1430363 – [RFE] HBAC rule names command rename

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1430363 - [RFE] HBAC rule names command rename

Summary: [RFE] HBAC rule names command rename

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Varun Mylaraiah
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-03-08 13:06 UTC by Andrey Bondarenko
Modified:	2024-03-25 15:08 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ipa-4.5.0-3.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 09:44:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-10861	0	None	None	None	2024-03-25 15:08:02 UTC
Red Hat Product Errata	RHBA-2017:2304	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2017-08-01 12:41:35 UTC

Description Andrey Bondarenko 2017-03-08 13:06:01 UTC

Description of problem:

In the IPA there is a possibility to rename users group with the command line interface:

     ipa  group-mod test_group --rename="test1_group"

However, hbacrule-mod does not have --rename option for HBAC rules.


Version-Release number of selected component (if applicable):

    IPA 4.4

Why does the customer need this? (List the business requirements here)  

Often customer havs internal clients renaming team names, systems etc, so it would be great if we could rename HBAC rules.

 How would the customer like to achieve this? (List the functional requirements here)  

    ipa hbacrule-mod name --rename="newname"
    

Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  

    RHEL7

Is the sales team involved in this request and do they have any additional input?  
    
   No
  
List any affected packages or components.  
      
    ipa

Would the customer be able to assist in testing this functionality if implemented?

    Yes

Comment 2 Petr Vobornik 2017-03-17 16:03:59 UTC

Upstream ticket:
https://pagure.io/freeipa/issue/6784

Comment 3 Standa Laznicka 2017-03-28 10:52:28 UTC

Fixed upstream
ipa-4-5:
https://pagure.io/freeipa/c/28db6cd40100c6301121e3f82c074624fe53729c
https://pagure.io/freeipa/c/85f2a19f88eef94ff080a42246658f572b5275f4
https://pagure.io/freeipa/c/7d3229bfb88f0fdc559245c8741563faba716106
master:
https://pagure.io/freeipa/c/8e4408e6784f929b4c3d861f0dd509335238e951
https://pagure.io/freeipa/c/55424c8677ba7de464c820afd31260aa4a7678d0
https://pagure.io/freeipa/c/8c1409155e9a9a978d3d763045a84d1eac585dfd

Comment 5 Martin Kosek 2017-05-26 09:40:31 UTC

Please note that Red Hat officially released public RHEL-7.4 Beta this week, as announced here:
https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-74-beta-now-available

The new RHEL-7.4 release includes a lot of new IdM functionality, including this RFE. Highlights can be found in RHEL-7.4 Release Notes, especially in the Authentication & Interoperability chapter:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_authentication_and_interoperability.html

IdM Engineering team would like to encourage everyone interested in this new functionality (and especially customers or community members requesting it) to try Beta and provide us with your feedback!

Comment 7 Varun Mylaraiah 2017-05-30 10:09:36 UTC

Varified
ipa-server-4.5.0-13.el7.x86_64

# ipa hbacrule-mod --help
Usage: ipa [global-options] hbacrule-mod NAME [options]

Modify an HBAC rule.
Options:
  -h, --help            show this help message and exit
  --usercat=['all']     User category the rule applies to
  --hostcat=['all']     Host category the rule applies to
  --servicecat=['all']  Service category the rule applies to
  --desc=STR            Description
  --setattr=STR         Set an attribute to a name/value pair. Format is
                        attr=value. For multi-valued attributes, the command
                        replaces the values already present.
  --addattr=STR         Add an attribute/value pair. Format is attr=value. The
                        attribute must be part of the schema.
  --delattr=STR         Delete an attribute/value pair. The option will be
                        evaluated last, after all sets and adds.
  --rights              Display the access rights of this entry (requires
                        --all). See ipa man page for details.
  --all                 Retrieve and print all attributes from the server.
                        Affects command output.
  --raw                 Print entries as stored on the server. Only affects
                        output format.
  --no-members          Suppress processing of membership attributes.
  --rename=STR          Rename the HBAC rule object


# ipa hbacrule-add newrule
-------------------------
Added HBAC rule "newrule"
-------------------------
  Rule name: newrule
  Enabled: TRUE


# ipa hbacrule-mod newrule --rename=renamedrule
----------------------------
Modified HBAC rule "newrule"
----------------------------
  Rule name: renamedrule
  Enabled: TRUE

# ipa hbacrule-show newrule
ipa: ERROR: newrule: HBAC rule not found

# ipa hbacrule-show renamedrule
  Rule name: renamedrule
  Enabled: TRUE

Comment 8 errata-xmlrpc 2017-08-01 09:44:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304

Note You need to log in before you can comment on or make changes to this bug.