diff --git a/doc/source/security/kubernetes/configure-local-cli-access.rst b/doc/source/security/kubernetes/configure-local-cli-access.rst index 905c0dfb2..ab883de8c 100644 --- a/doc/source/security/kubernetes/configure-local-cli-access.rst +++ b/doc/source/security/kubernetes/configure-local-cli-access.rst @@ -139,7 +139,89 @@ For example: % helm search repo % helm install wordpress bitnami/wordpress +.. _cliconfirmationsupport: + CLI Confirmation Support ------------------------ -For information on CLI confirmation support, see :ref:`confirmation-support-8f0f2784db15`. +A user confirmation request can optionally be used to safeguard critical +operations performed via the CLI. When the user CLI Confirmation capability is +enabled, CLI users are prompted to explicitly confirm any potentially critical or +destructive CLI command, before proceeding with the execution of the CLI +command. + +This interactive safeguard helps prevent unintentional or irreversible changes +made to the system. + +The user CLI Confirmation capability is disabled by default and you must +explicitly enable it. When this feature is enabled, a CLI user when executing a +potentially critical of destructive CLI command will see a confirmation request +message such as the following: + +.. code-block:: + + ~(keystone_admin)$ system ca-certificate-install cert-file + + WARNING: This is a high-risk operation that may cause a service interruption or remove critical resources + Do you want to continue? (yes/No): + +This prompt has a timeout of 10 seconds before timing out and not executing the +CLI command. Therefore, you must provide the input within this time limit to +proceed with the operation. + +You can also skip the confirmation message using the ``--yes`` parameter as +shown below: + +.. code-block:: + + ~(keystone_admin)$ system ca-certificate-install cert-file --yes + +For the list of CLI commands that will ask for confirmation when the CLI +Confirmation capability is enabled, see +:ref:`confirmation-support-8f0f2784db15`. + +Enable CLI Confirmation +*********************** + +.. rubric:: |proc| + +You can enable the CLI Confirmation capability, for all the local CLI users +(users SSH'd or logged into the local console of the active controller) by +using one of the following methods: + +- Before installation, specify the ``cli_confirmations`` service parameter to + ``enabled`` in the deployment configuration file. + + .. code-block:: + + serviceParameters: + - service: platform + section: client + paramname:cli_confirmations + paramvalue: ``enabled`` + +- After installation, modify the ``cli_confirmations`` service parameter using + the following commands: + + .. code-block:: + + ~(keystone_admin)$ system service-parameter-modify platform client cli_confirmations=enabled + ~(keystone_admin)$ system service-parameter-apply platform + ~(keystone_admin)$ source /etc/profile.d/cli_env.sh + +.. only:: partner + + .. include:: /_includes/confirmation-support.rest + :start-after: confirmationmethod-begin + :end-before: confirmationmethod-end + +Disable CLI Confirmation +************************ + +To disable CLI Confirmation capability, run the following commands: + +.. code-block:: + + ~(keystone_admin)$ system service-parameter-modify platform client cli_confirmations=disabled + ~(keystone_admin)$ system service-parameter-apply platform + ~(keystone_admin)$ source /etc/profile.d/cli_env.sh diff --git a/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst b/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst index 5aed85919..b1d231934 100644 --- a/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst +++ b/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst @@ -364,4 +364,4 @@ To disable CLI Confirmations, run the following commands: unset CLI_CONFIRMATIONS For details on CLI confirmation feature, see -:ref:`confirmation-support-8f0f2784db15`. +:ref:`cliconfirmationsupport`. diff --git a/doc/source/shared/_rst/confirmation-support-8f0f2784db15.rst b/doc/source/shared/_rst/confirmation-support-8f0f2784db15.rst index b42e966a8..cd30dc8ee 100644 --- a/doc/source/shared/_rst/confirmation-support-8f0f2784db15.rst +++ b/doc/source/shared/_rst/confirmation-support-8f0f2784db15.rst @@ -3,88 +3,13 @@ .. _confirmation-support-8f0f2784db15: -======================== -CLI Confirmation Support -======================== +================================= +CLI Confirmation Support Commands +================================= -.. rubric:: |context| - -A user confirmation request can optionally be used to safeguard critical -operations performed via the CLI. When the user CLI confirmation request is -enabled, CLI users are prompted to explicitly confirm a potentially critical -or destructive CLI command, before proceeding with the execution of the CLI -command. - -This interactive safeguard helps prevent unintentional or irreversible changes -made to the system. - -The user CLI confirmation request is disabled by default and you must -explicitly enable it. When this feature is enabled, a CLI user when executing -a potentially critical of destructive CLI command will see a confirmation request -message such as the following: - -.. code-block:: - - system ca-certificate-install cert-file - - WARNING: This is a high-risk operation that may cause a service interruption or remove critical resources - Do you want to continue? (yes/No): - -This prompt has a timeout of 10 seconds before timing out and not executing the -CLI command. Therefore, you must provide the input within this time limit to -proceed with the operation. - -Enable CLI Confirmation ------------------------ - -.. rubric:: |proc| - -You can enable the user CLI confirmation request feature, for all the local CLI users -(users SSH'd or logged into the local console of the active -controller) by using one of the following methods: - -- Before installation, specify the ``cli_confirmations`` service parameter to - ``enabled`` in the deployment configuration file. - - .. code-block:: - - serviceParameters: - - service: platform - section: client - paramname:cli_confirmations - paramvalue: ``enabled`` - -- After installation, modify the ``cli_confirmations`` service parameter using - the following commands: - - .. code-block:: - - system service-parameter-modify platform client cli_confirmations=enabled - system service-parameter-apply platform - source /etc/profile.d/cli_env.sh - -.. only:: partner - - .. include:: /_includes/confirmation-support.rest - :start-after: confirmationmethod-begin - :end-before: confirmationmethod-end - -Disable CLI Confirmation ------------------------- - -To disable CLI confirmation, run the following commands: - -.. code-block:: - - system service-parameter-modify platform client cli_confirmations=disabled - system service-parameter-apply platform - source /etc/profile.d/cli_env.sh - -Commands that Require Confirmation ----------------------------------- - -When the user runs any of the following commands, a confirmation request message is -prompted if the user CLI confirmation request feature is enabled. +When the user runs any of the following commands, a confirmation request +message is prompted if the user CLI confirmation request feature is enabled. +For details on CLI confirmation feature, see :ref:`cliconfirmationsupport`. **System Commands** @@ -180,3 +105,6 @@ prompted if the user CLI confirmation request feature is enabled. - event-suppress - event-unsuppress - event-unsuppress-all + +For the list of other commands such as ``dcmanager``, ``fm``, ``sw-manager``, +``system``, see `CLI Reference `__.