Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21811

Pagure #9503: Handle change in behavior of pki-server ca-config-show in pki 11.5.0

XMLWordPrintable

    • ipa-4.11.0-5.el9
    • None
    • None
    • 1
    • rhel-sst-idm-ipa
    • ssg_idm
    • 21
    • 22
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2024-Q1-Bravo-S2
    • None 

      Cloned from: https://pagure.io/freeipa/issue/9503

### Issue
With ACME pruning there are a number of knobs to tune the frequency, etc of pruning certificates and requests. Up to pki 11.4.3 if one requests a configuration value by calling pki-server ca-config-show <option> the command always has a return value of 0 so no error checking was required.

With pki 11.5.0 the call to pki-server now returns 1 if the option isn't present.

With all versions it returns a message like ERROR: No such parameter: jobsScheduler.job.pruning.certRetentionUnit

#### Steps to Reproduce
1. dnf copr enable @pki/master
2. Install IPA with a CA with random serial numbers enabled
3. ipa-acme-manage enable
4.  ipa-acme-manage pruning --certretention=360

#### Actual behavior
Status: disabled
Certificate Retention Time: 360
ERROR: No such parameter: jobsScheduler.job.pruning.certRetentionUnit

The ipa-acme-manage command failed.

It fails on the first missing value.

#### Expected behavior

It should list the full configuration.

#### Version/Release/Distribution
freeipa-server-4.11.0-7.fc39.x86_64
dogtag-pki-base-11.5.0-0.1.alpha4.20231221172054UTC.2e5ee9c1.fc39.noarch

              frenaud@redhat.com Florence Renaud
              frenaud@redhat.com Florence Renaud
              Florence Renaud Florence Renaud
              Rizwan Shaikh Rizwan Shaikh
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: