From 4844eaec197690e21c6cf44743df7f456d0e185d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 1 Jul 2016 14:42:37 +1000
Subject: Add --cn option to cert-status

Add the 'cacn' option to the cert-status command.  Right now there
is nothing we need to (or can) do with it, but we add it anyway for
future use.

Fixes: https://fedorahosted.org/freeipa/ticket/5999
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 API.txt                   |  3 ++-
 VERSION                   |  4 ++--
 ipaserver/plugins/cert.py | 16 ++++++++--------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/API.txt b/API.txt
index 7d82d353a..eb33c1fb7 100644
--- a/API.txt
+++ b/API.txt
@@ -799,9 +799,10 @@ output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
 command: cert_status/1
-args: 1,3,3
+args: 1,4,3
 arg: Int('request_id')
 option: Flag('all', autofill=True, cli_name='all', default=False)
+option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa')
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
 option: Str('version?')
 output: Entry('result')
diff --git a/VERSION b/VERSION
index 1ca1f3358..b5dc5a0cb 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=209
-# Last change: mbabinsk: Unify display of principal names/aliases across entities
+IPA_API_VERSION_MINOR=210
+# Last change: Add --ca option to cert-status
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 2f7904cd7..06041d308 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -628,17 +628,17 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
 
     operation = "certificate status"
 
-    def get_options(self):
-        for option in super(cert_status, self).get_options():
-            if option.name == 'cacn':
-                # Dogtag requests are uniquely identified by their
-                # number; there is no need to distinguish by CA.
-                continue
-            yield option
-
     def execute(self, request_id, **kw):
         ca_enabled_check()
         self.check_access()
+
+        # Dogtag requests are uniquely identified by their number;
+        # furthermore, Dogtag (as at v10.3.4) does not report the
+        # target CA in request data, so we cannot check.  So for
+        # now, there is nothing we can do with the 'cacn' option
+        # but check if the specified CA exists.
+        self.api.Command.ca_show(kw['cacn'])
+
         return dict(
             result=self.Backend.ra.check_request_status(str(request_id)),
             value=pkey_to_value(request_id, kw),
-- 
cgit