1880378 – [ansible-freeipa] After changing the vault type from asymmetric to the standard vault, the Public key is present in the standard vault.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1880378 - [ansible-freeipa] After changing the vault type from asymmetric to the standard vault, the Public key is present in the standard vault.

Summary: [ansible-freeipa] After changing the vault type from asymmetric to the standa...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	ansible-freeipa
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Rafael Jeffman
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-09-18 11:39 UTC by Varun Mylaraiah
Modified:	2021-05-18 15:51 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:51:18 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Varun Mylaraiah 2020-09-18 11:39:47 UTC

Description of problem:
In Vault module, After changing the vault type from asymmetric to the standard vault, the Public key is present in the standard vault.

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.12-6.el8.noarch


Steps to Reproduce:
---
- name: Playbook to ensure asymmetric vaults are changed to standard type.
  hosts: ipaserver

  tasks:
  - ipavault:
      ipaadmin_password: <XXXXXPasswordXXXX>
      name: asymm_to_std
      vault_type: standard


RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
 ansible-playbook 2.9.12
   config file = /root/ansible.cfg
   configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
   ansible python module location = /usr/lib/python3.6/site-packages/ansible
   executable location = /usr/bin/ansible-playbook
   python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
 Using /root/ansible.cfg as config file
 
 PLAYBOOK: vault_module.yml *****************************************************
 1 plays in vault_module.yml
 
 PLAY [Playbook to ensure asymmetric vaults are changed to standard type.] ******
 
 TASK [Gathering Facts] *********************************************************
 task path: /root/vault_module.yml:2
 ok: [master.ipadomain.test]
 META: ran handlers
 
 TASK [ipavault] ****************************************************************
 task path: /root/vault_module.yml:6
 changed: [master.ipadomain.test] => {"changed": true}
 META: ran handlers
 META: ran handlers
 
 PLAY RECAP *********************************************************************
 master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  


Actual results:
[root@master ~]# ipa vault-show asymm_to_std
  Vault name: asymm_to_std
  Type: standard
  Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE2ZXVnMTRLbXlIVFEwdm50VGFWKwpTSmMrTXppWmRXVS8xK2Fvb2dzZmxFdGh0YWxMNDMwU2Q4QlAzNi90dXJ0MXZkazdZMEs1eU1kYVZQMzg3NlNtCitVdEhlVWMwSENHUFlvTTh6MTNHZnlNU1ZXd3ltMEZYSUhaTkYydExRaGltRFZJSy83VzRwVk5HR040eG5jWHMKSWVGYWhVU3A4K2ltWGdRSW1VajViOWJyYmRhbThTYmNvcEtqc1pUS2FBNFdHeU1pRUQva2tZQTRpdThaWUl0OQpDYmMrRDFYSGJodVptVTJjb215Mk9nOTJPWTVjNDQxMzY1VFFDNWlsc01SMCtMNERGSEVmWVd4eS91eUtWZ05SCldBTmJjV3ZXQnpPTnIzem00UCtDUTYyT25neG4vbVV2Q05EZmpkU3psVFdXS25OMmpnUHpqMXZxR2lwQ2RYTkYKclFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t
  Owner users: admin
  Vault user: admin


Expected results:
Public key should not present in standard vault

Additional info:

Comment 3 Rafael Jeffman 2020-12-13 23:19:32 UTC

There is an upstream PR for this issue: https://github.com/freeipa/ansible-freeipa/pull/468

Comment 5 Rafael Jeffman 2021-01-07 14:20:37 UTC

Upstream PR was merged.

Comment 10 Varun Mylaraiah 2021-01-21 11:05:27 UTC

Verified

Version:
ansible-freeipa-0.3.2-1.el8.noarch
ipa-server-4.9.0-1.module+el8.4.0+9274+259c83ee.x86_64

Passed	ansible_freeipa_tests/vault_module.py::TestMiscellaneousVaultTests::()::test_asymmetric_to_standard_vault

----------------------------- Captured log call -------------------------------
channel.py                1212 DEBUG    [chan 341] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 341] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 341 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 341] Sesch channel 341 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 341] EOF received (341)
channel.py                1212 DEBUG    [chan 341] EOF sent (341)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 342] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 342] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 342 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 342] Sesch channel 342 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: asymmetric
transport.py               563 DEBUG      Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5Y1dkek1tUU9OeHZNamFiTmdlcQpvWEdvNUM1Qkd6Y3RjVVQ0NncwRjI1QlJtY3RCNkNmVGczYkNVUndmeGxTUUtaYWp0ekdCQkFSSFh2b0NMQjJBCkcvOW9qVlN5OE05dkFUSjh1OXlYbjE0MVFBQmpKaThESzBaVnR3bXVQU291THVtYjdFMFU3bnFDdkJRYjhscEwKZWp1K3lFS3VQZGhsdFhCWTJaV3hCZ1Y4NHJwanhyTkUzaWlXUUxuM2RxbkZMQmZvYjRUd2ZRRU04REwvazVtUgpnU2JRbnd0NGpkeUhLRllOT1M5TVkveG1RUk9qbTNIUjl2RlNGT0tzUGl0US9qc21JYmlKWmdCVXBoWkk1OTlRCnBibzdWMGJPWEltN3dxSmRYa25nemU2bzA2UGtpcWlFWFNCTTVwbytxSk95SUh1S3NuenhoMTk0UFFhOUROZWIKandJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 342] EOF received (342)
channel.py                1212 DEBUG    [chan 342] EOF sent (342)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 343] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 343] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 343 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 343] Sesch channel 343 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 343] EOF received (343)
channel.py                1212 DEBUG    [chan 343] EOF sent (343)
transport.py               217 DEBUG    Exit code: 0
transport.py               293 INFO     WRITE inventory/vault.hosts
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/vault.hosts', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
transport.py               329 INFO     PUT vault_module.yml
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'vault_module.yml', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
sftp.py                    158 DEBUG    [chan 0] stat(b'vault_module.yml')
channel.py                1212 DEBUG    [chan 96] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 96] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 96 opened.
transport.py               318 INFO     RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
transport.py               519 DEBUG    RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
channel.py                1212 DEBUG    [chan 96] Sesch channel 96 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-playbook 2.9.17
transport.py               563 DEBUG      config file = /root/ansible.cfg
transport.py               563 DEBUG      configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py               563 DEBUG      ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py               563 DEBUG      executable location = /usr/bin/ansible-playbook
transport.py               563 DEBUG      python version = 3.6.8 (default, Dec  7 2020, 09:56:35) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
transport.py               563 DEBUG    Using /root/ansible.cfg as config file
transport.py               563 DEBUG    Skipping callback 'actionable', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'counter_enabled', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'debug', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'dense', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'dense', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'full_skip', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'json', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'minimal', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'null', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'oneline', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'selective', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'skippy', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'stderr', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'unixy', as we already have a stdout callback.
transport.py               563 DEBUG    Skipping callback 'yaml', as we already have a stdout callback.
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAYBOOK: vault_module.yml *****************************************************
transport.py               563 DEBUG    1 plays in vault_module.yml
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY [Playbook to ensure asymmetric vaults are changed to standard type.] ******
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [Gathering Facts] *********************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:2
transport.py               563 DEBUG    ok: [master.ipadomain.test]
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [ipavault] ****************************************************************
transport.py               563 DEBUG    task path: /root/vault_module.yml:6
transport.py               563 DEBUG    changed: [master.ipadomain.test] => {"changed": true}
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY RECAP *********************************************************************
transport.py               563 DEBUG    master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
transport.py               563 DEBUG    
channel.py                1212 DEBUG    [chan 96] EOF received (96)
channel.py                1212 DEBUG    [chan 96] EOF sent (96)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 344] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 344] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 344 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 344] Sesch channel 344 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 344] EOF received (344)
channel.py                1212 DEBUG    [chan 344] EOF sent (344)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 345] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 345] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 345 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 345] Sesch channel 345 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: standard
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 345] EOF received (345)
channel.py                1212 DEBUG    [chan 345] EOF sent (345)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 346] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 346] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 346 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 346] Sesch channel 346 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 346] EOF received (346)
channel.py                1212 DEBUG    [chan 346] EOF sent (346)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 347] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 347] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 347 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 347] Sesch channel 347 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 347] EOF received (347)
channel.py                1212 DEBUG    [chan 347] EOF sent (347)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 348] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 348] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 348 opened.
transport.py               318 INFO     RUN ['ipa', 'vault-show', 'asymm_to_std']
transport.py               519 DEBUG    RUN ['ipa', 'vault-show', 'asymm_to_std']
channel.py                1212 DEBUG    [chan 348] Sesch channel 348 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Vault name: asymm_to_std
transport.py               563 DEBUG      Type: standard
transport.py               563 DEBUG      Owner users: admin
transport.py               563 DEBUG      Vault user: admin
channel.py                1212 DEBUG    [chan 348] EOF received (348)
channel.py                1212 DEBUG    [chan 348] EOF sent (348)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 349] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 349] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 349 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 349] Sesch channel 349 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 349] EOF received (349)
channel.py                1212 DEBUG    [chan 349] EOF sent (349)
transport.py               217 DEBUG    Exit code: 0

Comment 12 errata-xmlrpc 2021-05-18 15:51:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1860

Note You need to log in before you can comment on or make changes to this bug.