On Thu, Aug 04, 2016 at 11:35:30AM +0200, Michal Židek wrote: > On 07/12/2016 06:38 PM, Lukas Slebodnik wrote: > > On (12/07/16 15:59), Michal Židek wrote: > > > On 07/12/2016 03:36 PM, Lukas Slebodnik wrote: > > > > On (12/07/16 15:16), Michal Židek wrote: > > > > > +# secrets responder > > > > > +option = provider > > > > > + > > > > > > > > I think you need to also update "rule/allowed_sections" > > > > > > > > maybe you could run tour tool "sssctl config-check" > > > > before sending patches :-) > > > > > > > > > > What a useful tool it turned out to be :) > > > > > > > And there are another related question to this topic. > > > > Should we add undocumented option to the list? > > > > > > > > We already have "command" in schema. Should we add other as well? > > > > > > > > IMHO, no. > > > > > > > > LS > > > > > > So far we only added options that we expect users > > > to use. Options that are for developers are not added to the > > > schema for now. > > > > > > Michal > > > > > From 42a3038b68452cf92b2f87ae0875f4e3b8b1f051 Mon Sep 17 00:00:00 2001 > > > From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> > > > Date: Mon, 11 Jul 2016 13:03:28 +0200 > > > Subject: [PATCH 1/3] config: Allow timeout for all sevices > > > > > > Fixes: > > > https://fedorahosted.org/sssd/ticket/3068 > > > > > > Allow option "timeout" for all sevices. > > > Also remove unused macro CONFDB_SERVICE_TIMEOUT. > > > --- > > ACK > > > > > From cacd9f84e702c2aa7f5c41d0d257eb5ce8c77a12 Mon Sep 17 00:00:00 2001 > > > From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> > > > Date: Mon, 11 Jul 2016 13:34:03 +0200 > > > Subject: [PATCH 2/3] config: Add config_file_version to schema > > > > > > Fixes: > > > https://fedorahosted.org/sssd/ticket/3068 > > > --- > > > src/config/SSSDConfigTest.py | 1 + > > > src/config/cfg_rules.ini | 1 + > > > src/config/etc/sssd.api.conf | 1 + > > > 3 files changed, 3 insertions(+) > > > > > ACK > > > > > From f292235689986eae02fec9a91fb8af151b553eab Mon Sep 17 00:00:00 2001 > > > From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> > > > Date: Tue, 12 Jul 2016 15:05:16 +0200 > > > Subject: [PATCH 3/3] config: Allow 'secrets' section > > > > > > Fixes: > > > https://fedorahosted.org/sssd/ticket/3068 > > > > > > Allow the 'secrets' section in config file > > > schema. > > > --- > > > src/config/SSSDConfigTest.py | 6 ++++-- > > > src/config/cfg_rules.ini | 22 ++++++++++++++++++++++ > > > src/config/etc/sssd.api.conf | 4 ++++ > > > 3 files changed, 30 insertions(+), 2 deletions(-) > > > > > > diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py > > > index 332d870..4748ecb 100755 > > > --- a/src/config/SSSDConfigTest.py > > > +++ b/src/config/SSSDConfigTest.py > > > @@ -1351,7 +1351,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): > > > 'autofs', > > > 'ssh', > > > 'pac', > > > - 'ifp'] > > > + 'ifp', > > > + 'secrets'] > > > for section in control_list: > > > self.assertTrue(sssdconfig.has_section(section), > > > "Section [%s] missing" % > > > @@ -1444,7 +1445,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): > > > 'autofs', > > > 'ssh', > > > 'pac', > > > - 'ifp'] > > > + 'ifp', > > > + 'secrets'] > > > service_list = sssdconfig.list_services() > > > for service in control_list: > > > self.assertTrue(service in service_list, > > > diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini > > > index 635c078..cab25fc 100644 > > > --- a/src/config/cfg_rules.ini > > > +++ b/src/config/cfg_rules.ini > > > @@ -8,6 +8,7 @@ section = autofs > > > section = ssh > > > section = pac > > > section = ifp > > > +section_re = ^secrets/.*$ > > > section_re = ^domain/.*$ > > > > > > [rule/allowed_sssd_options] > > > @@ -224,6 +225,27 @@ option = diag_cmd > > > option = allowed_uids > > > option = user_attributes > > > > > > +[rule/allowed_secrets_options] > > > +validator = ini_allowed_options > > > +section_re = ^secrets/.*$ > > > + > > > +option = timeout > > > +option = debug > > > +option = debug_level > > > +option = debug_timestamps > > > +option = debug_microseconds > > > +option = debug_to_files > > > +option = command > > > +option = reconnection_retries > > > +option = fd_limit > > > +option = client_idle_timeout > > > +option = force_timeout > > > +option = description > > > +option = diag_cmd > > > + > > > +# secrets responder > > > +option = provider > > > + > > > > There are some options which you didn't include (e.g. forward_headers) > > @see > > grep confdb_get -A 5 src/responder/secrets/* > > grep proxy_get_config_string -A 5 src/responder/secrets/* > > > > LS > > It looks like secret uses different set of options completely. > Also there is the service/program specific configuration of > secrets that should work similar to domains (like [secret/apache] > or something like that). > > I will not sent this patch until I have better understanding > of how secrets service work and how it can be configured. I think we > should make a ticket for the documentation/design page > enhancement and make the schema change as a subtask for it.
We already have: https://fedorahosted.org/sssd/ticket/3053 I would like to work on that next week.. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org