From ba96228853da4981cc5c12904c52cd7242417d6d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Oct 03 2016 13:32:19 +0000
Subject: CONFIG: List allowed secrets responder options


Related:
https://fedorahosted.org/sssd/ticket/3207

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

---

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 023ceac..4d9acf8 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -210,6 +210,33 @@ option = description
 option = allowed_uids
 option = user_attributes
 
+[rule/allowed_sec_options]
+validator = ini_allowed_options
+section_re = ^secrets\(/users/\([0-9]\+\)\?\)\?$
+
+option = timeout
+option = debug
+option = debug_level
+option = debug_timestamps
+option = debug_microseconds
+option = debug_to_files
+option = command
+option = reconnection_retries
+option = fd_limit
+option = client_idle_timeout
+option = description
+
+# Secrets service
+option = provider
+# Secrets service - proxy
+option = proxy_url
+option = auth_type
+option = auth_header_name
+option = auth_header_value
+option = forward_headers
+option = username
+option = password
+
 [rule/allowed_domain_options]
 validator = ini_allowed_options
 section_re = ^domain/.*$