Bug 815364

Summary: [ipa webui] DNS permissions not listed and are in lowercase
Product: Red Hat Enterprise Linux 6 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.2CC: jgalipea, mkosek, mvarun, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:11:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Namita Soman 2012-04-23 13:25:39 UTC 
Description of problem:
ipa permission-find --all dns 
lists 5 permissions - 
add dns entries
read dns entries
remove dns entries
update dns entries
Write DNS Configuration

But in UI, a search for dns lists only:
read dns entries

Also these permissions do not follow the case used for other permissions. For example, it should be Add DNS entries, and so on.

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-10.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. ipa permission-find --all --raw dns 
2. From UI, search for permissions, using string dns

  
Actual results:
only "read dns entries" is listed

Expected results:
list all 5 permissions that match the string dns

Additional info:
Noticed difference between the permission (read dns entries) that is listed in UI, and the one that is not (say, add dns entries
objectclass: ipapermission
is not included.
Outputs for the 2 permissions below:

  dn: cn=add dns entries,cn=permissions,cn=pbac,dc=testrelm,dc=com
  cn: add dns entries
  member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com
  member: cn=DNS Servers,cn=privileges,cn=pbac,dc=testrelm,dc=com
  aci: (target = "ldap:///idnsname=*,cn=dns,dc=testrelm,dc=com")(version 3.0;acl "permission:add dns entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,dc=testrelm,dc=com";)
  description: Add DNS entries
  memberindirect: cn=dns administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com
  memberindirect: cn=dns servers,cn=privileges,cn=pbac,dc=testrelm,dc=com
  memberindirect: krbprincipalname=dns/rhel63-server.testrelm.com,cn=services,cn=accounts,dc=testrelm,dc=com
  objectclass: groupofnames
  objectclass: top



  dn: cn=read dns entries,cn=permissions,cn=pbac,dc=testrelm,dc=com
  cn: read dns entries
  member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com
  member: cn=DNS Servers,cn=privileges,cn=pbac,dc=testrelm,dc=com
  member: cn=testprivilegedns,cn=privileges,cn=pbac,dc=testrelm,dc=com
  ipapermissiontype: SYSTEM
  description: Read DNS entries
  memberindirect: cn=dns administrators,cn=privileges,cn=pbac,dc=testrelm,dc=com
  memberindirect: cn=dns servers,cn=privileges,cn=pbac,dc=testrelm,dc=com
  memberindirect: krbprincipalname=dns/rhel63-server.testrelm.com,cn=services,cn=accounts,dc=testrelm,dc=com
  memberindirect: cn=testroledns,cn=roles,cn=accounts,dc=testrelm,dc=com
  memberindirect: uid=testuserdns,cn=users,cn=accounts,dc=testrelm,dc=com
  objectclass: top
  objectclass: groupofnames
  objectclass: ipapermission
Comment 2 Dmitri Pal 2012-04-23 19:13:08 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2672
Comment 3 Dmitri Pal 2012-04-24 15:36:59 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2658
Comment 4 Namita Soman 2012-04-27 15:15:36 UTC 
To address the part that the permission names should not be all lowercase, bug 815828 was opened.
Comment 5 Martin Kosek 2012-05-15 07:10:04 UTC 
I closed ticket 2672 as duplicate. DNS permission mixed case shall be fixed in a scope of Bug 815828. This BZ shall fix just the part with permissions missing in permission-find (ticket 2658).
Comment 6 Martin Kosek 2012-06-01 05:54:58 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/6ff5f28142c46bf5f08fef74c261f75e1baa9f66
Comment 7 Jenny Severance 2012-09-25 16:18:15 UTC 
automated regression test exists
Comment 11 Varun Mylaraiah 2013-01-18 18:08:12 UTC 
Verified using ipa-server-3.0.0-22.el6.x86_64

https://wiki.idm.lab.bos.redhat.com/qa/archive/ipa/webui/automation/firefox/test-output-ipa-server-3.0.0-QA/0114_64bit/full%20suite/IPARBACTestSuite/index.html

Starting Test: testPermissionBug815364([add_permission_type_bug815364_search, dns])

Starting Test: testPermissionBug815364([add_permission_type_bug815364_search, dns])

Asserted: Read DNS Entries exists

Asserted: add dns entries exists

Asserted: remove dns entries exists

Asserted: update dns entries exists

Asserted: Write DNS Configuration exists

Test Passed: testPermissionBug815364([add_permission_type_bug815364_search, dns])

Test Passed: testPermissionBug815364([add_permission_type_bug815364_search, dns])
Comment 13 errata-xmlrpc 2013-02-21 09:11:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html