Add ability fior Project Admins to Add CAs
Some cert backends (Dogtaga, anchor?) have the ability to allow admins to add CAs on-the-fly.
We want to expose this functionality to project admins so that they can define project specific
CAs and thereby achieve project specific security domains.
Blueprint information
- Status:
- Complete
- Approver:
- Douglas Mendizábal
- Priority:
- Medium
- Drafter:
- Ade Lee
- Direction:
- Approved
- Assignee:
- Ade Lee
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
- Implemented
- Milestone target:
- 1.0.0
- Started by
- Douglas Mendizábal
- Completed by
- Douglas Mendizábal
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Support for creation of subordinate CAs
Addressed by: https:/
API documentation for CAs interface
Addressed by: https:/
Add subca functionality to snakeoil plugin
Addressed by: https:/
Added functional tests for creating CAs
Addressed by: https:/
Add validators for new CA creations
Addressed by: https:/
Use barbican.conf instead of barbican-api.conf
Addressed by: https:/
Add Project Quota Support for Sub CAs
Addressed by: https:/
Remove Vestigial Transport Key Quota Code
Addressed by: https:/
Add DELETE functionality for subCAs
Addressed by: https:/
Add functional test for project CA
Addressed by: https:/
Fix ca related controllers
Addressed by: https:/
Finish Initialization of CA Table when Barbican Starts
Addressed by: https:/
Clean up CAs Policy Rules
Addressed by: https:/
Add function to catch unknown attributes in URI
Addressed by: https:/
Adding Functional Tests and Supporting Fixes for Global Preferred CAs
Addressed by: https:/
Changes to Preferred CA Features
Addressed by: https:/
Change behavior of GET cas/preferred
Addressed by: https:/
Add check to validators that SubCA's project id matches order's project id
Addressed by: https:/
Add reference guide documenting Certificate Authorities API
Addressed by: https:/
Add support in snakeoil plugin for intermediates.
Gerrit topic: https:/
Addressed by: https:/
Use subCA when specified to sign CSRs
Addressed by: https:/
Add subca functionality to the dogtag plugin
Addressed by: https:/
Check a CA's status as project and preferred CA before deleting
Addressed by: https:/
Enforce project ownership of subCAs
Addressed by: https:/
Check a CA's status as project and preferred CA before deleting
Addressed by: https:/
Add subca functionality to the dogtag plugin
Addressed by: https:/
Enforce project ownership of subCAs
Gerrit topic: https:/
Addressed by: https:/
Merge tag '1.0.0'