Stx User Management GUI/CLI Enhancements --- Operation Confirmation

Added CLI confirmation feature Story: 2011240 Task: 52132 Change-Id: Idb6f2b1b1941dd26ad4a5750edd0b76fff759eed Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
2025-06-04 07:15:34 +00:00
parent 46e6fad76a
commit 6c32532883
5 changed files with 213 additions and 0 deletions
--- a/doc/source/_includes/confirmation-support.rest
+++ b/doc/source/_includes/confirmation-support.rest
@@ -0,0 +1,2 @@
+.. confirmationmethod-begin
+.. confirmationmethod-end
--- a/doc/source/cli_ref/confirmation-support-8f0f2784db15.rst
+++ b/doc/source/cli_ref/confirmation-support-8f0f2784db15.rst
@@ -0,0 +1,182 @@
+.. WARNING: Add no lines of text between the label immediately following
+.. and the title.
+
+.. _confirmation-support-8f0f2784db15:
+
+========================
+CLI Confirmation Support
+========================
+
+.. rubric:: |context|
+
+A user confirmation request can optionally be used to safeguard critical
+operations performed via the CLI. When the user CLI confirmation request is
+enabled, CLI users are prompted to explicitly confirm a potentially critical
+or destructive CLI command, before proceeding with the execution of the CLI
+command.
+
+This interactive safeguard helps prevent unintentional or irreversible changes
+made to the system.
+
+The user CLI confirmation request is disabled by default and you must
+explicitly enable it. When this feature is enabled, a CLI user when executing
+a potentially critical of destructive CLI command will see a confirmation request
+message such as the following:
+
+.. code-block::
+
+    system ca-certificate-install cert-file
+
+    WARNING: This is a high-risk operation that may cause a service interruption or remove critical resources
+    Do you want to continue? (yes/No):
+
+This prompt has a timeout of 10 seconds before timing out and not executing the
+CLI command. Therefore, you must provide the input within this time limit to
+proceed with the operation.
+
+Enable CLI Confirmation
+-----------------------
+
+.. rubric:: |proc|
+
+You can enable the user CLI confirmation request feature, for all the local CLI users
+(users SSH'd or logged into the local console of the active
+controller) by using one of the following methods:
+
+- Before installation, specify the ``cli_confirmations`` service parameter to
+  ``enabled`` in the deployment configuration file.
+
+  .. code-block::
+
+      serviceParameters:
+        - service: platform
+          section: client
+          paramname:cli_confirmations
+          paramvalue: ``enabled``
+
+-  After installation, modify the ``cli_confirmations`` service parameter using
+   the following commands:
+
+   .. code-block::
+
+       system service-parameter-modify platform client cli_confirmations=enabled
+       system service-parameter-apply platform
+       source /etc/profile.d/cli_env.sh
+
+.. only:: partner
+
+    .. include:: /_includes/confirmation-support.rest
+       :start-after: confirmationmethod-begin
+       :end-before: confirmationmethod-end
+
+Disable CLI Confirmation
+------------------------
+
+To disable CLI confirmation, run the following commands:
+
+.. code-block::
+
+    system service-parameter-modify platform client cli_confirmations=disabled
+    system service-parameter-apply platform
+    source /etc/profile.d/cli_env.sh
+
+Commands that Require Confirmation
+----------------------------------
+
+When the user runs any of the following commands, a confirmation request message is
+prompted if the user CLI confirmation request feature is enabled.
+
+**System Commands**
+
+- ca-certificate-install
+- ca-certificate-uninstall
+- host-lock
+- host-power-off
+- host-reboot
+- host-reinstall
+- host-reset
+- host-swact
+- host-disk-wipe
+- host-patch-reboot
+- host-downgrade
+- host-upgraded
+- kube-host-cordon
+- kube-host-upgrade
+- kube-root-ca-host-update
+- registry-image-delete
+- application-delete
+- application-remove
+- host-label-remove
+- interface-network-remove
+- interface-datanetwork-remove
+- device-image-remove
+- host-device-label-remove
+- host-fs-delete
+- service-parameter-delete
+- helm-override-delete
+- host-delete
+- host-if-delete
+- network-delete
+- host-addr-delete
+- addrpool-delete
+- host-route-delete
+- datanetwork-delete
+- host-lvg-delete
+- host-pv-delete
+- host-disk-partition-delete
+- ceph-mon-delete
+- host-stor-delete
+- storage-backend-delete
+- storage-tier-delete
+- load-delete
+- device-image-delete
+- kube-upgrade-delete
+
+**DCManager Commands**
+
+- dcmanager fw-update-strategy apply
+- dcmanager kube-rootca-update-strategy apply
+- dcmanager kube-upgrade-strategy apply
+- dcmanager patch-strategy apply
+- dcmanager prestage-strategy apply
+- dcmanager sw-deploy-strategy apply
+- dcmanager fw-update-strategy delete
+- dcmanager kube-rootca-update-strategy delete
+- dcmanager kube-upgrade-strategy delete
+- dcmanager patch-strategy delete
+- dcmanager prestage-strategy delete
+- dcmanager strategy-config delete
+- dcmanager patch-strategy-config delete
+- dcmanager subcloud delete
+- dcmanager subcloud deploy delete
+- dcmanager subcloud-group delete
+- dcmanager subcloud-peer-group delete
+- dcmanager system-peer delete
+- dcmanager subcloud unmanage
+- dcmanager subcloud reconfig
+- dcmanager subcloud reinstall
+- dcmanager subcloud update
+- dcmanager subcloud-backup restore
+- dcmanager subcloud-backup delete
+- dcmanager subcloud redeploy
+- dcmanager subcloud deploy config
+
+**SW-Manager Commands**
+
+- sw-manager sw-deploy-strategy apply
+- sw-manager fw-update-strategy apply
+- sw-manager kube-upgrade-strategy apply
+- sw-manager kube-rootca-update-strategy apply
+- sw-manager system-config-update-strategy apply
+- sw-manager sw-deploy-strategy abort
+- sw-manager fw-update-strategy abort
+- sw-manager kube-upgrade-strategy abort
+- sw-manager kube-rootca-update-strategy abort
+- sw-manager system-config-update-strategy abort
+
+**Fault Management Commands**
+
+- alarm-delete
+- event-suppress
+- event-unsuppress
+- event-unsuppress-all
--- a/doc/source/cli_ref/index.rst
+++ b/doc/source/cli_ref/index.rst
@@ -11,3 +11,4 @@ Reference for the StarlingX project command line interface (CLI).
   fm
   sw-manager
   system
+   confirmation-support-8f0f2784db15
--- a/doc/source/security/kubernetes/configure-local-cli-access.rst
+++ b/doc/source/security/kubernetes/configure-local-cli-access.rst
@@ -138,3 +138,8 @@ For example:
    % helm repo list
    % helm search repo
    % helm install wordpress bitnami/wordpress
+
+CLI Confirmation Support
+------------------------
+
+For information on CLI confirmation support, see :ref:`confirmation-support-8f0f2784db15`.
--- a/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst
+++ b/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst
@@ -342,3 +342,26 @@ See :ref:`Using Container-backed Remote CLIs and Clients

    :ref:`Install Kubectl and Helm Clients Directly on a Host
    <security-install-kubectl-and-helm-clients-directly-on-a-host>`
+
+CLI Confirmation Support in Remote Client
+-----------------------------------------
+
+To control CLI Confirmations prompt on a remote client, export or unset the
+``CLI_CONFIRMATIONS`` environment variable after completing the initial
+remote client setup.
+
+To enable CLI Confirmations, run the following commands:
+
+.. code-block::
+
+    export FORCE_SHELL=true    # Prerequisite for next command
+    export CLI_CONFIRMATIONS=enabled
+
+To disable CLI Confirmations, run the following commands:
+
+.. code-block::
+
+    unset CLI_CONFIRMATIONS
+
+For details on CLI confirmation feature, see
+:ref:`confirmation-support-8f0f2784db15`.