audit logging needed: REST API auth/authz; kra for getKeyInfo

[pki-bot]

This issue was migrated from Pagure Issue #1160. Originally filed by vakwetu (@vakwetu) on 2014-09-24 18:39:26:

• Closed as Fixed
• Assigned to cfu (@cfu)

---

This is for the new REST interface.

Suggested: 10.2.2

[pki-bot]

Comment from mharmsen (@mharmsen) at 2014-09-24 20:59:17

Per Dogtag 10.2.3 Triage meeting of 09/24/2014 - proposed Milestone: 10.2.2

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-02-24 23:47:11

Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3

[pki-bot]

Comment from cfu (@cfu) at 2015-04-16 20:46:19

Please provide link to the design of this feature so I have a better sense of what it does and what needs to be audited. thanks.

[pki-bot]

Comment from cfu (@cfu) at 2015-05-07 18:27:17

looks like auditing for the authentication and authorization of the REST API are entirely missing, I"m changing this ticket to include that as well.

[pki-bot]

Comment from cfu (@cfu) at 2015-05-13 18:07:36

first part pushed to master.

commit ccf2eb5
Author: Christina Fu cfu@redhat.com
Date: Thu May 7 12:14:19 2015 -0700

Ticket 1160 audit logging needed: REST API auth/authz; kra for getKeyInfo
- (1) REST API auth/authz - this patch addresses the first part of thi
     ticket where auditing is completely missing for authentication and
     authorization at the REST interface.

[pki-bot]

Comment from cfu (@cfu) at 2015-05-14 23:13:36

2nd part pushed to master:
commit c0d1414
This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.

[pki-bot]

Comment from cfu (@cfu) at 2015-05-14 23:14:43

new ticket created to cover the desirable upgrade script:
https://fedorahosted.org/pki/ticket/1382
KRA: upgrade script maybe needed for CS.cfg to add new audit events added in ticket 1160

[pki-bot]

Comment from vakwetu (@vakwetu) at 2017-02-27 14:04:59

Metadata Update from @vakwetu:

• Issue assigned to cfu
• Issue set to the milestone: 10.2.4