Made a few encryption things simpler:

* Only one strict/lax setting, in [encryption], rather than separate
  settings in [properties] and [sshkeys]
* No longer necessary to enable encryption on each Properties file

2 files changed, 24 insertions, 0 deletions

diff --git a/schemas/privkey.xsd b/schemas/privkey.xsd
index b8d9e317d..f6de534c1 100644
--- a/schemas/privkey.xsd
+++ b/schemas/privkey.xsd
@@ -5,6 +5,8 @@
     </xsd:documentation>
   </xsd:annotation>
 
+  <xsd:include schemaLocation="types.xsd"/>
+
   <xsd:complexType name="PrivateKeyGroupType">
     <xsd:annotation>
       <xsd:documentation>
@@ -133,6 +135,21 @@
           </xsd:documentation>
         </xsd:annotation>
       </xsd:attribute>
+      <xsd:attribute name="priority" type="xsd:positiveInteger" default="50">
+        <xsd:annotation>
+          <xsd:documentation>
+            Create group-specific keys with the given priority.
+          </xsd:documentation>
+        </xsd:annotation>
+      </xsd:attribute>
+      <xsd:attribute name="decrypt" type="EncryptStrictnessEnum">
+        <xsd:annotation>
+          <xsd:documentation>
+            Override the global strict/lax decryption setting in
+            ``bcfg2.conf``.
+          </xsd:documentation>
+        </xsd:annotation>
+      </xsd:attribute>
     </xsd:complexType>
   </xsd:element>
 </xsd:schema>
diff --git a/schemas/types.xsd b/schemas/types.xsd
index a6070279a..524b327c5 100644
--- a/schemas/types.xsd
+++ b/schemas/types.xsd
@@ -96,6 +96,13 @@
     </xsd:restriction>
   </xsd:simpleType>
 
+  <xsd:simpleType name="EncryptStrictnessEnum">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="strict"/>
+      <xsd:enumeration value="lax"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+
   <xsd:complexType name='ActionType'>
     <xsd:annotation>
       <xsd:documentation>