RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 709665 - Removed external host is displayed in the output when "--all" switch is used.
Summary: Removed external host is displayed in the output when "--all" switch is used.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 748554
TreeView+ depends on / blocked
 
Reported: 2011-06-01 10:34 UTC by Gowrishankar Rajaiyan
Modified: 2015-01-04 23:49 UTC (History)
5 users (show)

Fixed In Version: ipa-2.1.3-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: The output when removing external hosts from a sudorule contained the hosts that were removed. Consequence: This caused confusion because the hosts were actually removed. Fix: Refresh the external host information before returning data to the client. Result: The removed external hosts are no longer displayed in the sudo rule output.
Clone Of:
Environment:
Last Closed: 2011-12-06 18:22:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 0 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Gowrishankar Rajaiyan 2011-06-01 10:34:44 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.0.0-23.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Remove an external host with the --all switch..
 #  ipa sudorule-remove-host sudorule1 --hosts=test2.example.com --all
  dn: ipauniqueid=ec583822-8bb6-11e0-9ad5-525400deab7b,cn=sudorules,cn=sudo,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  Rule name: sudorule1
  Enabled: TRUE
  External host: test2.example.com
  ipauniqueid: ec583822-8bb6-11e0-9ad5-525400deab7b
  objectclass: ipaassociation, ipasudorule
---------------------------
Number of members removed 1
---------------------------
  
Actual results:
Observe that the removed "External host" is still displayed in the output.

Expected results:
Removing an external host with --all switch should remove it from its output as well. 

Additional info:
Comment 2 Rob Crittenden 2011-06-01 15:32:04 UTC 
https://fedorahosted.org/freeipa/ticket/1270
Comment 3 Rob Crittenden 2011-08-01 20:31:53 UTC 
master: 6e5885d109a6aa303b62706bd571dc076491fab4

ipa-2-0: 0705fa243cd411068f25304a85df75ee3f143a25
Comment 5 Jenny Severance 2011-10-05 20:11:23 UTC 
[root@ipaserver ~]# ipa sudorule-add-host sudorule1 --hosts=test2.example.com
  Rule name: sudorule1
  Enabled: TRUE
  Failed hosts/hostgroups: 
    member host: test2.example.com: no such entry
-------------------------
Number of members added 0
-------------------------


[root@ipaserver ~]# ipa sudorule-remove-host sudorule1 --hosts=test2.example.com --all
  dn: ipauniqueid=e494cc1c-ef80-11e0-898e-00110a9d72f2,cn=sudorules,cn=sudo,dc=jgalipea
  Rule name: sudorule1
  Enabled: TRUE
  External host: test2.example.com   <<====================================
  ipauniqueid: e494cc1c-ef80-11e0-898e-00110a9d72f2
  objectclass: ipaassociation, ipasudorule
---------------------------
Number of members removed 1
---------------------------

output still contains the external host that was removed

version tested :
ipa-server-2.1.1-4.el6.x86_64
Comment 6 Rob Crittenden 2011-10-05 20:54:19 UTC 
This will be fixed in the 2.1.2 rebase, it works for me.
Comment 7 Jenny Severance 2011-10-05 21:02:35 UTC 
okay need to change the fixed in version and it should have been Modified and not ON_QA  .. when bugs get added to the errata they switch from Modified to ON_QA that how I know the fix is available!
Comment 8 Rob Crittenden 2011-10-05 21:35:14 UTC 
I understand the process. It is possible that this regressed or was not completely fixed, but it appears to be fixed now. Holding in ASSIGNED until the 2.1.2 rebase is complete.
Comment 9 Martin Kosek 2011-10-06 08:58:22 UTC 
IIRC, bugs that are fixed upstream should be put to MODIFIED. Then, as Jenny wrote, they are moved to ON_QA when errata is ready.

This is what we do with all the other bugs and I think we should do it with this one too otherwise it can brings confusion.
Comment 10 Rob Crittenden 2011-10-31 19:20:52 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: The output when removing external hosts from a sudorule contained the hosts that were removed.
Consequence: This caused confusion because the hosts were actually removed.
Fix: Refresh the external host information before returning data to the client.
Result: The removed external hosts are no longer displayed in the sudo rule output.
Comment 11 Gowrishankar Rajaiyan 2011-11-02 06:42:07 UTC 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: sudorule-remove-host_003: Remove multiple hosts from sudorule.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa sudorule-remove-host sudorule1 --hosts=test2.example.com,test3.example2.com --all > /tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt 2>&1'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'Rule name: sudorule1'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'Enabled: TRUE'
:: [11:43:02] ::  Verifying https://bugzilla.redhat.com/show_bug.cgi?id=709665
grep: test2.example.com: No such file or directory
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  dn: ipauniqueid=199209b4-04a0-11e1-a0da-00215e258b54,cn=sudorules,cn=sudo,dc=testrelm
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  Rule name: sudorule1
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  Host Groups: hostgroup1, hostgroup2, hostgroup3, hostgroup4, hostgroup5
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  ipauniqueid: 199209b4-04a0-11e1-a0da-00215e258b54
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should not contain 'test2.example.com'
grep: test3.example2.com: No such file or directory
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  dn: ipauniqueid=199209b4-04a0-11e1-a0da-00215e258b54,cn=sudorules,cn=sudo,dc=testrelm
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  Rule name: sudorule1
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  Host Groups: hostgroup1, hostgroup2, hostgroup3, hostgroup4, hostgroup5
/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt:  ipauniqueid: 199209b4-04a0-11e1-a0da-00215e258b54
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should not contain 'test3.example2.com'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'test5.example'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'test4.example.com'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'Host Groups: hostgroup1, hostgroup2, hostgroup3'
:: [   PASS   ] :: File '/tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt' should contain 'Number of members removed 2'
  dn: ipauniqueid=199209b4-04a0-11e1-a0da-00215e258b54,cn=sudorules,cn=sudo,dc=testrelm
  Rule name: sudorule1
  Enabled: TRUE
  Host Groups: hostgroup1, hostgroup2, hostgroup3, hostgroup4, hostgroup5
  External host: test5.example, test4.example.com
  ipauniqueid: 199209b4-04a0-11e1-a0da-00215e258b54
  objectclass: ipaassociation, ipasudorule
---------------------------
Number of members removed 2
---------------------------
:: [   PASS   ] :: Running 'cat /tmp/tmp.jHjyYyUOzz/sudorule-remove-host_003.txt'
'612de46a-2096-44a2-8dc1-a255a1769f45'
sudorule-remove-host-003 result: PASS
   metric: 0
   Log: /tmp/beakerlib-3455158/journal.txt
    Info: Searching AVC errors produced since 1320162180.5 (Tue Nov  1 11:43:00 2011)
     Searching logs...
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.eH0V48
:
   AvcLog: /mnt/testarea/tmp.eH0V48

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


Verified. Version: ipa-server-2.1.3-7.el6.x86_64ipa-server-2.1.3-7.el6.x86_64
Comment 12 errata-xmlrpc 2011-12-06 18:22:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html
Note You need to log in before you can comment on or make changes to this bug.