Page MenuHomePhabricator

Document the "bin/auth revoke" tool
ClosedPublic

Authored by epriestley on Jan 22 2018, 6:15 PM.

Details

Summary

Depends on D18910. Ref T13043. Provides reasonable user-facing documentation about the general role and utility of this tool.

Test Plan

Read document.

Diff Detail

Repository
rP Phabricator
Branch
revoke20
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 19116
Build 25811: Run Core Tests
Build 25810: arc lint + arc unit

Event Timeline

epriestley created this revision.Jan 22 2018, 6:15 PM
epriestley requested review of this revision.Jan 22 2018, 6:16 PM
epriestley updated this revision to Diff 45330.Jan 22 2018, 6:19 PM
  • Add --list examples.
  • Clarify revocation list language.
epriestley updated this revision to Diff 45331.Jan 22 2018, 6:20 PM
  • Clarify sequencing in network example.
Harbormaster completed remote builds in B19118: Diff 45331.
amckinley requested changes to this revision.Jan 23 2018, 8:42 PM

The tone of this doc is a little glib and light for documentation that will frequently be viewed in an emergency. I get that "You might do this with these commands:" is intended to suggest there are multiple ways to achieve the same result, but could also convey the impression that this set of commands might not actually accomplish the desired result. This page should give an administrator the warm fuzzies after carrying out the suggested steps.

src/docs/user/field/revoking_credentials.diviner
40

"extensions"

67

"tooling"?

76–77

"you should revoke" instead of "you may want to"

83–86

Just for the record, the result of the above is the same as --everything --everywhere, except the above keeps SSH keys, right?

93–94

"If you believe a user's credentials have been compromised" makes more sense than "affected by a compromise".

Also, "you should revoke" instead of "you may want to".

104–106

Too snarky for emergency documentation.

This revision now requires changes to proceed.Jan 23 2018, 8:42 PM
epriestley added inline comments.Jan 23 2018, 8:49 PM
src/docs/user/field/revoking_credentials.diviner
67

Reworded "no toolset available" to "are no tools available".

76–77

Yeah, future changes and hypothetical third-party stuff excepted.

epriestley updated this revision to Diff 45359.Jan 23 2018, 8:51 PM
  • Be more direct about what to do and how to do it.

The cost of over-revoking is ultimately small so I think this is generally reasonable anyway.

amckinley accepted this revision.Jan 23 2018, 9:17 PM
This revision is now accepted and ready to land.Jan 23 2018, 9:17 PM
This revision was automatically updated to reflect the committed changes.