Add commentary about CA deletion to plugin doc

Add commentary to 'ca' plugin documentation to explain what happens when a CA gets deleted - namely, that its signing cert gets revoked and its private key deleted. Also break the docstring up into smaller chunks to aid translation. Fixes: https://fedorahosted.org/freeipa/ticket/6256 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-01-28 09:06:44 -06:00 · 2016-09-23 16:05:55 +10:00 · 2016-09-23 16:05:55 +10:00 · 2b8163ab5d
commit 2b8163ab5d
parent 6b3f498429
1 changed files with 13 additions and 8 deletions
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@ -14,33 +14,38 @@ from ipalib import _, ngettext

 __doc__ = _("""
 Manage Certificate Authorities
-
+""") + _("""
 Subordinate Certificate Authorities (Sub-CAs) can be added for scoped issuance
 of X.509 certificates.
-
+""") + _("""
 CAs are enabled on creation, but their use is subject to CA ACLs unless the
 operator has permission to bypass CA ACLs.
-
+""") + _("""
 All CAs except the 'IPA' CA can be disabled or re-enabled.  Disabling a CA
 prevents it from issuing certificates but does not affect the validity of its
 certificate.
-
-
+""") + _("""
+CAs (all except the 'IPA' CA) can be deleted.  Deleting a CA causes its signing
+certificate to be revoked and its private key deleted.
+""") + _("""
 EXAMPLES:
-
+""") + _("""
  Create new CA, subordinate to the IPA CA.

    ipa ca-add puppet --desc "Puppet" \\
        --subject "CN=Puppet CA,O=EXAMPLE.COM"
-
+""") + _("""
  Disable a CA.

    ipa ca-disable puppet
-
+""") + _("""
  Re-enable a CA.

    ipa ca-enable puppet
+""") + _("""
+  Delete a CA.

+    ipa ca-del puppet
 """)