kanidm-unixd example config enfixening (#3314)

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312

* fix(coverage): moving to using cargo-tarpaulin

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312

.gitignore

@@ -17,9 +17,12 @@ tools/orca/example_profiles/small/orca-edited.toml
 /docs/
 # webui things we don't need
 *.d.ts
-
 server/web_ui/*/pkg/*.js
 
+# coverage-related things
+*.profraw
+tarpaulin-report.html
+
 # kanidm simple packaging
 deployment-config/
 kanidm_simple_pkg/
@@ -35,6 +38,7 @@ pykanidm/site/
 # oauth2 integration test things
 scripts/oauth_proxy/client.secret
 scripts/oauth_proxy/envfile
+
 # local config things
 .envrc
 

Makefile

@@ -314,26 +314,15 @@ cert/clean:
 	rm -f /tmp/kanidm/ca.txt*
 	rm -f /tmp/kanidm/ca.{cnf,srl,srl.old}
 
-.PHONY: rust/coverage
-coverage/test: ## Run coverage tests
-coverage/test:
-	LLVM_PROFILE_FILE="$(PWD)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test $(TESTS)
-
-.PHONY: coverage/grcov
-coverage/grcov: ## Run grcov
-coverage/grcov:
-	rm -rf ./target/coverage/html
-	grcov . --binary-path ./target/debug/deps/ \
-		-s . \
-		-t html \
-		--branch \
-		--ignore-not-existing \
-		--ignore '../*' \
-		--ignore "/*" \
-		--ignore "target/*" \
-		-o target/coverage/html
 
 .PHONY: coverage
-coverage: ## Run all the coverage tests
-coverage: coverage/test coverage/grcov
-	echo "Coverage report is in ./target/coverage/html/index.html"
+coverage: ## Run the coverage tests using cargo-tarpaulin
+	cargo tarpaulin --out Html
+	@echo "Coverage file at file://$(PWD)/tarpaulin-report.html"
+
+
+.PHONY: coveralls
+coveralls: ## Run cargo tarpaulin and upload to coveralls
+coveralls:
+	cargo tarpaulin --coveralls $(COVERALLS_REPO_TOKEN)
+	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"

book/src/developers/faq.md

@@ -114,3 +114,7 @@ When a service like sudo, sshd, su, etc. wants to authenticate someone, it opens
 that service, then performs authentication according to the modules defined in the pam.d config. For
 example, if you run `ls -al /etc/pam.d /usr/etc/pam.d` in SUSE, you can see the services and their
 respective pam.d config.
+
+## Test coverage
+
+We're trying to regularly get coverage reports into [Coveralls](https://coveralls.io/github/kanidm/kanidm), you can run the local testing with `make coverage` once you've installed [cargo-tarpaulin](https://crates.io/crates/cargo-tarpaulin).

examples/kanidm-safe-default

@@ -1,7 +1,7 @@
-## Kanidm minimal Service Configuration - /etc/kanidm/config
+# Kanidm minimal Service Configuration - /etc/kanidm/config
 # For a full example and documentation, see /usr/share/kanidm/kanidm
 # or `example/kanidm` in the source repository.
 
 # Replace this with your kanidmd URI and uncomment the line
-#uri = "https://idm.example.com"
+# uri = "https://idm.example.com"
 verify_ca = true

examples/unixd-safe-default

@@ -1,17 +1,19 @@
-## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
 # For a full example and documentation, see /usr/share/kanidm-unixd/unixd
-# or `example/unixd` in the source repository.
+# or `example/unixd` in the source repository
 
 version = '2'
 
+[kanidm]
 # default_shell = "/bin/sh"
-
 # home_attr = "uuid"
 # home_alias = "spn"
 # use_etc_skel = false
 
-
 # Defines a set of POSIX groups where membership of any of these groups
-# will be allowed to login via PAM.
-# Replace your group below and uncomment this line:
-#pam_allowed_login_groups = ["your_posix_login_group"]
+# will be allowed to login via PAM
+#
+# WITHOUT THIS SET, NOBODY WILL BE ABLE TO LOG IN VIA PAM
+#
+# Replace your group below and uncomment this line
+# pam_allowed_login_groups = ["your_posix_login_group"]

scripts/test_coverage.sh

@@ -1,64 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ "$(rustup default | grep -cE '^nightly' )" -eq 0 ]; then
-    echo "You need to switch to rust nightly!"
-    exit 1
-fi
-
-# if [ "$(which rustfilt | wc -l )" -eq 0 ]; then
-#     echo "You need to have rustfilt on the path"
-#     echo "cargo install rustfilt"
-#     exit 1
-# fi
-if [ "$(which llvm-cov | wc -l )" -eq 0 ]; then
-    echo "You need to have llvm-cov on the path"
-    exit 1
-fi
-export CARGO_INCREMENTAL=0
-
-
-export LLVM_PROFILE_FILE
-echo "Profile files going into ${LLVM_PROFILE_FILE}"
-
-echo "Running tests"
-#shellcheck disable=SC2068
-
-LLVM_PROFILE_FILE="$(pwd)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test
-
-grcov . --binary-path ./target/debug/deps/ \
-    -s . \
-    -t html \
-    --branch \
-    --ignore-not-existing \
-    --ignore '../*' \
-    --ignore "/*" \
-    -o target/coverage/html
-
-
-# PROFDATA="./target/profile/kanidm.profdata"
-
-# llvm-profdata merge  ./target/profile/*.profraw -o "${PROFDATA}"
-
-# llvm-cov report --ignore-filename-regex="\.cargo" \
-#     --enable-name-compression \
-#     $( \
-#       for file in \
-#         $( \
-#           RUSTFLAGS="-C instrument-coverage" \
-#             cargo test --tests --no-run --message-format=json \
-#               | jq -r "select(.profile.test == true) | .filenames[]" \
-#               | grep -v dSYM - \
-#         ); \
-#       do \
-#         printf "%s %s " -object $file; \
-#       done \
-#     ) \
-#   --instr-profile="${PROFDATA}" --summary-only
-
-# llvm-cov show -Xdemangler=rustfilt target/debug/kanidmd \
-#     -instr-profile="${PROFDATA}" \
-#     -show-line-counts-or-regions \
-#     -show-instantiations \
-#     -name-regex="kani.*"

unix_integration/common/src/unix_config.rs

@@ -141,3 +141,35 @@ impl KanidmUnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                KanidmUnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .expect("Failed to parse");
+                println!("OK");
+            }
+        }
+    }
+}

unix_integration/resolver/src/unix_config.rs

@@ -501,3 +501,38 @@ impl UnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                UnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .inspect_err(|e| {
+                        println!("Failed to parse: {:?}", e);
+                    })
+                    .expect("Failed to parse!");
+                println!("OK");
+            }
+        }
+    }
+}