From 0e5879c0e3f83b0bbaff79d9c97f672055b61c4f Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Apr 25 2011 12:06:34 +0000 Subject: Configuration parsing updates These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file. --- diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 5135174..c3d9ed4 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -1739,23 +1739,20 @@ class SSSDConfig(SSSDChangeConf): domain.oldname = None; sectionname = 'domain/%s' % name - # Ensure that the existing section is removed - # This way we ensure that we are getting a - # complete copy of the service. - # delete_option() is a noop if the section - # does not exist. - index = self.delete_option('section', sectionname) - addkw = [] + section_subtree = self.findOpts(self.opts, 'section', sectionname) + + if name not in self.list_domains(): + self.add_section(sectionname, []); + + for option in self.options(sectionname): + if option['type'] == 'option': + if option['name'] not in domain.get_all_options(): + self.delete_option_subtree(section_subtree, 'option', option['name'], True) + for option,value in domain.get_all_options().items(): if (type(value) == list): value = ', '.join(value) - addkw.append( { 'type' : 'option', - 'name' : option, - 'value' : str(value) } ) - if oldindex: - self.add_section(sectionname, addkw, oldindex) - else: - self.add_section(sectionname, addkw, index) + self.set(sectionname, option, str(value)) if domain.active: self.activate_domain(name) diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index cad183e..af32acc 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -599,33 +599,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): # First test default options options = domain.list_mandatory_options() - control_list = [ - 'cache_credentials', - 'id_provider', - 'auth_provider'] - - self.assertTrue(type(options) == dict, - "Options should be a dictionary") - - # Ensure that all of the expected defaults are there - for option in control_list: - self.assertTrue(option in options.keys(), - "Option [%s] missing" % - option) - - # Ensure that there aren't any unexpected options listed - for option in options.keys(): - self.assertTrue(option in control_list, - 'Option [%s] unexpectedly found' % - option) - - # Add a provider and verify that the new options appear - domain.add_provider('local', 'id') - control_list.extend( - ['default_shell', - 'base_directory']) - - options = domain.list_mandatory_options() + control_list = ['id_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -1000,11 +974,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): def testRemoveOption(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) - # Positive test - Remove existing option - self.assertTrue('cache_credentials' in domain.get_all_options().keys()) - domain.remove_option('cache_credentials') - self.assertFalse('cache_credentials' in domain.get_all_options().keys()) - # Positive test - Remove unset but valid option self.assertFalse('max_id' in domain.get_all_options().keys()) domain.remove_option('max_id') diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index e915971..975cd2d 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -40,7 +40,7 @@ pam_pwd_expiration_warning = int, None, false [provider] #Available provider types id_provider = str, None, true -auth_provider = str, None, true +auth_provider = str, None, false access_provider = str, None, false chpass_provider = str, None, false @@ -53,7 +53,7 @@ min_id = int, None, false max_id = int, None, false timeout = int, None, false enumerate = bool, None, false -cache_credentials = bool, None, true, false +cache_credentials = bool, None, false store_legacy_passwords = bool, None, false use_fully_qualified_names = bool, None, false entry_cache_timeout = int, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 31b7dc9..7719069 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -1,5 +1,5 @@ [provider/ipa] -ipa_domain = str, None, true +ipa_domain = str, None, false ipa_server = str, None, false ipa_hostname = str, None, false ipa_dyndns_update = bool, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 5fd0cfb..8672f0b 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -1,7 +1,7 @@ [provider/ldap] ldap_uri = str, None, false ldap_search_base = str, None, false -ldap_schema = str, None, true, rfc2307 +ldap_schema = str, None, false ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false ldap_default_authtok = str, None, false @@ -33,7 +33,7 @@ ldap_search_timeout = int, None, false ldap_enumeration_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false -ldap_id_use_start_tls = bool, None, true, false +ldap_id_use_start_tls = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-local.conf b/src/config/etc/sssd.api.d/sssd-local.conf index 0686f08..f740b5b 100644 --- a/src/config/etc/sssd.api.d/sssd-local.conf +++ b/src/config/etc/sssd.api.d/sssd-local.conf @@ -1,8 +1,8 @@ [provider/local] [provider/local/id] -default_shell = str, None, true, /bin/bash -base_directory = str, None, true, /home +default_shell = str, None, false +base_directory = str, None, false [provider/local/auth]