Bug 1477531

Summary:	Incorrect attribute level rights (ipaallowedtoperform) of service object
Product:	Red Hat Enterprise Linux 7	Reporter:	Pavel Vomacka <pvomacka>
Component:	ipa	Assignee:	IPA Maintainers <ipa-maint>
Status:	CLOSED ERRATA	QA Contact:	ipa-qe <ipa-qe>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.4	CC:	enewland, ksiddiqu, lmiksik, myusuf, pasik, pvoborni, rcritten, tscherf
Target Milestone:	rc	Keywords:	Regression
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ipa-4.5.4-8.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-04-10 16:43:55 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Pavel Vomacka 2017-08-02 10:57:15 UTC

Description of problem:
In WebUI tables for "Allowed for retrieve/create keytab" user/host/hostgroups/usergroups on service details page are shown as read-only - it is not possible to add anything. This state is there until the first user/usergroup/host/hostgroup is added over CLI. Then tables become writable. 

Before adding user/usergroup/host/hostgroup in CLI the API response does not contain 'ipaallowedtoperform' in attributelevelrights at all. After that the attribute level right is added into response and WebUI is shown correctly. 


Version-Release number of selected component (if applicable):
ipa-4.5.0-21.el7_4.1

How reproducible:
Always

Steps to Reproduce:
1. Install ipa server
2. Go to WebUI Identity - Services
3. Choose any service
4. Scroll down to 'Allow to retrieve/create keytab'
5. It is not possible to add any user/usergroup/host/hostgroup
6. Open command line and add a user to the particular service
$ ipa service-allow-create-keytab
7. Go back to WebUI 
8. Add button is now not grayed out

Actual results:
step 5

Expected results:
It should be possible to add user/usergroup/host/hostgroup right away, not only after first add.

Additional info:

Comment 2 Petr Vobornik 2017-08-02 16:06:03 UTC

Is this a regression?

Comment 3 Pavel Vomacka 2017-08-03 08:30:46 UTC

It works properly in ipa-4.4.0-12 on RHEL 7.3, so yes.

Comment 5 Pavel Vomacka 2017-08-09 12:14:02 UTC

The bug occurs after upgrade from RHEL7.3 to RHEL7.4, too. Even in case that some data has been already added into those tables before upgrade.

Comment 6 Petr Vobornik 2017-08-18 16:19:28 UTC

Upstream ticket:
https://pagure.io/freeipa/issue/7111

Comment 8 Petr Vobornik 2018-01-09 13:48:47 UTC

master:
    cf2d171 WebUI: make keytab tables on service and host pages writable
ipa-4-6:
    b9dc569 WebUI: make keytab tables on service and host pages writable
ipa-4-5:
    4304b80 WebUI: make keytab tables on service and host pages writable

Comment 10 Mohammad Rizwan 2018-01-18 09:37:36 UTC

version:
ipa-server-4.5.4-8.el7.x86_64
httpd-2.4.6-80.el7.x86_64

Steps:
1. Install ipa server
2. Go to WebUI Identity - Services
3. Choose any service
4. Scroll down to 'Allow to retrieve/create keytab'
5. It is possible to add any user/usergroup/host/hostgroup

Actual result:
user/usergroup/host/hostgroup is added successfully.

Thus based on above observations, marking the bug verified.

Comment 13 errata-xmlrpc 2018-04-10 16:43:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0918