Fixes#13 and Fixes#135 - webauthn and webauthn with cli. This is the core of webauthn, but only as a single factor. Some changes are still needed for webauthn as MFA and as a verified single factor. This will be made in a subsequent PR.
Fixes#67 and #237 - this add's resource limits to all server accounts by default. These limits bound the size of search sets, how many entries can be tested with filter tests, disables unindexed queries, and limits the size of filters to prevent stack depth and other issues.
Add default entries test to apply behaviours according to
`designs/default_idm_layout.rst`.
Add expected behaviours for:
- Users
- Account managers
- Group managers
- Admins
- People Managers
- Anonymous clients
- Radius servers
Also, refactor `kanidmd_client` tests to separate into different files
and fix some documentation typos
Resolves: #108
Implements #122 password import. This adds most of the server core framework to allow password imports from other sources, with new types easily able to be added in credential.rs.
Implements #137 and parts of #132. This adds full support for CID's to the server, and some parts for recyclebin to work such as internal lessthan queries.
Implements #23 gidnumber generation. This automatically creates gid numbers for posixaccounts and posixgroups based on the UUID of the object. Alternately, these can be provided if manual allocation is desired. This is an important step in posix attribute support.
This adds rest endpoints for schema, group, account listing and individual item getting, client lib to call these end points, and tests for all of these.
Draft of the idm server rest api layout. This is no means a final representation of what this API will look like, but it's important that the ideas and direction, as well as capabilities were documented and discussed.
This adds the fundamentals of the basic IDM layout. It contains the needed design document, and is designed such that the default admins while powerful, still have some limits upon them.
Implement #2 anonymous authentication. This also puts into place the majority of the authentication framework, and starts to build the IDM layers ontop of the DB engine.
This implements access controls, including a huge amount of refactor to support
them and their resolution with the "SelfUUID" keyword. Additionally, parts of
the event structure was improved to help, normalised was added as an entry state
and more.
And there are access controls! They work, have tests, and appear sane.
* Large refactor to improve the ava get interface
* Improve ACP parsing test
* ACP parsing complete
* Fix txn type tech debt
* Clean up queryserver name issue
* Integrate acp to query server, and add reload hooks
* Starting to write search acp enforcement
* Refactor event to take entry rather than UUID to allow acp to filter on the event properly.
* Most of the filter refactor is done
* Finish filter refactor!
* Write and implement basic filter optimiser with redundant term folding
