csrgen: Use data_sources option to define which fields are rendered

This removes the ipa.syntaxrule and ipa.datarule macros in favor of simple 'if' statements based on the data referenced in the rules. The 'if' statement for a syntax rule is generated based on the data rules it contains. The Subject DN should not be generated unless all data rules are in place, so the ability to override the logical operator that combines data_sources (from 'or' to 'and') is added. https://fedorahosted.org/freeipa/ticket/4899 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Ben Lipton <blipton@redhat.com> 2016-09-06 14:58:24 -0400
committer: Jan Cholasta <jcholast@redhat.com> 2017-01-31 10:20:28 +0100
commit: afd7c05d11432304bfdf183832a21d419f363689 (patch)
tree: ceb9e6cab053f296e35e0988a6042af6752c9efc /ipaclient/csrgen.py
parent: f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05 (diff)
download: freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.gz
freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.xz
freeipa-afd7c05d11432304bfdf183832a21d419f363689.zip
1 files changed, 27 insertions, 13 deletions
diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py
index 0ffad7b28..0b9472f21 100644
--- a/ipaclient/csrgen.py
+++ b/ipaclient/csrgen.py
@@ -81,8 +81,6 @@ class Formatter(object):
             keep_trailing_newline=True, undefined=IndexableUndefined)
 
         self.passthrough_globals = {}
-        self._define_passthrough('ipa.syntaxrule')
-        self._define_passthrough('ipa.datarule')
 
     def _define_passthrough(self, call):
 
@@ -109,8 +107,15 @@ class Formatter(object):
         for description, syntax_rule, data_rules in rules:
             data_rules_prepared = [
                 self._prepare_data_rule(rule) for rule in data_rules]
+
+            data_sources = []
+            for rule in data_rules:
+                data_source = rule.options.get('data_source')
+                if data_source:
+                    data_sources.append(data_source)
+
             syntax_rules.append(self._prepare_syntax_rule(
-                syntax_rule, data_rules_prepared, description))
+                syntax_rule, data_rules_prepared, description, data_sources))
 
         template_params = self._get_template_params(syntax_rules)
         base_template = self.jinja2.get_template(
@@ -129,11 +134,9 @@ class Formatter(object):
 
         return combined_template
 
-    def _wrap_rule(self, rule, rule_type):
-        template = '{%% call ipa.%srule() %%}%s{%% endcall %%}' % (
-            rule_type, rule)
-
-        return template
+    def _wrap_conditional(self, rule, condition):
+        rule = '{%% if %s %%}%s{%% endif %%}' % (condition, rule)
+        return rule
 
     def _wrap_required(self, rule, description):
         template = '{%% filter required("%s") %%}%s{%% endfilter %%}' % (
@@ -142,9 +145,16 @@ class Formatter(object):
         return template
 
     def _prepare_data_rule(self, data_rule):
-        return self._wrap_rule(data_rule.template, 'data')
+        template = data_rule.template
+
+        data_source = data_rule.options.get('data_source')
+        if data_source:
+            template = self._wrap_conditional(template, data_source)
+
+        return template
 
-    def _prepare_syntax_rule(self, syntax_rule, data_rules, description):
+    def _prepare_syntax_rule(
+            self, syntax_rule, data_rules, description, data_sources):
         logger.debug('Syntax rule template: %s' % syntax_rule.template)
         template = self.jinja2.from_string(
             syntax_rule.template, globals=self.passthrough_globals)
@@ -156,7 +166,10 @@ class Formatter(object):
             raise errors.CSRTemplateError(reason=_(
                 'Template error when formatting certificate data'))
 
-        prepared_template = self._wrap_rule(rendered, 'syntax')
+        combinator = ' %s ' % syntax_rule.options.get(
+            'data_source_combinator', 'or')
+        condition = combinator.join(data_sources)
+        prepared_template = self._wrap_conditional(rendered, condition)
         if is_required:
             prepared_template = self._wrap_required(
                 prepared_template, description)
@@ -197,10 +210,11 @@ class OpenSSLFormatter(Formatter):
 
         return {'parameters': parameters, 'extensions': extensions}
 
-    def _prepare_syntax_rule(self, syntax_rule, data_rules, description):
+    def _prepare_syntax_rule(
+            self, syntax_rule, data_rules, description, data_sources):
         """Overrides method to pull out whether rule is an extension or not."""
         prepared_template = super(OpenSSLFormatter, self)._prepare_syntax_rule(
-            syntax_rule, data_rules, description)
+            syntax_rule, data_rules, description, data_sources)
         is_extension = syntax_rule.options.get('extension', False)
         return self.SyntaxRule(prepared_template, is_extension)
author	Ben Lipton <blipton@redhat.com>	2016-09-06 14:58:24 -0400
committer	Jan Cholasta <jcholast@redhat.com>	2017-01-31 10:20:28 +0100
commit	afd7c05d11432304bfdf183832a21d419f363689 (patch)
tree	ceb9e6cab053f296e35e0988a6042af6752c9efc /ipaclient/csrgen.py
parent	f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05 (diff)
download	freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.gz freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.xz freeipa-afd7c05d11432304bfdf183832a21d419f363689.zip