Barbican

Identifying CAs provided by backend plugins.

Registered by Ade Lee

It is possible to have multiple CA plugins, each potentially talking to
multiple backend CA servers. A mechanism is therefore needed to allow
the client to select a backend CA server.

In addition, Dogtag plans to implement the ability to configure lightweight
sub CA's - subordinate CA's that can exist within the same CA instance. This
opens up the possibility of configuring a separate CA instance for each
project, so that the project could have certificates that are scoped to the
project only. Thus, a mechanism is also required to associate a project with
a preferred CA, so that if a client does not request a specific CA, the
preferred CA is selected.

Also, a mechanism should be added to allow clients to discover the CA servers
available for a particular Barbican instance.

Blueprint information

Status:
Complete
Approver:
Douglas Mendizábal
Priority:
Essential
Drafter:
Ade Lee
Direction:
Approved
Assignee:
Ade Lee
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Douglas Mendizábal
Completed by
Douglas Mendizábal

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/identify-cas,n,z

Addressed by: https://review.openstack.org/147323
    Added new model classes for CAs

Addressed by: https://review.openstack.org/147981
    Added new repository classes and controller classes for CAs

Addressed by: https://review.openstack.org/150070
    Add code to populate CA tables and select plugin based on ca_id

Addressed by: https://review.openstack.org/156629
    Added mixin class to allow soft deletes

Addressed by: https://review.openstack.org/157889
    Add Barbican order metadata table and repository

Addressed by: https://review.openstack.org/157919
    Modified plugin contract to include barbican-meta-dto

Addressed by: https://review.openstack.org/158061
    Add missing localisation markers

Addressed by: https://review.openstack.org/163607
    Add missing alembic migration script for CA tables

Gerrit topic: https://review.openstack.org/#q,topic:bp/certificate-order-api,n,z

Addressed by: https://review.openstack.org/166839
    Fix some ca_id related bugs, add more functional test code

Addressed by: https://review.openstack.org/169471
    Fix error in setting and updating ca and preferred ca tables

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.