Bug 1880378 - [ansible-freeipa] After changing the vault type from asymmetric to the standard vault, the Public key is present in the standard vault.
Summary: [ansible-freeipa] After changing the vault type from asymmetric to the standa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ansible-freeipa
Version: 8.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: 8.0
Assignee: Rafael Jeffman
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-18 11:39 UTC by Varun Mylaraiah
Modified: 2021-05-18 15:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:51:18 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Varun Mylaraiah 2020-09-18 11:39:47 UTC
Description of problem:
In Vault module, After changing the vault type from asymmetric to the standard vault, the Public key is present in the standard vault.

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.12-6.el8.noarch


Steps to Reproduce:
---
- name: Playbook to ensure asymmetric vaults are changed to standard type.
  hosts: ipaserver

  tasks:
  - ipavault:
      ipaadmin_password: <XXXXXPasswordXXXX>
      name: asymm_to_std
      vault_type: standard


RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
 ansible-playbook 2.9.12
   config file = /root/ansible.cfg
   configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
   ansible python module location = /usr/lib/python3.6/site-packages/ansible
   executable location = /usr/bin/ansible-playbook
   python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
 Using /root/ansible.cfg as config file
 
 PLAYBOOK: vault_module.yml *****************************************************
 1 plays in vault_module.yml
 
 PLAY [Playbook to ensure asymmetric vaults are changed to standard type.] ******
 
 TASK [Gathering Facts] *********************************************************
 task path: /root/vault_module.yml:2
 ok: [master.ipadomain.test]
 META: ran handlers
 
 TASK [ipavault] ****************************************************************
 task path: /root/vault_module.yml:6
 changed: [master.ipadomain.test] => {"changed": true}
 META: ran handlers
 META: ran handlers
 
 PLAY RECAP *********************************************************************
 master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  


Actual results:
[root@master ~]# ipa vault-show asymm_to_std
  Vault name: asymm_to_std
  Type: standard
  Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE2ZXVnMTRLbXlIVFEwdm50VGFWKwpTSmMrTXppWmRXVS8xK2Fvb2dzZmxFdGh0YWxMNDMwU2Q4QlAzNi90dXJ0MXZkazdZMEs1eU1kYVZQMzg3NlNtCitVdEhlVWMwSENHUFlvTTh6MTNHZnlNU1ZXd3ltMEZYSUhaTkYydExRaGltRFZJSy83VzRwVk5HR040eG5jWHMKSWVGYWhVU3A4K2ltWGdRSW1VajViOWJyYmRhbThTYmNvcEtqc1pUS2FBNFdHeU1pRUQva2tZQTRpdThaWUl0OQpDYmMrRDFYSGJodVptVTJjb215Mk9nOTJPWTVjNDQxMzY1VFFDNWlsc01SMCtMNERGSEVmWVd4eS91eUtWZ05SCldBTmJjV3ZXQnpPTnIzem00UCtDUTYyT25neG4vbVV2Q05EZmpkU3psVFdXS25OMmpnUHpqMXZxR2lwQ2RYTkYKclFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t
  Owner users: admin
  Vault user: admin


Expected results:
Public key should not present in standard vault

Additional info:

Comment 3 Rafael Jeffman 2020-12-13 23:19:32 UTC
There is an upstream PR for this issue: https://github.com/freeipa/ansible-freeipa/pull/468

Comment 5 Rafael Jeffman 2021-01-07 14:20:37 UTC
Upstream PR was merged.

Comment 10 Varun Mylaraiah 2021-01-21 11:05:27 UTC
Verified

Version:
ansible-freeipa-0.3.2-1.el8.noarch
ipa-server-4.9.0-1.module+el8.4.0+9274+259c83ee.x86_64

Passed	ansible_freeipa_tests/vault_module.py::TestMiscellaneousVaultTests::()::test_asymmetric_to_standard_vault

----------------------------- Captured log call -------------------------------
channel.py                1212 DEBUG    [chan 341] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 341] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 341 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 341] Sesch channel 341 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin@IPADOMAIN.TEST: 
channel.py                1212 DEBUG    [chan 341] EOF received (341)
channel.py                1212 DEBUG    [chan 341] EOF sent (341)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 342] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 342] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 342 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 342] Sesch channel 342 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: asymmetric
transport.py               563 DEBUG      Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5Y1dkek1tUU9OeHZNamFiTmdlcQpvWEdvNUM1Qkd6Y3RjVVQ0NncwRjI1QlJtY3RCNkNmVGczYkNVUndmeGxTUUtaYWp0ekdCQkFSSFh2b0NMQjJBCkcvOW9qVlN5OE05dkFUSjh1OXlYbjE0MVFBQmpKaThESzBaVnR3bXVQU291THVtYjdFMFU3bnFDdkJRYjhscEwKZWp1K3lFS3VQZGhsdFhCWTJaV3hCZ1Y4NHJwanhyTkUzaWlXUUxuM2RxbkZMQmZvYjRUd2ZRRU04REwvazVtUgpnU2JRbnd0NGpkeUhLRllOT1M5TVkveG1RUk9qbTNIUjl2RlNGT0tzUGl0US9qc21JYmlKWmdCVXBoWkk1OTlRCnBibzdWMGJPWEltN3dxSmRYa25nemU2bzA2UGtpcWlFWFNCTTVwbytxSk95SUh1S3NuenhoMTk0UFFhOUROZWIKandJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 342] EOF received (342)
channel.py                1212 DEBUG    [chan 342] EOF sent (342)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 343] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 343] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 343 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 343] Sesch channel 343 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 343] EOF received (343)
channel.py                1212 DEBUG    [chan 343] EOF sent (343)
transport.py               217 DEBUG    Exit code: 0
transport.py               293 INFO     WRITE inventory/vault.hosts
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
transport.py               329 INFO     PUT vault_module.yml
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
sftp.py                    158 DEBUG    [chan 0] stat(b'vault_module.yml')
channel.py                1212 DEBUG    [chan 96] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 96] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 96 opened.
transport.py               318 INFO     RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
transport.py               519 DEBUG    RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
channel.py                1212 DEBUG    [chan 96] Sesch channel 96 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-playbook 2.9.17
transport.py               563 DEBUG      config file = /root/ansible.cfg
transport.py               563 DEBUG      configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py               563 DEBUG      ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py               563 DEBUG      executable location = /usr/bin/ansible-playbook
transport.py               563 DEBUG      python version = 3.6.8 (default, Dec  7 2020, 09:56:35) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
transport.py               563 DEBUG    Using /root/ansible.cfg as config file
transport.py               563 DEBUG    Skipping callback 'actionable', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'counter_enabled', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'debug', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'dense', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'dense', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'full_skip', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'json', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'minimal', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'null', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'oneline', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'selective', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'skippy', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'stderr', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'unixy', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'yaml', as we already have a stdout callback.
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAYBOOK: vault_module.yml *****************************************************
transport.py               563 DEBUG    1 plays in vault_module.yml
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY [Playbook to ensure asymmetric vaults are changed to standard type.] ******
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [Gathering Facts] *********************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:2
transport.py               563 DEBUG    ok: [master.ipadomain.test]
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [ipavault] ****************************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:6
transport.py               563 DEBUG    changed: [master.ipadomain.test] => {"changed": true}
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY RECAP *********************************************************************
transport.py               563 DEBUG    master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
transport.py               563 DEBUG    
channel.py                1212 DEBUG    [chan 96] EOF received (96)
channel.py                1212 DEBUG    [chan 96] EOF sent (96)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 344] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 344] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 344 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 344] Sesch channel 344 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin@IPADOMAIN.TEST: 
channel.py                1212 DEBUG    [chan 344] EOF received (344)
channel.py                1212 DEBUG    [chan 344] EOF sent (344)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 345] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 345] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 345 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 345] Sesch channel 345 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: standard
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 345] EOF received (345)
channel.py                1212 DEBUG    [chan 345] EOF sent (345)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 346] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 346] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 346 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 346] Sesch channel 346 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 346] EOF received (346)
channel.py                1212 DEBUG    [chan 346] EOF sent (346)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 347] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 347] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 347 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 347] Sesch channel 347 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin@IPADOMAIN.TEST: 
channel.py                1212 DEBUG    [chan 347] EOF received (347)
channel.py                1212 DEBUG    [chan 347] EOF sent (347)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 348] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 348] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 348 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 348] Sesch channel 348 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: standard
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 348] EOF received (348)
channel.py                1212 DEBUG    [chan 348] EOF sent (348)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 349] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 349] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 349 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 349] Sesch channel 349 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 349] EOF received (349)
channel.py                1212 DEBUG    [chan 349] EOF sent (349)
transport.py               217 DEBUG    Exit code: 0

Comment 12 errata-xmlrpc 2021-05-18 15:51:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1860


Note You need to log in before you can comment on or make changes to this bug.