Struct names and members for secrets.conf
Russ Allbery
eagle at eyrie.org
Mon Dec 27 03:23:16 UTC 2021
Julien ÉLIE <julien at trigofacile.com> writes:
>> We could even wrap that in a small library to
>> make it easier to use everywhere in the source tree.
> Like innconfval does for instance?
> A secretsval program that would give the secrets when executed? (so that
> they can be retrieved from Perl, Python and shell scripts)
I hadn't been thinking of that, but that's also a good point. Although we
could wait on the program until we have our first use case for it.
> Yet, we may probably want a general program for that, and not a dedicated
> one for each configuration file...
> Why not add a -f flag (for "file") to innconfval? Default value is
> "inn.conf", and it can be set to other file names (like "secrets.conf").
That's a good idea!
> Not all secrets are strings. Here, for canlockadmin, it is a vector.
> So maybe we need get_secret_list(secrets, "cancels", "canlockadmin") and
> another get_secret_string() function for future string secrets?
Oh, good point, I hadn't thought about that. I'm not entirely sure the
additional complexity is worth it (your approach looked fine). We can
always wait and see if that would be a simplification.
> A drawback of these getter functions is that we'll have to parse the
> config_group tree each time we need a secret. That's pretty quick
> though, and we do not need them continuously but only for a few actions
> (like posting or initial authentication against a peer), contrary to
> parameters like inn.conf timeout, wireformat and like.
> So it seems probably fine to query the secret in the config_group tree.
Yes, all that stuff should be quite fast. I would be very surprised if a
benchmark showed it as significant. The configuration is already parsed
and in memory, so it's just some string comparisons.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list