#3168 secrets: Add a configurable depth limit for containers
Closed: Fixed None Opened 3 years ago by fidencio.

Currently we can have a container, which is inside a container, which is inside a container indefinitely. Although it's not a problem per si, we would like to have a configurable depth limit with some predefined not so high value (still to be discussed).


Can you explain the relationship. I do not think I follow. What is in each container? SSSD? If SSSD is in a continer there should not be any other containers inside that same container.

Replying to [comment:1 dpal]:

Can you explain the relationship. I do not think I follow. What is in each container? SSSD? If SSSD is in a continer there should not be any other containers inside that same container.

Dmitri, here we are talking about LDB's container object class and not about OS containers.
When using secrets, the protocol requires a user to create this container to store an entry in it. But this container may also have another containers stored in it and that's what the bug is about.

Please, Simo, feel free to correct me in case I got something wrong.

Sorry for confusion. Container is a loaded term nowadays. I get it now.

Fields changed

owner: somebody => fidencio

From a conversation on #sssd:

09:23 <fidencio> simo: hey/morning/afternoon! I'm taking care of that bugs I opened for secrets about depth limit and quota. do you have some suggestion about what could be reasonable default value for those options?

10:14 <simo> for depth limit I would say maybe 4

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.15 Beta

Fields changed

rhbz: => todo

Fields changed

patch: 0 => 1
status: new => assigned

milestone: SSSD 1.15 Beta => SSSD 1.14.2

Fields changed

resolution: => fixed
status: assigned => closed

Metadata Update from @fidencio:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.2

2 years ago

Login to comment on this ticket.

Metadata