After generating more than 100 symmetric keys, key-find doesn't return proper results with --size , --maxResults and searching keys
Steps to reproduce;
for i in $(seq 1 120); do pki -d /opt/rhqa_pki/certs_db -c Secret123 -h dhcp207-176.lab.eng.pnq.redhat.com -p 30044 -n "KRA3_agentR" key-generate temp60-$i --key-algorithm AES --key-size 128 --usages wrap; done
Search keys with --size 110 to return 110 results.
pki -d /opt/rhqa_pki/certs_db -c Secret123 -p 30044 -h dhcp207-176.lab.eng.pnq.redhat.com -n "KRA3_agentV" key-find --size 110 ------------------ 100 key(s) matched ------------------ Key ID: 0x1 Algorithm: 1.2.840.113549.1.1.1 Size: 1024 Owner: UID=mtest1,CN=mytest1 Key ID: 0x2 Client ID: a1 Status: active Algorithm: AES Size: 128 Owner: kra3admin Key ID: 0x3 Client ID: mypass Status: active Algorithm: {1 2 840 113549 3 7} Owner: kra3admin ... ... .. .. Key ID: 0x64 Client ID: temp62349 Status: active Algorithm: RC2 Size: 128 Owner: KRA3_agentV ------------------------------ Number of entries returned 100 ------------------------------ ```} Not all 110 Results are returned. Same is the case with --maxResults:
pki -d /opt/rhqa_pki/certs_db -c Secret123 -p 30044 -h dhcp207-176.lab.eng.pnq.redhat.com -n "KRA3_agentV" key-find --maxResults 110
Key ID: 0x1 Algorithm: 1.2.840.113549.1.1.1 Size: 1024 Owner: UID=mtest1,CN=mytest1
Key ID: 0x2 Client ID: a1 Status: active Algorithm: AES Size: 128 Owner: kra3admin
Key ID: 0x3 Client ID: mypass Status: active Algorithm: {1 2 840 113549 3 7} Owner: kra3admin
Key ID: 0x4 Client ID: temp32278 Status: active Algorithm: AES Size: 128 Owner: KRA3_agentV ....... ....... ....... ....... Key ID: 0x13 Client ID: temp04082 Status: active Algorithm: DES Size: 56 Owner: KRA3_agentV
Key ID: 0x14 Client ID: temp77039 Status: active Algorithm: DES Size: 56 Owner: KRA3_agentV
```}
Per CS/DS meeting of 08/25/2014: 10.2.3
This looks to be related to paging of the results. According to the help output, --size is for the page size, and --maxResults is for limiting the overall total:
usage: key-find [OPTIONS...] --client <client ID> Client ID --help Show help options --maxResults <max results> Maximum results --maxTime <max time> Maximum time --size <size> Page size --start <start> Page start --status <status> Status
With 123 keys in my KRA, I see the following behavior:
[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200 ... Number of entries returned 100 [nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200 --maxResults 101 Number of entries returned 101 [nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200 --maxResults 200 ... Number of entries returned 123
This indicates that the implicit default for the --maxResults setting is 100. We used a page size larger than the results set, so let's perform some additional tests of a smaller page size:
pki -n "PKI Administrator for home.orderlychaos.org" key-find ... Number of entries returned 20 pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 50 ... Number of entries returned 50 pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 ... Number of entries returned 100 [nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 101 ... Number of entries returned 100
This shows that the page size (--size) works up to the overall maximum (--maxResults). To go through more results, you need to actually page through them using the --start parameter. This parameter tells you what record to start at (counting starts at 0):
[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 200 ... Number of entries returned 100 [nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 200 --start 100 ... Number of entries returned 23
As you can see, the above gets all of the keys in two chunks. As a final example, you can see that --maxResults limits the overall result, which includes matches that you page past:
[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 100 --start 100 ... Number of entries returned 0 [nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 101 --start 100 ... Number of entries returned 1
This allows for some very flexible paging behavior. I think we need to at least document the default settings to avoid confusion. It would also be good to document how --maxResults, --size, and --start interact.
I've changed the subject/component to reflect that all that's needed here is a man page update. The 'pki' man page should describe the paging and search limiting parameters, as these parameters cross the pki-key, pki-user, and pki-cert commands.
Proposed Milestone: 10.2.1 (per CS Meeting of 09/17/2014)
Verify and close, or mark as duplicate of PKI TRAC Ticket #1066 - pki cert-request-find fails to provide correct results when criteria to search are specified by providing page start?
After discussion with edewata on 12/11/2014, it was determined that this ticket could be moved to 10.2.2.
Per Dogtag 10.2.X meeting of 01/14/2015: Milestone 10.2 Backlog
Fixed in master: b9e461ca8a099b4535aa916886697c6eff01e431
Metadata Update from @mrniranjan: - Issue assigned to edewata - Issue set to the milestone: 10.2 Backlog
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1685
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.