summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-10-29 14:17:22 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-11-03 10:16:14 -0500
commitc4644ab0dc97ed47fcb72e56a41b4524544582e9 (patch)
tree17c27b2300b3b389d08491a4ca26a467ffa32944
parentc2a29bea5248554a9112d051a7b5be492aa729b6 (diff)
downloadsssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.gz
sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.bz2
sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.zip
Make config_file_version a hidden setting in SSSDConfig API
The config_file_version should never be changed by the API, so we will hide the option inside the SSSDConfig API and remove it from the schema. Guarantee that the config file is of the correct version
-rw-r--r--server/config/SSSDConfig.py21
-rw-r--r--server/config/SSSDConfigTest.py46
-rw-r--r--server/config/etc/sssd.api.conf1
-rw-r--r--server/config/testconfigs/sssd-badversion.conf42
-rw-r--r--server/config/testconfigs/sssd-noversion.conf41
5 files changed, 134 insertions, 17 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 07e967ba..6d3a8c6b 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -199,12 +199,20 @@ class SSSDService:
# Set up the service object with any known defaults
self.options = {}
+ # Include a list of hidden options
+ self.hidden_options = []
+
# Set up default options for all services
self.options.update(self.schema.get_defaults('service'))
# Set up default options for this service
self.options.update(self.schema.get_defaults(self.name))
+ # For the [sssd] service, force the config file version
+ if servicename == 'sssd':
+ self.options['config_file_version'] = 2
+ self.hidden_options.append('config_file_version')
+
def get_name(self):
return self.name
@@ -228,6 +236,10 @@ class SSSDService:
option_schema = self.schema.get_option(self.name, optionname)
elif self.schema.has_option('service', optionname):
option_schema = self.schema.get_option('service', optionname)
+ elif optionname in self.hidden_options:
+ # Set this option and do not add it to the list of changeable values
+ self.options[optionname] = value
+ return
else:
raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
@@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser):
self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
self.configfile = None
self.initialized = False
+ self.API_VERSION = 2
def import_config(self,configfile=None):
if self.initialized:
@@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser):
self.configfile = configfile
self.initialized = True
+ try:
+ if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+ raise ParsingError("Wrong config_file_version")
+ except:
+ # Either the 'sssd' section or the 'config_file_version' was not
+ # present in the config file
+ raise ParsingError("File contains no config_file_version")
+
def new_config(self):
if self.initialized:
raise AlreadyInitializedError
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 0baa9122..a9377bff 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase):
sssd_service = sssdconfig.get_service('sssd')
service_opts = sssd_service.list_options()
- self.assertTrue('config_file_version' in service_opts.keys())
- self.assertEquals(sssd_service.get_option('config_file_version'), 2)
self.assertTrue('services' in service_opts.keys())
service_list = sssd_service.get_option('services')
@@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase):
self.assertTrue('reconnection_retries' in new_options)
self.assertEquals(new_options['reconnection_retries'][0], int)
- self.assertTrue('config_file_version' in new_options)
- self.assertEquals(new_options['config_file_version'][0], int)
-
self.assertTrue('services' in new_options)
self.assertEquals(new_options['debug_level'][0], int)
@@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
options = service.list_options()
control_list = [
- 'config_file_version',
'services',
'domains',
'timeout',
@@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
'Option [%s] unexpectedly found' %
option)
- self.assertTrue(type(options['config_file_version']) == tuple,
+ self.assertTrue(type(options['reconnection_retries']) == tuple,
"Option values should be a tuple")
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should require an int. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should require an int. " +
"list_options is requiring a %s" %
- options['config_file_version'][0])
+ options['reconnection_retries'][0])
- self.assertTrue(options['config_file_version'][1] == None,
- "config_file_version should not require a subtype. " +
+ self.assertTrue(options['reconnection_retries'][1] == None,
+ "reconnection_retries should not require a subtype. " +
"list_options is requiring a %s" %
- options['config_file_version'][1])
+ options['reconnection_retries'][1])
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should default to 2. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should default to 2. " +
"list_options specifies %d" %
- options['config_file_version'][2])
+ options['reconnection_retries'][2])
self.assertTrue(type(options['services']) == tuple,
"Option values should be a tuple")
@@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
else:
self.fail("Expected ParsingError")
+ # Negative Test - Invalid config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-badversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
+ # Negative Test - No config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-noversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
# Negative Test - Already initialized
sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
"etc/sssd.api.d")
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 0c41fa71..de2af837 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -11,7 +11,6 @@ reconnection_retries = int, None, 3
[sssd]
# Monitor service
-config_file_version = int, None, 2
services = list, str, nss, pam
domains = list, str
timeout = int, None
diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf
new file mode 100644
index 00000000..75d8c484
--- /dev/null
+++ b/server/config/testconfigs/sssd-badversion.conf
@@ -0,0 +1,42 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+config_file_version = 1
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf
new file mode 100644
index 00000000..71af85cc
--- /dev/null
+++ b/server/config/testconfigs/sssd-noversion.conf
@@ -0,0 +1,41 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+