Skip to content
Snippets Groups Projects
Unverified Commit bd084ad3 authored by Thomas Woerner's avatar Thomas Woerner Committed by GitHub
Browse files

Merge pull request #810 from rjeffman/ipatrust_fix_range_type 

ipatrust: fix range_type and test enhancement.
parents 1276e388 766cf5a2
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
plugins/modules/ipatrust.py
+ 3
1
View file @ bd084ad3
......@@ -158,7 +158,7 @@ def add_trust(module, realm, args):
def gen_args(trust_type, admin, password, server, trust_secret, base_id,
range_size, _range_type, two_way, external):
range_size, range_type, two_way, external):
_args = {}
if trust_type is not None:
_args["trust_type"] = trust_type
......@@ -174,6 +174,8 @@ def gen_args(trust_type, admin, password, server, trust_secret, base_id,
_args["base_id"] = base_id
if range_size is not None:
_args["range_size"] = range_size
if range_type is not None:
_args["range_type"] = range_type
if two_way is not None:
_args["bidirectional"] = two_way
if external is not None:
......
tests/trust/test_trust.yml
+ 137
24
View file @ bd084ad3
---
- name: find trust
- name: Test ipatrust
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
vars:
adserver:
domain: "{{ winserver_domain | default('windows.local')}}"
realm: "{{ winserver_realm | default(winserver_domain) | default('windows.local') | upper }}"
password: "{{ winserver_admin_password | default('SomeW1Npassword') }}"
ipaserver:
domain: "{{ ipaserver_domain | default('ipa.test')}}"
realm: "{{ ipaserver_realm | default(ipaserver_domain) | default('ipa.test') | upper }}"
trust_exists: 'Realm name: {{ adserver.domain }}'
ad_range_exists: 'Range name: {{ adserver.realm }}_id_range'
ipa_range_exists: 'Range name: {{ ipaserver.realm }}_subid_range'
tasks:
- block:
- name: delete trust
- name: Delete test trust
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: windows.local
realm: "{{ adserver.domain }}"
state: absent
register: del_trust
- name: check for trust
- name: Clear test idranges
shell: |
echo 'SomeADMINpassword' | kinit admin
ipa trust-find windows.local
register: check_find_trust
failed_when: "'0 trusts matched' not in check_find_trust.stdout"
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa idrange-del {{ adserver.realm }}_id_range || true
ipa idrange-del {{ ipaserver.realm }}_subid_range || true
kdestroy -c test_krb5_cache -q -A
- name: delete id range
- name: Add trust with range_type 'ipa-ad-trust'
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
admin: Administrator
trust_type: ad
range_type: ipa-ad-trust
password: "{{ adserver.password }}"
state: present
register: result
failed_when: result.failed or not result.changed
- name: check if 'ipa-ad-trust' trust exists
shell: |
echo 'SomeADMINpassword' | kinit admin
ipa idrange-del WINDOWS.LOCAL_id_range
when: del_trust['changed'] | bool
ipa trust-find
kdestroy -c test_krb5_cache -q -A
register: check_add_trust
failed_when: "trust_exists not in check_add_trust.stdout"
- name: check for range
- name: Add trust with range_type 'ipa-ad-trust', again
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
admin: Administrator
range_type: ipa-ad-trust
password: "{{ adserver.password }}"
state: present
register: result
failed_when: result.failed or result.changed
- name: Delete 'ipa-ad-trust' trust
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
state: absent
register: result
failed_when: result.failed or not result.changed
- name: Check if 'ipa-ad-trust' trust was removed
shell: |
echo 'SomeADMINpassword' | kinit admin
ipa idrange-find WINDOWS.LOCAL_id_range
register: check_del_idrange
failed_when: "'0 ranges matched' not in check_del_idrange.stdout"
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa trust-find
kdestroy -c test_krb5_cache -q -A
register: check_add_trust
failed_when: "trust_exists in check_add_trust.stdout"
- name: Delete 'ipa-ad-trust' trust, again
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
state: absent
register: result
failed_when: result.failed or result.changed
- name: Clear test idranges
shell: |
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa idrange-del {{ adserver.realm }}_id_range || true
ipa idrange-del {{ ipaserver.realm }}_subid_range || true
kdestroy -c test_krb5_cache -q -A
- name: add trust
- name: Add trust with range_type 'ipa-ad-trust-posix'
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: windows.local
realm: "{{ adserver.domain }}"
admin: Administrator
password: secret_ad_pw
range_type: ipa-ad-trust-posix
password: "{{ adserver.password }}"
state: present
register: result
failed_when: result.failed or not result.changed
- name: check for trust
- name: Check if 'ipa-ad-trust-posix' trust exists
shell: |
echo 'SomeADMINpassword' | kinit admin
ipa trust-find windows.local
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa trust-find
kdestroy -c test_krb5_cache -q -A
register: check_add_trust
failed_when: "'1 trust matched' not in check_add_trust.stdout"
failed_when: "trust_exists not in check_add_trust.stdout"
- name: Add trust with range_type 'ipa-ad-trust-posix', again
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
admin: Administrator
range_type: ipa-ad-trust-posix
password: "{{ adserver.password }}"
state: present
register: result
failed_when: result.failed or result.changed
- name: Delete 'ipa-ad-trust-posix' trust
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
state: absent
register: result
failed_when: result.failed or not result.changed
- name: Check if trust 'ipa-ad-trust-posix' was removed
shell: |
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa trust-find
kdestroy -c test_krb5_cache -q -A
register: check_del_trust
failed_when: "trust_exists in check_del_trust.stdout"
- name: Delete 'ipa-ad-trust-posix' trust, again
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
realm: "{{ adserver.domain }}"
state: absent
register: result
failed_when: result.failed or result.changed
- name: Clear test idranges
shell: |
kinit -c test_krb5_cache admin <<< SomeADMINpassword
ipa idrange-del {{ adserver.realm }}_id_range || true
ipa idrange-del {{ ipaserver.realm }}_subid_range || true
kdestroy -c test_krb5_cache -q -A
when: trust_test_is_supported | default(false)
tests/trust/test_trust_client_context.yml
+ 1
1
View file @ bd084ad3
......@@ -13,7 +13,7 @@
ipatrust:
ipaadmin_password: SomeADMINpassword
ipaapi_context: server
realm: windows.local
realm: this.test.should.fail
register: result
failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
when: ipa_host_is_client
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment