Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1253498
Description of problem: It looks like vault-add does not restrict use of arguments by type. I confirmed with Endi that the password/public-key related arguments do nothing for vaults that don't match their type (symmetric/asymmetric). So, the command line should show an error. [root@master ~]# ipa vault-add vname --password=SomePa55w0rd ------------------- Added vault "vname" ------------------- Vault name: vname Type: standard Owner users: admin [root@master ~]# ipa vault-archive vname --in=/tmp/secret.in -------------------------------- Archived data into vault "vname" -------------------------------- [root@master ~]# ipa vault-retrieve vname --------------------------------- Retrieved data from vault "vname" --------------------------------- Data: dGVzdF9kYXRhMgo= [root@master ~]# echo dGVzdF9kYXRhMgo=|base64 -d test_data2 [root@master ~]# ipa vault-add vname_password --password-file=/tmp/stdin.in ---------------------------- Added vault "vname_password" ---------------------------- Vault name: vname_password Type: standard Owner users: admin [root@master ~]# ipa vault-add vname_publickey --public-key-file=public.pem ----------------------------- Added vault "vname_publickey" ----------------------------- Vault name: vname_publickey Type: standard Owner users: admin Version-Release number of selected component (if applicable): ipa-server-4.2.0-4.el7.x86_64 How reproducible: always Steps to Reproduce: 1. ipa-server-install 2. ipa-kra-install 3. kinit admin 4. ipa vault-add --password="something" 5. ipa vault-add --public-key="somepkblob" ... Actual results: arguments excepted but not used. instead should error that the args don't match the type Expected results: arguments would only be allowed if used by the type Additional info:
fixed in #5195
Metadata Update from @spoore: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.