user-show: add --out option to save certificates to file

Add the --out option to user-show, bringing it into line with host-show and service-show with the ability to save the user's certificate(s) to a file. https://fedorahosted.org/freeipa/ticket/5171 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-07-24 09:31:26 -04:00 · 2015-07-24 09:31:26 -04:00 · 896783bae8
commit 896783bae8
parent a4ade199aa
3 changed files with 30 additions and 4 deletions
--- a/API.txt
+++ b/API.txt
@ -5360,10 +5360,11 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: user_show
-args: 1,5,3
+args: 1,6,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Str('out?')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Flag('rights', autofill=True, default=False)
 option: Str('version?', exclude='webui')
--- a/4
+++ b/4
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=147
-# Last change: mbasti - Consolidate DNS RR in API and schema
+IPA_API_VERSION_MINOR=148
+# Last change: ftweedal - add --out option to user-show
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@ -23,7 +23,7 @@ import string
 import posixpath
 import os

-from ipalib import api, errors
+from ipalib import api, errors, util
 from ipalib import Flag, Int, Password, Str, Bool, StrEnum, DateTime
 from ipalib.plugins.baseuser import baseuser, baseuser_add, baseuser_del, \
    baseuser_mod, baseuser_find, baseuser_show, \
@ -38,6 +38,7 @@ from ipalib.plugins import baseldap
 from ipalib.request import context
 from ipalib import _, ngettext
 from ipalib import output
+from ipalib import x509
 from ipaplatform.paths import paths
 from ipapython.ipautil import ipa_generate_password
 from ipapython.ipavalidate import Email
@ -765,6 +766,11 @@ class user_show(baseuser_show):
    __doc__ = _('Display information about a user.')

    has_output_params = baseuser_show.has_output_params + user_output_params
+    takes_options = baseuser_show.takes_options + (
+        Str('out?',
+            doc=_('file to store certificate in'),
+        ),
+    )

    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
        convert_nsaccountlock(entry_attrs)
@ -772,6 +778,25 @@ class user_show(baseuser_show):
        self.obj.get_preserved_attribute(entry_attrs, options)
        return dn

+    def forward(self, *keys, **options):
+        if 'out' in options:
+            util.check_writable_file(options['out'])
+            result = super(user_show, self).forward(*keys, **options)
+            if 'usercertificate' in result['result']:
+                x509.write_certificate_list(
+                    result['result']['usercertificate'],
+                    options['out']
+                )
+                result['summary'] = (
+                    _('Certificate(s) stored in file \'%(file)s\'')
+                    % dict(file=options['out'])
+                )
+                return result
+            else:
+                raise errors.NoCertificateError(entry=keys[-1])
+        else:
+            return super(user_show, self).forward(*keys, **options)
+
@register()
 class user_undel(LDAPQuery):
    __doc__ = _('Undelete a delete user account.')