Bug 1820045

Summary: [ansible-freeipa] Not able to remove usercat='all'/hostcat='all'/servicecat='all' from hbacrule in HBAC module
Product: Red Hat Enterprise Linux 8 Reporter: Varun Mylaraiah <mvarun>
Component: ansible-freeipaAssignee: Rafael Jeffman <rjeffman>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2CC: amore, rjeffman, twoerner
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ansible-freeipa-0.1.11-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:46:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Varun Mylaraiah 2020-04-02 07:09:09 UTC 
Description of problem:
There is option to remove usercat='all'/hostcat='all'/servicecat='all' from hbacrule in HBAC module

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.8-3.el8.noarch

Steps to Reproduce:
CLI-consule_output
==================
[root@master ~]# ipa hbacrule-mod testrule --usercat="all" --hostcat="all" --servicecat="all"
-----------------------------
Modified HBAC rule "testrule"
-----------------------------
  Rule name: testrule
  User category: all
  Host category: all
  Service category: all
  Enabled: TRUE
[root@master ~]#
[root@master ~]# ipa hbacrule-mod testrule --usercat="" --hostcat="" --servicecat=""
-----------------------------
Modified HBAC rule "testrule"
-----------------------------
  Rule name: testrule
  Enabled: TRUE
[root@master ~]#


Actual results:
no option available in ansible-freeipa HBAC module.

Expected results:
the option should available to reset/remove usercat='all', hostcat='all', servicecat='all'
Comment 1 Rafael Jeffman 2020-04-08 11:49:38 UTC 
Pull request is under review in upstream: https://github.com/freeipa/ansible-freeipa/pull/245
Comment 2 Rafael Jeffman 2020-05-13 13:37:12 UTC 
PR merged upstream.
Comment 5 anuja 2020-07-27 12:31:17 UTC 
Verified using: 
Using version: 
ansible-freeipa-0.1.12-5.el8.noarch
ipa-server-common-4.8.7-7.module+el8.3.0+7376+c83e4fcd.noarch

2020-07-27T12:25:05+0000 ansible_freeipa_tests/hbac_module.py::Testresethbacruleall::test_hbacrule_reset_categories 
2020-07-27T12:25:05+0000 -------------------------------- live log call ---------------------------------
2020-07-27T12:25:05+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipactl', 'status']
2020-07-27T12:25:07+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
2020-07-27T12:25:07+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'hbacrule-add', 'reset_hbac_rule', '--usercat=all', '--hostcat=all', '--servicecat=all']
2020-07-27T12:25:08+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
2020-07-27T12:25:08+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'hbacrule-show', 'reset_hbac_rule']
2020-07-27T12:25:09+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kdestroy', '-A']
2020-07-27T12:25:09+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/hbac.hosts
2020-07-27T12:25:09+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT hbac_module.yml
2020-07-27T12:25:09+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/hbac.hosts', 'hbac_module.yml']
2020-07-27T12:25:14+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
2020-07-27T12:25:14+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'hbacrule-show', 'reset_hbac_rule']
2020-07-27T12:25:15+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kdestroy', '-A']
2020-07-27T12:25:15+0000 PASSED                                                                   [100%]
2020-07-27T12:25:15+0000 
2020-07-27T12:25:15+0000 ----------- generated xml file: /home/jenkins/tews/trigger/junit.xml -----------
2020-07-27T12:25:15+0000 ------ generated html file: file:///home/jenkins/tews/trigger/report.html ------
2020-07-27T12:25:15+0000 ========================= 36 passed in 692.52 seconds ==========================
2020-07-27T12:25:16+0000 RETURN CODE: 0
2020-07-27T12:25:16+0000 UPSTREAM TESTS STEP END: ansible_freeipa_tests/hbac_module.py

Based on this marking bz as verified.
Comment 9 errata-xmlrpc 2020-11-04 02:46:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4663