ipa/0018-ipatests-test-removing-last-KRA-when-it-is-not-runni.patch

From 8ea8f8b68b5a7217518f68065a5fc1df16126314 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 19 Jul 2021 21:54:22 -0400
Subject: [PATCH] ipatests: test removing last KRA when it is not running

Use the new role-based mechanism, one that doesn't rely
on direct communication to the server, to determine whether
the server being removed by `ipa server-del` contains the
last KRA server.

https://pagure.io/freeipa/issue/8397

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
---
 ipatests/test_integration/test_server_del.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ipatests/test_integration/test_server_del.py b/ipatests/test_integration/test_server_del.py
index 5e627d5db..9d7f5ef7a 100644
--- a/ipatests/test_integration/test_server_del.py
+++ b/ipatests/test_integration/test_server_del.py
@@ -302,6 +302,23 @@ class TestLastServices(ServerDelBase):
             1
         )
 
+    def test_removal_of_server_raises_error_about_last_kra(self):
+        """
+        test that removal of server fails on the last KRA
+
+        We shut it down to verify that it can be removed if it failed.
+        """
+        tasks.install_kra(self.master)
+        self.master.run_command(['ipactl', 'stop'])
+        tasks.assert_error(
+            tasks.run_server_del(self.replicas[0], self.master.hostname),
+            "Deleting this server is not allowed as it would leave your "
+            "installation without a KRA.",
+            1
+        )
+        # Restarting the server we stopped is not necessary as it will
+        # be removed in the next test.
+
     def test_forced_removal_of_master(self):
         """
         Tests that we can still force remove the master using
-- 
2.26.3