CACHE_REQ: Check the caches first

This patch introduces a new configurable option to define whether the
responder should query all domains' caches before querying the Data
Providers.

This new option is called cache_first and, by default, it's disabled,
meaning that, for each provider, the responder may contact the cache and
the data provider in the same iteration.

Co-Author: Pavel Březina <pbrezina@redhat.com>

Related:
https://pagure.io/SSSD/sssd/issue/3001

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

4 files changed, 10 insertions, 0 deletions

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 44fb777ec..03a1a4333 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -51,6 +51,7 @@ option_strings = {
     'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
     'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
     'responder_idle_timeout' : _('Idle time before automatic shutdown of the responder'),
+    'cache_first': _('Always query all the caches before querying the Data Providers'),
 
     # [sssd]
     'services' : _('SSSD Services to start'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 8cb03adcb..457a6f0a0 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -309,6 +309,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
             'fd_limit',
             'client_idle_timeout',
             'responder_idle_timeout',
+            'cache_first',
             'description',
             'certificate_verification',
             'override_space',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index c01aa85ca..c28732882 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -59,6 +59,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # Name service
 option = user_attributes
@@ -97,6 +98,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # Authentication service
 option = offline_credentials_expiration
@@ -131,6 +133,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # sudo service
 option = sudo_timed
@@ -152,6 +155,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # autofs service
 option = autofs_negative_timeout
@@ -172,6 +176,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # ssh service
 option = ssh_hash_known_hosts
@@ -194,6 +199,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # PAC responder
 option = allowed_uids
@@ -215,6 +221,7 @@ option = fd_limit
 option = client_idle_timeout
 option = description
 option = responder_idle_timeout
+option = cache_first
 
 # InfoPipe responder
 option = allowed_uids
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 7d21d6b70..08cecf003 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -14,6 +14,7 @@ reconnection_retries = int, None, false
 fd_limit = int, None, false
 client_idle_timeout = int, None, false
 responder_idle_timeout = int, None, false
+cache_first = int, None, false
 description = str, None, false
 
 [sssd]