chore: reorg perms and connections

Author: moshloop

common/src/css/custom.css

@@ -79,7 +79,7 @@ li::marker {
 }
 
 li {
-  font: var(--ifm-font-sans) !important;
+  font-family: var(--ifm-font-sans) !important;
 }
 
 li > svg {
@@ -573,7 +573,7 @@ pre {
 
 .navbar__link--active {
   color: var(--ifm-color-primary-light);
-  font: bold;
+  font-weight: bold;
 }
 
 a {

mission-control-chart

@@ -81,7 +81,7 @@ To follow this tutorial, you need:
     <Install/>
 
     :::info Helm Installation
-    This tutorial uses the CLI for faster feedback, in production we recommend installing `canary-checker` as an operator using the [helm chart](https://canarychecker.io/getting-started) or as part of the full Mission Control [platform](/docs/installation/self-hosted/getting-started).
+    This tutorial uses the CLI for faster feedback, in production we recommend installing `canary-checker` as an operator using the [helm chart](https://canarychecker.io/getting-started) or as part of the full Mission Control [platform](/docs/installation/self-hosted).
 1. Next create a `Canary` CustomResourceDefinition (CRD)  using the `kubernetesResource` check type, the layout of the canary is as follows:
 
     ```yaml title=basic-canary.yaml file=template.yaml

mission-control/blog/control-plane-testing/index.mdx

@@ -11,6 +11,8 @@ For the past few years at [Flanksource](https://flanksource.com/), I've helped b
 
 One Tuesday afternoon, one of our pods started crashing with an OOM (OutOfMemory) error.
 
+{/* truncate */}
+
 > When a container exceeds its memory limit in Kubernetes, the system restarts it with an OutOfMemory message. Memory leaks can trigger a crash loop cycle.
 
 This issue occurred frequently enough to raise concerns, particularly since it only affected one customer's environment.

mission-control/blog/rust-ffi/index.mdx

@@ -126,5 +126,5 @@ See the [SQL scraper](/docs/guide/config-db/scrapers/sql) for examples of scrapi
 
 ## Related
 
-- [Config Access Reference](/docs/reference/config_access) - Access log schema details
+- [Config Access Reference](/docs/reference/config-db/config_access) - Access log schema details
 - [Retention](/docs/guide/config-db/concepts/retention) - Configure access log retention policies

mission-control/docs/guide/config-db/concepts/access-logs.mdx

@@ -52,24 +52,31 @@ The Logs scraper queries log aggregation systems to extract configuration change
     scheme: "[]string"
   },
   {
+    priority: 1,
     field: "bigQuery",
     description: "BigQuery configuration for log scraping",
-    scheme: "[BigQueryConfig](#bigqueryconfig)"
+    scheme: "[BigQuery](#bigquery)"
   },
   {
+        priority: 1,
+
     field: "gcpCloudLogging",
     description: "GCP Cloud Logging configuration",
-    scheme: "[GCPCloudLoggingConfig](#gcpcloudloggingconfig)"
+    scheme: "[GCPCloudLogging](#gcpcloudlogging)"
   },
   {
+        priority: 1,
+
     field: "loki",
     description: "Loki configuration for log scraping",
-    scheme: "[LokiConfig](#lokiconfig)"
+    scheme: "[Loki](#loki)"
   },
   {
+        priority: 1,
+
     field: "openSearch",
     description: "OpenSearch configuration for log scraping",
-    scheme: "[OpenSearchConfig](#opensearchconfig)"
+    scheme: "[OpenSearch](#opensearch)"
   }
 ]} />
 
@@ -134,7 +141,7 @@ spec:
 
 </details>
 
-### BigQueryConfig
+### BigQuery
 
 <Fields rows={[
   {
@@ -163,7 +170,7 @@ spec:
 
 </details>
 
-### GCPCloudLoggingConfig
+### GCPCloudLogging
 
 <Fields rows={[
   {
@@ -225,7 +232,7 @@ spec:
 
 </details>
 
-### LokiConfig
+### Loki
 
 <Fields rows={[
   {
@@ -274,7 +281,7 @@ spec:
 
 </details>
 
-### OpenSearchConfig
+### OpenSearch
 
 <Fields rows={[
   {

mission-control/docs/guide/config-db/scrapers/logs.mdx

@@ -23,7 +23,6 @@ When creating a notification you can either specify a connection or a custom URL
 | [Mattermost](./mattermost)   | _mattermost://[__`username`__@]**`mattermost-host`**/**`token`**[/__`channel`__]_                                               |
 | [Matrix](./matrix)           | _matrix://**`username`**:**`password`**@**`host`**:**`port`**/[?rooms=**`!roomID1`**[,__`roomAlias2`__]]_                       |
 | [Ntfy](./ntfy)               | _ntfy://**`username`**:**`password`**@ntfy.sh/**`topic`**_                                                                      |
-| [OpsGenie](./opsgenie)       | _opsgenie://**`host`**/token?responders=**`responder1`**[,__`responder2`__]_                                                    |
 | [Pushbullet](./pushbullet)   | _pushbullet://**`api-token`**[/__`device`__/#__`channel`__/__`email`__]_                                                        |
 | [Pushover](./pushover)       | _pushover://shoutrrr:**`apiToken`**@**`userKey`**/?devices=**`device1`**[,__`device2`__, ...]_                                  |
 | [Rocketchat](./rocketchat)   | _rocketchat://[__`username`__@]**`rocketchat-host`**/**`token`**[/__`channel`|`@recipient`__]_                             |

mission-control/docs/guide/notifications/channels/index.md

@@ -0,0 +1,144 @@
+---
+title: Actions
+sidebar_position: 4
+sidebar_custom_props:
+  icon: cog
+---
+
+Actions define what operations a subject can perform on the target objects. The `actions` field is required and accepts a list of action strings.
+
+## Available Actions
+
+| Action | Description |
+|--------|-------------|
+| `read` | Allows reading/viewing resources |
+| `write` | Allows creating or modifying resources |
+| `delete` | Allows deleting resources |
+| `playbook:run` | Allows running playbooks |
+| `playbook:approve` | Allows approving playbook runs that require approval |
+| `playbook:cancel` | Allows canceling playbook runs |
+
+## Wildcards
+
+You can use wildcards to grant multiple permissions at once:
+
+| Wildcard | Description |
+|----------|-------------|
+| `playbook:*` | Grants all playbook-related permissions (run, approve, cancel) |
+| `*` | Grants all permissions (use with caution) |
+
+## Examples
+
+<details summary="Read-Only Access">
+<div>
+
+```yaml title="read-only-permission.yaml"
+apiVersion: mission-control.flanksource.com/v1
+kind: Permission
+metadata:
+  name: viewer-access
+spec:
+  description: Read-only access to configs
+  subject:
+    team: viewers
+  actions:
+    - read
+  object:
+    configs:
+      - name: "*"
+```
+
+</div>
+</details>
+
+<details summary="Full Playbook Access">
+<div>
+
+```yaml title="playbook-full-access.yaml"
+apiVersion: mission-control.flanksource.com/v1
+kind: Permission
+metadata:
+  name: playbook-admin
+spec:
+  description: Full playbook management access
+  subject:
+    team: platform-team
+  actions:
+    - playbook:*
+  object:
+    playbooks:
+      - name: "*"
+```
+
+</div>
+</details>
+
+<details summary="Multiple Actions">
+<div>
+
+```yaml title="multiple-actions.yaml"
+apiVersion: mission-control.flanksource.com/v1
+kind: Permission
+metadata:
+  name: editor-access
+spec:
+  description: Read and write access to configs
+  subject:
+    person: editor@example.com
+  actions:
+    - read
+    - write
+  object:
+    configs:
+      - namespace: production
+```
+
+</div>
+</details>
+
+<details summary="Playbook Run and Approve">
+<div>
+
+```yaml title="run-approve-permission.yaml"
+apiVersion: mission-control.flanksource.com/v1
+kind: Permission
+metadata:
+  name: playbook-operator
+spec:
+  description: Allow running and approving playbooks
+  subject:
+    team: operators
+  actions:
+    - playbook:run
+    - playbook:approve
+  object:
+    playbooks:
+      - labels:
+          category: maintenance
+```
+
+</div>
+</details>
+
+<details summary="Admin Access (All Permissions)">
+<div>
+
+```yaml title="admin-permission.yaml"
+apiVersion: mission-control.flanksource.com/v1
+kind: Permission
+metadata:
+  name: admin-all-access
+spec:
+  description: Full admin access (use sparingly)
+  subject:
+    team: admins
+  actions:
+    - "*"
+```
+
+:::warning
+Using `*` (all permissions) should be limited to administrative roles. Always prefer granting the minimum necessary permissions.
+:::
+
+</div>
+</details>