[OOM-CERT-SERVICE] Add Certificate Update Admin role

author Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>

Fri, 25 Jun 2021 14:01:52 +0000 (16:01 +0200)

committer Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>

Wed, 30 Jun 2021 06:40:50 +0000 (08:40 +0200)
author Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Fri, 25 Jun 2021 14:01:52 +0000 (16:01 +0200)
committer Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Wed, 30 Jun 2021 06:40:50 +0000 (08:40 +0200)
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh

index 8e6bd03..d309ec7 100755 (executable)
--- a/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@ -23,6 +23,13 @@ configureEjbca() {
      ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
      ejbca.sh config cmp dumpalias --alias cmp
      ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+    #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+    ejbca.sh roles addrole "Certificate Update Admin"
+    ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+    ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+    ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+    ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+    ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation"
  }
  
  configureEjbca
author	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
	Fri, 25 Jun 2021 14:01:52 +0000 (16:01 +0200)
committer	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
	Wed, 30 Jun 2021 06:40:50 +0000 (08:40 +0200)