kanidmd_lib::server

Struct QueryServerWriteTransaction

source
pub struct QueryServerWriteTransaction<'a> { /* private fields */ }

Implementations§

source§

impl QueryServerWriteTransaction<'_>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn supplier_renew_key_cert( &mut self, domain_name: &str, ) -> Result<(), OperationError>

source

pub fn supplier_get_key_cert( &mut self, domain_name: &str, ) -> Result<(PKey<Private>, X509), OperationError>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn batch_modify( &mut self, me: &BatchModifyEvent, ) -> Result<(), OperationError>

This function behaves different to modify. Modify applies the same modification operation en-mass to 1 -> N entries. This takes a set of modifications that define a precise entry to apply a change to and only modifies that.

modify is for all entries matching this condition, do this change.

batch_modify is for entry X apply mod A, for entry Y apply mod B etc. It allows you to do per-entry mods.

The drawback is you need to know ahead of time what uuids you are affecting. This has parallels to scim, so it’s not a significant issue.

Otherwise, we follow the same pattern here as modify, and inside the transform the same modlists are used.

source

pub fn internal_batch_modify( &mut self, mods_iter: impl Iterator<Item = (Uuid, ModifyList<ModifyInvalid>)>, ) -> Result<(), OperationError>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn create(&mut self, ce: &CreateEvent) -> Result<(), OperationError>

The create event is a raw, read only representation of the request that was made to us, including information about the identity performing the request.

source

pub fn internal_create( &mut self, entries: Vec<Entry<EntryInit, EntryNew>>, ) -> Result<(), OperationError>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn delete(&mut self, de: &DeleteEvent) -> Result<(), OperationError>

source

pub fn internal_delete( &mut self, filter: &Filter<FilterInvalid>, ) -> Result<(), OperationError>

source

pub fn internal_delete_uuid( &mut self, target_uuid: Uuid, ) -> Result<(), OperationError>

source

pub fn internal_delete_uuid_if_exists( &mut self, target_uuid: Uuid, ) -> Result<(), OperationError>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn internal_migrate_or_create( &mut self, e: Entry<EntryInit, EntryNew>, ) -> Result<(), OperationError>

  • If the thing exists:
    • Ensure the set of attributes match and are present (but don’t delete multivalue, or extended attributes in the situation.
  • If not:
    • Create the entry

This will extra classes an attributes alone!

NOTE: gen_modlist* IS schema aware and will handle multivalue correctly!

source

pub fn internal_migrate_or_create_ignore_attrs( &mut self, e: Entry<EntryInit, EntryNew>, attrs: &[Attribute], ) -> Result<(), OperationError>

This is the same as QueryServerWriteTransaction::internal_migrate_or_create but it will ignore the specified list of attributes, so that if an admin has modified those values then we don’t stomp them.

source

pub fn initialise_schema_core(&mut self) -> Result<(), OperationError>

source

pub fn initialise_schema_idm(&mut self) -> Result<(), OperationError>

source

pub fn initialise_domain_info(&mut self) -> Result<(), OperationError>

This function is idempotent, runs all the startup functionality and checks

source

pub fn initialise_idm(&mut self) -> Result<(), OperationError>

This function is idempotent, runs all the startup functionality and checks

source§

impl QueryServerWriteTransaction<'_>

source

pub fn modify(&mut self, me: &ModifyEvent) -> Result<(), OperationError>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn internal_modify( &mut self, filter: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, ) -> Result<(), OperationError>

source

pub fn internal_modify_uuid( &mut self, target_uuid: Uuid, modlist: &ModifyList<ModifyInvalid>, ) -> Result<(), OperationError>

source

pub fn impersonate_modify_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, m_valid: ModifyList<ModifyValid>, event: &Identity, ) -> Result<(), OperationError>

source

pub fn impersonate_modify( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity, ) -> Result<(), OperationError>

source

pub fn impersonate_modify_gen_event( &mut self, filter: &Filter<FilterInvalid>, filter_intent: &Filter<FilterInvalid>, modlist: &ModifyList<ModifyInvalid>, event: &Identity, ) -> Result<ModifyEvent, OperationError>

source§

impl QueryServerWriteTransaction<'_>

source§

impl QueryServerWriteTransaction<'_>

source

pub fn scim_put( &mut self, scim_entry_put: ScimEntryPutEvent, ) -> Result<ScimEntryKanidm, OperationError>

SCIM PUT is the handler where a single entry is updated. In a SCIM PUT request the request defines the state of an attribute in entirety for the update. This means if the caller wants to add one email address, they must PUT all existing addresses in addition to the new one.

source§

impl<'a> QueryServerWriteTransaction<'a>

source

pub fn domain_raise(&mut self, level: u32) -> Result<(), OperationError>

source

pub fn domain_remigrate(&mut self, level: u32) -> Result<(), OperationError>

source

pub fn set_domain_display_name( &mut self, new_domain_name: &str, ) -> Result<(), OperationError>

Initiate a domain display name change process. This isn’t particularly scary because it’s just a wibbly human-facing thing, not used for secure activities (yet)

source

pub fn danger_domain_rename( &mut self, new_domain_name: &str, ) -> Result<(), OperationError>

Initiate a domain rename process. This is generally an internal function but it’s exposed to the cli for admins to be able to initiate the process.

§Safety

This is UNSAFE because while it may change the domain name, it doesn’t update the running configured version of the domain name that is resident to the query server.

Currently it’s only used to test what happens if we rename the domain and how that impacts spns, but in the future we may need to reconsider how this is approached, especially if we have a domain re-name replicated to us. It could be that we end up needing to have this as a cow cell or similar?

source

pub fn reindex(&mut self, immediate: bool) -> Result<(), OperationError>

source

pub fn clear_cache(&mut self) -> Result<(), OperationError>

source

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations§

source§

impl<'a> QueryServerTransaction<'a> for QueryServerWriteTransaction<'a>

source§

fn get_domain_name(&self) -> &str

Gets the in-memory domain_name element

source§

type AccessControlsTransactionType = AccessControlsWriteTransaction<'a>

source§

type BackendTransactionType = BackendWriteTransaction<'a>

source§

type SchemaTransactionType = SchemaWriteTransaction<'a>

source§

type KeyProvidersTransactionType = KeyProvidersWriteTransaction<'a>

source§

fn get_be_txn(&mut self) -> &mut BackendWriteTransaction<'a>

source§

fn get_schema<'b>(&self) -> &'b SchemaWriteTransaction<'a>

source§

fn get_accesscontrols(&self) -> &AccessControlsWriteTransaction<'a>

source§

fn get_key_providers(&self) -> &KeyProvidersWriteTransaction<'a>

source§

fn get_resolve_filter_cache(&mut self) -> &mut ResolveFilterCacheReadTxn<'a>

source§

fn get_resolve_filter_cache_and_be_txn( &mut self, ) -> (&mut BackendWriteTransaction<'a>, &mut ResolveFilterCacheReadTxn<'a>)

source§

fn pw_badlist(&self) -> &HashSet<String>

source§

fn denied_names(&self) -> &HashSet<String>

source§

fn get_domain_version(&self) -> DomainVersion

source§

fn get_domain_patch_level(&self) -> u32

source§

fn get_domain_development_taint(&self) -> bool

source§

fn get_domain_uuid(&self) -> Uuid

source§

fn get_domain_display_name(&self) -> &str

source§

fn get_domain_image_value(&self) -> Option<ImageValue>

source§

fn search_ext( &mut self, se: &SearchEvent, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Conduct a search and apply access controls to yield a set of entries that have been reduced to the set of user visible avas. Note that if you provide a SearchEvent for the internal user, this query will fail. It is invalid for the access module to attempt to reduce avas for internal searches, and you should use fn search instead.
source§

fn search( &mut self, se: &SearchEvent, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

source§

fn exists(&mut self, ee: &ExistsEvent) -> Result<bool, OperationError>

source§

fn name_to_uuid(&mut self, name: &str) -> Result<Uuid, OperationError>

source§

fn sync_external_id_to_uuid( &mut self, external_id: &str, ) -> Result<Option<Uuid>, OperationError>

source§

fn uuid_to_spn(&mut self, uuid: Uuid) -> Result<Option<Value>, OperationError>

source§

fn uuid_to_rdn(&mut self, uuid: Uuid) -> Result<String, OperationError>

source§

fn internal_exists( &mut self, filter: Filter<FilterInvalid>, ) -> Result<bool, OperationError>

From internal, generate an “exists” event and dispatch
source§

fn impersonate_search_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

source§

fn impersonate_search_ext_valid( &mut self, f_valid: Filter<FilterValid>, f_intent_valid: Filter<FilterValid>, event: &Identity, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

Applies ACP to filter result entries.
source§

fn impersonate_search_ext( &mut self, filter: Filter<FilterInvalid>, filter_intent: Filter<FilterInvalid>, event: &Identity, ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError>

source§

fn internal_search_uuid( &mut self, uuid: Uuid, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID. This is used heavily for internal server operations, especially in login and ACP checks.
source§

fn internal_search_all_uuid( &mut self, uuid: Uuid, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

Get a single entry by its UUID, even if the entry in question is in a masked state (recycled, tombstoned).
source§

fn internal_search_conflict_uuid( &mut self, uuid: Uuid, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

Get all conflict entries that originated from a source uuid.
source§

fn impersonate_search_ext_uuid( &mut self, uuid: Uuid, event: &Identity, ) -> Result<Entry<EntryReduced, EntryCommitted>, OperationError>

source§

fn impersonate_search_uuid( &mut self, uuid: Uuid, event: &Identity, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

source§

fn clone_value( &mut self, attr: &Attribute, value: &str, ) -> Result<Value, OperationError>

Do a schema aware conversion from a String:String to String:Value for modification present.
source§

fn clone_partialvalue( &mut self, attr: &Attribute, value: &str, ) -> Result<PartialValue, OperationError>

source§

fn resolve_scim_interim( &mut self, scim_value_intermediate: ScimValueIntermediate, ) -> Result<Option<ScimValueKanidm>, OperationError>

source§

fn resolve_scim_json_put( &mut self, attr: &Attribute, value: Option<JsonValue>, ) -> Result<Option<ValueSet>, OperationError>

source§

fn resolve_valueset_intermediate( &mut self, vs_inter: ValueSetIntermediate, ) -> Result<ValueSet, OperationError>

source§

fn resolve_valueset( &mut self, value: &ValueSet, ) -> Result<Vec<String>, OperationError>

source§

fn resolve_valueset_ldap( &mut self, value: &ValueSet, basedn: &str, ) -> Result<Vec<Vec<u8>>, OperationError>

source§

fn get_db_domain(&mut self) -> Result<Arc<EntrySealedCommitted>, OperationError>

source§

fn get_domain_key_object_handle( &self, ) -> Result<Arc<Box<dyn KeyObjectT + Send + Sync + 'static>>, OperationError>

source§

fn get_domain_es256_private_key(&mut self) -> Result<Vec<u8>, OperationError>

source§

fn get_domain_ldap_allow_unix_pw_bind(&mut self) -> Result<bool, OperationError>

source§

fn get_sc_password_badlist(&mut self) -> Result<HashSet<String>, OperationError>

Get the password badlist from the system config. You should not call this directly as this value is cached in the system_config() value.
source§

fn get_sc_denied_names(&mut self) -> Result<HashSet<String>, OperationError>

Get the denied name set from the system config. You should not call this directly as this value is cached in the system_config() value.
source§

fn get_oauth2rs_set( &mut self, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

source§

fn get_applications_set( &mut self, ) -> Result<Vec<Arc<EntrySealedCommitted>>, OperationError>

source§

fn consumer_get_state(&mut self) -> Result<ReplRuvRange, OperationError>

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> IntoRequest<T> for T

source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more