mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1789 commits 17 branches 59 tags 246 MiB
Commit graph

228 commits

Author SHA1 Message Date
James Hodgkinson 7025a9ff55
Feature: kanidm CLI pulling OpenAPI schema (#2285) 
* diag is super noisy when you actually turn on logging... even though it wasn't an error?
* adding api download-schema to the CLI
* docs
 2023-11-03 17:37:27 +10:00
James Hodgkinson cf35a7e667
Feature: configurable replication poll interval (#2283) 
* Feature: configurable replication poll interval (#2282)
* Updating log messages because REPL != LDAP
 2023-11-02 02:07:53 +00:00
Firstyear 9e5449a644
Minor improvements to incoming replication (#2279) 2023-11-02 01:21:21 +00:00
Allan dbf476fe5e
Remove unused imports and clippy lint (#2276) 
* Fix unused import errors
* Apply clippy get_first lint
* Add contributor

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-11-01 05:54:29 +00:00
Samuel Cabrero c3c0b5f459
Rework ldap bind routine (#2268) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-11-01 15:09:22 +10:00
Firstyear a3266978c8
Disable inconsistent test (#2278) 2023-11-01 02:02:53 +00:00
William Brown 4a08b77285 make versions consistent 2023-10-31 21:24:07 +10:00
James Hodgkinson 6642139900
Release 1.1.0-rc.15-dev 2023-10-31 19:26:18 +10:00
James Hodgkinson ef96ca6aa1
started writing docs and ended up in another rabbit hole (#2267) 
* started writing docs and ended up in another rabbit hole
* updoots
* dangit fedora
 2023-10-31 19:15:35 +10:00
James Hodgkinson 3bfc347c53
CLI integration test beginnings (#2261) 
* more integration test things, using assert_cmd to test the CLI end-to-end
* packagez
* making clippy happy
* making deno happy
 2023-10-30 06:10:54 +00:00
William Brown ecc46bb015 Add book chapter + cli 2023-10-28 13:07:06 +10:00
NavinShrinivas b80a3b271c Cargo fmt and clippy checks 
Signed-off-by: NavinShrinivas <karupal2002@gmail.com>
 2023-10-28 13:07:06 +10:00
NavinShrinivas 12ea1c8702 Restrict posix passwords on ldap bind with config 
Signed-off-by: NavinShrinivas <karupal2002@gmail.com>
 2023-10-28 13:07:06 +10:00
James Hodgkinson e02328ae8b
Splitting the SPAs (#2219) 
* doing some work for enumerating how the accounts work together
* fixing up build scripts and removing extra things
* making JavaScript as_tag use the struct field names
* making shared.js a module, removing wasmloader.js
* don't compress compressed things
 2023-10-27 06:03:58 +00:00
James Hodgkinson ad3c491d07
Bug chasing (#2257) 
* service-account validity expire-at doesn't accept all time nouns as defined by docs
Fixes #2153
* realised a logic bug
* making clippy happy while I'm here
* returning an empty set from the creds if the creds attribute is not found, which is then handled downstream
 2023-10-27 05:30:38 +00:00
Samuel Cabrero 99ba97088d
cargo fmt + clippy (#2241) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-10-27 04:40:24 +00:00
James Hodgkinson 7dc18e4f9e
adding service account patch methods (#2255) 
* adding service_account PATCH
 2023-10-26 13:40:45 +10:00
Firstyear afe9d28754
20231019 1122 account policy basics (#2245) 
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-10-22 11:16:42 +00:00
Firstyear 6ff9082fd2
20231014 account policy (#2218) 
* Start to prep for unix+ssh keys in credupdate session
 2023-10-19 01:40:06 +00:00
James Hodgkinson 6850a17e8c
Windows build fixes and test coverage (#2220) 
* adding testing for users functions
* turning KanidmClient build error into a ClientError
* removing a redundant closure
 2023-10-17 07:18:07 +00:00
James Hodgkinson eead47aec8
Fixing dependabot and its mistakes (#2232) 
* updating to utoipa 4.0.0
* hi dependabot
 2023-10-16 05:15:53 +00:00
dependabot[bot] 1a36673c46
chore(deps): bump utoipa-swagger-ui from 3.1.5 to 4.0.0 (#2224) 
Bumps [utoipa-swagger-ui](https://github.com/juhaku/utoipa) from 3.1.5 to 4.0.0.
- [Release notes](https://github.com/juhaku/utoipa/releases)
- [Commits](https://github.com/juhaku/utoipa/compare/utoipa-swagger-ui-3.1.5...utoipa-swagger-ui-4.0.0)

---
updated-dependencies:
- dependency-name: utoipa-swagger-ui
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-15 20:45:27 +00:00
James Hodgkinson f28d5cef22
OpenAPI/swagger docs autogen (#2175) 
* always be clippyin'
* pulling oauth2 api things out into their own module
* starting openapi generation
 2023-10-14 12:39:14 +10:00
Firstyear 8bcf1935a5
20231012 346 name deny list (#2214) 
* Migrate to improved system config reload, cleanup acc pol
* Denied names feature
 2023-10-13 08:50:36 +10:00
Firstyear 88da55260a
Add file diagnosis (#2210) 2023-10-12 12:09:54 +10:00
Firstyear fbc62ea51e
fix RUV on startup, improve filter output (#2211) 2023-10-11 21:14:27 +10:00
James Hodgkinson d9da1eeca0
Chasing yaks down dark alleyways (#2207) 
* adding some test coverage because there was some rando panic-inducing thing
* ldap constants
* documenting a macro
* helpful weird errors
* the war on strings continues
* less json more better
* testing things fixing bugs
* idm_domain_reset_token_key wasn't working, added a test and fixed it (we weren't testing it)
* idm_domain_set_ldap_basedn - adding tests
* adding testing for idm_account_credential_update_cancel_mfareg
* warning of deprecation
 2023-10-11 15:44:29 +10:00
dependabot[bot] d538f80fa1
chore(deps): bump axum-auth from 0.4.0 to 0.4.1 (#2200) 
Bumps [axum-auth](https://github.com/owez/axum-auth) from 0.4.0 to 0.4.1.
- [Commits](https://github.com/owez/axum-auth/compare/0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: axum-auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-08 21:26:48 +00:00
Firstyear a91bf55471
20231008 remove expect used (#2191) 
* Stop using expect on some tasks
 2023-10-08 17:39:00 +10:00
James Hodgkinson 19f9fde012
Thread naming and display (#2190) 
* sometimes handlers fail
* enums are better than strings
* clippyisms
 2023-10-08 13:08:46 +10:00
James Hodgkinson 48979b8e1a
Replication tweaks - try the most recent successful one and error less (#2189) 
* made an error less error-y and also found a way to try the last-most-working repl peer
 2023-10-07 13:09:42 +10:00
James Hodgkinson 0adc3e0dd9
Chasing wooly quadrapeds again (#2163) 
* I really like well-tended yaks
* documenting yaks
* spellink
* less surprise more good
* schema test fix
* clippyisms
 2023-10-05 12:30:46 +10:00
Firstyear f6d2bcb44b
68 20230929 replication finalisation (#2160) 
Replication is now ready for test deployments!
 2023-10-05 11:11:27 +10:00
James Hodgkinson e7f594a1c1
In-system image storage (#2112) 
* In-system image storage refers to #2057
* adding multipart feature to axum
* thanks to @Firstyear for fixing my bufs
* fixing coverage test things
* clippy-calming
* more tests, jpg acropalypse tests, benches
* spelling
* lockfile updates
* linting
 2023-10-04 17:24:12 +10:00
Firstyear cb985a2fd0
fix credential update intent defaults (#2162) 2023-09-30 20:06:44 +10:00
Firstyear 3e345174b6
68 20230919 replication configuration (#2131) 2023-09-29 12:02:13 +10:00
James Hodgkinson c7a269575c
Enforce TLS key size minimums (#2145) 
* Enforce TLS key size minimums - Fixes #2144
* at some point clippy got mad
 2023-09-26 09:59:00 +10:00
James Hodgkinson c998a1eda5
bindaddress default doesn't match documentation (#2150) 
Fixes #2147
 2023-09-26 09:38:07 +10:00
James Hodgkinson d5ed335b52
Cinco de yakko (#2108) 
* there are always more yaks
* see? ldap yaks.
* fixing stupid radius container build thing
 2023-09-16 12:11:06 +10:00
Firstyear 77da40d528
68 20230912 session consistency (#2110) 
This adds support for special-casing sessions in replication to allow them to internally trim and merge so that session revocations and creations are not lost between replicas.
 2023-09-16 09:22:11 +10:00
James Hodgkinson 383592d921
Schema dooby doo ... yon (#2103) 
Refers #1987

Notable changes:

- in server/lib/src/entry.rs - aiming to pass the enum instead of the strings
    - changed signature of add_ava to take Attribute instead of &str (which is used in the entry_init macro... which was fun)
    - set_ava<T> now takes Attribute
- added TryFrom<&AttrString> for Attribute
 2023-09-12 11:47:24 +10:00
Firstyear b3aed1df34
68 20230908 replication attrunique (#2086) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-09-12 08:50:51 +10:00
James Hodgkinson d3d80e7364
Schema-dooby-doo-part-trois (#2082) 
* adding extra_attributes field to BuiltinGroup, migrating more things.
* checkpoint 3 - ACP, easy as 1,2,3
* codespell
* now throwing error on dyngroup with defined members
 2023-09-09 09:38:47 +10:00
James Hodgkinson 4b7563adc8
CLI and test things (#2080) 
* testing things actually run is handy
* adding build mode to scripts
* uh, so I started messing with handling exit codes...
 2023-09-09 09:35:59 +10:00
Firstyear 61c59d5a5a
68 20230907 replication (#2081) 
* Test replication when nodes are valid beyond cl trim
 2023-09-08 08:59:06 +10:00
James Hodgkinson 2f312e6b2d
Removing default features from git2 package (#2078) 
* don't need ssh or https in git2 - saves 50.69s

* codespell
 2023-09-06 08:25:29 +10:00
Firstyear d1fe7b9127
68 20230829 replication referential integrity (#2048) 
* Member of works!
* Hooray, refint over replication works.
 2023-09-05 21:30:51 +10:00
James Hodgkinson d5d76d1a3c
Schema dooby doo part two (#2071) 
* scim strings!
* mapmapmap
* mapmapmap -comments and map
* updating delete teest
* fixing some tests
 2023-09-05 16:58:42 +10:00
Firstyear 538429838d
When an empty body was returned, do request would error incorrectly (#2074) 2023-09-05 14:14:00 +10:00
James Hodgkinson 1d88cede1b
Yak hassling (#2059) 
* trying this query thing again
* if error show error not panic
* clippyism
* moving dependencies around and fixing log messages for healthcheck
* cleaning up some comment mess
* fixing the "debug thing breaks packaging" issue and test failures
 2023-09-05 11:50:51 +10:00
dependabot[bot] 07c9a9078e
chore(deps): bump tower-http from 0.4.3 to 0.4.4 (#2064) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-03 21:04:53 +00:00
Sebastiano Tocci f2e9c8a16e
Add tests for X-Forwarded-For header (kinda) (#1957) 
* Add tests for X-Forwarded-For header (kinda)
* testing for invalid header format
* added debug endpoint and got tests working
* various fixing here and there
 2023-08-31 09:31:16 +08:00
Firstyear 5bd69b81b8
Clear cache before verify on some low-level tests (#2044) 2023-08-29 12:26:29 +10:00
Firstyear 0f977d33b9
68 20230828 replication of schema (#2045) 2023-08-29 12:20:27 +10:00
Firstyear da56738dea
pam multistep auth state machine (#2022) 
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
 2023-08-28 09:27:29 +10:00
Samuel Cabrero 9dda8b1ad3
Authentication shortcut to get a RW session (#1993) 
* auth: Add a privileged flag to AuthStep::Init2 step to request a rw session

The privileged flag is defined as Option<bool> for compatibility with
existing clients.
 2023-08-24 09:54:33 +10:00
Sebastiano Tocci 47e953bfd2
wopsies, missing imports (#2023) 
* wopsies, missing imports
* more clippy and fmt
* adding test build for kanidm with idv-tui feature
* making codespell happy

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-08-23 22:40:25 +10:00
Sebastiano Tocci 70b19f0630
idv cli (#2001) 2023-08-23 20:51:24 +10:00
James Hodgkinson def4420c4c
pykanidm updoots (#2019) 
* fixing some derpitude in headers and auth, adding tests
* dox fox
* cleaning up typing
 2023-08-23 13:55:08 +10:00
Firstyear 2355dbfead
68 20230821 replication (#2020) 
* Resolve spn incremental replication
 2023-08-23 11:17:13 +10:00
Sebastiano Tocci eb7527379b
Configurable session timeouts (#1965) 
* added `auth_session_expiry` and `auth_privilege_expiry`
* Added `AcountPolicy` struct
* spelling and stuff
* added cli tools
 2023-08-22 11:00:43 +10:00
James Hodgkinson 05b35df413
Less human strings more enums (#1989) 
* statics or enums you choose
* acp rewrite, defined SchemaAcp as a test
* macros and targetscopes and filters oh my
 2023-08-21 17:16:43 +10:00
dependabot[bot] 75263c6214
chore(deps): bump gloo-timers from 0.2.6 to 0.3.0 (#2011) 
Bumps [gloo-timers](https://github.com/rustwasm/gloo) from 0.2.6 to 0.3.0.
- [Release notes](https://github.com/rustwasm/gloo/releases)
- [Changelog](https://github.com/rustwasm/gloo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/gloo/compare/gloo-timers-v0.2.6...0.3.0)

---
updated-dependencies:
- dependency-name: gloo-timers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-20 23:40:42 +00:00
James Hodgkinson 01cdeedc72
reordering layers so the web server works in non-debug-mode (#1999) 2023-08-19 11:00:53 +10:00
Firstyear f6001504a9
20230817 idv migration (#1992) 
* Must attr
* Post merge cleanup of idv
 2023-08-18 20:29:00 +10:00
Samuel Cabrero 17741c4929
daemon: kanidmd version requires a config file to run (#1959) (#1990) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-08-17 17:02:24 +10:00
Firstyear bc341af9d8
Resolve issues with dyngroup members (#1986) 2023-08-17 15:52:12 +10:00
Firstyear 0183ae6c71
Revert "sqlite where IN for id entry (#1988)" (#1991) 
This reverts commit 46f9a36a1c.
 2023-08-17 13:47:11 +10:00
James Hodgkinson 46f9a36a1c
sqlite where IN for id entry (#1988) 
Fixes #258
 2023-08-17 13:32:41 +10:00
Sebastiano Tocci 003234c2d0
Identity verification feature (#1819) 2023-08-16 21:02:48 +10:00
Firstyear 87866c568b
1982 service account access (#1985) 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
James Hodgkinson 9a6168b67d
Fixing test release (#1983) 
* Fixing cargo test --release

* more tracing less dbg
 2023-08-15 15:42:15 +10:00
James Hodgkinson 83f189fed3
error handling and web server logging fixes (#1960) 
* Fixing the setup_dev_environment script
* clippy calming
* handle_internalunixusertokenread throwing 500's without context
Fixes #1958
 2023-08-14 20:47:49 +10:00
James Hodgkinson aba9f6a724
Struct-ifying schema things (#1971) 
* structifying things
 2023-08-14 19:39:49 +10:00
James Hodgkinson 9246293922
Fighting with zypper, tagging our images (#1964) 
* fighting weird build issues

* labels are better outside

* ugh that stupid linter

* why do you always lint on me

* neat

* adding comments
 2023-08-14 10:06:53 +10:00
James Hodgkinson cc79f7eba1
Are we JSON yet? Kinda. But we're closer. (#1967) 2023-08-14 08:51:44 +10:00
J. B. Crawford 054b580fe6
Allow one-character usernames (#1941) 2023-08-10 08:09:18 +10:00
Sebastiano Tocci c742497866
providing server configuration in the testkit::test macro (#1953) 2023-08-08 20:01:18 +10:00
Sebastiano Tocci 5d96412181
replaced skip_serializing_if with skip_serializing_none (#1932) 
* replaced `skip_serializing_if` with `skip_serializing_none`
 2023-08-03 08:51:30 +10:00
Sebastiano Tocci d50373e64b
fixed serialization of oauth2 token scope (#1930) 2023-08-02 09:50:57 +10:00
Sebastiano Tocci de45732322
added compression layer for the pkg route (#1928) 2023-08-02 08:10:46 +10:00
Firstyear bf3e16cbd3
Resolve issue with publishing (#1925) 
* Resolve issue with publishing

* Fix version
 2023-08-01 17:25:32 +10:00
Firstyear 0fe5ff0f87
Set dev version (#1924) 2023-08-01 15:23:07 +10:00
Firstyear 689c7c74f6
Release 1.1.0-beta.13 (#1922) 2023-08-01 15:12:35 +10:00
Firstyear cccc20ea42
20230731 release (#1921) 
* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci
 2023-07-31 22:27:21 +10:00
Firstyear 62ce42f8c1
Improve default shells for distros (#1920) 2023-07-31 14:58:27 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown (#1909) 2023-07-31 12:20:52 +10:00
James Hodgkinson ea4d755d7b
chasing weirdness (#1910) 
* security headers, fixing error on empty username, handling login without SPN better

* making deno happy

* cleaning up windows build
 2023-07-31 10:49:59 +10:00
Firstyear 99b761c966
20230727 unix int modularity (#1907) 2023-07-28 10:48:56 +10:00
Firstyear 8f282e3a30
68 20230720 replication improvements (#1905) 2023-07-27 12:30:22 +10:00
Firstyear 54544075c1
Improve service file for host installs (#1901) 2023-07-25 12:23:47 +10:00
Firstyear e17dcc0ddb
1788 admin unix socket (#1880) 2023-07-24 10:05:10 +10:00
dependabot[bot] 2a65bc11a3
chore(deps): bump axum-macros from 0.3.7 to 0.3.8 (#1892) 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.3.7...axum-macros-v0.3.8)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:30:20 +00:00
dependabot[bot] f76edfc995
chore(deps): bump tower-http from 0.4.1 to 0.4.3 (#1888) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.1...tower-http-0.4.3)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:02:56 +00:00
Sebastiano Tocci fa78c4bbb4
added hsts header middleware (#1882) 
* added hsts header middleware
* Update header to use the strongly typed version
 2023-07-22 13:16:10 -07:00
Firstyear 79ff5e9775
1785 allow sync attr yielding via partial write admin (#1879) 2023-07-19 11:42:53 +10:00
Firstyear 4f3f7e2708
Revert to opensuse based radius container. (#1878) 2023-07-19 11:41:57 +10:00
Sebastiano Tocci e5748fdebb
Unix gid duplicate fix (#1876) 
* added gid removal only when the gid is actually set and updated tests

---------

Signed-off-by: Sebastiano Tocci <seba.tocci@gmail.com>
 2023-07-19 09:44:51 +10:00
Firstyear 60a1cdf9d8
Sync account import improvements (#1873) 2023-07-18 08:49:22 +10:00
James Hodgkinson 5cd62eb974
Upgraded clap, removing atty as a dependency (#1849) 
* upgraded clap, removing atty as a dependency
* changing the PR template so when you add a list up the top it doesn't break the bottom
 2023-07-13 12:19:28 +10:00