ipatests: Verify that securitydomain is updated on server-del

For every server-del ensure that the server being deleted is also removed from the PKI securitydomain. https://pagure.io/freeipa/issue/8930 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
freeipa · Aug 16, 2021 · c0d6c05 · c0d6c05
1 parent db69855
commit c0d6c05
Showing 1 changed file with 27 additions and 3 deletions.
diff --git a/ipatests/test_integration/test_server_del.py b/ipatests/test_integration/test_server_del.py
@@ -3,6 +3,7 @@
 #
 
 from itertools import permutations
+import pytest
 
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration import tasks
@@ -44,6 +45,26 @@ def check_master_removal(host, hostname_to_remove,
         returncode=2
     )
 
+    # Only run the pki command if there is a CA installed on the machine
+    result = host.run_command(
+        [
+            'ipa',
+            'server-role-find',
+            '--server', host.hostname,
+            '--status', 'enabled',
+            '--role', 'CA server',
+        ],
+        raiseonerr=False,
+    )
+
+    if result.returncode == 0:
+        host.run_command(['pki', 'client', 'init', '--force'])
+        result = host.run_command(
+            ['pki', 'securitydomain-host-find'],
+            stdin_text='y\n',
+        ).stdout_text
+        assert hostname_to_remove not in result
+
 
 def check_removal_disconnects_topology(
         host, hostname_to_remove,
@@ -236,6 +257,11 @@ class TestLastServices(ServerDelBase):
     domain_level = DOMAIN_LEVEL_1
     topology = 'line'
 
+    @pytest.fixture
+    def restart_ipa(self):
+        yield
+        self.master.run_command(['ipactl', 'start'])
+
     @classmethod
     def install(cls, mh):
         tasks.install_topo(
@@ -302,7 +328,7 @@ def test_removal_of_master_raises_error_about_last_ca(self):
             1
         )
 
-    def test_removal_of_server_raises_error_about_last_kra(self):
+    def test_removal_of_server_raises_error_about_last_kra(self, restart_ipa):
         """
         test that removal of server fails on the last KRA
 
@@ -316,8 +342,6 @@ def test_removal_of_server_raises_error_about_last_kra(self):
             "installation without a KRA.",
             1
         )
-        # Restarting the server we stopped is not necessary as it will
-        # be removed in the next test.
 
     def test_forced_removal_of_master(self):
         """