Bug 1334582 - Inconsistent UI and CLI options for removing certificate hold
Summary: Inconsistent UI and CLI options for removing certificate hold
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-10 06:15 UTC by Aneta Šteflová Petrová
Modified: 2016-11-04 05:53 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-11-04 05:53:51 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Aneta Šteflová Petrová 2016-05-10 06:15:49 UTC
Description of problem:

Options for removing certificate hold in UI and CLI are not consistent:

* UI: the "Restore" button
* CLI: the "ipa cert-remove-hold" command

For better usability, both UI and CLI should use the same terminology.


Expected results:

As a fix, Petr Voborník proposed to rename the UI button to "Remove Hold". The button would only be displayed (or active) for certificates revoked because of reason 6: Certificate Hold.

Comment 1 Petr Vobornik 2016-05-10 14:01:41 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5878

Comment 3 Scott Poore 2016-09-19 23:47:43 UTC
Verified.

Version ::

ipa-server-4.4.0-12.el7.x86_64

Results ::

### Setup: Create user with certificate

[root@vm1 ~]# ipa user-add bz1334582_0 --first=f --last=l
------------------------
Added user "bz1334582_0"
------------------------
  User login: bz1334582_0
  First name: f
  Last name: l
  Full name: f l
  Display name: f l
  Initials: fl
  Home directory: /home/bz1334582_0
  GECOS: f l
  Login shell: /bin/sh
  Principal name: bz1334582_0@EXAMPLE.COM">bz1334582_0@EXAMPLE.COM
  Principal alias: bz1334582_0@EXAMPLE.COM">bz1334582_0@EXAMPLE.COM
  Email address: bz1334582_0@example.com">bz1334582_0@example.com
  UID: 635200004
  GID: 635200004
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@vm1 ~]# openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout bz1334582_0.key -out bz1334582_0.csr -subj "/CN=bz1334582_0"
Generating a 2048 bit RSA private key
...................................................................................................+++
..................+++
writing new private key to 'bz1334582_0.key'
-----

[root@vm1 ~]# ipa cert-request bz1334582_0.csr --principal bz1334582_0
  Issuing CA: ipa
  Certificate: MIIECTCCAvGgAwIBAgIBDTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFNUExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDkxOTIzMzE1NFoXDTE4MDkyMDIzMzE1NFowLDEUMBIGA1UECgwLRVhBTVBMRS5DT00xFDASBgNVBAMMC2J6MTMzNDU4Ml8wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1A0YPBgDqV4HPQY/NCEZKqITgfo3J8aNarLXcwpPeLQV6BYbXcgWeQANwpaLgP9A9jRhZEXBqR3v6/5KhKpmavYVoYA1CVGMcI5zs1x12h+rArN/9yTGbguhnIi9q77/K3d3IXi9gjZUQiyC0+sYTU682Gnuam03R8aa+uOLm+wVHGIGKRpsSuxjQuXGKT85580afLf45E8NaoLJ+6LEJrGwbc9Og4htMZBxnKuk2yVJl6b4wETHQGSML5j5On8pb/gPfr8hFsLMlSbpS4x5XioxWd/rrjlIV+1P8npH0HwVv9dQ422vQhg8i6hBBm7BXds3VkE9yEb/VTXLFCKu3wIDAQABo4IBKjCCASYwHwYDVR0jBBgwFoAUDB7zjSoaGVF+EcB3gNSlLOHpKyMwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BgNVHR8EbzBtMGugM6Axhi9odHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQUct6f6YC/e3ZBdo07dv2clblgwiswDQYJKoZIhvcNAQELBQADggEBABnVgCbSaBfbEBsaZVZV5kcAXLlNcjRZwUOB98txTfh8E05sr4ZBgskiO0qbcpogeveMjTGWpATc5uVRas9QHBugXQvOluIfE6Y7N0xGPTBd8zPTMuHzzPIDzQuWPZmdS7M2N0ynOz4Voz6jYw06t1RdbAT2CaYc8swVS2qR9IgEQL6So1GYRCGn9oziDQunPiP5gCephcLsd/7CQ5EAEz9mFJiCebGDheR7RCMmYHr+8jfzJgv4XBaflZreCBp3cQcnjRSiBDV2Euo40Ai+1O5m+6tVVaRYuTwuK1MT2iyfWV6+puAIDcNwQ6EXtgnbj5i1ETYhLEkU7wrSqnuMqdk=
  Subject: CN=bz1334582_0,O=EXAMPLE.COM
  Issuer: CN=Certificate Authority,O=EXAMPLE.COM
  Not Before: Mon Sep 19 23:31:54 2016 UTC
  Not After: Thu Sep 20 23:31:54 2018 UTC
  Fingerprint (MD5): 5e:de:ef:b7:93:c5:48:e6:70:5e:20:ed:43:69:cf:55
  Fingerprint (SHA1): 0e:25:e0:1d:9e:fe:12:cc:a2:86:fe:3e:17:d2:60:f2:1e:e7:4e:aa
  Serial number: 13
  Serial number (hex): 0xD

### TC_1: Remove hold not active if cert not revoked

# Go to WebUI

Authenticaion > Certificates > Certificates (Default for Authentication)

== Certificates == 
13 (certificate for user bz1334582_0)
== Certificate: 13 ==
Actions
Remove hold is inactive (grayed out)


### TC_2: Remove hold option available if revocation reason is 6

# Back to Master CLI

[root@vm1 ~]# ipa cert-revoke --revocation-reason=6 13
  Revoked: True

# WebUI

Authenticaion > Certificates > Certificates (Default for Authentication)
== Certificates ==
Refresh
13 (now shows revoked)
== Certificate: 13 ==
Action (still showed remove hold inactive)
refresh browser
Actions
Remove hold is now active ( Click )
== Remove Certificate Hold ==
Remove hold
== Certificate: 13 ==
Actions
Remove hold is inactive (grayed out)

# Back to Master CLI

### TC_3: remove hold not active for other revocation reason

[root@vm1 ~]# ipa cert-revoke --revocation-reason=0 13
  Revoked: True

# WebUI

Authenticaion > Certificates > Certificates (Default for Authentication)
== Certificates ==
Refresh
13 (now shows revoked)
== Certificate: 13 ==
Action (still showed remove hold inactive)
refresh button
Actions
Remove hold is not active

^^^^

In all cases above WebUI did use label "Revoke Hold" for the Action menu option.

Comment 5 errata-xmlrpc 2016-11-04 05:53:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.