def test_invalid_range_types(self):
invalid_range_types = [
'ipa-local', 'ipa-ad-winsync', 'ipa-ipa-trust', 'random-invalid',
're@ll%ybad12!'
]
tasks.configure_dns_for_trust(self.master, self.ad)
try:
for range_type in invalid_range_types:
tasks.kinit_admin(self.master)
result = self.master.run_command(
[
'ipa', 'trust-add', '--type', 'ad', self.ad_domain,
'--admin', 'Administrator', '--range-type', range_type,
'--password'
],
raiseonerr=False,
stdin_text=self.master.config.ad_admin_password)
# The trust-add command is supposed to fail
assert result.returncode == 1
assert "ERROR: invalid 'range_type'" in result.stderr_text
finally:
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_invalid_range_types(self):
invalid_range_types = ['ipa-local',
'ipa-ad-winsync',
'ipa-ipa-trust',
'random-invalid',
're@ll%ybad12!']
self.configure_dns_and_time(self.ad)
try:
for range_type in invalid_range_types:
tasks.kinit_admin(self.master)
result = self.master.run_command(
['ipa', 'trust-add', '--type', 'ad', self.ad_domain,
'--admin', 'Administrator',
'--range-type', range_type, '--password'],
raiseonerr=False,
stdin_text=self.master.config.ad_admin_password)
# The trust-add command is supposed to fail
assert result.returncode == 1
assert "ERROR: invalid 'range_type'" in result.stderr_text
finally:
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_external_trust_with_shared_secret(self):
self.ad.run_command([
'netdom.exe', 'trust', self.master.domain.name,
'/d:' + self.ad.domain.name, '/remove', '/oneside:TRUSTED'
])
self.remove_trust(self.ad)
tasks.unconfigure_windows_dns_for_trust(self.ad, self.master)
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_establish_nonexternal_treedomain_trust(self):
tasks.configure_dns_for_trust(self.master, self.ad, self.tree_ad)
try:
tasks.kinit_admin(self.master)
result = self.master.run_command([
'ipa', 'trust-add', '--type', 'ad', self.ad_treedomain,
'--admin', 'Administrator@' + self.ad_treedomain,
'--password', '--range-type', 'ipa-ad-trust'
], stdin_text=self.master.config.ad_admin_password,
raiseonerr=False)
assert result != 0
assert ("Domain '{0}' is not a root domain".format(
self.ad_treedomain) in result.stderr_text)
finally:
tasks.unconfigure_dns_for_trust(self.master, self.ad, self.tree_ad)
def test_establish_nonexternal_treedomain_trust(self):
self.configure_dns_and_time(self.tree_ad)
try:
tasks.kinit_admin(self.master)
result = self.master.run_command([
'ipa', 'trust-add', '--type', 'ad', self.ad_treedomain,
'--admin',
'Administrator', '--password', '--range-type', 'ipa-ad-trust'
], stdin_text=self.master.config.ad_admin_password,
raiseonerr=False)
assert result != 0
assert ("Domain '{0}' is not a root domain".format(
self.ad_treedomain) in result.stderr_text)
finally:
tasks.unconfigure_dns_for_trust(self.master, self.tree_ad)
def test_remove_forest_trust_with_shared_secret(self):
ps_cmd = ('[System.DirectoryServices.ActiveDirectory.Forest]'
'::getCurrentForest()'
'.DeleteLocalSideOfTrustRelationship("{}")'.format(
self.master.domain.name))
self.ad.run_command(['powershell', '-c', ps_cmd])
self.remove_trust(self.ad)
# this is cleanup for workaround for
# https://bugzilla.redhat.com/show_bug.cgi?id=1711958
self.master.run_command([
'ipa', 'dnsrecord-del', self.master.domain.name,
self.srv_gc_record_name, '--srv-rec', self.srv_gc_record_value
])
tasks.unconfigure_windows_dns_for_trust(self.ad, self.master)
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_external_rootdomain_trust(self):
self.remove_trust(self.ad)
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def test_remove_posix_trust(self):
self.remove_trust(self.ad)
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def remove_trust(self, ad):
tasks.remove_trust_with_ad(self.master, ad.domain.name)
tasks.unconfigure_dns_for_trust(self.master, ad)
tasks.clear_sssd_cache(self.master)
def test_remove_subordinate_suffixes_trust(self):
self.remove_trust(self.ad)
tasks.unconfigure_dns_for_trust(self.master, self.ad)
def remove_trust(self, ad):
tasks.remove_trust_with_ad(self.master, ad.domain.name)
tasks.unconfigure_dns_for_trust(self.master, ad)
tasks.clear_sssd_cache(self.master)
