mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2023 commits 17 branches 59 tags 246 MiB
Commit graph

2023 commits

This branch
This branch
All branches
Author SHA1 Message Date
Merlijn eddca4fc86
Feature object graph (#2518) 
* Refactor: move the object graph ui to admin web ui
* Add dynamic js loading support
Load viz.js dynamically
* Add some js docs
* chore: cleanup imports
* chore: remove unused clipboard feature
chore: remove unused mermaid.sh
* Messing with the profile.release settings and reverting the changes I tried has now made the build much smaller yay :D
* Refactor: user raw search requests
Assert service-accounts properly
* refactor: new v1 proto structure
* Add self to CONTRIBUTORS.md

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-29 02:25:40 +00:00
Firstyear 3760951b6d
Add domain version test framework (#2576) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-28 21:04:33 +00:00
Pavel Dostál 050b1209b9
Fix the miniflux oauth2 example (#2598) 2024-02-28 11:41:28 +00:00
Jinna Kiisuo 6d99f17253
docs(monitoring): Fix syntax for OpenTelemetry config (#2594) 
Co-authored-by: Jinna Kiisuo <jinna+git@nocturnal.fi>
 2024-02-27 13:25:38 +00:00
Firstyear fbc021f487
20240221 2489 cleanup api v1 (#2573) 2024-02-27 09:25:02 +00:00
James Hodgkinson 4096b8f02d
Changing to allow startup without a config file (#2582) 
* Changing to allow startup without a config file, using environment variables
 2024-02-27 15:40:00 +10:00
Firstyear 7b490d73dc
Allow /dev/tpmrm0 on older systemd versions (#2587) 
Older systemd versions require a specific device allow for the tpm to be accessed.
 2024-02-27 02:13:31 +00:00
Firstyear adb575947f
Adjust output of claim maps for better parsing (#2566) 
* Adjust output of claim maps for better parsing
* Update python tests for OAuth2 bits
* fixing workflows for container builds

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-26 13:33:32 +10:00
dependabot[bot] 1a6400b58e
chore(deps): bump the all group in /pykanidm with 4 updates (#2585) 
Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [coverage](https://github.com/nedbat/coveragepy), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [pook](https://github.com/h2non/pook).


Updates `pydantic` from 2.6.1 to 2.6.2
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.1...v2.6.2)

Updates `coverage` from 7.4.1 to 7.4.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.1...7.4.3)

Updates `mkdocs-material` from 9.5.9 to 9.5.11
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.9...9.5.11)

Updates `pook` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/h2non/pook/releases)
- [Changelog](https://github.com/h2non/pook/blob/master/History.rst)
- [Commits](https://github.com/h2non/pook/compare/v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 09:00:14 +10:00
Sebastiano Tocci d3af1a9e1b
improved error description for commit_credential_update (#2579) 2024-02-24 00:18:38 +00:00
Firstyear 3bf16d4253
Make /status less noisy (#2574) 2024-02-22 17:34:46 +10:00
dependabot[bot] 8611bb7135
chore(deps): bump cryptography from 42.0.2 to 42.0.4 in /pykanidm (#2567) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.2 to 42.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-22 12:12:30 +10:00
Firstyear 752bdf7578
Add system range protection (#2565) 2024-02-21 23:27:37 +10:00
Michel Le Bihan 1d34947ee9
Fix string comparison in Debian build script (#2409) 2024-02-21 02:13:20 +00:00
James Hodgkinson 4efdb7208f
of course I started looking at clippy things and now I can't stop (#2560) 2024-02-21 00:52:10 +00:00
Firstyear 68d788a9f7
20240216 308 resource limits (#2559) 
This adds account policy based resource limits to control the maximum
number of entries that an account may query
 2024-02-21 00:15:43 +00:00
Daniil Egortsev 5701da8f23
fix(oauth2): typo in basic path (#2562) 2024-02-20 22:20:37 +00:00
James Hodgkinson 5794cc5217
Adding duplicate-finder script (#2550) 
* Adding duplicate-finder script
* removing unused constant and updated doctstring
 2024-02-20 08:39:16 +00:00
James Hodgkinson 097db70c3d
prctl compile-time fixes, also chasing lints (#2558) 
* fixing up error handling for prctl calls
* minor clippy lintypoos
* making clippy happier
* clippizing a test
* more clippy-calming
* adding tpm-udev to ubuntu flows for testing
* rebuilt wasm
* moving from rg to grep because someone doesn't like nice things
* such clippy like wow
* clippy config to the rescue
 2024-02-20 18:21:33 +10:00
James Hodgkinson 84b2c4956d
Removing unused constant and updating docstring for LDAP bind address (#2556) 2024-02-20 11:10:02 +10:00
dependabot[bot] 8ec63f3e92
chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2553) 
Bumps the all group in /pykanidm with 3 updates: [black](https://github.com/psf/black), [pook](https://github.com/h2non/pook) and [ruff](https://github.com/astral-sh/ruff).


Updates `black` from 24.1.1 to 24.2.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.1.1...24.2.0)

Updates `pook` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/h2non/pook/releases)
- [Changelog](https://github.com/h2non/pook/blob/master/History.rst)
- [Commits](https://github.com/h2non/pook/compare/v1.4.0...v1.4.2)

Updates `ruff` from 0.2.1 to 0.2.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-19 08:54:50 +10:00
Firstyear ea5ff6814c
Support Policy Updates (#2536) 
* Support Policy Updates
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-18 00:44:11 +00:00
dependabot[bot] 3c08be8db8
chore(deps): bump cryptography from 42.0.0 to 42.0.2 in /pykanidm (#2548) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.0 to 42.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-17 22:47:09 +10:00
Firstyear cc28fb2c4b
Re-enable HW tpm support (#2531) 2024-02-17 01:30:08 +00:00
Firstyear 62dff7565e
Add further hardening for system services (#2542) 2024-02-17 00:11:32 +00:00
James Hodgkinson 7394ac86cb
fixing the test script (#2547) 2024-02-16 23:54:07 +00:00
James Hodgkinson 48f33fb8c9
when the HTTPS server fails, handle that gracefully (#2546) 2024-02-16 08:30:43 +00:00
Firstyear 816fde766f
Fix update intent ttl parameters (#2540) 2024-02-16 07:02:36 +00:00
James Hodgkinson faec47d13f
radius build workflow fixes (#2541) 
* radius build workflow fixes
 2024-02-16 03:12:59 +00:00
Firstyear 7a78cb8a80
Conflict nscd, start before sshd (#2539) 2024-02-16 02:24:37 +00:00
Firstyear a4c2e66afd
Fix incorrect documentation elements (#2533) 
This adds the account-policy section for credential-type-minimums
and fixes the replication config defaults to match the documented
behaviour.
 2024-02-16 01:58:41 +00:00
Firstyear 3549c8562f
Remove replication is in dev flag (#2535) 2024-02-16 11:39:43 +10:00
James Hodgkinson 6b44495704
Ordering auth methods in the CLI (#2508) 
* rewriting ordering of authallowed enum
* ordering the authstate in the CLI

---------

Co-authored-by: William Brown <william@blackhats.net.au>
 2024-02-15 12:31:01 +10:00
Firstyear e880a63be4
Set lowercase owner name in tag (#2534) 2024-02-15 11:48:48 +10:00
Firstyear 002ab13698
Add code_challenge_methods_supported to OIDC discovery (#2525) 2024-02-15 09:17:08 +10:00
David Mulder a315d8d440
Himmelblau requires the machine key for unix_user_get (#2523) 
I need access to the machine key here in order to
send a new request to Azure for user details.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-02-13 01:11:30 +00:00
Vladimir Dronnikov 2e0dd40806
Extend on Apache example (#2524) 
As per On Apache discussion
 2024-02-13 10:44:09 +10:00
dependabot[bot] f3ca0f4fa6
chore(deps): bump the all group in /pykanidm with 4 updates (#2520) 
Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.0...v2.6.1)

Updates `pytest-asyncio` from 0.23.4 to 0.23.5
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.4...v0.23.5)

Updates `mkdocs-material` from 9.5.7 to 9.5.9
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.7...9.5.9)

Updates `ruff` from 0.2.0 to 0.2.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.0...v0.2.1)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-12 07:51:36 +10:00
Firstyear c892cd01d5
List of supported features (#2499) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-10 10:56:16 +10:00
Firstyear e3e77fe7b4
Update to latest dev version (#2486) 2024-02-08 09:54:07 +10:00
Firstyear 7567514044
Release 1.1.0-rc.16 (#2483) 2024-02-07 04:39:02 +00:00
Firstyear cdbaefe23d
Fix for incorrect domain migration rollbacks (#2482) 2024-02-07 13:11:55 +10:00
Firstyear 9050188b29
Add tools for remigration and domain level raising (#2481) 2024-02-06 10:01:06 +00:00
dependabot[bot] a1fbde9f2f
chore(deps): bump cryptography from 41.0.6 to 42.0.0 in /pykanidm (#2480) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6 to 42.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-06 15:29:54 +10:00
Firstyear ddea9c6699
Support SPN in groups claim (#2474) 2024-02-06 03:56:04 +00:00
illode 8cd62d4d4a
Credential update tweaks (#2475) 
* Make the Credential Update page more user-friendly
 2024-02-06 03:36:22 +00:00
Firstyear cd27879e7f
Oauth2 pkce faq (#2473) 2024-02-06 12:05:52 +10:00
Jinna Kiisuo aa00ac94d0
Fix debian versioning (#2472) 
* Make the ubuntu_docker_builder.sh script a bit easier to use

- Entrypoint that installs dependencies on launch
- Echo hint on how to build deb packages

* Change debian packaging version string format to fix sort order

The sort order is important so that newer packages are seen as an update
and get installed, instead of apt preferring the older versions!

With these changes, a package is generated as `kanidm_Ubuntu_22.04_1:1.1.0~rc.15-dev~202401311334+c8a9e2c_x86_64.deb`
with the version string `1:1.1.0~rc.15-dev~202401311334+c8a9e2c`

Deb package version string comparison is Complex:
https://man7.org/linux/man-pages/man7/deb-version.7.html

With the previous versioning scheme for dev packages, the git hash
ended up getting prioritized over the date string, see for example:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1.1.0-rc.15-dev-20240120072786916a3; echo $?`
-> 1 (comparison failure)

A simple schema change avoiding most dashes could rescue the hash trouble:
`dpkg --compare-versions 1.1.0~rc.15-dev-202401100453+666448f lt 1.1.0-rc.15-dev-202401200727+86916a3; echo $?`
-> 0 (comparison success)

.. But, the second problem is seeing a stable release as newer:
`dpkg --compare-versions 1.1.0~rc.15-dev~202401100453+666448f lt 1.1.0; echo $?`
-> 1 (comparison failure)

.. Which can be solved by forcing the entire dev portion to not be
interpreted as a debian version by substituting tildes:
`dpkg --compare-versions 1.1.0~rc.15-dev~202401100453+666448f lt 1.1.0; echo $?`
-> 0 (comparison success)

.. But, old schema versions still seem newer due to their debian
version:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1.1.0~rc.15-dev~202401200727+86916a3; echo $?`
-> 1 (comparison failure)

Thus, the only solution is to change the scheme and increment the epoch value once
to force all lesser default epoch versions to be seen as older:
`dpkg --compare-versions 1.1.0-rc.15-dev-202401100453666448f lt 1:1.1.0~rc.15-dev~202401200727+86916a3; echo $?`
-> 0 (comparison success)
`dpkg --compare-versions 1:1.1.0~rc.15-dev~202401200727+86916a3 lt 1:1.1.0; echo $?`
-> 0 (comparison success)

* Drop epoch field from deb filenames

GitHub Actions enforces NTFS compatible artifact filenames, ergo the
colon required for the epoch field is banned. The epoc is still in the
version field itself, just not in the filename.

---------

Co-authored-by: Jinna Kiisuo <jinna+git@nocturnal.fi>
 2024-02-05 18:06:43 +10:00
dependabot[bot] 23ae65f686
chore(deps): bump the all group in /pykanidm with 7 updates (#2479) 
Bumps the all group in /pykanidm with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.5.3` | `2.6.0` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.2` | `3.9.3` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.4.0` | `7.4.1` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.23.3` | `0.23.4` |
| [black](https://github.com/psf/black) | `23.12.1` | `24.1.1` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.4` | `9.5.7` |
| [ruff](https://github.com/astral-sh/ruff) | `0.1.14` | `0.2.0` |


Updates `pydantic` from 2.5.3 to 2.6.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.5.3...v2.6.0)

Updates `aiohttp` from 3.9.2 to 3.9.3
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.2...v3.9.3)

Updates `coverage` from 7.4.0 to 7.4.1
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.0...7.4.1)

Updates `pytest-asyncio` from 0.23.3 to 0.23.4
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.3...v0.23.4)

Updates `black` from 23.12.1 to 24.1.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.12.1...24.1.1)

Updates `mkdocs-material` from 9.5.4 to 9.5.7
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.4...9.5.7)

Updates `ruff` from 0.1.14 to 0.2.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.1.14...v0.2.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-05 13:01:27 +10:00
dependabot[bot] 881a9baafc
chore(deps): bump the all group with 1 update (#2478) 
Bumps the all group with 1 update: [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action).


Updates `mozilla-actions/sccache-action` from 0.0.3 to 0.0.4
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](https://github.com/mozilla-actions/sccache-action/compare/v0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: mozilla-actions/sccache-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-05 08:28:10 +10:00