Bug 2168244

Summary: requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command
Product: Red Hat Enterprise Linux 9 Reporter: Mohammad Rizwan <myusuf>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Mohammad Rizwan <myusuf>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: frenaud, gkaihoro, rcritten, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.10.1-5.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 07:33:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2144442    

Description Mohammad Rizwan 2023-02-08 14:52:05 UTC 
Description of problem:
ipa-acme-manage pruning --requestsearchtimelimit=0 doesn't seems to be work.


Version-Release number of selected component (if applicable):
ipa-4.10.1-4.el9

How reproducible:
always

Steps to Reproduce:
1. enable pruning
2. ipa-acme-manage pruning --requestsearchsizelimit=1000 --requestsearchtimelimit=0


Actual results:
given value with option doesn't set

Expected results:
given value with the option should be set

Additional info:
Comment 2 Rob Crittenden 2023-02-08 15:11:34 UTC 
Due to the default value of None it is treating 0 as "not set" so isn't passing the new value.

This affects the four search limits and I'm going to include the cert and request retention times. I'll have to check with the CS team is 0 is meaningful for the certretentiontime or requestretentiontime values.
Comment 3 Rob Crittenden 2023-02-08 15:15:02 UTC 
Endi confirmed my suspicion, it means whenever the pruning job runs it will prune certs/requests already expired at that time without delay.

I'm a bit torn on this one. I generally like giving users the flexibility to do what they want. While I don't see the value in a configuration like this maybe someone wants to remove certificates immediately as they expire. I think I'm going to allow it to be 0.
Comment 4 Rob Crittenden 2023-02-09 18:30:18 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/724c8314b5e3256db04128b7c8fd375e00f374a4
Comment 5 Rob Crittenden 2023-02-10 02:47:09 UTC 
Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/20ff7c16022793c707f6c2b8fb38a801870bc0e2
Comment 10 Mohammad Rizwan 2023-02-23 14:32:32 UTC 
version:
ipa-server-4.10.1-5.el9.x86_64


machine='x86_64')
2023-02-23T13:47:10 euid: 0, egid: 0
2023-02-23T13:47:10 working dir: /tmp/wp/freeipa
2023-02-23T13:47:10 sys.version: 3.9.16 (main, Dec  8 2022, 00:00:00) 
2023-02-23T13:47:10 [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)]
2023-02-23T13:47:10 ============================= test session starts ==============================
2023-02-23T13:47:10 platform linux -- Python 3.9.16, pytest-3.10.1, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3
2023-02-23T13:47:10 cachedir: .pytest_cache
2023-02-23T13:47:10 metadata: {'Python': '3.9.16', 'Platform': 'Linux-5.14.0-277.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '3.10.1', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '2.0.4', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.6.0'}}
2023-02-23T13:47:10 rootdir: /tmp/wp/freeipa, inifile: tox.ini
2023-02-23T13:47:10 plugins: metadata-2.0.4, html-1.22.1, multihost-3.0, sourceorder-0.6.0
2023-02-23T13:47:12 collecting ... collected 9 items
2023-02-23T13:47:12 
2023-02-23T13:56:58 ipatests/test_integration/test_acme.py::TestACMEPrune::test_enable_pruning PASSED [ 11%]
2023-02-23T13:57:21 ipatests/test_integration/test_acme.py::TestACMEPrune::test_pruning_options PASSED [ 22%]
2023-02-23T13:57:28 ipatests/test_integration/test_acme.py::TestACMEPrune::test_pruning_negative_options PASSED [ 33%]
2023-02-23T13:59:18 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_cert_manual PASSED [ 44%]
2023-02-23T14:05:37 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_cert_cron PASSED [ 55%]
2023-02-23T14:11:53 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_cert_retention_unit PASSED [ 66%]
2023-02-23T14:13:41 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_cert_search_size_limit PASSED [ 77%]
2023-02-23T14:14:27 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_config_show PASSED [ 88%]
2023-02-23T14:15:41 ipatests/test_integration/test_acme.py::TestACMEPrune::test_prune_disable PASSED [100%]
2023-02-23T14:15:41 
2023-02-23T14:15:41 ------------------ generated xml file: /tmp/wp/twd/junit.xml -------------------
2023-02-23T14:15:41 ------------- generated html file: file:///tmp/wp/twd/report.html --------------
2023-02-23T14:15:41 ========================= 9 passed in 1711.74 seconds ==========================

Automation passed, hence marking the bug as verified.
Comment 12 errata-xmlrpc 2023-05-09 07:33:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2205