at_activate adding option to un-revoke/enable revoked atKeys

[cconstab]

Is your feature request related to a problem? Please describe.

Not really a problem but it would be nice to be able to revoke access and when needed unrevoke/enable a set of keys via at_activate. This would for example allow an sshnpd to not authenticate until the atKey is re-enabled. Further adding a security layer for example. Simimalr to the idea of the Policy plane its a sort of poor mans policy plane.

Describe the solution you'd like

Add command to re-enable entries like the one below..

s
Enrollment ID                         Status    AppName             DeviceName                            Namespaces
707a70e6-ff19-4a46-82c1-9c7cde186039  denied    sshnp               orac_ssh_1                            {sshnp: rw, sshrvd: rw}
$

Describe alternatives you've considered

I do wonder about language as well..

revoke/unrevoke - unrevoked becomes enabled in list ? disable/enable

Additional context

No response

[murali-shris]

i) if denied enrollment has to be enabled, then the client has to submit approval request since the apkamPublic key will not exist on server for denied enrollment and will be saved on the server during approval flow. ii) if revoked enrollment has to enabled, send an enrollment request with a flag e.g unrevoke. Keys are intact on the server after revoke. So just updating the enrollment status will be enough.

[sitaram-kalluri]

The code changes in at_commons and at_server are completed. Hence marking the issue as completed.

[gkc]

@sitaram-kalluri have the corresponding changes been made to at_onboarding_cli to take up this feature?

[sitaram-kalluri]

@sitaram-kalluri have the corresponding changes been made to at_onboarding_cli to take up this feature?

@gkc: The at_onboarding_cli changes are pending. Reopening the issue. Will complete the changes in PR-97.