#1122 Need to describe paging options in 'pki' man page
Closed: Fixed None Opened 6 years ago by mrniranjan.

After generating more than 100 symmetric keys, key-find doesn't return proper results with --size , --maxResults and searching keys

Steps to reproduce;

for i in $(seq 1 120); do  pki -d /opt/rhqa_pki/certs_db -c Secret123 -h dhcp207-176.lab.eng.pnq.redhat.com -p 30044 -n "KRA3_agentR" key-generate temp60-$i --key-algorithm AES  --key-size 128  --usages wrap; done

Search keys with --size 110 to return 110 results.

pki -d /opt/rhqa_pki/certs_db -c Secret123 -p 30044 -h dhcp207-176.lab.eng.pnq.redhat.com -n "KRA3_agentV"  key-find --size 110

------------------
100 key(s) matched
------------------
  Key ID: 0x1
  Algorithm: 1.2.840.113549.1.1.1
  Size: 1024
  Owner: UID=mtest1,CN=mytest1

  Key ID: 0x2
  Client ID: a1
  Status: active
  Algorithm: AES
  Size: 128
  Owner: kra3admin

  Key ID: 0x3
  Client ID: mypass
  Status: active
  Algorithm: {1 2 840 113549 3 7}
  Owner: kra3admin
...
...
..
..
  Key ID: 0x64
  Client ID: temp62349
  Status: active
  Algorithm: RC2
  Size: 128
  Owner: KRA3_agentV
------------------------------
Number of entries returned 100
------------------------------
```}

Not all 110 Results are returned.

Same is the case with --maxResults:

pki -d /opt/rhqa_pki/certs_db -c Secret123 -p 30044 -h dhcp207-176.lab.eng.pnq.redhat.com -n "KRA3_agentV" key-find --maxResults 110


20 key(s) matched

Key ID: 0x1
Algorithm: 1.2.840.113549.1.1.1
Size: 1024
Owner: UID=mtest1,CN=mytest1

Key ID: 0x2
Client ID: a1
Status: active
Algorithm: AES
Size: 128
Owner: kra3admin

Key ID: 0x3
Client ID: mypass
Status: active
Algorithm: {1 2 840 113549 3 7}
Owner: kra3admin

Key ID: 0x4
Client ID: temp32278
Status: active
Algorithm: AES
Size: 128
Owner: KRA3_agentV
.......
.......
.......
.......
Key ID: 0x13
Client ID: temp04082
Status: active
Algorithm: DES
Size: 56
Owner: KRA3_agentV

Key ID: 0x14
Client ID: temp77039
Status: active
Algorithm: DES
Size: 56
Owner: KRA3_agentV


Number of entries returned 20

```}


Per CS/DS meeting of 08/25/2014: 10.2.3

This looks to be related to paging of the results. According to the help output, --size is for the page size, and --maxResults is for limiting the overall total:

usage: key-find [OPTIONS...]
    --client <client ID>         Client ID
    --help                       Show help options
    --maxResults <max results>   Maximum results
    --maxTime <max time>         Maximum time
    --size <size>                Page size
    --start <start>              Page start
    --status <status>            Status

With 123 keys in my KRA, I see the following behavior:

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200
...
Number of entries returned 100

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200 --maxResults 101
Number of entries returned 101

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 200 --maxResults 200
...
Number of entries returned 123

This indicates that the implicit default for the --maxResults setting is 100. We used a page size larger than the results set, so let's perform some additional tests of a smaller page size:

pki -n "PKI Administrator for home.orderlychaos.org" key-find
...
Number of entries returned 20

pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 50
...
Number of entries returned 50

pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100
...
Number of entries returned 100

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 101
...
Number of entries returned 100

This shows that the page size (--size) works up to the overall maximum (--maxResults). To go through more results, you need to actually page through them using the --start parameter. This parameter tells you what record to start at (counting starts at 0):

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 200
...
Number of entries returned 100

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 200 --start 100
...
Number of entries returned 23

As you can see, the above gets all of the keys in two chunks. As a final example, you can see that --maxResults limits the overall result, which includes matches that you page past:

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 100 --start 100
...
Number of entries returned 0

[nathank@rover client]$ pki -n "PKI Administrator for home.orderlychaos.org" key-find --size 100 --maxResults 101 --start 100
...
Number of entries returned 1

This allows for some very flexible paging behavior. I think we need to at least document the default settings to avoid confusion. It would also be good to document how --maxResults, --size, and --start interact.

I've changed the subject/component to reflect that all that's needed here is a man page update. The 'pki' man page should describe the paging and search limiting parameters, as these parameters cross the pki-key, pki-user, and pki-cert commands.

After discussion with edewata on 12/11/2014, it was determined that this ticket could be moved to 10.2.2.

Per Dogtag 10.2.X meeting of 01/14/2015: Milestone 10.2 Backlog

Fixed in master: b9e461ca8a099b4535aa916886697c6eff01e431

Metadata Update from @mrniranjan:
- Issue assigned to edewata
- Issue set to the milestone: 10.2 Backlog

4 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1685

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata