diff options
author | Ben Lipton <blipton@redhat.com> | 2016-09-06 14:58:24 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-31 10:20:28 +0100 |
commit | afd7c05d11432304bfdf183832a21d419f363689 (patch) | |
tree | ceb9e6cab053f296e35e0988a6042af6752c9efc /ipaclient/csrgen.py | |
parent | f1a1c6eca1b294f24174d7b0e1f78de46d9d5b05 (diff) | |
download | freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.gz freeipa-afd7c05d11432304bfdf183832a21d419f363689.tar.xz freeipa-afd7c05d11432304bfdf183832a21d419f363689.zip |
csrgen: Use data_sources option to define which fields are rendered
This removes the ipa.syntaxrule and ipa.datarule macros in favor of
simple 'if' statements based on the data referenced in the rules. The
'if' statement for a syntax rule is generated based on the data rules it
contains.
The Subject DN should not be generated unless all data rules are in
place, so the ability to override the logical operator that combines
data_sources (from 'or' to 'and') is added.
https://fedorahosted.org/freeipa/ticket/4899
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaclient/csrgen.py')
-rw-r--r-- | ipaclient/csrgen.py | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/ipaclient/csrgen.py b/ipaclient/csrgen.py index 0ffad7b28..0b9472f21 100644 --- a/ipaclient/csrgen.py +++ b/ipaclient/csrgen.py @@ -81,8 +81,6 @@ class Formatter(object): keep_trailing_newline=True, undefined=IndexableUndefined) self.passthrough_globals = {} - self._define_passthrough('ipa.syntaxrule') - self._define_passthrough('ipa.datarule') def _define_passthrough(self, call): @@ -109,8 +107,15 @@ class Formatter(object): for description, syntax_rule, data_rules in rules: data_rules_prepared = [ self._prepare_data_rule(rule) for rule in data_rules] + + data_sources = [] + for rule in data_rules: + data_source = rule.options.get('data_source') + if data_source: + data_sources.append(data_source) + syntax_rules.append(self._prepare_syntax_rule( - syntax_rule, data_rules_prepared, description)) + syntax_rule, data_rules_prepared, description, data_sources)) template_params = self._get_template_params(syntax_rules) base_template = self.jinja2.get_template( @@ -129,11 +134,9 @@ class Formatter(object): return combined_template - def _wrap_rule(self, rule, rule_type): - template = '{%% call ipa.%srule() %%}%s{%% endcall %%}' % ( - rule_type, rule) - - return template + def _wrap_conditional(self, rule, condition): + rule = '{%% if %s %%}%s{%% endif %%}' % (condition, rule) + return rule def _wrap_required(self, rule, description): template = '{%% filter required("%s") %%}%s{%% endfilter %%}' % ( @@ -142,9 +145,16 @@ class Formatter(object): return template def _prepare_data_rule(self, data_rule): - return self._wrap_rule(data_rule.template, 'data') + template = data_rule.template + + data_source = data_rule.options.get('data_source') + if data_source: + template = self._wrap_conditional(template, data_source) + + return template - def _prepare_syntax_rule(self, syntax_rule, data_rules, description): + def _prepare_syntax_rule( + self, syntax_rule, data_rules, description, data_sources): logger.debug('Syntax rule template: %s' % syntax_rule.template) template = self.jinja2.from_string( syntax_rule.template, globals=self.passthrough_globals) @@ -156,7 +166,10 @@ class Formatter(object): raise errors.CSRTemplateError(reason=_( 'Template error when formatting certificate data')) - prepared_template = self._wrap_rule(rendered, 'syntax') + combinator = ' %s ' % syntax_rule.options.get( + 'data_source_combinator', 'or') + condition = combinator.join(data_sources) + prepared_template = self._wrap_conditional(rendered, condition) if is_required: prepared_template = self._wrap_required( prepared_template, description) @@ -197,10 +210,11 @@ class OpenSSLFormatter(Formatter): return {'parameters': parameters, 'extensions': extensions} - def _prepare_syntax_rule(self, syntax_rule, data_rules, description): + def _prepare_syntax_rule( + self, syntax_rule, data_rules, description, data_sources): """Overrides method to pull out whether rule is an extension or not.""" prepared_template = super(OpenSSLFormatter, self)._prepare_syntax_rule( - syntax_rule, data_rules, description) + syntax_rule, data_rules, description, data_sources) is_extension = syntax_rule.options.get('extension', False) return self.SyntaxRule(prepared_template, is_extension) |