diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-03-08 09:58:38 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-13 16:10:28 +0100 |
commit | 670f8fb1db109ec2c9ab7e5d2189325988220b23 (patch) | |
tree | e5feb0f589a18029cd933794efd5decf04770b9d | |
parent | fe4489ede2b40902fb7d734d04a1f997c6df86fb (diff) | |
download | freeipa-670f8fb1db109ec2c9ab7e5d2189325988220b23.tar.gz freeipa-670f8fb1db109ec2c9ab7e5d2189325988220b23.tar.xz freeipa-670f8fb1db109ec2c9ab7e5d2189325988220b23.zip |
Add check to prevent removal of last KRA
https://pagure.io/freeipa/issue/6538
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
-rw-r--r-- | ipaserver/plugins/server.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py index 08caa1cf7..b1ee47228 100644 --- a/ipaserver/plugins/server.py +++ b/ipaserver/plugins/server.py @@ -494,6 +494,19 @@ class server_del(LDAPDelete): "without a DNS."), ignore_last_of_role) if self.api.Command.ca_is_enabled()['result']: + try: + vault_config = self.api.Command.vaultconfig_show()['result'] + kra_servers = vault_config.get('kra_server_server', []) + except errors.InvocationError: + # KRA is not configured + pass + else: + if kra_servers == [hostname]: + handler( + _("Deleting this server is not allowed as it would " + "leave your installation without a KRA."), + ignore_last_of_role) + ca_servers = ipa_config.get('ca_server_server', []) ca_renewal_master = ipa_config.get( 'ca_renewal_master_server', []) |