kanidmd/
opt.rs

1#[derive(Debug, Args)]
2struct BackupOpt {
3    #[clap(value_parser)]
4    /// Output path for the backup content.
5    path: PathBuf,
6
7    /// Compression method
8    #[clap(short = 'C', long, env = "KANIDM_BACKUP_COMPRESSION")]
9    compression: Option<String>,
10}
11
12#[derive(Debug, Args)]
13struct RestoreOpt {
14    #[clap(value_parser)]
15    /// Restore from this path. Should be created with "backup".
16    path: PathBuf,
17}
18
19#[derive(Debug, Subcommand)]
20enum DomainSettingsCmds {
21    /// Show the current domain
22    #[clap(name = "show")]
23    Show,
24    /// Change the IDM domain name based on the values in the configuration
25    #[clap(name = "rename")]
26    Change,
27    /// Perform a pre-upgrade-check of this domains content. This will report possible
28    /// incompatibilities that can block a successful upgrade to the next version of
29    /// Kanidm. This is a safe read only operation.
30    #[clap(name = "upgrade-check")]
31    UpgradeCheck,
32    /// ⚠️  Do not use this command unless directed by a project member. ⚠️
33    /// - Raise the functional level of this domain to the maximum available.
34    #[clap(name = "raise")]
35    Raise,
36    /// ⚠️  Do not use this command unless directed by a project member. ⚠️
37    /// - Rerun migrations of this domains database, optionally nominating the level
38    ///   to start from.
39    #[clap(name = "remigrate")]
40    Remigrate { level: Option<u32> },
41}
42
43#[derive(Debug, Subcommand)]
44enum DbCommands {
45    #[clap(name = "vacuum")]
46    /// Vacuum the database to reclaim space or change db_fs_type/page_size (offline)
47    Vacuum,
48    #[clap(name = "backup")]
49    /// Backup the database content (offline)
50    Backup(BackupOpt),
51    #[clap(name = "restore")]
52    /// Restore the database content (offline)
53    Restore(RestoreOpt),
54    #[clap(name = "verify")]
55    /// Verify database and entity consistency.
56    Verify,
57    #[clap(name = "reindex")]
58    /// Reindex the database (offline)
59    Reindex,
60}
61
62#[derive(Debug, Args)]
63struct DbScanListIndex {
64    /// The name of the index to list
65    index_name: String,
66}
67
68#[derive(Debug, Args)]
69struct DbScanGetId2Entry {
70    /// The id of the entry to display
71    id: u64,
72}
73
74#[derive(Debug, Subcommand)]
75enum DbScanOpt {
76    #[clap(name = "list-all-indexes")]
77    /// List all index tables that exist on the system.
78    ListIndexes,
79    #[clap(name = "list-index")]
80    /// List all content of a named index
81    ListIndex(DbScanListIndex),
82    // #[structopt(name = "get_index")]
83    // /// Display the content of a single index key
84    // GetIndex(DbScanGetIndex),
85    #[clap(name = "list-id2entry")]
86    /// List all id2entry values with reduced entry content
87    ListId2Entry,
88    #[clap(name = "get-id2entry")]
89    /// View the data of a specific entry from id2entry
90    GetId2Entry(DbScanGetId2Entry),
91    #[clap(name = "list-index-analysis")]
92    /// List all content of index analysis
93    ListIndexAnalysis,
94    #[clap(name = "quarantine-id2entry")]
95    /// Given an entry id, quarantine the entry in a hidden db partition
96    QuarantineId2Entry {
97        /// The id of the entry to display
98        id: u64,
99    },
100    #[clap(name = "list-quarantined")]
101    /// List the entries in quarantine
102    ListQuarantined,
103    #[clap(name = "restore-quarantined")]
104    /// Given an entry id, restore the entry from the hidden db partition
105    RestoreQuarantined {
106        /// The id of the entry to display
107        id: u64,
108    },
109}
110
111#[derive(Debug, Parser)]
112#[command(name = "kanidmd")]
113struct KanidmdParser {
114    #[command(subcommand)]
115    commands: KanidmdOpt,
116
117    #[clap(short, long, env = "KANIDM_CONFIG", global = true)]
118    config_path: Option<PathBuf>,
119
120    #[clap(flatten)]
121    kanidmd_options: kanidm_proto::cli::KanidmdCli,
122}
123
124#[derive(Debug, Subcommand)]
125enum ScriptingCommand {
126    /// Recover an account's password
127    RecoverAccount {
128        #[clap(value_parser)]
129        /// The account name to recover credentials for.
130        name: String,
131    },
132    /// Backup
133    Backup {
134        /// The path to backup to. If not set, defaults to stdout.
135        path: Option<PathBuf>
136    },
137    /// Initiate a server reload.
138    Reload,
139    /// Load the server config and check services are listening
140    #[clap(name = "healthcheck")]
141    HealthCheck {
142        /// Disable TLS verification
143        #[clap(short, long, action)]
144        verify_tls: bool,
145        /// Check the 'origin' URL from the server configuration file, instead of the 'address'
146        #[clap(short = 'O', long, action)]
147        check_origin: bool,
148    }
149}
150
151// The main command parser for kanidmd
152#[derive(Debug, Subcommand)]
153enum KanidmdOpt {
154    #[clap(name = "server")]
155    /// Start the IDM Server
156    Server,
157    #[clap(name = "configtest")]
158    /// Test the IDM Server configuration, without starting network listeners.
159    ConfigTest,
160    #[clap(name = "cert-generate")]
161    /// Create a self-signed ca and tls certificate in the locations listed from the
162    /// configuration. These certificates should *not* be used in production, they
163    /// are for testing and evaluation only!
164    CertGenerate,
165    #[clap(name = "recover-account")]
166    /// Recover an account's password
167    RecoverAccount {
168        #[clap(value_parser)]
169        /// The account name to recover credentials for.
170        name: String,
171    },
172    #[clap(name = "disable-account")]
173    /// Disable an account so that it can not be used. This can be reset with `recover-account`.
174    DisableAccount {
175        #[clap(value_parser)]
176        /// The account name to disable.
177        name: String,
178    },
179    /// Display this server's replication certificate
180    ShowReplicationCertificate,
181    /// Renew this server's replication certificate
182    RenewReplicationCertificate,
183    /// Refresh this servers database content with the content from a supplier. This means
184    /// that all local content will be deleted and replaced with the supplier content.
185    RefreshReplicationConsumer {
186        /// Acknowledge that this database content will be refreshed from a supplier.
187        #[clap(long = "i-want-to-refresh-this-servers-database")]
188        proceed: bool,
189    },
190    // #[clap(name = "reset_server_id")]
191    // ResetServerId,
192    #[clap(name = "db-scan")]
193    /// Inspect the internal content of the database datastructures.
194    DbScan {
195        #[clap(subcommand)]
196        commands: DbScanOpt,
197    },
198    /// Database maintenance, backups, restoration etc.
199    #[clap(name = "database")]
200    Database {
201        #[clap(subcommand)]
202        commands: DbCommands,
203    },
204    /// Change domain settings
205    #[clap(name = "domain")]
206    DomainSettings {
207        #[clap(subcommand)]
208        commands: DomainSettingsCmds,
209    },
210
211    /// Print the program version and exit
212    #[clap(name = "version")]
213    Version,
214
215    /// A dedicated scripting interface that has machine parsable input/outputs.
216    #[clap(name = "scripting")]
217    Scripting {
218        #[clap(subcommand)]
219        command: ScriptingCommand
220    }
221}