diff --git a/libs/client/src/group.rs b/libs/client/src/group.rs index a1d426fa4..a33b98554 100644 --- a/libs/client/src/group.rs +++ b/libs/client/src/group.rs @@ -37,6 +37,14 @@ impl KanidmClient { .await } + pub async fn group_account_policy_authsession_expiry_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!("/v1/group/{}/_attr/authsession_expiry", id)) + .await + } + pub async fn group_account_policy_credential_type_minimum_set( &self, id: &str, @@ -61,6 +69,17 @@ impl KanidmClient { .await } + pub async fn group_account_policy_password_minimum_length_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!( + "/v1/group/{}/_attr/auth_password_minimum_length", + id + )) + .await + } + pub async fn group_account_policy_privilege_expiry_set( &self, id: &str, @@ -73,6 +92,14 @@ impl KanidmClient { .await } + pub async fn group_account_policy_privilege_expiry_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!("/v1/group/{}/_attr/privilege_expiry", id)) + .await + } + pub async fn group_account_policy_webauthn_attestation_set( &self, id: &str, @@ -85,6 +112,17 @@ impl KanidmClient { .await } + pub async fn group_account_policy_webauthn_attestation_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!( + "/v1/group/{}/_attr/webauthn_attestation_ca_list", + id + )) + .await + } + pub async fn group_account_policy_limit_search_max_results( &self, id: &str, @@ -97,6 +135,14 @@ impl KanidmClient { .await } + pub async fn group_account_policy_limit_search_max_results_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!("/v1/group/{}/_attr/limit_search_max_results", id)) + .await + } + pub async fn group_account_policy_limit_search_max_filter_test( &self, id: &str, @@ -109,6 +155,17 @@ impl KanidmClient { .await } + pub async fn group_account_policy_limit_search_max_filter_test_reset( + &self, + id: &str, + ) -> Result<(), ClientError> { + self.perform_delete_request(&format!( + "/v1/group/{}/_attr/limit_search_max_filter_test", + id + )) + .await + } + pub async fn group_account_policy_allow_primary_cred_fallback( &self, id: &str, diff --git a/tools/cli/src/cli/group/account_policy.rs b/tools/cli/src/cli/group/account_policy.rs index 1f5b6603d..d90aecc1e 100644 --- a/tools/cli/src/cli/group/account_policy.rs +++ b/tools/cli/src/cli/group/account_policy.rs @@ -12,6 +12,12 @@ impl GroupAccountPolicyOpt { | GroupAccountPolicyOpt::LimitSearchMaxResults { copt, .. } | GroupAccountPolicyOpt::LimitSearchMaxFilterTest { copt, .. } | GroupAccountPolicyOpt::AllowPrimaryCredFallback { copt, .. } + | GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { copt, .. } + | GroupAccountPolicyOpt::ResetAuthSessionExpiry { copt, .. } + | GroupAccountPolicyOpt::ResetPasswordMinimumLength { copt, .. } + | GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { copt, .. } + | GroupAccountPolicyOpt::ResetLimitSearchMaxResults { copt, .. } + | GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { copt, .. } | GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug, } } @@ -37,6 +43,19 @@ impl GroupAccountPolicyOpt { println!("Updated authsession expiry."); } } + + GroupAccountPolicyOpt::ResetAuthSessionExpiry { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_authsession_expiry_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset authsession expiry."); + } + } + GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => { let client = copt.to_client(OpType::Write).await; if let Err(e) = client @@ -59,6 +78,17 @@ impl GroupAccountPolicyOpt { println!("Updated password minimum length."); } } + GroupAccountPolicyOpt::ResetPasswordMinimumLength { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_password_minimum_length_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset password minimum length."); + } + } GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry, copt } => { let client = copt.to_client(OpType::Write).await; if let Err(e) = client @@ -70,6 +100,17 @@ impl GroupAccountPolicyOpt { println!("Updated privilege session expiry."); } } + GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_privilege_expiry_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset privilege session expiry."); + } + } GroupAccountPolicyOpt::WebauthnAttestationCaList { name, attestation_ca_list_json, @@ -85,6 +126,19 @@ impl GroupAccountPolicyOpt { println!("Updated webauthn attestation CA list."); } } + + GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_webauthn_attestation_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset webauthn attestation CA list."); + } + } + GroupAccountPolicyOpt::LimitSearchMaxResults { name, maximum, @@ -100,6 +154,17 @@ impl GroupAccountPolicyOpt { println!("Updated search maximum results limit."); } } + GroupAccountPolicyOpt::ResetLimitSearchMaxResults { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_limit_search_max_results_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset search maximum results limit to default."); + } + } GroupAccountPolicyOpt::LimitSearchMaxFilterTest { name, maximum, @@ -115,6 +180,17 @@ impl GroupAccountPolicyOpt { println!("Updated search maximum filter test limit."); } } + GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { name, copt } => { + let client = copt.to_client(OpType::Write).await; + if let Err(e) = client + .group_account_policy_limit_search_max_filter_test_reset(name) + .await + { + handle_client_error(e, copt.output_mode); + } else { + println!("Successfully reset search maximum filter test limit."); + } + } GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow, copt } => { let client = copt.to_client(OpType::Write).await; if let Err(e) = client diff --git a/tools/cli/src/opt/kanidm.rs b/tools/cli/src/opt/kanidm.rs index a1f27f83c..7515205d0 100644 --- a/tools/cli/src/opt/kanidm.rs +++ b/tools/cli/src/opt/kanidm.rs @@ -197,6 +197,8 @@ pub enum GroupAccountPolicyOpt { #[clap(flatten)] copt: CommonOpt, }, + + /// Set the maximum time for privilege session expiry in seconds. #[clap(name = "privilege-expiry")] PrivilegedSessionExpiry { @@ -205,6 +207,8 @@ pub enum GroupAccountPolicyOpt { #[clap(flatten)] copt: CommonOpt, }, + + /// The WebAuthn attestation CA list that should be enforced /// on members of this group. Prevents use of passkeys that are /// not in this list. To create this list, use `fido-mds-tool` @@ -216,6 +220,7 @@ pub enum GroupAccountPolicyOpt { #[clap(flatten)] copt: CommonOpt, }, + /// Sets the maximum number of entries that may be returned in a /// search operation. #[clap(name = "limit-search-max-results")] @@ -245,6 +250,51 @@ pub enum GroupAccountPolicyOpt { #[clap(flatten)] copt: CommonOpt, }, + + /// Reset the maximum time for session expiry to its default value + #[clap(name = "reset-auth-expiry")] + ResetAuthSessionExpiry { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + /// Reset the minimum character length of passwords to its default value. + #[clap(name = "reset-password-minimum-length")] + ResetPasswordMinimumLength { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + /// Reset the maximum time for privilege session expiry to its default value. + #[clap(name = "reset-privilege-expiry")] + ResetPrivilegedSessionExpiry { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + /// Reset the WebAuthn attestation CA list to its default value + /// allowing any passkey to be used by members of this group. + #[clap(name = "reset-webauthn-attestation-ca-list")] + ResetWebauthnAttestationCaList { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + /// Reset the searche maxmium results limit to its default value. + #[clap(name = "reset-limit-search-max-results")] + ResetLimitSearchMaxResults { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + /// Reset the max filter test limit to its default value. + #[clap(name = "reset-limit-search-max-filter-test")] + ResetLimitSearchMaxFilterTest { + name: String, + #[clap(flatten)] + copt: CommonOpt, + }, + } #[derive(Debug, Subcommand)]