csrgen: Add code to generate scripts that generate CSRs

Adds a library that uses jinja2 to format a script that, when run, will build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses this library and builds the script for a given principal. The rules are read from json files in /usr/share/ipa/csr, but the rule provider is a separate class so that it can be replaced easily. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-07-05 14:19:35 -04:00
parent 87400cdec1
commit 10ef594786
13 changed files with 623 additions and 0 deletions
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1422,6 +1422,34 @@ class HTTPRequestError(RemoteRetrieveError):
    format = _('Request failed with status %(status)s: %(reason)s')


+class RedundantMappingRule(SingleMatchExpected):
+    """
+    **4036** Raised when more than one rule in a CSR generation ruleset matches
+    a particular helper.
+
+    For example:
+
+    >>> raise RedundantMappingRule(ruleset='syntaxSubject', helper='certutil')
+    Traceback (most recent call last):
+      ...
+    RedundantMappingRule: Mapping ruleset "syntaxSubject" has more than one
+    rule for the certutil helper.
+    """
+
+    errno = 4036
+    format = _('Mapping ruleset "%(ruleset)s" has more than one rule for the'
+               ' %(helper)s helper')
+
+
+class CSRTemplateError(ExecutionError):
+    """
+    **4037** Raised when evaluation of a CSR generation template fails
+    """
+
+    errno = 4037
+    format = _('%(reason)s')
+
+
 class BuiltinError(ExecutionError):
    """
    **4100** Base class for builtin execution errors (*4100 - 4199*).