Bug 1926910
| Summary: | ipa cert-remove-hold <invalid_cert_id> returns an incorrect error message | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sumedh Sidhaye <ssidhaye> |
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | abokovoy, amore, frenaud, ksiddiqu, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.9.2-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:48:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sumedh Sidhaye
2021-02-09 16:23:03 UTC
The issue is easily reproducible on RHEL 8.4. The command # ipa cert-show 9999 is also returning a wrong message (Unable to communicate with CMS instead of Certificate not found). This is likely a regression introduced by https://github.com/freeipa/freeipa/commit/dcdcd1ce88a6d5ed5997f50758dc6fd025df5f41 ipa cert-show: fix the code setting revocation reason Before the fix, the get_certificate method() was raising a HTTPRequestError but after the fix, a CertificateOperationError. At some point the CA changed their response to be more REST-like so return a 404 when something is not found. This short-circuits pulling the exact error message returned. I'd have sworn I opened a BZ or a ticket on this but I can't find it. Upstream ticket: https://pagure.io/freeipa/issue/8704 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/45d7d15c1186bc563393ae0bf131ccf94b1d12c4 https://pagure.io/freeipa/c/55c7e2121ea78eec102560d176ccb2c74146caf7 master: ec6698f cert plugin: propagate the error for non-existent cert 4672d61 xmlrpc tests: add a test for cert-remove-hold Fixed upstream master: https://pagure.io/freeipa/c/137b39cf93d209fcad78007585dea2501aea632a Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/9854c399da83a30259ccec9cf9277ffd97f7cd67 Build used for verification: 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] +-----------------------------[RPMs & OS: [RedHat - x86_64]-----------------------------+ 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | ipa-client-4.9.2-1.module+el8.4.0+9973+3d202164.x86_64 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | ipa-client-common-4.9.2-1.module+el8.4.0+9973+3d202164.noarch 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | ipa-server-4.9.2-1.module+el8.4.0+9973+3d202164.x86_64 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | ipa-server-common-4.9.2-1.module+el8.4.0+9973+3d202164.noarch 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | ipa-server-dns-4.9.2-1.module+el8.4.0+9973+3d202164.noarch 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] | sssd-ipa-2.4.0-8.el8.x86_64 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] ------------------------------------------------------------------------------------------ 2021-02-19T07:05:32+0000 [ci-vm-10-0-154-22.ho] +-----------------------------------------------------------------------------------------+ Test Result: 2021-02-19T06:40:39+0000 [ci-vm-10-0-154-22.ho] :: remove hold invalid id returns proper error message and no internal error bz999722 2021-02-19T06:40:39+0000 [ci-vm-10-0-154-22.ho] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 2021-02-19T06:40:39+0000 [ci-vm-10-0-154-22.ho] :: [ 01:40:39 ] :: [ LOG ] :: Test for invalid id: [9999], expected error msg: [Non-2xx response from CA REST API: 404. Certificate ID 0x270f not found (404)] 2021-02-19T06:40:41+0000 [ci-vm-10-0-154-22.ho] ipa: ERROR: Certificate operation cannot be completed: Request failed with status 404: Non-2xx response from CA REST API: 404. Certificate ID 0x270f not found (404) 2021-02-19T06:40:41+0000 [ci-vm-10-0-154-22.ho] :: [ 01:40:40 ] :: [ PASS ] :: remove-hold an invalid cert failed as expected 2021-02-19T06:40:41+0000 [ci-vm-10-0-154-22.ho] :: [ 01:40:40 ] :: [ LOG ] :: Test for invalid id: [abc], expected error msg: [Non-2xx response from CA REST API: 404. Certificate ID 0xabc not found (404)] 2021-02-19T06:40:42+0000 [ci-vm-10-0-154-22.ho] ipa: ERROR: Certificate operation cannot be completed: Request failed with status 404: Non-2xx response from CA REST API: 404. Certificate ID 0xabc not found (404) 2021-02-19T06:40:42+0000 [ci-vm-10-0-154-22.ho] :: [ 01:40:42 ] :: [ PASS ] :: remove-hold an invalid cert failed as expected Based on above automated test results marking Bugzilla verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1846 |