csrgen: Add code to generate scripts that generate CSRs

Adds a library that uses jinja2 to format a script that, when run, will
build a CSR. Also adds a CLI command, 'cert-get-requestdata', that uses
this library and builds the script for a given principal. The rules are
read from json files in /usr/share/ipa/csr, but the rule provider is a
separate class so that it can be replaced easily.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 28 insertions, 0 deletions

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 88707ac31..6aaca708a 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1422,6 +1422,34 @@ class HTTPRequestError(RemoteRetrieveError):
     format = _('Request failed with status %(status)s: %(reason)s')
 
 
+class RedundantMappingRule(SingleMatchExpected):
+    """
+    **4036** Raised when more than one rule in a CSR generation ruleset matches
+    a particular helper.
+
+    For example:
+
+    >>> raise RedundantMappingRule(ruleset='syntaxSubject', helper='certutil')
+    Traceback (most recent call last):
+      ...
+    RedundantMappingRule: Mapping ruleset "syntaxSubject" has more than one
+    rule for the certutil helper.
+    """
+
+    errno = 4036
+    format = _('Mapping ruleset "%(ruleset)s" has more than one rule for the'
+               ' %(helper)s helper')
+
+
+class CSRTemplateError(ExecutionError):
+    """
+    **4037** Raised when evaluation of a CSR generation template fails
+    """
+
+    errno = 4037
+    format = _('%(reason)s')
+
+
 class BuiltinError(ExecutionError):
     """
     **4100** Base class for builtin execution errors (*4100 - 4199*).