Add ability fior Project Admins to Add CAs

Registered by Ade Lee on 2015-06-01

Some cert backends (Dogtaga, anchor?) have the ability to allow admins to add CAs on-the-fly.
We want to expose this functionality to project admins so that they can define project specific
CAs and thereby achieve project specific security domains.

Blueprint information

Status:
Complete
Approver:
Douglas Mendizábal
Priority:
Medium
Drafter:
Ade Lee
Direction:
Approved
Assignee:
Ade Lee
Definition:
Approved
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon 1.0.0
Started by
Douglas Mendizábal on 2015-09-15
Completed by
Douglas Mendizábal on 2015-09-22

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/add-cas,n,z

Addressed by: https://review.openstack.org/219411
    Support for creation of subordinate CAs

Addressed by: https://review.openstack.org/219412
    API documentation for CAs interface

Addressed by: https://review.openstack.org/220011
    Add subca functionality to snakeoil plugin

Addressed by: https://review.openstack.org/220409
    Added functional tests for creating CAs

Addressed by: https://review.openstack.org/220563
    Add validators for new CA creations

Addressed by: https://review.openstack.org/221505
    Use barbican.conf instead of barbican-api.conf

Addressed by: https://review.openstack.org/221557
    Add Project Quota Support for Sub CAs

Addressed by: https://review.openstack.org/221745
    Remove Vestigial Transport Key Quota Code

Addressed by: https://review.openstack.org/222474
    Add DELETE functionality for subCAs

Addressed by: https://review.openstack.org/222583
    Add functional test for project CA

Addressed by: https://review.openstack.org/224126
    Fix ca related controllers

Addressed by: https://review.openstack.org/224156
    Finish Initialization of CA Table when Barbican Starts

Addressed by: https://review.openstack.org/224963
    Clean up CAs Policy Rules

Addressed by: https://review.openstack.org/224979
    Add function to catch unknown attributes in URI

Addressed by: https://review.openstack.org/225387
    Adding Functional Tests and Supporting Fixes for Global Preferred CAs

Addressed by: https://review.openstack.org/226039
    Changes to Preferred CA Features

Addressed by: https://review.openstack.org/226141
    Change behavior of GET cas/preferred

Addressed by: https://review.openstack.org/226161
    Add check to validators that SubCA's project id matches order's project id

Addressed by: https://review.openstack.org/226328
    Add reference guide documenting Certificate Authorities API

Addressed by: https://review.openstack.org/226473
    Add support in snakeoil plugin for intermediates.

Gerrit topic: https://review.openstack.org/#q,topic:bug/1499874,n,z

Addressed by: https://review.openstack.org/228032
    Use subCA when specified to sign CSRs

Addressed by: https://review.openstack.org/227893
    Add subca functionality to the dogtag plugin

Addressed by: https://review.openstack.org/228061
    Check a CA's status as project and preferred CA before deleting

Addressed by: https://review.openstack.org/230062
    Enforce project ownership of subCAs

Addressed by: https://review.openstack.org/230883
    Check a CA's status as project and preferred CA before deleting

Addressed by: https://review.openstack.org/230890
    Add subca functionality to the dogtag plugin

Addressed by: https://review.openstack.org/230891
    Enforce project ownership of subCAs

Gerrit topic: https://review.openstack.org/#q,topic:merge/release-tag,n,z

Addressed by: https://review.openstack.org/235154
    Merge tag '1.0.0'

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.