Bug 1445382

Summary: ipa vault-retrieve fails to retrieve data from vault
Product: Red Hat Enterprise Linux 7 Reporter: Abhijeet Kasurde <akasurde>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: cheimes, ipa-qe, ksiddiqu, mbasti, nsoman, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.5.0-9.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 09:50:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Abhijeet Kasurde 2017-04-25 14:44:46 UTC 
Description of problem:
vault-retrieve command fails to retrieve archived data

# ipa vault-add SampleVault
New password:
Verify password:
-------------------------
Added vault "SampleVault"
-------------------------
  Vault name: SampleVault
  Type: symmetric
  Salt: nM5Zjq7qZa4Y0bJSWW7vzg==
  Owner users: admin
  Vault user: admin

# ipa vault-archive SampleVault --data=$(echo "SampleData" | base64)
Password:
--------------------------------------
Archived data into vault "SampleVault"
--------------------------------------

# ipa vault-retrieve SampleVault
ipa: ERROR: No archived data.

Version-Release number of selected component (if applicable):
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.5.0-8.el7.x86_64
ipa-client-4.5.0-8.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
pki-ca-10.4.1-2.el7.noarch
krb5-server-1.15.1-7.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Create Vault
2. Archive data into Vault
3. Retrieve vault from Vault

Actual results:
Warning "No archived data." is presented, whereas it should show archived data.

Expected results:
Command should show archived data
Comment 2 Petr Vobornik 2017-04-26 16:36:06 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6899
Comment 4 Martin Bašti 2017-04-28 06:28:13 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/5197422ef65e7239fc56c562ab87d99388a38a8d
ipa-4-5:
https://pagure.io/freeipa/c/e94a1d18653fe2e9558ac0b70bdf2ddd1f78d150
Comment 5 Florence Blanc-Renaud 2017-04-28 11:19:12 UTC 
*** Bug 1443335 has been marked as a duplicate of this bug. ***
Comment 7 Abhijeet Kasurde 2017-05-02 14:39:18 UTC 
[root@ipaserver01 ~]# ipa vault-add SampleVault
New password:
Enter New password again to verify:
-------------------------
Added vault "SampleVault"
-------------------------
  Vault name: SampleVault
  Type: symmetric
  Salt: wgL4LSVYOE3pVh5Me4mlkQ==
  Owner users: admin
  Vault user: admin
[root@ipaserver01 ~]# ipa vault-archive SampleVault --data=$(echo "SampleData" | base64)
Password:
--------------------------------------
Archived data into vault "SampleVault"
--------------------------------------
[root@ipaserver01 ~]# ipa vault-retrieve SampleVault
Password:
---------------------------------------
Retrieved data from vault "SampleVault"
---------------------------------------
  Data: U2FtcGxlRGF0YQo=
[root@ipaserver01 ~]# echo U2FtcGxlRGF0YQo= | base64 --decode
SampleData
[root@ipaserver01 ~]# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
ipa-server-4.5.0-9.el7.x86_64
ipa-client-4.5.0-9.el7.x86_64
389-ds-base-1.3.6.1-9.el7.x86_64
pki-ca-10.4.1-2.el7.noarch
krb5-server-1.15.1-8.el7.x86_64



Verified using IPA Server :: ipa-server-4.5.0-9.el7.x86_64

Marking BZ as verified.
Comment 8 errata-xmlrpc 2017-08-01 09:50:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304