#1437 Provide man page for pki kra-audit
Closed: Fixed None Opened 9 years ago by mharmsen.

There is no man page for pki kra-audit command line.

Example: when i run kra-audit-mod i get the error No user principal provided

pki -d /opt/rhqa_pki/certs_db/ -u kra3admin -w Secret123 -h pki2.example.org -p
30490 kra-audit-mod --action enable

ForbiddenException: No user principal provided.

What does user principal mean here ?

Steps to Reproduce:

1.Install/Configure CA
2.Install/Configure KRA
3.man pki kra-audit

Actual results:

No Man page

Expected results:

Require man page for pki kra-audit

The audit command was originally added to TPS (pki tps-audit) and it's fully functional. The man page will be added soon.

Ideally other subsystems should provide the same audit command and currently the CLI and REST service for audit have already been added to those subsystems too. However, currently it doesn't work because it's still missing the ACL in the database (hence the "No user principal provided" error message). Since database upgrade framework (#710) is not implemented yet, the ACL cannot be added automatically to existing non-TPS instances.

Possible short term solutions:

  • Option #1: Ask admins to add the ACL to existing non-TPS subsystems manually.
  • Option #2: Remove the audit command from non-TPS subsystems until #710 is implemented.

Fixed in master:

  • 9d3450e3adb89f764b01a839b5524a2577849496
  • ed5b182d0d409665fc3cab3cac349f54da623181

Metadata Update from @mharmsen:
- Issue assigned to edewata
- Issue set to the milestone: 10.2.6

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1997

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Log in to comment on this ticket.

Metadata