Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1430363 - [RFE] HBAC rule names command rename
[RFE] HBAC rule names command rename
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.3
All Linux
medium Severity low
: rc
: ---
Assigned To: IPA Maintainers
Varun Mylaraiah
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-08 08:06 EST by Andrey Bondarenko
Modified: 2017-10-30 02:55 EDT (History)
6 users (show)

See Also:
Fixed In Version: ipa-4.5.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 05:44:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 08:41:35 EDT

  None (edit)
Description Andrey Bondarenko 2017-03-08 08:06:01 EST 
Description of problem:

In the IPA there is a possibility to rename users group with the command line interface:

     ipa  group-mod test_group --rename="test1_group"

However, hbacrule-mod does not have --rename option for HBAC rules.


Version-Release number of selected component (if applicable):

    IPA 4.4

Why does the customer need this? (List the business requirements here)  

Often customer havs internal clients renaming team names, systems etc, so it would be great if we could rename HBAC rules.

 How would the customer like to achieve this? (List the functional requirements here)  

    ipa hbacrule-mod name --rename="newname"
    

Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  

    RHEL7

Is the sales team involved in this request and do they have any additional input?  
    
   No
  
List any affected packages or components.  
      
    ipa

Would the customer be able to assist in testing this functionality if implemented?

    Yes
Comment 2 Petr Vobornik 2017-03-17 12:03:59 EDT 
Upstream ticket:
https://pagure.io/freeipa/issue/6784
Comment 5 Martin Kosek 2017-05-26 05:40:31 EDT 
Please note that Red Hat officially released public RHEL-7.4 Beta this week, as announced here:
https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-74-beta-now-available

The new RHEL-7.4 release includes a lot of new IdM functionality, including this RFE. Highlights can be found in RHEL-7.4 Release Notes, especially in the Authentication & Interoperability chapter:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_authentication_and_interoperability.html

IdM Engineering team would like to encourage everyone interested in this new functionality (and especially customers or community members requesting it) to try Beta and provide us with your feedback!
Comment 7 Varun Mylaraiah 2017-05-30 06:09:36 EDT 
Varified
ipa-server-4.5.0-13.el7.x86_64

# ipa hbacrule-mod --help
Usage: ipa [global-options] hbacrule-mod NAME [options]

Modify an HBAC rule.
Options:
  -h, --help            show this help message and exit
  --usercat=['all']     User category the rule applies to
  --hostcat=['all']     Host category the rule applies to
  --servicecat=['all']  Service category the rule applies to
  --desc=STR            Description
  --setattr=STR         Set an attribute to a name/value pair. Format is
                        attr=value. For multi-valued attributes, the command
                        replaces the values already present.
  --addattr=STR         Add an attribute/value pair. Format is attr=value. The
                        attribute must be part of the schema.
  --delattr=STR         Delete an attribute/value pair. The option will be
                        evaluated last, after all sets and adds.
  --rights              Display the access rights of this entry (requires
                        --all). See ipa man page for details.
  --all                 Retrieve and print all attributes from the server.
                        Affects command output.
  --raw                 Print entries as stored on the server. Only affects
                        output format.
  --no-members          Suppress processing of membership attributes.
  --rename=STR          Rename the HBAC rule object


# ipa hbacrule-add newrule
-------------------------
Added HBAC rule "newrule"
-------------------------
  Rule name: newrule
  Enabled: TRUE


# ipa hbacrule-mod newrule --rename=renamedrule
----------------------------
Modified HBAC rule "newrule"
----------------------------
  Rule name: renamedrule
  Enabled: TRUE

# ipa hbacrule-show newrule
ipa: ERROR: newrule: HBAC rule not found

# ipa hbacrule-show renamedrule
  Rule name: renamedrule
  Enabled: TRUE
Comment 8 errata-xmlrpc 2017-08-01 05:44:33 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.