Add commentary about CA deletion to plugin doc

Add commentary to 'ca' plugin documentation to explain what happens
when a CA gets deleted - namely, that its signing cert gets revoked
and its private key deleted.

Also break the docstring up into smaller chunks to aid translation.

Fixes: https://fedorahosted.org/freeipa/ticket/6256
Reviewed-By: Martin Basti <mbasti@redhat.com>

1 files changed, 13 insertions, 8 deletions

diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index 4d83fe81c..d9ae8c81f 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -14,33 +14,38 @@ from ipalib import _, ngettext
 
 __doc__ = _("""
 Manage Certificate Authorities
-
+""") + _("""
 Subordinate Certificate Authorities (Sub-CAs) can be added for scoped issuance
 of X.509 certificates.
-
+""") + _("""
 CAs are enabled on creation, but their use is subject to CA ACLs unless the
 operator has permission to bypass CA ACLs.
-
+""") + _("""
 All CAs except the 'IPA' CA can be disabled or re-enabled.  Disabling a CA
 prevents it from issuing certificates but does not affect the validity of its
 certificate.
-
-
+""") + _("""
+CAs (all except the 'IPA' CA) can be deleted.  Deleting a CA causes its signing
+certificate to be revoked and its private key deleted.
+""") + _("""
 EXAMPLES:
-
+""") + _("""
   Create new CA, subordinate to the IPA CA.
 
     ipa ca-add puppet --desc "Puppet" \\
         --subject "CN=Puppet CA,O=EXAMPLE.COM"
-
+""") + _("""
   Disable a CA.
 
     ipa ca-disable puppet
-
+""") + _("""
   Re-enable a CA.
 
     ipa ca-enable puppet
+""") + _("""
+  Delete a CA.
 
+    ipa ca-del puppet
 """)