def test_invalid_range_types(self): invalid_range_types = [ 'ipa-local', 'ipa-ad-winsync', 'ipa-ipa-trust', 'random-invalid', 're@ll%ybad12!' ] tasks.configure_dns_for_trust(self.master, self.ad) try: for range_type in invalid_range_types: tasks.kinit_admin(self.master) result = self.master.run_command( [ 'ipa', 'trust-add', '--type', 'ad', self.ad_domain, '--admin', 'Administrator', '--range-type', range_type, '--password' ], raiseonerr=False, stdin_text=self.master.config.ad_admin_password) # The trust-add command is supposed to fail assert result.returncode == 1 assert "ERROR: invalid 'range_type'" in result.stderr_text finally: tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_invalid_range_types(self): invalid_range_types = ['ipa-local', 'ipa-ad-winsync', 'ipa-ipa-trust', 'random-invalid', 're@ll%ybad12!'] self.configure_dns_and_time(self.ad) try: for range_type in invalid_range_types: tasks.kinit_admin(self.master) result = self.master.run_command( ['ipa', 'trust-add', '--type', 'ad', self.ad_domain, '--admin', 'Administrator', '--range-type', range_type, '--password'], raiseonerr=False, stdin_text=self.master.config.ad_admin_password) # The trust-add command is supposed to fail assert result.returncode == 1 assert "ERROR: invalid 'range_type'" in result.stderr_text finally: tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_external_trust_with_shared_secret(self): self.ad.run_command([ 'netdom.exe', 'trust', self.master.domain.name, '/d:' + self.ad.domain.name, '/remove', '/oneside:TRUSTED' ]) self.remove_trust(self.ad) tasks.unconfigure_windows_dns_for_trust(self.ad, self.master) tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_establish_nonexternal_treedomain_trust(self): tasks.configure_dns_for_trust(self.master, self.ad, self.tree_ad) try: tasks.kinit_admin(self.master) result = self.master.run_command([ 'ipa', 'trust-add', '--type', 'ad', self.ad_treedomain, '--admin', 'Administrator@' + self.ad_treedomain, '--password', '--range-type', 'ipa-ad-trust' ], stdin_text=self.master.config.ad_admin_password, raiseonerr=False) assert result != 0 assert ("Domain '{0}' is not a root domain".format( self.ad_treedomain) in result.stderr_text) finally: tasks.unconfigure_dns_for_trust(self.master, self.ad, self.tree_ad)
def test_establish_nonexternal_treedomain_trust(self): self.configure_dns_and_time(self.tree_ad) try: tasks.kinit_admin(self.master) result = self.master.run_command([ 'ipa', 'trust-add', '--type', 'ad', self.ad_treedomain, '--admin', 'Administrator', '--password', '--range-type', 'ipa-ad-trust' ], stdin_text=self.master.config.ad_admin_password, raiseonerr=False) assert result != 0 assert ("Domain '{0}' is not a root domain".format( self.ad_treedomain) in result.stderr_text) finally: tasks.unconfigure_dns_for_trust(self.master, self.tree_ad)
def test_remove_forest_trust_with_shared_secret(self): ps_cmd = ('[System.DirectoryServices.ActiveDirectory.Forest]' '::getCurrentForest()' '.DeleteLocalSideOfTrustRelationship("{}")'.format( self.master.domain.name)) self.ad.run_command(['powershell', '-c', ps_cmd]) self.remove_trust(self.ad) # this is cleanup for workaround for # https://bugzilla.redhat.com/show_bug.cgi?id=1711958 self.master.run_command([ 'ipa', 'dnsrecord-del', self.master.domain.name, self.srv_gc_record_name, '--srv-rec', self.srv_gc_record_value ]) tasks.unconfigure_windows_dns_for_trust(self.ad, self.master) tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_external_rootdomain_trust(self): self.remove_trust(self.ad) tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_posix_trust(self): self.remove_trust(self.ad) tasks.unconfigure_dns_for_trust(self.master, self.ad)
def remove_trust(self, ad): tasks.remove_trust_with_ad(self.master, ad.domain.name) tasks.unconfigure_dns_for_trust(self.master, ad) tasks.clear_sssd_cache(self.master)
def test_remove_subordinate_suffixes_trust(self): self.remove_trust(self.ad) tasks.unconfigure_dns_for_trust(self.master, self.ad)
def remove_trust(self, ad): tasks.remove_trust_with_ad(self.master, ad.domain.name) tasks.unconfigure_dns_for_trust(self.master, ad) tasks.clear_sssd_cache(self.master)