This service will be undergoing disruptive maintenance at 7:00PM UTC, 2020-01-18. It is expected to last approximately one hour.
Bug 1430363 - [RFE] HBAC rule names command rename
Summary: [RFE] HBAC rule names command rename
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: All
OS: Linux
medium
low
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Varun Mylaraiah
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-08 13:06 UTC by Andrey Bondarenko
Modified: 2017-10-30 06:55 UTC (History)
6 users (show)

Fixed In Version: ipa-4.5.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:44:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Andrey Bondarenko 2017-03-08 13:06:01 UTC
Description of problem:

In the IPA there is a possibility to rename users group with the command line interface:

     ipa  group-mod test_group --rename="test1_group"

However, hbacrule-mod does not have --rename option for HBAC rules.


Version-Release number of selected component (if applicable):

    IPA 4.4

Why does the customer need this? (List the business requirements here)  

Often customer havs internal clients renaming team names, systems etc, so it would be great if we could rename HBAC rules.

 How would the customer like to achieve this? (List the functional requirements here)  

    ipa hbacrule-mod name --rename="newname"
    

Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  

    RHEL7

Is the sales team involved in this request and do they have any additional input?  
    
   No
  
List any affected packages or components.  
      
    ipa

Would the customer be able to assist in testing this functionality if implemented?

    Yes

Comment 2 Petr Vobornik 2017-03-17 16:03:59 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6784

Comment 5 Martin Kosek 2017-05-26 09:40:31 UTC
Please note that Red Hat officially released public RHEL-7.4 Beta this week, as announced here:
https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-74-beta-now-available

The new RHEL-7.4 release includes a lot of new IdM functionality, including this RFE. Highlights can be found in RHEL-7.4 Release Notes, especially in the Authentication & Interoperability chapter:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_authentication_and_interoperability.html

IdM Engineering team would like to encourage everyone interested in this new functionality (and especially customers or community members requesting it) to try Beta and provide us with your feedback!

Comment 7 Varun Mylaraiah 2017-05-30 10:09:36 UTC
Varified
ipa-server-4.5.0-13.el7.x86_64

# ipa hbacrule-mod --help
Usage: ipa [global-options] hbacrule-mod NAME [options]

Modify an HBAC rule.
Options:
  -h, --help            show this help message and exit
  --usercat=['all']     User category the rule applies to
  --hostcat=['all']     Host category the rule applies to
  --servicecat=['all']  Service category the rule applies to
  --desc=STR            Description
  --setattr=STR         Set an attribute to a name/value pair. Format is
                        attr=value. For multi-valued attributes, the command
                        replaces the values already present.
  --addattr=STR         Add an attribute/value pair. Format is attr=value. The
                        attribute must be part of the schema.
  --delattr=STR         Delete an attribute/value pair. The option will be
                        evaluated last, after all sets and adds.
  --rights              Display the access rights of this entry (requires
                        --all). See ipa man page for details.
  --all                 Retrieve and print all attributes from the server.
                        Affects command output.
  --raw                 Print entries as stored on the server. Only affects
                        output format.
  --no-members          Suppress processing of membership attributes.
  --rename=STR          Rename the HBAC rule object


# ipa hbacrule-add newrule
-------------------------
Added HBAC rule "newrule"
-------------------------
  Rule name: newrule
  Enabled: TRUE


# ipa hbacrule-mod newrule --rename=renamedrule
----------------------------
Modified HBAC rule "newrule"
----------------------------
  Rule name: renamedrule
  Enabled: TRUE

# ipa hbacrule-show newrule
ipa: ERROR: newrule: HBAC rule not found

# ipa hbacrule-show renamedrule
  Rule name: renamedrule
  Enabled: TRUE

Comment 8 errata-xmlrpc 2017-08-01 09:44:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.