If HSM is configured add the token name to config-show output

A token can only be set in an HSM installation so this is implicit:
if a token exists then HSM is enabled, if not then it isn't.

Fixes: https://pagure.io/freeipa/issue/9273

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

ipaserver/plugins/config.py

@@ -24,7 +24,7 @@ import logging
 from ipalib import api
 from ipalib import Bool, Int, Str, IA5Str, StrEnum, DNParam, Flag
 from ipalib import errors
-from ipalib.constants import MAXHOSTNAMELEN
+from ipalib.constants import MAXHOSTNAMELEN, IPA_CA_CN
 from ipalib.plugable import Registry
 from ipalib.request import context
 from ipalib.util import validate_domain_name
@@ -368,6 +368,12 @@ class config(LDAPObject):
             doc=_('NetBIOS name of the IPA domain'),
             flags={'virtual_attribute', 'no_create'}
         ),
+        Str(
+            'hsm_token_name?',
+            label=_('HSM token name'),
+            doc=_('The HSM token name storing the CA private keys'),
+            flags={'virtual_attribute', 'no_create', 'no_update'}
+        ),
     )
 
     def get_dn(self, *keys, **kwargs):
@@ -726,6 +732,16 @@ class config_show(LDAPRetrieve):
     __doc__ = _('Show the current configuration.')
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        ca_dn = DN(('cn', IPA_CA_CN), api.env.container_ca, api.env.basedn)
+        try:
+            ca_entry = ldap.get_entry(ca_dn, ['ipacahsmconfiguration'])
+        except errors.NotFound:
+            pass
+        else:
+            if 'ipacahsmconfiguration' in ca_entry:
+                val = ca_entry['ipacahsmconfiguration'][0]
+                (token_name, _token_library_path) = val.split(';')
+                entry_attrs.update({'hsm_token_name': token_name})
         self.obj.show_servroles_attributes(
             entry_attrs, "CA server", "KRA server", "IPA master",
             "DNS server", **options)