From d0c489e28228f4ce5f92c2dfc2c7b9e86c7fcb36 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: May 16 2024 12:46:32 +0000 Subject: If HSM is configured add the token name to config-show output A token can only be set in an HSM installation so this is implicit: if a token exists then HSM is enabled, if not then it isn't. Fixes: https://pagure.io/freeipa/issue/9273 Signed-off-by: Rob Crittenden Reviewed-By: Florence Blanc-Renaud --- diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index 45bd0c1..db008d0 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -24,7 +24,7 @@ import logging from ipalib import api from ipalib import Bool, Int, Str, IA5Str, StrEnum, DNParam, Flag from ipalib import errors -from ipalib.constants import MAXHOSTNAMELEN +from ipalib.constants import MAXHOSTNAMELEN, IPA_CA_CN from ipalib.plugable import Registry from ipalib.request import context from ipalib.util import validate_domain_name @@ -368,6 +368,12 @@ class config(LDAPObject): doc=_('NetBIOS name of the IPA domain'), flags={'virtual_attribute', 'no_create'} ), + Str( + 'hsm_token_name?', + label=_('HSM token name'), + doc=_('The HSM token name storing the CA private keys'), + flags={'virtual_attribute', 'no_create', 'no_update'} + ), ) def get_dn(self, *keys, **kwargs): @@ -726,6 +732,16 @@ class config_show(LDAPRetrieve): __doc__ = _('Show the current configuration.') def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + ca_dn = DN(('cn', IPA_CA_CN), api.env.container_ca, api.env.basedn) + try: + ca_entry = ldap.get_entry(ca_dn, ['ipacahsmconfiguration']) + except errors.NotFound: + pass + else: + if 'ipacahsmconfiguration' in ca_entry: + val = ca_entry['ipacahsmconfiguration'][0] + (token_name, _token_library_path) = val.split(';') + entry_attrs.update({'hsm_token_name': token_name}) self.obj.show_servroles_attributes( entry_attrs, "CA server", "KRA server", "IPA master", "DNS server", **options)