From 2a86a93e560e1d9ade2f78b0cf82d93b8833eb39 Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Jan 19 2021 16:52:47 +0000
Subject: Test that IPA certs are removed on server uninstall


Test that IPA certs are removed after the server uninstall
process. This is needed since if these certs are not
removed from the system store, further installations
will fail.

Related: https://pagure.io/freeipa/issue/8614
Signed-off-by: Antonio Torres <antorres@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>

---

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
index caf94cb..9a9ce72 100755
--- a/ipatests/pytest_ipa/integration/tasks.py
+++ b/ipatests/pytest_ipa/integration/tasks.py
@@ -989,6 +989,15 @@ def uninstall_master(host, ignore_topology_disconnect=True,
 
     result = host.run_command(uninstall_cmd)
     assert "Traceback" not in result.stdout_text
+
+    # Check that IPA certs have been deleted after uninstall
+    # Related: https://pagure.io/freeipa/issue/8614
+    assert host.run_command(['test', '-f', paths.IPA_CA_CRT],
+                            raiseonerr=False).returncode == 1
+    assert host.run_command(['test', '-f', paths.IPA_P11_KIT],
+                            raiseonerr=False).returncode == 1
+    assert "IPA CA" not in host.run_command(['trust', 'list']).stdout_text
+
     if clean:
         Firewall(host).disable_services(["freeipa-ldap", "freeipa-ldaps",
                                          "freeipa-trust", "dns"])