Bug 1445358

Summary: ipa vault-add raises TypeError
Product: Red Hat Enterprise Linux 7 Reporter: Abhijeet Kasurde <akasurde>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.4CC: ksiddiqu, mbasti, nsoman, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.5.0-9.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 09:50:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Abhijeet Kasurde 2017-04-25 14:16:40 UTC 
Description of problem:
When user tries to use following command, it raises TypeError

# echo -e "Secret123\nSecret123\nSecret123\n" | ipa vault-add PrivateVault2 --desc="Private vault2"
New password:
ipa: ERROR: non-public: TypeError: decode() argument 1 must be string, not None
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 139, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1199, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/vault.py", line 307, in forward
    password = get_new_password()
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/vault.py", line 93, in get_new_password
    sys.stdin.encoding)
TypeError: decode() argument 1 must be string, not None
ipa: ERROR: an internal error has occurred


Version-Release number of selected component (if applicable):
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.5.0-8.el7.x86_64
ipa-client-4.5.0-8.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
pki-ca-10.4.1-2.el7.noarch
krb5-server-1.15.1-7.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. echo -e "Secret123\nSecret123\nSecret123\n" | ipa vault-add PrivateVault2 --desc="Private vault2"
2. Press enter on "New Password:" prompt

Actual results:
Error above mentioned.

Expected results:
Error should be replaced with appropriate warning message.
Comment 3 Petr Vobornik 2017-04-27 21:31:56 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6907
Comment 4 Martin Bašti 2017-04-28 11:21:31 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/d5c41ed4ad370c7d74296a830993a5bd3fd32e5f
ipa-4-5:
https://pagure.io/freeipa/c/c8ca0f89a68b5d57c56344fdeb12fd436976c726
Comment 5 Florence Blanc-Renaud 2017-04-28 13:48:27 UTC 
*** Bug 1445365 has been marked as a duplicate of this bug. ***
Comment 7 Abhijeet Kasurde 2017-05-02 15:00:12 UTC 
[root@ipaserver01 ~]# echo -e "Secret123\nSecret123\n" | ipa vault-add PrivateVault2 --desc="Private vault2"
---------------------------
Added vault "PrivateVault2"
---------------------------
  Vault name: PrivateVault2
  Description: Private vault2
  Type: symmetric
  Salt: VjkapA+gut6/5Ryq6+B3Kw==
  Owner users: admin
  Vault user: admin
[root@ipaserver01 ~]# echo -e "Secret123\n" | ipa vault-archive PrivateVault2 --data=$(echo "SampleData" | base64)
----------------------------------------
Archived data into vault "PrivateVault2"
----------------------------------------
[root@ipaserver01 ~]# echo -e "Secret123\n" | ipa vault-retrieve PrivateVault2
-----------------------------------------
Retrieved data from vault "PrivateVault2"
-----------------------------------------
  Data: U2FtcGxlRGF0YQo=
[root@ipaserver01 ~]# echo U2FtcGxlRGF0YQo= | base64 --decode
SampleData
[root@ipaserver01 ~]# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.5.0-9.el7.x86_64
ipa-client-4.5.0-9.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
pki-ca-10.4.1-2.el7.noarch
krb5-server-1.15.1-8.el7.x86_64


Verified using IPA Server :: ipa-server-4.5.0-9.el7.x86_64

Mark BZ as verified.
Comment 8 errata-xmlrpc 2017-08-01 09:50:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304