diff --git a/docs/auth/providers/github.md b/docs/auth/providers/github.md index 7f61ea7ba..27af9e622 100644 --- a/docs/auth/providers/github.md +++ b/docs/auth/providers/github.md @@ -12,7 +12,7 @@ Create an OAuth application in Github by following their [step-by-step instructi `https:///oauth/github/callback` !!! note - It is recommended that you first set the [`--hostname` flag](/config/flags#-hostname) to a hostname that is accessible by Github, and that you use this hostname in the authorization callback URL above. + It is recommended that you first set the [`--hostname` flag](../../../config/flags/#-hostname) to a hostname that is accessible by Github, and that you use this hostname in the authorization callback URL above. Once you've registered the application, note the client ID and secret. diff --git a/docs/auth/providers/gitlab.md b/docs/auth/providers/gitlab.md index a56764eee..13da131cc 100644 --- a/docs/auth/providers/gitlab.md +++ b/docs/auth/providers/gitlab.md @@ -12,7 +12,7 @@ Create an OAuth application for your Gitlab group by following their [step-by-st `https:///oauth/gitlab/callback` !!! note - It is recommended that you first set the [`--hostname` flag](/config/flags#-hostname) to a hostname that is accessible by Gitlab, and that you use this hostname in the redirect URI above. + It is recommended that you first set the [`--hostname` flag](../../../config/flags/#-hostname) to a hostname that is accessible by Gitlab, and that you use this hostname in the redirect URI above. Once you've created the application, note the Application ID and Secret. diff --git a/docs/auth/providers/iap.md b/docs/auth/providers/iap.md index edfef11fa..1b175374e 100644 --- a/docs/auth/providers/iap.md +++ b/docs/auth/providers/iap.md @@ -11,7 +11,7 @@ OTF supports deployment using [Google's Identity-Aware Proxy](https://cloud.goog OTF checks each incoming request for the presence of a [signed IAP header](https://cloud.google.com/iap/docs/signed-headers-howto). If present then it verifies the header's signed token to verify it originated from Google IAP and that it has not expired. -You can also configure OTF to validate the **audience** token claim. Validating the audience checks OTF is indeed the intended recipient of the request. Follow [Google's instructions](https://cloud.google.com/iap/docs/signed-headers-howto#iap_validate_jwt-go) for retrieving the audience string. Then set the [--iap-google-jwt-audience](/config/flags#-google-jwt-audience) `otfd` flag accordingly, e.g.: +You can also configure OTF to validate the **audience** token claim. Validating the audience checks OTF is indeed the intended recipient of the request. Follow [Google's instructions](https://cloud.google.com/iap/docs/signed-headers-howto#iap_validate_jwt-go) for retrieving the audience string. Then set the [--iap-google-jwt-audience](../../../config/flags/#-google-jwt-audience) `otfd` flag accordingly, e.g.: ``` otfd --google-jwt-audience /projects/project_number/apps/my_project_id diff --git a/docs/auth/site_admin.md b/docs/auth/site_admin.md index ff279565f..f108ee304 100644 --- a/docs/auth/site_admin.md +++ b/docs/auth/site_admin.md @@ -1,6 +1,6 @@ # Site Admin -The `site-admin` user allows for exceptional access to OTF. The user possesses unlimited privileges and uses a token to sign-in. See the documentation for the [`--site-token` flag](/config/flags#-site-token) for details on how to set the token. +The `site-admin` user allows for exceptional access to OTF. The user possesses unlimited privileges and uses a token to sign-in. See the documentation for the [`--site-token` flag](../../config/flags/#-site-token) for details on how to set the token. !!! note Keep the token secure. Anyone with access to the token has complete access to OTF. @@ -12,4 +12,4 @@ You can sign into the web UI using the token. Use the link found in the bottom r ![site admin profile](../images/site_admin_profile.png){.screenshot} !!! note - Use of the site admin token is recommended only for one-off administrative and testing purposes. You should use an [identity provider](/auth/providers) in most cases. + Use of the site admin token is recommended only for one-off administrative and testing purposes. You should use an Identity Provider in most cases. diff --git a/docs/config/flags.md b/docs/config/flags.md index dec2c01f3..bf6341755 100644 --- a/docs/config/flags.md +++ b/docs/config/flags.md @@ -52,28 +52,28 @@ Enable developer mode: web templates are loaded from the filesystem upon every r * System: `otfd` * Default: "" -Github OAuth Client ID. Set this flag along with [--github-client-secret](#-github-client-secret) to enable [Github authentication](/auth/providers/github). +Github OAuth Client ID. Set this flag along with [--github-client-secret](#-github-client-secret) to enable [Github authentication](../../auth/providers/github). ## `--github-client-secret` * System: `otfd` * Default: "" -Github OAuth client secret. Set this flag along with [--github-client-id](#-github-client-id) to enable [Github authentication](/auth/providers/github). +Github OAuth client secret. Set this flag along with [--github-client-id](#-github-client-id) to enable [Github authentication](../../auth/providers/github). ## `--gitlab-client-id` * System: `otfd` * Default: "" -Gitlab OAuth Client ID. Set this flag along with [--gitlab-client-secret](#-gitlab-client-secret) to enable [Gitlab authentication](/auth/providers/gitlab). +Gitlab OAuth Client ID. Set this flag along with [--gitlab-client-secret](#-gitlab-client-secret) to enable [Gitlab authentication](../../auth/providers/gitlab). ## `--gitlab-client-secret` * System: `otfd` * Default: "" -Gitlab OAuth client secret. Set this flag along with [--gitlab-client-id](#-gitlab-client-id) to enable [Gitlab authentication](/auth/providers/gitlab). +Gitlab OAuth client secret. Set this flag along with [--gitlab-client-id](#-gitlab-client-id) to enable [Gitlab authentication](../../auth/providers/gitlab). ## `--google-jwt-audience` @@ -81,7 +81,7 @@ Gitlab OAuth client secret. Set this flag along with [--gitlab-client-id](#-gitl * Default: "" The Google JWT audience claim for validation. If unspecified then the audience -claim is not validated. See the [Google IAP](/auth/providers/iap#verification) document for more details. +claim is not validated. See the [Google IAP](../../auth/providers/iap#verification) document for more details. ## `--hostname` @@ -189,7 +189,7 @@ are no longer specified with this flag are demoted. * System: `otfd` * Default: "" -The site token for authenticating with the [`site-admin`](/auth#site-admins) user, e.g.: +The site token for authenticating with the [`site-admin`](../../auth/site_admin) user, e.g.: ```bash otfd --site-token=643f57a1016cdde7e7e39914785d36d61fd diff --git a/docs/dev.md b/docs/dev.md index 317552e4e..871dba74f 100644 --- a/docs/dev.md +++ b/docs/dev.md @@ -40,7 +40,7 @@ Rails-style path helpers are generated using `go generate`. The path specificati ## Web development -If you're making changes to web templates then you may want to enable [developer mode](/config/flags#-dev-mode). Once enabled you will be able to see the changes without restarting `otfd`: while `otfd` is running, you can make a change to a template and then reload the page in your browser and you should see the change. +If you're making changes to web templates then you may want to enable [developer mode](../config/flags/#-dev-mode). Once enabled you will be able to see the changes without restarting `otfd`: while `otfd` is running, you can make a change to a template and then reload the page in your browser and you should see the change. To auto-reload the browser, check out the recommended [developer tooling](#developer-tooling). diff --git a/docs/quickstart.md b/docs/quickstart.md index 1fb813f85..31bb643c1 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -10,7 +10,7 @@ Ensure you have access to a postgres server. `otfd` by default assumes postgres createdb otf ``` -At a minimum, `otfd` requires a [secret](/config/flags#-secret) and a means of authentication. For the purposes of this quickstart we'll use a [site token](/config/flags#-site-token): +At a minimum, `otfd` requires a [secret](../config/flags/#-secret) and a means of authentication. For the purposes of this quickstart we'll use a [site token](../config/flags/#-site-token): ```bash > ./otfd --secret=6b07b57377755b07cf61709780ee7484 --site-token=my-token diff --git a/docs/rbac.md b/docs/rbac.md index 93abe9d4a..8f717a352 100644 --- a/docs/rbac.md +++ b/docs/rbac.md @@ -36,5 +36,5 @@ See the [TFC/TFE documentation](https://developer.hashicorp.com/terraform/cloud- Site admins possesses supreme privileges across an OTF cluster. There are two ways to assume the role: -* Use a [site token](/auth#site-admin-token) to login as the `site-admin` user -* Promote users to the role using the [`--site-admins` flag](/config/flags#-site-admins) +* Use a [site token](../config/flags/#-site-token) to login as the `site-admin` user +* Promote users to the role using the [`--site-admins` flag](../config/flags/#-site-admins) diff --git a/docs/testing.md b/docs/testing.md index cb54819a9..8083ae05f 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -141,4 +141,4 @@ performs the following steps: * Runs a subset of `go-tfe` tests using the **upstream** repo !!! note - You can instead manually invoke API tests using the scripts in `./hack`. The tests first require `otfd` to be running at `https://localhost:8833`, with a [site token](/config/flags#-site-token) set to `site-token`. These settings can be overridden with the environment variables `TFE_ADDRESS` and `TFE_TOKEN`. + You can instead manually invoke API tests using the scripts in `./hack`. The tests first require `otfd` to be running at `https://localhost:8833`, with a [site token](../config/flags/#-site-token) set to `site-token`. These settings can be overridden with the environment variables `TFE_ADDRESS` and `TFE_TOKEN`.