Add PKIDeployer.create_cs_cfg()

The code that creates the CS.cfg in subsystem_layout.py has been moved into PKIDeployer.create_cs_cfg() and also modified such that if the file already exists it will merge the params instead of overwriting the entire file.
dogtagpki · Dec 4, 2023 · f793f0a · f793f0a
1 parent d829573
commit f793f0a
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
@@ -818,6 +818,37 @@ def import_ds_ca_cert(self):
         finally:
             self.file.delete(pki_shared_pfile)
 
+    def create_cs_cfg(self, subsystem):
+
+        tmpdir = tempfile.mkdtemp()
+
+        try:
+            # Copy /usr/share/pki/<subsystem>/conf/CS.cfg
+            # into temporary CS.cfg with param substitution
+
+            source_cs_cfg = os.path.join(
+                pki.server.PKIServer.SHARE_DIR,
+                subsystem.name,
+                'conf',
+                'CS.cfg')
+
+            tmp_cs_cfg = os.path.join(tmpdir, 'CS.cfg')
+
+            self.instance.copyfile(
+                source_cs_cfg,
+                tmp_cs_cfg,
+                params=self.mdict,
+                force=True)
+
+            # Merge temporary CS.cfg into /etc/pki/<instance>/<subsystem>/CS.cfg
+            # to preserve params in existing CS.cfg
+
+            pki.util.load_properties(tmp_cs_cfg, subsystem.config)
+            self.instance.store_properties(subsystem.cs_conf, subsystem.config)
+
+        finally:
+            shutil.rmtree(tmpdir)
+
     def init_system_cert_params(self, subsystem):
 
         # Store system cert parameters in installation step to guarantee the

diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -65,22 +65,7 @@ def spawn(self, deployer):
         if config.str2bool(deployer.mdict['pki_registry_enable']):
             subsystem.create_registry(exist_ok=True)
 
-        # Copy /usr/share/pki/<subsystem>/conf/CS.cfg
-        # to /etc/pki/<instance>/<subsystem>/CS.cfg
-
-        source_cs_cfg = os.path.join(
-            pki.server.PKIServer.SHARE_DIR,
-            subsystem_name,
-            'conf',
-            'CS.cfg')
-
-        # TODO: if the target already exists, merge the source
-        # into target instead of overwriting the target
-        instance.copyfile(
-            source_cs_cfg,
-            subsystem.cs_conf,
-            params=deployer.mdict,
-            force=True)
+        deployer.create_cs_cfg(subsystem)
 
         # Copy /usr/share/pki/<subsystem>/conf/registry.cfg
         # to /etc/pki/<instance>/<subsystem>/registry.cfg