From f793f0a8001a09eceb72301373e89d70ddb63aa6 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 4 Dec 2023 07:52:31 +0700
Subject: [PATCH] Add PKIDeployer.create_cs_cfg()

The code that creates the CS.cfg in subsystem_layout.py has been
moved into PKIDeployer.create_cs_cfg() and also modified such
that if the file already exists it will merge the params instead
of overwriting the entire file.
---
 .../python/pki/server/deployment/__init__.py  | 31 +++++++++++++++++++
 .../deployment/scriptlets/subsystem_layout.py | 17 +---------
 2 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index cfbcde3e7bd..8f07aceffbe 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -818,6 +818,37 @@ def import_ds_ca_cert(self):
         finally:
             self.file.delete(pki_shared_pfile)
 
+    def create_cs_cfg(self, subsystem):
+
+        tmpdir = tempfile.mkdtemp()
+
+        try:
+            # Copy /usr/share/pki/<subsystem>/conf/CS.cfg
+            # into temporary CS.cfg with param substitution
+
+            source_cs_cfg = os.path.join(
+                pki.server.PKIServer.SHARE_DIR,
+                subsystem.name,
+                'conf',
+                'CS.cfg')
+
+            tmp_cs_cfg = os.path.join(tmpdir, 'CS.cfg')
+
+            self.instance.copyfile(
+                source_cs_cfg,
+                tmp_cs_cfg,
+                params=self.mdict,
+                force=True)
+
+            # Merge temporary CS.cfg into /etc/pki/<instance>/<subsystem>/CS.cfg
+            # to preserve params in existing CS.cfg
+
+            pki.util.load_properties(tmp_cs_cfg, subsystem.config)
+            self.instance.store_properties(subsystem.cs_conf, subsystem.config)
+
+        finally:
+            shutil.rmtree(tmpdir)
+
     def init_system_cert_params(self, subsystem):
 
         # Store system cert parameters in installation step to guarantee the
diff --git a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
index 0b8624d9e7c..3432ed20f65 100644
--- a/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
+++ b/base/server/python/pki/server/deployment/scriptlets/subsystem_layout.py
@@ -65,22 +65,7 @@ def spawn(self, deployer):
         if config.str2bool(deployer.mdict['pki_registry_enable']):
             subsystem.create_registry(exist_ok=True)
 
-        # Copy /usr/share/pki/<subsystem>/conf/CS.cfg
-        # to /etc/pki/<instance>/<subsystem>/CS.cfg
-
-        source_cs_cfg = os.path.join(
-            pki.server.PKIServer.SHARE_DIR,
-            subsystem_name,
-            'conf',
-            'CS.cfg')
-
-        # TODO: if the target already exists, merge the source
-        # into target instead of overwriting the target
-        instance.copyfile(
-            source_cs_cfg,
-            subsystem.cs_conf,
-            params=deployer.mdict,
-            force=True)
+        deployer.create_cs_cfg(subsystem)
 
         # Copy /usr/share/pki/<subsystem>/conf/registry.cfg
         # to /etc/pki/<instance>/<subsystem>/registry.cfg