From 51ad3216dfd532614ad94c67031c3413ba17f392 Mon Sep 17 00:00:00 2001 From: Paul Gottschling Date: Wed, 5 Mar 2025 09:48:48 -0500 Subject: [PATCH] [v17] Address 67 Vale warnings (#52743) Backports #52511 - Fix "Auth Service" variations. - Fix some AWS product naming violations. - Ignore some false positives. - Fix capitalization warnings. - Address warnings re: outdated product names. Some of the warning categories above include auto-generated pages. This change does not touch the generators in order to simplify things. --- .../ssh-approval-pagerduty.mdx | 2 +- .../deploy-a-cluster/deployments/gcp.mdx | 14 +++++++------- .../admin-guides/deploy-a-cluster/gcp-kms.mdx | 8 ++++---- .../terraform-provider/ci-or-cloud.mdx | 2 +- .../terraform-provider/dedicated-server.mdx | 2 +- docs/pages/connect-your-client/introduction.mdx | 7 +++---- docs/pages/connect-your-client/notifications.mdx | 2 +- .../pages/connect-your-client/teleport-connect.mdx | 4 ++-- .../join-services-to-your-cluster/kubernetes.mdx | 2 ++ .../application-access/guides/amazon-athena.mdx | 4 +++- .../application-access/guides/dynamodb.mdx | 2 ++ .../application-access/guides/guides.mdx | 2 +- .../application-access/guides/tcp.mdx | 2 +- .../application-access/guides/vnet.mdx | 2 ++ .../application-access/okta/hosted-guide.mdx | 4 ++-- .../application-access/troubleshooting-apps.mdx | 3 +++ .../database-access/database-access.mdx | 2 +- .../enroll-aws-databases/aws-dynamodb.mdx | 2 ++ .../azure-postgres-mysql.mdx | 4 ++-- .../oracle-self-hosted.mdx | 2 +- .../enroll-self-hosted-databases/redis-cluster.mdx | 2 ++ .../enroll-self-hosted-databases/redis.mdx | 2 ++ .../desktop-access/introduction.mdx | 2 ++ .../register-clusters/dynamic-registration.mdx | 3 +-- .../machine-id/access-guides/applications.mdx | 2 +- .../machine-id/access-guides/databases.mdx | 6 ++++-- .../machine-id/access-guides/kubernetes.mdx | 6 +++--- .../machine-id/access-guides/ssh.mdx | 4 ++-- .../machine-id/access-guides/tctl.mdx | 4 ++-- .../machine-id/deployment/azure.mdx | 4 ++-- .../machine-id/deployment/circleci.mdx | 6 +++--- .../enroll-resources/machine-id/deployment/gcp.mdx | 4 ++-- .../machine-id/deployment/github-actions.mdx | 4 ++-- .../machine-id/deployment/gitlab.mdx | 6 +++--- .../machine-id/deployment/jenkins.mdx | 2 +- .../machine-id/deployment/kubernetes.mdx | 8 ++++---- .../machine-id/deployment/linux.mdx | 2 +- .../machine-id/troubleshooting.mdx | 9 ++++++--- .../server-access/guides/auditd.mdx | 2 +- .../server-access/guides/host-user-creation.mdx | 11 +++++------ .../server-access/guides/jetbrains-sftp.mdx | 2 +- .../server-access/guides/recording-proxy-mode.mdx | 4 ++-- .../server-access/guides/vscode.mdx | 2 +- docs/pages/faq.mdx | 2 +- .../includes/provision-token/bitbucket-spec.mdx | 2 +- .../includes/provision-token/circleci-spec.mdx | 2 +- .../provision-token/kubernetes-jwks-spec.mdx | 4 ++-- docs/pages/reference/architecture/device-trust.mdx | 12 ++++++------ docs/pages/reference/cli/tctl.mdx | 2 +- docs/pages/upgrading/overview.mdx | 7 ++++--- 50 files changed, 111 insertions(+), 89 deletions(-) diff --git a/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx b/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx index cce71a316cf7d..c9a77fe435109 100644 --- a/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx +++ b/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-pagerduty.mdx @@ -421,7 +421,7 @@ the host where you have Helm installed, create a file called ```yaml teleport: - address: "" # Teleport Auth Server GRPC API address + address: "" # Teleport Auth Service GRPC API address identitySecretName: "" # Identity secret name identitySecretPath: "" # Identity secret path diff --git a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx index d4a8ae14f0e67..d106107bdbd7d 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/deployments/gcp.mdx @@ -57,7 +57,7 @@ Please replace them with values appropriate for your environment. ### Compute Engine: VM Instances with Instance Groups We recommend using `n1-standard-2` instances in production. It's best to separate -Teleport's Proxy Servers and Auth Servers using instance groups for each. +Teleport Proxy Service and Auth Service instances using instance groups for each. ### Compute Engine: Health Checks @@ -70,7 +70,7 @@ see [Admin Guide: Troubleshooting](../../management/admin/troubleshooting.mdx) ### Storage: Cloud Firestore The [Firestore](https://cloud.google.com/firestore/) backend uses real-time -updates to keep individual Auth Servers in sync, and requires Firestore configured +updates to keep individual Auth Service instances in sync, and requires Firestore configured in native mode. To configure Teleport to store audit events in Firestore, add the following to @@ -166,8 +166,8 @@ service account. ```code $ gcloud iam service-accounts create teleport-auth-server \ - --description="Service account for Teleport Auth Server" \ - --display-name="Teleport Auth Server" \ + --description="Service account for Teleport Auth Service" \ + --display-name="Teleport Auth Service" \ --format=yaml ``` @@ -226,7 +226,7 @@ automatically include the `systemd` configuration. ```yaml # -# Sample Teleport configuration teleport.yaml file for Auth Server +# Sample Teleport configuration teleport.yaml file for Auth Service # teleport: nodename: teleport-auth-server @@ -261,7 +261,7 @@ automatically include the `systemd` configuration. ```yaml # -# Sample Teleport configuration teleport.yaml file for Auth Server +# Sample Teleport configuration teleport.yaml file for Auth Service # teleport: nodename: teleport-auth-server @@ -292,7 +292,7 @@ ssh_service: (!docs/pages/includes/enterprise/obtainlicense.mdx!) -Save your license file on the Auth Servers at the path, +Save your license file on the Auth Service instances at the path, `/var/lib/teleport/license.pem`. diff --git a/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx b/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx index f6f46a9cac282..248d05dfefd78 100644 --- a/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx +++ b/docs/pages/admin-guides/deploy-a-cluster/gcp-kms.mdx @@ -39,7 +39,7 @@ learn more. Each Teleport Auth Service instance will need to be configured to use a GCP key ring which will hold all keys generated and used by that Auth Service instance. -If running a High-Availability Teleport cluster with two or more Auth Servers, +If running a High-Availability Teleport cluster with two or more Auth Service instances, every Auth Service instance can be configured to use the same key ring, or if desired each can be configured to use a unique key ring in a different region (for redundancy or to decrease latency). @@ -48,7 +48,7 @@ It is recommended to create a dedicated key ring for use by Teleport to logicall separate it from any other keys in your cloud account. Choose a supported [KMS location](https://cloud.google.com/kms/docs/locations) -for the key ring which is geographically near to your Teleport Auth Servers. +for the key ring which is geographically near to your Teleport Auth Service instances. You can create a key ring from the Google Cloud Console or from the `gcloud` CLI tool. Follow @@ -100,8 +100,8 @@ service account. ```code $ gcloud iam service-accounts create teleport-auth-server \ - --description="Service account for Teleport Auth Server" \ - --display-name="Teleport Auth Server" \ + --description="Service account for Teleport Auth Service" \ + --display-name="Teleport Auth Service" \ --format=yaml ``` diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/ci-or-cloud.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/ci-or-cloud.mdx index 30489ab39f26f..c9f46be5cad54 100644 --- a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/ci-or-cloud.mdx +++ b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/ci-or-cloud.mdx @@ -372,7 +372,7 @@ terraform-job: # Teleport cluster. This is not necessarily the address of your Teleport # cluster and will not include a port or scheme (http/https) # - # This helps the Teleport Auth Server know that the token is intended for + # This helps the Teleport Auth Service know that the token is intended for # it, and not a different service or Teleport cluster. aud: "" script: diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx index 36abccdac622d..0ff477616ef8f 100644 --- a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx +++ b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx @@ -114,7 +114,7 @@ terraform { } provider "teleport" { - # Replace with the address of your Teleport Proxy or Auth Server. + # Replace with the address of your Teleport Proxy or Auth Service. addr = "teleport.example.com:443" # Replace with the directory configured in the identity output in the # previous step. diff --git a/docs/pages/connect-your-client/introduction.mdx b/docs/pages/connect-your-client/introduction.mdx index 22cc3c53bbc2d..9d0edfc1c44c2 100644 --- a/docs/pages/connect-your-client/introduction.mdx +++ b/docs/pages/connect-your-client/introduction.mdx @@ -238,7 +238,7 @@ Or you can upload using drag and drop: -### Database Access +### Database access @@ -345,6 +345,5 @@ either directly or through proxy tunnels. Teleport. You use it to connect to servers, databases, and Kubernetes clusters. See [Using Teleport Connect](./teleport-connect.mdx). -{/*lint ignore messaging for page title*/} -- [Database Access GUI Clients](./gui-clients.mdx) details -how to connect many popular database GUI clients through Teleport. +- [Access Teleport-protected databases with GUI clients](./gui-clients.mdx): + Details how to connect many popular database GUI clients through Teleport. diff --git a/docs/pages/connect-your-client/notifications.mdx b/docs/pages/connect-your-client/notifications.mdx index ee323616995b2..7889638309534 100644 --- a/docs/pages/connect-your-client/notifications.mdx +++ b/docs/pages/connect-your-client/notifications.mdx @@ -14,7 +14,7 @@ In the Web UI, you can list all your notifications by clicking on the bell icon Clicking on a notification will redirect you to the relevant page, or in the case of a custom notification generated by an administrator, open a dialog containing its text content. You can mark the notification as read to acknowledge it, or hide it to have it never be shown to you again. -Some notifications may include quick action buttons which allow you perform actions directly from the notification, such as assuming granted roles from an approved access request notification. +Some notifications may include quick action buttons which allow you perform actions directly from the notification, such as assuming granted roles from an approved Access Request notification. ![Notification in the WebUI](../../img/notification.png) diff --git a/docs/pages/connect-your-client/teleport-connect.mdx b/docs/pages/connect-your-client/teleport-connect.mdx index d99c8ecdbf99b..dc8a0e36daa03 100644 --- a/docs/pages/connect-your-client/teleport-connect.mdx +++ b/docs/pages/connect-your-client/teleport-connect.mdx @@ -71,7 +71,7 @@ The top bar of Teleport Connect consists of: trusted clusters and there are leaf clusters connected to the root cluster. It lets you browse leaf cluster resources. Also, the "Open new terminal" action will bind new terminal tabs to the selected cluster. - The **additional actions menu** (to the left of the profile selector), containing options such as - opening a config file or creating an access request in an Enterprise cluster. + opening a config file or creating an Access Request in an Enterprise cluster. The **status bar** at the bottom displays **cluster breadcrumbs** in the bottom left, indicating which cluster the current tab is bound to, and the **Share Feedback** button in the bottom right. @@ -165,7 +165,7 @@ with that command executed. Teleport Connect supports launching applications in the browser, as well as creating authenticated tunnels for web and TCP applications. -When it comes to [cloud APIs secured with Application Access](../enroll-resources/application-access/cloud-apis/cloud-apis.mdx), +When it comes to [cloud APIs secured with Teleport](../enroll-resources/application-access/cloud-apis/cloud-apis.mdx), Teleport Connect supports launching the AWS console in the browser, but other CLI applications can be used only through tsh in [a local terminal tab](#opening-a-local-terminal). diff --git a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx index 38d70223dbd13..5a6d855d0ad58 100644 --- a/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx +++ b/docs/pages/enroll-resources/agents/join-services-to-your-cluster/kubernetes.mdx @@ -238,7 +238,9 @@ namespace "teleport-agent" deleted ## Going further +{/* vale messaging.protocol-products = NO */} - The possible values for `teleport-kube-agent` chart are documented [in its reference](../../../reference/helm-reference/teleport-kube-agent.mdx). - See [Application Access Guides](../../application-access/guides/guides.mdx) - See [Database Access Guides](../../database-access/guides/guides.mdx) +{/* vale messaging.protocol-products = YES */} diff --git a/docs/pages/enroll-resources/application-access/guides/amazon-athena.mdx b/docs/pages/enroll-resources/application-access/guides/amazon-athena.mdx index 55cde22f133d7..c6b420beb77c7 100644 --- a/docs/pages/enroll-resources/application-access/guides/amazon-athena.mdx +++ b/docs/pages/enroll-resources/application-access/guides/amazon-athena.mdx @@ -51,7 +51,9 @@ connecting to your Athena database. ### Using AWS CLI +{/* vale 3rd-party-products.aws-vs-amazon = NO */} (!docs/pages/includes/application-access/aws-database-access-cli.mdx iam-role="ExampleTeleportAthenaRole" tsh-example="tsh aws athena list-work-groups"!) +{/* vale 3rd-party-products.aws-vs-amazon = YES */} ### Using other Athena applications @@ -192,5 +194,5 @@ $ tsh apps logout aws ``` ## Next steps -- More information on [AWS Management and API with Teleport Application Access](../../application-access/cloud-apis/aws-console.mdx). +- More information on [AWS Management Console and API access with Teleport](../../application-access/cloud-apis/aws-console.mdx). - Learn more about [AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html). diff --git a/docs/pages/enroll-resources/application-access/guides/dynamodb.mdx b/docs/pages/enroll-resources/application-access/guides/dynamodb.mdx index 681752478ecb5..865ca1f65eb49 100644 --- a/docs/pages/enroll-resources/application-access/guides/dynamodb.mdx +++ b/docs/pages/enroll-resources/application-access/guides/dynamodb.mdx @@ -80,7 +80,9 @@ connecting to your DynamoDB database. ### Using AWS CLI +{/* vale 3rd-party-products.aws-vs-amazon = NO */} (!docs/pages/includes/application-access/aws-database-access-cli.mdx iam-role="ExampleTeleportDynamoDBRole" tsh-example="tsh aws dynamodb list-tables"!) +{/* vale 3rd-party-products.aws-vs-amazon = YES */} ### Using other DynamoDB applications diff --git a/docs/pages/enroll-resources/application-access/guides/guides.mdx b/docs/pages/enroll-resources/application-access/guides/guides.mdx index 19e76e0caa0b9..ecade5b582e83 100644 --- a/docs/pages/enroll-resources/application-access/guides/guides.mdx +++ b/docs/pages/enroll-resources/application-access/guides/guides.mdx @@ -17,4 +17,4 @@ Manage access to internal applications: - [Dynamic Registration](dynamic-registration.mdx): Register/unregister apps without restarting Teleport. - [Amazon Athena Access](amazon-athena.mdx): How to access Amazon Athena with Teleport. - [Amazon DynamoDB Access](dynamodb.mdx): How to access Amazon DynamoDB as an application. -- [Application Access HA](ha.mdx): How to configure the Teleport Application Service for high availability. +- [Application Service HA](ha.mdx): How to configure the Teleport Application Service for high availability. diff --git a/docs/pages/enroll-resources/application-access/guides/tcp.mdx b/docs/pages/enroll-resources/application-access/guides/tcp.mdx index e28a76bdd91e7..a077adea45a30 100644 --- a/docs/pages/enroll-resources/application-access/guides/tcp.mdx +++ b/docs/pages/enroll-resources/application-access/guides/tcp.mdx @@ -23,7 +23,7 @@ and `*.teleport.example.com`. You can substitute the address of your Teleport Proxy Service. (For Teleport Cloud customers, this will be similar to `mytenant.teleport.sh`.) - + (!docs/pages/includes/dns-app-access.mdx!) diff --git a/docs/pages/enroll-resources/application-access/guides/vnet.mdx b/docs/pages/enroll-resources/application-access/guides/vnet.mdx index 0d5d8167c3d4e..490e361daa47a 100644 --- a/docs/pages/enroll-resources/application-access/guides/vnet.mdx +++ b/docs/pages/enroll-resources/application-access/guides/vnet.mdx @@ -30,9 +30,11 @@ to first update the VNet config in the Auth Service to include a matching DNS zo - A TCP application connected to the cluster. - A domain name under your control. +{/* vale messaging.protocol-products = NO */} In this guide, we'll use the example app from [TCP Application Access guide](tcp.mdx) and make it available through VNet at with as the custom DNS zone. +{/* vale messaging.protocol-products = YES */} ## Step 1/3. Configure custom DNS zone diff --git a/docs/pages/enroll-resources/application-access/okta/hosted-guide.mdx b/docs/pages/enroll-resources/application-access/okta/hosted-guide.mdx index d1e1e1921c2a9..714023702ba03 100644 --- a/docs/pages/enroll-resources/application-access/okta/hosted-guide.mdx +++ b/docs/pages/enroll-resources/application-access/okta/hosted-guide.mdx @@ -7,7 +7,7 @@ Teleport can import and grant access to resources from an Okta organizations, such as user profiles, groups and applications. Teleport can provision user accounts based Okta users, Okta applications can be accessed through Teleport's application access UI, and access to these applications along with user groups -can be managed by Teleport's RBAC along with access requests. +can be managed by Teleport's RBAC along with Access Requests. This guide will help you set up the Okta Service as a Teleport hosted integration. @@ -247,7 +247,7 @@ are deleted by a Teleport Administrator. That is, they will *not* be deleted when the hosted integration is deleted. The easiest way to clean these up is through the use of `tctl`. A batch command -like this will remove all Okta sourced access lists in a system: +like this will remove all Okta-sourced Access Lists in a system: ``` tctl get access_lists --format json | jq '.[] | select(.metadata.labels["teleport.dev/origin"] == "okta") | .metadata.name' -r | xargs -I{} tctl rm "access_list/{}" diff --git a/docs/pages/enroll-resources/application-access/troubleshooting-apps.mdx b/docs/pages/enroll-resources/application-access/troubleshooting-apps.mdx index 1cc0e13db1402..1407f5d75b584 100644 --- a/docs/pages/enroll-resources/application-access/troubleshooting-apps.mdx +++ b/docs/pages/enroll-resources/application-access/troubleshooting-apps.mdx @@ -194,7 +194,10 @@ about a user's Teleport roles or traits, you can configure Teleport to omit this information from the JWT. This will result in a smaller JWT that is less likely to exceed the limit. +{/* vale messaging.protocol-products = NO */} This configuration is available under the `jwt_claims` property of the application's `rewrite` configuration. See [Web Application Access](./guides/connecting-apps.mdx#configuring-the-jwt-token) for details. +{/* vale messaging.protocol-products = YES */} + diff --git a/docs/pages/enroll-resources/database-access/database-access.mdx b/docs/pages/enroll-resources/database-access/database-access.mdx index 8e1beee44d2f1..98bff297a9901 100644 --- a/docs/pages/enroll-resources/database-access/database-access.mdx +++ b/docs/pages/enroll-resources/database-access/database-access.mdx @@ -20,6 +20,6 @@ Agent Architecture](../../reference/architecture/agents.mdx). You can also learn deploy a [pool of Teleport Agents](../agents/introduction.mdx) to run multiple agent services. -![Teleport Database Access Diagram](../../../img/database-access/architecture.svg) +![Architecture diagram for enrolling databases with Teleport](../../../img/database-access/architecture.svg) (!toc!) diff --git a/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-dynamodb.mdx b/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-dynamodb.mdx index 834dc81c6cabc..8579a288a37f5 100644 --- a/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-dynamodb.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-dynamodb.mdx @@ -218,7 +218,9 @@ $ aws dynamodb list-tables --endpoint-url=http://localhost:8000 } ``` +{/* vale messaging.protocol-products = NO */} You can also connect to this database from the AWS NoSQL Workbench, as documented in our [Database Access GUI Clients](../../../connect-your-client/gui-clients.mdx#nosql-workbench) guide. +{/* vale messaging.protocol-products = YES */} You can also use this tunnel for programmatic access. The example below uses the `boto3` SDK from AWS: diff --git a/docs/pages/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx b/docs/pages/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx index 391ec95c7118d..8c5f57c92c970 100644 --- a/docs/pages/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx @@ -18,10 +18,10 @@ database. -![Teleport Database Access Azure PostgreSQL/MySQL Self-Hosted](../../../../img/database-access/guides/azure_selfhosted.png) +![Enrolling Azure PostgreSQL/MySQL with a self-hosted Teleport cluster](../../../../img/database-access/guides/azure_selfhosted.png) -![Teleport Database Access Azure PostgreSQL/MySQL Cloud](../../../../img/database-access/guides/azure_cloud.png) +![Enrolling Azure PostgreSQL/MySQL with a cloud-hosted Teleport cluster](../../../../img/database-access/guides/azure_cloud.png) diff --git a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx index 77dac94584a9b..9230973eff13c 100644 --- a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx @@ -11,7 +11,7 @@ description: How to configure Teleport database access with Oracle. -![Teleport Database Access Self-hosted Oracle](../../../../img/database-access/guides/oracle_selfhosted.png) +![Enroll Oracle with a Self-Hosted Teleport Cluster](../../../../img/database-access/guides/oracle_selfhosted.png) ![Enroll Oracle with a Cloud-Hosted Teleport Cluster](../../../../img/database-access/guides/oracle_selfhosted_cloud.png) diff --git a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster.mdx b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster.mdx index b337d00755e59..ba6cffe959080 100644 --- a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster.mdx @@ -3,7 +3,9 @@ title: Database Access with Redis Cluster description: How to configure Teleport database access with Redis Cluster. --- +{/* vale messaging.protocol-products = NO */} If you want to configure Redis Standalone, please read [Database Access with Redis](redis.mdx). +{/* vale messaging.protocol-products = YES */} (!docs/pages/includes/database-access/self-hosted-introduction.mdx dbType="Redis cluster"!) diff --git a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis.mdx b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis.mdx index 939f2ff6b4a2d..257dec7d7f58c 100644 --- a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/redis.mdx @@ -3,7 +3,9 @@ title: Database Access with Redis description: How to configure Teleport database access with Redis. --- +{/* vale messaging.protocol-products = NO */} If you want to configure Redis Cluster, please read [Database Access with Redis Cluster](redis-cluster.mdx). +{/* vale messaging.protocol-products = YES */} (!docs/pages/includes/database-access/self-hosted-introduction.mdx dbType="Redis"!) diff --git a/docs/pages/enroll-resources/desktop-access/introduction.mdx b/docs/pages/enroll-resources/desktop-access/introduction.mdx index 38a9731f6c143..7368b52c9e01d 100644 --- a/docs/pages/enroll-resources/desktop-access/introduction.mdx +++ b/docs/pages/enroll-resources/desktop-access/introduction.mdx @@ -73,6 +73,7 @@ Desktop Service, see the following topics: The following topics provide information about performing common tasks and Windows-specific configuration settings, role-based permissions, and audit events: +{/* vale messaging.protocol-products = NO */} - [Role-Based Access Control for Desktops](./rbac.mdx) - [Clipboard Sharing](../../reference/agent-services/desktop-access-reference/clipboard.mdx) - [Directory Sharing](./directory-sharing.mdx) @@ -82,4 +83,5 @@ Windows-specific configuration settings, role-based permissions, and audit event - [Desktop Access Audit Events Reference](../../reference/agent-services/desktop-access-reference/audit.mdx) - [Desktop Access Configuration Reference](../../reference/agent-services/desktop-access-reference/configuration.mdx) - [Desktop Access CLI Reference](../../reference/agent-services/desktop-access-reference/cli.mdx) +{/* vale messaging.protocol-products = YES */} diff --git a/docs/pages/enroll-resources/kubernetes-access/register-clusters/dynamic-registration.mdx b/docs/pages/enroll-resources/kubernetes-access/register-clusters/dynamic-registration.mdx index 7ad695007135d..c248c5cc73f83 100644 --- a/docs/pages/enroll-resources/kubernetes-access/register-clusters/dynamic-registration.mdx +++ b/docs/pages/enroll-resources/kubernetes-access/register-clusters/dynamic-registration.mdx @@ -459,6 +459,5 @@ clusters via Teleport, check out the following guides: - [Connect a Kubernetes Cluster to Teleport](../getting-started.mdx): How to use the `teleport-kube-agent` Helm chart to register a Kubernetes cluster with Teleport. -- [Kubernetes Access from a Standalone Teleport - Cluster](./static-kubeconfig.mdx): How to use the Teleport Kubernetes +- [Enroll a Kubernetes Cluster with a Static kubeconfig](./static-kubeconfig.mdx): How to use the Teleport Kubernetes Service's configuration file to register a Kubernetes cluster with Teleport. diff --git a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx index c6099283f51de..f9b7f6479174e 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx @@ -14,7 +14,7 @@ used to access an application enrolled in your Teleport cluster. (!docs/pages/includes/edition-prereqs-tabs.mdx!) - If you have not already connected your application to Teleport, follow - the [Application Access Getting Started Guide](../../application-access/getting-started.mdx). + the [Protect a Web Application with Teleport](../../application-access/getting-started.mdx). - (!docs/pages/includes/tctl.mdx!) - `tbot` must already be installed and configured on the machine that will access applications. For more information, see the diff --git a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx index 5926d3a8a70b6..5b37e06c3e190 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx @@ -9,8 +9,8 @@ can be used to grant machines secure, short-lived access to these databases. In this guide, you will configure `tbot` to produce credentials that can be used to access a database configured in Teleport. -
-![Machine ID and Database Access Deployment](../../../../img/machine-id/machine-id-database-access.svg) +
+![Accessing Teleport-protected databases with Machine ID](../../../../img/machine-id/machine-id-database-access.svg)
## Prerequisites @@ -82,11 +82,13 @@ This rule will allow the bot to do two things: label selector) as the user `alice`. - Discover information about database resources in Teleport. +{/* vale messaging.protocol-products = NO */} The `'*': '*'` label selector grants access to any database server configured in Teleport. In production, consider restricting the bot's access using a more specific label selector; see the [Database Access RBAC guide](../../database-access/rbac.mdx) for a full reference of database-related role options. +{/* vale messaging.protocol-products = YES */} ## Step 2/4. Configure a database `tbot` output diff --git a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx index 6c8f8eb08b7d7..13620a8e633cf 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx @@ -15,7 +15,7 @@ used to access a Kubernetes cluster enrolled with your Teleport cluster. (!docs/pages/includes/edition-prereqs-tabs.mdx!) - If you have not already connected your Kubernetes cluster to Teleport, follow - the [Kubernetes Access Getting Started Guide](../../kubernetes-access/getting-started.mdx). + [Enroll a Kubernetes Cluster](../../kubernetes-access/getting-started.mdx). - (!docs/pages/includes/tctl.mdx!) - To configure the Kubernetes cluster, your client system will need to have `kubectl` installed. See the @@ -183,5 +183,5 @@ this format is compatible with most Kubernetes tools including: - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore all the available configuration options. -- Read the [Kubernetes Access RBAC guide](../../kubernetes-access/controls.mdx) - for more details on controlling Kubernetes access. \ No newline at end of file +- Read the [Teleport Kubernetes RBAC guide](../../kubernetes-access/controls.mdx) + for more details on controlling Kubernetes access. diff --git a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx index 482920ca5bd51..b9bf74a66c318 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx @@ -15,7 +15,7 @@ will cover access using the Teleport CLI `tsh` as well as the OpenSSH client. (!docs/pages/includes/edition-prereqs-tabs.mdx!) - If you have not already connected your server to Teleport, follow - the [Server Access Getting Started Guide](../../application-access/getting-started.mdx). + the [getting started guide](../../server-access/getting-started.mdx). - (!docs/pages/includes/tctl.mdx!) - `tbot` must already be installed and configured on the machine that will connect to Linux hosts with SSH. For more information, see the @@ -167,4 +167,4 @@ SSH client certificates and either ProxyCommand or ProxyJump functionality. ## Next steps - Read the [configuration reference](../../../reference/machine-id/configuration.mdx) to explore - all the available configuration options. \ No newline at end of file + all the available configuration options. diff --git a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx index bc1e55c29aa36..63eb7e79e38b6 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx @@ -96,7 +96,7 @@ plan later. You should now see an `identity` file under `/opt/machine-id`. This contains the private key and signed certificates needed by `tctl` to -authenticate with the Teleport Auth Server. +authenticate with the Teleport Auth Service. ## Step 3/3. Use `tctl` with the identity output @@ -126,7 +126,7 @@ also be specified with the address of your Teleport Proxy or Teleport Auth Server. Run `tctl`, replacing `example.teleport.sh:443` with the address of your -Teleport Proxy or Auth Server and `/opt/machine-id/identity` with the path to +Teleport Proxy or Auth Service and `/opt/machine-id/identity` with the path to the generated identity file if you have modified this: ```code diff --git a/docs/pages/enroll-resources/machine-id/deployment/azure.mdx b/docs/pages/enroll-resources/machine-id/deployment/azure.mdx index 1639f81cefc4a..d0c410288c5e6 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/azure.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/azure.mdx @@ -15,7 +15,7 @@ This identity can be validated by a third party by attempting to use this token to fetch its own identity from the Azure identity service. The `azure` join method instructs the bot to use this attested data document and -JWT to prove its identity to the Teleport Auth Server. This allows joining to +JWT to prove its identity to the Teleport Auth Service. This allows joining to occur without the use of a long-lived secret. ## Prerequisites @@ -110,7 +110,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `22222222-2222-2222-2222-222222222222` with the ID of the Azure managed identity that has been assigned to the VM. - `example-bot` with the name of the token you created in the second step. diff --git a/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx b/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx index aedc7df45892a..6eaa7305469da 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/circleci.mdx @@ -26,7 +26,7 @@ joining method to eliminate the need for long-lived secrets. In order to allow your CircleCI workflow to authenticate with your Teleport cluster, you'll first need to create a join token. These tokens set out criteria -by which the Auth Server decides whether or not to allow a bot or node to join. +by which the Auth Service decides whether or not to allow a bot or node to join. Create a file named `bot-token.yaml`, ensuring that you replace and with the values from Step 1. @@ -42,7 +42,7 @@ spec: bot_name: example circleci: organization_id: - # allow specifies the rules by which the Auth Server determines if `tbot` + # allow specifies the rules by which the Auth Service determines if `tbot` # should be allowed to join. allow: - context_id: @@ -97,7 +97,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `example-bot` with the name of the token you created in the second step Now, the CircleCI pipeline can be defined. Before the pipeline can use `tbot`, diff --git a/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx b/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx index 695aa2042c3e1..4625506a86e50 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/gcp.mdx @@ -67,7 +67,7 @@ spec: bot_name: example join_method: gcp gcp: - # allow specifies the rules by which the Auth Server determines if `tbot` + # allow specifies the rules by which the Auth Service determines if `tbot` # should be allowed to join. allow: - project_ids: @@ -113,7 +113,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `example-bot` with the name of the token you created in the second step. (!docs/pages/includes/machine-id/daemon-or-oneshot.mdx!) diff --git a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx index df1f421b7db1a..0da1e8563e35f 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx @@ -72,7 +72,7 @@ If you are using self-hosted Teleport Enterprise you are able to permit workflows within GitHub Enterprise Server instances to authenticate using the GitHub join method. -The Teleport Auth Server must be able to connect to the GitHub Enterprise +The Teleport Auth Service must be able to connect to the GitHub Enterprise Server. To configure this, set `spec.github.enterprise_server_host` to the hostname of @@ -374,7 +374,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `example-bot` with the name of the token you created in the first step. Now you can define a GitHub Actions workflow that will start `tbot` with this diff --git a/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx b/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx index 5c04b7d800600..7974c35f1b637 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/gitlab.mdx @@ -22,7 +22,7 @@ control. - (!docs/pages/includes/tctl.mdx!) - A GitLab project to connect to Teleport. This can either be on GitLab's cloud-hosted offering (gitlab.com) or on a self-hosted GitLab instance. **When -using a self-hosted GitLab instance, your Teleport Auth Server must be able to +using a self-hosted GitLab instance, your Teleport Auth Service must be able to connect to your GitLab instance and your GitLab instance must be configured with a valid TLS certificate.** @@ -109,7 +109,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `example-bot` with the name of the token you created in the second step Now, the GitLab CI pipeline can be defined. Before the pipeline can use `tbot`, @@ -137,7 +137,7 @@ deploy-job: # Teleport cluster. This is not necessarily the address of your Teleport # cluster and will not include a port or scheme (http/https) # - # This helps the Teleport Auth Server know that the token is intended for + # This helps the Teleport Auth Service know that the token is intended for # it, and not a different service or Teleport cluster. aud: teleport.example.com script: diff --git a/docs/pages/enroll-resources/machine-id/deployment/jenkins.mdx b/docs/pages/enroll-resources/machine-id/deployment/jenkins.mdx index 5cf6e81d03646..35513e335dc11 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/jenkins.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/jenkins.mdx @@ -87,7 +87,7 @@ $ tctl bots add jenkins --roles=api-workers ``` -Connect to the Teleport Auth Server and use `tctl` to examine what roles exist on +Connect to the Teleport Auth Service and use `tctl` to examine what roles exist on your system. ```code diff --git a/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx b/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx index 88708342b21d3..8751541bbfaf9 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/kubernetes.mdx @@ -36,7 +36,7 @@ a single join token. These services are: [GCP Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) is configured for the cluster, it is possible to use the `gcp` join method. See the [GCP Platform Guide](./gcp.mdx) for further information. -- AWS Elastic Kubernetes Service: Where +- Amazon Elastic Kubernetes Service: Where [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) is configured for the cluster, it is possible to use the `iam` join method. See the [AWS Platform Guide](./aws.mdx) for further information. @@ -75,7 +75,7 @@ Create a file called `k8s-rbac.yaml`: ```yaml # This ServiceAccount will be used to give the `tbot` pods a discrete identity -# which can be validated by the Teleport Auth Server. +# which can be validated by the Teleport Auth Service. apiVersion: v1 kind: ServiceAccount metadata: @@ -154,14 +154,14 @@ spec: bot_name: example join_method: kubernetes kubernetes: - # static_jwks configures the Auth Server to validate the JWT presented by + # static_jwks configures the Auth Service to validate the JWT presented by # `tbot` using the public key from a statically configured JWKS. type: static_jwks static_jwks: jwks: | # Place the data returned by the curl command here {"keys":[--snip--]} - # allow specifies the rules by which the Auth Server determines if `tbot` + # allow specifies the rules by which the Auth Service determines if `tbot` # should be allowed to join. allow: - service_account: "default:tbot" # service_account diff --git a/docs/pages/enroll-resources/machine-id/deployment/linux.mdx b/docs/pages/enroll-resources/machine-id/deployment/linux.mdx index 8df4622ed3c67..c5c6fcefe3155 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/linux.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/linux.mdx @@ -69,7 +69,7 @@ outputs: [] Replace: - `example.teleport.sh:443` with the address of your Teleport Proxy or - Auth Server. Prefer using the address of a Teleport Proxy. + Auth Service. Prefer using the address of a Teleport Proxy. - `(=presets.tokens.first=)` with the token that was returned by `tctl bots add` in the previous step. diff --git a/docs/pages/enroll-resources/machine-id/troubleshooting.mdx b/docs/pages/enroll-resources/machine-id/troubleshooting.mdx index 1ed68ea946133..f700a5e722e52 100644 --- a/docs/pages/enroll-resources/machine-id/troubleshooting.mdx +++ b/docs/pages/enroll-resources/machine-id/troubleshooting.mdx @@ -47,7 +47,7 @@ renewable certificate, the Auth Service increments the counter, stores it on the backend, and embeds a copy of the counter in the certificate. If the counter embedded in your bot certificate doesn't match the counter -stored in Teleport's Auth Server, the renewal will fail and the bot user will +stored in Teleport's Auth Service, the renewal will fail and the bot user will be automatically [locked](../../admin-guides/access-controls/guides/locking.mdx). Renewable certificates are exclusively stored in the bot's internal data @@ -219,8 +219,9 @@ $ pkill -sigusr1 tbot ### Symptoms -When requesting [Database Access](../database-access/database-access.mdx) -certificates, the certificate request fails with an error like the following: +When requesting certificates for Teleport-protected +[databases](../database-access/database-access.mdx), the certificate request +fails with an error like the following: ```text ERROR: Failed to generate impersonated certs for directory /opt/machine-id: database "example" not found @@ -245,9 +246,11 @@ or more roles. ### Resolution +{/* vale messaging.protocol-products = NO */} Per the [Machine ID Database Access Guide](./access-guides/databases.mdx), ensure at least one role providing database permissions has been granted to the output listed in the error. +{/* vale messaging.protocol-products = YES */} For example, note the `rules` section in the following example role: ```yaml diff --git a/docs/pages/enroll-resources/server-access/guides/auditd.mdx b/docs/pages/enroll-resources/server-access/guides/auditd.mdx index af9adcec423a7..e2a375f276f59 100644 --- a/docs/pages/enroll-resources/server-access/guides/auditd.mdx +++ b/docs/pages/enroll-resources/server-access/guides/auditd.mdx @@ -10,7 +10,7 @@ You can configure Teleport's SSH Service to integrate with the Linux Auditing Sy (!docs/pages/includes/edition-prereqs-tabs.mdx!) -- A running Teleport Node. See the [Server Access Getting Started Guide](../getting-started.mdx) for how to add a Node to your Teleport cluster. On the Node, `teleport` must be running as a systemd service with root permissions. +- A running Teleport Agent instance. See the [getting started guide](../getting-started.mdx) for how to add an agent to your Teleport cluster. On the agent, `teleport` must be running as a systemd service with root permissions. - Linux kernel 2.6.6+ compiled with `CONFIG_AUDIT`. Most Linux distributions have this option enabled by default. - `auditctl` to check auditd status (optional). - (!docs/pages/includes/tctl.mdx!) diff --git a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx index 5593563ed6258..b8a83ac8480e1 100644 --- a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx +++ b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx @@ -15,11 +15,10 @@ end of an SSH session. (!docs/pages/includes/edition-prereqs-tabs.mdx!) -- A running Linux server registered with Teleport. See the [Server Access - Getting Started Guide](../getting-started.mdx) for how to add a server to your - Teleport cluster. We recommend enrolling a server that runs in a demo - environment for the purpose of this guide until you are familiar with the - instructions. +- A running Linux server registered with Teleport. See the [getting started + guide](../getting-started.mdx) for how to add a server to your Teleport + cluster. We recommend enrolling a server that runs in a demo environment for + the purpose of this guide until you are familiar with the instructions. - The following utilities should be available in the PATH for the Teleport SSH Service, since it must execute these commands in order to create transient users: @@ -477,7 +476,7 @@ on the hosts. ## Next steps -- Configure automatic user provisioning for [Database Access](../../database-access/auto-user-provisioning/auto-user-provisioning.mdx). +- Configure automatic user provisioning for [database access](../../database-access/auto-user-provisioning/auto-user-provisioning.mdx). - Configure automatic user provisioning for [desktop access](../../../reference/agent-services/desktop-access-reference/user-creation.mdx). - Configure automatic user provisioning with [Terraform](../../../reference/terraform-provider/resources/role.mdx). Note when using the terraform provider that some values may be different than described in this guide. diff --git a/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx b/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx index 36f485690d3c9..2c291a1c0db2d 100644 --- a/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx +++ b/docs/pages/enroll-resources/server-access/guides/jetbrains-sftp.mdx @@ -16,7 +16,7 @@ This guide explains how to use Teleport and a JetBrains IDE to access files with - JetBrains IDE like PyCharm, IntelliJ, GoLand etc. See [Products](https://www.jetbrains.com/products/#type=ide) for a full list of JetBrains IDEs. - One or more Teleport SSH Service instances. If you have not yet done this, - read the [Server Access Getting Started Guide](../getting-started.mdx) to + read the [getting started guide](../getting-started.mdx) to learn how. ## Step 1/3. First-time setup diff --git a/docs/pages/enroll-resources/server-access/guides/recording-proxy-mode.mdx b/docs/pages/enroll-resources/server-access/guides/recording-proxy-mode.mdx index 4604125662bfd..056bb8c2ea3fc 100644 --- a/docs/pages/enroll-resources/server-access/guides/recording-proxy-mode.mdx +++ b/docs/pages/enroll-resources/server-access/guides/recording-proxy-mode.mdx @@ -19,8 +19,8 @@ when gradually transitioning large server fleets to Teleport. Teleport Cloud only supports session recording at the Node level. If you are interested in setting up session recording, read our -[Server Access Getting Started Guide](../getting-started.mdx) so you can start -replacing your OpenSSH servers with Teleport Nodes. +[getting started guide](../getting-started.mdx) so you can start +replacing your OpenSSH servers with Teleport Agents. diff --git a/docs/pages/enroll-resources/server-access/guides/vscode.mdx b/docs/pages/enroll-resources/server-access/guides/vscode.mdx index b84cec316124c..80227d5236f58 100644 --- a/docs/pages/enroll-resources/server-access/guides/vscode.mdx +++ b/docs/pages/enroll-resources/server-access/guides/vscode.mdx @@ -15,7 +15,7 @@ This guide explains how to use Teleport and Visual Studio Code's remote SSH exte for the Remote - SSH extension. - One or more Teleport Agents running the Teleport SSH Service. If you have not yet done this, read the - [Server Access Getting Started Guide](../getting-started.mdx) to learn how. + [getting started guide](../getting-started.mdx) to learn how. Linux and macOS clients should rely on their operating system-provided OpenSSH diff --git a/docs/pages/faq.mdx b/docs/pages/faq.mdx index 2277959f2dfed..850603475679a 100644 --- a/docs/pages/faq.mdx +++ b/docs/pages/faq.mdx @@ -186,7 +186,7 @@ anonymized information, depending on the license purchased. This information contains the following: - Teleport license identifier; -- anonymized cluster name and Teleport auth server host ID; +- anonymized cluster name and Teleport Auth Service host ID; - for each Teleport user, the anonymized user name and a per-protocol count of interactions - Teleport logins, SSH and Kubernetes exec sessions, Application access web sessions and TCP connections, SSH port forwards, Kubernetes API diff --git a/docs/pages/includes/provision-token/bitbucket-spec.mdx b/docs/pages/includes/provision-token/bitbucket-spec.mdx index 778b72b42796c..260872933f08d 100644 --- a/docs/pages/includes/provision-token/bitbucket-spec.mdx +++ b/docs/pages/includes/provision-token/bitbucket-spec.mdx @@ -16,7 +16,7 @@ spec: # the repository settings under "Pipelines" and "OpenID Connect". audience: $AUDIENCE - # allow specifies the rules by which the Auth Server determines if `tbot` + # allow specifies the rules by which the Auth Service determines if `tbot` # should be allowed to join. All parameters in a given allow entry must # match for the join attempt to succeed, but many allow rules may be # provided. One or both of `workspace_uuid` and `repository_uuid` are diff --git a/docs/pages/includes/provision-token/circleci-spec.mdx b/docs/pages/includes/provision-token/circleci-spec.mdx index 0b8aea9f3108e..2928a82a2c952 100644 --- a/docs/pages/includes/provision-token/circleci-spec.mdx +++ b/docs/pages/includes/provision-token/circleci-spec.mdx @@ -9,7 +9,7 @@ spec: bot_name: example circleci: organization_id: $ORGANIZATION_ID - # allow specifies the rules by which the Auth Server determines if `tbot` + # allow specifies the rules by which the Auth Service determines if `tbot` # should be allowed to join. allow: - # CircleCI context id. See the CircleCI MachineID guide to learn diff --git a/docs/pages/includes/provision-token/kubernetes-jwks-spec.mdx b/docs/pages/includes/provision-token/kubernetes-jwks-spec.mdx index e6be3089289af..c9aac88154cf2 100644 --- a/docs/pages/includes/provision-token/kubernetes-jwks-spec.mdx +++ b/docs/pages/includes/provision-token/kubernetes-jwks-spec.mdx @@ -7,14 +7,14 @@ spec: roles: [App] join_method: kubernetes kubernetes: - # static_jwks configures the Auth Server to validate the JWT presented by + # static_jwks configures the Auth Service to validate the JWT presented by # `tbot` using the public key from a statically configured JWKS. type: static_jwks static_jwks: jwks: | # Place the kubernetes JWKS here (`kubectl get --raw /openid/v1/jwks`) {"keys":[--snip--]} - # allow specifies the rules by which the Auth Server determines if the node + # allow specifies the rules by which the Auth Service determines if the node # should be allowed to join. allow: - service_account: "namespace:serviceaccount" diff --git a/docs/pages/reference/architecture/device-trust.mdx b/docs/pages/reference/architecture/device-trust.mdx index 727ed46fba5dc..6b615b108d86a 100644 --- a/docs/pages/reference/architecture/device-trust.mdx +++ b/docs/pages/reference/architecture/device-trust.mdx @@ -36,19 +36,19 @@ the user to be authenticated beforehand. ![device authentication](../../../img/architecture/device-trust-authentication.png) -These are the basics of device trust. TPM ceremonies are slightly different in +These are the basics of Device Trust. TPM ceremonies are slightly different in implementation but equivalent in functionality and security properties (enrollment attests the EKCert, EK and AK; authentication verifies possession of the AK). Web UI support is underpinned by the same ceremonies described above, which are -delegated to Teleport Connect for technical reasons. Our [device trust for the -web][] blog post describes the implementation challenges in detail. +delegated to Teleport Connect for technical reasons. Our [Device Trust for the +web][blog-post] blog post describes the implementation challenges in detail. -For practical use see the [device trust section][]. +For practical use see the [Device Trust section][section]. [auto-enrollment]: ../../admin-guides/access-controls/device-trust/device-management.mdx#auto-enrollment [device enrollment tokens]: ../../admin-guides/access-controls/device-trust/device-management.mdx#create-a-device-enrollment-token [device enforcement]: ../../admin-guides/access-controls/device-trust/enforcing-device-trust.mdx -[device trust for the web]: https://goteleport.com/blog/device-trust-for-web-challenges-and-solutions/ -[device trust section]: ../../admin-guides/access-controls/device-trust/device-trust.mdx +[blog-post]: https://goteleport.com/blog/device-trust-for-web-challenges-and-solutions/ +[section]: ../../admin-guides/access-controls/device-trust/device-trust.mdx diff --git a/docs/pages/reference/cli/tctl.mdx b/docs/pages/reference/cli/tctl.mdx index 061a58e1a76e6..623a99ca7c0ba 100644 --- a/docs/pages/reference/cli/tctl.mdx +++ b/docs/pages/reference/cli/tctl.mdx @@ -480,7 +480,7 @@ $ tctl auth sign --ttl=2190h --user=jenkins --out=jenkins.pem # create a certificate with a TTL of 1 day for the jenkins user # The kubeconfig file can later be used with `kubectl` or compatible tooling. $ tctl auth sign --ttl=24h --user=jenkins --out=kubeconfig --format=kubernetes -# Exports an identity from the Auth Server in preparation for remote +# Exports an identity from the Auth Service in preparation for remote # tctl execution. $ tctl auth sign --user=admin --out=identity.pem ``` diff --git a/docs/pages/upgrading/overview.mdx b/docs/pages/upgrading/overview.mdx index 67c5b6413e204..a5ada86e76966 100644 --- a/docs/pages/upgrading/overview.mdx +++ b/docs/pages/upgrading/overview.mdx @@ -14,9 +14,10 @@ Teleport cluster while preserving compatibility. (!docs/pages/includes/compatibility.mdx!) -In Teleport Enterprise Cloud, we manage the Auth and Proxy Services for you. You -can determine the current version of these services by running the following -command, where `mytenant` is the name of your Teleport Enterprise Cloud tenant: +In Teleport Enterprise Cloud, we manage the Auth Service and Proxy Service for +you. You can determine the current version of these services by running the +following command, where `mytenant` is the name of your Teleport Enterprise +Cloud tenant: ```code $ curl -s https://mytenant.teleport.sh/webapi/ping | jq '.server_version'