mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Struct-ifying schema things (#1971)

Browse source 
* structifying things
This commit is contained in:
James Hodgkinson 2023-08-14 19:39:49 +10:00 committed by GitHub
parent e2fb53cc42
commit aba9f6a724
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 956 additions and 2005 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server/lib/Cargo.toml
View file

@ -42,7 +42,13 @@ num_enum = { workspace = true }
openssl-sys = { workspace = true }
openssl = { workspace = true }
rand = { workspace = true }
regex = { workspace = true, features = ["std", "perf", "perf-inline", "unicode", "unicode-gencat"] }
regex = { workspace = true, features = [
"std",
"perf",
"perf-inline",
"unicode",
"unicode-gencat",
] }
serde = { workspace = true, features = ["derive"] }
serde_cbor = { workspace = true }
serde_json = { workspace = true }
@ -61,8 +67,12 @@ tracing = { workspace = true, features = ["attributes"] }
url = { workspace = true, features = ["serde"] }
urlencoding = { workspace = true }
uuid = { workspace = true, features = ["serde", "v4" ] }
webauthn-rs = { workspace = true, features = ["resident-key-support", "preview-features", "danger-credential-internals"] }
uuid = { workspace = true, features = ["serde", "v4"] }
webauthn-rs = { workspace = true, features = [
"resident-key-support",
"preview-features",
"danger-credential-internals",
] }
webauthn-rs-core = { workspace = true }
zxcvbn = { workspace = true }
serde_with = { workspace = true }
@ -87,5 +97,6 @@ futures = { workspace = true }
kanidmd_lib_macros = { workspace = true }
[build-dependencies]
hashbrown = { workspace = true }
kanidm_build_profiles = { workspace = true }
regex = { workspace = true }

25
server/lib/build.rs
View file

@ -1,5 +1,7 @@
// include!("src/lib/audit_loglevel.rs");
use hashbrown::HashMap;
use std::env;
fn main() {
@ -12,4 +14,27 @@ fn main() {
}
profiles::apply_profile();
// check we don't have duplicate UUIDs
let uuid_filename = format!(
"{}/{}",
env!("CARGO_MANIFEST_DIR"),
"src/constants/uuids.rs"
);
let constants = std::fs::read_to_string(uuid_filename).unwrap();
let mut uuids: HashMap<String, usize> = HashMap::new();
let uuid_finder = regex::Regex::new(r#"uuid!\(\"([^\"]+)"#).unwrap();
for line in constants.lines() {
if let Some(caps) = uuid_finder.captures(line) {
let uuid = caps.get(1).unwrap().as_str();
let count = uuids.entry(uuid.to_string()).or_insert(0);
*count += 1;
}
}
for (uuid, count) in uuids {
if count > 1 {
panic!("duplicate UUID: {}", uuid);
}
}
}

2552
server/lib/src/constants/schema.rs
View file

File diff suppressed because it is too large Load diff

112
server/lib/src/constants/uuids.rs
View file

@ -59,7 +59,7 @@ pub const UUID_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES: Uuid =
pub const UUID_IDM_ACCOUNT_MAIL_READ_PRIV: Uuid = uuid!("00000000-0000-0000-0000-000000000039");
//
pub const _UUID_IDM_HIGH_PRIVILEGE: Uuid = uuid!("00000000-0000-0000-0000-000000001000");
pub const UUID_IDM_HIGH_PRIVILEGE: Uuid = uuid!("00000000-0000-0000-0000-000000001000");
// Builtin schema
pub const UUID_SCHEMA_ATTR_CLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000000");
@ -110,81 +110,79 @@ pub const UUID_SCHEMA_CLASS_ACCESS_CONTROL_MODIFY: Uuid =
pub const UUID_SCHEMA_CLASS_ACCESS_CONTROL_CREATE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000038");
pub const UUID_SCHEMA_CLASS_SYSTEM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000039");
pub const _UUID_SCHEMA_ATTR_DISPLAYNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000040");
pub const _UUID_SCHEMA_ATTR_MAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000041");
pub const _UUID_SCHEMA_ATTR_SSH_PUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000042");
pub const _UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000043");
pub const _UUID_SCHEMA_CLASS_PERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000044");
pub const _UUID_SCHEMA_CLASS_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000045");
pub const _UUID_SCHEMA_CLASS_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000046");
pub const UUID_SCHEMA_ATTR_DISPLAYNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000040");
pub const UUID_SCHEMA_ATTR_MAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000041");
pub const UUID_SCHEMA_ATTR_SSH_PUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000042");
pub const UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000043");
pub const UUID_SCHEMA_CLASS_PERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000044");
pub const UUID_SCHEMA_CLASS_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000045");
pub const UUID_SCHEMA_CLASS_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000046");
// GAP - 47
pub const UUID_SCHEMA_ATTR_ATTRIBUTENAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000048");
pub const UUID_SCHEMA_ATTR_CLASSNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000049");
pub const _UUID_SCHEMA_ATTR_LEGALNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000050");
pub const _UUID_SCHEMA_ATTR_RADIUS_SECRET: Uuid = uuid!("00000000-0000-0000-0000-ffff00000051");
pub const _UUID_SCHEMA_CLASS_DOMAIN_INFO: Uuid = uuid!("00000000-0000-0000-0000-ffff00000052");
pub const _UUID_SCHEMA_ATTR_DOMAIN_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000053");
pub const _UUID_SCHEMA_ATTR_DOMAIN_UUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000054");
pub const _UUID_SCHEMA_ATTR_DOMAIN_SSID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000055");
pub const _UUID_SCHEMA_ATTR_GIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000056");
pub const _UUID_SCHEMA_CLASS_POSIXACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000057");
pub const _UUID_SCHEMA_CLASS_POSIXGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000058");
pub const _UUID_SCHEMA_ATTR_BADLIST_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000059");
pub const UUID_SCHEMA_ATTR_LEGALNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000050");
pub const UUID_SCHEMA_ATTR_RADIUS_SECRET: Uuid = uuid!("00000000-0000-0000-0000-ffff00000051");
pub const UUID_SCHEMA_CLASS_DOMAIN_INFO: Uuid = uuid!("00000000-0000-0000-0000-ffff00000052");
pub const UUID_SCHEMA_ATTR_DOMAIN_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000053");
pub const UUID_SCHEMA_ATTR_DOMAIN_UUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000054");
pub const UUID_SCHEMA_ATTR_DOMAIN_SSID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000055");
pub const UUID_SCHEMA_ATTR_GIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000056");
pub const UUID_SCHEMA_CLASS_POSIXACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000057");
pub const UUID_SCHEMA_CLASS_POSIXGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000058");
pub const UUID_SCHEMA_ATTR_BADLIST_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000059");
pub const UUID_SCHEMA_CLASS_SYSTEM_CONFIG: Uuid = uuid!("00000000-0000-0000-0000-ffff00000060");
pub const _UUID_SCHEMA_ATTR_LOGINSHELL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000061");
pub const _UUID_SCHEMA_ATTR_UNIX_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000062");
pub const UUID_SCHEMA_ATTR_LOGINSHELL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000061");
pub const UUID_SCHEMA_ATTR_UNIX_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000062");
pub const UUID_SCHEMA_ATTR_LAST_MOD_CID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000063");
pub const UUID_SCHEMA_ATTR_PHANTOM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000064");
pub const UUID_SCHEMA_ATTR_CLAIM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000065");
pub const UUID_SCHEMA_ATTR_PASSWORD_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000066");
pub const _UUID_SCHEMA_ATTR_NSUNIQUEID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000067");
pub const UUID_SCHEMA_ATTR_NSUNIQUEID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000067");
pub const UUID_SCHEMA_ATTR_DN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000068");
pub const _UUID_SCHEMA_ATTR_NICE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000069");
pub const UUID_SCHEMA_ATTR_NICE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000069");
pub const UUID_SCHEMA_ATTR_ENTRYUUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000070");
pub const UUID_SCHEMA_ATTR_OBJECTCLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000071");
pub const _UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000072");
pub const _UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000073");
pub const UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000072");
pub const UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000073");
pub const UUID_SCHEMA_ATTR_ENTRYDN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000074");
pub const UUID_SCHEMA_ATTR_EMAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000075");
pub const UUID_SCHEMA_ATTR_EMAILADDRESS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000076");
pub const UUID_SCHEMA_ATTR_KEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000077");
pub const UUID_SCHEMA_ATTR_SSHPUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000078");
pub const UUID_SCHEMA_ATTR_UIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000079");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000080");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000081");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000080");
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000081");
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000082");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000083");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000084");
pub const UUID_SCHEMA_CLASS_OAUTH2_RS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000085");
pub const UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC: Uuid = uuid!("00000000-0000-0000-0000-ffff00000086");
pub const UUID_SCHEMA_ATTR_CN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000087");
pub const UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000088");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000089");
pub const _UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: Uuid =
pub const UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000090");
pub const _UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000091");
pub const _UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000092");
pub const _UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: Uuid =
pub const UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000093");
pub const _UUID_SCHEMA_CLASS_ORGPERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000094");
pub const UUID_SCHEMA_CLASS_ORGPERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000094");
pub const UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000095");
pub const _UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: Uuid =
pub const UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000096");
pub const _UUID_SCHEMA_CLASS_OAUTH2_CONSENT_SCOPE_MAP: Uuid =
pub const UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000097");
pub const _UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid =
pub const UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000098");
pub const _UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099");
pub const _UUID_SCHEMA_ATTR_DEVICEKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100");
pub const UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099");
pub const UUID_SCHEMA_ATTR_DEVICEKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100");
pub const UUID_SCHEMA_ATTR_SYSTEMSUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000101");
pub const UUID_SCHEMA_ATTR_SUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000102");
@ -192,25 +190,24 @@ pub const UUID_SCHEMA_ATTR_SYSTEMEXCLUDES: Uuid = uuid!("00000000-0000-0000-0000
pub const UUID_SCHEMA_ATTR_EXCLUDES: Uuid = uuid!("00000000-0000-0000-0000-ffff00000104");
pub const UUID_SCHEMA_ATTR_SCOPE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000105");
pub const UUID_SCHEMA_CLASS_SERVICE_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000106");
pub const _UUID_SCHEMA_CLASS_DYNGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000107");
pub const _UUID_SCHEMA_ATTR_DYNGROUP_FILTER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000108");
pub const _UUID_SCHEMA_ATTR_OAUTH2_PREFERR_SHORT_USERNAME: Uuid =
pub const UUID_SCHEMA_CLASS_DYNGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000107");
pub const UUID_SCHEMA_ATTR_DYNGROUP_FILTER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000108");
pub const UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000109");
pub const _UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: Uuid =
pub const UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000110");
pub const _UUID_SCHEMA_ATTR_API_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000111");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: Uuid =
pub const UUID_SCHEMA_ATTR_API_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000111");
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000112");
pub const _UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: Uuid =
pub const UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000113");
pub const _UUID_SCHEMA_CLASS_SYNC_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000114");
pub const _UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000115");
pub const _UUID_SCHEMA_ATTR_SYNC_COOKIE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000116");
pub const _UUID_SCHEMA_ATTR_OAUTH2_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000117");
pub const UUID_SCHEMA_CLASS_SYNC_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000114");
pub const UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000115");
pub const UUID_SCHEMA_ATTR_SYNC_COOKIE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000116");
pub const UUID_SCHEMA_ATTR_OAUTH2_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000117");
pub const UUID_SCHEMA_ATTR_ACP_RECEIVER_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000118");
pub const _UUID_SCHEMA_ATTR_GRANT_UI_HINT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000119");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: Uuid =
pub const UUID_SCHEMA_ATTR_GRANT_UI_HINT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000119");
pub const UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000120");
pub const UUID_SCHEMA_ATTR_SYNC_EXTERNAL_ID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000121");
@ -224,8 +221,7 @@ pub const UUID_SCHEMA_ATTR_EMAILALTERNATIVE: Uuid = uuid!("00000000-0000-0000-00
pub const UUID_SCHEMA_ATTR_TOTP_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000128");
pub const UUID_SCHEMA_ATTR_REPLICATED: Uuid = uuid!("00000000-0000-0000-0000-ffff00000129");
pub const UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000130");
pub const _UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000131");
pub const UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000131");
pub const UUID_SCHEMA_ATTR_DYNMEMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000132");
pub const UUID_SCHEMA_ATTR_NAME_HISTORY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000133");

111
server/lib/src/schema.rs
View file

@ -300,6 +300,52 @@ impl SchemaAttribute {
}
}
impl From<SchemaAttribute> for EntryInitNew {
fn from(value: SchemaAttribute) -> Self {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava(
"attributename",
vec![Value::new_iutf8(&value.name)].into_iter(),
);
entry.add_ava("multivalue", Value::Bool(value.multivalue));
// syntax
entry.set_ava("syntax", vec![Value::Syntax(value.syntax)]);
entry.set_ava("unique", vec![Value::Bool(value.unique)].into_iter());
// index
entry.set_ava("index", value.index.into_iter().map(Value::Index));
// class
entry.set_ava(
"class",
vec![
CLASS_OBJECT.clone(),
CLASS_SYSTEM.clone(),
CLASS_ATTRIBUTETYPE.clone(),
],
);
// description
entry.set_ava(
"description",
vec![Value::new_utf8s(&value.description)].into_iter(),
);
// unique
// multivalue
// sync_allowed
entry.set_ava(
"sync_allowed",
vec![Value::Bool(value.sync_allowed)].into_iter(),
);
// uid
entry.set_ava("uuid", vec![Value::Uuid(value.uuid)].into_iter());
entry
}
}
/// An item representing a class and the rules for that class. These rules enforce that an
/// [`Entry`]'s avas conform to a set of requirements, giving structure to an entry about
/// what avas must or may exist. The kanidm project provides attributes in `systemmust` and
@ -435,6 +481,71 @@ impl SchemaClass {
}
}
impl From<SchemaClass> for EntryInitNew {
fn from(value: SchemaClass) -> Self {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava("classname", vec![Value::new_iutf8(&value.name)].into_iter());
// class
entry.set_ava(
"class",
vec![
CLASS_OBJECT.clone(),
CLASS_SYSTEM.clone(),
CLASS_CLASSTYPE.clone(),
],
);
// description
entry.set_ava(
"description",
vec![Value::new_utf8s(&value.description)].into_iter(),
);
// sync_allowed
entry.set_ava(
"sync_allowed",
vec![Value::Bool(value.sync_allowed)].into_iter(),
);
// uid
entry.set_ava("uuid", vec![Value::Uuid(value.uuid)].into_iter());
// systemmay
if !value.systemmay.is_empty() {
entry.set_ava(
"systemmay",
value.systemmay.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemexcludes
if !value.systemexcludes.is_empty() {
entry.set_ava(
"systemexcludes",
value.systemexcludes.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemmust
if !value.systemmust.is_empty() {
entry.set_ava(
"systemmust",
value.systemmust.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemsupplements
if !value.systemsupplements.is_empty() {
entry.set_ava(
"systemsupplements",
value.systemsupplements.iter().map(|s| Value::new_iutf8(s)),
);
}
entry
}
}
pub trait SchemaTransaction {
fn get_classes(&self) -> &HashMap<AttrString, SchemaClass>;
fn get_attributes(&self) -> &HashMap<AttrString, SchemaAttribute>;

136
server/lib/src/server/migrations.rs
View file

@ -435,8 +435,8 @@ impl<'a> QueryServerWriteTransaction<'a> {
admin_debug!("initialise_schema_idm -> start ...");
let idm_schema_attrs = [
E_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL.clone(),
E_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY.clone(),
SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL.clone().into(),
SCHEMA_ATTR_SYNC_YIELD_AUTHORITY.clone().into(),
];
let r: Result<(), _> = idm_schema_attrs
@ -449,72 +449,62 @@ impl<'a> QueryServerWriteTransaction<'a> {
debug_assert!(r.is_ok());
// List of IDM schemas to init.
let idm_schema: Vec<&str> = vec![
JSON_SCHEMA_ATTR_DISPLAYNAME,
JSON_SCHEMA_ATTR_LEGALNAME,
JSON_SCHEMA_ATTR_NAME_HISTORY,
JSON_SCHEMA_ATTR_MAIL,
JSON_SCHEMA_ATTR_SSH_PUBLICKEY,
JSON_SCHEMA_ATTR_PRIMARY_CREDENTIAL,
JSON_SCHEMA_ATTR_RADIUS_SECRET,
JSON_SCHEMA_ATTR_DOMAIN_NAME,
JSON_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME,
JSON_SCHEMA_ATTR_DOMAIN_UUID,
JSON_SCHEMA_ATTR_DOMAIN_SSID,
JSON_SCHEMA_ATTR_DOMAIN_TOKEN_KEY,
JSON_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR,
JSON_SCHEMA_ATTR_GIDNUMBER,
JSON_SCHEMA_ATTR_BADLIST_PASSWORD,
JSON_SCHEMA_ATTR_LOGINSHELL,
JSON_SCHEMA_ATTR_UNIX_PASSWORD,
JSON_SCHEMA_ATTR_ACCOUNT_EXPIRE,
JSON_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
JSON_SCHEMA_ATTR_OAUTH2_RS_NAME,
JSON_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
JSON_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP,
JSON_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES,
JSON_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET,
JSON_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY,
JSON_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER,
JSON_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE,
JSON_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE,
JSON_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER,
JSON_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN,
JSON_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP,
JSON_SCHEMA_ATTR_PASSKEYS,
JSON_SCHEMA_ATTR_DEVICEKEYS,
JSON_SCHEMA_ATTR_DYNGROUP_FILTER,
JSON_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY,
JSON_SCHEMA_ATTR_API_TOKEN_SESSION,
JSON_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP,
JSON_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION,
JSON_SCHEMA_ATTR_OAUTH2_SESSION,
JSON_SCHEMA_ATTR_NSUNIQUEID,
JSON_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME,
JSON_SCHEMA_ATTR_SYNC_TOKEN_SESSION,
JSON_SCHEMA_ATTR_SYNC_COOKIE,
JSON_SCHEMA_ATTR_GRANT_UI_HINT,
JSON_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING,
JSON_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN,
JSON_SCHEMA_CLASS_PERSON,
JSON_SCHEMA_CLASS_ORGPERSON,
JSON_SCHEMA_CLASS_GROUP,
JSON_SCHEMA_CLASS_DYNGROUP,
JSON_SCHEMA_CLASS_ACCOUNT,
JSON_SCHEMA_CLASS_SERVICE_ACCOUNT,
JSON_SCHEMA_CLASS_DOMAIN_INFO,
JSON_SCHEMA_CLASS_POSIXACCOUNT,
JSON_SCHEMA_CLASS_POSIXGROUP,
JSON_SCHEMA_CLASS_SYSTEM_CONFIG,
JSON_SCHEMA_CLASS_SYNC_ACCOUNT,
JSON_SCHEMA_CLASS_OAUTH2_RS,
JSON_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
let idm_schema: Vec<EntryInitNew> = vec![
SCHEMA_ATTR_MAIL.clone().into(),
SCHEMA_ATTR_ACCOUNT_EXPIRE.clone().into(),
SCHEMA_ATTR_ACCOUNT_VALID_FROM.clone().into(),
SCHEMA_ATTR_API_TOKEN_SESSION.clone().into(),
SCHEMA_ATTR_BADLIST_PASSWORD.clone().into(),
SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN.clone().into(),
SCHEMA_ATTR_DEVICEKEYS.clone().into(),
SCHEMA_ATTR_DISPLAYNAME.clone().into(),
SCHEMA_ATTR_DOMAIN_DISPLAY_NAME.clone().into(),
SCHEMA_ATTR_DOMAIN_LDAP_BASEDN.clone().into(),
SCHEMA_ATTR_DOMAIN_NAME.clone().into(),
SCHEMA_ATTR_DOMAIN_SSID.clone().into(),
SCHEMA_ATTR_DOMAIN_TOKEN_KEY.clone().into(),
SCHEMA_ATTR_DOMAIN_UUID.clone().into(),
SCHEMA_ATTR_DYNGROUP_FILTER.clone().into(),
SCHEMA_ATTR_ES256_PRIVATE_KEY_DER.clone().into(),
SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR.clone().into(),
SCHEMA_ATTR_GIDNUMBER.clone().into(),
SCHEMA_ATTR_GRANT_UI_HINT.clone().into(),
SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY.clone().into(),
SCHEMA_ATTR_LEGALNAME.clone().into(),
SCHEMA_ATTR_LOGINSHELL.clone().into(),
SCHEMA_ATTR_NAME_HISTORY.clone().into(),
SCHEMA_ATTR_NSUNIQUEID.clone().into(),
SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE
.clone()
.into(),
SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP.clone().into(),
SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE.clone().into(),
SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_NAME.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_ORIGIN.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP.clone().into(),
SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY.clone().into(),
SCHEMA_ATTR_OAUTH2_SESSION.clone().into(),
SCHEMA_ATTR_PASSKEYS.clone().into(),
SCHEMA_ATTR_PRIMARY_CREDENTIAL.clone().into(),
SCHEMA_ATTR_PRIVATE_COOKIE_KEY.clone().into(),
SCHEMA_ATTR_RADIUS_SECRET.clone().into(),
SCHEMA_ATTR_RS256_PRIVATE_KEY_DER.clone().into(),
SCHEMA_ATTR_SSH_PUBLICKEY.clone().into(),
SCHEMA_ATTR_SYNC_COOKIE.clone().into(),
SCHEMA_ATTR_SYNC_TOKEN_SESSION.clone().into(),
SCHEMA_ATTR_UNIX_PASSWORD.clone().into(),
SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION.clone().into(),
];
let r = idm_schema
.iter()
.into_iter()
// Each item individually logs it's result
.try_for_each(|e_str| self.internal_migrate_or_create_str(e_str));
.try_for_each(|entry| self.internal_migrate_or_create(entry));
if r.is_err() {
error!(res = ?r, "initialise_schema_idm -> Error");
@ -522,9 +512,21 @@ impl<'a> QueryServerWriteTransaction<'a> {
debug_assert!(r.is_ok());
let idm_schema_classes = [
E_SCHEMA_CLASS_OAUTH2_RS_BASIC.clone(),
E_SCHEMA_CLASS_OAUTH2_RS_PUBLIC.clone(),
let idm_schema_classes: Vec<EntryInitNew> = vec![
SCHEMA_CLASS_ACCOUNT.clone().into(),
SCHEMA_CLASS_DOMAIN_INFO.clone().into(),
SCHEMA_CLASS_DYNGROUP.clone().into(),
SCHEMA_CLASS_GROUP.clone().into(),
SCHEMA_CLASS_OAUTH2_RS.clone().into(),
SCHEMA_CLASS_ORGPERSON.clone().into(),
SCHEMA_CLASS_PERSON.clone().into(),
SCHEMA_CLASS_POSIXACCOUNT.clone().into(),
SCHEMA_CLASS_POSIXGROUP.clone().into(),
SCHEMA_CLASS_SERVICE_ACCOUNT.clone().into(),
SCHEMA_CLASS_SYNC_ACCOUNT.clone().into(),
SCHEMA_CLASS_SYSTEM_CONFIG.clone().into(),
SCHEMA_CLASS_OAUTH2_RS_BASIC.clone().into(),
SCHEMA_CLASS_OAUTH2_RS_PUBLIC.clone().into(),
];
let r: Result<(), _> = idm_schema_classes

6
server/testkit/tests/integration.rs
View file

@ -80,7 +80,11 @@ async fn test_webdriver_user_login(rsclient: kanidm_client::KanidmClient) {
let c = get_webdriver_client().await;
handle_error!(c, c.goto(rsclient.get_url()).await, "Couldn't get URL");
handle_error!(
c,
c.goto(rsclient.get_url().to_string()).await,
"Couldn't get URL"
);
println!("Waiting for page to load");
let mut wait_attempts = 0;