kanidm-unixd example config enfixening (#3314)

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm Fixes #3312 * fix(coverage): moving to using cargo-tarpaulin * kanidm-unixd default config via PPA problem with version 2 on debian bookworm Fixes #3312
2025-02-23 20:47:01 +01:00 · 2024-12-21 15:17:12 +10:00 · 2024-12-21 15:17:12 +10:00 · b6f63f3605
parent 9f499f3913
commit b6f63f3605
9 changed files with 97 additions and 95 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,9 +17,12 @@ tools/orca/example_profiles/small/orca-edited.toml
 /docs/
 # webui things we don't need
 *.d.ts
 server/web_ui/*/pkg/*.js
 # coverage-related things
 *.profraw
 tarpaulin-report.html
 # kanidm simple packaging
 deployment-config/
 kanidm_simple_pkg/
@ -35,6 +38,7 @@ pykanidm/site/
 # oauth2 integration test things
 scripts/oauth_proxy/client.secret
 scripts/oauth_proxy/envfile
 # local config things
 .envrc
--- a/31
+++ b/31
@ -314,26 +314,15 @@ cert/clean:
 	rm -f /tmp/kanidm/ca.txt*
 	rm -f /tmp/kanidm/ca.{cnf,srl,srl.old}
 .PHONY: rust/coverage
 coverage/test: ## Run coverage tests
 coverage/test:
 	LLVM_PROFILE_FILE="$(PWD)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test $(TESTS)
 .PHONY: coverage/grcov
 coverage/grcov: ## Run grcov
 coverage/grcov:
 	rm -rf ./target/coverage/html
 	grcov . --binary-path ./target/debug/deps/ \
 		-s . \
 		-t html \
 		--branch \
 		--ignore-not-existing \
 		--ignore '../*' \
 		--ignore "/*" \
 		--ignore "target/*" \
 		-o target/coverage/html
 .PHONY: coverage
-coverage: ## Run all the coverage tests
+coverage: ## Run the coverage tests using cargo-tarpaulin
-coverage: coverage/test coverage/grcov
+	cargo tarpaulin --out Html
-	echo "Coverage report is in ./target/coverage/html/index.html"
+	@echo "Coverage file at file://$(PWD)/tarpaulin-report.html"
 .PHONY: coveralls
 coveralls: ## Run cargo tarpaulin and upload to coveralls
 coveralls:
 	cargo tarpaulin --coveralls $(COVERALLS_REPO_TOKEN)
 	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"
--- a/book/src/developers/faq.md
+++ b/book/src/developers/faq.md
@ -114,3 +114,7 @@ When a service like sudo, sshd, su, etc. wants to authenticate someone, it opens
 that service, then performs authentication according to the modules defined in the pam.d config. For
 example, if you run `ls -al /etc/pam.d /usr/etc/pam.d` in SUSE, you can see the services and their
 respective pam.d config.
 ## Test coverage
 We're trying to regularly get coverage reports into [Coveralls](https://coveralls.io/github/kanidm/kanidm), you can run the local testing with `make coverage` once you've installed [cargo-tarpaulin](https://crates.io/crates/cargo-tarpaulin).
--- a/build_rs_cov.profraw
+++ b/build_rs_cov.profraw
--- a/examples/kanidm-safe-default
+++ b/examples/kanidm-safe-default
@ -1,4 +1,4 @@
-## Kanidm minimal Service Configuration - /etc/kanidm/config
+# Kanidm minimal Service Configuration - /etc/kanidm/config
 # For a full example and documentation, see /usr/share/kanidm/kanidm
 # or `example/kanidm` in the source repository.
--- a/examples/unixd-safe-default
+++ b/examples/unixd-safe-default
@ -1,17 +1,19 @@
-## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
 # For a full example and documentation, see /usr/share/kanidm-unixd/unixd
-# or `example/unixd` in the source repository.
+# or `example/unixd` in the source repository
 version = '2'
 [kanidm]
 # default_shell = "/bin/sh"
 # home_attr = "uuid"
 # home_alias = "spn"
 # use_etc_skel = false
 # Defines a set of POSIX groups where membership of any of these groups
-# will be allowed to login via PAM.
+# will be allowed to login via PAM
-# Replace your group below and uncomment this line:
+#
 # WITHOUT THIS SET, NOBODY WILL BE ABLE TO LOG IN VIA PAM
 #
 # Replace your group below and uncomment this line
 # pam_allowed_login_groups = ["your_posix_login_group"]
--- a/scripts/test_coverage.sh
+++ b/scripts/test_coverage.sh
@ -1,64 +0,0 @@
 #!/bin/bash
 set -e
 if [ "$(rustup default | grep -cE '^nightly' )" -eq 0 ]; then
    echo "You need to switch to rust nightly!"
    exit 1
 fi
 # if [ "$(which rustfilt | wc -l )" -eq 0 ]; then
 #     echo "You need to have rustfilt on the path"
 #     echo "cargo install rustfilt"
 #     exit 1
 # fi
 if [ "$(which llvm-cov | wc -l )" -eq 0 ]; then
    echo "You need to have llvm-cov on the path"
    exit 1
 fi
 export CARGO_INCREMENTAL=0
 export LLVM_PROFILE_FILE
 echo "Profile files going into ${LLVM_PROFILE_FILE}"
 echo "Running tests"
 #shellcheck disable=SC2068
 LLVM_PROFILE_FILE="$(pwd)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test
 grcov . --binary-path ./target/debug/deps/ \
    -s . \
    -t html \
    --branch \
    --ignore-not-existing \
    --ignore '../*' \
    --ignore "/*" \
    -o target/coverage/html
 # PROFDATA="./target/profile/kanidm.profdata"
 # llvm-profdata merge  ./target/profile/*.profraw -o "${PROFDATA}"
 # llvm-cov report --ignore-filename-regex="\.cargo" \
 #     --enable-name-compression \
 #     $( \
 #       for file in \
 #         $( \
 #           RUSTFLAGS="-C instrument-coverage" \
 #             cargo test --tests --no-run --message-format=json \
 #               | jq -r "select(.profile.test == true) | .filenames[]" \
 #               | grep -v dSYM - \
 #         ); \
 #       do \
 #         printf "%s %s " -object $file; \
 #       done \
 #     ) \
 #   --instr-profile="${PROFDATA}" --summary-only
 # llvm-cov show -Xdemangler=rustfilt target/debug/kanidmd \
 #     -instr-profile="${PROFDATA}" \
 #     -show-line-counts-or-regions \
 #     -show-instantiations \
 #     -name-regex="kani.*"
--- a/unix_integration/common/src/unix_config.rs
+++ b/unix_integration/common/src/unix_config.rs
@ -141,3 +141,35 @@ impl KanidmUnixdConfig {
        })
    }
 }
 #[cfg(test)]
 mod tests {
    use std::path::PathBuf;
    use super::*;
    #[test]
    fn test_load_example_configs() {
        // Test the various included configs
        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
        for file in PathBuf::from(&examples_dir)
            .canonicalize()
            .expect(&format!("Can't find examples dir at {}", examples_dir))
            .read_dir()
            .expect("Can't read examples dir!")
        {
            let file = file.unwrap();
            let filename = file.file_name().into_string().unwrap();
            if filename.starts_with("unixd") {
                print!("Checking that {} parses as a valid config...", filename);
                KanidmUnixdConfig::new()
                    .read_options_from_optional_config(file.path())
                    .expect("Failed to parse");
                println!("OK");
            }
        }
    }
 }
--- a/unix_integration/resolver/src/unix_config.rs
+++ b/unix_integration/resolver/src/unix_config.rs
@ -501,3 +501,38 @@ impl UnixdConfig {
        })
    }
 }
 #[cfg(test)]
 mod tests {
    use std::path::PathBuf;
    use super::*;
    #[test]
    fn test_load_example_configs() {
        // Test the various included configs
        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
        for file in PathBuf::from(&examples_dir)
            .canonicalize()
            .expect(&format!("Can't find examples dir at {}", examples_dir))
            .read_dir()
            .expect("Can't read examples dir!")
        {
            let file = file.unwrap();
            let filename = file.file_name().into_string().unwrap();
            if filename.starts_with("unixd") {
                print!("Checking that {} parses as a valid config...", filename);
                UnixdConfig::new()
                    .read_options_from_optional_config(file.path())
                    .inspect_err(|e| {
                        println!("Failed to parse: {:?}", e);
                    })
                    .expect("Failed to parse!");
                println!("OK");
            }
        }
    }
 }