From dfc4476afdcc2ffa76267769b87b54754627303d Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Tue, 13 Jun 2023 12:35:53 +0300 Subject: [PATCH] [#135] authmate: Update docs Signed-off-by: Denis Kirillov --- CHANGELOG.md | 1 + docs/authmate.md | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96bf2a7ef..b8c24ca24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ This document outlines major changes between releases. - Changed values for `frostfs_s3_gw_state_health` metric (#91) - Support multiple tree service endpoints (#74) - Timeout errors has code 504 now (#103) +- Support multiple version credentials using GSet (#135) ### Removed - Drop `tree.service` param (now endpoints from `peers` section are used) (#133) diff --git a/docs/authmate.md b/docs/authmate.md index 94c392143..cf3c51719 100644 --- a/docs/authmate.md +++ b/docs/authmate.md @@ -114,6 +114,7 @@ $ frostfs-s3-authmate issue-secret --wallet wallet.json \ { "access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM", + "initial_access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM", "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c", "owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a", "container_id":"5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT" @@ -122,6 +123,9 @@ $ frostfs-s3-authmate issue-secret --wallet wallet.json \ `access_key_id` and `secret_access_key` are AWS credentials that you can use with any S3 client. +`initial_access_key_id` contains the first credentials in the chain of credentials versions +(can be useful when you update your credentials). + `access_key_id` consists of Base58 encoded containerID(cid) and objectID(oid) stored on the FrostFS network and containing the secret. Format of `access_key_id`: `%cid0%oid`, where 0(zero) is a delimiter. @@ -134,6 +138,9 @@ the secret. Format of `access_key_id`: `%cid0%oid`, where 0(zero) is a delimiter 24h). Default value is `720h` (30 days). It will be ceil rounded to the nearest amount of epoch * `--aws-cli-credentials` - path to the aws cli credentials file, where authmate will write `access_key_id` and `secret_access_key` to +* `--access-key-id` -- credentials that you want to update (e.g. to add more gates that can use your creds) +without changing values of `aws_access_key_id` and `aws_secret_access_key`. If you want to update credential you MUST +provide also secret key using `AUTHMATE_SECRET_ACCESS_KEY` env variable. ### Bearer tokens