diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-29 14:17:22 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-03 10:16:14 -0500 |
commit | c4644ab0dc97ed47fcb72e56a41b4524544582e9 (patch) | |
tree | 17c27b2300b3b389d08491a4ca26a467ffa32944 | |
parent | c2a29bea5248554a9112d051a7b5be492aa729b6 (diff) | |
download | sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.gz sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.bz2 sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.zip |
Make config_file_version a hidden setting in SSSDConfig API
The config_file_version should never be changed by the API, so we
will hide the option inside the SSSDConfig API and remove it from
the schema.
Guarantee that the config file is of the correct version
-rw-r--r-- | server/config/SSSDConfig.py | 21 | ||||
-rw-r--r-- | server/config/SSSDConfigTest.py | 46 | ||||
-rw-r--r-- | server/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | server/config/testconfigs/sssd-badversion.conf | 42 | ||||
-rw-r--r-- | server/config/testconfigs/sssd-noversion.conf | 41 |
5 files changed, 134 insertions, 17 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py index 07e967ba..6d3a8c6b 100644 --- a/server/config/SSSDConfig.py +++ b/server/config/SSSDConfig.py @@ -199,12 +199,20 @@ class SSSDService: # Set up the service object with any known defaults self.options = {} + # Include a list of hidden options + self.hidden_options = [] + # Set up default options for all services self.options.update(self.schema.get_defaults('service')) # Set up default options for this service self.options.update(self.schema.get_defaults(self.name)) + # For the [sssd] service, force the config file version + if servicename == 'sssd': + self.options['config_file_version'] = 2 + self.hidden_options.append('config_file_version') + def get_name(self): return self.name @@ -228,6 +236,10 @@ class SSSDService: option_schema = self.schema.get_option(self.name, optionname) elif self.schema.has_option('service', optionname): option_schema = self.schema.get_option('service', optionname) + elif optionname in self.hidden_options: + # Set this option and do not add it to the list of changeable values + self.options[optionname] = value + return else: raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname)) @@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser): self.schema = SSSDConfigSchema(schemafile, schemaplugindir) self.configfile = None self.initialized = False + self.API_VERSION = 2 def import_config(self,configfile=None): if self.initialized: @@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser): self.configfile = configfile self.initialized = True + try: + if int(self.get('sssd', 'config_file_version')) != self.API_VERSION: + raise ParsingError("Wrong config_file_version") + except: + # Either the 'sssd' section or the 'config_file_version' was not + # present in the config file + raise ParsingError("File contains no config_file_version") + def new_config(self): if self.initialized: raise AlreadyInitializedError diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py index 0baa9122..a9377bff 100644 --- a/server/config/SSSDConfigTest.py +++ b/server/config/SSSDConfigTest.py @@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase): sssd_service = sssdconfig.get_service('sssd') service_opts = sssd_service.list_options() - self.assertTrue('config_file_version' in service_opts.keys()) - self.assertEquals(sssd_service.get_option('config_file_version'), 2) self.assertTrue('services' in service_opts.keys()) service_list = sssd_service.get_option('services') @@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase): self.assertTrue('reconnection_retries' in new_options) self.assertEquals(new_options['reconnection_retries'][0], int) - self.assertTrue('config_file_version' in new_options) - self.assertEquals(new_options['config_file_version'][0], int) - self.assertTrue('services' in new_options) self.assertEquals(new_options['debug_level'][0], int) @@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase): options = service.list_options() control_list = [ - 'config_file_version', 'services', 'domains', 'timeout', @@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 'Option [%s] unexpectedly found' % option) - self.assertTrue(type(options['config_file_version']) == tuple, + self.assertTrue(type(options['reconnection_retries']) == tuple, "Option values should be a tuple") - self.assertTrue(options['config_file_version'][0] == int, - "config_file_version should require an int. " + + self.assertTrue(options['reconnection_retries'][0] == int, + "reconnection_retries should require an int. " + "list_options is requiring a %s" % - options['config_file_version'][0]) + options['reconnection_retries'][0]) - self.assertTrue(options['config_file_version'][1] == None, - "config_file_version should not require a subtype. " + + self.assertTrue(options['reconnection_retries'][1] == None, + "reconnection_retries should not require a subtype. " + "list_options is requiring a %s" % - options['config_file_version'][1]) + options['reconnection_retries'][1]) - self.assertTrue(options['config_file_version'][0] == int, - "config_file_version should default to 2. " + + self.assertTrue(options['reconnection_retries'][0] == int, + "reconnection_retries should default to 2. " + "list_options specifies %d" % - options['config_file_version'][2]) + options['reconnection_retries'][2]) self.assertTrue(type(options['services']) == tuple, "Option values should be a tuple") @@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): else: self.fail("Expected ParsingError") + # Negative Test - Invalid config file version + try: + sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf", + "etc/sssd.api.d") + sssdconfig.import_config("testconfigs/sssd-badversion.conf") + except SSSDConfig.ParsingError: + pass + else: + self.fail("Expected ParsingError") + + # Negative Test - No config file version + try: + sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf", + "etc/sssd.api.d") + sssdconfig.import_config("testconfigs/sssd-noversion.conf") + except SSSDConfig.ParsingError: + pass + else: + self.fail("Expected ParsingError") + # Negative Test - Already initialized sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf", "etc/sssd.api.d") diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf index 0c41fa71..de2af837 100644 --- a/server/config/etc/sssd.api.conf +++ b/server/config/etc/sssd.api.conf @@ -11,7 +11,6 @@ reconnection_retries = int, None, 3 [sssd] # Monitor service -config_file_version = int, None, 2 services = list, str, nss, pam domains = list, str timeout = int, None diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf new file mode 100644 index 00000000..75d8c484 --- /dev/null +++ b/server/config/testconfigs/sssd-badversion.conf @@ -0,0 +1,42 @@ +[nss] +nss_filter_groups = root +nss_entry_negative_timeout = 15 +debug_level = 0 +nss_filter_users_in_groups = true +nss_filter_users = root +nss_entry_cache_no_wait_timeout = 60 +nss_entry_cache_timeout = 600 +nss_enum_cache_timeout = 120 + +[sssd] +services = nss, pam +reconnection_retries = 3 +domains = LOCAL, IPA +config_file_version = 1 + +[domain/PROXY] +id_provider = proxy +auth_provider = proxy +debug_level = 0 + +[domain/IPA] +id_provider = ldap +auth_provider = krb5 +debug_level = 0 + +[domain/LOCAL] +id_provider = local +auth_provider = local +debug_level = 0 + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +debug_level = 0 + +[pam] +debug_level = 0 + +[dp] +debug_level = 0 + diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf new file mode 100644 index 00000000..71af85cc --- /dev/null +++ b/server/config/testconfigs/sssd-noversion.conf @@ -0,0 +1,41 @@ +[nss] +nss_filter_groups = root +nss_entry_negative_timeout = 15 +debug_level = 0 +nss_filter_users_in_groups = true +nss_filter_users = root +nss_entry_cache_no_wait_timeout = 60 +nss_entry_cache_timeout = 600 +nss_enum_cache_timeout = 120 + +[sssd] +services = nss, pam +reconnection_retries = 3 +domains = LOCAL, IPA + +[domain/PROXY] +id_provider = proxy +auth_provider = proxy +debug_level = 0 + +[domain/IPA] +id_provider = ldap +auth_provider = krb5 +debug_level = 0 + +[domain/LOCAL] +id_provider = local +auth_provider = local +debug_level = 0 + +[domain/LDAP] +id_provider = ldap +auth_provider = ldap +debug_level = 0 + +[pam] +debug_level = 0 + +[dp] +debug_level = 0 + |