[Opendnssec-develop] [OpenDNSSEC] #151: Patch: Pruning unused policies and associated keys

[OpenDNSSEC]

#151: Patch: Pruning unused policies and associated keys
------------------------+---------------------------------------------------
Reporter:  vanrein      |       Owner:  sion    
    Type:  enhancement  |      Status:  new     
Priority:  major        |   Component:  Enforcer
 Version:  trunk        |    Keywords:          
------------------------+---------------------------------------------------
 Hello,

 Attached is a patch against OpenDNSSEC 1.1.1 that we would like to propose
 for inclusion.  It adds a "policy prune" command to ksmutil, and when
 running that it will remove all policies not referenced by a zone anymore.
 While doing this, it will also remove keys from the database and from the
 HSM.

 This is useful for our 1.2-ish use of OpenDNSSEC, where we generate
 policies for each of our customers; we use that because we share keys
 within each policy.  Sharing keys and removing unused ones avoids that we
 run into the limited number of licensed objects of our HSM.

 We have been using the code as its own documentation, so Sion: please
 check the code for oversights.  We hope to have followed the spirit of the
 current code to make it mingle with the rest.  And if you like it, could
 you please check it in so we can have it in 1.1.2?

 Thanks!

 Rick van Rein
 for SURFnet

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/151>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC