diff --git a/Documentation/Reference/MaxCtrl.md b/Documentation/Reference/MaxCtrl.md index 219ea5a69..20ee388b0 100644 --- a/Documentation/Reference/MaxCtrl.md +++ b/Documentation/Reference/MaxCtrl.md @@ -309,6 +309,11 @@ Common create options: --protocol Protocol module name [string] --authenticator Authenticator module name [string] --authenticator-options Option string for the authenticator [string] + --tls-key Path to TLS key [string] + --tls-cert Path to TLS certificate [string] + --tls-ca-cert Path to TLS CA certificate [string] + --tls-version TLS version to use [string] + --tls-cert-verify-depth TLS certificate verification depth [string] Create server options: --services Link the created server to these services [array] @@ -320,12 +325,7 @@ Create monitor options: --monitor-password Password for the monitor user [string] Create listener options: - --interface Interface to listen on [string] [default: "::"] - --tls-key Path to TLS key [string] - --tls-cert Path to TLS certificate [string] - --tls-ca-cert Path to TLS CA certificate [string] - --tls-version TLS version to use [string] - --tls-cert-verify-depth TLS certificate verification depth [string] + --interface Interface to listen on [string] [default: "::"] Create user options: --type Type of user to create @@ -359,9 +359,8 @@ The new listener will be taken into use immediately. Usage: `maxctrl.js create user ` The created user can be used with the MaxScale REST API as well as the MaxAdmin -network interface. By default the created user will have administrative -privileges. To limit the user to read-only operations, use the `--type=basic` -option. +network interface. By default the created user will have read-only privileges. +To make the user an administrative user, use the `--type=admin` option. ## destroy diff --git a/maxctrl/lib/create.js b/maxctrl/lib/create.js index 233010d7f..c5867d4dd 100644 --- a/maxctrl/lib/create.js +++ b/maxctrl/lib/create.js @@ -18,7 +18,9 @@ exports.handler = function() {} exports.builder = function(yargs) { yargs // Common options - .group(['protocol', 'authenticator', 'authenticator-options'], 'Common create options:') + .group(['protocol', 'authenticator', 'authenticator-options', 'tls-key', + 'tls-cert', 'tls-ca-cert', 'tls-version', 'tls-cert-verify-depth'], + 'Common create options:') .option('protocol', { describe: 'Protocol module name', type: 'string' @@ -31,6 +33,26 @@ exports.builder = function(yargs) { describe: 'Option string for the authenticator', type: 'string' }) + .option('tls-key', { + describe: 'Path to TLS key', + type: 'string' + }) + .option('tls-cert', { + describe: 'Path to TLS certificate', + type: 'string' + }) + .option('tls-ca-cert', { + describe: 'Path to TLS CA certificate', + type: 'string' + }) + .option('tls-version', { + describe: 'TLS version to use', + type: 'string' + }) + .option('tls-cert-verify-depth', { + describe: 'TLS certificate verification depth', + type: 'string' + }) // Create server .group(['services', 'monitors'], 'Create server options:') @@ -58,7 +80,12 @@ exports.builder = function(yargs) { 'port': argv.port, 'protocol': argv.protocol, 'authenticator': argv.authenticator, - 'authenticator_options': argv.auth_options + 'authenticator_options': argv.auth_options, + 'ssl_key': argv['tls-key'], + 'ssl_cert': argv['tls-cert'], + 'ssl_ca_cert': argv['tls-ca-cert'], + 'ssl_version': argv['tls-version'], + 'ssl_cert_verify_depth': argv['tls-cert-verify-depth'] } } } @@ -128,33 +155,12 @@ exports.builder = function(yargs) { }) // Create listener - .group(['interface', 'tls-key', 'tls-cert', 'tls-ca-cert', 'tls-version', 'tls-cert-verify-depth'], 'Create listener options:') + .group(['interface'], 'Create listener options:') .option('interface', { describe: 'Interface to listen on', type: 'string', default: '::' }) - // Should these have ssl as a prefix even though SSL isn't supported? - .option('tls-key', { - describe: 'Path to TLS key', - type: 'string' - }) - .option('tls-cert', { - describe: 'Path to TLS certificate', - type: 'string' - }) - .option('tls-ca-cert', { - describe: 'Path to TLS CA certificate', - type: 'string' - }) - .option('tls-version', { - describe: 'TLS version to use', - type: 'string' - }) - .option('tls-cert-verify-depth', { - describe: 'TLS certificate verification depth', - type: 'string' - }) .command('listener ', 'Create a new listener', function(yargs) { return yargs.epilog('The new listener will be taken into use immediately.'); }, function(argv) { @@ -174,7 +180,7 @@ exports.builder = function(yargs) { 'ssl_cert': argv['tls-cert'], 'ssl_ca_cert': argv['tls-ca-cert'], 'ssl_version': argv['tls-version'], - 'ssl_cert_verify_depth': argv['tls-cert-verify-depth'], + 'ssl_cert_verify_depth': argv['tls-cert-verify-depth'] } } }