Struct kanidmd_lib::server::QueryServerWriteTransaction

pub struct QueryServerWriteTransaction<'a> { /* private fields */ }

Implementations

impl<'a> QueryServerWriteTransaction<'a>

pub fn consumer_apply_changes( &mut self, ctx: ReplIncrementalContext, ) -> Result<ConsumerState, OperationError>

pub fn consumer_apply_refresh( &mut self, ctx: ReplRefreshContext, ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn supplier_renew_key_cert( &mut self, domain_name: &str, ) -> Result<(), OperationError>

pub fn supplier_get_key_cert( &mut self, domain_name: &str, ) -> Result<(PKey<Private>, X509), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn batch_modify( &mut self, me: &BatchModifyEvent, ) -> Result<(), OperationError>

This function behaves different to modify. Modify applies the same modification operation en-mass to 1 -> N entries. This takes a set of modifications that define a precise entry to apply a change to and only modifies that.

modify is for all entries matching this condition, do this change.

batch_modify is for entry X apply mod A, for entry Y apply mod B etc. It allows you to do per-entry mods.

The drawback is you need to know ahead of time what uuids you are affecting. This has parallels to scim, so it’s not a significant issue.

Otherwise, we follow the same pattern here as modify, and inside the transform the same modlists are used.

pub fn internal_batch_modify( &mut self, mods_iter: impl Iterator<Item = (Uuid, ModifyList<ModifyInvalid>)>, ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn create(&mut self, ce: &CreateEvent) -> Result<(), OperationError>

The create event is a raw, read only representation of the request that was made to us, including information about the identity performing the request.

pub fn internal_create( &mut self, entries: Vec<Entry<EntryInit, EntryNew>>, ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn delete(&mut self, de: &DeleteEvent) -> Result<(), OperationError>

pub fn internal_delete( &mut self, filter: &Filter<FilterInvalid>, ) -> Result<(), OperationError>

pub fn internal_delete_uuid( &mut self, target_uuid: Uuid, ) -> Result<(), OperationError>

pub fn internal_delete_uuid_if_exists( &mut self, target_uuid: Uuid, ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn internal_migrate_or_create( &mut self, e: Entry<EntryInit, EntryNew>, ) -> Result<(), OperationError>

• If the thing exists:
  • Ensure the set of attributes match and are present (but don’t delete multivalue, or extended attributes in the situation.
• If not:
  • Create the entry

This will extra classes an attributes alone!

NOTE: gen_modlist* IS schema aware and will handle multivalue correctly!

pub fn internal_migrate_or_create_ignore_attrs( &mut self, e: Entry<EntryInit, EntryNew>, attrs: &[Attribute], ) -> Result<(), OperationError>

This is the same as QueryServerWriteTransaction::internal_migrate_or_create but it will ignore the specified list of attributes, so that if an admin has modified those values then we don’t stomp them.

pub fn initialise_schema_core(&mut self) -> Result<(), OperationError>

pub fn initialise_schema_idm(&mut self) -> Result<(), OperationError>

pub fn initialise_domain_info(&mut self) -> Result<(), OperationError>

This function is idempotent, runs all the startup functionality and checks

pub fn initialise_idm(&mut self) -> Result<(), OperationError>

This function is idempotent, runs all the startup functionality and checks

impl<'a> QueryServerWriteTransaction<'a>

pub fn modify(&mut self, me: &ModifyEvent) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn internal_modify( &mut self, filter: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, ) -> Result<(), OperationError>

pub fn internal_modify_uuid( &mut self, target_uuid: Uuid, modlist: &ModifyList<ModifyInvalid>, ) -> Result<(), OperationError>

pub fn impersonate_modify_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, m_valid: ModifyList<ModifyValid>, event: &Identity, ) -> Result<(), OperationError>

pub fn impersonate_modify( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity, ) -> Result<(), OperationError>

pub fn impersonate_modify_gen_event( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity, ) -> Result<ModifyEvent, OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn purge_tombstones(&mut self) -> Result<usize, OperationError>

pub fn purge_recycled(&mut self) -> Result<usize, OperationError>

pub fn revive_recycled( &mut self, re: &ReviveRecycledEvent, ) -> Result<(), OperationError>

impl<'a> QueryServerWriteTransaction<'a>

pub fn domain_raise(&mut self, level: u32) -> Result<(), OperationError>

pub fn domain_remigrate(&mut self, level: u32) -> Result<(), OperationError>

pub fn set_domain_display_name( &mut self, new_domain_name: &str, ) -> Result<(), OperationError>

Initiate a domain display name change process. This isn’t particularly scary because it’s just a wibbly human-facing thing, not used for secure activities (yet)

pub fn danger_domain_rename( &mut self, new_domain_name: &str, ) -> Result<(), OperationError>

Initiate a domain rename process. This is generally an internal function but it’s exposed to the cli for admins to be able to initiate the process.

Safety

This is UNSAFE because while it may change the domain name, it doesn’t update the running configured version of the domain name that is resident to the query server.

Currently it’s only used to test what happens if we rename the domain and how that impacts spns, but in the future we may need to reconsider how this is approached, especially if we have a domain re-name replicated to us. It could be that we end up needing to have this as a cow cell or similar?

pub fn reindex(&mut self) -> Result<(), OperationError>

pub fn clear_cache(&mut self) -> Result<(), OperationError>

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations

impl<'a> QueryServerTransaction<'a> for QueryServerWriteTransaction<'a>

fn get_domain_name(&self) -> &str

Gets the in-memory domain_name element

type AccessControlsTransactionType = AccessControlsWriteTransaction<'a>

type BackendTransactionType = BackendWriteTransaction<'a>

type SchemaTransactionType = SchemaWriteTransaction<'a>

type KeyProvidersTransactionType = KeyProvidersWriteTransaction<'a>

fn get_be_txn(&mut self) -> &mut BackendWriteTransaction<'a>

fn get_schema<'b>(&self) -> &'b SchemaWriteTransaction<'a>

fn get_accesscontrols(&self) -> &AccessControlsWriteTransaction<'a>

fn get_key_providers(&self) -> &KeyProvidersWriteTransaction<'a>

fn get_resolve_filter_cache(&mut self) -> &mut ResolveFilterCacheReadTxn<'a>

fn get_resolve_filter_cache_and_be_txn( &mut self, ) -> (&mut BackendWriteTransaction<'a>, &mut ResolveFilterCacheReadTxn<'a>)

fn pw_badlist(&self) -> &HashSet<String>

fn denied_names(&self) -> &HashSet<String>

fn get_domain_version(&self) -> DomainVersion

fn get_domain_patch_level(&self) -> u32

fn get_domain_development_taint(&self) -> bool

fn get_domain_uuid(&self) -> Uuid

fn get_domain_display_name(&self) -> &str

fn get_domain_image_value(&self) -> Option<ImageValue>

fn search_ext( &mut self, se: &SearchEvent, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Conduct a search and apply access controls to yield a set of entries that have been reduced to the set of user visible avas. Note that if you provide a SearchEvent for the internal user, this query will fail. It is invalid for the access module to attempt to reduce avas for internal searches, and you should use fn search instead.

fn search( &mut self, se: &SearchEvent, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn exists(&mut self, ee: &ExistsEvent) -> Result<bool, OperationError>

fn name_to_uuid(&mut self, name: &str) -> Result<Uuid, OperationError>

fn sync_external_id_to_uuid( &mut self, external_id: &str, ) -> Result<Option<Uuid>, OperationError>

fn uuid_to_spn(&mut self, uuid: Uuid) -> Result<Option<Value>, OperationError>

fn uuid_to_rdn(&mut self, uuid: Uuid) -> Result<String, OperationError>

fn internal_exists( &mut self, filter: Filter<FilterInvalid>, ) -> Result<bool, OperationError>

From internal, generate an “exists” event and dispatch

fn internal_search( &mut self, filter: Filter<FilterInvalid>, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Applies ACP to filter result entries.

fn impersonate_search( &mut self, filter: Filter<FilterInvalid>, filter_intent: Filter<FilterInvalid>, event: &Identity, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn impersonate_search_ext( &mut self, filter: Filter<FilterInvalid>, filter_intent: Filter<FilterInvalid>, event: &Identity, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

fn internal_search_uuid( &mut self, uuid: Uuid, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID. This is used heavily for internal server operations, especially in login and ACP checks.

fn internal_search_all_uuid( &mut self, uuid: Uuid, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID, even if the entry in question is in a masked state (recycled, tombstoned).

fn internal_search_conflict_uuid( &mut self, uuid: Uuid, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

Get all conflict entries that originated from a source uuid.

fn impersonate_search_ext_uuid( &mut self, uuid: Uuid, event: &Identity, ) -> Result<Entry<EntryReduced, EntryCommitted>, OperationError>

fn impersonate_search_uuid( &mut self, uuid: Uuid, event: &Identity, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

fn clone_value( &mut self, attr: &Attribute, value: &str, ) -> Result<Value, OperationError>

Do a schema aware conversion from a String:String to String:Value for modification present.

fn clone_partialvalue( &mut self, attr: &Attribute, value: &str, ) -> Result<PartialValue, OperationError>

fn resolve_scim_interim( &mut self, scim_value_intermediate: ScimValueIntermediate, ) -> Result<Option<ScimValueKanidm>, OperationError>

fn resolve_valueset( &mut self, value: &ValueSet, ) -> Result<Vec<String>, OperationError>

fn resolve_valueset_ldap( &mut self, value: &ValueSet, basedn: &str, ) -> Result<Vec<Vec<u8>>, OperationError>

fn get_db_domain(&mut self) -> Result<Arc<EntrySealedCommitted>, OperationError>

fn get_domain_key_object_handle( &self, ) -> Result<Arc<Box<dyn KeyObjectT + Send + Sync + 'static>>, OperationError>

fn get_domain_es256_private_key(&mut self) -> Result<Vec<u8>, OperationError>

fn get_domain_ldap_allow_unix_pw_bind(&mut self) -> Result<bool, OperationError>

fn get_sc_password_badlist(&mut self) -> Result<HashSet<String>, OperationError>

Get the password badlist from the system config. You should not call this directly as this value is cached in the system_config() value.

fn get_sc_denied_names(&mut self) -> Result<HashSet<String>, OperationError>

Get the denied name set from the system config. You should not call this directly as this value is cached in the system_config() value.

fn get_oauth2rs_set( &mut self, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn get_applications_set( &mut self, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

fn consumer_get_state(&mut self) -> Result<ReplRuvRange, OperationError>