Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8556

Configdump pre-flight check and dependency resolution

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Testing
    • Sprint:
      EJBCA Team Bob - 2019 w40, EJBCA Team Bob - 2019 w42

      Description

      The current framework needs a pre-flight check of the files to import:

      • Support an arbitrary directory structure for Kubernetes-friendly ConfigMap mounts (enabled by ECA-8440 )
      • Dependency resolution between CAs (ECA-8522 can fail when Root CA is imported after Sub CA)
      • Resolve circular dependency between Certification Authority and Certificate Profile (ECA-8582)
      • Detect early on if export versions are compatible with current software version(ECA-8583)
      • Detect and prompt for all passwords that will be used during import (one password as a command line argument for all use-cases or written in files on disk might not be ideal) (ECA-8584)

      Implementation outline

      Basic generic parsing of all YAML files in the specified location (and at least one additional level of directories) to detect name, objectType and version.
      Object needs to be able to "quickly" answer if they require

      • PIN input based on parsed YAML map
      • other objects

      Once all objects are parsed on a basic level, each objects dependencies can be verified to be present and all required PINs can be entered on the console before actual import starts.

      (Users will most likely be happy that they didn't enter 30 strong passwords if the import is doomed to fail due to incompatibilities or unsatisfied dependencies.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: