| Summary: | SSSD service successfully starts by adding a secrets section | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Amith <apeetham> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED NOTABUG | QA Contact: | Steeve Goveas <sgoveas> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-29 12:09:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I don't think we should fail to start. We should fail to start if you add secrets to the "services" line, but not if a section is created. Try creating a totally bogus section.. Actually, the [services] section is /required/ in many setups like if you want to set up proxying to custodia or even enable debugging. This is not a bug. And isn't it a bug in config check that it assumes secrets to be invalid? (In reply to Pavel Březina from comment #4) > And isn't it a bug in config check that it assumes secrets to be invalid? Yeah, that's possible, Fabiano already has a PR open on github that addresses this.. (Amith, if this is the case, please open a different bug about the config check) The sssd.log shows "Section [secrets] is not allowed. Check for typos." So i assumed that a secrets section is invalid.
Also, I logged this bug to address Jakub's response on one of the SSSD secrets test case, sent for review:
----------------------------------------------------------------------------------------
*Case-03: Test sssd behaviour by adding a secrets section*
Steps:
- Edit sssd.conf file and add a secrets section as given below:
[secrets]
debug_level = 0xFFF0
provider = local
- Restart sssd service
- Verify error log in sssd.log file
Result seen: SSSD service successfully restarts. Logged message in sssd.log:
"Section [secrets] is not allowed. Check for typos."
--------------------------------------------------------------------------------------------
Jakub's response: This is a known bug, you can log it if you like.
Yeah, sorry, I meant it's a bug in the config-check. |
Description of problem: SSSD service should fail to start when an invalid section is added. For example, when a secrets section is added to test secrets service. The sssd.log clearly shows error: "Section [secrets] is not allowed. Check for typos." Version-Release number of selected component (if applicable): sssd-1.14.0-43.el7 How reproducible: Always Steps to Reproduce: 1. Edit sssd.conf file and add a secrets section as given below: [secrets] debug_level = 0xFFF0 provider = local 2. Restart sssd service 3. Verify error log in sssd.log file Actual results: SSSD service successfully starts. Expected results: SSSD service should fail to start or show warning on the service status. Additional info: