Updated patch attached. Comments inline.
On Wed, Sep 30, 2015 at 06:35:57PM +1000, Fraser Tweedale wrote:
> 3) It would be good to have a "Are you sure?" dialog
on the CLI (with
> relevant override option).
>
Will do.
Done.
> 5) I have been thinking about ways to restrict delete. We
should
> discuss and decide on options. Some ideas:
>
> a) Add CS.cfg option to disable deletes (for production say).
>
Disagree; don't want more config in flat files. Having the knob in
the database would be better but I prefer a combination of other
options (see below).
> b) Add optional field (deletable) to the CA entry. This can be
> set by the creating admin to be True for test environments or
> cases where we know the environment will be short lived, or
> False for long lived CAs. Default could be configurable.
>
> CAs could still be deleted, but only by doing something
> out-of-band --like modifying the db entry using pki-server
> commands or similar.
>
> c) Requiring CAs to be disabled before deleting them.
>
I'm in favour of this.
> d) Setting a separate ACL for delete, so that it would be easier
> for admins to set special permissions for delete.
>
And in favour of this.
> ... others?
>
I like (c) plus (d) plus perhaps a pkispawn knob that controls
whether the admin-can-delete ACL gets added at the beginning.
Let me know what you think and thanks for your feedback!
(c) and (d) are implemented in updated patch. If you agree with (c)
plus (d) plus pkispawn knob (I guess we'll call that (e)), I'll file
a ticket for (e).
Cheers,
Fraser