Bug 676925

Summary: ipa cert-show <valid request id> --out=/tmp/out.txt returns internal error
Product: [Retired] freeIPA Reporter: Yi Zhang <yzhang>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0CC: benl, dpal, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.1.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:27:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yi Zhang 2011-02-11 21:09:16 UTC 
Description of problem:
Test is below:

[step 1] the cert does exist
[yi@works4me ipa-cert]$ ipa cert-show 20
  Certificate: MIIDgjCCAmqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5TSkMu
UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEx
MDIxMTE5MzYzNFoXDTExMDgxMDE5MzYzNFowOzEXMBUGA1UEChMOU0pDLlJFREhB
VC5DT00xIDAeBgNVBAMTF3dvcmtzNG1lLnNqYy5yZWRoYXQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcNcQw/jltSKMh35IxBWC8NLXtt4WIgP
JZD2L1oolCFjARYhWv90RYJDRBYRhROibzQEroEQxEbC4iypbEQnX0+iFgx4BmQ/
hrBMnATLuoccgRZ7WqJMrpfEWOWNlhz1SPrjDkFzamMSqe1FF1VIfMYMZSo6CE1Q
IMpyTDi5reNY1ipy41G8XylmBMbJqZ81p+107l/vypYrChUkgjAxQQGZBhuvNzQk
3ZQv9++QjpSYRbTBkjltXVxyeC0yKK973B2UFZaF6OmaHXhLIgN9zZX7sS8uM2vz
VI4GRytInMq7GvkDDuXYCHMoKLjdV8OIvtkJj1yBsvV4EypOpvzTVwIDAQABo4GS
MIGPMB8GA1UdIwQYMBaAFIfvs7dDyNGBz3XwFyLxS7BamhTgMEcGCCsGAQUFBwEB
BDswOTA3BggrBgEFBQcwAYYraHR0cDovL3dvcmtzNG1lLnNqYy5yZWRoYXQuY29t
OjkxODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwDQYJKoZIhvcNAQELBQADggEBAKJSxsS8oqzfZB5xZPMxQJim7aL6OwvG8M7S
fBLCGuj8gRG5gUffHY4hiZ/vTB8SJ2+vDD5F58Ov5Q/3LQ9quQZWGwwVmIj3ON9O
B2zI/zvGDww5QPBjcedSAXc7fn417MCcwX4aJsMP0w4xb0HxhCiXnZKszVWTss5Z
/CJrsv2McBfRic0lMHdWKM4U7F7lUvxaL0cfzLkRx7QhEe2/GqglSaZdm0o1KqjE
SPObt0l5hbqKNSBLKmaqTho9sniaVOIasIDHH2CICGemtsDcEHizxzpQLpzj0NXc
7u2kvJQSJzbGXnxrDT782cE/eR6Bg54h8N4zmmt7e+2l7UiOEIo=
  Subject: CN=works4me.sjc.redhat.com,O=SJC.REDHAT.COM
  Issuer: CN=Certificate Authority,O=SJC.REDHAT.COM
  Not Before: Fri Feb 11 19:36:34 2011 UTC
  Not After: Wed Aug 10 19:36:34 2011 UTC
  Fingerprint (MD5): 9a:14:ef:f2:ee:da:11:28:72:89:d9:40:d4:0d:c7:1f
  Fingerprint (SHA1): 32:bb:1b:c3:57:76:6b:50:c3:21:77:f9:ac:e2:17:59:7a:6f:9b:3b
  Serial number: 20

[step 2] but when give --out=/tmp/20.txt, an error occurred

[yi@works4me ipa-cert]$ ipa cert-show 20 --out=/tmp/20.txt
ipa: ERROR: an internal error has occurred

http error_log
[Fri Feb 11 13:04:20 2011] [error] ipa: INFO: response: entries returned 1
[Fri Feb 11 13:04:20 2011] [error] ipa: INFO: Destroyed connection context.ldap2
[Fri Feb 11 13:04:28 2011] [error] ipa: INFO: Created connection context.ldap2
[Fri Feb 11 13:04:28 2011] [error] ipa: DEBUG: raw: cert_show(u'20', out=u'/tmp/20.txt')
[Fri Feb 11 13:04:28 2011] [error] ipa: INFO: cert_show(u'20', out=u'/tmp/20.txt')
[Fri Feb 11 13:04:28 2011] [error] ipa: ERROR: non-public: TypeError: execute() got an unexpected keyword argument 'out'
[Fri Feb 11 13:04:28 2011] [error] Traceback (most recent call last):
[Fri Feb 11 13:04:28 2011] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 211, in wsgi_execute
[Fri Feb 11 13:04:28 2011] [error]     result = self.Command[name](*args, **options)
[Fri Feb 11 13:04:28 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__
[Fri Feb 11 13:04:28 2011] [error]     ret = self.run(*args, **options)
[Fri Feb 11 13:04:28 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run
[Fri Feb 11 13:04:28 2011] [error]     return self.execute(*args, **options)
[Fri Feb 11 13:04:28 2011] [error] TypeError: execute() got an unexpected keyword argument 'out'
[Fri Feb 11 13:04:28 2011] [error] ipa: INFO: response: InternalError: an internal error has occurred
[Fri Feb 11 13:04:28 2011] [error] ipa: INFO: Destroyed connection context.ldap2


syntax i get from ipa help
[yi@works4me ipa-cert]$ ipa help cert-show
Purpose: Retrieve an existing certificate.
Usage: ipa [global-options] cert-show SERIAL-NUMBER [options]

Options:
  -h, --help  show this help message and exit
  --out=STR   file to store certificate in



Version-Release number of selected component (if applicable):freeipa-server-2.0-0.2011020119gitec59e61.fc14.i686


How reproducible: always
Comment 1 Yi Zhang 2011-02-11 21:16:34 UTC 
I did an other test following the above one:

[yi@works4me ipa-cert]$ ipa cert-show 20 --out=
ipa: ERROR: non-public: TypeError: coercing to Unicode: need string or buffer, NoneType found
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 125, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 729, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py", line 456, in forward
    check_writable_file(options['out'])
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/service.py", line 234, in check_writable_file
    fp = open(filename, 'w')
TypeError: coercing to Unicode: need string or buffer, NoneType found
ipa: ERROR: an internal error has occurred


end user should not see the error trace info at least
Comment 2 Dmitri Pal 2011-02-11 21:17:49 UTC 
https://fedorahosted.org/freeipa/ticket/954
Comment 3 Yi Zhang 2011-02-11 21:28:59 UTC 
continue play around with it

[yi@works4me ipa-cert]$ ipa cert-show 20 --o
Usage: ipa [global-options] cert-show SERIAL-NUMBER [options]

ipa: error: --out option requires an argument


--o same as --out ?

[yi@works4me ipa-cert]$ ipa user-find --r
--------------
1 user matched
--------------
  uid: admin
  sn: Administrator
  homedirectory: /home/admin
  loginshell: /bin/bash
  nsaccountlock: False
----------------------------
Number of entries returned 1
----------------------------
[yi@works4me ipa-cert]$ ipa user-find --raw
--------------
1 user matched
--------------
  uid: admin
  sn: Administrator
  homedirectory: /home/admin
  loginshell: /bin/bash
  nsaccountlock: False
----------------------------
Number of entries returned 1
----------------------------

[yi@works4me ipa-cert]$ ipa user-find --r --a
--------------
1 user matched
--------------
  dn: uid=admin,cn=users,cn=accounts,dc=sjc,dc=redhat,dc=com
  uid: admin
  sn: Administrator
  cn: Administrator
  homedirectory: /home/admin
  gecos: Administrator
  loginshell: /bin/bash
  krbprincipalname: admin.COM
  uidnumber: 455200000
  gidnumber: 455200000
  nsaccountlock: False
  ipauniqueid: 190662f6-2e4f-11e0-ac57-001636ff6d62
  krblastfailedauth: 20110211175312Z
  krblastpwdchange: 20110503221339Z
  krblastsuccessfulauth: 20110211203935Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20110801221339Z
  memberof: cn=admins,cn=groups,cn=accounts,dc=sjc,dc=redhat,dc=com
  memberof: cn=Replication Administrators,cn=privileges,cn=pbac,dc=sjc,dc=redhat,dc=com
  memberof: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  memberof: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  memberof: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  memberof: cn=Unlock user accounts,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  memberof: cn=Manage service keytab,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  objectclass: top
  objectclass: person
  objectclass: posixaccount
  objectclass: krbprincipalaux
  objectclass: krbticketpolicyaux
  objectclass: inetuser
  objectclass: ipaobject
----------------------------
Number of entries returned 1
----------------------------


a quick conclusion:
looks like --all same as --a, --raw same as --r, 

and if there is more than one option starts with same letter, we have:

[yi@works4me ipa-cert]$ ipa cert-show 20 --o
Usage: ipa [global-options] cert-show SERIAL-NUMBER [options]

ipa: error: --out option requires an argument
Comment 4 Yi Zhang 2011-02-11 21:55:11 UTC 
and if there is more than one option starts with same char, we have:


[yi@works4me ipa-cert]$ ipa user-find --p
Usage: ipa [global-options] user-find [CRITERIA] [options]

ipa: error: ambiguous option: --p (--pager, --password, --phone, --postalcode, --principal?)
Comment 5 Rob Crittenden 2011-02-11 22:32:00 UTC 
This last thing, more than one option, is not an error. It is a helpful hint that the command has no idea what you want to do.
Comment 6 Dmitri Pal 2011-02-23 20:19:49 UTC 
master: dab452442d1425332369d00d95be4cd1b460407f