Add tt-ee 2.5.1 authentication features

p7nov · p7nov · commit 6696a5fb43d9 · 2024-11-05T17:41:32.000+07:00
diff --git a/doc/tooling/tt_cli/connect.rst b/doc/tooling/tt_cli/connect.rst
@@ -104,9 +104,9 @@ If no credentials are provided for a remote connection, the user is automaticall
 Encrypted connection
 ~~~~~~~~~~~~~~~~~~~~
 
-To connect to instances that use SSL encryption, provide the SSL certificate and
-SSL key files in the ``--sslcertfile`` and ``--sslkeyfile`` options. If necessary,
-add other SSL parameters -- ``--sslcafile`` and ``--sslciphers``.
+To connect to instances that use :ref:`SSL encryption <configuration_connections_ssl>`,
+provide the SSL certificate and SSL key files in the ``--sslcertfile`` and ``--sslkeyfile`` options.
+If necessary, add other SSL parameters -- ``--sslcafile`` and ``--sslciphers``.
 
 Script evaluation
 ~~~~~~~~~~~~~~~~~
diff --git a/doc/tooling/tt_cli/export.rst b/doc/tooling/tt_cli/export.rst
@@ -130,15 +130,23 @@ the ``customers.jsonl`` file:
 
     $ tt tdg2 export localhost:3301 customers:customers.jsonl
 
-If the ``customers`` type has four fields (``id``, ``firstname``, ``lastname``, and ``age``), the file with exported data might look like this:
+If token authentication is enabled in TDG2, pass the application token in the ``-token`` option:
+
+.. code-block:: console
+
+    $ tt tdg2 export localhost:3301 customers:customers.jsonl \
+                     --token=2fc136cf-8cae-4655-a431-7c318967263d
+
+If the ``customers`` type has four fields (``id``, ``firstname``, ``lastname``, and ``age``),
+the file with exported data might look like this:
 
 .. code-block:: json
 
     {"age":30,"first_name":"Samantha","id":1,"second_name":"Carter"}
     {"age":41,"first_name":"Fay","id":2,"second_name":"Rivers"}
     {"age":74,"first_name":"Milo","id":4,"second_name":"Walters"}
 
-If an object contains a ``null`` value in a field, this field skipped:
+``null`` field values are skipped:
 
 .. code-block:: json
 
@@ -168,11 +176,55 @@ Set the ``tt tdg2 export`` batch size less or equal to 1000:
 
     $ tt tdg2 export localhost:3301 customers:customers.jsonl --batch-size=1000
 
+.. _tt-export-auth:
+
+Authentication
+--------------
+
+When connecting to the cluster with enabled authentication, specify access credentials
+in the ``--username`` and ``--password`` command options:
+
+.. code-block:: console
+
+    $ tt crud export localhost:3301 customers:customers.csv \
+                     --username myuser -password p4$$w0rD
+
+.. _tt-export-ssl:
+
+Encrypted connection
+--------------------
+
+To connect to instances that use :ref:`SSL encryption <configuration_connections_ssl>`,
+provide the SSL certificate and SSL key files in the ``--sslcertfile`` and ``--sslkeyfile`` options.
+If necessary, add other SSL parameters in the ``--ssl*`` options.
+
+.. code-block:: console
+
+    $ tt crud export localhost:3301 customers:customers.csv \
+                     --username myuser -password p4$$w0rD   \
+                     --auth pap-sha256 --sslcertfile certs/server.crt \
+                     --sslkeyfile certs/server.key
+
+For connections that use SSL but don't require additional parameters, add the ``--use-ssl``
+option:
+
+.. code-block:: console
+
+    $ tt crud export localhost:3301 customers:customers.csv \
+                     --username myuser -password p4$$w0rD   \
+                     --use--ssl
+
 .. _tt-export-options:
 
 Options
 -------
 
+..  option:: --auth STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    Authentication type: ``chap-sha1`` or ``pap-sha256``.
+
 ..  option:: --batch-queue-size INT
 
     The maximum number of tuple batches in a queue between a fetch and write threads (the default is ``32``).
@@ -226,6 +278,60 @@ Options
 
     Export data using a :ref:`read view <read_views>`.
 
+..  option:: --sslcafile STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    The path to a trusted certificate authorities (CA) file for encrypted connections.
+
+    See also :ref:`tt-export-ssl`.
+
+..  option:: --sslcertfile STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    The path to an SSL certificate file for encrypted connections.
+
+    See also :ref:`tt-export-ssl`.
+
+..  option:: --sslciphersfile STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    The list of SSL cipher suites used for encrypted connections, separated by colons (``:``).
+
+    See also :ref:`tt-export-ssl`.
+
+..  option:: --sslkeyfile STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    The path to a private SSL key file for encrypted connections.
+
+    See also :ref:`tt-export-ssl`.
+
+..  option:: --sslpassword STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    The password for the SSL key file for encrypted connections.
+
+    See also :ref:`tt-export-ssl`.
+
+..  option:: --sslpasswordfile STRING
+
+    **Applicable to:** ``tt crud export``, ``tt tdg2 export``
+
+    A file with list of passwords to the SSL key file for encrypted connections.
+
+    See also :ref:`tt-export-auth`.
+
+..  option:: --token STRING
+
+    **Applicable to:** ``tt tdg2 export``
+
+    An application token for connecting to TDG2.
+
 ..  option:: --username STRING
 
     A username for connecting to the instance.
diff --git a/doc/tooling/tt_cli/import.rst b/doc/tooling/tt_cli/import.rst
@@ -184,6 +184,13 @@ The objects are described in the ``customers.jsonl`` file.
 
     $ tt tdg2 import localhost:3301 customers.jsonl:customers
 
+If token authentication is enabled in TDG2, pass the application token in the ``-token`` option:
+
+.. code-block:: console
+
+    $ tt tdg2 import localhost:3301 customers.jsonl:customers \
+                     --token=2fc136cf-8cae-4655-a431-7c318967263d
+
 The input file can look like this:
 
 .. code-block:: json
@@ -220,11 +227,58 @@ To automatically confirm a batch import operation, add the ``--force`` option:
                      --force
 
 
+.. _tt-import-auth:
+
+Authentication
+--------------
+
+When connecting to the cluster with enabled authentication, specify access credentials
+in the ``--username`` and ``--password`` command options:
+
+.. code-block:: console
+
+    $ tt crud import localhost:3301 customers.csv:customers \
+                     --header --match=header \
+                     --username myuser -password p4$$w0rD
+
+.. _tt-import-ssl:
+
+Encrypted connection
+--------------------
+
+To connect to instances that use :ref:`SSL encryption <configuration_connections_ssl>`,
+provide the SSL certificate and SSL key files in the ``--sslcertfile`` and ``--sslkeyfile`` options.
+If necessary, add other SSL parameters in the ``--ssl*`` options.
+
+.. code-block:: console
+
+    $ tt crud import localhost:3301 customers.csv:customers \
+                     --header --match=header \
+                     --username myuser -password p4$$w0rD   \
+                     --auth pap-sha256 --sslcertfile certs/server.crt \
+                     --sslkeyfile certs/server.key
+
+For connections that use SSL but don't require additional parameters, add the ``--use-ssl``
+option:
+
+.. code-block:: console
+
+    $ tt crud import localhost:3301 customers.csv:customers \
+                     --header --match=header \
+                     --username myuser -password p4$$w0rD   \
+                     --use--ssl
+
 .. _tt-import-options:
 
 Options
 -------
 
+..  option:: --auth STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    Authentication type: ``chap-sha1`` or ``pap-sha256``.
+
 ..  option:: --batch-size INT
 
     **Applicable to:** ``tt crud import``, ``tt tdg2 import``
@@ -377,6 +431,54 @@ Options
     For CSV, double quotes are used by default (``"``).
     The double symbol of this option acts as the escaping symbol within input data.
 
+..  option:: --sslcafile STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    The path to a trusted certificate authorities (CA) file for encrypted connections.
+
+    See also :ref:`tt-import-ssl`.
+
+..  option:: --sslcertfile STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    The path to an SSL certificate file for encrypted connections.
+
+    See also :ref:`tt-import-ssl`.
+
+..  option:: --sslciphersfile STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    The list of SSL cipher suites used for encrypted connections, separated by colons (``:``).
+
+    See also :ref:`tt-import-ssl`.
+
+..  option:: --sslkeyfile STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    The path to a private SSL key file for encrypted connections.
+
+    See also :ref:`tt-import-ssl`.
+
+..  option:: --sslpassword STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    The password for the SSL key file for encrypted connections.
+
+    See also :ref:`tt-import-ssl`.
+
+..  option:: --sslpasswordfile STRING
+
+    **Applicable to:** ``tt crud import``, ``tt tdg2 import``
+
+    A file with list of passwords to the SSL key file for encrypted connections.
+
+    See also :ref:`tt-import-auth`.
+
 ..  option:: -success STRING
 
     The name of a file with rows that were imported (the default is ``success``).
@@ -394,6 +496,12 @@ Options
 
         Symbols specified in this option cannot intersect with ``--dec-sep``.
 
+..  option:: --token STRING
+
+    **Applicable to:** ``tt tdg2 import``
+
+    An application token for connecting to TDG2.
+
 ..  option:: --username STRING
 
     A username for connecting to the instance.
