diff --git a/kanidm_book/src/recycle_bin.md b/kanidm_book/src/recycle_bin.md index cf2594c8b..7af69fb87 100644 --- a/kanidm_book/src/recycle_bin.md +++ b/kanidm_book/src/recycle_bin.md @@ -36,5 +36,36 @@ An entry can be revived with: kanidm recycle_bin revive --name admin +## Edge cases +The recycle bin is a best effort to restore your data - there are some cases where +the revived entries may not be the same as their were when they were deleted. This +generally revolves around reference types such as group membership. + +An example of this is the following steps: + + add user1 + add group1 + add user1 as member of group1 + delete user1 + delete group1 + revive user1 + revive group1 + +In this series of steps, due to the way that referential integrity is implemented, the +membership of user1 in group1 would be lost in this process. To explain why: + + add user1 + add group1 + add user1 as member of group1 // refint between the two established, and memberof added + delete user1 // group1 removes member user1 from refint + delete group1 // user1 now removes memberof group1 from refint + revive user1 // re-add groups based on directmemberof (empty set) + revive group1 // no members + +This issue could be looked at again in the future, but for now we think that deletes of +groups is rare - we expect recycle bin to save you in "opps" moments, and in a majority +of cases you may delete a group or a user and then restore them. To handle this series +of steps requires extra code complexity in how we flag operations. For more, +see [This issue on github](https://github.com/kanidm/kanidm/issues/177). diff --git a/kanidm_client/tests/proto_v1_test.rs b/kanidm_client/tests/proto_v1_test.rs index 0f9b311a6..04070f6ef 100644 --- a/kanidm_client/tests/proto_v1_test.rs +++ b/kanidm_client/tests/proto_v1_test.rs @@ -20,7 +20,7 @@ static UNIX_TEST_PASSWORD: &str = "unix test user password"; // Test external behaviorus of the service. fn run_test(test_fn: fn(KanidmClient) -> ()) { - ::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug"); + // ::std::env::set_var("RUST_LOG", "actix_web=debug,kanidm=debug"); let _ = env_logger::builder().is_test(true).try_init(); let (tx, rx) = mpsc::channel(); let port = PORT_ALLOC.fetch_add(1, Ordering::SeqCst);