Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipatrust: fix range_type and test enhancement. #810

Merged
merged 3 commits into from
Apr 27, 2022
Merged

ipatrust: fix range_type and test enhancement. #810

merged 3 commits into from
Apr 27, 2022

Conversation

rjeffman
Copy link
Member

While implementing ipaidrange module, it was found that
ipatrust support for range_type was missing.

This PR fixes support for attribute range_type in ipatrust
and improves test coverage and execution for this module.

Please, see individual commits for detailed changes.

@rjeffman rjeffman requested a review from t-woerner April 13, 2022 13:54
This was referenced Apr 13, 2022
Closed
Merged
@varunmylaraiah varunmylaraiah self-requested a review April 26, 2022 11:33
@varunmylaraiah
Copy link
Collaborator

varunmylaraiah commented Apr 26, 2022
edited

Trust add with range_type worked as expected.

- name: Playbook to ensure the trust is present with range_type.
  hosts: ipaserver

  tasks:
  - ipatrust:
      ipaadmin_password: <xxxxxxxx>
      realm: win2019.test
      admin: Administrator
      password: <xxxxxxxx>
      range_type: ipa-ad-trust
      two_way: yes
      range_size: 2200000
      base_id: 400000
      state: present


[root@master ~]# ipa trust-find win2019.test
---------------
1 trust matched
---------------
  Realm name: win2019.test
  Domain NetBIOS name: WIN2019
  Domain Security Identifier: S-1-5-21-3920000636-2766498198-3657203523
  Trust type: Active Directory domain
----------------------------
Number of entries returned 1



- name: Playbook to ensure the trust is present with ipa-ad-trust-posix.
  hosts: ipaserver

  tasks:
  - ipatrust:
      ipaadmin_password: <xxxxxxxx>
      realm: win2019.test
      admin: Administrator
      password: <xxxxxxxx>
      range_type: ipa-ad-trust-posix
      two_way: yes
      range_size: 8000000
      base_id: 200000

@rjeffman rjeffman mentioned this pull request Apr 26, 2022
Merged
@rjeffman
tests/ipatrust: Modify AD realm name to an invalid name.
50b16cb 
As the task is expected to fail, the AD realm name was modified to show
the expected behavior more clearly.
@rjeffman
tests/trust: Improved test coverage and execution.
3ea452e 
This patch applies several changes to the ipatrust test playbook:

* Add externally defined parameters so execution in local trust
  environments can be configured. The available parameters are:
    * winserver_admin_password: the Administrator password for the AD
      server (default: 'SomeW1Npassword')
    * winserver_domain: the AD server domain (default: 'windows.local')
    * winserver realm: the AD server realm (by default, the uppercase
      version of winserver_domain)
    * ipaserver_domain: the FreeIPA server domain (default: 'ipa.test')
    * ipaserver_realm: the FreeIPA server realm (by default, the
      uppercase version of ipaserver_domain

* Modify trust verification to check for the existence of the trust as
  it the output of `ipa trust-find`, instead of cheking for the number
  of items returned, as the number might vary.

* Add idempotency tests by re-executing tasks and verifying that no
  change was performed.

* Added tests to verify creation of trusts with different 'range_type'.

* Use a Kerberos cache for shell scripts, and destroy it on exit.

* Properly remove all `idrange` that might be created upon setting up a
  trust.
@rjeffman
ipatrust: Fix support for range_type.
766cf5a 
The ipatrust module was ignoring the value of `range_type`, which is
required to allow for different types of idranges.
t-woerner
t-woerner approved these changes Apr 27, 2022
View reviewed changes
Copy link
Member

@t-woerner t-woerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@t-woerner t-woerner merged commit bd084ad into freeipa:master Apr 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@varunmylaraiah varunmylaraiah varunmylaraiah approved these changes

@t-woerner t-woerner t-woerner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rjeffman @varunmylaraiah @t-woerner