From c16214f71f8ab2a5fc122966159ce056e0e9e897 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 17 Oct 2016 18:58:50 +0200 Subject: [PATCH 26/39] SECRETS: Add allowed_sec_users_options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are options (the proxying related ones) that only apply to the secrets' subsections. In order to make config API able to catch those, let's create a new section called allowed_sec_users_options) and move there these proxying options. Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek (cherry picked from commit 682c9c3467055c2149af28826f7458b857b0f8c4) (cherry picked from commit 9d4cc96f2951412f647223dfe59060fa1e2b7b14) --- src/config/cfg_rules.ini | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 24937c969..882a185d8 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -8,7 +8,8 @@ section = autofs section = ssh section = pac section = ifp -section_re = ^secrets\(/users/[0-9]\+\)\?$ +section = secrets +section_re = ^secrets/users/[0-9]\+$ section_re = ^domain/.*$ [rule/allowed_sssd_options] @@ -211,9 +212,10 @@ option = description option = allowed_uids option = user_attributes +# Secrets service [rule/allowed_sec_options] validator = ini_allowed_options -section_re = ^secrets\(/users/[0-9]\+\)\?$ +section_re = ^secrets$ option = timeout option = debug @@ -226,12 +228,15 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description - -# Secrets service -option = provider option = containers_nest_level option = max_secrets + +[rule/allowed_sec_users_options] +validator = ini_allowed_options +section_re = ^secrets/users/[0-9]\+$ + # Secrets service - proxy +option = provider option = proxy_url option = auth_type option = auth_header_name -- 2.11.0