Added revocation_sql to the website docs

builtin/logical/postgresql/path_roles.go

@@ -37,8 +37,11 @@ func pathRoles(b *backend) *framework.Path {
 			},
 
 			"revocation_sql": {
-				Type:        framework.TypeString,
-				Description: "SQL string to revoke a user. This is in beta; use with caution.",
+				Type: framework.TypeString,
+				Description: `SQL statements to be executed to revoke a user. Must be a semicolon-separated
+string, a base64-encoded semicolon-separated string, a serialized JSON string
+array, or a base64-encoded serialized JSON string array. The '{{name}}' value
+will be substituted.`,
 			},
 		},
 
@@ -193,4 +196,12 @@ Example of a decent SQL query to use:
 
 Note the above user would be able to access everything in schema public.
 For more complex GRANT clauses, see the PostgreSQL manual.
+
+The "revocation_sql" parameter customizes the SQL string used to revoke a user.
+Example of a decent revocation SQL query to use:
+
+	REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM {{name}};
+	REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM {{name}};
+	REVOKE USAGE ON SCHEMA public FROM {{name}};
+	DROP ROLE IF EXISTS {{name}};
 `

website/source/docs/secrets/postgresql/index.html.md

@@ -247,6 +247,16 @@ subpath for interactive help output.
         values will be substituted.
       </li>
     </ul>
+    <ul>
+      <li>
+        <span class="param">revocation_sql</span>
+        <span class="param-flags">optional</span>
+        SQL statements to be executed to revoke a user. Must be a semicolon-separated
+        string, a base64-encoded semicolon-separated string, a serialized JSON string
+        array, or a base64-encoded serialized JSON string array. The '{{name}}' value
+        will be substituted.
+      </li>
+    </ul>
   </dd>
 
   <dt>Returns</dt>