);
}
@ -98,7 +98,7 @@ impl CredImport {
// just set it then!
let c = Credential::new_from_password(pw);
e.set_ava(
"primary_credential",
Attribute::PrimaryCredential.into(),
once(Value::new_credential("primary", c)),
);
}
@ -107,27 +107,26 @@ impl CredImport {
// TOTP IMPORT - Must be subsequent to password import to allow primary cred to
// be created.
if let Some(vs) = e.pop_ava("totp_import") {
if let Some(vs) = e.pop_ava(Attribute::TotpImport.as_ref()) {
// Get the map.
let totps = vs.as_totp_map().ok_or_else(|| {
OperationError::Plugin(PluginError::CredImport(
"totp_import has incorrect value type - should be a map of totp"
.to_string(),
format!("{} has incorrect value type - should be a map of totp", Attribute::TotpImport)
))
})?;
if let Some(c) = e.get_ava_single_credential("primary_credential") {
if let Some(c) = e.get_ava_single_credential(Attribute::PrimaryCredential.as_ref()) {
let c = totps.iter().fold(c.clone(), |acc, (label, totp)| {
acc.append_totp(label.clone(), totp.clone())
});
e.set_ava(
"primary_credential",
Attribute::PrimaryCredential.as_ref(),
once(Value::new_credential("primary", c)),
);
} else {
return Err(OperationError::Plugin(PluginError::CredImport(
"totp_import can not be used if primary_credential (password) is missing"
.to_string(),
format!("{} can not be used if {} (password) is missing"
,Attribute::TotpImport, Attribute::PrimaryCredential),
)));
}
}
@ -219,7 +218,10 @@ mod tests {
let p = CryptoPolicy::minimum();
let c = Credential::new_password_only(&p, "password").unwrap();
ea.add_ava("primary_credential", Value::new_credential("primary", c));
ea.add_ava(
Attribute::PrimaryCredential,
Value::new_credential("primary", c),
);
let preload = vec![ea];
@ -257,7 +259,10 @@ mod tests {
let c = Credential::new_password_only(&p, "password")
.unwrap()
.append_totp("totp".to_string(), totp);
ea.add_ava("primary_credential", Value::new_credential("primary", c));
ea.add_ava(
Attribute::PrimaryCredential,
Value::new_credential("primary", c),
);
let preload = vec![ea];
@ -276,7 +281,7 @@ mod tests {
.internal_search_uuid(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47ee"))
.expect("failed to get entry");
let c = e
.get_ava_single_credential("primary_credential")
.get_ava_single_credential(Attribute::PrimaryCredential.as_ref())
.expect("failed to get primary cred.");
match &c.type_ {
CredentialType::PasswordMfa(_pw, totp, webauthn, backup_code) => {
@ -295,18 +300,18 @@ mod tests {
let euuid = Uuid::new_v4();
let ea = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::Utf8("testperson".to_string())
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::Utf8("testperson".to_string())
),
(Attribute::Uuid.as_ref(), Value::Uuid(euuid))
(Attribute::Uuid, Value::Uuid(euuid))
);
let preload = vec![ea];
@ -337,7 +342,7 @@ mod tests {
|qs: &mut QueryServerWriteTransaction| {
let e = qs.internal_search_uuid(euuid).expect("failed to get entry");
let c = e
.get_ava_single_credential("primary_credential")
.get_ava_single_credential(Attribute::PrimaryCredential.as_ref())
.expect("failed to get primary cred.");
match &c.type_ {
CredentialType::PasswordMfa(_pw, totp, webauthn, backup_code) => {
@ -359,18 +364,18 @@ mod tests {
let euuid = Uuid::new_v4();
let ea = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Description.as_ref(),
Attribute::Description,
Value::Utf8("testperson".to_string())
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::Utf8("testperson".to_string())
),
(Attribute::Uuid.as_ref(), Value::Uuid(euuid))
(Attribute::Uuid, Value::Uuid(euuid))
);
let preload = vec![ea];

20
server/lib/src/plugins/domain.rs
View file

@ -94,28 +94,28 @@ impl Domain {
}
// Setup the minimum functional level if one is not set already.
if !e.attribute_pres("version") {
if !e.attribute_pres(Attribute::Version.as_ref()) {
let n = Value::Uint32(DOMAIN_MIN_LEVEL);
e.set_ava("version", once(n));
e.set_ava(Attribute::Version.as_ref(), once(n));
trace!("plugin_domain: Applying domain version transform");
}
// create the domain_display_name if it's missing
if !e.attribute_pres("domain_display_name") {
if !e.attribute_pres(Attribute::DomainDisplayName.as_ref()) {
let domain_display_name = Value::new_utf8(format!("Kanidm {}", qs.get_domain_name()));
security_info!("plugin_domain: setting default domain_display_name to {:?}", domain_display_name);
e.set_ava("domain_display_name", once(domain_display_name));
e.set_ava(Attribute::DomainDisplayName.into(), once(domain_display_name));
}
if !e.attribute_pres("fernet_private_key_str") {
if !e.attribute_pres(Attribute::FernetPrivateKeyStr.as_ref()) {
security_info!("regenerating domain token encryption key");
let k = fernet::Fernet::generate_key();
let v = Value::new_secret_str(&k);
e.add_ava("fernet_private_key_str", v);
e.add_ava(Attribute::FernetPrivateKeyStr, v);
}
if !e.attribute_pres("es256_private_key_der") {
if !e.attribute_pres(Attribute::Es256PrivateKeyDer.as_ref()) {
security_info!("regenerating domain es256 private key");
let der = JwsSigner::generate_es256()
.and_then(|jws| jws.private_key_to_der())
@ -124,16 +124,16 @@ impl Domain {
OperationError::CryptographyError
})?;
let v = Value::new_privatebinary(&der);
e.add_ava("es256_private_key_der", v);
e.add_ava(Attribute::Es256PrivateKeyDer, v);
}
if !e.attribute_pres(ATTR_PRIVATE_COOKIE_KEY) {
if !e.attribute_pres(Attribute::PrivateCookieKey.as_ref()) {
security_info!("regenerating domain cookie key");
let mut key = [0; 64];
let mut rng = StdRng::from_entropy();
rng.fill(&mut key);
let v = Value::new_privatebinary(&key);
e.add_ava(ATTR_PRIVATE_COOKIE_KEY, v);
e.add_ava(Attribute::PrivateCookieKey, v);
}
trace!(?e);

260
server/lib/src/plugins/dyngroup.rs
View file

@ -196,7 +196,7 @@ impl DynGroup {
matches
.iter()
.copied()
.for_each(|u| d_group.add_ava("dynmember", Value::Refer(u)));
.for_each(|u| d_group.add_ava(Attribute::DynMember, Value::Refer(u)));
affected_uuids.extend(matches.into_iter());
affected_uuids.push(*dg_uuid);
@ -322,8 +322,9 @@ impl DynGroup {
if let Some((pre, mut d_group)) = work_set.pop() {
matches.iter().copied().for_each(|choice| match choice {
Ok(u) => d_group.add_ava("dynmember", Value::Refer(u)),
Err(u) => d_group.remove_ava("dynmember", &PartialValue::Refer(u)),
Ok(u) => d_group.add_ava(Attribute::DynMember, Value::Refer(u)),
Err(u) => d_group
.remove_ava(Attribute::DynMember.as_ref(), &PartialValue::Refer(u)),
});
affected_uuids.extend(matches.into_iter().map(|choice| match choice {
@ -367,20 +368,23 @@ mod tests {
#[test]
fn test_create_dyngroup_add_new_group() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_group];
@ -413,20 +417,23 @@ mod tests {
#[test]
fn test_create_dyngroup_add_matching_entry() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn];
@ -459,23 +466,23 @@ mod tests {
#[test]
fn test_create_dyngroup_add_non_matching_entry() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
"name".to_string(),
Attribute::Name.to_string(),
"no_possible_match_to_be_found".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn];
@ -504,20 +511,23 @@ mod tests {
#[test]
fn test_create_dyngroup_add_matching_entry_and_group() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![];
@ -551,23 +561,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_existing_dyngroup_filter_into_scope() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
"name".to_string(),
Attribute::Name.to_string(),
"no_such_entry_exists".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -583,7 +593,10 @@ mod tests {
Modify::Purged("dyngroup_filter".into()),
Modify::Present(
Attribute::DynGroupFilter.into(),
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
]),
None,
@ -609,20 +622,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_existing_dyngroup_filter_outof_scope() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -639,7 +655,7 @@ mod tests {
Modify::Present(
Attribute::DynGroupFilter.into(),
Value::JsonFilt(ProtoFilter::Eq(
"name".to_string(),
Attribute::Name.to_string(),
"no_such_entry_exists".to_string()
))
)
@ -663,20 +679,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_existing_dyngroup_member_add() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -716,20 +735,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_existing_dyngroup_member_remove() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -765,20 +787,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_into_matching_entry() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("not_testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("not_testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -817,20 +842,23 @@ mod tests {
#[test]
fn test_modify_dyngroup_into_non_matching_entry() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -862,20 +890,23 @@ mod tests {
#[test]
fn test_delete_dyngroup_matching_entry() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -902,20 +933,23 @@ mod tests {
#[test]
fn test_delete_dyngroup_group() {
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];

86
server/lib/src/plugins/eckeygen.rs
View file

@ -23,8 +23,10 @@ impl EcdhKeyGen {
cands: &mut [Entry<EntryInvalid, STATE>],
) -> Result<(), OperationError> {
for cand in cands.iter_mut() {
if cand.attribute_equality("class", &EntryClass::Person.to_partialvalue())
&& !cand.attribute_pres("id_verification_eckey")
if cand.attribute_equality(
Attribute::Class.as_ref(),
&EntryClass::Person.to_partialvalue(),
) && !cand.attribute_pres(Attribute::IdVerificationEcKey.into())
{
debug!("Generating idv_eckey for {}", cand.get_display_id());
@ -33,7 +35,7 @@ impl EcdhKeyGen {
OperationError::CryptographyError
})?;
cand.add_ava_if_not_exist(
ATTR_ID_VERIFICATION_ECKEY,
Attribute::IdVerificationEcKey.into(),
crate::value::Value::EcKeyPrivate(new_private_key),
)
}
@ -79,7 +81,6 @@ impl Plugin for EcdhKeyGen {
#[cfg(test)]
mod tests {
use kanidm_proto::constants::*;
use openssl::ec::EcKey;
use uuid::Uuid;
@ -92,13 +93,13 @@ mod tests {
fn test_new_user_generate_key() {
let uuid = Uuid::new_v4();
let ea = entry_init!(
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::Person.to_value()),
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_NAME, Value::new_iname("test_name")),
(ATTR_UUID, Value::Uuid(uuid)),
(ATTR_DESCRIPTION, Value::new_utf8s("testperson")),
(ATTR_DISPLAYNAME, Value::new_utf8s("Test Person"))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_name")),
(Attribute::Uuid, Value::Uuid(uuid)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("Test Person"))
);
let preload: Vec<Entry<EntryInit, EntryNew>> = Vec::new();
@ -112,7 +113,7 @@ mod tests {
let e = qs.internal_search_uuid(uuid).expect("failed to get entry");
let key = e
.get_ava_single_eckey_private(ATTR_ID_VERIFICATION_ECKEY)
.get_ava_single_eckey_private(Attribute::IdVerificationEcKey.into())
.expect("unable to retrieve the ecdh key");
assert!(key.check_key().is_ok())
@ -126,12 +127,12 @@ mod tests {
#[test]
fn test_modify_present_ecdkey() {
let ea = entry_init!(
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::Person.to_value()),
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_NAME, Value::new_iname("test_name")),
(ATTR_DESCRIPTION, Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("Test person!"))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_name")),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("Test person!"))
);
let preload = vec![ea];
let new_private_key = EcKey::generate(&DEFAULT_KEY_GROUP).unwrap();
@ -140,7 +141,7 @@ mod tests {
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("test_name"))),
modlist!([m_pres(
ATTR_ID_VERIFICATION_ECKEY,
Attribute::IdVerificationEcKey.into(),
&Value::EcKeyPrivate(new_private_key)
)]),
None,
@ -158,14 +159,14 @@ mod tests {
let uuid = Uuid::new_v4();
let ea = entry_init!(
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::Person.to_value()),
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_NAME, Value::new_iname("test_name")),
(ATTR_UUID, Value::Uuid(uuid)),
(ATTR_ID_VERIFICATION_ECKEY, private_key_value.clone()),
(ATTR_DESCRIPTION, Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("Test person!"))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_name")),
(Attribute::Uuid, Value::Uuid(uuid)),
(Attribute::IdVerificationEcKey, private_key_value.clone()),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("Test person!"))
);
let key_partialvalue = valueset::from_value_iter(std::iter::once(private_key_value))
.unwrap()
@ -177,15 +178,15 @@ mod tests {
Ok(()),
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("test_name"))),
modlist!([m_purge("id_verification_eckey")]),
modlist!([m_purge(Attribute::IdVerificationEcKey.into())]),
None,
|_| {},
|qs: &mut QueryServerWriteTransaction| {
let e = qs.internal_search_uuid(uuid).expect("failed to get entry");
assert!(
!e.attribute_equality(ATTR_ID_VERIFICATION_ECKEY, &key_partialvalue)
&& e.attribute_pres(ATTR_ID_VERIFICATION_ECKEY)
!e.attribute_equality(Attribute::IdVerificationEcKey.into(), &key_partialvalue)
&& e.attribute_pres(Attribute::IdVerificationEcKey.into())
)
}
);
@ -198,14 +199,14 @@ mod tests {
let uuid = Uuid::new_v4();
let ea = entry_init!(
(ATTR_CLASS, EntryClass::Account.to_value()),
(ATTR_CLASS, EntryClass::Person.to_value()),
(ATTR_CLASS, EntryClass::Object.to_value()),
(ATTR_NAME, Value::new_iname("test_name")),
(ATTR_UUID, Value::Uuid(uuid)),
(ATTR_ID_VERIFICATION_ECKEY, private_key_value.clone()),
(ATTR_DESCRIPTION, Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("Test person!"))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_name")),
(Attribute::Uuid, Value::Uuid(uuid)),
(Attribute::IdVerificationEcKey, private_key_value.clone()),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("Test person!"))
);
let key_partialvalue = valueset::from_value_iter(std::iter::once(private_key_value))
.unwrap()
@ -217,15 +218,18 @@ mod tests {
Ok(()),
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("test_name"))),
modlist!([m_remove("id_verification_eckey", &key_partialvalue)]),
modlist!([m_remove(
Attribute::IdVerificationEcKey.into(),
&key_partialvalue
)]),
None,
|_| {},
|qs: &mut QueryServerWriteTransaction| {
let e = qs.internal_search_uuid(uuid).expect("failed to get entry");
assert!(
!e.attribute_equality(ATTR_ID_VERIFICATION_ECKEY, &key_partialvalue)
&& e.attribute_pres(ATTR_ID_VERIFICATION_ECKEY)
!e.attribute_equality(Attribute::IdVerificationEcKey.into(), &key_partialvalue)
&& e.attribute_pres(Attribute::IdVerificationEcKey.into())
)
}
);

184
server/lib/src/plugins/gidnumber.rs
View file

@ -22,7 +22,7 @@ pub struct GidNumber {}
fn apply_gidnumber<T: Clone>(e: &mut Entry<EntryInvalid, T>) -> Result<(), OperationError> {
if (e.attribute_equality(Attribute::Class.as_ref(), &EntryClass::PosixGroup.into())
|| e.attribute_equality(Attribute::Class.into(), &EntryClass::PosixAccount.into()))
&& !e.attribute_pres("gidnumber")
&& !e.attribute_pres(Attribute::GidNumber.as_ref())
{
let u_ref = e
.get_uuid()
@ -42,9 +42,9 @@ fn apply_gidnumber<T: Clone>(e: &mut Entry<EntryInvalid, T>) -> Result<(), Opera
let gid_v = Value::new_uint32(gid);
admin_info!("Generated {} for {:?}", gid, u_ref);
e.set_ava("gidnumber", once(gid_v));
e.set_ava(Attribute::GidNumber.as_ref(), once(gid_v));
Ok(())
} else if let Some(gid) = e.get_ava_single_uint32("gidnumber") {
} else if let Some(gid) = e.get_ava_single_uint32(Attribute::GidNumber.as_ref()) {
// If they provided us with a gid number, ensure it's in a safe range.
if gid <= GID_SAFETY_NUMBER_MIN {
Err(OperationError::InvalidAttribute(format!(
@ -100,7 +100,7 @@ mod tests {
fn check_gid(qs_write: &mut QueryServerWriteTransaction, uuid: &str, gid: u32) {
let u = Uuid::parse_str(uuid).unwrap();
let e = qs_write.internal_search_uuid(u).unwrap();
let gidnumber = e.get_ava_single("gidnumber").unwrap();
let gidnumber = e.get_ava_single(Attribute::GidNumber.as_ref()).unwrap();
let ex_gid = Value::new_uint32(gid);
assert!(ex_gid == gidnumber);
}
@ -108,24 +108,15 @@ mod tests {
#[test]
fn test_gidnumber_create_generate() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let create = vec![e];
@ -148,25 +139,16 @@ mod tests {
#[test]
fn test_gidnumber_create_noaction() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::GidNumber, Value::Uint32(10001)),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::GidNumber.as_ref(), Value::Uint32(10001)),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let create = vec![e];
@ -189,24 +171,15 @@ mod tests {
#[test]
fn test_gidnumber_modify_generate() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let preload = vec![e];
@ -230,24 +203,15 @@ mod tests {
#[test]
fn test_gidnumber_modify_regenerate() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let preload = vec![e];
@ -256,7 +220,7 @@ mod tests {
Ok(()),
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("testperson"))),
modlist!([m_purge("gidnumber")]),
modlist!([m_purge(Attribute::GidNumber.as_ref())]),
None,
|_| {},
|qs_write: &mut QueryServerWriteTransaction| check_gid(
@ -271,24 +235,15 @@ mod tests {
#[test]
fn test_gidnumber_modify_noregen() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let preload = vec![e];
@ -298,8 +253,8 @@ mod tests {
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("testperson"))),
modlist!([
m_purge("gidnumber"),
m_pres("gidnumber", &Value::new_uint32(2000))
m_purge(Attribute::GidNumber.as_ref()),
m_pres(Attribute::GidNumber.as_ref(), &Value::new_uint32(2000))
]),
None,
|_| {},
@ -314,24 +269,15 @@ mod tests {
#[test]
fn test_gidnumber_create_system_reject() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-000000000244"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let create = vec![e];
@ -351,21 +297,12 @@ mod tests {
#[test]
fn test_gidnumber_create_secure_reject() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::GidNumber.as_ref(), Value::Uint32(500)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::GidNumber, Value::Uint32(500)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let create = vec![e];
@ -385,21 +322,12 @@ mod tests {
#[test]
fn test_gidnumber_create_secure_root_reject() {
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::GidNumber.as_ref(), Value::Uint32(0)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::GidNumber, Value::Uint32(0)),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let create = vec![e];

61
server/lib/src/plugins/jwskeygen.rs
View file

@ -47,20 +47,20 @@ impl JwsKeygen {
fn modify_inner<T: Clone>(cand: &mut [Entry<EntryInvalid, T>]) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| {
if e.attribute_equality(Attribute::Class.as_ref(), &EntryClass::OAuth2ResourceServerBasic.into()) &&
!e.attribute_pres("oauth2_rs_basic_secret") {
!e.attribute_pres(Attribute::OAuth2RsBasicSecret.into()) {
security_info!("regenerating oauth2 basic secret");
let v = Value::SecretValue(password_from_random());
e.add_ava("oauth2_rs_basic_secret", v);
e.add_ava(Attribute::OAuth2RsBasicSecret, v);
}
if e.attribute_equality(Attribute::Class.as_ref(), &EntryClass::OAuth2ResourceServer.into()) {
if !e.attribute_pres("oauth2_rs_token_key") {
if !e.attribute_pres(Attribute::OAuth2RsTokenKey.as_ref()) {
security_info!("regenerating oauth2 token key");
let k = fernet::Fernet::generate_key();
let v = Value::new_secret_str(&k);
e.add_ava("oauth2_rs_token_key", v);
e.add_ava(Attribute::OAuth2RsTokenKey, v);
}
if !e.attribute_pres("es256_private_key_der") {
if !e.attribute_pres(Attribute::Es256PrivateKeyDer.as_ref()) {
security_info!("regenerating oauth2 es256 private key");
let der = JwsSigner::generate_es256()
.and_then(|jws| jws.private_key_to_der())
@ -69,10 +69,10 @@ impl JwsKeygen {
OperationError::CryptographyError
})?;
let v = Value::new_privatebinary(&der);
e.add_ava("es256_private_key_der", v);
e.add_ava(Attribute::Es256PrivateKeyDer, v);
}
if e.get_ava_single_bool("oauth2_jwt_legacy_crypto_enable").unwrap_or(false)
&& !e.attribute_pres("rs256_private_key_der") {
if e.get_ava_single_bool(Attribute::OAuth2JwtLegacyCryptoEnable.as_ref()).unwrap_or(false)
&& !e.attribute_pres(Attribute::Rs256PrivateKeyDer.into()) {
security_info!("regenerating oauth2 legacy rs256 private key");
let der = JwsSigner::generate_legacy_rs256()
.and_then(|jws| jws.private_key_to_der())
@ -81,13 +81,13 @@ impl JwsKeygen {
OperationError::CryptographyError
})?;
let v = Value::new_privatebinary(&der);
e.add_ava("rs256_private_key_der", v);
e.add_ava(Attribute::Rs256PrivateKeyDer, v);
}
}
if (e.attribute_equality(Attribute::Class.as_ref(), &EntryClass::ServiceAccount.into()) ||
e.attribute_equality(Attribute::Class.as_ref(), &EntryClass::SyncAccount.into())) &&
!e.attribute_pres("jws_es256_private_key") {
!e.attribute_pres(Attribute::JwsEs256PrivateKey.as_ref()) {
security_info!("regenerating jws es256 private key");
let jwssigner = JwsSigner::generate_es256()
.map_err(|e| {
@ -95,7 +95,7 @@ impl JwsKeygen {
OperationError::CryptographyError
})?;
let v = Value::JwsKeyEs256(jwssigner);
e.add_ava("jws_es256_private_key", v);
e.add_ava(Attribute::JwsEs256PrivateKey, v);
}
Ok(())
@ -113,30 +113,30 @@ mod tests {
let uuid = Uuid::new_v4();
let e: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid)),
(Attribute::Uuid, Value::Uuid(uuid)),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_READ.to_string()]
@ -167,30 +167,30 @@ mod tests {
let uuid = Uuid::new_v4();
let e: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid)),
(Attribute::Uuid, Value::Uuid(uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_READ.to_string()]
@ -198,13 +198,10 @@ mod tests {
.expect("invalid oauthscope")
),
(
Attribute::OAuth2RsBasicSecret.as_ref(),
Attribute::OAuth2RsBasicSecret,
Value::new_secret_str("12345")
),
(
Attribute::OAuth2RsTokenKey.as_ref(),
Value::new_secret_str("12345")
)
(Attribute::OAuth2RsTokenKey, Value::new_secret_str("12345"))
);
let preload = vec![e];

214
server/lib/src/plugins/memberof.rs
View file

@ -584,7 +584,7 @@ mod tests {
let eb: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EB);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
let preload = Vec::new();
let create = vec![ea, eb];
@ -614,8 +614,8 @@ mod tests {
let ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
let preload = Vec::new();
let create = vec![ea, eb, ec];
@ -665,9 +665,9 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
let preload = Vec::new();
let create = vec![ea, eb, ec];
@ -719,13 +719,13 @@ mod tests {
let mut ed: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(ED);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_D).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_D).unwrap());
ed.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ed.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
let preload = Vec::new();
let create = vec![ea, eb, ec, ed];
@ -826,7 +826,7 @@ mod tests {
let ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -883,7 +883,7 @@ mod tests {
let ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -942,8 +942,8 @@ mod tests {
let ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -1008,9 +1008,9 @@ mod tests {
let ed: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(ED);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_D).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_D).unwrap());
let preload = vec![ea, eb, ec, ed];
run_modify_test!(
@ -1081,8 +1081,8 @@ mod tests {
let mut eb: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EB);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
let preload = vec![ea, eb];
run_modify_test!(
@ -1121,10 +1121,10 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -1181,11 +1181,11 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -1243,20 +1243,20 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
let preload = vec![ea, eb, ec];
run_modify_test!(
@ -1322,30 +1322,30 @@ mod tests {
let mut ed: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(ED);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_D).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_D).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ed.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ed.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
let preload = vec![ea, eb, ec, ed];
run_modify_test!(
@ -1420,8 +1420,8 @@ mod tests {
let mut eb: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EB);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
let preload = vec![ea, eb];
run_delete_test!(
@ -1453,12 +1453,12 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
let preload = vec![ea, eb, ec];
run_delete_test!(
@ -1500,12 +1500,12 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
let preload = vec![ea, eb, ec];
run_delete_test!(
@ -1548,20 +1548,20 @@ mod tests {
let mut ec: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(EC);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
let preload = vec![ea, eb, ec];
run_delete_test!(
@ -1607,30 +1607,30 @@ mod tests {
let mut ed: Entry<EntryInit, EntryNew> = Entry::unsafe_from_entry_str(ED);
ea.add_ava("member", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ea.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ea.add_ava(Attribute::Member, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ea.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
eb.add_ava("member", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
eb.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
eb.add_ava(Attribute::Member, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
eb.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("member", Value::new_refer_s(UUID_D).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ec.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::Member, Value::new_refer_s(UUID_D).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ec.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
ed.add_ava("member", Value::new_refer_s(UUID_A).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_A).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_B).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_C).unwrap());
ed.add_ava("memberof", Value::new_refer_s(UUID_D).unwrap());
ed.add_ava(Attribute::Member, Value::new_refer_s(UUID_A).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_A).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_B).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_C).unwrap());
ed.add_ava(Attribute::MemberOf, Value::new_refer_s(UUID_D).unwrap());
let preload = vec![ea, eb, ec, ed];
run_delete_test!(

77
server/lib/src/plugins/namehistory.rs
View file

@ -16,7 +16,7 @@ lazy_static! {
// it contains all the partialvalues used to match against an Entry's class,
// we just need a partialvalue to match in order to target the entry
static ref CLASSES_TO_UPDATE: [PartialValue; 1] = [PartialValue::new_iutf8(EntryClass::Account.into())];
static ref HISTORY_ATTRIBUTES: [&'static str;1] = ["name"];
static ref HISTORY_ATTRIBUTES: [&'static str;1] = [Attribute::Name.as_ref()];
}
impl NameHistory {
@ -137,28 +137,19 @@ mod tests {
Duration::new(20, 2),
);
let ea = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("old_name")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("old_name")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47ee"))
),
(
Attribute::NameHistory.as_ref(),
Attribute::NameHistory,
Value::new_audit_log_string((cid.clone(), "old_name".to_string())).unwrap()
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("old name person")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("old name person"))
);
let preload = vec![ea];
run_modify_test!(
@ -166,8 +157,8 @@ mod tests {
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("old_name"))),
modlist!([
m_purge("name"),
m_pres("name", &Value::new_iname("new_name_1"))
m_purge(Attribute::Name.as_ref()),
m_pres(Attribute::Name.as_ref(), &Value::new_iname("new_name_1"))
]),
None,
|_| {},
@ -191,24 +182,15 @@ mod tests {
fn name_creation() {
// Add another uuid to a type
let ea = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("old_name")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("old_name")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47e1"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("old name person")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("old name person"))
);
let preload = Vec::new();
let create = vec![ea];
@ -242,30 +224,21 @@ mod tests {
}
// Add another uuid to a type
let mut ea = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::PosixAccount.to_value()),
(Attribute::Name, Value::new_iname("old_name8")),
(
Attribute::Class.as_ref(),
EntryClass::PosixAccount.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("old_name8")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47ee"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("old name person")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("old name person"))
);
for (i, cid) in cids.iter().enumerate() {
let index = 1 + i;
let name = format!("old_name{index}");
ea.add_ava(
Attribute::NameHistory.as_ref(),
Attribute::NameHistory,
Value::AuditLogString(cid.clone(), name),
)
}
@ -275,8 +248,8 @@ mod tests {
preload,
filter!(f_eq(Attribute::Name, PartialValue::new_iname("old_name8"))),
modlist!([
m_purge("name"),
m_pres("name", &Value::new_iname("new_name"))
m_purge(Attribute::Name.as_ref()),
m_pres(Attribute::Name.as_ref(), &Value::new_iname("new_name"))
]),
None,
|_| {},

259
server/lib/src/plugins/protected.rs
View file

@ -272,236 +272,149 @@ mod tests {
lazy_static! {
pub static ref TEST_ACCOUNT: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::ServiceAccount.to_value()
),
(Attribute::Class.as_ref(), EntryClass::MemberOf.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_account_1")),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("test_account_1")
),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT)),
(Attribute::MemberOf.as_ref(), Value::Refer(UUID_TEST_GROUP))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::ServiceAccount.to_value()),
(Attribute::Class, EntryClass::MemberOf.to_value()),
(Attribute::Name, Value::new_iname("test_account_1")),
(Attribute::DisplayName, Value::new_utf8s("test_account_1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT)),
(Attribute::MemberOf, Value::Refer(UUID_TEST_GROUP))
);
pub static ref TEST_GROUP: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("test_group_a")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_GROUP)),
(Attribute::Member.as_ref(), Value::Refer(UUID_TEST_ACCOUNT))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("test_group_a")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_GROUP)),
(Attribute::Member, Value::Refer(UUID_TEST_ACCOUNT))
);
pub static ref ALLOW_ALL: EntryInitNew = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlModify.to_value()),
(Attribute::Class, EntryClass::AccessControlCreate.to_value()),
(Attribute::Class, EntryClass::AccessControlDelete.to_value()),
(Attribute::Class, EntryClass::AccessControlSearch.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlModify.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlCreate.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlDelete.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlSearch.to_value()
),
(
Attribute::Name.as_ref(),
Attribute::Name,
Value::new_iname("idm_admins_acp_allow_all_test")
),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACP)),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACP)),
(Attribute::AcpReceiverGroup, Value::Refer(UUID_TEST_GROUP)),
(
Attribute::AcpReceiverGroup.as_ref(),
Value::Refer(UUID_TEST_GROUP)
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"pres\":\"class\"}").expect("filter")
),
(Attribute::AcpSearchAttr.as_ref(), Value::new_iutf8("name")),
(Attribute::AcpSearchAttr, Attribute::Name.to_value()),
(Attribute::AcpSearchAttr, Attribute::Class.to_value()),
(Attribute::AcpSearchAttr, Attribute::Uuid.to_value()),
(Attribute::AcpSearchAttr, Value::new_iutf8("classname")),
(
Attribute::AcpSearchAttr.as_ref(),
Attribute::Class.to_value()
),
(Attribute::AcpSearchAttr.as_ref(), Value::new_iutf8("uuid")),
(
Attribute::AcpSearchAttr.as_ref(),
Value::new_iutf8("classname")
),
(
Attribute::AcpSearchAttr.as_ref(),
Attribute::AcpSearchAttr,
Value::new_iutf8(Attribute::AttributeName.as_ref())
),
(Attribute::AcpModifyClass, EntryClass::System.to_value()),
(Attribute::AcpModifyClass, Value::new_iutf8("domain_info")),
(Attribute::AcpModifyRemovedAttr, Attribute::Class.to_value()),
(
Attribute::AcpModifyClass.as_ref(),
Value::new_iutf8("system")
Attribute::AcpModifyRemovedAttr,
Attribute::DisplayName.to_value()
),
(Attribute::AcpModifyRemovedAttr, Attribute::May.to_value()),
(Attribute::AcpModifyRemovedAttr, Attribute::Must.to_value()),
(
Attribute::AcpModifyRemovedAttr,
Attribute::DomainName.to_value()
),
(
Attribute::AcpModifyClass.as_ref(),
Value::new_iutf8("domain_info")
Attribute::AcpModifyRemovedAttr,
Value::new_iutf8("domain_display_name")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Attribute::Class.to_value()
Attribute::AcpModifyRemovedAttr,
Value::new_iutf8("domain_uuid")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("displayname")
Attribute::AcpModifyRemovedAttr,
Value::new_iutf8("domain_ssid")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("may")
Attribute::AcpModifyRemovedAttr,
Value::new_iutf8("fernet_private_key_str")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Value::new_iutf8("must")
Attribute::AcpModifyRemovedAttr,
Attribute::Es256PrivateKeyDer.to_value()
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Attribute::AcpModifyRemovedAttr,
Attribute::PrivateCookieKey.to_value()
),
(Attribute::AcpModifyPresentAttr, Attribute::Class.to_value()),
(
Attribute::AcpModifyPresentAttr,
Attribute::DisplayName.to_value()
),
(Attribute::AcpModifyPresentAttr, Attribute::May.to_value()),
(Attribute::AcpModifyPresentAttr, Attribute::Must.to_value()),
(
Attribute::AcpModifyPresentAttr,
Value::new_iutf8("domain_name")
),
(
"acp_modify_removedattr",
Attribute::AcpModifyPresentAttr,
Value::new_iutf8("domain_display_name")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Attribute::AcpModifyPresentAttr,
Value::new_iutf8("domain_uuid")
),
(
Attribute::AcpModifyRemovedAttr.as_ref(),
Attribute::AcpModifyPresentAttr,
Value::new_iutf8("domain_ssid")
),
(
"acp_modify_removedattr",
Attribute::AcpModifyPresentAttr,
Value::new_iutf8("fernet_private_key_str")
),
(
"acp_modify_removedattr",
Value::new_iutf8("es256_private_key_der")
Attribute::AcpModifyPresentAttr,
Attribute::Es256PrivateKeyDer.to_value()
),
(
"acp_modify_removedattr",
Attribute::AcpModifyPresentAttr,
Attribute::PrivateCookieKey.to_value()
),
(Attribute::AcpCreateClass, EntryClass::Object.to_value()),
(Attribute::AcpCreateClass, EntryClass::Person.to_value()),
(Attribute::AcpCreateClass, EntryClass::System.to_value()),
(Attribute::AcpCreateClass, EntryClass::DomainInfo.to_value()),
(Attribute::AcpCreateAttr, Attribute::Name.to_value()),
(Attribute::AcpCreateAttr, EntryClass::Class.to_value(),),
(Attribute::AcpCreateAttr, Attribute::Description.to_value(),),
(Attribute::AcpCreateAttr, Attribute::DisplayName.to_value(),),
(Attribute::AcpCreateAttr, Attribute::DomainName.to_value(),),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Attribute::Class.to_value()
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("displayname")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("may")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("must")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("domain_name")
),
(
"acp_modify_presentattr",
Attribute::AcpCreateAttr,
Value::new_iutf8("domain_display_name")
),
(Attribute::AcpCreateAttr, Value::new_iutf8("domain_uuid")),
(Attribute::AcpCreateAttr, Value::new_iutf8("domain_ssid")),
(Attribute::AcpCreateAttr, Attribute::Uuid.to_value()),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("domain_uuid")
),
(
Attribute::AcpModifyPresentAttr.as_ref(),
Value::new_iutf8("domain_ssid")
),
(
"acp_modify_presentattr",
Attribute::AcpCreateAttr,
Value::new_iutf8("fernet_private_key_str")
),
(
"acp_modify_presentattr",
Value::new_iutf8("es256_private_key_der")
Attribute::AcpCreateAttr,
Attribute::Es256PrivateKeyDer.to_value()
),
(
"acp_modify_presentattr",
Attribute::AcpCreateAttr,
Attribute::PrivateCookieKey.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::Object.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::Person.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::System.to_value()
),
(
Attribute::AcpCreateClass.as_ref(),
EntryClass::DomainInfo.to_value()
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::Name.to_value()
),
(
Attribute::AcpCreateAttr.as_ref(),
EntryClass::Class.to_value(),
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::Description.to_value(),
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::DisplayName.to_value(),
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::DomainName.to_value(),
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("domain_display_name")
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("domain_uuid")
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("domain_ssid")
),
(Attribute::AcpCreateAttr.as_ref(), Value::new_iutf8("uuid")),
(
"acp_create_attr",
Value::new_iutf8("fernet_private_key_str")
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("es256_private_key_der")
),
(
Attribute::AcpCreateAttr.as_ref(),
Attribute::PrivateCookieKey.to_value()
),
(
Attribute::AcpCreateAttr.as_ref(),
Value::new_iutf8("version")
)
(Attribute::AcpCreateAttr, Value::new_iutf8("version"))
);
pub static ref PRELOAD: Vec<EntryInitNew> =
vec![TEST_ACCOUNT.clone(), TEST_GROUP.clone(), ALLOW_ALL.clone()];
@ -588,8 +501,8 @@ mod tests {
preload,
filter!(f_eq(Attribute::ClassName, EntryClass::TestClass.into())),
modlist!([
m_pres("may", &Value::new_iutf8("name")),
m_pres("must", &Value::new_iutf8("name")),
m_pres(Attribute::May.as_ref(), &Attribute::Name.to_value()),
m_pres(Attribute::Must.as_ref(), &Attribute::Name.to_value()),
]),
Some(E_TEST_ACCOUNT.clone()),
|_| {},

94
server/lib/src/plugins/refint.rs
View file

@ -924,26 +924,26 @@ mod tests {
// scope maps, so we need to check that when the group is deleted, that the
// scope map is also appropriately affected.
let ea: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
// (Attribute::Class.as_ref(), EntryClass::OAuth2ResourceServerBasic.into()),
// (Attribute::Class, EntryClass::OAuth2ResourceServerBasic.into()),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
btreeset![OAUTH2_SCOPE_READ.to_string()]
@ -953,16 +953,13 @@ mod tests {
);
let eb: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testgroup")
)
(Attribute::Description, Value::new_utf8s("testgroup"))
);
let preload = vec![ea, eb];
@ -1003,47 +1000,41 @@ mod tests {
let rs_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(
"primary_credential",
Attribute::PrimaryCredential,
Value::Cred("primary".to_string(), cred.clone())
)
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -1069,7 +1060,7 @@ mod tests {
// Mod the user
let modlist = modlist!([
Modify::Present(
"oauth2_session".into(),
Attribute::OAuth2Session.into(),
Value::Oauth2Session(
session_id,
Oauth2Session {
@ -1082,7 +1073,7 @@ mod tests {
)
),
Modify::Present(
"user_auth_token_session".into(),
Attribute::UserAuthTokenSession.into(),
Value::Session(
parent,
Session {
@ -1148,24 +1139,27 @@ mod tests {
let inv_mb_uuid = Uuid::new_v4();
let e_dyn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::DynGroup.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(dyn_uuid)),
(Attribute::Name.as_ref(), Value::new_iname("test_dyngroup")),
("dynmember", Value::Refer(inv_mb_uuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::DynGroup.to_value()),
(Attribute::Uuid, Value::Uuid(dyn_uuid)),
(Attribute::Name, Value::new_iname("test_dyngroup")),
(Attribute::DynMember, Value::Refer(inv_mb_uuid)),
(
"dyngroup_filter",
Value::JsonFilt(ProtoFilter::Eq("name".to_string(), "testgroup".to_string()))
Attribute::DynGroupFilter,
Value::JsonFilt(ProtoFilter::Eq(
Attribute::Name.to_string(),
"testgroup".to_string()
))
)
);
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class.as_ref(), EntryClass::MemberOf.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup")),
(Attribute::Uuid.as_ref(), Value::Uuid(tgroup_uuid)),
(Attribute::MemberOf.as_ref(), Value::Refer(inv_mo_uuid))
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::MemberOf.to_value()),
(Attribute::Name, Value::new_iname("testgroup")),
(Attribute::Uuid, Value::Uuid(tgroup_uuid)),
(Attribute::MemberOf, Value::Refer(inv_mo_uuid))
);
let ce = CreateEvent::new_internal(vec![e_dyn, e_group]);

185
server/lib/src/plugins/session.rs
View file

@ -55,18 +55,18 @@ impl SessionConsistency {
// * If the session's credential is no longer on the account, we remove the session.
let cred_ids: BTreeSet<Uuid> =
entry
.get_ava_single_credential("primary_credential")
.get_ava_single_credential(Attribute::PrimaryCredential.into())
.iter()
.map(|c| c.uuid)
.chain(
entry.get_ava_passkeys("passkeys")
entry.get_ava_passkeys(Attribute::PassKeys.into())
.iter()
.flat_map(|pks| pks.keys().copied() )
)
.collect();
let invalidate: Option<BTreeSet<_>> = entry.get_ava_as_session_map("user_auth_token_session")
let invalidate: Option<BTreeSet<_>> = entry.get_ava_as_session_map(Attribute::UserAuthTokenSession.into())
.map(|sessions| {
sessions.iter().filter_map(|(session_id, session)| {
if !cred_ids.contains(&session.cred_id) {
@ -80,11 +80,11 @@ impl SessionConsistency {
});
if let Some(invalidate) = invalidate.as_ref() {
entry.remove_avas("user_auth_token_session", invalidate);
entry.remove_avas(Attribute::UserAuthTokenSession.into(), invalidate);
}
// * If a UAT is past its expiry, remove it.
let expired: Option<BTreeSet<_>> = entry.get_ava_as_session_map("user_auth_token_session")
let expired: Option<BTreeSet<_>> = entry.get_ava_as_session_map(Attribute::UserAuthTokenSession.into())
.map(|sessions| {
sessions.iter().filter_map(|(session_id, session)| {
match &session.expiry {
@ -99,14 +99,14 @@ impl SessionConsistency {
});
if let Some(expired) = expired.as_ref() {
entry.remove_avas("user_auth_token_session", expired);
entry.remove_avas(Attribute::UserAuthTokenSession.into(), expired);
}
// * If an oauth2 session is past it's expiry, remove it.
// * If an oauth2 session is past the grace window, and no parent session exists, remove it.
let oauth2_remove: Option<BTreeSet<_>> = entry.get_ava_as_oauth2session_map("oauth2_session").map(|oauth2_sessions| {
// If we have oauth2 sessions, we need to be able to lookup if sessions exist in the uat.
let sessions = entry.get_ava_as_session_map("user_auth_token_session");
let sessions = entry.get_ava_as_session_map(Attribute::UserAuthTokenSession.into());
oauth2_sessions.iter().filter_map(|(o2_session_id, session)| {
match &session.expiry {
@ -137,7 +137,7 @@ impl SessionConsistency {
});
if let Some(oauth2_remove) = oauth2_remove.as_ref() {
entry.remove_avas("oauth2_session", oauth2_remove);
entry.remove_avas(Attribute::OAuth2Session.as_ref(), oauth2_remove);
}
Ok(())
@ -180,21 +180,15 @@ mod tests {
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(
"primary_credential",
Attribute::PrimaryCredential,
Value::Cred("primary".to_string(), cred.clone())
)
);
@ -228,7 +222,7 @@ mod tests {
);
// Mod the user
let modlist = ModifyList::new_append("user_auth_token_session", session);
let modlist = ModifyList::new_append(Attribute::UserAuthTokenSession.into(), session);
server_txn
.internal_modify(
@ -289,51 +283,45 @@ mod tests {
let rs_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(
"primary_credential",
Attribute::PrimaryCredential,
Value::Cred("primary".to_string(), cred.clone())
)
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -373,7 +361,7 @@ mod tests {
)
),
Modify::Present(
"user_auth_token_session".into(),
Attribute::UserAuthTokenSession.into(),
Value::Session(
parent,
Session {
@ -456,51 +444,45 @@ mod tests {
let rs_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(
"primary_credential",
Attribute::PrimaryCredential,
Value::Cred("primary".to_string(), cred.clone())
)
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
"oauth2_rs_origin",
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -539,7 +521,7 @@ mod tests {
)
),
Modify::Present(
"user_auth_token_session".into(),
Attribute::UserAuthTokenSession.into(),
Value::Session(
parent,
Session {
@ -579,7 +561,8 @@ mod tests {
let mut server_txn = server.write(exp_curtime).await;
// Mod again - remove the parent session.
let modlist = ModifyList::new_remove("user_auth_token_session", pv_parent_id.clone());
let modlist =
ModifyList::new_remove(Attribute::UserAuthTokenSession.into(), pv_parent_id.clone());
server_txn
.internal_modify(
@ -616,47 +599,41 @@ mod tests {
let rs_uuid = Uuid::new_v4();
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
Attribute::OAuth2RsName.as_ref(),
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName.as_ref(),
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin.as_ref(),
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
// System admins
(
Attribute::OAuth2RsScopeMap.as_ref(),
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(
UUID_IDM_ALL_ACCOUNTS,
btreeset![OAUTH2_SCOPE_OPENID.to_string()]
@ -746,21 +723,15 @@ mod tests {
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(tuuid)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(tuuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::PrimaryCredential.as_ref(),
Attribute::PrimaryCredential,
Value::Cred("primary".to_string(), cred.clone())
)
);
@ -795,7 +766,7 @@ mod tests {
);
// Mod the user
let modlist = ModifyList::new_append("user_auth_token_session", session);
let modlist = ModifyList::new_append(Attribute::UserAuthTokenSession.into(), session);
server_txn
.internal_modify(
@ -816,7 +787,7 @@ mod tests {
let mut server_txn = server.write(curtime).await;
// Remove the primary credential
let modlist = ModifyList::new_purge("primary_credential");
let modlist = ModifyList::new_purge(Attribute::PrimaryCredential.into());
server_txn
.internal_modify(

588
server/lib/src/repl/tests.rs
View file

@ -245,18 +245,12 @@ async fn test_repl_increment_basic_entry_add(server_a: &QueryServer, server_b: &
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -354,18 +348,12 @@ async fn test_repl_increment_basic_entry_recycle(server_a: &QueryServer, server_
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -418,18 +406,12 @@ async fn test_repl_increment_basic_entry_tombstone(server_a: &QueryServer, serve
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -494,18 +476,12 @@ async fn test_repl_increment_consumer_lagging_tombstone(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -603,18 +579,12 @@ async fn test_repl_increment_basic_bidirectional_write(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -692,18 +662,12 @@ async fn test_repl_increment_basic_deleted_attr(server_a: &QueryServer, server_b
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_a_txn.commit().expect("Failed to commit");
@ -768,18 +732,12 @@ async fn test_repl_increment_simultaneous_bidirectional_write(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -888,18 +846,12 @@ async fn test_repl_increment_basic_bidirectional_lifecycle(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -1035,18 +987,12 @@ async fn test_repl_increment_basic_bidirectional_recycle(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -1167,18 +1113,12 @@ async fn test_repl_increment_basic_bidirectional_tombstone(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
// And then recycle it.
@ -1277,18 +1217,12 @@ async fn test_repl_increment_creation_uuid_conflict(
// Now create the same entry on both servers.
let t_uuid = Uuid::new_v4();
let e_init = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let mut server_b_txn = server_b.write(ct).await;
@ -1356,7 +1290,7 @@ async fn test_repl_increment_creation_uuid_conflict(
// Should be a vec.
.pop()
.expect("No conflict entries present");
assert!(cnf_a.get_ava_single_iname("name") == Some("testperson1"));
assert!(cnf_a.get_ava_single_iname(Attribute::Name.as_ref()) == Some("testperson1"));
let cnf_b = server_b_txn
.internal_search_conflict_uuid(t_uuid)
@ -1414,18 +1348,12 @@ async fn test_repl_increment_create_tombstone_uuid_conflict(
// Now create the same entry on both servers.
let t_uuid = Uuid::new_v4();
let e_init = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let mut server_b_txn = server_b.write(ct).await;
@ -1513,18 +1441,12 @@ async fn test_repl_increment_create_tombstone_conflict(
// Now create the same entry on both servers.
let t_uuid = Uuid::new_v4();
let e_init = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let mut server_b_txn = server_b.write(ct).await;
@ -1615,18 +1537,12 @@ async fn test_repl_increment_schema_conflict(server_a: &QueryServer, server_b: &
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -1738,18 +1654,12 @@ async fn test_repl_increment_consumer_lagging_attributes(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -1869,18 +1779,12 @@ async fn test_repl_increment_consumer_ruv_trim_past_valid(
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -2012,19 +1916,13 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -2161,12 +2059,12 @@ async fn test_repl_increment_schema_dynamic(server_a: &QueryServer, server_b: &Q
let s_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::ClassType.to_value()),
("classname", EntryClass::TestClass.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(s_uuid)),
("description", Value::new_utf8s("Test Class")),
("may", Value::new_iutf8("name"))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::ClassType.to_value()),
(Attribute::ClassName, EntryClass::TestClass.to_value()),
(Attribute::Uuid, Value::Uuid(s_uuid)),
(Attribute::Description, Value::new_utf8s("Test Class")),
(Attribute::May, Attribute::Name.to_value())
)])
.is_ok());
// Schema doesn't take effect til after a commit.
@ -2177,9 +2075,9 @@ async fn test_repl_increment_schema_dynamic(server_a: &QueryServer, server_b: &Q
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::TestClass.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::TestClass.to_value()),
(Attribute::Uuid, Value::Uuid(t_uuid))
)])
.is_ok());
@ -2236,30 +2134,24 @@ async fn test_repl_increment_memberof_basic(server_a: &QueryServer, server_b: &Q
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
let g_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup1")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid)),
(Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup1")),
(Attribute::Uuid, Value::Uuid(g_uuid)),
(Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2322,13 +2214,10 @@ async fn test_repl_increment_memberof_conflict(server_a: &QueryServer, server_b:
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(
Attribute::Name.as_ref(),
Value::new_iname("testgroup_conflict")
),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup_conflict")),
(Attribute::Uuid, Value::Uuid(g_uuid))
),])
.is_ok());
@ -2339,29 +2228,23 @@ async fn test_repl_increment_memberof_conflict(server_a: &QueryServer, server_b:
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup1")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid)),
(Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup1")),
(Attribute::Uuid, Value::Uuid(g_uuid)),
(Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2446,30 +2329,24 @@ async fn test_repl_increment_refint_tombstone(server_a: &QueryServer, server_b:
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
let g_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup1")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid)) // Don't add the membership yet!
// (Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup1")),
(Attribute::Uuid, Value::Uuid(g_uuid)) // Don't add the membership yet!
// (Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2562,22 +2439,13 @@ async fn test_repl_increment_refint_conflict(server_a: &QueryServer, server_b: &
let t_uuid = Uuid::new_v4();
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(
Attribute::Name.as_ref(),
Value::new_iname("testperson_conflict")
),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson_conflict")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
server_b_txn.commit().expect("Failed to commit");
@ -2586,30 +2454,24 @@ async fn test_repl_increment_refint_conflict(server_a: &QueryServer, server_b: &
let mut server_a_txn = server_a.write(duration_from_epoch_now()).await;
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
let g_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup1")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid)),
(Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup1")),
(Attribute::Uuid, Value::Uuid(g_uuid)),
(Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2685,30 +2547,24 @@ async fn test_repl_increment_refint_delete_to_member_holder(
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
let g_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup1")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_uuid)) // Don't add the membership yet!
// (Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup1")),
(Attribute::Uuid, Value::Uuid(g_uuid)) // Don't add the membership yet!
// (Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2808,41 +2664,35 @@ async fn test_repl_increment_attrunique_conflict_basic(
let t_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
let g_a_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup_a")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_a_uuid)),
(Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup_a")),
(Attribute::Uuid, Value::Uuid(g_a_uuid)),
(Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
let g_b_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup_b")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_b_uuid)),
(Attribute::Member.as_ref(), Value::Refer(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup_b")),
(Attribute::Uuid, Value::Uuid(g_b_uuid)),
(Attribute::Member, Value::Refer(t_uuid))
),])
.is_ok());
@ -2850,12 +2700,12 @@ async fn test_repl_increment_attrunique_conflict_basic(
let g_c_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testgroup_c")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_c_uuid)),
(Attribute::Member.as_ref(), Value::Refer(g_a_uuid)),
(Attribute::Member.as_ref(), Value::Refer(g_b_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testgroup_c")),
(Attribute::Uuid, Value::Uuid(g_c_uuid)),
(Attribute::Member, Value::Refer(g_a_uuid)),
(Attribute::Member, Value::Refer(g_b_uuid))
),])
.is_ok());
@ -3014,20 +2864,20 @@ async fn test_repl_increment_attrunique_conflict_complex(
let g_a_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("name_conflict")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_a_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("name_conflict")),
(Attribute::Uuid, Value::Uuid(g_a_uuid))
),])
.is_ok());
let g_b_uuid = Uuid::new_v4();
assert!(server_a_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("uuid_conflict")),
(Attribute::Uuid.as_ref(), Value::Uuid(g_b_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("uuid_conflict")),
(Attribute::Uuid, Value::Uuid(g_b_uuid))
),])
.is_ok());
@ -3039,12 +2889,12 @@ async fn test_repl_increment_attrunique_conflict_complex(
// should *also* have an attr conflict to name on the first entry from A.
assert!(server_b_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
// Conflicting name
(Attribute::Name.as_ref(), Value::new_iname("name_conflict")),
(Attribute::Name, Value::new_iname("name_conflict")),
// Conflicting uuid
(Attribute::Uuid.as_ref(), Value::Uuid(g_b_uuid))
(Attribute::Uuid, Value::Uuid(g_b_uuid))
),])
.is_ok());

228
server/lib/src/schema.rs
View file

@ -121,7 +121,7 @@ impl SchemaAttribute {
.get_ava_single_utf8(Attribute::Description.as_ref())
.map(|s| s.to_string())
.ok_or_else(|| {
admin_error!("missing {} - {}", Attribute::Description.as_ref(), name);
admin_error!("missing {} - {}", Attribute::Description, name);
OperationError::InvalidSchemaState("missing description".to_string())
})?;
@ -129,13 +129,13 @@ impl SchemaAttribute {
let multivalue = value
.get_ava_single_bool(Attribute::MultiValue.as_ref())
.ok_or_else(|| {
admin_error!("missing {} - {}", Attribute::MultiValue.as_ref(), name);
admin_error!("missing {} - {}", Attribute::MultiValue, name);
OperationError::InvalidSchemaState("missing multivalue".to_string())
})?;
let unique = value
.get_ava_single_bool(Attribute::Unique.as_ref())
.ok_or_else(|| {
admin_error!("missing {} - {}", Attribute::Unique.as_ref(), name);
admin_error!("missing {} - {}", Attribute::Unique, name);
OperationError::InvalidSchemaState("missing unique".to_string())
})?;
@ -157,12 +157,12 @@ impl SchemaAttribute {
// even if empty, it SHOULD be present ... (is that valid to put an empty set?)
// The get_ava_opt_index handles the optional case for us :)
let index = value.get_ava_opt_index(ATTR_INDEX).ok_or_else(|| {
admin_error!("invalid {} - {}", ATTR_INDEX, name);
admin_error!("invalid {} - {}", Attribute::Index, name);
OperationError::InvalidSchemaState(format!("invalid {}", ATTR_INDEX))
})?;
// syntax type
let syntax = value.get_ava_single_syntax(ATTR_SYNTAX).ok_or_else(|| {
admin_error!("missing {} - {}", ATTR_SYNTAX, name);
admin_error!("missing {} - {}", Attribute::Syntax, name);
OperationError::InvalidSchemaState(format!("missing {}", ATTR_SYNTAX))
})?;
@ -315,17 +315,20 @@ impl From<SchemaAttribute> for EntryInitNew {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava("attributename", vec![Value::new_iutf8(&value.name)]);
entry.add_ava("multivalue", Value::Bool(value.multivalue));
entry.set_ava(
Attribute::AttributeName,
vec![Value::new_iutf8(&value.name)],
);
entry.add_ava(Attribute::MultiValue, Value::Bool(value.multivalue));
// syntax
entry.set_ava("syntax", vec![Value::Syntax(value.syntax)]);
entry.set_ava("unique", vec![Value::Bool(value.unique)]);
entry.set_ava(Attribute::Syntax, vec![Value::Syntax(value.syntax)]);
entry.set_ava(Attribute::Unique, vec![Value::Bool(value.unique)]);
// index
entry.set_ava("index", value.index.into_iter().map(Value::Index));
entry.set_ava(Attribute::Index, value.index.into_iter().map(Value::Index));
// class
entry.set_ava(
Attribute::Class.as_ref(),
Attribute::Class,
vec![
EntryClass::Object.to_value(),
EntryClass::System.into(),
@ -334,17 +337,20 @@ impl From<SchemaAttribute> for EntryInitNew {
);
// description
entry.set_ava(
Attribute::Description.as_ref(),
Attribute::Description,
vec![Value::new_utf8s(&value.description)],
);
// unique
// multivalue
// sync_allowed
entry.set_ava("sync_allowed", vec![Value::Bool(value.sync_allowed)]);
entry.set_ava(
Attribute::SyncAllowed,
vec![Value::Bool(value.sync_allowed)],
);
// uid
entry.set_ava("uuid", vec![Value::Uuid(value.uuid)]);
entry.set_ava(Attribute::Uuid, vec![Value::Uuid(value.uuid)]);
entry
}
@ -492,14 +498,11 @@ impl From<SchemaClass> for EntryInitNew {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava(
Attribute::ClassName.as_ref(),
vec![Value::new_iutf8(&value.name)],
);
entry.set_ava(Attribute::ClassName, vec![Value::new_iutf8(&value.name)]);
// class
entry.set_ava(
Attribute::Class.as_ref(),
Attribute::Class,
vec![
EntryClass::Object.to_value(),
EntryClass::System.into(),
@ -509,44 +512,44 @@ impl From<SchemaClass> for EntryInitNew {
// description
entry.set_ava(
Attribute::Description.as_ref(),
Attribute::Description,
vec![Value::new_utf8s(&value.description)],
);
// sync_allowed
entry.set_ava(
Attribute::SyncAllowed.as_ref(),
Attribute::SyncAllowed,
vec![Value::Bool(value.sync_allowed)],
);
// uid
entry.set_ava(Attribute::Uuid.as_ref(), vec![Value::Uuid(value.uuid)]);
entry.set_ava(Attribute::Uuid, vec![Value::Uuid(value.uuid)]);
// systemmay
if !value.systemmay.is_empty() {
entry.set_ava(
Attribute::SystemMay.as_ref(),
Attribute::SystemMay,
value.systemmay.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemexcludes
if !value.systemexcludes.is_empty() {
entry.set_ava(
Attribute::SystemExcludes.as_ref(),
Attribute::SystemExcludes,
value.systemexcludes.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemmust
if !value.systemmust.is_empty() {
entry.set_ava(
Attribute::SystemMust.as_ref(),
Attribute::SystemMust,
value.systemmust.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemsupplements
if !value.systemsupplements.is_empty() {
entry.set_ava(
Attribute::SystemSupplements.as_ref(),
Attribute::SystemSupplements,
value.systemsupplements.iter().map(|s| Value::new_iutf8(s)),
);
}
@ -2484,11 +2487,13 @@ mod tests {
assert_eq!(
e_no_uuid.validate(&schema),
Err(SchemaError::MissingMustAttribute(vec!["uuid".to_string()]))
Err(SchemaError::MissingMustAttribute(vec![
Attribute::Uuid.to_string()
]))
);
let e_no_class = entry_init!((
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
))
.into_invalid_new();
@ -2497,10 +2502,10 @@ mod tests {
let e_bad_class = entry_init!(
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::Class.as_ref(), Value::new_class("zzzzzz"))
(Attribute::Class, Value::new_class("zzzzzz"))
)
.into_invalid_new();
assert_eq!(
@ -2510,14 +2515,11 @@ mod tests {
let e_attr_invalid = entry_init!(
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
)
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value())
)
.into_invalid_new();
let res = e_attr_invalid.validate(&schema);
@ -2527,33 +2529,18 @@ mod tests {
});
let e_attr_invalid_may = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value()),
(Attribute::AttributeName, Value::new_iutf8("testattr")),
(Attribute::Description, Value::Utf8("testattr".to_string())),
(Attribute::MultiValue, Value::Bool(false)),
(Attribute::Unique, Value::Bool(false)),
(Attribute::Syntax, Value::Syntax(SyntaxType::Utf8String)),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
),
(
Attribute::AttributeName.as_ref(),
Value::new_iutf8("testattr")
),
(
Attribute::Description.as_ref(),
Value::Utf8("testattr".to_string())
),
(Attribute::MultiValue.as_ref(), Value::Bool(false)),
(Attribute::Unique.as_ref(), Value::Bool(false)),
(
Attribute::Syntax.as_ref(),
Value::Syntax(SyntaxType::Utf8String)
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(
Attribute::TestAttr.as_ref(),
Value::Utf8("zzzz".to_string())
)
(Attribute::TestAttr, Value::Utf8("zzzz".to_string()))
)
.into_invalid_new();
@ -2565,30 +2552,15 @@ mod tests {
);
let e_attr_invalid_syn = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value()),
(Attribute::AttributeName, Value::new_iutf8("testattr")),
(Attribute::Description, Value::Utf8("testattr".to_string())),
(Attribute::MultiValue, Value::Utf8("false".to_string())),
(Attribute::Unique, Value::Bool(false)),
(Attribute::Syntax, Value::Syntax(SyntaxType::Utf8String)),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
),
(
Attribute::AttributeName.as_ref(),
Value::new_iutf8("testattr")
),
(
Attribute::Description.as_ref(),
Value::Utf8("testattr".to_string())
),
(
Attribute::MultiValue.as_ref(),
Value::Utf8("false".to_string())
),
(Attribute::Unique.as_ref(), Value::Bool(false)),
(
Attribute::Syntax.as_ref(),
Value::Syntax(SyntaxType::Utf8String)
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
)
)
@ -2603,31 +2575,19 @@ mod tests {
// You may not have the phantom.
let e_phantom = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value()),
(Attribute::AttributeName, Value::new_iutf8("testattr")),
(Attribute::Description, Value::Utf8("testattr".to_string())),
(Attribute::MultiValue, Value::Bool(false)),
(Attribute::Unique, Value::Bool(false)),
(Attribute::Syntax, Value::Syntax(SyntaxType::Utf8String)),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
),
(
Attribute::AttributeName.as_ref(),
Value::new_iutf8("testattr")
),
(
Attribute::Description.as_ref(),
Value::Utf8("testattr".to_string())
),
(Attribute::MultiValue.as_ref(), Value::Bool(false)),
(Attribute::Unique.as_ref(), Value::Bool(false)),
(
Attribute::Syntax.as_ref(),
Value::Syntax(SyntaxType::Utf8String)
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
),
(
Attribute::PasswordImport.as_ref(),
Attribute::PasswordImport,
Value::Utf8("password".to_string())
)
)
@ -2635,27 +2595,15 @@ mod tests {
assert!(e_phantom.validate(&schema).is_err());
let e_ok = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value()),
(Attribute::AttributeName, Value::new_iutf8("testattr")),
(Attribute::Description, Value::Utf8("testattr".to_string())),
(Attribute::MultiValue, Value::Bool(true)),
(Attribute::Unique, Value::Bool(false)),
(Attribute::Syntax, Value::Syntax(SyntaxType::Utf8String)),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
),
(
Attribute::AttributeName.as_ref(),
Value::new_iutf8("testattr")
),
(
Attribute::Description.as_ref(),
Value::Utf8("testattr".to_string())
),
(Attribute::MultiValue.as_ref(), Value::Bool(true)),
(Attribute::Unique.as_ref(), Value::Bool(false)),
(
Attribute::Syntax.as_ref(),
Value::Syntax(SyntaxType::Utf8String)
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1"))
)
)
@ -2898,8 +2846,8 @@ mod tests {
// Missing person or service account.
let e_account = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new();
@ -2914,8 +2862,8 @@ mod tests {
// Service account missing account
/*
let e_service = unsafe { entry_init!(
(Attribute::Class.as_ref(), EntryClass::Service.to_value()),
(Attribute::Uuid.as_ref(), Value::new_uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Service.to_value()),
(Attribute::Uuid, Value::new_uuid(Uuid::new_v4()))
).into_invalid_new() };
assert_eq!(
@ -2926,10 +2874,10 @@ mod tests {
// Service can't have person
let e_service_person = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Service.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Service.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new();
@ -2942,26 +2890,26 @@ mod tests {
// These are valid configurations.
let e_service_valid = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Service.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Service.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new();
assert!(e_service_valid.validate(&schema).is_ok());
let e_person_valid = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new();
assert!(e_person_valid.validate(&schema).is_ok());
let e_person_valid = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4()))
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new();

474
server/lib/src/server/access/mod.rs
View file

@ -1079,19 +1079,19 @@ mod tests {
lazy_static! {
pub static ref E_TEST_ACCOUNT_1: Arc<EntrySealedCommitted> = Arc::new(
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
("name", Value::new_iname("test_account_1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1)),
("memberof", Value::Refer(UUID_TEST_GROUP_1))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_account_1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1)),
(Attribute::MemberOf, Value::Refer(UUID_TEST_GROUP_1))
)
.into_sealed_committed()
);
pub static ref E_TEST_ACCOUNT_2: Arc<EntrySealedCommitted> = Arc::new(
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
("name", Value::new_iname("test_account_1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_2)),
("memberof", Value::Refer(UUID_TEST_GROUP_2))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Name, Value::new_iname("test_account_1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_2)),
(Attribute::MemberOf, Value::Refer(UUID_TEST_GROUP_2))
)
.into_sealed_committed()
);
@ -1179,22 +1179,22 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
("name", Value::new_iname("acp_valid")),
(Attribute::Name, Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
)
),
@ -1225,26 +1225,23 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlDelete.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlDelete.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
)
),
@ -1314,30 +1311,27 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlSearch.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlSearch.to_value()
),
(Attribute::Name.as_ref(), Value::new_iname("acp_valid")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::AcpReceiverGroup.as_ref(),
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::AcpTargetScope.as_ref(),
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
),
("acp_search_attr", Value::new_iutf8("name")),
("acp_search_attr", Value::new_iutf8("class"))
(Attribute::AcpSearchAttr, Attribute::Name.to_value()),
(Attribute::AcpSearchAttr, Value::new_iutf8("class"))
),
AccessControlSearch
);
@ -1370,26 +1364,23 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlModify.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlModify.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
)
),
@ -1399,31 +1390,28 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlModify.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlModify.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
),
("acp_modify_removedattr", Value::new_iutf8("name")),
("acp_modify_presentattr", Value::new_iutf8("name")),
("acp_modify_class", Value::new_iutf8("object"))
(Attribute::AcpModifyRemovedAttr, Attribute::Name.to_value()),
(Attribute::AcpModifyPresentAttr, Attribute::Name.to_value()),
(Attribute::AcpModifyClass, EntryClass::Object.to_value())
),
AccessControlModify
);
@ -1455,26 +1443,23 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlCreate.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlCreate.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
)
),
@ -1484,30 +1469,27 @@ mod tests {
acp_from_entry_ok!(
&mut qs_write,
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlCreate.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlCreate.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
),
("acp_create_attr", Value::new_iutf8("name")),
("acp_create_class", EntryClass::Object.to_value())
(Attribute::AcpCreateAttr, Attribute::Name.to_value()),
(Attribute::AcpCreateClass, EntryClass::Object.to_value())
),
AccessControlCreate
);
@ -1522,46 +1504,34 @@ mod tests {
let mut qs_write = qs.write(duration_from_epoch_now()).await;
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::AccessControlProfile.to_value()
),
(Attribute::Class, EntryClass::AccessControlCreate.to_value()),
(Attribute::Class, EntryClass::AccessControlDelete.to_value()),
(Attribute::Class, EntryClass::AccessControlModify.to_value()),
(Attribute::Class, EntryClass::AccessControlSearch.to_value()),
(Attribute::Name, Value::new_iname("acp_valid")),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlCreate.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlDelete.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlModify.to_value()
),
(
Attribute::Class.as_ref(),
EntryClass::AccessControlSearch.to_value()
),
("name", Value::new_iname("acp_valid")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Attribute::AcpReceiverGroup,
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
Attribute::AcpTargetScope,
Value::new_json_filter_s("{\"eq\":[\"name\",\"a\"]}").expect("filter")
),
("acp_search_attr", Value::new_iutf8("name")),
("acp_create_class", EntryClass::Class.to_value()),
("acp_create_attr", Value::new_iutf8("name")),
("acp_modify_removedattr", Value::new_iutf8("name")),
("acp_modify_presentattr", Value::new_iutf8("name")),
("acp_modify_class", Value::new_iutf8("object"))
(Attribute::AcpSearchAttr, Attribute::Name.to_value()),
(Attribute::AcpCreateClass, EntryClass::Class.to_value()),
(Attribute::AcpCreateAttr, Attribute::Name.to_value()),
(Attribute::AcpModifyRemovedAttr, Attribute::Name.to_value()),
(Attribute::AcpModifyPresentAttr, Attribute::Name.to_value()),
(Attribute::AcpModifyClass, EntryClass::Object.to_value())
);
acp_from_entry_ok!(&mut qs_write, e.clone(), AccessControlCreate);
@ -1640,7 +1610,7 @@ mod tests {
Uuid::new_v4(),
UUID_TEST_GROUP_1,
filter_valid!(f_pres(Attribute::NonExist)), // apply to none - ie no allowed results
"name", // allow to this attr, but we don't eval this.
Attribute::Name.as_ref(), // allow to this attr, but we don't eval this.
)],
entries,
expect
@ -1679,7 +1649,7 @@ mod tests {
)),
// In that read, admin may only view the "name" attribute, or query on
// the name attribute. Any other query (should be) rejected.
"name",
Attribute::Name.as_ref(),
);
// Check the admin search event
@ -1721,7 +1691,7 @@ mod tests {
)),
// In that read, admin may only view the "name" attribute, or query on
// the name attribute. Any other query (should be) rejected.
"name",
Attribute::Name.as_ref(),
);
// Check the admin search event
@ -1759,7 +1729,7 @@ mod tests {
)),
// In that read, admin may only view the "name" attribute, or query on
// the name attribute. Any other query (should be) rejected.
"name",
Attribute::Name.as_ref(),
);
// Finally test it!
@ -1768,7 +1738,7 @@ mod tests {
lazy_static! {
pub static ref E_TESTPERSON_1_REDUCED: EntryInitNew =
entry_init!(("name", Value::new_iname("testperson1")));
entry_init!((Attribute::Name, Value::new_iname("testperson1")));
}
#[test]
@ -1802,7 +1772,7 @@ mod tests {
)),
// In that read, admin may only view the "name" attribute, or query on
// the name attribute. Any other query (should be) rejected.
"name",
Attribute::Name.as_ref(),
);
// Finally test it!
@ -1912,7 +1882,7 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_pres("name", &Value::new_iname("value"))]),
modlist!([m_pres(Attribute::Name.as_ref(), &Value::new_iname("value"))]),
);
// Name rem
let me_rem = ModifyEvent::new_impersonate_entry(
@ -1921,7 +1891,10 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_remove("name", &PartialValue::new_iname("value"))]),
modlist!([m_remove(
Attribute::Name.as_ref(),
&PartialValue::new_iname("value")
)]),
);
// Name purge
let me_purge = ModifyEvent::new_impersonate_entry(
@ -1977,7 +1950,7 @@ mod tests {
// Allow rem name and class
"name class",
// And the class allowed is account
"account",
EntryClass::Account.into(),
);
// Allow member, class is group. IE not account
let acp_deny = AccessControlModify::from_raw(
@ -2059,7 +2032,7 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_pres("name", &Value::new_iname("value"))]),
modlist!([m_pres(Attribute::Name.as_ref(), &Value::new_iname("value"))]),
);
// Name present
@ -2069,7 +2042,7 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_pres("name", &Value::new_iname("value"))]),
modlist!([m_pres(Attribute::Name.as_ref(), &Value::new_iname("value"))]),
);
let acp_allow = AccessControlModify::from_raw(
@ -2087,7 +2060,7 @@ mod tests {
// Allow rem name and class
"name class",
// And the class allowed is account
"account",
EntryClass::Account.into(),
);
test_acp_modify!(&me_pres_ro, vec![acp_allow.clone()], &r_set, false);
@ -2121,37 +2094,34 @@ mod tests {
#[test]
fn test_access_enforce_create() {
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r1_set = vec![ev1];
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(
Attribute::TestNotAllowed.as_ref(),
Value::new_class("notallowed")
),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::TestNotAllowed, Value::new_class("notallowed")),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r2_set = vec![ev2];
let ev3 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), Value::new_class("notallowed")),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, Value::new_class("notallowed")),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r3_set = vec![ev3];
let ev4 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r4_set = vec![ev4];
@ -2178,7 +2148,7 @@ mod tests {
PartialValue::new_iname("testperson1")
)),
// classes
"account",
EntryClass::Account.into(),
// attrs
"class name uuid",
);
@ -2194,7 +2164,7 @@ mod tests {
PartialValue::new_iname("testperson1")
)),
// classes
"group",
EntryClass::Group.into(),
// attrs
"class name uuid",
);
@ -2212,9 +2182,9 @@ mod tests {
#[test]
fn test_access_enforce_scope_create() {
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r1_set = vec![ev1];
@ -2242,7 +2212,7 @@ mod tests {
PartialValue::new_iname("testperson1")
)),
// classes
"account",
EntryClass::Account.into(),
// attrs
"class name uuid",
);
@ -2407,7 +2377,7 @@ mod tests {
PartialValue::new_iname("testperson1")
)),
// They can read "name".
"name",
Attribute::Name.as_ref(),
)],
vec![],
&r_set,
@ -2448,9 +2418,9 @@ mod tests {
PartialValue::new_iname("testperson1")
)),
// They can read "name".
"name",
"name",
"object",
Attribute::Name.as_ref(),
Attribute::Name.as_ref(),
EntryClass::Object.into(),
)],
&r_set,
vec![AccessEffectivePermission {
@ -2475,17 +2445,17 @@ mod tests {
// We can create without a sync class.
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r1_set = vec![ev1];
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r2_set = vec![ev2];
@ -2517,18 +2487,18 @@ mod tests {
sketching::test_init();
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
)
.into_sealed_committed();
let r1_set = vec![Arc::new(ev1)];
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
)
.into_sealed_committed();
let r2_set = vec![Arc::new(ev2)];
@ -2564,20 +2534,20 @@ mod tests {
sketching::test_init();
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
)
.into_sealed_committed();
let r1_set = vec![Arc::new(ev1)];
let sync_uuid = Uuid::new_v4();
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
("sync_parent_uuid", Value::Refer(sync_uuid)),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1))
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::SyncParentUuid, Value::Refer(sync_uuid)),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1))
)
.into_sealed_committed();
let r2_set = vec![Arc::new(ev2)];
@ -2598,7 +2568,7 @@ mod tests {
// Allow user_auth_token_session
"user_auth_token_session name",
// And the class allowed is account, we don't use it though.
"account",
EntryClass::Account.into(),
);
// NOTE! Syntax doesn't matter here, we just need to assert if the attr exists
@ -2658,7 +2628,7 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_pres("name", &Value::new_iname("value"))]),
modlist!([m_pres(Attribute::Name.as_ref(), &Value::new_iname("value"))]),
);
// Name rem
let me_rem = ModifyEvent::new_impersonate_entry(
@ -2667,7 +2637,10 @@ mod tests {
Attribute::Name,
PartialValue::new_iname("testperson1")
)),
modlist!([m_remove("name", &PartialValue::new_iname("value"))]),
modlist!([m_remove(
Attribute::Name.as_ref(),
&PartialValue::new_iname("value")
)]),
);
// Name purge
let me_purge = ModifyEvent::new_impersonate_entry(
@ -2694,7 +2667,7 @@ mod tests {
&me_pres,
vec![acp_allow.clone()],
sync_uuid,
"name",
Attribute::Name.as_ref(),
&r2_set,
true
);
@ -2703,12 +2676,19 @@ mod tests {
&me_rem,
vec![acp_allow.clone()],
sync_uuid,
"name",
Attribute::Name.as_ref(),
&r2_set,
true
);
// Test allow purge
test_acp_modify!(&me_purge, vec![acp_allow], sync_uuid, "name", &r2_set, true);
test_acp_modify!(
&me_purge,
vec![acp_allow],
sync_uuid,
Attribute::Name.as_ref(),
&r2_set,
true
);
}
#[test]
@ -2718,85 +2698,106 @@ mod tests {
// the ability to search that rs.
let rs_uuid = Uuid::new_v4();
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
"oauth2_rs_origin",
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
),
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(UUID_TEST_GROUP_1, btreeset!["groups".to_string()])
.expect("invalid oauthscope")
),
(
"oauth2_rs_sup_scope_map",
Attribute::OAuth2RsSupScopeMap,
Value::new_oauthscopemap(UUID_TEST_GROUP_1, btreeset!["supplement".to_string()])
.expect("invalid oauthscope")
),
(
"oauth2_allow_insecure_client_disable_pkce",
Attribute::OAuth2AllowInsecureClientDisablePkce,
Value::new_bool(true)
),
("oauth2_jwt_legacy_crypto_enable", Value::new_bool(false)),
("oauth2_prefer_short_username", Value::new_bool(false))
(
Attribute::OAuth2JwtLegacyCryptoEnable,
Value::new_bool(false)
),
(Attribute::OAuth2PreferShortUsername, Value::new_bool(false))
)
.into_sealed_committed();
let ev1_reduced = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(Attribute::Uuid, Value::Uuid(rs_uuid)),
(
"oauth2_rs_origin",
Attribute::OAuth2RsName,
Value::new_iname("test_resource_server")
),
(
Attribute::DisplayName,
Value::new_utf8s("test_resource_server")
),
(
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://demo.example.com").unwrap()
)
)
.into_sealed_committed();
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServer.to_value()
),
(
Attribute::Class.as_ref(),
Attribute::Class,
EntryClass::OAuth2ResourceServerBasic.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4())),
("oauth2_rs_name", Value::new_iname("second_resource_server")),
("displayname", Value::new_utf8s("second_resource_server")),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4())),
(
"oauth2_rs_origin",
Attribute::OAuth2RsName,
Value::new_iname("second_resource_server")
),
(
Attribute::DisplayName,
Value::new_utf8s("second_resource_server")
),
(
Attribute::OAuth2RsOrigin,
Value::new_url_s("https://noaccess.example.com").unwrap()
),
(
"oauth2_rs_scope_map",
Attribute::OAuth2RsScopeMap,
Value::new_oauthscopemap(UUID_SYSTEM_ADMINS, btreeset!["groups".to_string()])
.expect("invalid oauthscope")
),
(
"oauth2_rs_sup_scope_map",
Attribute::OAuth2RsSupScopeMap,
Value::new_oauthscopemap(
// This is NOT the scope map that is access checked!
UUID_TEST_GROUP_1,
@ -2805,11 +2806,14 @@ mod tests {
.expect("invalid oauthscope")
),
(
"oauth2_allow_insecure_client_disable_pkce",
Attribute::OAuth2AllowInsecureClientDisablePkce,
Value::new_bool(true)
),
("oauth2_jwt_legacy_crypto_enable", Value::new_bool(false)),
("oauth2_prefer_short_username", Value::new_bool(false))
(
Attribute::OAuth2JwtLegacyCryptoEnable,
Value::new_bool(false)
),
(Attribute::OAuth2PreferShortUsername, Value::new_bool(false))
)
.into_sealed_committed();
@ -2847,49 +2851,49 @@ mod tests {
let portal_url = Url::parse("https://localhost/portal").unwrap();
let ev1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(Attribute::Name, Value::new_iname("test_sync_account")),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
("name", Value::new_iname("test_sync_account")),
("sync_credential_portal", Value::Url(portal_url.clone()))
Attribute::SyncCredentialPortal,
Value::Url(portal_url.clone())
)
)
.into_sealed_committed();
let ev1_reduced = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Uuid, Value::Uuid(sync_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(sync_uuid)),
("sync_credential_portal", Value::Url(portal_url.clone()))
Attribute::SyncCredentialPortal,
Value::Url(portal_url.clone())
)
)
.into_sealed_committed();
let ev2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::SyncAccount.to_value()),
(Attribute::Uuid, Value::Uuid(Uuid::new_v4())),
(Attribute::Name, Value::new_iname("test_sync_account")),
(
Attribute::Class.as_ref(),
EntryClass::SyncAccount.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(Uuid::new_v4())),
("name", Value::new_iname("test_sync_account")),
("sync_credential_portal", Value::Url(portal_url.clone()))
Attribute::SyncCredentialPortal,
Value::Url(portal_url.clone())
)
)
.into_sealed_committed();
let sync_test_account: Arc<EntrySealedCommitted> = Arc::new(
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Class.as_ref(), EntryClass::SyncObject.to_value()),
("name", Value::new_iname("test_account_1")),
(Attribute::Uuid.as_ref(), Value::Uuid(UUID_TEST_ACCOUNT_1)),
("memberof", Value::Refer(UUID_TEST_GROUP_1)),
("sync_parent_uuid", Value::Refer(sync_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Class, EntryClass::SyncObject.to_value()),
(Attribute::Name, Value::new_iname("test_account_1")),
(Attribute::Uuid, Value::Uuid(UUID_TEST_ACCOUNT_1)),
(Attribute::MemberOf, Value::Refer(UUID_TEST_GROUP_1)),
(Attribute::SyncParentUuid, Value::Refer(sync_uuid))
)
.into_sealed_committed(),
);

12
server/lib/src/server/access/search.rs
View file

@ -144,12 +144,12 @@ fn search_oauth2_filter_entry<'a>(
security_access!(entry = ?entry.get_uuid(), ident = ?iuser.entry.get_uuid2rdn(), "ident is a memberof a group granted an oauth2 scope by this entry");
return AccessResult::Allow(btreeset!(
"class",
"displayname",
"uuid",
"oauth2_rs_name",
"oauth2_rs_origin",
"oauth2_rs_origin_landing"
ATTR_CLASS.clone(),
ATTR_DISPLAYNAME.clone(),
ATTR_UUID.clone(),
ATTR_OAUTH2_RS_NAME.clone(),
ATTR_OAUTH2_RS_ORIGIN.clone(),
ATTR_OAUTH2_RS_ORIGIN_LANDING.clone()
));
}
AccessResult::Ignore

8
server/lib/src/server/batch_modify.rs
View file

@ -277,12 +277,12 @@ mod tests {
assert!(server_txn
.internal_create(vec![
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid_a))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(uuid_a))
),
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(uuid_b))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(uuid_b))
),
])
.is_ok());

63
server/lib/src/server/create.rs
View file

@ -184,26 +184,20 @@ mod tests {
let se1 = SearchEvent::new_impersonate_entry(admin, filt);
let mut e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(
Attribute::Spn.as_ref(),
Attribute::Spn,
Value::new_spn_str("testperson", "example.com")
),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let ce = CreateEvent::new_internal(vec![e.clone()]);
@ -219,24 +213,33 @@ mod tests {
assert!(r2.len() == 1);
// We apply some member-of in the server now, so we add these before we seal.
e.add_ava(Attribute::Class.as_ref(), EntryClass::MemberOf.into());
e.add_ava("memberof", Value::Refer(UUID_IDM_ALL_PERSONS));
e.add_ava("directmemberof", Value::Refer(UUID_IDM_ALL_PERSONS));
e.add_ava("memberof", Value::Refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava("directmemberof", Value::Refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava(Attribute::Class, EntryClass::MemberOf.into());
e.add_ava(Attribute::MemberOf, Value::Refer(UUID_IDM_ALL_PERSONS));
e.add_ava(
Attribute::DirectMemberOf,
Value::Refer(UUID_IDM_ALL_PERSONS),
);
e.add_ava(Attribute::MemberOf, Value::Refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava(
Attribute::DirectMemberOf,
Value::Refer(UUID_IDM_ALL_ACCOUNTS),
);
// we also add the name_history ava!
e.add_ava(
Attribute::NameHistory.as_ref(),
Attribute::NameHistory,
Value::AuditLogString(server_txn.get_txn_cid().clone(), "testperson".to_string()),
);
// this is kinda ugly but since ecdh keys are generated we don't have any other way
let key = r2
.first()
.unwrap()
.get_ava_single_eckey_private(ATTR_ID_VERIFICATION_ECKEY)
.get_ava_single_eckey_private(Attribute::IdVerificationEcKey.as_ref())
.unwrap();
e.add_ava(ATTR_ID_VERIFICATION_ECKEY, Value::EcKeyPrivate(key.clone()));
e.add_ava(
Attribute::IdVerificationEcKey,
Value::EcKeyPrivate(key.clone()),
);
let expected = vec![Arc::new(e.into_sealed_committed())];
@ -264,17 +267,11 @@ mod tests {
let se_b = SearchEvent::new_impersonate_entry(admin, filt);
let e = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson")),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson")
)
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson")),
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson"))
);
let cr = server_a_txn.internal_create(vec![e.clone()]);

54
server/lib/src/server/delete.rs
View file

@ -202,57 +202,39 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson2")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson2")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson2")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson2"))
);
let e3 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson3")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson3")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63933"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson3")
)
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson3"))
);
let ce = CreateEvent::new_internal(vec![e1, e2, e3]);

88
server/lib/src/server/migrations.rs
View file

@ -239,7 +239,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
}
// Migrate implicit scopes if they exist.
let nv = if let Some(vs) = er.get_ava_set("oauth2_rs_implicit_scopes") {
let nv = if let Some(vs) = er.get_ava_set(Attribute::OAuth2RsImplicitScopes.as_ref()) {
vs.as_oauthscope_set()
.map(|v| Value::OauthScopeMap(UUID_IDM_ALL_PERSONS, v.clone()))
} else {
@ -247,9 +247,9 @@ impl<'a> QueryServerWriteTransaction<'a> {
};
if let Some(nv) = nv {
er.add_ava("oauth2_rs_scope_map", nv)
er.add_ava(Attribute::OAuth2RsScopeMap, nv)
}
er.purge_ava("oauth2_rs_implicit_scopes");
er.purge_ava(Attribute::OAuth2RsImplicitScopes.as_ref());
Ok(())
})?;
@ -675,55 +675,55 @@ impl<'a> QueryServerWriteTransaction<'a> {
debug_assert!(res.is_ok());
res?;
let idm_entries: Vec<EntryInitNew> = vec![
let idm_entries: Vec<BuiltinAcp> = vec![
// Built in access controls.
IDM_ADMINS_ACP_RECYCLE_SEARCH_V1.clone().into(),
IDM_ADMINS_ACP_REVIVE_V1.clone().into(),
E_IDM_ALL_ACP_READ_V1.clone(),
E_IDM_SELF_ACP_READ_V1.clone(),
E_IDM_SELF_ACP_WRITE_V1.clone(),
IDM_ADMINS_ACP_RECYCLE_SEARCH_V1.clone(),
IDM_ADMINS_ACP_REVIVE_V1.clone(),
IDM_ALL_ACP_READ_V1.clone(),
IDM_SELF_ACP_READ_V1.clone(),
IDM_SELF_ACP_WRITE_V1.clone(),
E_IDM_PEOPLE_SELF_ACP_WRITE_MAIL_PRIV_V1.clone(),
E_IDM_ACP_PEOPLE_READ_PRIV_V1.clone(),
E_IDM_ACP_PEOPLE_WRITE_PRIV_V1.clone(),
E_IDM_ACP_PEOPLE_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_ACCOUNT_READ_PRIV_V1.clone(),
E_IDM_ACP_ACCOUNT_WRITE_PRIV_V1.clone(),
E_IDM_ACP_ACCOUNT_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_HP_ACCOUNT_READ_PRIV_V1.clone(),
E_IDM_ACP_HP_ACCOUNT_WRITE_PRIV_V1.clone(),
E_IDM_ACP_HP_ACCOUNT_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_GROUP_WRITE_PRIV_V1.clone(),
E_IDM_ACP_GROUP_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_HP_GROUP_WRITE_PRIV_V1.clone(),
E_IDM_ACP_HP_GROUP_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_SCHEMA_WRITE_ATTRS_PRIV_V1.clone(),
E_IDM_ACP_SCHEMA_WRITE_CLASSES_PRIV_V1.clone(),
E_IDM_ACP_ACP_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_RADIUS_SERVERS_V1.clone(),
E_IDM_ACP_DOMAIN_ADMIN_PRIV_V1.clone(),
E_IDM_ACP_SYSTEM_CONFIG_PRIV_V1.clone(),
E_IDM_ACP_SYSTEM_CONFIG_SESSION_EXP_PRIV_V1.clone(),
E_IDM_ACP_PEOPLE_ACCOUNT_PASSWORD_IMPORT_PRIV_V1.clone(),
E_IDM_ACP_PEOPLE_EXTEND_PRIV_V1.clone(),
E_IDM_ACP_HP_PEOPLE_READ_PRIV_V1.clone(),
E_IDM_ACP_HP_PEOPLE_WRITE_PRIV_V1.clone(),
E_IDM_ACP_HP_PEOPLE_EXTEND_PRIV_V1.clone(),
E_IDM_ACP_ACCOUNT_UNIX_EXTEND_PRIV_V1.clone(),
IDM_ACP_PEOPLE_READ_PRIV_V1.clone(),
IDM_ACP_PEOPLE_WRITE_PRIV_V1.clone(),
IDM_ACP_PEOPLE_MANAGE_PRIV_V1.clone(),
IDM_ACP_ACCOUNT_READ_PRIV_V1.clone(),
IDM_ACP_ACCOUNT_WRITE_PRIV_V1.clone(),
IDM_ACP_ACCOUNT_MANAGE_PRIV_V1.clone(),
IDM_ACP_HP_ACCOUNT_READ_PRIV_V1.clone(),
IDM_ACP_HP_ACCOUNT_WRITE_PRIV_V1.clone(),
IDM_ACP_HP_ACCOUNT_MANAGE_PRIV_V1.clone(),
IDM_ACP_GROUP_WRITE_PRIV_V1.clone(),
IDM_ACP_GROUP_MANAGE_PRIV_V1.clone(),
IDM_ACP_HP_GROUP_WRITE_PRIV_V1.clone(),
IDM_ACP_HP_GROUP_MANAGE_PRIV_V1.clone(),
IDM_ACP_SCHEMA_WRITE_ATTRS_PRIV_V1.clone(),
IDM_ACP_SCHEMA_WRITE_CLASSES_PRIV_V1.clone(),
IDM_ACP_ACP_MANAGE_PRIV_V1.clone(),
IDM_ACP_RADIUS_SERVERS_V1.clone(),
IDM_ACP_DOMAIN_ADMIN_PRIV_V1.clone(),
IDM_ACP_SYSTEM_CONFIG_PRIV_V1.clone(),
IDM_ACP_SYSTEM_CONFIG_SESSION_EXP_PRIV_V1.clone(),
IDM_ACP_PEOPLE_ACCOUNT_PASSWORD_IMPORT_PRIV_V1.clone(),
IDM_ACP_PEOPLE_EXTEND_PRIV_V1.clone(),
IDM_ACP_HP_PEOPLE_READ_PRIV_V1.clone(),
IDM_ACP_HP_PEOPLE_WRITE_PRIV_V1.clone(),
IDM_ACP_HP_PEOPLE_EXTEND_PRIV_V1.clone(),
IDM_ACP_ACCOUNT_UNIX_EXTEND_PRIV_V1.clone(),
E_IDM_HP_ACP_ACCOUNT_UNIX_EXTEND_PRIV_V1.clone(),
E_IDM_ACP_GROUP_UNIX_EXTEND_PRIV_V1.clone(),
IDM_ACP_GROUP_UNIX_EXTEND_PRIV_V1.clone(),
E_IDM_HP_ACP_GROUP_UNIX_EXTEND_PRIV_V1.clone(),
E_IDM_HP_ACP_OAUTH2_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_RADIUS_SECRET_READ_PRIV_V1.clone(),
E_IDM_ACP_RADIUS_SECRET_WRITE_PRIV_V1.clone(),
IDM_ACP_RADIUS_SECRET_READ_PRIV_V1.clone(),
IDM_ACP_RADIUS_SECRET_WRITE_PRIV_V1.clone(),
E_IDM_HP_ACP_SERVICE_ACCOUNT_INTO_PERSON_MIGRATE_V1.clone(),
E_IDM_HP_ACP_SYNC_ACCOUNT_MANAGE_PRIV_V1.clone(),
E_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1.clone(),
E_IDM_ACCOUNT_SELF_ACP_WRITE_V1.clone(),
IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1.clone(),
IDM_ACCOUNT_SELF_ACP_WRITE_V1.clone(),
];
let res: Result<(), _> = idm_entries
.into_iter()
.try_for_each(|entry| self.internal_migrate_or_create(entry));
.try_for_each(|entry| self.internal_migrate_or_create(entry.into()));
if res.is_ok() {
admin_debug!("initialise_idm -> result Ok!");
} else {
@ -816,7 +816,7 @@ mod tests {
let me_syn = unsafe {
ModifyEvent::new_internal_invalid(
filter!(f_or!([
f_eq(Attribute::AttributeName, PartialValue::new_iutf8("name")),
f_eq(Attribute::AttributeName, Attribute::Name.to_partialvalue()),
f_eq(Attribute::AttributeName, PartialValue::new_iutf8("domain_name")),
])),
ModifyList::new_purge_and_set(
@ -859,7 +859,7 @@ mod tests {
let me_syn = unsafe {
ModifyEvent::new_internal_invalid(
filter!(f_or!([
f_eq(Attribute::AttributeName, PartialValue::new_iutf8("name")),
f_eq(Attribute::AttributeName, Attribute::Name.to_partialvalue()),
f_eq(Attribute::AttributeName, PartialValue::new_iutf8("domain_name")),
])),
ModifyList::new_purge_and_set(
@ -887,7 +887,7 @@ mod tests {
.expect("failed");
// ++ assert all names are iname
assert!(
domain.get_ava_set("name").expect("no name?").syntax() == SyntaxType::Utf8StringIname
domain.get_ava_set(Attribute::Name.as_ref()).expect("no name?").syntax() == SyntaxType::Utf8StringIname
);
// ++ assert all domain/domain_name are iname
assert!(

128
server/lib/src/server/mod.rs
View file

@ -1664,12 +1664,12 @@ mod tests {
let t_uuid = Uuid::new_v4();
assert!(server_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
),])
.is_ok());
@ -1700,13 +1700,13 @@ mod tests {
let t_uuid = Uuid::new_v4();
assert!(server_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::ExtensibleObject.to_value()),
(Attribute::Uuid, Value::Uuid(t_uuid)),
(
Attribute::Class.as_ref(),
EntryClass::ExtensibleObject.to_value()
),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid)),
("sync_external_id", Value::new_iutf8("uid=testperson"))
Attribute::SyncExternalId,
Value::new_iutf8("uid=testperson")
)
),])
.is_ok());
@ -1729,16 +1729,16 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e1]);
let cr = server_txn.create(&ce);
@ -1762,16 +1762,16 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson1"))
(Attribute::Description, Value::new_utf8s("testperson")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e1]);
let cr = server_txn.create(&ce);
@ -1794,15 +1794,15 @@ mod tests {
async fn test_clone_value(server: &QueryServer) {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
("name", Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e1]);
let cr = server_txn.create(&ce);
@ -1834,26 +1834,26 @@ mod tests {
#[qs_test]
async fn test_dynamic_schema_class(server: &QueryServer) {
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::TestClass.to_value()),
("name", Value::new_iname("testobj1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::TestClass.to_value()),
(Attribute::Name, Value::new_iname("testobj1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
)
);
// Class definition
let e_cd = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::ClassType.to_value()),
("classname", EntryClass::TestClass.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::ClassType.to_value()),
(Attribute::ClassName, EntryClass::TestClass.to_value()),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cfcae205-31c3-484b-8ced-667d1709c5e3"))
),
("description", Value::new_utf8s("Test Class")),
("may", Value::new_iutf8("name"))
(Attribute::Description, Value::new_utf8s("Test Class")),
(Attribute::May, Attribute::Name.to_value())
);
let mut server_txn = server.write(duration_from_epoch_now()).await;
// Add a new class.
@ -1906,38 +1906,35 @@ mod tests {
#[qs_test]
async fn test_dynamic_schema_attr(server: &QueryServer) {
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::ExtensibleObject.to_value()),
(Attribute::Name, Value::new_iname("testobj1")),
(
Attribute::Class.as_ref(),
EntryClass::ExtensibleObject.to_value()
),
("name", Value::new_iname("testobj1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("testattr", Value::new_utf8s("test"))
(Attribute::TestAttr, Value::new_utf8s("test"))
);
// Attribute definition
let e_ad = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::AttributeType.to_value()),
(
Attribute::Class.as_ref(),
EntryClass::AttributeType.to_value()
),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cfcae205-31c3-484b-8ced-667d1709c5e3"))
),
(
Attribute::AttributeName.as_ref(),
Value::new_iutf8("testattr")
Attribute::AttributeName,
Value::new_iutf8(Attribute::TestAttr.as_ref())
),
("description", Value::new_utf8s("Test Attribute")),
("multivalue", Value::new_bool(false)),
("unique", Value::new_bool(false)),
("syntax", Value::new_syntaxs("UTF8STRING").expect("syntax"))
(Attribute::Description, Value::new_utf8s("Test Attribute")),
(Attribute::MultiValue, Value::new_bool(false)),
(Attribute::Unique, Value::new_bool(false)),
(
Attribute::Syntax,
Value::new_syntaxs("UTF8STRING").expect("syntax")
)
);
let mut server_txn = server.write(duration_from_epoch_now()).await;
@ -1966,7 +1963,7 @@ mod tests {
// delete the attr
let de_attr = DeleteEvent::new_internal_invalid(filter!(f_eq(
Attribute::AttributeName,
PartialValue::new_iutf8("testattr")
Attribute::TestAttr.to_partialvalue()
)));
assert!(server_txn.delete(&de_attr).is_ok());
// Commit
@ -1985,7 +1982,10 @@ mod tests {
let testobj1 = server_txn
.internal_search_uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
.expect("failed");
assert!(testobj1.attribute_equality("testattr", &PartialValue::new_utf8s("test")));
assert!(testobj1.attribute_equality(
Attribute::TestAttr.as_ref(),
&PartialValue::new_utf8s("test")
));
server_txn.commit().expect("should not fail");
// Commit.

78
server/lib/src/server/modify.rs
View file

@ -508,39 +508,27 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson2")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson2")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson2")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson2")
)
(Attribute::Description, Value::new_utf8s("testperson2")),
(Attribute::DisplayName, Value::new_utf8s("testperson2"))
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
@ -645,8 +633,8 @@ mod tests {
assert!(server_txn
.internal_create(vec![entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Uuid.as_ref(), Value::Uuid(t_uuid))
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Uuid, Value::Uuid(t_uuid))
),])
.is_ok());
@ -681,21 +669,15 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
"uuid",
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e1]);
@ -760,22 +742,16 @@ mod tests {
#[qs_test]
async fn test_modify_password_only(server: &QueryServer) {
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let mut server_txn = server.write(duration_from_epoch_now()).await;
// Add the entry. Today we have no syntax to take simple str to a credential

126
server/lib/src/server/recycle.rs
View file

@ -283,39 +283,27 @@ mod tests {
// Create some recycled objects
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let e2 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson2")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson2")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson2")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson2")
)
(Attribute::Description, Value::new_utf8s("testperson2")),
(Attribute::DisplayName, Value::new_utf8s("testperson2"))
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
@ -401,21 +389,15 @@ mod tests {
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e1]);
@ -446,22 +428,16 @@ mod tests {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Class.as_ref(), EntryClass::Account.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Class, EntryClass::Account.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
@ -548,21 +524,15 @@ mod tests {
// First, create an entry, then push it through the lifecycle.
let e_ts = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname("testperson1")),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname("testperson1")),
(
Attribute::Uuid.as_ref(),
Attribute::Uuid,
Value::Uuid(uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317"))
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson1")
),
(
Attribute::DisplayName.as_ref(),
Value::new_utf8s("testperson1")
)
(Attribute::Description, Value::new_utf8s("testperson1")),
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
);
let ce = CreateEvent::new_internal(vec![e_ts]);
@ -632,38 +602,32 @@ mod tests {
fn create_user(name: &str, uuid: &str) -> Entry<EntryInit, EntryNew> {
entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Person.to_value()),
(Attribute::Name.as_ref(), Value::new_iname(name)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Person.to_value()),
(Attribute::Name, Value::new_iname(name)),
(
Attribute::Uuid.as_ref(),
Value::new_uuid_s(uuid).expect("uuid")
Attribute::Uuid,
Value::new_uuid_s(uuid).expect(Attribute::Uuid.as_ref())
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testperson-entry")
),
(Attribute::DisplayName.as_ref(), Value::new_utf8s(name))
(Attribute::Description, Value::new_utf8s("testperson-entry")),
(Attribute::DisplayName, Value::new_utf8s(name))
)
}
fn create_group(name: &str, uuid: &str, members: &[&str]) -> Entry<EntryInit, EntryNew> {
let mut e1 = entry_init!(
(Attribute::Class.as_ref(), EntryClass::Object.to_value()),
(Attribute::Class.as_ref(), EntryClass::Group.to_value()),
(Attribute::Name.as_ref(), Value::new_iname(name)),
(Attribute::Class, EntryClass::Object.to_value()),
(Attribute::Class, EntryClass::Group.to_value()),
(Attribute::Name, Value::new_iname(name)),
(
Attribute::Uuid.as_ref(),
Value::new_uuid_s(uuid).expect("uuid")
Attribute::Uuid,
Value::new_uuid_s(uuid).expect(Attribute::Uuid.as_ref())
),
(
Attribute::Description.as_ref(),
Value::new_utf8s("testgroup-entry")
)
(Attribute::Description, Value::new_utf8s("testgroup-entry"))
);
members
.iter()
.for_each(|m| e1.add_ava("member", Value::new_refer_s(m).unwrap()));
.for_each(|m| e1.add_ava(Attribute::Member, Value::new_refer_s(m).unwrap()));
e1
}

5
server/testkit/src/lib.rs
View file

@ -18,6 +18,7 @@ use kanidm_proto::constants::{ATTR_DESCRIPTION, ATTR_LDAP_SSH_PUBLICKEY, ATTR_MA
use kanidm_proto::v1::{Filter, Modify, ModifyList};
use kanidmd_core::config::{Configuration, IntegrationTestConfig};
use kanidmd_core::{create_server_core, CoreHandle};
use kanidmd_lib::prelude::Attribute;
use tokio::task;
pub const ADMIN_TEST_USER: &str = "admin";
@ -238,7 +239,7 @@ pub async fn is_attr_writable(rsclient: &KanidmClient, id: &str, attr: &str) ->
Modify::Purged(attr.to_string()),
Modify::Present(attr.to_string(), new_value),
]);
let f = Filter::Eq("name".to_string(), id.to_string());
let f = Filter::Eq(Attribute::Name.to_string(), id.to_string());
Some(rsclient.modify(f.clone(), m.clone()).await.is_ok())
}
}
@ -300,7 +301,7 @@ pub async fn test_read_attrs(rsclient: &KanidmClient, id: &str, attrs: &[&str],
println!("Test read to {}, is readable: {}", id, is_readable);
#[allow(clippy::expect_used)]
let rset = rsclient
.search(Filter::Eq("name".to_string(), id.to_string()))
.search(Filter::Eq(Attribute::Name.to_string(), id.to_string()))
.await
.expect("Can't get user from search");

50
server/testkit/tests/default_entries.rs
View file

@ -6,10 +6,11 @@ use kanidm_proto::constants::{
APPLICATION_JSON, ATTR_ACP_RECEIVER_GROUP, ATTR_ACP_TARGET_SCOPE, ATTR_DESCRIPTION,
ATTR_LDAP_SSH_PUBLICKEY, ATTR_NAME,
};
use kanidmd_lib::prelude::Attribute;
use kanidmd_lib::prelude::{Attribute, EntryClass};
use kanidmd_testkit::*;
use reqwest::header::CONTENT_TYPE;
// TODO: feed this off attrs
static USER_READABLE_ATTRS: [&str; 9] = [
"name",
"spn",
@ -21,6 +22,7 @@ static USER_READABLE_ATTRS: [&str; 9] = [
"loginshell",
ATTR_LDAP_SSH_PUBLICKEY,
];
// TODO: feed this off attrs
static SELF_WRITEABLE_ATTRS: [&str; 7] = [
"name",
"displayname",
@ -242,30 +244,30 @@ async fn test_default_entries_rbac_admins_schema_entries(rsclient: KanidmClient)
login_put_admin_idm_admins(&rsclient).await;
let default_classnames: HashSet<String> = [
"access_control_create",
"access_control_delete",
"access_control_modify",
"access_control_profile",
"access_control_search",
"attributetype",
"classtype",
"extensibleobject",
"memberof",
"object",
"recycled",
"system",
"system_info",
"tombstone",
"person",
"group",
"account",
"domain_info",
"posixaccount",
"posixgroup",
"system_config",
EntryClass::AccessControlCreate,
EntryClass::AccessControlDelete,
EntryClass::AccessControlModify,
EntryClass::AccessControlProfile,
EntryClass::AccessControlSearch,
EntryClass::AttributeType,
EntryClass::ClassType,
EntryClass::ExtensibleObject,
EntryClass::MemberOf,
EntryClass::Object,
EntryClass::Recycled,
EntryClass::System,
EntryClass::SystemInfo,
EntryClass::Tombstone,
EntryClass::Person,
EntryClass::Group,
EntryClass::Account,
EntryClass::DomainInfo,
EntryClass::PosixAccount,
EntryClass::PosixGroup,
EntryClass::SystemConfig,
]
.iter()
.map(ToString::to_string)
.into_iter()
.map(|e| e.into())
.collect();
let classtype_entries = rsclient.idm_schema_classtype_list().await.unwrap();

3
server/testkit/tests/identity_verification_tests.rs
View file

@ -5,6 +5,7 @@ use kanidm_proto::{
v1::Entry,
};
use kanidmd_lib::prelude::Attribute;
use kanidmd_testkit::ADMIN_TEST_PASSWORD;
use reqwest::StatusCode;
@ -307,7 +308,7 @@ async fn create_user(rsclient: &KanidmClient, user: &str) -> String {
.await
.unwrap();
let r = rsclient
.idm_person_account_get_attr(user, "uuid")
.idm_person_account_get_attr(user, Attribute::Uuid.as_ref())
.await
.unwrap();
r.unwrap().first().unwrap().to_owned()

5
server/testkit/tests/proto_v1_test.rs
View file

@ -7,6 +7,7 @@ use kanidm_proto::v1::{
UserAuthToken,
};
use kanidmd_lib::credential::totp::Totp;
use kanidmd_lib::prelude::Attribute;
use tracing::debug;
use std::str::FromStr;
@ -131,14 +132,14 @@ async fn test_server_search(rsclient: KanidmClient) {
assert!(res.is_ok());
let rset = rsclient
.search(Filter::Eq("name".to_string(), "admin".to_string()))
.search(Filter::Eq(Attribute::Name.to_string(), "admin".to_string()))
.await
.unwrap();
println!("{:?}", rset);
let e = rset.first().unwrap();
// Check it's admin.
println!("{:?}", e);
let name = e.attrs.get("name").unwrap();
let name = e.attrs.get(Attribute::Name.as_ref()).unwrap();
assert!(name == &vec!["admin".to_string()]);
}

6
tools/iam_migrations/freeipa/src/main.rs
View file

@ -799,7 +799,7 @@ fn ipa_to_scim_entry(
entry
.remove_ava_single(Attribute::Uid.as_ref())
.ok_or_else(|| {
error!("Missing required attribute {}", Attribute::Uid.as_ref());
error!("Missing required attribute {}", Attribute::Uid);
})?
};
@ -812,7 +812,7 @@ fn ipa_to_scim_entry(
let display_name = entry
.remove_ava_single(Attribute::Cn.as_ref())
.ok_or_else(|| {
error!("Missing required attribute {}", Attribute::Cn.as_ref());
error!("Missing required attribute {}", Attribute::Cn);
})?;
let gidnumber = if let Some(number) = entry_config.map_gidnumber {
@ -822,7 +822,7 @@ fn ipa_to_scim_entry(
.remove_ava_single(Attribute::GidNumber.as_ref())
.map(|gid| {
u32::from_str(&gid).map_err(|_| {
error!("Invalid {}", Attribute::GidNumber.as_ref());
error!("Invalid {}", Attribute::GidNumber);
})
})
.transpose()?