freeipa

Clone
Source Code
GIT

#5950 Improve vault error messages
Closed: Invalid None Opened 7 years ago by pvoborni.

Closed: Invalid
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1341634

Description of problem:

Some vault error message can be improved to be more helpful and descriptive.

How reproducible:
Always.


Steps to Reproduce:

1. Try to add a new vault owner as a regular user without vault admin
privileges:
$ ipa vault-add-owner vault_name --users user_name
...
    Failed owners: owner user: user_name: Insufficient access: Insufficient
'write' privilege to the 'owner' attribute of entry
...

2. Try to display information about a vault in a container other than your own
private container. For example, run ipa vault-show on a shared vault without
adding --shared:
$ ipa vault-show shared_vault
ipa: ERROR: shared_vault: vault not found


Actual results:
The current error messages don't clearly explain what is wrong and how to fix
the problem.

Expected results:

In case of 1., the error message could clearly say that the user doesn't have
sufficient privileges for the command.

In case of 2., the error message could say that by default, users can only use
the command on vaults in their private container. If they want to target a
vault in another container, they must add additional options (--shared, --user,
or --service).


Additional info:

Targetted for 4.4.x.

The issue 1. won't fix as there's no way to receive the exception in the vault_add_owner method. However, that seems fine to me as the message clearly states what is happening.

Moving to next major version. Fixing this bug is not critical in stabilization release.

We haven't been able to fulfill this requirement as it requires changes in framework or majority of vault-* commands code which we do not want to modify. Thus WONTFIX.

To be more precise, the improvement is non-trivial task given that how vault-* commands are implemented. We do not think that fixing this bug would bring enough value to justify the amount of time required.

Implementation would require #6552 - refactoring of vault commands

Metadata Update from @pvoborni:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.5
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
https://github.com/freeipa/freeipa/pull/101
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1341634
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.