Changing ID Quota

[athu-tran]

User story: As a Root CNA , I want to be able change the quota on behalf of a CNA under my administrative control.
AC:
When a Root CNA initiates a quota modification on behalf of a CNA, the quota modification is reflected in the available CVE IDs that are available to the CNA.

Historical Requirements:
R7: The Requestor and Managing Root needs to be notified (logging?) when any error condition occurs during ID Reservation requested operations. See Note* above. There is only 1 “managing root” which is the Secretariat for Phase 1. Note: The need to inform the “managing root” is not part of the user story. Logging is not part of the user story.
R12: Requests are checked against preset organizational values (e.g., ID quota) on a pre-request basis
R13: A quota is enforced based on hard limits. The quota usage will follow the formula:
available_ids = hard_limit - reserved_but_not_published_id_count
R14: Published IDs will not count against the quota.
R15: Reservation of IDs up to the hard limit will be allowed. For example, if a CNA has quota of 100 CVE IDs with 90 reserved but not published, they then have 10 CVE IDs available for future reservations.
R16: Requests for IDs will be rejected once the hard limit is reached.
The hard and soft limits need to be dynamically resized based on an algorithm that considers the organization's historic population stats, highest usage within a useful timeframe, and projected growth. (optional)
R17: The Requestor and Managing Root needs to be notified when soft and/or hard limits are reached. See Note* above. There is only 1 “managing root” which is the Secretariat for Phase 1.
R20: Any response should return the requested number of CVE IDs and balance information on the quota status after this request is completed. (Email receipt as well) Note: There is no email notification as part of this User Story.