Bug in ipauser.py module related to certmap data

[EmptyByte]

There seems to be a bug in the certmap data within the ipauser.py

In ansible, the certificate is passed which should be enough to build the certmap

"certmapdata": [
  {
    "certificate": "MIIHHTCCBQxxxxiTlg=="
  }
],

But that doesn't create the certmap data. In fact it is ignored. (works in CLI and GUI)

From the ipauser.py module

def convert_certmapdata(certmapdata):
    if certmapdata is None:
        return None

    _result = []
    for x in certmapdata:
        certificate = x.get("certificate")
        issuer = x.get("issuer")
        subject = x.get("subject")
        data = x.get("data")

        if data is None:
            if issuer is None and subject is None:
                cert = load_cert_from_str(certificate)
                issuer = cert.issuer
                subject = cert.subject

            _result.append("X509:<I>%s<S>%s" % (DN_x500_text(issuer),
                                                DN_x500_text(subject)))
        else:
            _result.append(data)

    return _result

Documentation:

certmapdatalist / elements =dictionary -- List of certificate mappings. Only usable with IPA versions 4.5 and up.

certificate string Base-64 encoded user certificate data string Certmap data issuer string Issuer of the certificate subject string |Subject of the certificate

[EmptyByte]

Well even if I pass the whole thing it doesn't get added - it doesn't fail either. It is just not added.

    certmapdata:
      - certificate: 'MIIHNzCxxxxxxWWe'
        issuer: 'C=CO,O=Acme,CN=Acme Users CA'
        subject: 'UID=11111,C=CO,O=Acme,CN=DOE John'
        data: 'X509:<I>C=CO,O=Acme,CN=Acme Users CA<S>UID=11111,C=CO,O=Acme,CN=DOE John'