add-trust¶

Description¶

Adds cross-realm trust between an on-premise Active Directory and an environment. This is used to add trust relationship to an environment towards an on-premise Active Directory realm. After this operation completes, configure the other side of the trust relationship by completing the steps returned by getTrustSetupCommands. Then call finish-setup-trust to validate and activate the trust for production use.

Synopsis¶

  add-trust
--environment <value>
--kdc-servers <value>
--kdc-realm <value>
[--dns-server-ips <value>]
[--trust-secret <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options¶

--environment (string)

Environment name or CRN that identifies the Hybrid Environment.

--kdc-servers (array)

The list of the Key Distribution Center (KDC) servers (currently only one KDC server is supported; multi-server support is under development).

Shorthand Syntax:

fqdn=string,ip=string ... (separate items with spaces)

JSON Syntax:

[
  {
    "fqdn": "string",
    "ip": "string"
  }
  ...
]

--kdc-realm (string)

Cross-realm trust REALM name (uppercase by convention).

--dns-server-ips (array)

Domain Name System (DNS) server IPv4 addresses (currently only a single address is supported; multi-server support is under development).

Syntax:

"string" "string" ...

--trust-secret (string)

Existing trust secret. If not provided, CDP will generate a secure random secret.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output¶

flowId -> (string)

Flow ID of the trust setup flow.

Form Factors¶

public, private