Re: [Pki-devel] [PATCH] pki-cfu-0131-Ticket-2335-Missing-activity-logs-when-formatting-en.patch

Hi Endi, first, thanks for the review! Please see my response in-line below. thanks, Christina On 06/05/2016 01:39 PM, Endi Sukma Dewata wrote: > On 6/3/2016 7:29 PM, Christina Fu wrote: >> https://fedorahosted.org/pki/ticket/2335 >> >> Ticket #2335 Missing activity logs when formatting/enrolling unknown >> token This patch adds activity logs for adding unknown token during >> format or enrollment >> >> thanks, >> Christina > > Some comments: > > 1. The format, enroll, and pin reset operations now generate an > additional modify activity log. I think this is unnecessary since > we're not changing token record's user-editable attributes such as > user ID and policy. Changing system attributes such as token status > and key info is part of the operation itself, so it should not > generate an extra modify log. my thinking was just to record what happens. First a token is added, then operation (format, enroll, pin_reset) proceed, then if the op succeeds, then token status gets modified to formatted, but if it failed, the token remains added, but stays at unformatted. So, in case of failed cases, there is still a record of that the token being attempted. > > 2. Enrolling unknown token fails with this error: > > TPSEnrollProcessor.generateCertsAfterRenewalRecoveryPolicy:No such > token status for this cuid=... > > That's because the new unknown token was added with UNFORMATTED > status and the above method is expecting a FORMATTED status. ok, I don't recalling seeing such failure when I tested. I will look into this. > > I think to fix this the token record has to be added earlier as > UNFORMATTED, then the format() will change the status to FORMATTED, > then the generateCertsAfterRenewalRecoveryPolicy() should work as > before. > > 3. Due to issue #2 I was not able to test unknown token enrollment. > If it works it should generate the add, format, and enroll logs. > _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel