Bug 1391814 - ipa trust-fetch-domains <domainname> returns correct output with exit status as 1
Summary: ipa trust-fetch-domains <domainname> returns correct output with exit status ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-04 06:12 UTC by Sudhir Menon
Modified: 2018-02-16 15:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-16 15:32:00 UTC
Target Upstream Version:

Attachments (Terms of Use)
Debug output for ipa trust-fetch-domains command (4.91 KB, text/plain)
2016-11-04 06:14 UTC, Sudhir Menon 		no flags Details
http error log (53.34 KB, text/plain)
2016-11-04 06:17 UTC, Sudhir Menon 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Sudhir Menon 2016-11-04 06:12:04 UTC 
Description of problem: ipa trust-fetch-domains <domainname> returns correct output with exit status as 1


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-12.el7.x86_64

How reproducible: Always


Steps to Reproduce:

1. Install IPA server and establish two-way trust with windows AD having subdomain.

2. Now run ipa trust-fetch-domains <domainname> and check the output on the console.

Actual results:

[root@master ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: ipaad2008r2.test
  Domain NetBIOS name: IPAAD2008R2
  Domain Security Identifier: S-1-5-21-1765444267-4284514389-3232425237
  Trust type: Active Directory domain
----------------------------
Number of entries returned 1
----------------------------
[root@master ~]# ipa trustdomain-find
Realm name: ipaad2008r2.test
  Domain name: ipaad2008r2.test
  Domain NetBIOS name: IPAAD2008R2
  Domain Security Identifier: S-1-5-21-1765444267-4284514389-3232425237
  Domain enabled: True

  Domain name: ipasub2008r2-1.ipaad2008r2.test
  Domain NetBIOS name: IPASUB2008R2-1
  Domain Security Identifier: S-1-5-21-469193889-4273894478-2486872656
  Domain enabled: True
----------------------------
Number of entries returned 2
----------------------------

[root@master ~]# ipa trust-fetch-domains ipaad2008r2.test
-------------------------------
No new trust domains were found
-------------------------------
----------------------------
Number of entries returned 0
----------------------------
[root@master ~]# echo $?
1


3. Highlighting the failed testcase in beaker which expects return code 0.

========
:: [   LOG    ] :: Fetch trust domains with valid realm default enable all
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   PASS   ] :: Command 'kdestroy -A' (Expected 0, got 0)
:: [   PASS   ] :: Command 'echo Secret123 | kinit admin' (Expected 0, got 0)
:: [   PASS   ] :: Command 'ipa trustdomain-find ipaad2008r2.test ipasub2008r2-1.ipaad2008r2.test' (Expected 0, got 0)
:: [   PASS   ] :: Command 'ipa idrange-find IPASUB2008R2-1.IPAAD2008R2.TEST_id_range > /tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out 2>&1' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Range name: IPASUB2008R2-1.IPAAD2008R2.TEST_id_range' 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Range type: Active Directory domain range' 
:: [   PASS   ] :: Command 'sleep 10' (Expected 0, got 0)
:: [   LOG    ] :: Checking kadmin is fully up
:: [   PASS   ] :: Command 'date' (Expected 0, got 0)
:: [   LOG    ] :: kadmin is up
:: [   PASS   ] :: Command 'date' (Expected 0, got 0)

**************
:: [   FAIL   ] :: Command 'ipa trust-fetch-domains ipaad2008r2.test > /tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out 2>&1' (Expected 0, got 1) 
**************
 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'No new trust domains were found' 
:: [   PASS   ] :: File '/tmp/tmp.MDcNn6KvWX/tmpout.trustdomain_cli_0018.out' should contain 'Number of entries returned 0' 
:: [   PASS   ] :: Command 'sleep 60' (Expected 0, got 0)
:: [   LOG    ] :: Duration: 1m 16s
:: [   LOG    ] :: Assertions: 12 good, 1 bad
:: [   FAIL   ] :: RESULT: Fetch trust domains with valid realm default enable all

Expected results: Exit status should be 0 if the output is displayed correctly.
without any error.

Additional info: Attaching the httpd error log and debug output for the command when it was run.
Comment 1 Sudhir Menon 2016-11-04 06:14:41 UTC 
Created attachment 1217292 [details]
Debug output for ipa trust-fetch-domains command
Comment 2 Sudhir Menon 2016-11-04 06:17:04 UTC 
Created attachment 1217293 [details]
http error log
Comment 5 Martin Babinsky 2016-11-08 13:27:30 UTC 
I do not think this is a regression since the same behavior can be traced back to RHEL 7.2 (ipa-server-4.2.0-15.el7_2.18.x86_64).

'ipa trust-fetch-domains' actually always returns 1 for one-way trusts regardless of whether the list of trust-domains was refreshed or not and we should fix that.
Comment 6 Petr Vobornik 2016-11-11 15:23:26 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6478
Comment 7 Petr Vobornik 2017-03-28 07:44:54 UTC 
Removing regression keyword based on comment 5.
Comment 9 Petr Vobornik 2018-02-16 15:32:00 UTC 
An upstream ticket was closed as. Returning Non-0 when the list is empty is an expected behavior.

See https://pagure.io/freeipa/issue/325
Note You need to log in before you can comment on or make changes to this bug.