Bug 1252555 - ipa vault-find doesn't work for services
ipa vault-find doesn't work for services
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-11 12:46 EDT by Jan Cholasta
Modified: 2015-11-19 07:05 EST (History)
4 users (show)

See Also:
Fixed In Version: ipa-4.2.0-5.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 07:05:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Cholasta 2015-08-11 12:46:12 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5150

As admin user I'm able to create service vaults but I'm not able to list them when I don't remember the name.

VERSION: 4.2.90.201507201402GIT37b1af9, API_VERSION: 2.146

{{{
$ ipa vault-add ServiceVault --service HTTP/server.example.com --password-file password.txt
--------------------------
Added vault "ServiceVault"
--------------------------
  Vault name: ServiceVault
  Type: standard
  Owner users: admin

$ ipa vault-find
----------------
0 vaults matched
----------------
----------------------------
Number of entries returned 0
----------------------------
}}}

It works well when I enter the service name.
{{{
$ ipa vault-find --service HTTP/server.example.com
---------------
1 vault matched
---------------
  Vault name: ServiceVault
  Type: standard
----------------------------
Number of entries returned 1
----------------------------
}}}

There is no option to list service (according to type) like for "shared" vaults for example:
{{{
$ ipa vault-find --help
- SNIP-
  --service=STR    Service name of the service vault
  --shared         Shared vault
- SNIP-
Comment 4 Scott Poore 2015-10-05 20:05:03 EDT
Verified.

Version ::

ipa-server-4.2.0-12.el7.x86_64

Results ::

############# Services:

[root@rhel7-5 ~]# ipa service-add SVC1/$(hostname)
----------------------------------------------------
Added service "SVC1/rhel7-5.example.com@EXAMPLE.COM"
----------------------------------------------------
  Principal: SVC1/rhel7-5.example.com@EXAMPLE.COM
  Managed by: rhel7-5.example.com

[root@rhel7-5 ~]# ipa service-add SVC2/$(hostname)
----------------------------------------------------
Added service "SVC2/rhel7-5.example.com@EXAMPLE.COM"
----------------------------------------------------
  Principal: SVC2/rhel7-5.example.com@EXAMPLE.COM
  Managed by: rhel7-5.example.com

[root@rhel7-5 ~]# ipa vault-add vault_svc1 --service SVC1/$(hostname) --password-file password.txt
------------------------
Added vault "vault_svc1"
------------------------
  Vault name: vault_svc1
  Type: symmetric
  Salt: pasRLjQaJfHJ52J0w50+vw==
  Owner users: admin
  Vault service: SVC1/rhel7-5.example.com@EXAMPLE.COM

[root@rhel7-5 ~]# ipa vault-add vault_svc2 --service SVC2/$(hostname) --password-file password.txt
------------------------
Added vault "vault_svc2"
------------------------
  Vault name: vault_svc2
  Type: symmetric
  Salt: xmjSE51f4QfJsxSusO2oMQ==
  Owner users: admin
  Vault service: SVC2/rhel7-5.example.com@EXAMPLE.COM

[root@rhel7-5 ~]# ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: vault_svc1
  Type: symmetric
  Vault service: SVC1/rhel7-5.example.com@EXAMPLE.COM

  Vault name: vault_svc2
  Type: symmetric
  Vault service: SVC2/rhel7-5.example.com@EXAMPLE.COM
----------------------------
Number of entries returned 2
----------------------------


############# Users:

[root@rhel7-5 ~]# ipa user-add --first=f --last=l user1
------------------
Added user "user1"
------------------
  User login: user1
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/user1
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: user1@EXAMPLE.COM
  Email address: user1@example.com
  UID: 546200001
  GID: 546200001
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@rhel7-5 ~]# ipa user-add --first=f --last=l user2
------------------
Added user "user2"
------------------
  User login: user2
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/user2
  GECOS: f l
  Login shell: /bin/sh
  Kerberos principal: user2@EXAMPLE.COM
  Email address: user2@example.com
  UID: 546200003
  GID: 546200003
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@rhel7-5 ~]# ipa vault-add vault_user1 --user=user1 --password-file password.txt 
-------------------------
Added vault "vault_user1"
-------------------------
  Vault name: vault_user1
  Type: symmetric
  Salt: TC6TmWPUiXhS8QFMGENoYA==
  Owner users: admin
  Vault user: user1

[root@rhel7-5 ~]# ipa vault-add vault_user2 --user=user2 --password-file password.txt 
-------------------------
Added vault "vault_user2"
-------------------------
  Vault name: vault_user2
  Type: symmetric
  Salt: LfxyRanN5RdmS0RAkzdQaA==
  Owner users: admin
  Vault user: user2

[root@rhel7-5 ~]# ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: vault_user1
  Type: symmetric
  Vault user: user1

  Vault name: vault_user2
  Type: symmetric
  Vault user: user2
----------------------------
Number of entries returned 2
----------------------------
Comment 5 errata-xmlrpc 2015-11-19 07:05:17 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html

Note You need to log in before you can comment on or make changes to this bug.