[Pki-devel] [PATCH] 147 - provide enrollment template per profile.

Ade Lee alee at redhat.com
Tue Sep 3 05:08:20 UTC 2013 

As discussed with Endi, moved the new API to /certrequests instead.

The patch now adds /certrequests/profiles
and /certrequests/profiles/{id} which provides enrollment profiles.

/profiles methods will all be restricted to admins and agents in a
subsequent patch.

Acked by Endi.  Pushed to master.

On Wed, 2013-08-28 at 23:54 -0400, Ade Lee wrote:
> This patch adds an API call to the ProfileService interface to obtain an
> enrollment template for a particular profile.  The template is simply a
> CertEnrollmentRequest with the relevant inputs for the profile filled
> in.  The user would then need to simply enter the relevant values and
> submit the request using the REST API cert-request-submit.
> 
> I think that someone who is using this interface would do one of two
> things:
> 
> 1. Manually edit the template to generate the request.
> 2. Write client code to add the relevant data to the
> CertEnrollmentRequest object.
> 
> In fact, I plan to submit a patch that will extend the pki CLI to allow
> you to enter the data for a request interactively or through command
> line arguments.
> 
> It would go something like this:
> 1. pki cert-request-submit --profile caCertUser
> 2. CLI will contact Profile service and get the relevant template which
> is a CertEnrollmentRequest object.
> 3. CLI will then iterate through the attributes (which are all uniquely
> named) and prompt for their value.  The descriptor metadata can be used
> to help generate the prompt.
> 4. CLI will take these results, populate the CertEnrollmentRequest and
> send to server.
> 5. CLI can also take an invocation that looks like this perhaps:
> pki cert-request-submit --profile caCertUser --profileArgs [--sn_e
> alee at redhat.com --sn_cn "Ade Lee" ... ] so that you can do it all on the
> command line.
> 
> Please review.
> Ade
> 
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list