From e0fb8c17ce1136619664e446913f4aae48c63916 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 27 Oct 2016 12:15:08 -0400 Subject: [PATCH] Added revocation_sql to the website docs --- builtin/logical/postgresql/path_roles.go | 15 +++++++++++++-- .../source/docs/secrets/postgresql/index.html.md | 10 ++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/builtin/logical/postgresql/path_roles.go b/builtin/logical/postgresql/path_roles.go index 6eb00ffb6..466c266d0 100644 --- a/builtin/logical/postgresql/path_roles.go +++ b/builtin/logical/postgresql/path_roles.go @@ -37,8 +37,11 @@ func pathRoles(b *backend) *framework.Path { }, "revocation_sql": { - Type: framework.TypeString, - Description: "SQL string to revoke a user. This is in beta; use with caution.", + Type: framework.TypeString, + Description: `SQL statements to be executed to revoke a user. Must be a semicolon-separated +string, a base64-encoded semicolon-separated string, a serialized JSON string +array, or a base64-encoded serialized JSON string array. The '{{name}}' value +will be substituted.`, }, }, @@ -193,4 +196,12 @@ Example of a decent SQL query to use: Note the above user would be able to access everything in schema public. For more complex GRANT clauses, see the PostgreSQL manual. + +The "revocation_sql" parameter customizes the SQL string used to revoke a user. +Example of a decent revocation SQL query to use: + + REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM {{name}}; + REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM {{name}}; + REVOKE USAGE ON SCHEMA public FROM {{name}}; + DROP ROLE IF EXISTS {{name}}; ` diff --git a/website/source/docs/secrets/postgresql/index.html.md b/website/source/docs/secrets/postgresql/index.html.md index 1f0513875..49d4f8661 100644 --- a/website/source/docs/secrets/postgresql/index.html.md +++ b/website/source/docs/secrets/postgresql/index.html.md @@ -247,6 +247,16 @@ subpath for interactive help output. values will be substituted. +
Returns