sssd_test_framework.utils.adcli

Perform actions on Active Directory.

Classes

AdcliUtils(*args, **kwargs)

Interface to adcli utility.
class sssd_test_framework.utils.adcli.AdcliUtils(*args, **kwargs)

Bases: MultihostUtility[MultihostHost]

Interface to adcli utility.

Example usage
@pytest.mark.topology(KnownTopologyGroup.AnyAD)
def test_adcli_join(client: Client, provider: GenericADProvider):
    cred = provider.host.adminpw
    r = client.adcli.join(provider.host.domain, ["--domain-controller", provider.host.hostname], password=cred)
    assert provider.host.domain in r.stdout, "adcli failed to join the client!"

Note

This utility will not revert any changes. It relies on AD host topology for clean up. For methods requiring an authentication, –stdin-password(-W) is a default. Setting krb=True will enable kerberos based authentication.

Find all MultihostUtility objects in the constructor.

info(*, domain: str, args: list[str] | None = None) ProcessResult

Discover AD domain.

Parameters:

  • domain (str) – domain.

  • args (list[str] | None, optional) – additional arguments, defaults to None

Returns:

Result of called command.

Return type:

ProcessResult

testjoin(*, domain: str, args: list[str] | None = None) ProcessResult

Validate join.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – Additional arguments, defaults to None

Returns:

Result of called command.

Return type:

ProcessResult

update(*, domain: str, password: str | None = None, login_user: str | None = None, args: list[str] | None = None) ProcessResult

Update a computer account’s password, and other attributes.

Can be run in two modes:

  1. Machine Auth: (Default) Call without password or login_user. Uses the machine’s local keytab (self-update).

  2. User Auth: Call with password and login_user. Uses admin credentials via Kerberos to force an update.

Parameters:

  • domain (str) – Domain.

  • password (str | None) – Password (optional, for Admin auth).

  • login_user (str | None) – Authenticating User (optional, for Admin auth).

  • args (list[str] | None, optional) – Additional arguments, defaults to None

Returns:

Result of called command.

Return type:

ProcessResult

join(*, domain: str, args: list[str] | None = None, password: str, login_user: str, krb: bool = False) ProcessResult

Create a computer account.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – Additional arguments, defaults to None

  • password (str) – Password

  • login_user (str) – Authenticating User

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

delete_computer(*, domain: str, args: list[str] | None = None, password: str, login_user: str, krb: bool = False) ProcessResult

Delete computer account.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – additional arguments, defaults to None.

  • password (str) – Password

  • login_user (str) – Authenticating User

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

show_computer(*, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Show computer.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password

  • login_user (str) – Authenticating User

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

preset_computer(*, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Preset computer.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password

  • login_user (str) – Authenticating User

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

reset_computer(*, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Reset computer.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password

  • login_user (str) – Authenticating User

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

create_user(user, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Create user.

Parameters:

  • domain (str) – Domain.

  • user (str) – User.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

delete_user(user, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Delete user.

Parameters:

  • domain (str) – Domain.

  • user (str) – User.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

delete_group(group, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Delete group.

Parameters:

  • domain (str) – Domain.

  • group (str) – Group.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

create_group(group, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Create group.

Parameters:

  • domain (str) – Domain.

  • group (str) – Group.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

add_member(group, member, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Add member.

Parameters:

  • domain (str) – Domain.

  • group (str) – Group.

  • member (str) – member, user or computer.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

remove_member(group, member, *, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Remove member.

Parameters:

  • domain (str) – Domain.

  • group (str) – Group.

  • member (str) – member, user or computer.

  • args (list[str] | None, optional) – additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Use Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

create_msa(*, domain: str, password: str, args: list[str] | None = None, login_user: str, krb: bool = False) ProcessResult

Create Managed Service Account.

Parameters:

  • domain (str) – Domain.

  • args (list[str] | None, optional) – Additional arguments, defaults to None

  • password (str) – Password.

  • login_user (str) – Authenticating User.

  • krb (bool, optional) – Kerberos credentials, defaults to False

Returns:

Result of called command.

Return type:

ProcessResult

passwd_user(*, user: str, new_password: str, domain: str, login_user: str, password: str, args: list[str] | None = None) bool

(Re)Set Password.

Parameters:

  • user (str) – User.

  • new_password (str) – New password.

  • domain (str) – Domain.

  • login_user (str) – Authenticating User.

  • password (str) – Password of Authenticating user.

  • args (list[str] | None, optional) – Additional arguments, defaults to None.

Returns:

True on success, False otherwise

Return type:

bool