Struct kanidmd_lib::server::QueryServerWriteTransaction

pub struct QueryServerWriteTransaction<'a> { /* private fields */ }

Implementations

impl<'a> QueryServerWriteTransaction<'a>

pub fn create(&self, ce: &CreateEvent) -> Result<(), OperationError>

pub fn delete(&self, de: &DeleteEvent) -> Result<(), OperationError>

pub fn purge_tombstones(&self) -> Result<(), OperationError>

pub fn purge_recycled(&self) -> Result<(), OperationError>

pub fn revive_recycled(
    &self,
    re: &ReviveRecycledEvent
) -> Result<(), OperationError>

pub fn revive_recycled_legacy(
    &self,
    re: &ReviveRecycledEvent
) -> Result<(), OperationError>

pub fn modify(&self, me: &ModifyEvent) -> Result<(), OperationError>

pub fn migrate_2_to_3(&self) -> Result<(), OperationError>

Migrate 2 to 3 changes the name, domain_name types from iutf8 to iname.

pub fn migrate_3_to_4(&self) -> Result<(), OperationError>

Migrate 3 to 4 - this triggers a regen of the domains security token as we previously did not have it in the entry.

pub fn migrate_4_to_5(&self) -> Result<(), OperationError>

Migrate 4 to 5 - this triggers a regen of all oauth2 RS es256 der keys as we previously did not generate them on entry creation.

pub fn migrate_5_to_6(&self) -> Result<(), OperationError>

Migrate 5 to 6 - This updates the domain info item to reset the token keys based on the new encryption types.

pub fn migrate_6_to_7(&self) -> Result<(), OperationError>

Migrate 6 to 7

Modify accounts that are not persons, to be service accounts so that the extension rules remain valid.

pub fn migrate_7_to_8(&self) -> Result<(), OperationError>

Migrate 7 to 8

Touch all service accounts to trigger a regen of their es256 jws keys for api tokens

pub fn internal_create(
    &self,
    entries: Vec<Entry<EntryInit, EntryNew>>
) -> Result<(), OperationError>

pub fn internal_delete(
    &self,
    filter: &Filter<FilterInvalid>
) -> Result<(), OperationError>

pub fn internal_modify(
    &self,
    filter: &Filter<FilterInvalid>,
    modlist: &ModifyList<ModifyInvalid>
) -> Result<(), OperationError>

pub fn impersonate_modify_valid(
    &self,
    f_valid: Filter<FilterValid>,
    f_intent_valid: Filter<FilterValid>,
    m_valid: ModifyList<ModifyValid>,
    event: &Identity
) -> Result<(), OperationError>

pub fn impersonate_modify(
    &self,
    filter: &Filter<FilterInvalid>,
    filter_intent: &Filter<FilterInvalid>,
    modlist: &ModifyList<ModifyInvalid>,
    event: &Identity
) -> Result<(), OperationError>

pub fn impersonate_modify_gen_event(
    &self,
    filter: &Filter<FilterInvalid>,
    filter_intent: &Filter<FilterInvalid>,
    modlist: &ModifyList<ModifyInvalid>,
    event: &Identity
) -> Result<ModifyEvent, OperationError>

pub fn internal_migrate_or_create_str(
    &self,
    e_str: &str
) -> Result<(), OperationError>

pub fn internal_migrate_or_create(
    &self,
    e: Entry<EntryInit, EntryNew>
) -> Result<(), OperationError>

pub fn initialise_schema_core(&self) -> Result<(), OperationError>

pub fn initialise_schema_idm(&self) -> Result<(), OperationError>

pub fn initialise_idm(&self) -> Result<(), OperationError>

pub fn set_domain_display_name(
    &self,
    new_domain_name: &str
) -> Result<(), OperationError>

Initiate a domain display name change process. This isn’t particularly scary because it’s just a wibbly human-facing thing, not used for secure activities (yet)

pub fn domain_rename(&self, new_domain_name: &str) -> Result<(), OperationError>

Initiate a domain rename process. This is generally an internal function but it’s exposed to the cli for admins to be able to initiate the process.

pub fn reindex(&self) -> Result<(), OperationError>

pub fn get_changed_uuids(&self) -> &HashSet<Uuid>

pub fn get_changed_ouath2(&self) -> bool

pub fn get_changed_domain(&self) -> bool

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations

impl<'a> QueryServerTransaction<'a> for QueryServerWriteTransaction<'a>

fn get_domain_name(&self) -> &str

Gets the in-memory domain_name element

type AccessControlsTransactionType = AccessControlsWriteTransaction<'a>

type BackendTransactionType = BackendWriteTransaction<'a>

type SchemaTransactionType = SchemaWriteTransaction<'a>

fn get_be_txn(&self) -> &BackendWriteTransaction<'a>

fn get_schema(&self) -> &SchemaWriteTransaction<'a>

fn get_accesscontrols(&self) -> &AccessControlsWriteTransaction<'a>

fn get_resolve_filter_cache(
    &self
) -> &mut ARCacheReadTxn<'a, (IdentityId, Filter<FilterValid>), Filter<FilterValidResolved>, ()>

fn get_domain_uuid(&self) -> Uuid

fn get_domain_display_name(&self) -> &str

fn search_ext(
    &self,
    se: &SearchEvent
) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Conduct a search and apply access controls to yield a set of entries that have been reduced to the set of user visible avas. Note that if you provide a SearchEvent for the internal user, this query will fail. It is invalid for the access module to attempt to reduce avas for internal searches, and you should use fn search instead.

fn search(
    &self,
    se: &SearchEvent
) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn exists(&self, ee: &ExistsEvent) -> Result<bool, OperationError>

fn name_to_uuid(&self, name: &str) -> Result<Uuid, OperationError>

fn uuid_to_spn(&self, uuid: Uuid) -> Result<Option<Value>, OperationError>

fn uuid_to_rdn(&self, uuid: Uuid) -> Result<String, OperationError>

fn internal_exists(
    &self,
    filter: Filter<FilterInvalid>
) -> Result<bool, OperationError>

From internal, generate an “exists” event and dispatch

fn internal_search(
    &self,
    filter: Filter<FilterInvalid>
) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_valid(
    &self,
    f_valid: Filter<FilterValid>,
    f_intent_valid: Filter<FilterValid>,
    event: &Identity
) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext_valid(
    &self,
    f_valid: Filter<FilterValid>,
    f_intent_valid: Filter<FilterValid>,
    event: &Identity
) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Applies ACP to filter result entries.

fn impersonate_search(
    &self,
    filter: Filter<FilterInvalid>,
    filter_intent: Filter<FilterInvalid>,
    event: &Identity
) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext(
    &self,
    filter: Filter<FilterInvalid>,
    filter_intent: Filter<FilterInvalid>,
    event: &Identity
) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

fn internal_search_uuid(
    &self,
    uuid: &Uuid
) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID. This is used heavily for internal server operations, especially in login and ACP checks.

fn impersonate_search_ext_uuid(
    &self,
    uuid: &Uuid,
    event: &Identity
) -> Result<Entry<EntryReduced, EntryCommitted>, OperationError>

fn impersonate_search_uuid(
    &self,
    uuid: &Uuid,
    event: &Identity
) -> Result<Arc<EntrySealedCommitted>, OperationError>

fn clone_value(&self, attr: &str, value: &str) -> Result<Value, OperationError>

Do a schema aware conversion from a String:String to String:Value for modification present.

fn clone_partialvalue(
    &self,
    attr: &str,
    value: &str
) -> Result<PartialValue, OperationError>

fn resolve_valueset(
    &self,
    value: &ValueSet
) -> Result<Vec<String>, OperationError>

fn resolve_valueset_ldap(
    &self,
    value: &ValueSet,
    basedn: &str
) -> Result<Vec<String>, OperationError>

fn get_db_domain_name(&self) -> Result<String, OperationError>

Pull the domain name from the database

fn get_domain_fernet_private_key(&self) -> Result<String, OperationError>

fn get_domain_es256_private_key(&self) -> Result<Vec<u8>, OperationError>

fn get_password_badlist(&self) -> Result<HashSet<String>, OperationError>

fn get_oauth2rs_set(
    &self
) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>