ansible_freeipa_module: New function DN_x500_text

This function is needed to properly convert issuer and subject from a certificate or the issuer and subject parameters in ipauser for certmapdata to the data representation where the items in DN are reversed. The function additionally provides a fallback solution for IPA < 4.5. Certmapdata is not supported for IPA < 4.5, but the conversion is done before the API version can be checked.

ansible_freeipa_module: New function DN_x500_text
6a69bbea · Thomas Woerner · 571cc210 · 6a69bbea
Commit 6a69bbea authored 4 years ago by Thomas Woerner
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -39,6 +39,7 @@ try:
 except ImportError:
    from ipapython.ipautil import kinit_password, kinit_keytab
 from ipapython.ipautil import run
+from ipapython.dn import DN
 from ipaplatform.paths import paths
 from ipalib.krb_utils import get_credentials_if_valid
 from ansible.module_utils.basic import AnsibleModule
@@ -344,6 +345,16 @@ def load_cert_from_str(cert):
    return cert


+def DN_x500_text(text):
+    if hasattr(DN, "x500_text"):
+        return DN(text).x500_text()
+    else:
+        # Emulate x500_text
+        dn = DN(text)
+        dn.rdns = reversed(dn.rdns)
+        return str(dn)
+
+
 def is_valid_port(port):
    if not isinstance(port, int):
        return False