Description of problem:
For a HBAC Rule, add a host and hostgroup in 'From' section to include - Source host category the rule applies to. But this host and hostgroup are not listed as being members of the HBAC rule
Similarly, for a Sudo Rule, add a user and usergroup in 'As whom' section to include - RunAs User category the rule applies to. But this user and usergroup are not listed as being members of the Sudo rule
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add a HBAC Rule
2. Edit this rule, go to From Section
3. Add a host, and a hostgroup
4. Click on this host to go to Host page, click on HBAC Rules
4. Click on this hostgroup to go to Host Group page, click on HBAC Rules
1. Add a Sudo Rule
2. Edit this rule, go to As Whom Section
3. Add a user, and a usergroup
4. Click on this user to go to User page, click on Sudo Rules
4. Click on this usergroup to go to User Group page, click on Sudo Rules
Host is not member of the HBAC Rule
HostGroup is not member of the HBAC Rule
User is not member of the Sudo Rule
UserGroup is not member of the Sudo Rule
Host should be member of the HBAC Rule
HostGroup should be member of the HBAC Rule
User should be member of the Sudo Rule
UserGroup should be member of the Sudo Rule
ldapsearch on HBAC Rule:
>ldapsearch -D "cn=Directory Manager" -w Secret123 -b "ipauniqueid=8cae0058-d4bf-11e0-9d46-00215e2032c0,cn=hbac,dc=testrelm"
ldapsearch on a sourceHost:
>ldapsearch -D "cn=Directory Manager" -w Secret123 -b "cn=from_hostgroup,cn=hostgroups,cn=accounts,dc=testrelm"
What is the use case for this?
Is it a common case where users will be looking for HBAC/sudo rules where the host is used as a source?
It comes across as being inconsistent.
I can see hosts when they are added in 'Accessing' section, but not when they are added in 'From Section'
Will hosts be commonly added as a source? If so, then maybe for the Hosts - member of section - HBAC rules/Sudo rules, can we have multiple sections to indicate from and to hosts?
Ok, but how will people *use* this information?
This ticket translates into two different issues and should be viewed separately:
1) Issue with "From hosts". Since "from hosts" are unreliable we want to discourage the use of those so no changes are need for "From hosts"
2) For SUDO users and run as - there might be a value so I would suggest creating a corresponding ticket but putting it into backlog for now. It is a very low priority unless someone really finds it valuable or needed.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
No documentation needed.
No changes in UI or CLI. After discussing with Jenny and Rob, closing this as WontFix