Learn more about these different git repos.
Other Git URLs
Simo has suggested to create a quota on the number of objects (and/or their size) an user can create.
Simo's suggestion is that both size and number of present objects can be enforced at store time.
From a conversation on #sssd:
09:23 <fidencio> simo: hey/morning/afternoon! I'm taking care of that bugs I opened for secrets about depth limit and quota. do you have some suggestion about what could be reasonable default value for those options?
10:15 <simo> for number of objects (including container folders) something like 1024
10:15 <simo> with a max size per object of maybe 4k?
10:15 <simo> that would make it a maximum of 4MB per person if they stuff them full
10:22 <crys> Are 4k enough for client auth certs with some intermediates?
10:24 <simo> Crys: uhmm do we think we'd store public certs as a secret ?
10:24 <simo> I would think we store only the private key?
10:25 <crys> You may argue that private + public + chain are your full credentials. I would store all these information in a single place.
10:25 <crys> because it makes it much easier to update them in one place, too.
10:26 <crys> PEM bloats the key and cert size.
10:26 <crys> (sorry for the bike shedding)
10:27 <simo> fidencio: ok maybe let's make the default min. size 16k
10:27 <simo> 16k should be could for everyone (cit.)
So, in the end, the default min. size per object will be 16k per object and the default number of objects (including container folders) will be 1024 (of course, everything configurable in the [secrets] session).
Simo also mentioned:
10:20 <simo> if you are extrabrave you can also use those as defaults but allow to override per user by storing defaults per user in the user's uid named container
Which will be decided later whether it will be implemented as part of this ticket or in a separate one,
milestone: NEEDS_TRIAGE => SSSD 1.15 Beta
rhbz: => todo
owner: somebody => fidencio
patch: 0 => 1
status: new => assigned
A partial patch (implementing the quota on the number of secrets) has been submitted to the ML (PR36).
First patch was merged: 65a38b8
Second patch (implementing the quota on the secrets' payload) has been submitted to the ML (PR75).
resolution: => fixed
status: assigned => closed
milestone: SSSD 1.15 Beta => SSSD 1.15 Alpha
The 1st patch is already in sssd-1-14.
Therefore it would be better to have secrets related code in sync with 1.14
milestone: SSSD 1.15 Alpha => SSSD 1.14.3
Metadata Update from @fidencio:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.