mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Docker improvements (#81)

Browse source 
Update the dockerfile to work correctly with the newer server options and runtime.
This commit is contained in:
Firstyear 2019-09-06 13:05:27 +10:00 committed by GitHub
parent c798322ad8
commit b4fc71b27d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 36 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Dockerfile
View file

@ -1,21 +1,22 @@
FROM opensuse/tumbleweed:latest
MAINTAINER william@blackhats.net.au
EXPOSE 8080
COPY . /home/rsidm/
WORKDIR /home/rsidm/
RUN zypper install -y timezone cargo rust rust-std gcc && \
RUN zypper install -y timezone cargo rust gcc sqlite3-devel libopenssl-devel && \
RUSTC_BOOTSTRAP=1 cargo build --release && \
zypper rm -u -y cargo rust rust-std gcc && \
zypper rm -u -y cargo rust gcc && \
zypper clean
RUN cd /etc && \
ln -sf ../usr/share/zoneinfo/Australia/Brisbane localtime
RUN useradd -m -r rsidm
USER rsidm
VOLUME /data
ENV RUST_BACKTRACE 1
CMD ["/home/rsidm/target/release/rsidm"]
CMD ["/home/rsidm/target/release/rsidmd", "server", "-D", "/data/kanidm.db"]

2
designs/auth.rst
View file

@ -345,7 +345,7 @@ With regard to forwarding tokens (no consideration is made to security of this
system yet), method two probably is the best, but you need token constraint
to make sure you can't replay to another host.
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
Brain Dump Internal Details
===========================

2
rsidmd/src/lib/async_log.rs
View file

@ -66,7 +66,7 @@ impl Handler<AuditScope> for EventLog {
type Result = ();
fn handle(&mut self, event: AuditScope, _: &mut SyncContext<Self>) -> Self::Result {
info!("audit: {}", event);
debug!("audit: {}", event);
}
}

4
rsidmd/src/lib/be/mod.rs
View file

@ -360,8 +360,8 @@ impl BackendWriteTransaction {
try_audit!(
au,
stmt.execute_named(&[
(":id", &ser_entry.id as &ToSql),
(":data", &ser_entry.data as &ToSql)
(":id", &ser_entry.id as &dyn ToSql),
(":data", &ser_entry.data as &dyn ToSql)
]),
"rusqlite error {:?}",
OperationError::SQLiteError

4
rsidmd/src/lib/core.rs
View file

@ -71,7 +71,7 @@ macro_rules! json_event_post {
// `Future::and_then` can be used to merge an asynchronous workflow with a
// synchronous workflow
.and_then(
move |body| -> Box<Future<Item = HttpResponse, Error = Error>> {
move |body| -> Box<dyn Future<Item = HttpResponse, Error = Error>> {
// body is loaded, now we can deserialize serde-json
// let r_obj = serde_json::from_slice::<SearchRequest>(&body);
let r_obj = serde_json::from_slice::<$message_type>(&body);
@ -180,7 +180,7 @@ fn auth(
}
})
.and_then(
move |body| -> Box<Future<Item = HttpResponse, Error = Error>> {
move |body| -> Box<dyn Future<Item = HttpResponse, Error = Error>> {
let r_obj = serde_json::from_slice::<AuthRequest>(&body);
// Send to the db for action

4
rsidmd/src/lib/entry.rs
View file

@ -415,7 +415,7 @@ impl<STATE> Entry<EntryInvalid, STATE> {
pub fn validate(
self,
schema: &SchemaTransaction,
schema: &dyn SchemaTransaction,
) -> Result<Entry<EntryValid, STATE>, SchemaError> {
let schema_classes = schema.get_classes();
let schema_attributes = schema.get_attributes();
@ -998,7 +998,7 @@ impl<STATE> Entry<EntryValid, STATE> {
pub fn gen_modlist_assert(
&self,
schema: &SchemaTransaction,
schema: &dyn SchemaTransaction,
) -> Result<ModifyList<ModifyInvalid>, SchemaError> {
// Create a modlist from this entry. We make this assuming we want the entry
// to have this one as a subset of values. This means if we have single

7
rsidmd/src/lib/filter.rs
View file

@ -268,7 +268,10 @@ impl Filter<FilterInvalid> {
}
}
pub fn validate(&self, schema: &SchemaTransaction) -> Result<Filter<FilterValid>, SchemaError> {
pub fn validate(
&self,
schema: &dyn SchemaTransaction,
) -> Result<Filter<FilterValid>, SchemaError> {
Ok(Filter {
state: FilterValid {
inner: self.state.inner.validate(schema)?,
@ -354,7 +357,7 @@ impl FilterComp {
}
}
pub fn validate(&self, schema: &SchemaTransaction) -> Result<FilterComp, SchemaError> {
pub fn validate(&self, schema: &dyn SchemaTransaction) -> Result<FilterComp, SchemaError> {
// Optimisation is done at another stage.
// This probably needs some rework

3
rsidmd/src/lib/modify.rs
View file

@ -117,7 +117,7 @@ impl ModifyList<ModifyInvalid> {
pub fn validate(
&self,
schema: &SchemaTransaction,
schema: &dyn SchemaTransaction,
) -> Result<ModifyList<ModifyValid>, SchemaError> {
let schema_attributes = schema.get_attributes();
/*
@ -138,7 +138,6 @@ impl ModifyList<ModifyInvalid> {
None => Err(SchemaError::InvalidAttribute),
}
}
// TODO: Should this be a partial value type?
Modify::Removed(attr, value) => {
let attr_norm = schema.normalise_attr_name(attr);
match schema_attributes.get(&attr_norm) {

17
rsidmd/src/server/main.rs
View file

@ -64,6 +64,17 @@ enum Opt {
RecoverAccount(RecoverAccountOpt),
}
impl Opt {
fn debug(&self) -> bool {
match self {
Opt::Server(sopt) | Opt::Verify(sopt) => sopt.debug,
Opt::Backup(bopt) => bopt.serveropts.debug,
Opt::Restore(ropt) => ropt.serveropts.debug,
Opt::RecoverAccount(ropt) => ropt.serveropts.debug,
}
}
}
fn main() {
// Read cli args, determine if we should backup/restore
let opt = Opt::from_args();
@ -74,7 +85,11 @@ fn main() {
// Configure the server logger. This could be adjusted based on what config
// says.
// ::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=info");
if opt.debug() {
::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=debug");
} else {
::std::env::set_var("RUST_LOG", "actix_web=info,rsidm=info");
}
env_logger::init();
match opt {