[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ btw I also manually tested the config regexes and sssd is OK with known option but not OK with an unknown option, which is also good: (Mon Oct 3 15:30:41:545005 2016) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sec_options]: Attribute 'xxx' is not allowed in section 'secrets'. Check for typos. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-251106122 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Fri, Sep 30, 2016 at 07:55:00AM -0700, fidencio wrote: > And here is the diff between the last series and the new one that's arriving > in a few ... > > src/config/SSSDConfig/__init__.py.in | 1 + > src/config/etc/sssd.api.conf | 1 + > src/responder/secrets/local.c| 2 +- > 3 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/src/config/SSSDConfig/__init__.py.in > b/src/config/SSSDConfig/__init__.py.in > index 15b9cd1..74c2ca5 100644 > --- a/src/config/SSSDConfig/__init__.py.in > +++ b/src/config/SSSDConfig/__init__.py.in > @@ -120,6 +120,7 @@ option_strings = { > > # [secrets] > 'provider': _('The provider where the secrets will be stored in'), > +'containers_nest_level': _('The maximum allowed number of nested > containers'), > # secrets - proxy > 'proxy_url': _('The URL Custodia server is listening on'), > 'auth_type': _('The method to use when authenticating to a Custodia > server'), > diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf > index f94c8d1..a7757dc 100644 > --- a/src/config/etc/sssd.api.conf > +++ b/src/config/etc/sssd.api.conf > @@ -97,6 +97,7 @@ user_attributes = str, None, false > [secrets] > # Secrets service > provider = str, None, false > +containers_nest_level = int, None, false > # Secrets service - proxy > proxy_url = str, None, false > auth_type = str, None, false > diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c > index 06260f3..ec84537 100644 > --- a/src/responder/secrets/local.c > +++ b/src/responder/secrets/local.c > @@ -334,7 +334,7 @@ done: > } > > static int local_db_check_containers_nest_level(struct local_context *lctx, > - struct ldb_dn *leaf_dn) > +struct ldb_dn *leaf_dn) > { > int nest_level; > > Thank you, all the patches look good to me now, I did some basic manual testing, I tested the particular case which gives me a 406 when I reach the nesting limit: curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XPOST http://localhost/secrets/con1/con2/con3/con4/con5/ 406 Not Acceptable Not Acceptable The request cannot be accepted. CI also passed: http://sssd-ci.duckdns.org/logs/job/54/50/summary.html so ACK to all patches. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-251105537 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ And here is the diff between the last series and the new one that's arriving in a few ... src/config/SSSDConfig/__init__.py.in | 1 + src/config/etc/sssd.api.conf | 1 + src/responder/secrets/local.c| 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 15b9cd1..74c2ca5 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -120,6 +120,7 @@ option_strings = { # [secrets] 'provider': _('The provider where the secrets will be stored in'), +'containers_nest_level': _('The maximum allowed number of nested containers'), # secrets - proxy 'proxy_url': _('The URL Custodia server is listening on'), 'auth_type': _('The method to use when authenticating to a Custodia server'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index f94c8d1..a7757dc 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -97,6 +97,7 @@ user_attributes = str, None, false [secrets] # Secrets service provider = str, None, false +containers_nest_level = int, None, false # Secrets service - proxy proxy_url = str, None, false auth_type = str, None, false diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c index 06260f3..ec84537 100644 --- a/src/responder/secrets/local.c +++ b/src/responder/secrets/local.c @@ -334,7 +334,7 @@ done: } static int local_db_check_containers_nest_level(struct local_context *lctx, - struct ldb_dn *leaf_dn) +struct ldb_dn *leaf_dn) { int nest_level; """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250765831 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ Okay, with this last patch series config-check works like a charm for [secrets] and [secrets/users/$uid]. Also the name of the newly introduced property was renamed to containers_nest_limit (and all the related vars/constants as well). """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250743016 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ Done! """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250682778 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Fri, Sep 30, 2016 at 12:26:46AM -0700, Jakub Hrozek wrote: > I just pushed the documentation patch. Could you please rebase this > series atop origin/master so that I can then only review and push the > new patches? In addition, could you please add Reviewed-By to the config validator patch that is attributed to me? I can't review that one.. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250678547 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Thu, Sep 29, 2016 at 02:37:11PM -0700, fidencio wrote: > So, I've pushed a new version of the patches and I tried to address > all comments made, but the one adding a debug message in case of failure > on local_db_check_containers_nested_level(). IMO would be better to add > the debug messages within Jakub's patches (and I can provide you a patch, > that you can squash to yours, @jhrozek). Sure, I don't mind one way or another. > > In this new series I don't have the work done for #3138 applied. As it will > need some changes I think is just better having these patches pushed ASAP and > then, later on, re-work the patches for #3138. Yes, I agree. > > Also worth to mention that this series fixes #3207 as well. I just pushed the documentation patch. Could you please rebase this series atop origin/master so that I can then only review and push the new patches? """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250678161 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ And CI has passed: http://sssd-ci.duckdns.org/logs/job/54/46/summary.html Although, github complains that all checks have failed for some reason. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250607725 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ So, I've pushed a new version of the patches and I tried to address all comments made, but the one adding a debug message in case of failure on local_db_check_containers_nested_level(). IMO would be better to add the debug messages within Jakub's patches (and I can provide you a patch, that you can squash to yours, @jhrozek). In this new series I don't have the work done for #3138 applied. As it will need some changes I think is just better having these patches pushed ASAP and then, later on, re-work the patches for #3138. Also worth to mention that this series fixes #3207 as well. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250598629 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 jhrozek commented: """ On Wed, Sep 28, 2016 at 02:16:36AM -0700, fidencio wrote: > fidencio commented on this pull request. > > > > > @@ -447,6 +468,9 @@ static int local_db_create(TALLOC_CTX *mem_ctx, > ret = local_db_check_containers(msg, lctx, msg->dn); > if (ret != EOK) goto done; > > +ret = local_db_check_containers_nested_level(lctx, msg->dn); > +if (ret != EOK) goto done; > > I can rebase my patches on top of yours, that wouldn't be a problem. Let me > know what's your preference. I think it's better to get in the code patches and then the DEBUG patches (it's easier and less error-prone to rebase DEBUG messages IMO..) But I guess adding a DEBUG message to this particular place would be nice.. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250117961 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#33][comment] SECRETS: Some small misc fixes + fixing #3168
URL: https://github.com/SSSD/sssd/pull/33 Title: #33: SECRETS: Some small misc fixes + fixing #3168 fidencio commented: """ @jhrozek, about the configAPI question, I really missed the others secrets specific options. I'll re-work and re-submit the patches. """ See the full comment at https://github.com/SSSD/sssd/pull/33#issuecomment-250116102 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org