Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
f0f53c5
chore: promote Secure to top-level Antora module (JTBD Phase 2)
gtrivedi88 Jun 29, 2026
790d6d9
fix: move OAuth for Git providers back to Administration Guide
gtrivedi88 Jul 1, 2026
48529d6
fix: replace pass:[] Vale pragmas with passthrough blocks to fix RedH…
gtrivedi88 Jul 2, 2026
63a2c81
fix: remove self-referencing page-aliases from OAuth files
gtrivedi88 Jul 2, 2026
f7b837c
fix: remove self-referencing page-aliases from GitLab OAuth file
gtrivedi88 Jul 2, 2026
9e4e69a
fix: remove self-referencing page-aliases from Azure DevOps OAuth file
gtrivedi88 Jul 2, 2026
c265707
fix: add cross-module prefixes for includes and xrefs in secure modul…
gtrivedi88 Jul 2, 2026
4777df0
fix: add cross-module xref prefix in configuring-advanced-authorization
gtrivedi88 Jul 2, 2026
31e326b
fix: add cross-module xref prefixes in GDPR compliance page
gtrivedi88 Jul 2, 2026
71497d4
fix: add cross-module prefixes for includes and xrefs in security-bes…
gtrivedi88 Jul 2, 2026
5738b9e
feat: add persona callouts to Secure module using partials
gtrivedi88 Jul 2, 2026
e6a97b7
fix: use local secure partial instead of cross-module discover:partial
gtrivedi88 Jul 2, 2026
2a49ac7
fix: remove persona partial from thin wrapper page (level-0 heading c…
gtrivedi88 Jul 2, 2026
d844c49
fix: revert OAuth title to factual 'Configuring OAuth for Git providers'
gtrivedi88 Jul 2, 2026
6caa91e
fix: apply JTBD navtitle for cluster roles page
gtrivedi88 Jul 3, 2026
5627d35
fix: sync navtitle attributes with JTBD page titles in Secure
gtrivedi88 Jul 3, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions antora.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ nav:
- modules/install/nav.adoc
- modules/end-user-guide/nav.adoc
- modules/upgrade/nav.adoc
- modules/secure/nav.adoc
- modules/optimize/nav.adoc
- modules/administration-guide/nav.adoc
- modules/extensions/nav.adoc
Expand Down
19 changes: 7 additions & 12 deletions modules/administration-guide/nav.adoc
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
.Administration Guide

* xref:security-best-practices.adoc[]
* xref:configuring-che.adoc[]
** xref:understanding-the-checluster-custom-resource.adoc[]
*** xref:install:using-chectl-to-configure-the-checluster-custom-resource-during-installation.adoc[]
Expand Down Expand Up @@ -52,17 +51,13 @@
*** xref:configuring-ai-providers.adoc[]
**** xref:ai-provider-api-key-secret-reference.adoc[]
*** xref:customizing-openshift-che-branding-images.adoc[]
** xref:managing-identities-and-authorizations.adoc[]
*** xref:configuring-oauth-for-git-providers.adoc[]
**** xref:configuring-oauth-2-for-github.adoc[]
**** xref:configuring-oauth-2-for-gitlab.adoc[]
**** xref:configuring-oauth-2-for-a-bitbucket-server.adoc[]
**** xref:configuring-oauth-2-for-the-bitbucket-cloud.adoc[]
**** xref:configuring-oauth-1-for-a-bitbucket-server.adoc[]
**** xref:configuring-oauth-2-for-microsoft-azure-devops-services.adoc[]
*** xref:configuring-cluster-roles-for-users.adoc[]
*** xref:configuring-advanced-authorization.adoc[]
*** xref:removing-user-data-in-compliance-with-the-gdpr.adoc[]
Comment thread
gtrivedi88 marked this conversation as resolved.
** xref:configuring-oauth-for-git-providers.adoc[]
*** xref:configuring-oauth-2-for-github.adoc[]
*** xref:configuring-oauth-2-for-gitlab.adoc[]
*** xref:configuring-oauth-2-for-a-bitbucket-server.adoc[]
*** xref:configuring-oauth-2-for-the-bitbucket-cloud.adoc[]
*** xref:configuring-oauth-1-for-a-bitbucket-server.adoc[]
*** xref:configuring-oauth-2-for-microsoft-azure-devops-services.adoc[]
** xref:configuring-fuse.adoc[]
*** xref:enabling-access-to-dev-fuse-for-openshift.adoc[]
*** xref:enabling-fuse-for-all-workspaces.adoc[]
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,15 @@
[id="configuring-oauth-2-for-microsoft-azure-devops-services"]
= Configuring OAuth 2.0 for Microsoft Azure DevOps Services

pass:[<!-- vale RedHat.Spelling = NO -->]
++++
<!-- vale RedHat.Spelling = NO -->
++++

To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:

pass:[<!-- vale RedHat.Spelling = YES -->]
++++
<!-- vale RedHat.Spelling = YES -->
++++

. Set up an application in Microsoft Entra ID.
. Apply the Microsoft Entra ID App Secret.
Expand Down

This file was deleted.

2 changes: 1 addition & 1 deletion modules/discover/pages/gateway.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ image::architecture/{project-context}-gateway-interactions.png[{prod-short} gate

.Additional resources

* xref:administration-guide:managing-identities-and-authorizations.adoc[]
* xref:secure:managing-identities-and-authorizations.adoc[]
6 changes: 6 additions & 0 deletions modules/secure/nav.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.Secure
* xref:security-best-practices.adoc[]
* xref:managing-identities-and-authorizations.adoc[]

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should it be moved out of security ^ ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ibuziuk Just want to confirm when you say we need to move out of security. You mean flattening the strcuture or move it to Admin guide.

The reason why it is in Secure is because for a user Identity management (RBAC, cluster roles, authorization) is kind of a security concern.

** xref:configuring-cluster-roles-for-users.adoc[]
** xref:configuring-advanced-authorization.adoc[]
** xref:removing-user-data-in-compliance-with-the-gdpr.adoc[]
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
:_content-type: PROCEDURE
:description: Configuring advanced authorization
:keywords: authorization, user, group
:navtitle: Configuring advanced authorization
:navtitle: Restrict access to specific users and groups
// :page-aliases:

[id="configuring-advanced-authorization"]
= Configuring advanced authorization
= Restrict access to specific users and groups

You can determine which users and groups are allowed to access {prod-short}.

include::partial$snip_persona-admin.adoc[]

.Prerequisites

* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.

.Procedure

. Configure the `CheCluster` Custom Resource. See xref:using-the-cli-to-configure-the-checluster-custom-resource.adoc[].
. Configure the `CheCluster` Custom Resource. See xref:administration-guide:using-the-cli-to-configure-the-checluster-custom-resource.adoc[].
+
[source,yaml,subs="+quotes,+attributes"]
----
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
:_content-type: PROCEDURE
:description: Configuring cluster roles for {prod-short} users
:keywords: administration-guide, user, roles, permissions
:navtitle: Grant additional permissions to users
:page-aliases: administration-guide:configuring-cluster-roles-for-users.adoc


include::administration-guide:example$snip_{project-context}-configuring-cluster-roles-for-users.adoc[]
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
:_content-type: ASSEMBLY
:description: Managing identities and authorizations
:keywords: administration-guide, managing-identities-and-authorizations
:navtitle: Control who can access {prod-short}
:page-aliases: administration-guide:managing-identities-and-authorizations.adoc, .:managing-identities-and-authorizations.adoc, authenticating-users.adoc, authorizing-users.adoc, configuring-authorization.adoc, configuring-openshift-oauth.adoc, configuring-minikube-github-authentication.adoc

[id="managing-identities-and-authorizations"]
= Control who can access {prod-short}

This section describes different aspects of managing identities and authorizations of {prod}.

include::partial$snip_persona-admin.adoc[]
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
:_content-type: PROCEDURE
:description: Removing user data in compliance with the GDPR
:keywords: administration-guide, user-data, gdpr, remove-data
:navtitle: Removing user data in compliance with the GDPR
:page-aliases: .:removing-user-data.adoc, removing-user-data.adoc
:navtitle: Remove user data for GDPR compliance
:page-aliases: administration-guide:removing-user-data-in-compliance-with-the-gdpr.adoc, .:removing-user-data.adoc, removing-user-data.adoc

[id="removing-user-data-in-compliance-with-the-gdpr"]
= Removing user data in compliance with the GDPR
= Remove user data for GDPR compliance

You can remove a user’s data on {ocp} in compliance with the link:https://gdpr.eu/[General Data Protection Regulation (GDPR)] that enforces the right of individuals to have their personal data erased. The process for other {kubernetes} infrastructures might vary. Follow the user management best practices of the provider you are using for the {prod} installation.

include::partial$snip_persona-admin.adoc[]

WARNING: Removing user data as follows is irreversible! All removed data is deleted and unrecoverable!

.Prerequisites
Expand All @@ -34,6 +36,6 @@ $ oc delete user <username>

.Additional resources

* xref:managing-workloads-using-the-che-server-api.adoc[]
* xref:configuring-workspace-target-namespace.adoc[]
* xref:administration-guide:managing-workloads-using-the-che-server-api.adoc[]
* xref:administration-guide:configuring-workspace-target-namespace.adoc[]
* xref:install:proc_uninstalling-che.adoc[]
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
:_content-type: CONCEPT
:description: Security best practices
:keywords: security, best practices
:navtitle: Security best practices
:navtitle: Protect your deployment
//:page-aliases:

[id="security-best-practices"]
= Security best practices for {prod}
= Protect your deployment

Get an overview of key best security practices for {prod} that can help you
foster a more resilient development environment.

include::partial$snip_persona-admin.adoc[]

{prod} runs on top of OpenShift, which provides the platform, and the foundation for the products functioning on top of it. OpenShift documentation is the entry point for security hardening.

.Project isolation in OpenShift
Expand All @@ -24,7 +26,7 @@ devEnvironments:
defaultNamespace:
autoProvision: false
----
include::example$snip_che-curated-access.adoc[]
include::administration-guide:example$snip_che-curated-access.adoc[]

.Role-based access control (RBAC)

Expand Down Expand Up @@ -96,7 +98,7 @@ All resources and actions you can grant users permission to use in their {namesp
|"get", "create", "delete", "list", "update", "patch", "watch"
|===

include::example$snip_che-user-granted-permission.adoc[]
include::administration-guide:example$snip_che-user-granted-permission.adoc[]


.Dev environment isolation
Expand Down Expand Up @@ -238,7 +240,7 @@ When configuring network policies for {prod},
ensure that pods in the {prod-short} namespace can still communicate with pods in user namespaces,
as this is required for proper functionality.

For detailed instructions on implementing network policies with {prod}, see xref:configuring-network-policies.adoc[].
For detailed instructions on implementing network policies with {prod}, see xref:administration-guide:configuring-network-policies.adoc[].

.Disconnected environment

Expand All @@ -260,7 +262,7 @@ Open Source editor.
Alternatively, cluster administrators can specify a different plugin registry in the Custom Resource, for example
https://open-vsx.org that contains thousands of extensions.
They can also build a custom Open VSX registry.
include::example$snip_che-managing-extensions.adoc[]
include::administration-guide:example$snip_che-managing-extensions.adoc[]

[IMPORTANT]
====
Expand Down
1 change: 1 addition & 0 deletions modules/secure/partials/snip_persona-admin.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This page is for platform administrators who install, configure, and manage {prod-short} on {orch-name} clusters. To learn more about common roles and example tasks referenced in {prod-short} documentation, see xref:discover:roles-and-tasks.adoc[].
Loading