URL: https://github.com/freeipa/freeipa/pull/1796
Author: tiran
 Title: #1796: [Backport][ipa-4-6] Provide ldap_uri in Custodia uninstaller
Action: opened

PR body:
"""
This PR was opened automatically because PR #1776 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1796/head:pr1796
git checkout pr1796
From 4378af964527fce27e8c13636f032bc280e7acb1 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 4 Apr 2018 17:10:27 +0200
Subject: [PATCH] Provide ldap_uri in Custodia uninstaller

Without ldap_uri, IPAKEMKeys parses /etc/ipa/default.conf. During
uninstallation, the file may no longer contain ldap_uri. This workaround
is required for test case
test_replica_promotion.py::TestReplicaPromotionLevel0::test_promotion_disabled

Fixes: https://pagure.io/freeipa/issue/7474
Co-authored-by: Felipe Barreto <fbarr...@redhat.com>
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaserver/install/custodiainstance.py | 14 ++------------
 ipaserver/install/server/install.py   |  4 +++-
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 9bc1b2f41d..ef5c80b0a9 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -16,7 +16,6 @@
 from ipaserver.install import sysupgrade
 from base64 import b64decode
 from jwcrypto.common import json_decode
-import ldap
 import shutil
 import os
 import stat
@@ -28,11 +27,11 @@
 
 
 class CustodiaInstance(SimpleServiceInstance):
-    def __init__(self, host_name=None, realm=None):
+    def __init__(self, host_name=None, realm=None, ldap_uri=None):
         super(CustodiaInstance, self).__init__("ipa-custodia")
         self.config_file = paths.IPA_CUSTODIA_CONF
         self.server_keys = paths.IPA_CUSTODIA_KEYS
-        self.ldap_uri = None
+        self.ldap_uri = ldap_uri
         self.fqdn = host_name
         self.realm = realm
 
@@ -71,16 +70,7 @@ def uninstall(self):
             'server_keys': self.server_keys,
             'ldap_uri': self.ldap_uri
         })
-        # Call remove_server_keys_file explicitly to ensure that the key
-        # file is always removed.
         keystore.remove_server_keys_file()
-        try:
-            keystore.remove_server_keys()
-        except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN):
-            logger.debug(
-                "Cannot remove custodia keys now, server_del takes care of "
-                "them later."
-            )
         installutils.remove_file(self.config_file)
         sysupgrade.set_upgrade_state('custodia', 'installed', False)
 
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 902693b185..d2397c899f 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1073,7 +1073,9 @@ def uninstall(installer):
     dsinstance.DsInstance(fstore=fstore).uninstall()
     if _server_trust_ad_installed:
         adtrustinstance.ADTRUSTInstance(fstore).uninstall()
-    custodiainstance.CustodiaInstance().uninstall()
+    # ldap_uri isn't used, but IPAKEMKeys parses /etc/ipa/default.conf
+    # otherwise, see https://pagure.io/freeipa/issue/7474 .
+    custodiainstance.CustodiaInstance(ldap_uri='ldapi://invalid').uninstall()
     otpdinstance.OtpdInstance().uninstall()
     tasks.restore_hostname(fstore, sstore)
     fstore.restore_all_files()
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to