Don't allow standalone KRA uninstalls

KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.

https://pagure.io/freeipa/issue/6538

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>

3 files changed, 11 insertions, 40 deletions

diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 99ff4a63f..25766541d 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,7 +20,9 @@
 
 from __future__ import print_function
 
+import sys
 import tempfile
+from optparse import SUPPRESS_HELP
 
 from textwrap import dedent
 from ipalib import api
@@ -69,8 +71,7 @@ class KRAInstall(admintool.AdminTool):
         parser.add_option(
             "--uninstall",
             dest="uninstall", action="store_true", default=False,
-            help="uninstall an existing installation. The uninstall can "
-                 "be run with --unattended option")
+            help=SUPPRESS_HELP)
 
     def validate_options(self, needs_root=True):
         super(KRAInstall, self).validate_options(needs_root=True)
@@ -83,33 +84,14 @@ class KRAInstall(admintool.AdminTool):
     @classmethod
     def get_command_class(cls, options, args):
         if options.uninstall:
-            return KRAUninstaller
+            sys.exit(
+                'ERROR: Standalone KRA uninstallation was removed in '
+                'FreeIPA 4.5 as it had never worked properly and only caused '
+                'issues.')
         else:
             return KRAInstaller
 
 
-class KRAUninstaller(KRAInstall):
-    log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG
-
-    def validate_options(self, needs_root=True):
-        super(KRAUninstaller, self).validate_options(needs_root=True)
-
-        if self.args:
-            self.option_parser.error("Too many parameters provided.")
-
-        _kra = krainstance.KRAInstance(api)
-        if not _kra.is_installed():
-            self.option_parser.error(
-                "Cannot uninstall.  There is no KRA installed on this system."
-            )
-
-    def run(self):
-        super(KRAUninstaller, self).run()
-        api.Backend.ldap2.connect()
-        kra.uninstall(True)
-        api.Backend.ldap2.disconnect()
-
-
 class KRAInstaller(KRAInstall):
     log_file_name = paths.IPASERVER_KRA_INSTALL_LOG
 
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index 17617ed3b..f34540612 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -9,12 +9,11 @@ KRA installer module
 import os
 import shutil
 
-from ipalib import api, errors
+from ipalib import api
 from ipaplatform import services
 from ipaplatform.paths import paths
 from ipapython import certdb
 from ipapython import ipautil
-from ipapython.dn import DN
 from ipapython.install.core import group
 from ipaserver.install import custodiainstance
 from ipaserver.install import cainstance
@@ -125,19 +124,9 @@ def install(api, replica_config, options):
     services.knownservices.httpd.restart(capture_output=True)
 
 
-def uninstall(standalone):
+def uninstall():
     kra = krainstance.KRAInstance(api.env.realm)
-
-    if standalone:
-        try:
-            api.Backend.ldap2.delete_entry(
-                DN(('cn', 'KRA'), ('cn', api.env.host),
-                   ('cn', 'masters'), ('cn', 'ipa'),
-                   ('cn', 'etc'), api.env.basedn))
-        except errors.NotFound:
-            pass
-
-    kra.stop_tracking_certificates(stop_certmonger=not standalone)
+    kra.stop_tracking_certificates()
     if kra.is_installed():
         kra.uninstall()
 
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 8b77fbb76..d9710dcab 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1051,7 +1051,7 @@ def uninstall(installer):
 
     ntpinstance.NTPInstance(fstore).uninstall()
 
-    kra.uninstall(False)
+    kra.uninstall()
 
     ca.uninstall()