user-show: add --out option to save certificates to file

Add the --out option to user-show, bringing it into line with
host-show and service-show with the ability to save the user's
certificate(s) to a file.

https://fedorahosted.org/freeipa/ticket/5171

Reviewed-By: Martin Basti <mbasti@redhat.com>

API.txt

@@ -5360,10 +5360,11 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: user_show
-args: 1,5,3
+args: 1,6,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Str('out?')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Flag('rights', autofill=True, default=False)
 option: Str('version?', exclude='webui')

VERSION

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=147
+IPA_API_VERSION_MINOR=148
-# Last change: mbasti - Consolidate DNS RR in API and schema
+# Last change: ftweedal - add --out option to user-show

ipalib/plugins/user.py

@@ -23,7 +23,7 @@ import string
 import posixpath
 import os
 
-from ipalib import api, errors
+from ipalib import api, errors, util
 from ipalib import Flag, Int, Password, Str, Bool, StrEnum, DateTime
 from ipalib.plugins.baseuser import baseuser, baseuser_add, baseuser_del, \
     baseuser_mod, baseuser_find, baseuser_show, \
@@ -38,6 +38,7 @@ from ipalib.plugins import baseldap
 from ipalib.request import context
 from ipalib import _, ngettext
 from ipalib import output
+from ipalib import x509
 from ipaplatform.paths import paths
 from ipapython.ipautil import ipa_generate_password
 from ipapython.ipavalidate import Email
@@ -765,6 +766,11 @@ class user_show(baseuser_show):
     __doc__ = _('Display information about a user.')
 
     has_output_params = baseuser_show.has_output_params + user_output_params
+    takes_options = baseuser_show.takes_options + (
+        Str('out?',
+            doc=_('file to store certificate in'),
+        ),
+    )
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         convert_nsaccountlock(entry_attrs)
@@ -772,6 +778,25 @@ class user_show(baseuser_show):
         self.obj.get_preserved_attribute(entry_attrs, options)
         return dn
 
+    def forward(self, *keys, **options):
+        if 'out' in options:
+            util.check_writable_file(options['out'])
+            result = super(user_show, self).forward(*keys, **options)
+            if 'usercertificate' in result['result']:
+                x509.write_certificate_list(
+                    result['result']['usercertificate'],
+                    options['out']
+                )
+                result['summary'] = (
+                    _('Certificate(s) stored in file \'%(file)s\'')
+                    % dict(file=options['out'])
+                )
+                return result
+            else:
+                raise errors.NoCertificateError(entry=keys[-1])
+        else:
+            return super(user_show, self).forward(*keys, **options)
+
 @register()
 class user_undel(LDAPQuery):
     __doc__ = _('Undelete a delete user account.')