Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7947

Unused access rules are saved in basic mode

    Details

    • Issue discovered during:
      Training
    • Sprint:
      EJBCA Team Alice - 2019 w34, EJBCA Team Alice - 2019 w37

      Description

      When keyrecovery and hard token issuance are disabled they're still stored in the role as true when saved in basic mode. This is tested for the RA template. When saved in advanced mode the rules are removed again. This is easy to verify with Configdump.

      The rules are:

      /ra_functionality/keyrecovery/
      /ra_functionality/view_hardtoken/puk_data/
      

      Hard token functionality is removed as of EJBCA 7.1 (see ECA-8029) and this ticket is only about /ra_functionality/keyrecovery/.

      Problem caused by this bug
      -------------------------------------

      • Roles saved with these hidden rules are not visible via RaMasterApi since the RA machine own role does not have these rules.

      Workaround
      ----------------

      • Also save the role in advanced mode after saving it in basic mode.

      Tasks
      --------

      • Basic mode should not save this rule when key recovery is disabled and it should not be rendered in the GUI.
      • Remove the access rule /ra_functionality/keyrecovery/ when key recovery is disabled.
      • Upgrade should purge this hidden rule when key recovery is disabled to ensure that there is no hidden stale data present in the future.

        Attachments

          Activity

            People

            Assignee:
            bastianf Bastian Fredriksson
            Reporter:
            berke Kerim Bergström
            Verified by:
            Henrik Sunmark, Martin Luik (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 day
                1d
                Remaining:
                Time Spent - 3 hours, 40 minutes Remaining Estimate - 4 hours, 20 minutes
                4h 20m
                Logged:
                Time Spent - 3 hours, 40 minutes Remaining Estimate - 4 hours, 20 minutes
                3h 40m