#4329 host-del can return NotFound if no DNS permissions
Closed: wontfix 3 years ago Opened 8 years ago by rcritten.

The scenario is this:

  • IPA manages DNS
  • User is allowed to delete hosts
  • User is not allowed to view DNS

You can't delete a host and use updatedns.

$ kinit admin
$ ipa user-add --first=tim --last=user tuser1 --password
$ ipa role-add 'Host manager'
$ ipa role-add-privilege --privileges='Host administrators' 'Host manager'
$ ipa role-add-member --users=tuser1 'host manager'
$ kinit tuser1
$ ipa host-add host.example.com --force
$ ipa host-del host.example.com --updatedns
 ipa: ERROR: host.example.com: host not found

Not being able to delete is probably ok, the NotFound is not.

It fails here:

        result = api.Command['dnszone_show'](domain)['result']
        domain = result['idnsname'][0]
    except errors.NotFound:

No permission to read DNS so no zones are returned, hence the NotFound.

The Foreman smartproxy is currently working around this. That workaround can be dropped once this is fixed.

Processing 4.2 backlog. This ticket was found as something that is not a priority for the nearest releases.

But as usual, please feel free to discuss your use cases or contribute patches, to make that happen sooner!

Metadata Update from @rcritten:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

5 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.