CONFDB: Allow configuring [application] sections as non-POSIX domains

Related to:
https://pagure.io/SSSD/sssd/issue/3310

Allows to add a new section:
    [application/$name]

This section internally (on the confdb level) expands to:
    [domain/$name]
    domain_type = application

The reasons to add this new section is two-fold. One, to make the
configuration of application domains more explicit and two, to make it
possible to share configuration between two domains, one POSIX and one
non-POSIX by application domain's inherit_from option:
    [application/$name]
    inherit_from = posix_domain_name

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 3c857236e..8fd2d2c52 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -12,6 +12,7 @@ section = secrets
 section = kcm
 section_re = ^secrets/users/[0-9]\+$
 section_re = ^domain/.*$
+section_re = ^application/.*$
 
 [rule/allowed_sssd_options]
 validator = ini_allowed_options
@@ -286,7 +287,7 @@ option = responder_idle_timeout
 
 [rule/allowed_domain_options]
 validator = ini_allowed_options
-section_re = ^domain/.*$
+section_re = ^(domain|application)/.*$
 
 option = debug
 option = debug_level
@@ -684,3 +685,9 @@ option = ldap_user_ssh_public_key
 option = ldap_user_uid_number
 option = ldap_user_uuid
 option = ldap_use_tokengroups
+
+[rule/allowed_application_options]
+validator = ini_allowed_options
+section_re = ^application/.*$
+
+option = inherit_from