Bug 1391814

Summary: ipa trust-fetch-domains <domainname> returns correct output with exit status as 1
Product: Red Hat Enterprise Linux 7 Reporter: Sudhir Menon <sumenon>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED NOTABUG QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: pasik, pvoborni, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-16 15:32:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Debug output for ipa trust-fetch-domains command
none
http error log none

Description Sudhir Menon 2016-11-04 06:12:04 UTC 
Description of problem: ipa trust-fetch-domains <domainname> returns correct output with exit status as 1


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-12.el7.x86_64

How reproducible: Always


Steps to Reproduce:

1. Install IPA server and establish two-way trust with windows AD having subdomain.

2. Now run ipa trust-fetch-domains <domainname> and check the output on the console.

Actual results:

[root@master ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: ipaad2008r2.test
  Domain NetBIOS name: IPAAD2008R2
  Domain Security Identifier: S-1-5-21-1765444267-4284514389-3232425237
  Trust type: Active Directory domain
----------------------------
Number of entries returned 1
----------------------------
[root@master ~]# ipa trustdomain-find
Realm name: ipaad2008r2.test
  Domain name: ipaad2008r2.test
  Domain NetBIOS name: IPAAD2008R2
  Domain Security Identifier: S-1-5-21-1765444267-4284514389-3232425237
  Domain enabled: True

  Domain name: ipasub2008r2-1.ipaad2008r2.test
  Domain NetBIOS name: IPASUB2008R2-1
  Domain Security Identifier: S-1-5-21-469193889-4273894478-2486872656
  Domain enabled: True
----------------------------
Number of entries returned 2
----------------------------

[root@master ~]# ipa trust-fetch-domains ipaad2008r2.test
-------------------------------
No new trust domains were found
-------------------------------
----------------------------
Number of entries returned 0
----------------------------
[root@master ~]# echo $?
1


3. Highlighting the failed testcase in beaker which expects return code 0.

========
:: [   LOG    ] :: Fetch trust domains with valid realm default enable all
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   PASS   ] :: Command 'kdestroy -A' (Expected 0, got 0)
:: [   PASS   ] :: Command 'echo Secret123 | kinit admin' (Expected 0, got 0)
:: [   PASS   ] :: Command 'ipa trustdomain-find ipaad2008r2.test ipasub2008r2-1.ipaad2008r2.test' (Expected 0, got 0)
:: [   PASS   ] :: Command 'ipa idrange-find IPASUB2008R2-1.IPAAD2008R2.TEST_id_range > /tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out 2>&1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Range name: IPASUB2008R2-1.IPAAD2008R2.TEST_id_range' 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Range type: Active Directory domain range' 
:: [   PASS   ] :: Command 'sleep 10' (Expected 0, got 0)
:: [   LOG    ] :: Checking kadmin is fully up
:: [   PASS   ] :: Command 'date' (Expected 0, got 0)
:: [   LOG    ] :: kadmin is up
:: [   PASS   ] :: Command 'date' (Expected 0, got 0)

**************
:: [   FAIL   ] :: Command 'ipa trust-fetch-domains ipaad2008r2.test > /tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out 2>&1' (Expected 0, got 1) 
**************
 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'No new trust domains were found' 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Number of entries returned 0' 
:: [   PASS   ] :: Command 'sleep 60' (Expected 0, got 0)
:: [   LOG    ] :: Duration: 1m 16s
:: [   LOG    ] :: Assertions: 12 good, 1 bad
:: [   FAIL   ] :: RESULT: Fetch trust domains with valid realm default enable all

Expected results: Exit status should be 0 if the output is displayed correctly.
without any error.

Additional info: Attaching the httpd error log and debug output for the command when it was run.
Comment 1 Sudhir Menon 2016-11-04 06:14:41 UTC 
Created attachment 1217292 [details]
Debug output for ipa trust-fetch-domains command
Comment 2 Sudhir Menon 2016-11-04 06:17:04 UTC 
Created attachment 1217293 [details]
http error log
Comment 5 Martin Babinsky 2016-11-08 13:27:30 UTC 
I do not think this is a regression since the same behavior can be traced back to RHEL 7.2 (ipa-server-4.2.0-15.el7_2.18.x86_64).

'ipa trust-fetch-domains' actually always returns 1 for one-way trusts regardless of whether the list of trust-domains was refreshed or not and we should fix that.
Comment 6 Petr Vobornik 2016-11-11 15:23:26 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6478
Comment 7 Petr Vobornik 2017-03-28 07:44:54 UTC 
Removing regression keyword based on comment 5.
Comment 9 Petr Vobornik 2018-02-16 15:32:00 UTC 
An upstream ticket was closed as. Returning Non-0 when the list is empty is an expected behavior.

See https://pagure.io/freeipa/issue/325