rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0017-Use-new-method-in-check-to-prevent-removal-of-last-K.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   43b26eb420a4e7edc0065f780822cc43ebac5b1a
  2.   SOURCES
  3.   0017-Use-new-method-in-check-to-prevent-removal-of-last-K.patch
Blob History Raw
7e1b55 
From 0b9adf1d8d5efb48e734650e4101e8816b01e1d3 Mon Sep 17 00:00:00 2001
7e1b55 
From: Rob Crittenden <rcritten@redhat.com>
7e1b55 
Date: Mon, 19 Jul 2021 17:51:44 -0400
7e1b55 
Subject: [PATCH] Use new method in check to prevent removal of last KRA
7e1b55
7e1b55 
It previously used a vault connection to determine if any
7e1b55 
KRA servers were installed. This would fail if the last KRA
7e1b55 
was not available.
7e1b55
7e1b55 
Use server roles instead to determine if the last KRA server
7e1b55 
is to be removed.
7e1b55
7e1b55 
https://pagure.io/freeipa/issue/8397
7e1b55
7e1b55 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
7e1b55 
Reviewed-By: Francois Cami <fcami@redhat.com>
7e1b55 
---
7e1b55 
 ipaserver/plugins/server.py | 24 +++++++++++++-----------
7e1b55 
 1 file changed, 13 insertions(+), 11 deletions(-)
7e1b55
7e1b55 
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
7e1b55 
index b3dda8469..5fa7a58bd 100644
7e1b55 
--- a/ipaserver/plugins/server.py
7e1b55 
+++ b/ipaserver/plugins/server.py
7e1b55 
@@ -508,17 +508,19 @@ class server_del(LDAPDelete):
7e1b55
7e1b55 
         if self.api.Command.ca_is_enabled()['result']:
7e1b55 
             try:
7e1b55 
-                vault_config = self.api.Command.vaultconfig_show()['result']
7e1b55 
-                kra_servers = vault_config.get('kra_server_server', [])
7e1b55 
-            except errors.InvocationError:
7e1b55 
-                # KRA is not configured
7e1b55 
-                pass
7e1b55 
-            else:
7e1b55 
-                if kra_servers == [hostname]:
7e1b55 
-                    handler(
7e1b55 
-                        _("Deleting this server is not allowed as it would "
7e1b55 
-                          "leave your installation without a KRA."),
7e1b55 
-                        ignore_last_of_role)
7e1b55 
+                roles = self.api.Command.server_role_find(
7e1b55 
+                    server_server=hostname,
7e1b55 
+                    role_servrole='KRA server',
7e1b55 
+                    status='enabled',
7e1b55 
+                    include_master=True,
7e1b55 
+                )['result']
7e1b55 
+            except errors.NotFound:
7e1b55 
+                roles = ()
7e1b55 
+            if len(roles) == 1 and roles[0]['server_server'] == hostname:
7e1b55 
+                handler(
7e1b55 
+                    _("Deleting this server is not allowed as it would "
7e1b55 
+                      "leave your installation without a KRA."),
7e1b55 
+                    ignore_last_of_role)
7e1b55
7e1b55 
             ca_servers = ipa_config.get('ca_server_server', [])
7e1b55 
             ca_renewal_master = ipa_config.get(
7e1b55 
--
7e1b55 
2.26.3
7e1b55

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation