|
 |
feafcbc |
From c16214f71f8ab2a5fc122966159ce056e0e9e897 Mon Sep 17 00:00:00 2001
|
|
|
feafcbc |
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
|
feafcbc |
Date: Mon, 17 Oct 2016 18:58:50 +0200
|
|
|
feafcbc |
Subject: [PATCH 26/39] SECRETS: Add allowed_sec_users_options
|
|
|
feafcbc |
MIME-Version: 1.0
|
|
|
feafcbc |
Content-Type: text/plain; charset=UTF-8
|
|
|
feafcbc |
Content-Transfer-Encoding: 8bit
|
|
|
feafcbc |
|
|
|
feafcbc |
There are options (the proxying related ones) that only apply to the
|
|
|
feafcbc |
secrets' subsections. In order to make config API able to catch those,
|
|
|
feafcbc |
let's create a new section called allowed_sec_users_options) and move
|
|
|
feafcbc |
there these proxying options.
|
|
|
feafcbc |
|
|
|
feafcbc |
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
feafcbc |
|
|
|
feafcbc |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
feafcbc |
(cherry picked from commit 682c9c3467055c2149af28826f7458b857b0f8c4)
|
|
|
feafcbc |
(cherry picked from commit 9d4cc96f2951412f647223dfe59060fa1e2b7b14)
|
|
|
feafcbc |
---
|
|
|
feafcbc |
src/config/cfg_rules.ini | 15 ++++++++++-----
|
|
|
feafcbc |
1 file changed, 10 insertions(+), 5 deletions(-)
|
|
|
feafcbc |
|
|
|
feafcbc |
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
|
|
|
feafcbc |
index 24937c969..882a185d8 100644
|
|
|
feafcbc |
--- a/src/config/cfg_rules.ini
|
|
|
feafcbc |
+++ b/src/config/cfg_rules.ini
|
|
|
feafcbc |
@@ -8,7 +8,8 @@ section = autofs
|
|
|
feafcbc |
section = ssh
|
|
|
feafcbc |
section = pac
|
|
|
feafcbc |
section = ifp
|
|
|
feafcbc |
-section_re = ^secrets\(/users/[0-9]\+\)\?$
|
|
|
feafcbc |
+section = secrets
|
|
|
feafcbc |
+section_re = ^secrets/users/[0-9]\+$
|
|
|
feafcbc |
section_re = ^domain/.*$
|
|
|
feafcbc |
|
|
|
feafcbc |
[rule/allowed_sssd_options]
|
|
|
feafcbc |
@@ -211,9 +212,10 @@ option = description
|
|
|
feafcbc |
option = allowed_uids
|
|
|
feafcbc |
option = user_attributes
|
|
|
feafcbc |
|
|
|
feafcbc |
+# Secrets service
|
|
|
feafcbc |
[rule/allowed_sec_options]
|
|
|
feafcbc |
validator = ini_allowed_options
|
|
|
feafcbc |
-section_re = ^secrets\(/users/[0-9]\+\)\?$
|
|
|
feafcbc |
+section_re = ^secrets$
|
|
|
feafcbc |
|
|
|
feafcbc |
option = timeout
|
|
|
feafcbc |
option = debug
|
|
|
feafcbc |
@@ -226,12 +228,15 @@ option = reconnection_retries
|
|
|
feafcbc |
option = fd_limit
|
|
|
feafcbc |
option = client_idle_timeout
|
|
|
feafcbc |
option = description
|
|
|
feafcbc |
-
|
|
|
feafcbc |
-# Secrets service
|
|
|
feafcbc |
-option = provider
|
|
|
feafcbc |
option = containers_nest_level
|
|
|
feafcbc |
option = max_secrets
|
|
|
feafcbc |
+
|
|
|
feafcbc |
+[rule/allowed_sec_users_options]
|
|
|
feafcbc |
+validator = ini_allowed_options
|
|
|
feafcbc |
+section_re = ^secrets/users/[0-9]\+$
|
|
|
feafcbc |
+
|
|
|
feafcbc |
# Secrets service - proxy
|
|
|
feafcbc |
+option = provider
|
|
|
feafcbc |
option = proxy_url
|
|
|
feafcbc |
option = auth_type
|
|
|
feafcbc |
option = auth_header_name
|
|
|
feafcbc |
--
|
|
|
feafcbc |
2.11.0
|
|
|
feafcbc |
|