Simplify PKIDeployer.setup_security_domain_manager()

The code for cloning a security domain manager has been moved under pki_security_domain_type == existing since the clone will join the existing security domain.
dogtagpki · Dec 4, 2023 · 49d8fca · 49d8fca
1 parent d2e6edf
commit 49d8fca
Showing 1 changed file with 21 additions and 20 deletions.
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -2532,10 +2532,20 @@ def setup_security_domain_manager(self, subsystem):
         if not proxySecurePort:
             proxySecurePort = securePort
 
-        domain_manager = False
+        if self.mdict['pki_security_domain_type'] == 'existing':
+
+            sd_url = self.mdict['pki_security_domain_uri']
+            logger.info('Joining security domain at %s', sd_url)
+
+            subsystem.config['securitydomain.select'] = 'existing'
+            subsystem.config['securitydomain.name'] = self.domain_info.id
+
+            domain_manager = False
+
+            if subsystem.type == 'CA' and clone:
+
+                # check whether the primary CA is a security domain manager
 
-        if subsystem.type == 'CA':
-            if clone:
                 sd_hostname = subsystem.config['securitydomain.host']
                 sd_port = subsystem.config['securitydomain.httpsadminport']
 
@@ -2545,13 +2555,16 @@ def setup_security_domain_manager(self, subsystem):
                 if sd_host.DomainManager and sd_host.DomainManager.lower() == 'true':
                     domain_manager = True
 
-        if self.mdict['pki_security_domain_type'] == 'existing':
+            logger.info('Domain manager: %s', domain_manager)
 
-            sd_url = self.mdict['pki_security_domain_uri']
-            logger.info('Joining security domain at %s', sd_url)
+            if domain_manager:
 
-            subsystem.config['securitydomain.select'] = 'existing'
-            subsystem.config['securitydomain.name'] = self.domain_info.id
+                logger.info('Cloning security domain manager')
+
+                subsystem.config['securitydomain.select'] = 'new'
+                subsystem.config['securitydomain.host'] = self.mdict['pki_hostname']
+                subsystem.config['securitydomain.httpport'] = unsecurePort
+                subsystem.config['securitydomain.httpsadminport'] = securePort
 
             subsystem.join_security_domain(
                 sd_url,
@@ -2589,18 +2602,6 @@ def setup_security_domain_manager(self, subsystem):
                 secure_port=proxySecurePort,
                 domain_manager=True)
 
-        if subsystem.type == 'CA':
-
-            if clone:
-                if sd_host.DomainManager and sd_host.DomainManager.lower() == 'true':
-
-                    logger.info('Cloning security domain master')
-
-                    subsystem.config['securitydomain.select'] = 'new'
-                    subsystem.config['securitydomain.host'] = self.mdict['pki_hostname']
-                    subsystem.config['securitydomain.httpport'] = unsecurePort
-                    subsystem.config['securitydomain.httpsadminport'] = securePort
-
     def pki_connect(self):
 
         ca_cert = os.path.join(self.instance.nssdb_dir, "ca.crt")