mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Struct-ifying schema things (#1971)

Browse source 
* structifying things
This commit is contained in:
James Hodgkinson 2023-08-14 19:39:49 +10:00 committed by GitHub
parent e2fb53cc42
commit aba9f6a724
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 956 additions and 2005 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
server/lib/Cargo.toml
View file

@ -42,7 +42,13 @@ num_enum = { workspace = true }
openssl-sys = { workspace = true } openssl-sys = { workspace = true }
openssl = { workspace = true } openssl = { workspace = true }
rand = { workspace = true } rand = { workspace = true }
regex = { workspace = true, features = ["std", "perf", "perf-inline", "unicode", "unicode-gencat"] } regex = { workspace = true, features = [
"std",
"perf",
"perf-inline",
"unicode",
"unicode-gencat",
] }
serde = { workspace = true, features = ["derive"] } serde = { workspace = true, features = ["derive"] }
serde_cbor = { workspace = true } serde_cbor = { workspace = true }
serde_json = { workspace = true } serde_json = { workspace = true }
@ -62,7 +68,11 @@ tracing = { workspace = true, features = ["attributes"] }
url = { workspace = true, features = ["serde"] } url = { workspace = true, features = ["serde"] }
urlencoding = { workspace = true } urlencoding = { workspace = true }
uuid = { workspace = true, features = ["serde", "v4"] } uuid = { workspace = true, features = ["serde", "v4"] }
webauthn-rs = { workspace = true, features = ["resident-key-support", "preview-features", "danger-credential-internals"] } webauthn-rs = { workspace = true, features = [
"resident-key-support",
"preview-features",
"danger-credential-internals",
] }
webauthn-rs-core = { workspace = true } webauthn-rs-core = { workspace = true }
zxcvbn = { workspace = true } zxcvbn = { workspace = true }
serde_with = { workspace = true } serde_with = { workspace = true }
@ -87,5 +97,6 @@ futures = { workspace = true }
kanidmd_lib_macros = { workspace = true } kanidmd_lib_macros = { workspace = true }
[build-dependencies] [build-dependencies]
hashbrown = { workspace = true }
kanidm_build_profiles = { workspace = true } kanidm_build_profiles = { workspace = true }
regex = { workspace = true }

25
server/lib/build.rs
View file

@ -1,5 +1,7 @@
// include!("src/lib/audit_loglevel.rs"); // include!("src/lib/audit_loglevel.rs");
use hashbrown::HashMap;
use std::env; use std::env;
fn main() { fn main() {
@ -12,4 +14,27 @@ fn main() {
} }
profiles::apply_profile(); profiles::apply_profile();
// check we don't have duplicate UUIDs
let uuid_filename = format!(
"{}/{}",
env!("CARGO_MANIFEST_DIR"),
"src/constants/uuids.rs"
);
let constants = std::fs::read_to_string(uuid_filename).unwrap();
let mut uuids: HashMap<String, usize> = HashMap::new();
let uuid_finder = regex::Regex::new(r#"uuid!\(\"([^\"]+)"#).unwrap();
for line in constants.lines() {
if let Some(caps) = uuid_finder.captures(line) {
let uuid = caps.get(1).unwrap().as_str();
let count = uuids.entry(uuid.to_string()).or_insert(0);
*count += 1;
}
}
for (uuid, count) in uuids {
if count > 1 {
panic!("duplicate UUID: {}", uuid);
}
}
} }

2464
server/lib/src/constants/schema.rs
View file

File diff suppressed because it is too large Load diff

112
server/lib/src/constants/uuids.rs
View file

@ -59,7 +59,7 @@ pub const UUID_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES: Uuid =
pub const UUID_IDM_ACCOUNT_MAIL_READ_PRIV: Uuid = uuid!("00000000-0000-0000-0000-000000000039"); pub const UUID_IDM_ACCOUNT_MAIL_READ_PRIV: Uuid = uuid!("00000000-0000-0000-0000-000000000039");
// //
pub const _UUID_IDM_HIGH_PRIVILEGE: Uuid = uuid!("00000000-0000-0000-0000-000000001000"); pub const UUID_IDM_HIGH_PRIVILEGE: Uuid = uuid!("00000000-0000-0000-0000-000000001000");
// Builtin schema // Builtin schema
pub const UUID_SCHEMA_ATTR_CLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000000"); pub const UUID_SCHEMA_ATTR_CLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000000");
@ -110,81 +110,79 @@ pub const UUID_SCHEMA_CLASS_ACCESS_CONTROL_MODIFY: Uuid =
pub const UUID_SCHEMA_CLASS_ACCESS_CONTROL_CREATE: Uuid = pub const UUID_SCHEMA_CLASS_ACCESS_CONTROL_CREATE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000038"); uuid!("00000000-0000-0000-0000-ffff00000038");
pub const UUID_SCHEMA_CLASS_SYSTEM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000039"); pub const UUID_SCHEMA_CLASS_SYSTEM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000039");
pub const _UUID_SCHEMA_ATTR_DISPLAYNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000040"); pub const UUID_SCHEMA_ATTR_DISPLAYNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000040");
pub const _UUID_SCHEMA_ATTR_MAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000041"); pub const UUID_SCHEMA_ATTR_MAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000041");
pub const _UUID_SCHEMA_ATTR_SSH_PUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000042"); pub const UUID_SCHEMA_ATTR_SSH_PUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000042");
pub const _UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL: Uuid = pub const UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000043");
uuid!("00000000-0000-0000-0000-ffff00000043"); pub const UUID_SCHEMA_CLASS_PERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000044");
pub const _UUID_SCHEMA_CLASS_PERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000044"); pub const UUID_SCHEMA_CLASS_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000045");
pub const _UUID_SCHEMA_CLASS_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000045"); pub const UUID_SCHEMA_CLASS_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000046");
pub const _UUID_SCHEMA_CLASS_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000046");
// GAP - 47 // GAP - 47
pub const UUID_SCHEMA_ATTR_ATTRIBUTENAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000048"); pub const UUID_SCHEMA_ATTR_ATTRIBUTENAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000048");
pub const UUID_SCHEMA_ATTR_CLASSNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000049"); pub const UUID_SCHEMA_ATTR_CLASSNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000049");
pub const _UUID_SCHEMA_ATTR_LEGALNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000050"); pub const UUID_SCHEMA_ATTR_LEGALNAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000050");
pub const _UUID_SCHEMA_ATTR_RADIUS_SECRET: Uuid = uuid!("00000000-0000-0000-0000-ffff00000051"); pub const UUID_SCHEMA_ATTR_RADIUS_SECRET: Uuid = uuid!("00000000-0000-0000-0000-ffff00000051");
pub const _UUID_SCHEMA_CLASS_DOMAIN_INFO: Uuid = uuid!("00000000-0000-0000-0000-ffff00000052"); pub const UUID_SCHEMA_CLASS_DOMAIN_INFO: Uuid = uuid!("00000000-0000-0000-0000-ffff00000052");
pub const _UUID_SCHEMA_ATTR_DOMAIN_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000053"); pub const UUID_SCHEMA_ATTR_DOMAIN_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000053");
pub const _UUID_SCHEMA_ATTR_DOMAIN_UUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000054"); pub const UUID_SCHEMA_ATTR_DOMAIN_UUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000054");
pub const _UUID_SCHEMA_ATTR_DOMAIN_SSID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000055"); pub const UUID_SCHEMA_ATTR_DOMAIN_SSID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000055");
pub const _UUID_SCHEMA_ATTR_GIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000056"); pub const UUID_SCHEMA_ATTR_GIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000056");
pub const _UUID_SCHEMA_CLASS_POSIXACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000057"); pub const UUID_SCHEMA_CLASS_POSIXACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000057");
pub const _UUID_SCHEMA_CLASS_POSIXGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000058"); pub const UUID_SCHEMA_CLASS_POSIXGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000058");
pub const _UUID_SCHEMA_ATTR_BADLIST_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000059"); pub const UUID_SCHEMA_ATTR_BADLIST_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000059");
pub const UUID_SCHEMA_CLASS_SYSTEM_CONFIG: Uuid = uuid!("00000000-0000-0000-0000-ffff00000060"); pub const UUID_SCHEMA_CLASS_SYSTEM_CONFIG: Uuid = uuid!("00000000-0000-0000-0000-ffff00000060");
pub const _UUID_SCHEMA_ATTR_LOGINSHELL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000061"); pub const UUID_SCHEMA_ATTR_LOGINSHELL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000061");
pub const _UUID_SCHEMA_ATTR_UNIX_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000062"); pub const UUID_SCHEMA_ATTR_UNIX_PASSWORD: Uuid = uuid!("00000000-0000-0000-0000-ffff00000062");
pub const UUID_SCHEMA_ATTR_LAST_MOD_CID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000063"); pub const UUID_SCHEMA_ATTR_LAST_MOD_CID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000063");
pub const UUID_SCHEMA_ATTR_PHANTOM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000064"); pub const UUID_SCHEMA_ATTR_PHANTOM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000064");
pub const UUID_SCHEMA_ATTR_CLAIM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000065"); pub const UUID_SCHEMA_ATTR_CLAIM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000065");
pub const UUID_SCHEMA_ATTR_PASSWORD_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000066"); pub const UUID_SCHEMA_ATTR_PASSWORD_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000066");
pub const _UUID_SCHEMA_ATTR_NSUNIQUEID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000067"); pub const UUID_SCHEMA_ATTR_NSUNIQUEID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000067");
pub const UUID_SCHEMA_ATTR_DN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000068"); pub const UUID_SCHEMA_ATTR_DN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000068");
pub const _UUID_SCHEMA_ATTR_NICE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000069"); pub const UUID_SCHEMA_ATTR_NICE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000069");
pub const UUID_SCHEMA_ATTR_ENTRYUUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000070"); pub const UUID_SCHEMA_ATTR_ENTRYUUID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000070");
pub const UUID_SCHEMA_ATTR_OBJECTCLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000071"); pub const UUID_SCHEMA_ATTR_OBJECTCLASS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000071");
pub const _UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000072"); pub const UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000072");
pub const _UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM: Uuid = pub const UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM: Uuid = uuid!("00000000-0000-0000-0000-ffff00000073");
uuid!("00000000-0000-0000-0000-ffff00000073");
pub const UUID_SCHEMA_ATTR_ENTRYDN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000074"); pub const UUID_SCHEMA_ATTR_ENTRYDN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000074");
pub const UUID_SCHEMA_ATTR_EMAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000075"); pub const UUID_SCHEMA_ATTR_EMAIL: Uuid = uuid!("00000000-0000-0000-0000-ffff00000075");
pub const UUID_SCHEMA_ATTR_EMAILADDRESS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000076"); pub const UUID_SCHEMA_ATTR_EMAILADDRESS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000076");
pub const UUID_SCHEMA_ATTR_KEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000077"); pub const UUID_SCHEMA_ATTR_KEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000077");
pub const UUID_SCHEMA_ATTR_SSHPUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000078"); pub const UUID_SCHEMA_ATTR_SSHPUBLICKEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000078");
pub const UUID_SCHEMA_ATTR_UIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000079"); pub const UUID_SCHEMA_ATTR_UIDNUMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000079");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000080"); pub const UUID_SCHEMA_ATTR_OAUTH2_RS_NAME: Uuid = uuid!("00000000-0000-0000-0000-ffff00000080");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000081"); pub const UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000081");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000082"); uuid!("00000000-0000-0000-0000-ffff00000082");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000083"); uuid!("00000000-0000-0000-0000-ffff00000083");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000084"); uuid!("00000000-0000-0000-0000-ffff00000084");
pub const UUID_SCHEMA_CLASS_OAUTH2_RS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000085"); pub const UUID_SCHEMA_CLASS_OAUTH2_RS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000085");
pub const UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC: Uuid = uuid!("00000000-0000-0000-0000-ffff00000086"); pub const UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC: Uuid = uuid!("00000000-0000-0000-0000-ffff00000086");
pub const UUID_SCHEMA_ATTR_CN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000087"); pub const UUID_SCHEMA_ATTR_CN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000087");
pub const UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000088"); pub const UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000088");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000089"); uuid!("00000000-0000-0000-0000-ffff00000089");
pub const _UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: Uuid = pub const UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000090"); uuid!("00000000-0000-0000-0000-ffff00000090");
pub const _UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000091"); uuid!("00000000-0000-0000-0000-ffff00000091");
pub const _UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000092"); uuid!("00000000-0000-0000-0000-ffff00000092");
pub const _UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: Uuid = pub const UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000093"); uuid!("00000000-0000-0000-0000-ffff00000093");
pub const _UUID_SCHEMA_CLASS_ORGPERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000094"); pub const UUID_SCHEMA_CLASS_ORGPERSON: Uuid = uuid!("00000000-0000-0000-0000-ffff00000094");
pub const UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: Uuid = pub const UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000095"); uuid!("00000000-0000-0000-0000-ffff00000095");
pub const _UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: Uuid = pub const UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000096"); uuid!("00000000-0000-0000-0000-ffff00000096");
pub const _UUID_SCHEMA_CLASS_OAUTH2_CONSENT_SCOPE_MAP: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000097"); uuid!("00000000-0000-0000-0000-ffff00000097");
pub const _UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid = pub const UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000098"); uuid!("00000000-0000-0000-0000-ffff00000098");
pub const _UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099"); pub const UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099");
pub const _UUID_SCHEMA_ATTR_DEVICEKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100"); pub const UUID_SCHEMA_ATTR_DEVICEKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100");
pub const UUID_SCHEMA_ATTR_SYSTEMSUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000101"); pub const UUID_SCHEMA_ATTR_SYSTEMSUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000101");
pub const UUID_SCHEMA_ATTR_SUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000102"); pub const UUID_SCHEMA_ATTR_SUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000102");
@ -192,25 +190,24 @@ pub const UUID_SCHEMA_ATTR_SYSTEMEXCLUDES: Uuid = uuid!("00000000-0000-0000-0000
pub const UUID_SCHEMA_ATTR_EXCLUDES: Uuid = uuid!("00000000-0000-0000-0000-ffff00000104"); pub const UUID_SCHEMA_ATTR_EXCLUDES: Uuid = uuid!("00000000-0000-0000-0000-ffff00000104");
pub const UUID_SCHEMA_ATTR_SCOPE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000105"); pub const UUID_SCHEMA_ATTR_SCOPE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000105");
pub const UUID_SCHEMA_CLASS_SERVICE_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000106"); pub const UUID_SCHEMA_CLASS_SERVICE_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000106");
pub const _UUID_SCHEMA_CLASS_DYNGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000107"); pub const UUID_SCHEMA_CLASS_DYNGROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000107");
pub const _UUID_SCHEMA_ATTR_DYNGROUP_FILTER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000108"); pub const UUID_SCHEMA_ATTR_DYNGROUP_FILTER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000108");
pub const _UUID_SCHEMA_ATTR_OAUTH2_PREFERR_SHORT_USERNAME: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000109"); uuid!("00000000-0000-0000-0000-ffff00000109");
pub const _UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: Uuid = pub const UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000110"); uuid!("00000000-0000-0000-0000-ffff00000110");
pub const _UUID_SCHEMA_ATTR_API_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000111"); pub const UUID_SCHEMA_ATTR_API_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000111");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000112"); uuid!("00000000-0000-0000-0000-ffff00000112");
pub const _UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: Uuid = pub const UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000113"); uuid!("00000000-0000-0000-0000-ffff00000113");
pub const _UUID_SCHEMA_CLASS_SYNC_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000114"); pub const UUID_SCHEMA_CLASS_SYNC_ACCOUNT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000114");
pub const _UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION: Uuid = pub const UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000115");
uuid!("00000000-0000-0000-0000-ffff00000115"); pub const UUID_SCHEMA_ATTR_SYNC_COOKIE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000116");
pub const _UUID_SCHEMA_ATTR_SYNC_COOKIE: Uuid = uuid!("00000000-0000-0000-0000-ffff00000116"); pub const UUID_SCHEMA_ATTR_OAUTH2_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000117");
pub const _UUID_SCHEMA_ATTR_OAUTH2_SESSION: Uuid = uuid!("00000000-0000-0000-0000-ffff00000117");
pub const UUID_SCHEMA_ATTR_ACP_RECEIVER_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000118"); pub const UUID_SCHEMA_ATTR_ACP_RECEIVER_GROUP: Uuid = uuid!("00000000-0000-0000-0000-ffff00000118");
pub const _UUID_SCHEMA_ATTR_GRANT_UI_HINT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000119"); pub const UUID_SCHEMA_ATTR_GRANT_UI_HINT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000119");
pub const _UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: Uuid = pub const UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000120"); uuid!("00000000-0000-0000-0000-ffff00000120");
pub const UUID_SCHEMA_ATTR_SYNC_EXTERNAL_ID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000121"); pub const UUID_SCHEMA_ATTR_SYNC_EXTERNAL_ID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000121");
@ -224,8 +221,7 @@ pub const UUID_SCHEMA_ATTR_EMAILALTERNATIVE: Uuid = uuid!("00000000-0000-0000-00
pub const UUID_SCHEMA_ATTR_TOTP_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000128"); pub const UUID_SCHEMA_ATTR_TOTP_IMPORT: Uuid = uuid!("00000000-0000-0000-0000-ffff00000128");
pub const UUID_SCHEMA_ATTR_REPLICATED: Uuid = uuid!("00000000-0000-0000-0000-ffff00000129"); pub const UUID_SCHEMA_ATTR_REPLICATED: Uuid = uuid!("00000000-0000-0000-0000-ffff00000129");
pub const UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000130"); pub const UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000130");
pub const _UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: Uuid = pub const UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: Uuid = uuid!("00000000-0000-0000-0000-ffff00000131");
uuid!("00000000-0000-0000-0000-ffff00000131");
pub const UUID_SCHEMA_ATTR_DYNMEMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000132"); pub const UUID_SCHEMA_ATTR_DYNMEMBER: Uuid = uuid!("00000000-0000-0000-0000-ffff00000132");
pub const UUID_SCHEMA_ATTR_NAME_HISTORY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000133"); pub const UUID_SCHEMA_ATTR_NAME_HISTORY: Uuid = uuid!("00000000-0000-0000-0000-ffff00000133");

111
server/lib/src/schema.rs
View file

@ -300,6 +300,52 @@ impl SchemaAttribute {
} }
} }
impl From<SchemaAttribute> for EntryInitNew {
fn from(value: SchemaAttribute) -> Self {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava(
"attributename",
vec![Value::new_iutf8(&value.name)].into_iter(),
);
entry.add_ava("multivalue", Value::Bool(value.multivalue));
// syntax
entry.set_ava("syntax", vec![Value::Syntax(value.syntax)]);
entry.set_ava("unique", vec![Value::Bool(value.unique)].into_iter());
// index
entry.set_ava("index", value.index.into_iter().map(Value::Index));
// class
entry.set_ava(
"class",
vec![
CLASS_OBJECT.clone(),
CLASS_SYSTEM.clone(),
CLASS_ATTRIBUTETYPE.clone(),
],
);
// description
entry.set_ava(
"description",
vec![Value::new_utf8s(&value.description)].into_iter(),
);
// unique
// multivalue
// sync_allowed
entry.set_ava(
"sync_allowed",
vec![Value::Bool(value.sync_allowed)].into_iter(),
);
// uid
entry.set_ava("uuid", vec![Value::Uuid(value.uuid)].into_iter());
entry
}
}
/// An item representing a class and the rules for that class. These rules enforce that an /// An item representing a class and the rules for that class. These rules enforce that an
/// [`Entry`]'s avas conform to a set of requirements, giving structure to an entry about /// [`Entry`]'s avas conform to a set of requirements, giving structure to an entry about
/// what avas must or may exist. The kanidm project provides attributes in `systemmust` and /// what avas must or may exist. The kanidm project provides attributes in `systemmust` and
@ -435,6 +481,71 @@ impl SchemaClass {
} }
} }
impl From<SchemaClass> for EntryInitNew {
fn from(value: SchemaClass) -> Self {
let mut entry = EntryInitNew::new();
#[allow(clippy::expect_used)]
entry.set_ava("classname", vec![Value::new_iutf8(&value.name)].into_iter());
// class
entry.set_ava(
"class",
vec![
CLASS_OBJECT.clone(),
CLASS_SYSTEM.clone(),
CLASS_CLASSTYPE.clone(),
],
);
// description
entry.set_ava(
"description",
vec![Value::new_utf8s(&value.description)].into_iter(),
);
// sync_allowed
entry.set_ava(
"sync_allowed",
vec![Value::Bool(value.sync_allowed)].into_iter(),
);
// uid
entry.set_ava("uuid", vec![Value::Uuid(value.uuid)].into_iter());
// systemmay
if !value.systemmay.is_empty() {
entry.set_ava(
"systemmay",
value.systemmay.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemexcludes
if !value.systemexcludes.is_empty() {
entry.set_ava(
"systemexcludes",
value.systemexcludes.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemmust
if !value.systemmust.is_empty() {
entry.set_ava(
"systemmust",
value.systemmust.iter().map(|s| Value::new_iutf8(s)),
);
}
// systemsupplements
if !value.systemsupplements.is_empty() {
entry.set_ava(
"systemsupplements",
value.systemsupplements.iter().map(|s| Value::new_iutf8(s)),
);
}
entry
}
}
pub trait SchemaTransaction { pub trait SchemaTransaction {
fn get_classes(&self) -> &HashMap<AttrString, SchemaClass>; fn get_classes(&self) -> &HashMap<AttrString, SchemaClass>;
fn get_attributes(&self) -> &HashMap<AttrString, SchemaAttribute>; fn get_attributes(&self) -> &HashMap<AttrString, SchemaAttribute>;

136
server/lib/src/server/migrations.rs
View file

@ -435,8 +435,8 @@ impl<'a> QueryServerWriteTransaction<'a> {
admin_debug!("initialise_schema_idm -> start ..."); admin_debug!("initialise_schema_idm -> start ...");
let idm_schema_attrs = [ let idm_schema_attrs = [
E_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL.clone(), SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL.clone().into(),
E_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY.clone(), SCHEMA_ATTR_SYNC_YIELD_AUTHORITY.clone().into(),
]; ];
let r: Result<(), _> = idm_schema_attrs let r: Result<(), _> = idm_schema_attrs
@ -449,72 +449,62 @@ impl<'a> QueryServerWriteTransaction<'a> {
debug_assert!(r.is_ok()); debug_assert!(r.is_ok());
// List of IDM schemas to init. // List of IDM schemas to init.
let idm_schema: Vec<&str> = vec![ let idm_schema: Vec<EntryInitNew> = vec![
JSON_SCHEMA_ATTR_DISPLAYNAME, SCHEMA_ATTR_MAIL.clone().into(),
JSON_SCHEMA_ATTR_LEGALNAME, SCHEMA_ATTR_ACCOUNT_EXPIRE.clone().into(),
JSON_SCHEMA_ATTR_NAME_HISTORY, SCHEMA_ATTR_ACCOUNT_VALID_FROM.clone().into(),
JSON_SCHEMA_ATTR_MAIL, SCHEMA_ATTR_API_TOKEN_SESSION.clone().into(),
JSON_SCHEMA_ATTR_SSH_PUBLICKEY, SCHEMA_ATTR_BADLIST_PASSWORD.clone().into(),
JSON_SCHEMA_ATTR_PRIMARY_CREDENTIAL, SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN.clone().into(),
JSON_SCHEMA_ATTR_RADIUS_SECRET, SCHEMA_ATTR_DEVICEKEYS.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_NAME, SCHEMA_ATTR_DISPLAYNAME.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME, SCHEMA_ATTR_DOMAIN_DISPLAY_NAME.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_UUID, SCHEMA_ATTR_DOMAIN_LDAP_BASEDN.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_SSID, SCHEMA_ATTR_DOMAIN_NAME.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_TOKEN_KEY, SCHEMA_ATTR_DOMAIN_SSID.clone().into(),
JSON_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR, SCHEMA_ATTR_DOMAIN_TOKEN_KEY.clone().into(),
JSON_SCHEMA_ATTR_GIDNUMBER, SCHEMA_ATTR_DOMAIN_UUID.clone().into(),
JSON_SCHEMA_ATTR_BADLIST_PASSWORD, SCHEMA_ATTR_DYNGROUP_FILTER.clone().into(),
JSON_SCHEMA_ATTR_LOGINSHELL, SCHEMA_ATTR_ES256_PRIVATE_KEY_DER.clone().into(),
JSON_SCHEMA_ATTR_UNIX_PASSWORD, SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR.clone().into(),
JSON_SCHEMA_ATTR_ACCOUNT_EXPIRE, SCHEMA_ATTR_GIDNUMBER.clone().into(),
JSON_SCHEMA_ATTR_ACCOUNT_VALID_FROM, SCHEMA_ATTR_GRANT_UI_HINT.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_NAME, SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_ORIGIN, SCHEMA_ATTR_LEGALNAME.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP, SCHEMA_ATTR_LOGINSHELL.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES, SCHEMA_ATTR_NAME_HISTORY.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET, SCHEMA_ATTR_NSUNIQUEID.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY, SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE
JSON_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER, .clone()
JSON_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE, .into(),
JSON_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE, SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP.clone().into(),
JSON_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER, SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE.clone().into(),
JSON_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN, SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP, SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET.clone().into(),
JSON_SCHEMA_ATTR_PASSKEYS, SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES.clone().into(),
JSON_SCHEMA_ATTR_DEVICEKEYS, SCHEMA_ATTR_OAUTH2_RS_NAME.clone().into(),
JSON_SCHEMA_ATTR_DYNGROUP_FILTER, SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING.clone().into(),
JSON_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY, SCHEMA_ATTR_OAUTH2_RS_ORIGIN.clone().into(),
JSON_SCHEMA_ATTR_API_TOKEN_SESSION, SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP, SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP.clone().into(),
JSON_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION, SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_SESSION, SCHEMA_ATTR_OAUTH2_SESSION.clone().into(),
JSON_SCHEMA_ATTR_NSUNIQUEID, SCHEMA_ATTR_PASSKEYS.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME, SCHEMA_ATTR_PRIMARY_CREDENTIAL.clone().into(),
JSON_SCHEMA_ATTR_SYNC_TOKEN_SESSION, SCHEMA_ATTR_PRIVATE_COOKIE_KEY.clone().into(),
JSON_SCHEMA_ATTR_SYNC_COOKIE, SCHEMA_ATTR_RADIUS_SECRET.clone().into(),
JSON_SCHEMA_ATTR_GRANT_UI_HINT, SCHEMA_ATTR_RS256_PRIVATE_KEY_DER.clone().into(),
JSON_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING, SCHEMA_ATTR_SSH_PUBLICKEY.clone().into(),
JSON_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN, SCHEMA_ATTR_SYNC_COOKIE.clone().into(),
JSON_SCHEMA_CLASS_PERSON, SCHEMA_ATTR_SYNC_TOKEN_SESSION.clone().into(),
JSON_SCHEMA_CLASS_ORGPERSON, SCHEMA_ATTR_UNIX_PASSWORD.clone().into(),
JSON_SCHEMA_CLASS_GROUP, SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION.clone().into(),
JSON_SCHEMA_CLASS_DYNGROUP,
JSON_SCHEMA_CLASS_ACCOUNT,
JSON_SCHEMA_CLASS_SERVICE_ACCOUNT,
JSON_SCHEMA_CLASS_DOMAIN_INFO,
JSON_SCHEMA_CLASS_POSIXACCOUNT,
JSON_SCHEMA_CLASS_POSIXGROUP,
JSON_SCHEMA_CLASS_SYSTEM_CONFIG,
JSON_SCHEMA_CLASS_SYNC_ACCOUNT,
JSON_SCHEMA_CLASS_OAUTH2_RS,
JSON_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
]; ];
let r = idm_schema let r = idm_schema
.iter() .into_iter()
// Each item individually logs it's result // Each item individually logs it's result
.try_for_each(|e_str| self.internal_migrate_or_create_str(e_str)); .try_for_each(|entry| self.internal_migrate_or_create(entry));
if r.is_err() { if r.is_err() {
error!(res = ?r, "initialise_schema_idm -> Error"); error!(res = ?r, "initialise_schema_idm -> Error");
@ -522,9 +512,21 @@ impl<'a> QueryServerWriteTransaction<'a> {
debug_assert!(r.is_ok()); debug_assert!(r.is_ok());
let idm_schema_classes = [ let idm_schema_classes: Vec<EntryInitNew> = vec![
E_SCHEMA_CLASS_OAUTH2_RS_BASIC.clone(), SCHEMA_CLASS_ACCOUNT.clone().into(),
E_SCHEMA_CLASS_OAUTH2_RS_PUBLIC.clone(), SCHEMA_CLASS_DOMAIN_INFO.clone().into(),
SCHEMA_CLASS_DYNGROUP.clone().into(),
SCHEMA_CLASS_GROUP.clone().into(),
SCHEMA_CLASS_OAUTH2_RS.clone().into(),
SCHEMA_CLASS_ORGPERSON.clone().into(),
SCHEMA_CLASS_PERSON.clone().into(),
SCHEMA_CLASS_POSIXACCOUNT.clone().into(),
SCHEMA_CLASS_POSIXGROUP.clone().into(),
SCHEMA_CLASS_SERVICE_ACCOUNT.clone().into(),
SCHEMA_CLASS_SYNC_ACCOUNT.clone().into(),
SCHEMA_CLASS_SYSTEM_CONFIG.clone().into(),
SCHEMA_CLASS_OAUTH2_RS_BASIC.clone().into(),
SCHEMA_CLASS_OAUTH2_RS_PUBLIC.clone().into(),
]; ];
let r: Result<(), _> = idm_schema_classes let r: Result<(), _> = idm_schema_classes

6
server/testkit/tests/integration.rs
View file

@ -80,7 +80,11 @@ async fn test_webdriver_user_login(rsclient: kanidm_client::KanidmClient) {
let c = get_webdriver_client().await; let c = get_webdriver_client().await;
handle_error!(c, c.goto(rsclient.get_url()).await, "Couldn't get URL"); handle_error!(
c,
c.goto(rsclient.get_url().to_string()).await,
"Couldn't get URL"
);
println!("Waiting for page to load"); println!("Waiting for page to load");
let mut wait_attempts = 0; let mut wait_attempts = 0;