diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-29 11:17:21 -0400 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2015-10-06 09:41:38 +1000 |
commit | 9a2f79f9fb4dce130d1495450e7a680e04648626 (patch) | |
tree | 2932e430e402f3993d5282ae003e9cc1b31af9fc /base/ca/shared | |
parent | dec7fe7aea653d1192bab47a503c98970f8d898f (diff) | |
download | pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.gz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.tar.xz pki-9a2f79f9fb4dce130d1495450e7a680e04648626.zip |
Lightweight CAs: implement deletion API and CLI
Implement lightweight authority deletion including CLI command. To
be deleted an authority must be disabled and have no sub-CAs.
Fixes: https://fedorahosted.org/pki/ticket/1324
Diffstat (limited to 'base/ca/shared')
-rw-r--r-- | base/ca/shared/conf/acl.ldif | 1 | ||||
-rw-r--r-- | base/ca/shared/conf/acl.properties | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif index 54c9f1d5c..27d89a313 100644 --- a/base/ca/shared/conf/acl.ldif +++ b/base/ca/shared/conf/acl.ldif @@ -59,3 +59,4 @@ resourceACLS: certServer.ca.selftests:read,execute:allow (read,execute) group="A resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations resourceACLS: certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities resourceACLS: certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities +resourceACLS: certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities diff --git a/base/ca/shared/conf/acl.properties b/base/ca/shared/conf/acl.properties index f0b5b9f65..8b3e9d0ee 100644 --- a/base/ca/shared/conf/acl.properties +++ b/base/ca/shared/conf/acl.properties @@ -25,3 +25,4 @@ authorities.create = certServer.ca.authorities,create authorities.list = certServer.ca.authorities,list authorities.modify = certServer.ca.authorities,modify authorities.read = certServer.ca.authorities,read +authorities.delete = certServer.ca.authorities,delete |