From 47aea8d2fc19fedb0a774f2e72c02ac2c87d1723 Mon Sep 17 00:00:00 2001 From: Fabiano FidĂȘncio Date: Sun, 25 Sep 2016 21:52:10 +0200 Subject: CONFIG: Add secrets provider options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related: https://fedorahosted.org/sssd/ticket/3207 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek --- src/config/SSSDConfig/__init__.py.in | 11 +++++++++++ src/config/SSSDConfigTest.py | 6 ++++-- src/config/etc/sssd.api.conf | 12 ++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index e616ce3dc..15b9cd195 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -118,6 +118,17 @@ option_strings = { 'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'), 'user_attributes': _('List of user attributes the InfoPipe is allowed to publish'), + # [secrets] + 'provider': _('The provider where the secrets will be stored in'), + # secrets - proxy + 'proxy_url': _('The URL Custodia server is listening on'), + 'auth_type': _('The method to use when authenticating to a Custodia server'), + 'auth_header_name': _('The name of the headers that will be added into a HTTP request with the value defined in auth_header_value'), + 'auth_header_value': _('The value sssd-secrets would use for auth_header_name'), + 'forward_headers': _('The list of the headers to forward to the Custodia server together with the request'), + 'username': _('The username to use when authenticating to a Custodia server using basic_auth'), + 'password': _('The password to use when authenticating to a Custodia server using basic_auth'), + # [provider] 'id_provider' : _('Identity provider'), 'auth_provider' : _('Authentication provider'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 006a03447..4850073fa 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -1352,7 +1352,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): 'autofs', 'ssh', 'pac', - 'ifp'] + 'ifp', + 'secrets'] for section in control_list: self.assertTrue(sssdconfig.has_section(section), "Section [%s] missing" % @@ -1445,7 +1446,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): 'autofs', 'ssh', 'pac', - 'ifp'] + 'ifp', + 'secrets'] service_list = sssdconfig.list_services() for service in control_list: self.assertTrue(service in service_list, diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 9e4bf2f6e..f94c8d17f 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -94,6 +94,18 @@ pac_lifetime = int, None, false allowed_uids = str, None, false user_attributes = str, None, false +[secrets] +# Secrets service +provider = str, None, false +# Secrets service - proxy +proxy_url = str, None, false +auth_type = str, None, false +auth_header_name = str, None, false +auth_header_value = str, None, false +forward_headers = list, None, false +username = str, None, false +password = str, None, false + [provider] #Available provider types id_provider = str, None, true -- cgit