Skip to content

Commit 4b28b30

Browse files
andreyaksenovandreyaksenov
committed
Config credentials: reference
1 parent be42451 commit 4b28b30

File tree

1 file changed

+113
-9
lines changed

1 file changed

+113
-9
lines changed

doc/reference/configuration/configuration_reference.rst

Lines changed: 113 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -361,7 +361,7 @@ The ``config`` section defines various parameters related to centralized configu
361361
config.context.*
362362
~~~~~~~~~~~~~~~~
363363

364-
This section describes options related to loading configuration settings from external storage.
364+
This section describes options related to loading configuration settings from external storage such as external files or environment variables.
365365

366366
* :ref:`config.context <configuration_reference_config_context>`
367367

@@ -379,11 +379,6 @@ This section describes options related to loading configuration settings from ex
379379
**Since:** :doc:`3.0.0 </release/3.0.0>`.
380380

381381
Specify how to load settings from external storage.
382-
There are the following storage types:
383-
384-
* file
385-
* environment variable
386-
387382
For example, this option can be used to load passwords from safe storage.
388383
You can find the examples in :ref:`configuration_credentials_loading_secrets`.
389384

@@ -397,26 +392,60 @@ This section describes options related to loading configuration settings from ex
397392

398393
.. confval:: config.context.<name>
399394

395+
The name of an entity that identifies a configuration value to load.
400396

401397
.. _configuration_reference_config_context_name_env:
402398

403399
.. confval:: config.context.<name>.env
404400

401+
The name of an environment variable to load a configuration value from.
402+
403+
**Example:**
404+
405+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials_context_env/config.yaml
406+
:language: yaml
407+
:start-at: config:
408+
:end-before: credentials:
409+
:dedent:
410+
411+
See also: :ref:`configuration_credentials_loading_secrets`.
412+
405413

406414
.. _configuration_reference_config_context_name_from:
407415

408416
.. confval:: config.context.<name>.from
409417

418+
The type of storage to load a configuration value from.
419+
There are the following storage types:
420+
421+
* ``file``: load a configuration value from a file.
422+
In this case, you need to specify the path to the file using :ref:`config.context.\<name\>.file <configuration_reference_config_context_name_file>`.
423+
* ``env``: load a configuration value from an environment variable.
424+
In this case, specify the environment variable name using :ref:`config.context.\<name\>.env <configuration_reference_config_context_name_env>`.
425+
410426

411427
.. _configuration_reference_config_context_name_file:
412428

413429
.. confval:: config.context.<name>.file
414430

431+
The path to a file to load a configuration value from.
432+
433+
**Example:**
434+
435+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials_context_file/config.yaml
436+
:language: yaml
437+
:start-at: config:
438+
:end-before: credentials:
439+
:dedent:
440+
441+
See also: :ref:`configuration_credentials_loading_secrets`.
442+
415443

416444
.. _configuration_reference_config_context_name_rstrip:
417445

418446
.. confval:: config.context.<name>.rstrip
419447

448+
Whether to strip whitespace characters and newlines from the end of data.
420449

421450

422451

@@ -610,7 +639,8 @@ This section describes options related to :ref:`storing configuration in etcd <c
610639
credentials
611640
-----------
612641

613-
.. TODO: https://github.com/tarantool/doc/issues/3666
642+
The ``credentials`` section allows you to create users and grant them the specified privileges.
643+
Learn more in :ref:`configuration_credentials`.
614644

615645
.. NOTE::
616646

@@ -626,6 +656,18 @@ credentials
626656

627657
.. confval:: credentials.roles
628658

659+
An array of :ref:`roles <access_control_concepts_roles>` that can be granted to users.
660+
661+
**Example:**
662+
663+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/config.yaml
664+
:language: yaml
665+
:start-after: spaces: [ books ]
666+
:end-at: spaces: [ writers ]
667+
:dedent:
668+
669+
See also: :ref:`configuration_credentials_managing_users_roles`.
670+
629671
| Type: map
630672
| Default: nil
631673
| Environment variable: TT_CREDENTIALS_ROLES
@@ -635,6 +677,18 @@ credentials
635677

636678
.. confval:: credentials.users
637679

680+
An array :ref:`users <access_control_concepts_users>`.
681+
682+
**Example:**
683+
684+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/config.yaml
685+
:language: yaml
686+
:start-at: credentials:
687+
:end-at: T0p_Secret
688+
:dedent:
689+
690+
See also: :ref:`configuration_credentials_managing_users_roles`.
691+
638692
| Type: map
639693
| Default: nil
640694
| Environment variable: TT_CREDENTIALS_USERS
@@ -650,12 +704,15 @@ credentials.roles.*
650704

651705
.. confval:: credentials.roles.<role_name>.roles
652706

707+
An array of :ref:`roles <access_control_concepts_roles>` granted to this role.
653708

654709
.. _configuration_reference_credentials_roles_name_privileges:
655710

656711
.. confval:: credentials.roles.<role_name>.privileges
657712

658-
See :ref:`privileges <configuration_reference_credentials_privileges>`.
713+
An array of :ref:`privileges <authentication-owners_privileges>` granted to this role.
714+
715+
See :ref:`\<user_or_role_name\>.privileges.* <configuration_reference_credentials_privileges>`.
659716

660717

661718
.. _configuration_reference_credentials_user:
@@ -668,17 +725,31 @@ credentials.users.*
668725

669726
.. confval:: credentials.users.<username>.password
670727

728+
A user's password.
729+
730+
**Example:**
731+
732+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/config.yaml
733+
:language: yaml
734+
:start-at: credentials:
735+
:end-at: T0p_Secret
736+
:dedent:
737+
738+
See also: :ref:`configuration_credentials_loading_secrets`.
671739

672740
.. _configuration_reference_credentials_users_name_roles:
673741

674742
.. confval:: credentials.users.<username>.roles
675743

744+
An array of :ref:`roles <access_control_concepts_roles>` granted to this user.
676745

677746
.. _configuration_reference_credentials_users_name_privileges:
678747

679748
.. confval:: credentials.users.<username>.privileges
680749

681-
See :ref:`privileges <configuration_reference_credentials_privileges>`.
750+
An array of :ref:`privileges <authentication-owners_privileges>` granted to this user.
751+
752+
See :ref:`\<user_or_role_name\>.privileges.* <configuration_reference_credentials_privileges>`.
682753

683754

684755
.. _configuration_reference_credentials_privileges:
@@ -690,36 +761,69 @@ credentials.users.*
690761

691762
.. confval:: <user_or_role_name>.privileges.permissions
692763

764+
Permissions assigned to this user or a user with this role.
765+
766+
**Example:**
767+
768+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/config.yaml
769+
:language: yaml
770+
:start-at: sampleuser:
771+
:end-at: [ books ]
772+
:dedent:
773+
774+
See also: :ref:`configuration_credentials_managing_users_roles`.
693775

694776
.. _configuration_reference_credentials_users_name_privileges_spaces:
695777

696778
.. confval:: <user_or_role_name>.privileges.spaces
697779

780+
Spaces to which this user or a user with this role gets the specified permissions.
781+
782+
**Example:**
783+
784+
.. literalinclude:: /code_snippets/snippets/config/instances.enabled/credentials/config.yaml
785+
:language: yaml
786+
:start-at: sampleuser:
787+
:end-at: [ books ]
788+
:dedent:
789+
790+
See also: :ref:`configuration_credentials_managing_users_roles`.
791+
698792

699793
.. _configuration_reference_credentials_users_name_privileges_functions:
700794

701795
.. confval:: <user_or_role_name>.privileges.functions
702796

797+
Functions to which this user or a user with this role gets the specified permissions.
798+
703799

704800
.. _configuration_reference_credentials_users_name_privileges_sequences:
705801

706802
.. confval:: <user_or_role_name>.privileges.sequences
707803

804+
Sequences to which this user or a user with this role gets the specified permissions.
805+
708806

709807
.. _configuration_reference_credentials_users_name_privileges_lua_eval:
710808

711809
.. confval:: <user_or_role_name>.privileges.lua_eval
712810

811+
Whether this user or a user with this role can execute arbitrary Lua code.
812+
713813

714814
.. _configuration_reference_credentials_users_name_privileges_lua_call:
715815

716816
.. confval:: <user_or_role_name>.privileges.lua_call
717817

818+
Whether this user or a user with this role can call any global user-defined Lua function.
819+
718820

719821
.. _configuration_reference_credentials_users_name_privileges_sql:
720822

721823
.. confval:: <user_or_role_name>.privileges.sql
722824

825+
Whether this user or a user with this role can can execute an arbitrary SQL expression.
826+
723827

724828

725829

0 commit comments

Comments
 (0)