[Pki-devel] [PATCH] 313 Added TPS profile resource.

Endi Sukma Dewata edewata at redhat.com
Thu Oct 24 20:37:58 UTC 2013 

New patch attached.

On 10/1/2013 12:01 AM, Ade Lee wrote:
> 1. There is some code in ProfileModifyCLI that refers to changing the
> status of the profile  (enabled/ disabled) ie. an option that is read
> in.  However, that option value does not appear to be used in any way.

Fixed.

> 2.  Profiles are unique in that - due to common criteria requirements,
> profiles must be disabled by an agent before being changed by an admin.
> Thats the meaning behind the target.agent_approve.list parameter.

Fixed.

> So, there needs to be a call to enable/disable the profile, and this may
> or may not have to be a call separate from modifyProfile() because the
> authz/acls are different.

This is now handled by separate functions. The updateProfile() is used 
by the admin to modify the profile configuration and submit it for 
approval. The changeProfileStatus() is used by the agent to 
approve/reject the changes or to enable/disable the profile after that.

If we do not want to require agent approval (by removing Profiles from 
the approval list), the admin will be able to enable/disable the 
profiles directly.

> Also, there need to be checks to confirm that prior to any operation
> that add/remove/modify the profile, the profile is disabled.

Fixed.

> In fact, while only profiles are in the target.agent_approve.list, one
> could choose to put any of the various elements in there, and so this
> mechanism should be put in place generally.

To generalize this function we will need to have separate update and 
change status methods in each resource. Let's see if the current logic 
in TPS profile is correct, then we can refactor it for reuse in other 
resources.

-- 
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0311-1-Added-TPS-authenticator-service-implementation.patch
Type: text/x-patch
Size: 51191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20131024/8eed1b5c/attachment.bin>

More information about the Pki-devel mailing list