-
Notifications
You must be signed in to change notification settings - Fork 43
Managing cluster users and roles in TCM #4423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
7c5d693
TCM: cluster users and roles
p7nov 7c7cb37
TCM: cluster users and roles
p7nov dbb8d21
TCM: cluster users and roles
p7nov 38d5d60
TCM: cluster users and roles
p7nov 507a989
fix
p7nov 7282363
fix
p7nov 56291f4
fix
p7nov a5e0dbc
Apply suggestions from code review
p7nov 32bb1e3
fix
p7nov bab0d3a
fix
p7nov File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
.. _tcm_cluster_management: | ||
|
||
Cluster management | ||
================== | ||
|
||
.. include:: ../index.rst | ||
:start-after: ee_note_tcm_start | ||
:end-before: ee_note_tcm_end | ||
|
||
The main goal of |tcm_full_name| is to provide visual tools for managing | ||
various aspects of Tarantool clusters from the browser. See the pages of this section | ||
to learn how to perform various management operations on Tarantool clusters from |tcm|. | ||
|
||
.. toctree:: | ||
:maxdepth: 1 | ||
|
||
tcm_cluster_state | ||
tcm_cluster_config | ||
tcm_cluster_users | ||
tcm_cluster_metrics |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
88 changes: 88 additions & 0 deletions
88
doc/tooling/tcm/tcm_cluster_management/tcm_cluster_users.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,88 @@ | ||||||
.. _tcm_cluster_users: | ||||||
|
||||||
Managing cluster users and roles | ||||||
================================ | ||||||
|
||||||
.. include:: ../index.rst | ||||||
:start-after: ee_note_tcm_start | ||||||
:end-before: ee_note_tcm_end | ||||||
|
||||||
|tcm_full_name| provides a visual interface for managing Tarantool users and roles | ||||||
on connected clusters. | ||||||
|
||||||
.. note:: | ||||||
|
||||||
This page describes management of :ref:`Tarantool users and roles <access_control>` | ||||||
on instances of connected clusters. To learn to manage |tcm| users, see :ref:`tcm_access_control`. | ||||||
|
||||||
The :ref:`Tarantool access model <access_control>` defines user access to entities | ||||||
inside a single instance. Thus, to create or alter a cluster-wide user or role, you need to | ||||||
do this on all cluster instances. In replication clusters, changes in access model | ||||||
are possible only on read-write instances (replica set leaders). Changes made on | ||||||
a leader instance are propagated to all instances of its replica set automatically. | ||||||
|
||||||
Operations on the cluster access model are possible only if the :ref:`user <tcm_connect_clusters_parameters_tarantool>` | ||||||
that |tcm| uses to connect to the cluster has the privileges to manage users and roles. | ||||||
|
||||||
You can also manage Tarantool users and roles from |tcm| using the Lua API | ||||||
as described in :ref:`access_control`. To do this, connect to instance consoles | ||||||
from the **Terminal** tab of the instance page. | ||||||
|
||||||
.. _tcm_cluster_users_users: | ||||||
|
||||||
Managing cluster users | ||||||
---------------------- | ||||||
|
||||||
The tools for managing cluster users are located on the **Users** tab | ||||||
of the :ref:`instance page <tcm_ui_instance>`. | ||||||
|
||||||
.. important:: | ||||||
|
||||||
To ensure the access model consistency across the cluster, repeat all user | ||||||
management operations on all read-write instances of the cluster. | ||||||
|
||||||
To create a user on a cluster: | ||||||
|
||||||
#. Go to **Stateboard**. | ||||||
#. Find a replica set leader in the instances list and click it to open the instance page. | ||||||
#. Go to the **Users** tab and click **Add user**. | ||||||
|
||||||
To edit or delete a user, click the **Edit** or **Delete** button against the username | ||||||
in the **Users** table. | ||||||
|
||||||
To edit a user's privileges: | ||||||
|
||||||
#. Click the lock icon against the username in the **Users** table. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
#. In the privileges dialog: | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
|
||||||
- Click **Add** to grant privileges | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
- Click **Revoke** (the trash bin icon) to revoke a privilege | ||||||
|
||||||
.. _tcm_cluster_users_roles: | ||||||
|
||||||
Managing cluster roles | ||||||
---------------------- | ||||||
|
||||||
The tools for managing cluster roles are located on the **Users** tab | ||||||
of the :ref:`instance page <tcm_ui_instance>`. | ||||||
|
||||||
.. important:: | ||||||
|
||||||
To ensure the access model consistency across the cluster, repeat all role | ||||||
management operations on all read-write instances of the cluster. | ||||||
|
||||||
To create a role on a cluster: | ||||||
|
||||||
#. Go to **Stateboard**. | ||||||
#. Find a replica set leader in the instances list and click it to open the instance page. | ||||||
#. Go to the **Users** tab and click **Add role**. | ||||||
|
||||||
To delete a role, click the **Delete** button against the role name in the **Roles** table. | ||||||
|
||||||
To edit a role's privileges: | ||||||
|
||||||
#. Click the lock icon against the role name in the **Roles** table. | ||||||
#. In the privileges dialog: | ||||||
|
||||||
- Click **Add** to grant privileges | ||||||
- Click **Revoke** (the trash bin icon) to revoke a privilege |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: It would be convenient to have a link to the page where a reader can understand how to find a leader (crown icon).