Document update - Security section #7920
Conversation
…nt to the Security section and repositioned the entire section to the top-level hierarchy of the document for improved visibility. Also added a link to the security pages in the “Apache Geode is 15 or Less” section to enhance accessibility to related resources.
raboof
left a comment
raboof
left a comment
There was a problem hiding this comment.
Looks like a good start!
This moves some pages from /managing/security to /security, but breaks some links to those pages. The ./preview-user-guide.sh script in dev-tools/docker/docs can find broken links:
Checking for broken links...
/docs/guide/116/tools_modules/pulse/pulse-auth.html => /docs/guide/116/managing/security/ssl_overview.html
/docs/guide/116/developing/query_select/the_where_clause.html => /docs/guide/116/managing/security/method_invocation_authorizers.html#restrictedMethodAuthorizer
/docs/guide/116/developing/query_select/the_where_clause.html => /docs/guide/116/managing/security/method_invocation_authorizers.html#changing_method_authorizer
/docs/guide/116/developing/query_select/the_where_clause.html => /docs/guide/116/managing/security/method_invocation_authorizers.html#unrestrictedMethodAuthorizer
/docs/guide/116/developing/function_exec/how_function_execution_works.html => /docs/guide/116/managing/security/implementing_authorization.html#AuthorizeFcnExecution
/docs/guide/116/developing/function_exec/function_execution.html => /docs/guide/116/managing/security/implementing_authorization.html#AuthorizeFcnExecution
/docs/guide/116/security/implementing_ssl.html => /docs/guide/topologies_and_comm/p2p_configuration/setting_up_a_p2p_system.html
/docs/guide/116/security/implementing_ssl.html => /docs/guide/topologies_and_comm/cs_configuration/setting_up_a_client_server_system.html#setting_up_a_client_server_system
/docs/guide/116/security/enable_security.html => /docs/guide/configuring/cluster_config/gfsh_persist.html#using-the-cluster-config-svc
/docs/guide/116/security/method_invocation_authorizers.html => /docs/guide/tools_modules/gfsh/command-pages/alter.html#topic_alter_query_service
/docs/guide/116/security/method_invocation_authorizers.html => /docs/guide/images/threatsAddressedByEachAuthorizer.png
/docs/guide/116/security/post_processing.html => /docs/guide/basic_config/data_entries_custom_classes/copy_on_read.html
/docs/guide/116/security/implementing_authorization.html => /docs/guide/developing/query_select/the_where_clause.html#the_where_clause__section_D2F8D17B52B04895B672E2FCD675A676
/docs/guide/116/security/security-audit.html => /docs/guide/configuring/running/firewalls_ports.html#concept_5ED182BDBFFA4FAB89E3B81366EBC58E
/docs/guide/116/security/security-audit.html => /docs/guide/116/logging/logging.html#concept_30DB86B12B454E168B80BB5A71268865
/docs/guide/116/security/security-audit.html => /docs/guide/tools_modules/gfsh/configuring_gfsh.html#concept_3B9C6CE2F64841E98C33D9F6441DF487
/docs/guide/116/security/ssl_overview.html => /docs/guide/images/security-5.gif
/docs/guide/116/configuring/cluster_config/gfsh_remote.html => /docs/guide/116/managing/security/ssl_overview.html
/docs/guide/116/managing/management/jmx_manager_node.html => /docs/guide/116/managing/security/enable_security.html
/docs/guide/116/managing/troubleshooting/log_messages_and_solutions.html => /docs/guide/116/managing/security/security-audit.html#topic_5B6DF783A14241399DC25C6EE8D0048A
/docs/guide/116/managing/book_intro.html => /docs/guide/116/managing/security/chapter_overview.html
/docs/guide/116/managing/monitor_tune/slow_receivers_managing.html => /docs/guide/116/managing/security/ssl_overview.html
/docs/guide/116/basic_config/the_cache/managing_a_secure_cache.html => /docs/guide/116/managing/security/chapter_overview.html
/docs/guide/116/basic_config/the_cache/managing_a_secure_cache.html => /docs/guide/116/managing/security/implementing_authentication.html
/docs/guide/116/rest_apps/setup_config.html => /docs/guide/116/managing/security/ssl_overview.html
Found 25 broken links!
| - Continue reading the next section to learn more about the components and concepts that were just introduced. | ||
| - To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks with gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34). | ||
| - To learn about the cluster configuration service, see [Tutorial—Creating and Using a Cluster Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl). | ||
| - To ensure that your Geode instances are secure, see: [Security](../security/chapter_overview.html). |
There was a problem hiding this comment.
Good idea to add this reference here
| </li> | ||
| </ul> | ||
| </li> | ||
| <li class="has_submenu"> |
There was a problem hiding this comment.
This moves the Security section to the top level. I think that's a good idea.
Minor request: the indentation (the number of leading spaces) seems a little inconsistent here, that might be good to clean up.
There was a problem hiding this comment.
Thanks. Will fix the indentation
| [authenticationLink]: authentication_overview.html | ||
| [authOverviewLink]: ../security/authorization_overview.html | ||
| [postProcessingLink]: ../security/post_processing.html | ||
| [sslDetailsLink]: ../security/ssl_overview.html |
There was a problem hiding this comment.
(I don't particularly care for moving the links down here instead of having them 'directly' above, but I don't have a strong objection either)
There was a problem hiding this comment.
Will update the links to be called directly.
| **[authorization][authorization]** and | ||
| **[over-the-wire encryption][ssl_overview]** | ||
| are absent from a default Geode installation. | ||
| It is highly recommended that users review Geode's security capabilities and implement them as they see fit. See the |
There was a problem hiding this comment.
This should probably be "as you see fit", or perhaps something like "depending on the requirements of your deployment"?
There was a problem hiding this comment.
Comment from our technical writer about the change
-the 'as they see fit' is grammatically correct, but if he wants you to change it, you can modify it to what he recommends: 'depending on the requirements of your deployment'. That is your call.
There was a problem hiding this comment.
Ah you're right, 'they' is correct because this sentence is talking about 'users' in the 3rd person - I somehow read it in the 2nd person initially (perhaps because the next sentence is in the 2nd person too). I'm fine with either.
…e. Fixed broken links.
There was a problem hiding this comment.
Indentation still seems inconsistent in geode-book/master_middleman/source/subnavs/geode-subnav.erb, but I'm not too worried about that.
Indeed the broken links now seem fixed, great!
Haven't been able to test the generated docs.
Would be good to get a confirmation from a PMC member.
I think I'm still missing some detail in this security model, but we can improve that after merging this first step.
JinwooHwang
left a comment
JinwooHwang
left a comment
There was a problem hiding this comment.
Verified that the broken links have been addressed.
| </li> | ||
| </ul> | ||
| </li> | ||
| <li class="has_submenu"> |
|
@raboof, Would you like to see more detail on the security model before you would feel comfortable merging? Thank you very much for your thoughtful and careful review — your perspective is extremely valuable. |
No, I expect we'll be adding more detail in the future but I don't see that as a prerequisite for merging this good first step. It would be good approvals from more people (ideally PMC members), as this is such a fundamental document, though - perhaps you could draw attention to this PR in an email to the dev@ list? |
Thanks @raboof. I will open a DISCUSS thread to get more reviews. |
|
Thank you very much @raboof |
* Document update - Security section – Added the Security Model statement to the Security section and repositioned the entire section to the top-level hierarchy of the document for improved visibility. Also added a link to the security pages in the “Apache Geode is 15 or Less” section to enhance accessibility to related resources. * Fixed based on review - Links called directly. Fixed indentation issue. Fixed broken links. (cherry picked from commit 7962e2c)
3 participants
Added the Security Model statement to the Security section and repositioned the entire section to the top-level hierarchy of the document for improved visibility.
Also added a link to the security pages in the “Apache Geode is 15 or Less” section to enhance accessibility to related resources.
For all changes:
no JIRA ticket.
develop)?yes
yes
gradlew buildrun cleanly?yes
No. Doc changes