#1768 [ipa webui] Sudo Rule includes indirect hosts and users members in its list to add
Closed: Fixed None Opened 9 years ago by dpal.


Description of problem:
For a Sudo Rule, after a hostgroup or usergroup is added to its list, it still list members of the group when adding hosts or users

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add  a host, hostgroup. Add the host as a member to this hostgroup
2. Add a Sudo rule, Edit it
3. Add the hostgroup to its list in Accessing section
4. Add a host in Accessing section

Actual results:
host which is member of the hostgroup is listed

Expected results:
host which is member of the hostgroup should not be listed, since the hostgroup is already added to the list

Additional info:
Same scenario - when adding users that already belong to a usergroup which is already added to Sudo Rule in Who section. the user is listed, but should not be.

This host adder dialog in HBAC works as expected.

The cli output is as expected as well:

ipa  sudorule-add-host --hostgroups=testhostgroup qesudorule
  Rule name: qesudorule
  Enabled: TRUE
  Host Groups: testhostgroup
Number of members added 1

ipa host-find --not-in-sudorule=qesudorule
1 host matched
  Host name: qe-blade-05.testrelm
  Principal name: host/qe-blade-05.testrelm@TESTRELM
  Keytab: True
  Password: False
  Managed by: qe-blade-05.testrelm
Number of entries returned 1

ipa host-find --in-sudorule=qesudorule
1 host matched
  Host name: qehost.testrelm
  Principal name: host/qehost.testrelm@TESTRELM
  Keytab: False
  Password: False
  Member of host-groups: testhostgroup
  Indirect Member of netgroup: testhostgroup
  Managed by: qehost.testrelm
Number of entries returned 1

Fixed in:
- master: a95b44f
- ipa-2-1: 68a468f

Metadata Update from @dpal:
- Issue assigned to edewata
- Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)

3 years ago

Login to comment on this ticket.