diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2017-03-08 16:38:12 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-13 16:27:23 +0100 |
| commit | 5d3a0e6758866239c886e998a6d89c5a4b150184 (patch) | |
| tree | e08115ebbe4023170095071731d7697b0ab1c3de /ipatests | |
| parent | 1e8db4b5c7a55dac0008ad9b9bf5802ba30e8c2a (diff) | |
| download | freeipa-5d3a0e6758866239c886e998a6d89c5a4b150184.tar.gz freeipa-5d3a0e6758866239c886e998a6d89c5a4b150184.tar.xz freeipa-5d3a0e6758866239c886e998a6d89c5a4b150184.zip | |
Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.
https://pagure.io/freeipa/issue/6538
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipatests')
| -rw-r--r-- | ipatests/test_integration/tasks.py | 2 | ||||
| -rw-r--r-- | ipatests/test_integration/test_vault.py | 58 |
2 files changed, 0 insertions, 60 deletions
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 0f96f16ae..4f932622a 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -68,9 +68,7 @@ def setup_server_logs_collecting(host): host.collect_log(paths.IPA_CUSTODIA_AUDIT_LOG) # IPA uninstall logs - host.collect_log(paths.IPASERVER_KRA_UNINSTALL_LOG) host.collect_log(paths.IPACLIENT_UNINSTALL_LOG) - host.collect_log(paths.IPASERVER_KRA_UNINSTALL_LOG) # IPA backup and restore logs host.collect_log(paths.IPARESTORE_LOG) diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py index 74b554eb2..fb282bbfb 100644 --- a/ipatests/test_integration/test_vault.py +++ b/ipatests/test_integration/test_vault.py @@ -140,61 +140,3 @@ class TestInstallKRA(IntegrationTest): self.vault_name_master, self.vault_name_replica_without_KRA, ]) - - - def test_create_and_retrieve_vault_after_kra_uninstall_on_replica(self): - # uninstall KRA on replica - self.replicas[0].run_command([ - "ipa-kra-install", - "-U", - "--uninstall", - ]) - - # create vault - self.replicas[0].run_command([ - "ipa", "vault-add", - self.vault_name_replica_KRA_uninstalled, - "--password", self.vault_password, - "--type", "symmetric", - ]) - - # archive secret - self.replicas[0].run_command([ - "ipa", "vault-archive", - self.vault_name_replica_KRA_uninstalled, - "--password", self.vault_password, - "--data", self.vault_data, - ]) - time.sleep(WAIT_AFTER_ARCHIVE) - - self._retrieve_secret([self.vault_name_replica_KRA_uninstalled]) - - ################# master ################# - # test master again after KRA was uninstalled on replica - # create vault - self.master.run_command([ - "ipa", "vault-add", - self.vault_name_master3, - "--password", self.vault_password, - "--type", "symmetric", - ]) - - # archive secret - self.master.run_command([ - "ipa", "vault-archive", - self.vault_name_master3, - "--password", self.vault_password, - "--data", self.vault_data, - ]) - time.sleep(WAIT_AFTER_ARCHIVE) - - self._retrieve_secret([self.vault_name_master3,]) - - ################ old vaults ############### - # test if old vaults are still accessible - self._retrieve_secret([ - self.vault_name_master, - self.vault_name_master2, - self.vault_name_replica_without_KRA, - self.vault_name_replica_with_KRA, - ]) |