Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1252555

Summary: ipa vault-find doesn't work for services
Product: Red Hat Enterprise Linux 7 Reporter: Jan Cholasta <jcholast>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: ksiddiqu, pvoborni, rcritten, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-5.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:05:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Cholasta 2015-08-11 16:46:12 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5150

As admin user I'm able to create service vaults but I'm not able to list them when I don't remember the name.

VERSION: 4.2.90.201507201402GIT37b1af9, API_VERSION: 2.146

{{{
$ ipa vault-add ServiceVault --service HTTP/server.example.com --password-file password.txt
--------------------------
Added vault "ServiceVault"
--------------------------
  Vault name: ServiceVault
  Type: standard
  Owner users: admin

$ ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------
}}}

It works well when I enter the service name.
{{{
$ ipa vault-find --service HTTP/server.example.com
---------------
1 vault matched
---------------
  Vault name: ServiceVault
  Type: standard
----------------------------
Number of entries returned 1
----------------------------
}}}

There is no option to list service (according to type) like for "shared" vaults for example:
{{{
$ ipa vault-find --help
- SNIP-
  --service=STR    Service name of the service vault
  --shared         Shared vault
- SNIP-
Comment 1 Petr Vobornik 2015-08-19 08:42:40 UTC 
first part implemented upstream:

master:
https://fedorahosted.org/freeipa/changeset/01dd951ddc0181b559eb3dd5ff0336c81e245628
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/cb575e6a16c3f1a001b13b96279ecd758c8783a1
Comment 2 Jan Cholasta 2015-08-19 12:49:00 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/0abaf195dc3b0920d2439dd4ec6df61e0aadc4f9
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/89c9feaf93299c96bb227b3705246193a1de1d82
Comment 4 Scott Poore 2015-10-06 00:05:03 UTC 
Verified.

Version ::

ipa-server-4.2.0-12.el7.x86_64

Results ::

############# Services:

[root@rhel7-5 ~]# ipa service-add SVC1/$(hostname)
----------------------------------------------------
Added service "SVC1/rhel7-5.example.com"
----------------------------------------------------
  Principal: SVC1/rhel7-5.example.com
  Managed by: rhel7-5.example.com

[root@rhel7-5 ~]# ipa service-add SVC2/$(hostname)
----------------------------------------------------
Added service "SVC2/rhel7-5.example.com"
----------------------------------------------------
  Principal: SVC2/rhel7-5.example.com
  Managed by: rhel7-5.example.com

[root@rhel7-5 ~]# ipa vault-add vault_svc1 --service SVC1/$(hostname) --password-file password.txt
------------------------
Added vault "vault_svc1"
------------------------
  Vault name: vault_svc1
  Type: symmetric
  Salt: pasRLjQaJfHJ52J0w50+vw==
  Owner users: admin
  Vault service: SVC1/rhel7-5.example.com

[root@rhel7-5 ~]# ipa vault-add vault_svc2 --service SVC2/$(hostname) --password-file password.txt
------------------------
Added vault "vault_svc2"
------------------------
  Vault name: vault_svc2
  Type: symmetric
  Salt: xmjSE51f4QfJsxSusO2oMQ==
  Owner users: admin
  Vault service: SVC2/rhel7-5.example.com

[root@rhel7-5 ~]# ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: vault_svc1
  Type: symmetric
  Vault service: SVC1/rhel7-5.example.com

  Vault name: vault_svc2
  Type: symmetric
  Vault service: SVC2/rhel7-5.example.com
----------------------------
Number of entries returned 2
----------------------------


############# Users:

[root@rhel7-5 ~]# ipa user-add --first=f --last=l user1
------------------
Added user "user1"
------------------
  User login: user1
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/user1
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: user1
  Email address: user1
  UID: 546200001
  GID: 546200001
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@rhel7-5 ~]# ipa user-add --first=f --last=l user2
------------------
Added user "user2"
------------------
  User login: user2
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/user2
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: user2
  Email address: user2
  UID: 546200003
  GID: 546200003
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@rhel7-5 ~]# ipa vault-add vault_user1 --user=user1 --password-file password.txt 
-------------------------
Added vault "vault_user1"
-------------------------
  Vault name: vault_user1
  Type: symmetric
  Salt: TC6TmWPUiXhS8QFMGENoYA==
  Owner users: admin
  Vault user: user1

[root@rhel7-5 ~]# ipa vault-add vault_user2 --user=user2 --password-file password.txt 
-------------------------
Added vault "vault_user2"
-------------------------
  Vault name: vault_user2
  Type: symmetric
  Salt: LfxyRanN5RdmS0RAkzdQaA==
  Owner users: admin
  Vault user: user2

[root@rhel7-5 ~]# ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: vault_user1
  Type: symmetric
  Vault user: user1

  Vault name: vault_user2
  Type: symmetric
  Vault user: user2
----------------------------
Number of entries returned 2
----------------------------
Comment 5 errata-xmlrpc 2015-11-19 12:05:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html