Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1356039 - ipa ca-add fails to report status of Sub CA addition
Summary: ipa ca-add fails to report status of Sub CA addition
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-13 10:11 UTC by Abhijeet Kasurde
Modified: 2016-07-21 16:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-21 16:11:01 UTC


Attachments (Terms of Use)

Description Abhijeet Kasurde 2016-07-13 10:11:15 UTC
Description of problem:
If user specify cn while creating Sub CA using --setattr in ipa ca-add command then, command fails to report status of Sub CA addition.

[root@server1 pki]# ipa ca-add SampleCA2 --setattr=cn=SampleCA3 --desc="My Sample Description" --subject="CN=SampleCA3,O=testrelm.test" 
ipa: ERROR: SampleCA2: Certificate Authority not found
[root@server1 pki]# ipa ca-find SampleCA2
-------------
0 CAs matched
-------------
----------------------------
Number of entries returned 0
----------------------------
[root@server1 pki]# ipa ca-find SampleCA3
------------
1 CA matched
------------
  Name: SampleCA3
  Description: My Sample Description
  Authority ID: 3e4dc607-b610-4fc4-8b46-94bbf81faa69
  Subject DN: CN=SampleCA3,O=testrelm.test
  Issuer DN: CN=Certificate Authority,O=TESTRELM.TEST
----------------------------
Number of entries returned 1
----------------------------

[root@server1 pki]# tail -f /var/log/httpd/error_log

[Wed Jul 13 15:31:57.836232 2016] [:error] [pid 525] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Wed Jul 13 15:32:00.302887 2016] [:error] [pid 526] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ca_add/1(u'SampleCA2', description=u'My Sample Description', ipacasubjectdn=u'CN=SampleCA3,O=testrelm.test', setattr=(u'cn=SampleCA3',), version=u'2.210'): NotFound
[Wed Jul 13 15:32:10.376453 2016] [:error] [pid 525] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Wed Jul 13 15:32:10.704165 2016] [:error] [pid 526] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ca_find/1(u'SampleCA2', version=u'2.210'): SUCCESS
[Wed Jul 13 15:32:14.128239 2016] [:error] [pid 525] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Wed Jul 13 15:32:14.395027 2016] [:error] [pid 526] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ca_find/1(u'SampleCA3', version=u'2.210'): SUCCESS

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ipa ca-add SampleCA2 --setattr=cn=SampleCA3 --desc="My Sample Description" --subject="CN=SampleCA3,O=testrelm.test"  # Fails to report status
2. ipa ca-find SampleCA2 # Fail
3. ipa ca-find SampleCA3 # Pass

Actual results:
Command fails to report status of add operation. Instead throws error "ipa: ERROR: <CA>: Certificate Authority not found"

Expected results:
Command should return status of operation like following 

[root@server1 pki]# ipa ca-add SampleCA4 --desc="My Sample Description" --subject="CN=SampleCA4,O=testrelm.test" 
----------------------
Created CA "SampleCA4"
----------------------
  Name: SampleCA4
  Description: My Sample Description
  Authority ID: 75ff2b3d-95f3-4f2d-8c89-cb1132cc241e
  Subject DN: CN=SampleCA4,O=testrelm.test
  Issuer DN: CN=Certificate Authority,O=TESTRELM.TEST

Comment 2 Petr Vobornik 2016-07-21 16:11:01 UTC
Per triage on Jul 19, closing as won't fix. 

--xxxattr options should be used only if there isn't an option present for given attribute. In this case it is the first argument. 

It is not worth fixing it. Admin should not use --setattr in this case.


Note You need to log in before you can comment on or make changes to this bug.