[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ btw I also manually tested the config regexes and sssd is OK with known option but not OK with an unknown option, which is also good: (Mon Oct 3 15:30:41:545005 2016) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sec_options]: Attribute 'xxx' is not allowed in section 'secrets'. Check for typos. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-251106122 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33
Title: #33: SECRETS: Some small misc fixes + fixing #3168
jhrozek commented:
"""
On Fri, Sep 30, 2016 at 07:55:00AM -0700, fidencio wrote:
> And here is the diff between the last series and the new one that's arriving
> in a few ...
>
> src/config/SSSDConfig/__init__.py.in | 1 +
> src/config/etc/sssd.api.conf | 1 +
> src/responder/secrets/local.c| 2 +-
> 3 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/config/SSSDConfig/__init__.py.in
> b/src/config/SSSDConfig/__init__.py.in
> index 15b9cd1..74c2ca5 100644
> --- a/src/config/SSSDConfig/__init__.py.in
> +++ b/src/config/SSSDConfig/__init__.py.in
> @@ -120,6 +120,7 @@ option_strings = {
>
> # [secrets]
> 'provider': _('The provider where the secrets will be stored in'),
> +'containers_nest_level': _('The maximum allowed number of nested
> containers'),
> # secrets - proxy
> 'proxy_url': _('The URL Custodia server is listening on'),
> 'auth_type': _('The method to use when authenticating to a Custodia
> server'),
> diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
> index f94c8d1..a7757dc 100644
> --- a/src/config/etc/sssd.api.conf
> +++ b/src/config/etc/sssd.api.conf
> @@ -97,6 +97,7 @@ user_attributes = str, None, false
> [secrets]
> # Secrets service
> provider = str, None, false
> +containers_nest_level = int, None, false
> # Secrets service - proxy
> proxy_url = str, None, false
> auth_type = str, None, false
> diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
> index 06260f3..ec84537 100644
> --- a/src/responder/secrets/local.c
> +++ b/src/responder/secrets/local.c
> @@ -334,7 +334,7 @@ done:
> }
>
> static int local_db_check_containers_nest_level(struct local_context *lctx,
> - struct ldb_dn *leaf_dn)
> +struct ldb_dn *leaf_dn)
> {
> int nest_level;
>
>
Thank you, all the patches look good to me now, I did some basic manual
testing, I tested the particular case which gives me a 406 when I reach
the nesting limit:
curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket
-XPOST http://localhost/secrets/con1/con2/con3/con4/con5/
406 Not Acceptable
Not Acceptable
The request cannot be accepted.
CI also passed:
http://sssd-ci.duckdns.org/logs/job/54/50/summary.html
so ACK to all patches.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/33#issuecomment-251105537
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33
Title: #33: SECRETS: Some small misc fixes + fixing #3168
fidencio commented:
"""
And here is the diff between the last series and the new one that's arriving in
a few ...
src/config/SSSDConfig/__init__.py.in | 1 +
src/config/etc/sssd.api.conf | 1 +
src/responder/secrets/local.c| 2 +-
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/config/SSSDConfig/__init__.py.in
b/src/config/SSSDConfig/__init__.py.in
index 15b9cd1..74c2ca5 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -120,6 +120,7 @@ option_strings = {
# [secrets]
'provider': _('The provider where the secrets will be stored in'),
+'containers_nest_level': _('The maximum allowed number of nested
containers'),
# secrets - proxy
'proxy_url': _('The URL Custodia server is listening on'),
'auth_type': _('The method to use when authenticating to a Custodia
server'),
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index f94c8d1..a7757dc 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -97,6 +97,7 @@ user_attributes = str, None, false
[secrets]
# Secrets service
provider = str, None, false
+containers_nest_level = int, None, false
# Secrets service - proxy
proxy_url = str, None, false
auth_type = str, None, false
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index 06260f3..ec84537 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -334,7 +334,7 @@ done:
}
static int local_db_check_containers_nest_level(struct local_context *lctx,
- struct ldb_dn *leaf_dn)
+struct ldb_dn *leaf_dn)
{
int nest_level;
"""
See the full comment at
https://github.com/SSSD/sssd/pull/33#issuecomment-250765831
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ Okay, with this last patch series config-check works like a charm for [secrets] and [secrets/users/$uid]. Also the name of the newly introduced property was renamed to containers_nest_limit (and all the related vars/constants as well). """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250743016 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ Done! """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250682778 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Fri, Sep 30, 2016 at 12:26:46AM -0700, Jakub Hrozek wrote: > I just pushed the documentation patch. Could you please rebase this > series atop origin/master so that I can then only review and push the > new patches? In addition, could you please add Reviewed-By to the config validator patch that is attributed to me? I can't review that one.. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250678547 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Thu, Sep 29, 2016 at 02:37:11PM -0700, fidencio wrote: > So, I've pushed a new version of the patches and I tried to address > all comments made, but the one adding a debug message in case of failure > on local_db_check_containers_nested_level(). IMO would be better to add > the debug messages within Jakub's patches (and I can provide you a patch, > that you can squash to yours, @jhrozek). Sure, I don't mind one way or another. > > In this new series I don't have the work done for #3138 applied. As it will > need some changes I think is just better having these patches pushed ASAP and > then, later on, re-work the patches for #3138. Yes, I agree. > > Also worth to mention that this series fixes #3207 as well. I just pushed the documentation patch. Could you please rebase this series atop origin/master so that I can then only review and push the new patches? """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250678161 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ And CI has passed: http://sssd-ci.duckdns.org/logs/job/54/46/summary.html Although, github complains that all checks have failed for some reason. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250607725 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ So, I've pushed a new version of the patches and I tried to address all comments made, but the one adding a debug message in case of failure on local_db_check_containers_nested_level(). IMO would be better to add the debug messages within Jakub's patches (and I can provide you a patch, that you can squash to yours, @jhrozek). In this new series I don't have the work done for #3138 applied. As it will need some changes I think is just better having these patches pushed ASAP and then, later on, re-work the patches for #3138. Also worth to mention that this series fixes #3207 as well. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250598629 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Wed, Sep 28, 2016 at 02:16:36AM -0700, fidencio wrote: > fidencio commented on this pull request. > > > > > @@ -447,6 +468,9 @@ static int local_db_create(TALLOC_CTX *mem_ctx, > ret = local_db_check_containers(msg, lctx, msg->dn); > if (ret != EOK) goto done; > > +ret = local_db_check_containers_nested_level(lctx, msg->dn); > +if (ret != EOK) goto done; > > I can rebase my patches on top of yours, that wouldn't be a problem. Let me > know what's your preference. I think it's better to get in the code patches and then the DEBUG patches (it's easier and less error-prone to rebase DEBUG messages IMO..) But I guess adding a DEBUG message to this particular place would be nice.. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250117961 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ @jhrozek, about the configAPI question, I really missed the others secrets specific options. I'll re-work and re-submit the patches. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250116102 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
