SECRETS: Add a configurable limit of secrets that can be stored

Related:
https://fedorahosted.org/sssd/ticket/3169

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

3 files changed, 3 insertions, 0 deletions

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 74c2ca5a7..cde196478 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -121,6 +121,7 @@ option_strings = {
     # [secrets]
     'provider': _('The provider where the secrets will be stored in'),
     'containers_nest_level': _('The maximum allowed number of nested containers'),
+    'max_secrets': _('The maximum number of secrets that can be stored'),
     # secrets - proxy
     'proxy_url': _('The URL Custodia server is listening on'),
     'auth_type': _('The method to use when authenticating to a Custodia server'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index e6f23ff34..b6316be8c 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -229,6 +229,7 @@ option = description
 # Secrets service
 option = provider
 option = containers_nest_level
+option = max_secrets
 # Secrets service - proxy
 option = proxy_url
 option = auth_type
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index a7757dc13..567d52efe 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -98,6 +98,7 @@ user_attributes = str, None, false
 # Secrets service
 provider = str, None, false
 containers_nest_level = int, None, false
+max_secrets = int, None, false
 # Secrets service - proxy
 proxy_url = str, None, false
 auth_type = str, None, false