[Pki-devel] [PATCH] 106, 107 Fixes for tickets 1036 and 1037

Ade Lee alee at redhat.com
Wed Oct 1 02:44:12 UTC 2014 

ACK on 107.

On 106 (man page), a few comments:
0.  Command-Line Interface for managing profiles in the Certificate
System.  ->  
    Command-Line Interface for managing Certificate System profiles.
1. Is it true that you can leave out the ca- ?
2. You forgot to mention pki <subsystem>-profile in the description.
3.  profile-show:
    This command is to get a profile. --> 
    This command is to view the details of a profile.
4.  Remove the phrase "in the CA" as it is redundant.
5.  enable/disable profile.  For disable, you should mention that
    a profile needs to be disabled before it can be edited.  For 
    enable, you should mention that a profile needs to be enabled 
    before it can be used.
6.  Authentication -- different commands require different roles to 
    authenticate.  You need to look them up, but enable/disable are 
    agent operations, add/del/mod are admin operations, find/show   
    should be both.

7.  The options start and stop can be used to specify the beginning and
the size of the list. --> Not very clear, you need to bold the options.
Also, stop is not an option.

8.  "view the contents of the profile".  It would be nice to mention
some of the things that are in there.  eg.  These contents include
profile inputs, profile outputs, authenticators, profile policies and
constraints.

9. This output file can be filled with data and used for certificate
enrollment.  --> This is true but deceptive.  Really the only thing t
matters are the profile inputs.  The rest are likely to be ignored.

To get a template suitable for an enrollment, you really want to use 
pki cert-request-profile-show.  In fact, its a good idea to mention that
fact here.

Where profile-show is useful is for constructing new profiles or
modifying profiles.

10. Modify/Delete -- note that the profile must be disabled before these
operations can occur.

Ade

On Tue, 2014-09-30 at 16:09 -0400, Abhishek Koneru wrote:
> Please review the attached patches with fixes for tickets 1036(man page
> for profile CLI commands) and 1037 (issue in request status on
> reject/cancel action on a key request).
> 
> -- Abhishek
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list