diff --git a/plugins/modules/ipatrust.py b/plugins/modules/ipatrust.py
index d94ec94d49eca015147ee3bfd56a16f428f6ca8f..965f6ea2d16196e3b0e504953314ba4685c9c5a9 100644
--- a/plugins/modules/ipatrust.py
+++ b/plugins/modules/ipatrust.py
@@ -158,7 +158,7 @@ def add_trust(module, realm, args):
def gen_args(trust_type, admin, password, server, trust_secret, base_id,
- range_size, _range_type, two_way, external):
+ range_size, range_type, two_way, external):
_args = {}
if trust_type is not None:
_args["trust_type"] = trust_type
@@ -174,6 +174,8 @@ def gen_args(trust_type, admin, password, server, trust_secret, base_id,
_args["base_id"] = base_id
if range_size is not None:
_args["range_size"] = range_size
+ if range_type is not None:
+ _args["range_type"] = range_type
if two_way is not None:
_args["bidirectional"] = two_way
if external is not None:
diff --git a/tests/trust/test_trust.yml b/tests/trust/test_trust.yml
index e4ecdf501dc1cf078eebc7b7d431396825543fa4..5d1280d05bd154b64345a6e90d83ca1601c61fc6 100644
--- a/tests/trust/test_trust.yml
+++ b/tests/trust/test_trust.yml
@@ -1,55 +1,168 @@
---
-- name: find trust
+- name: Test ipatrust
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
+ vars:
+ adserver:
+ domain: "{{ winserver_domain | default('windows.local')}}"
+ realm: "{{ winserver_realm | default(winserver_domain) | default('windows.local') | upper }}"
+ password: "{{ winserver_admin_password | default('SomeW1Npassword') }}"
+ ipaserver:
+ domain: "{{ ipaserver_domain | default('ipa.test')}}"
+ realm: "{{ ipaserver_realm | default(ipaserver_domain) | default('ipa.test') | upper }}"
+ trust_exists: 'Realm name: {{ adserver.domain }}'
+ ad_range_exists: 'Range name: {{ adserver.realm }}_id_range'
+ ipa_range_exists: 'Range name: {{ ipaserver.realm }}_subid_range'
+
tasks:
- block:
- - name: delete trust
+ - name: Delete test trust
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
- realm: windows.local
+ realm: "{{ adserver.domain }}"
state: absent
- register: del_trust
- - name: check for trust
+ - name: Clear test idranges
shell: |
- echo 'SomeADMINpassword' | kinit admin
- ipa trust-find windows.local
- register: check_find_trust
- failed_when: "'0 trusts matched' not in check_find_trust.stdout"
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa idrange-del {{ adserver.realm }}_id_range || true
+ ipa idrange-del {{ ipaserver.realm }}_subid_range || true
+ kdestroy -c test_krb5_cache -q -A
- - name: delete id range
+ - name: Add trust with range_type 'ipa-ad-trust'
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ admin: Administrator
+ trust_type: ad
+ range_type: ipa-ad-trust
+ password: "{{ adserver.password }}"
+ state: present
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: check if 'ipa-ad-trust' trust exists
shell: |
echo 'SomeADMINpassword' | kinit admin
- ipa idrange-del WINDOWS.LOCAL_id_range
- when: del_trust['changed'] | bool
+ ipa trust-find
+ kdestroy -c test_krb5_cache -q -A
+ register: check_add_trust
+ failed_when: "trust_exists not in check_add_trust.stdout"
- - name: check for range
+ - name: Add trust with range_type 'ipa-ad-trust', again
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ admin: Administrator
+ range_type: ipa-ad-trust
+ password: "{{ adserver.password }}"
+ state: present
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Delete 'ipa-ad-trust' trust
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ state: absent
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Check if 'ipa-ad-trust' trust was removed
shell: |
- echo 'SomeADMINpassword' | kinit admin
- ipa idrange-find WINDOWS.LOCAL_id_range
- register: check_del_idrange
- failed_when: "'0 ranges matched' not in check_del_idrange.stdout"
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa trust-find
+ kdestroy -c test_krb5_cache -q -A
+ register: check_add_trust
+ failed_when: "trust_exists in check_add_trust.stdout"
+
+ - name: Delete 'ipa-ad-trust' trust, again
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ state: absent
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Clear test idranges
+ shell: |
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa idrange-del {{ adserver.realm }}_id_range || true
+ ipa idrange-del {{ ipaserver.realm }}_subid_range || true
+ kdestroy -c test_krb5_cache -q -A
- - name: add trust
+ - name: Add trust with range_type 'ipa-ad-trust-posix'
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
- realm: windows.local
+ realm: "{{ adserver.domain }}"
admin: Administrator
- password: secret_ad_pw
+ range_type: ipa-ad-trust-posix
+ password: "{{ adserver.password }}"
state: present
+ register: result
+ failed_when: result.failed or not result.changed
- - name: check for trust
+ - name: Check if 'ipa-ad-trust-posix' trust exists
shell: |
- echo 'SomeADMINpassword' | kinit admin
- ipa trust-find windows.local
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa trust-find
+ kdestroy -c test_krb5_cache -q -A
register: check_add_trust
- failed_when: "'1 trust matched' not in check_add_trust.stdout"
+ failed_when: "trust_exists not in check_add_trust.stdout"
+
+ - name: Add trust with range_type 'ipa-ad-trust-posix', again
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ admin: Administrator
+ range_type: ipa-ad-trust-posix
+ password: "{{ adserver.password }}"
+ state: present
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Delete 'ipa-ad-trust-posix' trust
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ state: absent
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Check if trust 'ipa-ad-trust-posix' was removed
+ shell: |
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa trust-find
+ kdestroy -c test_krb5_cache -q -A
+ register: check_del_trust
+ failed_when: "trust_exists in check_del_trust.stdout"
+
+ - name: Delete 'ipa-ad-trust-posix' trust, again
+ ipatrust:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ realm: "{{ adserver.domain }}"
+ state: absent
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Clear test idranges
+ shell: |
+ kinit -c test_krb5_cache admin <<< SomeADMINpassword
+ ipa idrange-del {{ adserver.realm }}_id_range || true
+ ipa idrange-del {{ ipaserver.realm }}_subid_range || true
+ kdestroy -c test_krb5_cache -q -A
when: trust_test_is_supported | default(false)
diff --git a/tests/trust/test_trust_client_context.yml b/tests/trust/test_trust_client_context.yml
index 2ea38537dc5ac67f24e3650e8d0514486d72b254..6f4ff06edf6d1c727d5f1d1c2a65c593e26736d4 100644
--- a/tests/trust/test_trust_client_context.yml
+++ b/tests/trust/test_trust_client_context.yml
@@ -13,7 +13,7 @@
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: server
- realm: windows.local
+ realm: this.test.should.fail
register: result
failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
when: ipa_host_is_client