Skip to content

Commit cf3a522

Browse files
mkuznyetsovgtrivedi88cursoragent
authored
chore: promote Secure to top-level Antora module (JTBD Phase 2) (#3134) (#3156)
* chore: promote Secure to top-level Antora module (JTBD Phase 2) Move security content from Administration Guide into a new modules/secure/ Antora module, following the CCS 'Secure' category: 'Implement security controls and ensure compliance.' - Create modules/secure/ with nav and 12 pages - Move security-best-practices, OAuth provider pages (6), identity management, authorization, GDPR compliance from admin-guide - Add page-aliases for backward-compatible redirects - Apply JTBD titles from downstream audit: "Protect your deployment", "Give developers credential-free Git access", "Control who can access {prod-short}", etc. - Update cross-module xrefs in install, end-user-guide, discover - Remove security sections from admin-guide nav - Add modules/secure/nav.adoc to antora.yml Mirrors downstream devspaces-documentation Secure guide structure. * fix: move OAuth for Git providers back to Administration Guide SME feedback: OAuth configuration is a day-1 admin setup task, not a security hardening concern. Keep it in the Administration Guide where admins expect to find it. Moved 7 OAuth pages from modules/secure/pages/ back to modules/administration-guide/pages/. Updated nav.adoc for both modules and 3 cross-module xrefs (secure: -> administration-guide:). Secure module retains: security best practices, identity management, cluster roles, advanced authorization, GDPR compliance. * fix: replace pass:[] Vale pragmas with passthrough blocks to fix RedHat.Spacing errors * fix: remove self-referencing page-aliases from OAuth files * fix: remove self-referencing page-aliases from GitLab OAuth file * fix: remove self-referencing page-aliases from Azure DevOps OAuth file * fix: add cross-module prefixes for includes and xrefs in secure module pages * fix: add cross-module xref prefix in configuring-advanced-authorization * fix: add cross-module xref prefixes in GDPR compliance page * fix: add cross-module prefixes for includes and xrefs in security-best-practices * feat: add persona callouts to Secure module using partials - Per-page admin persona callout via discover:partial$snip_persona-admin.adoc in all 5 secure pages * fix: use local secure partial instead of cross-module discover:partial * fix: remove persona partial from thin wrapper page (level-0 heading conflict) configuring-cluster-roles-for-users.adoc is a thin wrapper that includes the full page content from administration-guide example snippet. Adding a persona partial before that creates two level-0 headings, which breaks Antora. The guide-level callout in the nav/master provides the persona signal for this page. * fix: revert OAuth title to factual 'Configuring OAuth for Git providers' SME feedback: JTBD title 'Give developers credential-free Git access' is inaccurate (OAuth still uses credentials) and not findable for admins searching for 'OAuth' or 'GitHub configuration'. * fix: apply JTBD navtitle for cluster roles page Change navtitle from "Configuring cluster roles for users" to "Grant additional permissions to users" to match downstream JTBD title. * fix: sync navtitle attributes with JTBD page titles in Secure --------- Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 6ee9e26 commit cf3a522

13 files changed

Lines changed: 62 additions & 47 deletions

antora.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ nav:
99
- modules/install/nav.adoc
1010
- modules/end-user-guide/nav.adoc
1111
- modules/upgrade/nav.adoc
12+
- modules/secure/nav.adoc
1213
- modules/optimize/nav.adoc
1314
- modules/administration-guide/nav.adoc
1415
- modules/extensions/nav.adoc

modules/administration-guide/nav.adoc

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
.Administration Guide
22

3-
* xref:security-best-practices.adoc[]
43
* xref:configuring-che.adoc[]
54
** xref:understanding-the-checluster-custom-resource.adoc[]
65
*** xref:install:using-chectl-to-configure-the-checluster-custom-resource-during-installation.adoc[]
@@ -52,17 +51,13 @@
5251
*** xref:configuring-ai-providers.adoc[]
5352
**** xref:ai-provider-api-key-secret-reference.adoc[]
5453
*** xref:customizing-openshift-che-branding-images.adoc[]
55-
** xref:managing-identities-and-authorizations.adoc[]
56-
*** xref:configuring-oauth-for-git-providers.adoc[]
57-
**** xref:configuring-oauth-2-for-github.adoc[]
58-
**** xref:configuring-oauth-2-for-gitlab.adoc[]
59-
**** xref:configuring-oauth-2-for-a-bitbucket-server.adoc[]
60-
**** xref:configuring-oauth-2-for-the-bitbucket-cloud.adoc[]
61-
**** xref:configuring-oauth-1-for-a-bitbucket-server.adoc[]
62-
**** xref:configuring-oauth-2-for-microsoft-azure-devops-services.adoc[]
63-
*** xref:configuring-cluster-roles-for-users.adoc[]
64-
*** xref:configuring-advanced-authorization.adoc[]
65-
*** xref:removing-user-data-in-compliance-with-the-gdpr.adoc[]
54+
** xref:configuring-oauth-for-git-providers.adoc[]
55+
*** xref:configuring-oauth-2-for-github.adoc[]
56+
*** xref:configuring-oauth-2-for-gitlab.adoc[]
57+
*** xref:configuring-oauth-2-for-a-bitbucket-server.adoc[]
58+
*** xref:configuring-oauth-2-for-the-bitbucket-cloud.adoc[]
59+
*** xref:configuring-oauth-1-for-a-bitbucket-server.adoc[]
60+
*** xref:configuring-oauth-2-for-microsoft-azure-devops-services.adoc[]
6661
** xref:configuring-fuse.adoc[]
6762
*** xref:enabling-access-to-dev-fuse-for-openshift.adoc[]
6863
*** xref:enabling-fuse-for-all-workspaces.adoc[]

modules/administration-guide/pages/configuring-cluster-roles-for-users.adoc

Lines changed: 0 additions & 8 deletions
This file was deleted.

modules/administration-guide/pages/configuring-oauth-2-for-microsoft-azure-devops-services.adoc

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,15 @@
77
[id="configuring-oauth-2-for-microsoft-azure-devops-services"]
88
= Configuring OAuth 2.0 for Microsoft Azure DevOps Services
99

10-
pass:[<!-- vale RedHat.Spelling = NO -->]
10+
++++
11+
<!-- vale RedHat.Spelling = NO -->
12+
++++
1113

1214
To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:
1315

14-
pass:[<!-- vale RedHat.Spelling = YES -->]
16+
++++
17+
<!-- vale RedHat.Spelling = YES -->
18+
++++
1519

1620
. Set up an application in Microsoft Entra ID.
1721
. Apply the Microsoft Entra ID App Secret.

modules/administration-guide/pages/managing-identities-and-authorizations.adoc

Lines changed: 0 additions & 10 deletions
This file was deleted.

modules/discover/pages/gateway.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,4 @@ image::architecture/{project-context}-gateway-interactions.png[{prod-short} gate
3434

3535
.Additional resources
3636

37-
* xref:administration-guide:managing-identities-and-authorizations.adoc[]
37+
* xref:secure:managing-identities-and-authorizations.adoc[]

modules/secure/nav.adoc

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
.Secure
2+
* xref:security-best-practices.adoc[]
3+
* xref:managing-identities-and-authorizations.adoc[]
4+
** xref:configuring-cluster-roles-for-users.adoc[]
5+
** xref:configuring-advanced-authorization.adoc[]
6+
** xref:removing-user-data-in-compliance-with-the-gdpr.adoc[]

modules/administration-guide/pages/configuring-advanced-authorization.adoc renamed to modules/secure/pages/configuring-advanced-authorization.adoc

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,23 @@
11
:_content-type: PROCEDURE
22
:description: Configuring advanced authorization
33
:keywords: authorization, user, group
4-
:navtitle: Configuring advanced authorization
4+
:navtitle: Restrict access to specific users and groups
55
// :page-aliases:
66

77
[id="configuring-advanced-authorization"]
8-
= Configuring advanced authorization
8+
= Restrict access to specific users and groups
99

1010
You can determine which users and groups are allowed to access {prod-short}.
1111

12+
include::partial$snip_persona-admin.adoc[]
13+
1214
.Prerequisites
1315

1416
* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.
1517

1618
.Procedure
1719

18-
. Configure the `CheCluster` Custom Resource. See xref:using-the-cli-to-configure-the-checluster-custom-resource.adoc[].
20+
. Configure the `CheCluster` Custom Resource. See xref:administration-guide:using-the-cli-to-configure-the-checluster-custom-resource.adoc[].
1921
+
2022
[source,yaml,subs="+quotes,+attributes"]
2123
----
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
:_content-type: PROCEDURE
2+
:description: Configuring cluster roles for {prod-short} users
3+
:keywords: administration-guide, user, roles, permissions
4+
:navtitle: Grant additional permissions to users
5+
:page-aliases: administration-guide:configuring-cluster-roles-for-users.adoc
6+
7+
8+
include::administration-guide:example$snip_{project-context}-configuring-cluster-roles-for-users.adoc[]
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
:_content-type: ASSEMBLY
2+
:description: Managing identities and authorizations
3+
:keywords: administration-guide, managing-identities-and-authorizations
4+
:navtitle: Control who can access {prod-short}
5+
:page-aliases: administration-guide:managing-identities-and-authorizations.adoc, .:managing-identities-and-authorizations.adoc, authenticating-users.adoc, authorizing-users.adoc, configuring-authorization.adoc, configuring-openshift-oauth.adoc, configuring-minikube-github-authentication.adoc
6+
7+
[id="managing-identities-and-authorizations"]
8+
= Control who can access {prod-short}
9+
10+
This section describes different aspects of managing identities and authorizations of {prod}.
11+
12+
include::partial$snip_persona-admin.adoc[]

0 commit comments

Comments
 (0)