Struct kanidmd_lib::server::QueryServerWriteTransaction

pub struct QueryServerWriteTransaction<'a> { /* private fields */ }

Implementations

impl<'a> QueryServerWriteTransaction<'a>

pub fn consumer_apply_changes(&mut self) -> Result<(), OperationError>

pub fn consumer_apply_refresh( &mut self, ctx: &ReplRefreshContext ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn batch_modify( &mut self, me: &BatchModifyEvent ) -> Result<(), OperationError>

This function behaves different to modify. Modify applies the same modification operation en-mass to 1 -> N entries. This takes a set of modifications that define a precise entry to apply a change to and only modifies that.

modify is for all entries matching this condition, do this change.

batch_modify is for entry X apply mod A, for entry Y apply mod B etc. It allows you to do per-entry mods.

The drawback is you need to know ahead of time what uuids you are affecting. This has parallels to scim, so it’s not a significant issue.

Otherwise, we follow the same pattern here as modify, and inside the transform the same modlists are used.

pub fn internal_batch_modify( &mut self, mods_iter: impl Iterator<Item = (Uuid, ModifyList<ModifyInvalid>)> ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn create(&mut self, ce: &CreateEvent) -> Result<(), OperationError>

pub fn internal_create( &mut self, entries: Vec<Entry<EntryInit, EntryNew>> ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn delete(&mut self, de: &DeleteEvent) -> Result<(), OperationError>

pub fn internal_delete( &mut self, filter: &Filter<FilterInvalid> ) -> Result<(), OperationError>

pub fn internal_delete_uuid( &mut self, target_uuid: Uuid ) -> Result<(), OperationError>

pub fn internal_delete_uuid_if_exists( &mut self, target_uuid: Uuid ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn internal_migrate_or_create_str( &mut self, e_str: &str ) -> Result<(), OperationError>

pub fn internal_migrate_or_create( &mut self, e: Entry<EntryInit, EntryNew> ) -> Result<(), OperationError>

pub fn migrate_8_to_9(&mut self) -> Result<(), OperationError>

Migrate 8 to 9

This migration updates properties of oauth2 relying server properties. First, it changes the former basic value to a secret utf8string.

The second change improves the current scope system to remove the implicit scope type.

pub fn migrate_9_to_10(&mut self) -> Result<(), OperationError>

Migrate 9 to 10

This forces a load and rewrite of all credentials stored on all accounts so that they are updated to new on-disk formats. This will allow us to purge some older on disk formats in a future version.

An extended feature of this is the ability to store multiple TOTP’s per entry.

pub fn migrate_10_to_11(&mut self) -> Result<(), OperationError>

Migrate 10 to 11

This forces a load of all credentials, and then examines if any are “passkey” capable. If they are, they are migrated to the passkey type, allowing us to deprecate and remove the older credential behaviour.

pub fn migrate_11_to_12(&mut self) -> Result<(), OperationError>

Migrate 11 to 12

Rewrite api-tokens from session to a dedicated api token type.

pub fn initialise_schema_core(&mut self) -> Result<(), OperationError>

pub fn initialise_schema_idm(&mut self) -> Result<(), OperationError>

pub fn initialise_idm(&mut self) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn modify(&mut self, me: &ModifyEvent) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn internal_modify( &mut self, filter: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid> ) -> Result<(), OperationError>

pub fn internal_modify_uuid( &mut self, target_uuid: Uuid, modlist: &ModifyList<ModifyInvalid> ) -> Result<(), OperationError>

pub fn impersonate_modify_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, m_valid: ModifyList<ModifyValid>, event: &Identity ) -> Result<(), OperationError>

pub fn impersonate_modify( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity ) -> Result<(), OperationError>

pub fn impersonate_modify_gen_event( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity ) -> Result<ModifyEvent, OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn purge_tombstones(&mut self) -> Result<(), OperationError>

pub fn purge_recycled(&mut self) -> Result<(), OperationError>

pub fn revive_recycled( &mut self, re: &ReviveRecycledEvent ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn set_domain_display_name( &mut self, new_domain_name: &str ) -> Result<(), OperationError>

Initiate a domain display name change process. This isn’t particularly scary because it’s just a wibbly human-facing thing, not used for secure activities (yet)

pub fn domain_rename( &mut self, new_domain_name: &str ) -> Result<(), OperationError>

Initiate a domain rename process. This is generally an internal function but it’s exposed to the cli for admins to be able to initiate the process.

pub fn reindex(&mut self) -> Result<(), OperationError>

pub fn get_changed_uuids(&self) -> &HashSet<Uuid>

pub fn get_changed_ouath2(&self) -> bool

pub fn get_changed_domain(&self) -> bool

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations

impl<'a> QueryServerTransaction<'a> for QueryServerWriteTransaction<'a>

fn get_domain_name(&self) -> &str

Gets the in-memory domain_name element

type AccessControlsTransactionType = AccessControlsWriteTransaction<'a>

type BackendTransactionType = BackendWriteTransaction<'a>

type SchemaTransactionType = SchemaWriteTransaction<'a>

fn get_be_txn(&mut self) -> &mut BackendWriteTransaction<'a>

fn get_schema<'b>(&self) -> &'b SchemaWriteTransaction<'a>

fn get_accesscontrols(&self) -> &AccessControlsWriteTransaction<'a>

fn get_resolve_filter_cache( &mut self ) -> &mut ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>

fn get_resolve_filter_cache_and_be_txn( &mut self ) -> (&mut BackendWriteTransaction<'a>, &mut ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>)

fn get_domain_uuid(&self) -> Uuid

fn get_domain_display_name(&self) -> &str

fn search_ext( &mut self, se: &SearchEvent ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Conduct a search and apply access controls to yield a set of entries that have been reduced to the set of user visible avas. Note that if you provide a SearchEvent for the internal user, this query will fail. It is invalid for the access module to attempt to reduce avas for internal searches, and you should use fn search instead.

fn search( &mut self, se: &SearchEvent ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn exists(&mut self, ee: &ExistsEvent) -> Result<bool, OperationError>

fn name_to_uuid(&mut self, name: &str) -> Result<Uuid, OperationError>

fn sync_external_id_to_uuid( &mut self, external_id: &str ) -> Result<Option<Uuid>, OperationError>

fn uuid_to_spn(&mut self, uuid: Uuid) -> Result<Option<Value>, OperationError>

fn uuid_to_rdn(&mut self, uuid: Uuid) -> Result<String, OperationError>

fn internal_exists( &mut self, filter: Filter<FilterInvalid> ) -> Result<bool, OperationError>

From internal, generate an “exists” event and dispatch

fn internal_search( &mut self, filter: Filter<FilterInvalid> ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Applies ACP to filter result entries.

fn impersonate_search( &mut self, filter: Filter<FilterInvalid>, filter_intent: Filter<FilterInvalid>, event: &Identity ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext( &mut self, filter: Filter<FilterInvalid>, filter_intent: Filter<FilterInvalid>, event: &Identity ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

fn internal_search_uuid( &mut self, uuid: Uuid ) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID. This is used heavily for internal server operations, especially in login and ACP checks.

fn impersonate_search_ext_uuid( &mut self, uuid: Uuid, event: &Identity ) -> Result<Entry<EntryReduced, EntryCommitted>, OperationError>

fn impersonate_search_uuid( &mut self, uuid: Uuid, event: &Identity ) -> Result<Arc<EntrySealedCommitted>, OperationError>

fn clone_value( &mut self, attr: &str, value: &str ) -> Result<Value, OperationError>

Do a schema aware conversion from a String:String to String:Value for modification present.

fn clone_partialvalue( &mut self, attr: &str, value: &str ) -> Result<PartialValue, OperationError>

fn resolve_valueset( &mut self, value: &ValueSet ) -> Result<Vec<String>, OperationError>

fn resolve_valueset_ldap( &mut self, value: &ValueSet, basedn: &str ) -> Result<Vec<Vec<u8>>, OperationError>

fn get_db_domain_name(&mut self) -> Result<String, OperationError>

Pull the domain name from the database

fn get_domain_fernet_private_key(&mut self) -> Result<String, OperationError>

fn get_domain_es256_private_key(&mut self) -> Result<Vec<u8>, OperationError>

fn get_domain_cookie_key(&mut self) -> Result<[u8; 32], OperationError>

fn get_password_badlist(&mut self) -> Result<HashSet<String>, OperationError>

fn get_oauth2rs_set( &mut self ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>