From ca2674ca385088e545a56847e930ce7b8827831e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 11 Sep 2024 18:36:20 -0500
Subject: [PATCH] Fix pki_ds_setup param

pkispawn has been updated to set up the internal database only
if the pki_ds_setup param is set to True.
---
 base/server/python/pki/server/deployment/__init__.py   | 10 +++++++---
 .../pki/server/deployment/scriptlets/configuration.py  |  3 +++
 .../pki/server/deployment/scriptlets/initialization.py |  6 ++++--
 .../server/deployment/scriptlets/security_databases.py |  5 ++++-
 base/server/python/pki/server/pkispawn.py              |  3 ++-
 5 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index 4a0dd857516..615904f5583 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -209,7 +209,10 @@ def ds_init(self):
 
         if ds_url is None:
 
-            ds_hostname = self.mdict['pki_ds_hostname']
+            ds_hostname = self.mdict.get('pki_ds_hostname')
+
+            if not ds_hostname:
+                return
 
             if config.str2bool(self.mdict['pki_ds_secure_connection']):
                 ds_protocol = 'ldaps'
@@ -1482,9 +1485,8 @@ def configure_tps(self, subsystem):
                 'op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme',
                 'GenerateNewKey')
 
-    def configure_subsystem(self, subsystem):
+    def configure_internal_database(self, subsystem):
 
-        # configure internal database
         if self.ds_url.scheme == 'ldaps':
             subsystem.set_config('internaldb.ldapconn.secureConn', 'true')
 
@@ -1501,6 +1503,8 @@ def configure_subsystem(self, subsystem):
         subsystem.set_config('internaldb.basedn', self.mdict['pki_ds_base_dn'])
         subsystem.set_config('internaldb.database', self.mdict['pki_ds_database'])
 
+    def configure_subsystem(self, subsystem):
+
         if subsystem.type == 'CA':
             self.configure_ca(subsystem)
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index e30d00ee4ae..91619115e38 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -52,6 +52,9 @@ def spawn(self, deployer):
 
         subsystem = instance.get_subsystem(deployer.subsystem_type.lower())
 
+        if deployer.ds_url:
+            deployer.configure_internal_database(subsystem)
+
         deployer.configure_subsystem(subsystem)
         subsystem.save()
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py
index ee4c75ed924..11ee78a3c47 100644
--- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
@@ -156,8 +156,10 @@ def spawn(self, deployer):
         # verify selinux context of selected ports
         deployer.configuration_file.populate_non_default_ports()
         deployer.configuration_file.verify_selinux_ports()
-        # If secure DS connection is required, verify parameters
-        deployer.configuration_file.verify_ds_secure_connection_data()
+
+        if config.str2bool(deployer.mdict['pki_ds_setup']):
+            # if secure DS connection is required, verify parameters
+            deployer.configuration_file.verify_ds_secure_connection_data()
 
     def destroy(self, deployer):
 
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
index 5dcd43df197..793054f7134 100644
--- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py
+++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
@@ -39,5 +39,8 @@ def spawn(self, deployer):
         deployer.import_server_pkcs12()
         deployer.import_clone_pkcs12()
         deployer.install_cert_chain()
-        deployer.import_ds_ca_cert()
+
+        if config.str2bool(deployer.mdict['pki_ds_setup']):
+            deployer.import_ds_ca_cert()
+
         deployer.init_client_nssdb()
diff --git a/base/server/python/pki/server/pkispawn.py b/base/server/python/pki/server/pkispawn.py
index 7919d3a52f7..44971cbb3b0 100644
--- a/base/server/python/pki/server/pkispawn.py
+++ b/base/server/python/pki/server/pkispawn.py
@@ -584,7 +584,8 @@ def main(argv):
 
     if not interactive and \
             not config.str2bool(parser.mdict['pki_skip_configuration']):
-        check_ds()
+        if config.str2bool(parser.mdict['pki_ds_setup']):
+            check_ds()
         if config.str2bool(parser.mdict['pki_security_domain_setup']):
             check_security_domain()