This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 820013 - [RFE] Provide means of displaying warning and informational messages on clients
[RFE] Provide means of displaying warning and informational messages on clients
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.0
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Martin Kosek
IDM QE LIST
: FutureFeature
: 828864 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-08 17:49 EDT by Rob Crittenden
Modified: 2014-06-17 20:02 EDT (History)
5 users (show)

See Also:
Fixed In Version: ipa-3.2.1-1.el7
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 05:23:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2012-05-08 17:49:01 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2732

Currently the only way to display a warning on client is to raise !NonFatalError. This is not particularly good, as it mutes normal command output and only one warning can be displayed at a time.

Provide a mechanism for displaying arbitrary number of warnings and other messages on clients along with the normal command output. One possible solution is outlined [https://fedorahosted.org/freeipa/ticket/2346#comment:8 here].

This might be useful for a number of things, e.g. #2131 (see [http://www.redhat.com/archives/freeipa-devel/2012-March/msg00477.html freeipa-devel]), #2346, #2293 (see [http://www.redhat.com/archives/freeipa-devel/2012-April/msg00361.html freeipa-devel]).

Make sure this works with older clients (see #1721).
Comment 2 Martin Kosek 2013-02-27 06:29:41 EST
CLI part fixed upstream:

master:
42300eb55b1d122f9e946f37e2adc218af913a3d Rename the "messages" Output of the i18n_messages command to "texts"
24bca144a8049cea8683afd699d2e0e158b5f164 Add client capabilities, enable messages
8af5369cba1ff0e6d8baae90f3d93b40e91e85d6 Add ipalib.messages
7336a176b43989b9d459a2536af88f89e849213f Add the version option to all Commands

ipa-3-1:
9ebcfb2f0975d28bfcf89a5ba1cba1e5fff3f702 Rename the "messages" Output of the i18n_messages command to "texts"
81c53c3d3225e4268453edea5bc28f5a473732c6 Add client capabilities, enable messages
941b88e19ea1e4b96544d684d0d642ff1ab74b01 Add ipalib.messages
43ca450ccbdf5eada7729dd0e6c5664e00001798 Add the version option to all Commands


Web UI part will be handled other ticket:
https://fedorahosted.org/freeipa/ticket/3451
However, we may want to postpone the Web UI part of there is user-visible message in RHEL-7.0 release.
Comment 3 Martin Kosek 2013-02-27 09:08:59 EST
*** Bug 828864 has been marked as a duplicate of this bug. ***
Comment 4 Martin Kosek 2013-06-26 07:29:15 EDT
Web UI part was moved to later release and won't appear in RHEL-7.0.


Removing sub-ticket https://fedorahosted.org/freeipa/ticket/3451 from this Bugzilla and moving it to POST.
Comment 7 Martin Kosek 2014-01-14 02:51:36 EST
Reproduction scenario:

Note that this initial implementation only adds the support and the framework for the informational messages. The only real implemented message is VersionWarning which warns if an API version is not passed along with with the RPC request.

As CLI tools always send the version by default, it can be only triggered when running RPC command manually, for example via curl:

# kinit admin
# curl -H referer:https://`hostname`/ipa -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d  '{"method":"user_show","params":[["admin"], {}],"id":0}' -X POST https://`hostname`/ipa/json
{
    "error": null, 
    "id": 0, 
    "principal": "admin@EXAMPLE.COM", 
    "result": {
        "messages": [
            {
                "code": 13001, 
                "message": "API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65", 
                "name": "VersionMissing", 
                "type": "warning"
            }
        ], 
        "result": {
            "dn": "uid=admin,cn=users,cn=accounts,dc=example,dc=com", 
            "gidnumber": [
                "1644600000"
...


When the version is added:

# curl -H referer:https://`hostname`/ipa -H "Content-Type:application/json" -H "Accept:aplicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d  '{"method":"user_show","params":[["admin"], {"version":"2.65"}],"id":0}' -X POST https://`hostname`/ipa/json
{
    "error": null, 
    "id": 0, 
    "principal": "admin@EXAMPLE.COM", 
    "result": {
        "result": {
            "dn": "uid=admin,cn=users,cn=accounts,dc=example,dc=com", 
            "gidnumber": [
                "1644600000"
            ],
Comment 8 Namita Soman 2014-01-21 13:50:18 EST
Verified using ipa-server-3.3.3-12.el7.x86_64

Automated test result:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: forms-cli-14: bz820013 - Provide means of displaying warning and informational messages on clients
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 13:48:45 ] ::  Executing: curl -v -H referer:https://nocp9.testrelm.com/ipa -H Content-Type:application/json -H Accept:applicaton/json --negotiate -u : --cacert /etc/ipa/ca.crt -d '{method:user_show,params:[[admin], {}],id:0}' -X POST https://nocp9.testrelm.com/ipa/json &> /opt/rhqa_ipa/forms-bz820013-out1.txt 
:: [   PASS   ] :: File '/opt/rhqa_ipa/forms-bz820013-out1.txt' should contain 'API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65' 
:: [ 13:48:45 ] ::  Executing: curl -v -H referer:https://nocp9.testrelm.com/ipa -H Content-Type:application/json -H Accept:applicaton/json --negotiate -u : --cacert /etc/ipa/ca.crt -d '{method:user_show,params:[[admin], {version:2.65}],id:0}' -X POST https://nocp9.testrelm.com/ipa/json &> /opt/rhqa_ipa/forms-bz820013-out2.txt 
:: [   PASS   ] :: File '/opt/rhqa_ipa/forms-bz820013-out2.txt' should not contain 'API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65'
Comment 9 Jenny Galipeau 2014-03-04 11:45:40 EST
Appears to be a regression with ipa-server-3.3.3-19.el7.x86_64 - getting "internal server error"


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: forms-cli-14: bz820013 - Provide means of displaying warning and informational messages on clients
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:43:14 ] ::  Executing: curl -v -H referer:https://ipaqavmb.testrelm.test/ipa -H Content-Type:application/json -H Accept:applicaton/json --negotiate -u : --cacert /etc/ipa/ca.crt -d '{method:user_show,params:[[admin], {}],id:0}' -X POST https://ipaqavmb.testrelm.test/ipa/json &> /opt/rhqa_ipa/forms-bz820013-out1.txt 
:: [   FAIL   ] :: File '/opt/rhqa_ipa/forms-bz820013-out1.txt' should contain 'API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65' 
:: [ 11:43:15 ] ::  Executing: curl -v -H referer:https://ipaqavmb.testrelm.test/ipa -H Content-Type:application/json -H Accept:applicaton/json --negotiate -u : --cacert /etc/ipa/ca.crt -d '{method:user_show,params:[[admin], {version:2.65}],id:0}' -X POST https://ipaqavmb.testrelm.test/ipa/json &> /opt/rhqa_ipa/forms-bz820013-out2.txt 
:: [   PASS   ] :: File '/opt/rhqa_ipa/forms-bz820013-out2.txt' should not contain 'API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.65' 


Actual output ...

# cat /opt/rhqa_ipa/forms-bz820013-out2.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to ipaqavmb.testrelm.test port 443 (#0)
*   Trying 10.16.98.179...
* Connected to ipaqavmb.testrelm.test (10.16.98.179) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/ipa/ca.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* 	subject: CN=ipaqavmb.testrelm.test,O=TESTRELM.TEST
* 	start date: Feb 28 16:50:26 2014 GMT
* 	expire date: Feb 29 16:50:26 2016 GMT
* 	common name: ipaqavmb.testrelm.test
* 	issuer: CN=Certificate Authority,O=TESTRELM.TEST
> POST /ipa/json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: ipaqavmb.testrelm.test
> referer:https://ipaqavmb.testrelm.test/ipa
> Content-Type:application/json
> Accept:applicaton/json
> Content-Length: 70
> 
} [data not shown]
* upload completely sent off: 70 out of 70 bytes
< HTTP/1.1 401 Unauthorized
< Date: Tue, 04 Mar 2014 16:43:15 GMT
< Server: Apache/2.4.6 (Red Hat) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5
< WWW-Authenticate: Negotiate
< Last-Modified: Wed, 26 Feb 2014 07:35:54 GMT
< Accept-Ranges: bytes
< Content-Length: 1376
< Content-Type: text/html; charset=UTF-8
< 
* Ignoring the response-body
{ [data not shown]
100  1446  100  1376  100    70   4678    238 --:--:-- --:--:-- --:--:--  4696
* Connection #0 to host ipaqavmb.testrelm.test left intact
* Issue another request to this URL: 'https://ipaqavmb.testrelm.test/ipa/json'
* Found bundle for host ipaqavmb.testrelm.test: 0x169c4c0
* Re-using existing connection! (#0) with host ipaqavmb.testrelm.test
* Connected to ipaqavmb.testrelm.test (10.16.98.179) port 443 (#0)
* Server auth using GSS-Negotiate with user ''
> POST /ipa/json HTTP/1.1
> Authorization: Negotiate YIICYgYJKoZIhvcSAQICAQBuggJRMIICTaADAgEFoQMCAQ6iBwMFACAAAACjggFjYYIBXzCCAVugAwIBBaEPGw1URVNUUkVMTS5URVNUoikwJ6ADAgEBoSAwHhsESFRUUBsWaXBhcWF2bWIudGVzdHJlbG0udGVzdKOCARYwggESoAMCARKhAwIBAqKCAQQEggEAbCp8sZQzxbkVtmMysxZarVyRnQRiGotnZ+1sE5QON7WYCfyb4fmikGBIQ6J4e0pJpivweF3KGfKjlqhKXs/pUpRIeReLOyVUSYa7kGrQtKC/ViGKODMqHf3SaluRUPkQq14/kTbpzhCaT6zSb6khTQ0+zOhSyL1m1Ncg3PXvcTccZUya4IsyiF0sUcHlPLQEeUaaYBv7F566pV92SAc0cuQ/kqsCu3oQccsVYQLpQr7lais7u0YCkg47xvLLef9kDeMZ3Jd8RKxO2lRseiKEfKEm6/wTY4D5UpZzHqL3lRnf44tI2ZC6GhEjsNniNuaf8jCjr+iwT16IouJCcHF6hKSB0DCBzaADAgESooHFBIHCvN6mBPUmsHnGC3YB3qF2n7zjGhPlPSbqANqDSuQhiqdpvD69AHUi8/5V3OyoMkiOZK/oiro/uzBCM9Y1g/WEimr5zZW577AYctSC/efEUzbKz+YO7gtWSdsgtTyHV63ZUVDL2c/ak/B0WZjG4ykNBQs9fr/I7P4HM0i/V1EZS6meC5SiGF6WxlUCGBWzbmyXEaIri63GGcOqXx7HyuVDQfMsrKBT6KqGOweSQ7HqkZy2saGP/vV1mG4f3zoXmHCk6H0=
> User-Agent: curl/7.29.0
> Host: ipaqavmb.testrelm.test
> referer:https://ipaqavmb.testrelm.test/ipa
> Content-Type:application/json
> Accept:applicaton/json
> Content-Length: 70
> 
} [data not shown]
* upload completely sent off: 70 out of 70 bytes
< HTTP/1.1 500 Internal Server Error
< Date: Tue, 04 Mar 2014 16:43:15 GMT
< Server: Apache/2.4.6 (Red Hat) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5
< Content-Length: 527
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
{ [data not shown]
100   597  100   527  100    70   1552    206 --:--:-- --:--:-- --:--:--  1552
* Closing connection 0
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>
Comment 11 Jenny Galipeau 2014-03-04 13:04:05 EST
moving back to verified, this was also failing because of cleaning out /tmp/* and removing the systemd-private ... cache in /tmp
Comment 13 Ludek Smid 2014-06-13 05:23:24 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.