[Pki-devel] [PATCH] pki-cfu-0131-Ticket-2335-Missing-activity-logs-when-formatting-en.patch

Christina Fu cfu at redhat.com
Tue Jun 7 00:13:53 UTC 2016 

received verbal ACK from Endi.

Pushed to master:
commit b4b401589f540b38874680bc313363678d2d8e13

One odd behavior was observed, which I filed a separate bug for:
https://fedorahosted.org/pki/ticket/2354 [TPS] missing activity log 
entries via UI and CLI (while correctly recorded in LDAP)

thanks,
Christina

On 06/06/2016 09:14 AM, Christina Fu wrote:
> Hi Endi, first, thanks for the review! Please see my response in-line 
> below.
>
> thanks,
> Christina
>
> On 06/05/2016 01:39 PM, Endi Sukma Dewata wrote:
>> On 6/3/2016 7:29 PM, Christina Fu wrote:
>>> https://fedorahosted.org/pki/ticket/2335
>>>
>>> Ticket #2335 Missing activity logs when formatting/enrolling unknown
>>> token This patch adds activity logs for adding unknown token during
>>> format or enrollment
>>>
>>> thanks,
>>> Christina
>>
>> Some comments:
>>
>> 1. The format, enroll, and pin reset operations now generate an 
>> additional modify activity log. I think this is unnecessary since 
>> we're not changing token record's user-editable attributes such as 
>> user ID and policy. Changing system attributes such as token status 
>> and key info is part of the operation itself, so it should not 
>> generate an extra modify log.
> my thinking was just to record what happens.  First a token is added, 
> then operation (format, enroll, pin_reset) proceed, then if the op 
> succeeds, then token status gets modified to formatted, but if it 
> failed, the token remains added, but stays at unformatted.
> So, in case of failed cases, there is still a record of that the token 
> being attempted.
>>
>> 2. Enrolling unknown token fails with this error:
>>
>>   TPSEnrollProcessor.generateCertsAfterRenewalRecoveryPolicy:No such 
>> token status for this cuid=...
>>
>> That's because the new unknown token was added with UNFORMATTED 
>> status and the above method is expecting a FORMATTED status.
> ok, I don't recalling seeing such failure when I tested.  I will look 
> into this.
>>
>> I think to fix this the token record has to be added earlier as 
>> UNFORMATTED, then the format() will change the status to FORMATTED, 
>> then the generateCertsAfterRenewalRecoveryPolicy() should work as 
>> before.
>>
>> 3. Due to issue #2 I was not able to test unknown token enrollment. 
>> If it works it should generate the add, format, and enroll logs.
>>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list