When non-admin user issues a command that utilizes api.Object.config.show_servroles_attributes(), some server roles might return errors.EmptyResult, indicating that a role is not visible to this identity.
api.Object.config.show_servroles_attributes()
errors.EmptyResult
Most of the callers to api.Object.config.show_servroles_attributes() do not process errors.EmptyResult so it goes up to an API caller. In case of Web UI it breaks retrieval of the initial configuration due to ipa config-show failing completely rather than avoiding to show available server roles.
ipa config-show
Metadata Update from @abbra: - Issue assigned to abbra
Found by Fedora 28 beta testing: https://bugzilla.redhat.com/show_bug.cgi?id=1557609
Metadata Update from @abbra: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1557609
Metadata Update from @rcritten: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.7
master:
Metadata Update from @tdudlak: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Tibor, did you verify that the fix is 4.7-only? I think the update_entry_with_role_config fix needs to land in 4.6 branch, too.
update_entry_with_role_config
We also need a test for each of the bugs.
Metadata Update from @cheimes: - Issue status updated to: Open (was: Closed)
No, i just looked at milestone.
Metadata Update from @cheimes: - Issue priority set to: important (was: critical) - Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.7)
Backport to ipa-4-6: https://github.com/freeipa/freeipa/pull/2858
ipa-4-6:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.