Learn more about these different git repos.
Other Git URLs
At the moment, KCM uses the sssd-secrets REST API to communicate with the SSSD secrets database. This has the advantage of using a clean public API and the advantage that the secret can be forwarded to a Custodia server and potentially shared, but at the same time the disadvantage that there are two daemons to synchronize, two set of debug logs to correlate. Also, we are /bound/ to the sssd-secrets REST API, which might prevent us from doing things like quota reporting easily.
Therefore, this ticket proposes adding a new sssd-secrets back end that would write directly to the secrets database.
We should probably define some API that would be only private to SSSD to write to the secrets database. We should also expose the option that allows to choose the KCM back end. Since we have integration tests, we can just run them the same with just the back new back end changed, like we already do for the memory back end.
Metadata Update from @jhrozek: - Issue tagged with: KCM
Ideally you use the same code sssd-secrets uses for KCM, sharing it completely. KCM would basically just shortcircuit the kcm->secrets communication over sockets. If you do that the API is common and no divergence will happen.
Metadata Update from @jhrozek: - Issue priority set to: blocker (was: minor) - Issue set to the milestone: SSSD 2.0
Metadata Update from @jhrozek: - Issue tagged with: RFE
Another side-effect of this change might be that we might split the secrets responder into a lib and the responder itself to avoid the dependency on http-parser and libjansson. Considering that Fedora ships KCM in its default installation, reducing dependencies is something we should do.
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4704
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.