1380332 – SSSD service successfully starts by adding a secrets section

Bug 1380332 - SSSD service successfully starts by adding a secrets section

Summary: SSSD service successfully starts by adding a secrets section

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	Steeve Goveas
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-29 10:19 UTC by Amith
Modified:	2016-09-29 12:50 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-29 12:09:50 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Amith 2016-09-29 10:19:58 UTC

Description of problem:

SSSD service should fail to start when an invalid section is added. 
For example, when a secrets section is added to test secrets service. The sssd.log clearly shows error: "Section [secrets] is not allowed. Check for typos."


Version-Release number of selected component (if applicable):
sssd-1.14.0-43.el7

How reproducible:
Always

Steps to Reproduce:
1. Edit sssd.conf file and add a secrets section as given below:
        [secrets]
        debug_level = 0xFFF0
        provider = local
2. Restart sssd service
3. Verify error log in sssd.log file


Actual results:
SSSD service successfully starts.

Expected results:
SSSD service should fail to start or show warning on the service status.

Additional info:

Comment 1 Jakub Hrozek 2016-09-29 10:28:04 UTC

I don't think we should fail to start. We should fail to start if you add secrets to the "services" line, but not if a section is created.

Try creating a totally bogus section..

Comment 3 Jakub Hrozek 2016-09-29 12:09:50 UTC

Actually, the [services] section is /required/ in many setups like if you want to set up proxying to custodia or even enable debugging.

This is not a bug.

Comment 4 Pavel Březina 2016-09-29 12:15:22 UTC

And isn't it a bug in config check that it assumes secrets to be invalid?

Comment 5 Jakub Hrozek 2016-09-29 12:25:47 UTC

(In reply to Pavel Březina from comment #4)
> And isn't it a bug in config check that it assumes secrets to be invalid?

Yeah, that's possible, Fabiano already has a PR open on github that addresses this..

Comment 6 Jakub Hrozek 2016-09-29 12:26:24 UTC

(Amith, if this is the case, please open a different bug about the config check)

Comment 7 Amith 2016-09-29 12:44:03 UTC

The sssd.log shows "Section [secrets] is not allowed. Check for typos." So i assumed that a secrets section is invalid. 

Also, I logged this bug to address Jakub's response on one of the SSSD secrets test case, sent for review:

----------------------------------------------------------------------------------------
*Case-03: Test sssd behaviour by adding a secrets section*
Steps:
    - Edit sssd.conf file and add a secrets section as given below:
        [secrets]
         debug_level = 0xFFF0
         provider = local
    - Restart sssd service
    - Verify error log in sssd.log file

Result seen: SSSD service successfully restarts. Logged message in sssd.log:
"Section [secrets] is not allowed. Check for typos."
--------------------------------------------------------------------------------------------

Jakub's response: This is a known bug, you can log it if you like.

Comment 8 Jakub Hrozek 2016-09-29 12:50:05 UTC

Yeah, sorry, I meant it's a bug in the config-check.

Note You need to log in before you can comment on or make changes to this bug.