[Freeipa-devel] [PATCH 0013-0015] Automatic CSR generation - usability improvements

[Ben Lipton]

Hello,

The attached patches improve upon my last patchset to:

0013: Add support for generating a full script that makes a CSR, rather 
than just a config, and use that support to automate the full flow from 
script generation through cert issuance
Usage note: the UI for this could probably use work. I currently have 
the --helper-args param that allows additional data to be passed to the 
helper. Commonly this would be something like:
Certutil: --helper-args '-d /path/to/nss/db' (precreated with certutil 
-N -d /path/to/nss/db)
Openssl: --helper-args 'd /path/to/keyfile' (precreated with openssl 
genrsa -out /path/to/keyfile)
See the commit message for a full command line.

0014: Allow the feature to be used by non-admin users

0015: Improve error handling by reporting a nice message if the mapping 
rules are broken, or if the data required to generate the subject DN is 
missing

These improvements may make it easier to test the other patches.

Thanks,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0013-Automate-full-cert-request-flow.patch
Type: text/x-patch
Size: 12093 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0014-Add-ACIs-for-mapping-rules.patch
Type: text/x-patch
Size: 10693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0015-Improve-error-handling-for-certificate-mapping.patch
Type: text/x-patch
Size: 5505 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment-0002.bin>