Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove hierarchy.select param #4540

Merged
merged 1 commit into from
Aug 14, 2023
Merged

Remove hierarchy.select param #4540

merged 1 commit into from
Aug 14, 2023

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Aug 11, 2023

The hierarchy.select param stores a static information about the CA hierarchy (root vs. subordinate) which was set during installation but there is no process to update it in case the CA is converted from root to subordinate or vice versa. Also, the param is incorrectly set to root when cloning a subordinate CA.

Because of these issues the param is unreliable, so it has been removed from new and existing instances. The pki-server status CLI has also been updated to no longer show the CA hierarchy.

If necessary, the CA hierarchy can be determined by checking the CA signing cert. If it is self-signed that means it is a root CA.

@edewata
Remove hierarchy.select param
fabab5a 
The hierarchy.select param stores a static information about
the CA hierarchy (root vs. subordinate) which was set during
installation but there is no process to update it in case
the CA is converted from root to subordinate or vice versa.
Also, the param is incorrectly set to root when cloning a
subordinate CA.

Because of these issues the param is unreliable, so it has
been removed from new and existing instances. The pki-server
status CLI has also been updated to no longer show the CA
hierarchy.

If necessary, the CA hierarchy can be determined by checking
the CA signing cert. If it is self-signed that means it is a
root CA.
@sonarcloud
Copy link

sonarcloud bot commented Aug 11, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

fmarco76
fmarco76 approved these changes Aug 14, 2023
View reviewed changes
Copy link
Member

@fmarco76 fmarco76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ckelleyRH
ckelleyRH approved these changes Aug 14, 2023
View reviewed changes
Copy link
Contributor

@ckelleyRH ckelleyRH left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@edewata
Copy link
Contributor Author

edewata commented Aug 14, 2023

@fmarco76 @ckelleyRH Thanks!

@edewata edewata merged commit 9f648a7 into dogtagpki:master Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckelleyRH ckelleyRH ckelleyRH approved these changes

@fmarco76 fmarco76 fmarco76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edewata @fmarco76 @ckelleyRH