Code Review / oom / platform / cert-service.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | compact (merge: b3faacf 3890879)
Merge "[OOM-CERT-SERVICE] Add Certificate Update Admin role"
authorBogumil Zebek <bogumil.zebek@nokia.com>
Fri, 2 Jul 2021 08:58:55 +0000 (08:58 +0000)
committerGerrit Code Review <gerrit@onap.org>
Fri, 2 Jul 2021 08:58:55 +0000 (08:58 +0000)
1  2 
compose-resources/ejbca-configuration.sh patch | diff1 | diff2 | blob | history

diff --combined compose-resources/ejbca-configuration.sh
index 42e3f6b,d309ec7..f7cd428
--- 1/compose-resources/ejbca-configuration.sh
--- 2/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@@ -1,16 -1,6 +1,16 @@@
  #!/bin/bash
  
  configureEjbca() {
 +    ejbca.sh ca init \
 +      --caname ManagementCA \
 +      --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
 +      --tokenType soft \
 +      --keyspec 3072 \
 +      --keytype RSA \
 +      -v 3652 \
 +      --policy null \
 +      -s SHA256WithRSA \
 +      -type "x509"
      ejbca.sh config cmp addalias --alias cmpRA
      ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
      ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
@@@ -33,6 -23,13 +33,13 @@@
      ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
      ejbca.sh config cmp dumpalias --alias cmp
      ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+     #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+     ejbca.sh roles addrole "Certificate Update Admin"
+     ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+     ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+     ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+     ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+     ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation"
  }
  
  configureEjbca
"oom/platform/cert-service"