Merge branch 'main' into rhidp-5592

Author: pabel-rh

modules/authentication/proc-enabling-authentication-with-rhbk.adoc

@@ -23,11 +23,6 @@ Save the value for the next step:
 * **Client ID**
 * **Client Secret**
 
-.. Configure your {rhbk} realm for performance and security:
-... Navigate to the **Configure** > **Realm Settings**.
-... Set the **Access Token Lifespan** to a value greater than five minutes (preferably 10 or 15 minutes) to prevent performance issues from frequent refresh token requests for every API call.
-... Enable the **Revoke Refresh Token** option to improve security by enabling the refresh token rotation strategy.
-
 .. To prepare for the verification steps, in the same realm, get the credential information for an existing user or link:https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/24.0/html-single/getting_started_guide/index#getting-started-zip-create-a-user[create a user]. Save the user credential information for the verification steps.
 
 . To add your {rhsso} credentials to your {product-short}, add the following key/value pairs to link:{plugins-configure-book-url}#provisioning-your-custom-configuration[your {product-short} secrets]:
@@ -182,6 +177,13 @@ auth:
 
 --
 
+.Security consideration
+If multiple valid refresh tokens are issued due to frequent refresh token requests, older tokens will remain valid until they expire. To enhance security and prevent potential misuse of older tokens, enable a refresh token rotation strategy in your {rhbk} realm.
+
+. From the *Configure* section of the navigation menu, click *Realm Settings*.
+. From the *Realm Settings* page, click the *Tokens* tab.
+. From the *Refresh tokens* section of the *Tokens* tab, toggle the *Revoke Refresh Token* to the *Enabled* position.
+
 .Verification
 . Go to the {product-short} login page.
 . Your {product-short} sign-in page displays *Sign in using OIDC* and the Guest user sign-in is disabled.

modules/authorization/proc-defining-authorizations-in-external-files-by-using-the-operator.adoc

@@ -75,9 +75,9 @@ $ oc create configmap rbac-policies \
      --from-file=rbac-conditional-policies.yaml
 ----
 
-. Update your {product-short} `Backstage` custom resource to mount in the {product-short} filesystem your files from the `rbac-policies` config map:
+. Update link:{configuring-book-url}[your `{product-custom-resource-type}` custom resource] to mount in the {product-short} filesystem your files from the `rbac-policies` config map:
 +
-.`Backstage` Custom resource fragment
+.`{product-custom-resource-type}` custom resource fragment
 [source,yaml]
 ----
 apiVersion: rhdh.redhat.com/v1alpha3

modules/configuring-a-proxy/proc-configuring-proxy-in-operator-deployment.adoc

@@ -59,7 +59,7 @@ For Operator-based deployment, the approach you use for proxy configuration is b
 ----
 
 
-* As a developer, set the proxy information in your custom resource (CR) file as shown in the following example:
+* As a developer, set the proxy information in your `{product-custom-resource-type}` CR file as shown in the following example:
 + 
 .Example: Setting proxy variables in a CR file
 [source, yaml]

modules/configuring-deployment/proc-configuring-deployment-by-using-the-operator.adoc

@@ -1,11 +1,11 @@
 [id="configuring-the-deployment"]
-= Configuring {product} deployment when using the operator
+= Configuring {product} deployment when using the Operator
 
-The {product} operator exposes a `rhdh.redhat.com/v1alpha2` API Version of its Custom Resource Definition (CRD). This CRD exposes a generic `spec.deployment.patch` field, which gives you full control over the {product-short} Deployment resource. This field can be a fragment of the standard `apps.Deployment` Kubernetes object.
+The {product} Operator exposes a `rhdh.redhat.com/v1alpha2` API Version of its custom resource (CR). This CR exposes a generic `spec.deployment.patch` field, which gives you full control over the {product-short} Deployment resource. This field can be a fragment of the standard `apps.Deployment` Kubernetes object.
 
 .Procedure
 
-. Create a {product-short} Custom Resource Definition with the following fields:
+. Create a `{product-custom-resource-type}` CR with the following fields:
 
 --
 .Example

modules/configuring-external-databases/proc-configuring-postgresql-instance-using-the-operator.adoc

@@ -74,7 +74,7 @@ EOF
 <3> Optional: Provide the value based on the required link:https://www.postgresql.org/docs/15/libpq-connect.html#LIBPQ-CONNECT-SSLMODE[Secure Sockets Layer (SSL) mode].
 <4> Optional: Provide the value only if you need a TLS connection for your PostgreSQL instance.
 
-. Create a `{product-custom-resource-type}` custom resource (CR):
+. Create your `{product-custom-resource-type}` custom resource (CR):
 +
 [source,terminal,subs="+attributes,+quotes"]
 ----

modules/configuring-external-databases/proc-migrating-databases-to-an-external-server.adoc

@@ -78,7 +78,7 @@ done
 You can stop port forwarding when the copying of the data is complete. For more information about handling large databases and using the compression tools, see the link:https://www.postgresql.org/docs/current/backup-dump.html#BACKUP-DUMP-LARGE[Handling Large Databases] section on the PostgreSQL website.
 ====
 
-. Reconfigure your `Backstage` custom resource (CR). For more information, see link:{configuring-book-url}#proc-configuring-postgresql-instance-using-operator_configuring-external-postgresql-databases[Configuring an external PostgreSQL instance using the Operator].
+. Reconfigure your `{product-custom-resource-type}` custom resource (CR). For more information, see link:{configuring-book-url}#proc-configuring-postgresql-instance-using-operator_configuring-external-postgresql-databases[Configuring an external PostgreSQL instance using the Operator].
 . Check that the following code is present at the end of your `Backstage` CR after reconfiguration:
 +
 [source,yaml]

modules/configuring/proc-using-the-operator-to-run-rhdh-with-your-custom-configuration.adoc

@@ -1,7 +1,7 @@
 [id="using-the-operator-to-run-rhdh-with-your-custom-configuration"]
 = Using the {product} operator to run {product-short} with your custom configuration
 
-To use the {product-short} operator to run {product} with your custom configuration, create a {product-custom-resource-type} custom resource that:
+To use the {product-short} operator to run {product} with your custom configuration, create your {product-custom-resource-type} custom resource (CR) that:
 
 * Mounts files provisioned in your custom config maps.
 * Injects environment variables provisioned in your custom secrets.
@@ -13,7 +13,7 @@ To use the {product-short} operator to run {product} with your custom configurat
 
 .Procedure
 
-. Author your {product-custom-resource-type} custom resource in a `{my-product-cr-name}.yaml` file to use your custom config maps and secrets.
+. Author your {product-custom-resource-type} CR in a `{my-product-cr-name}.yaml` file to use your custom config maps and secrets.
 +
 .Minimal `{my-product-cr-name}.yaml` custom resource example
 ====
@@ -78,7 +78,7 @@ spec:
 Mandatory fields::
 
 No fields are mandatory.
-You can create an empty {product-custom-resource-type} custom resource
+You can create an empty {product-custom-resource-type} CR
 and run {product-short} with the default configuration.
 
 Optional fields::
@@ -198,7 +198,7 @@ spec:
 `spec.deployment`:::
 Optionally, xref:configuring-the-deployment[enter your deployment configuration].
 
-. Apply your {product-custom-resource-type} custom resource to start or update your {product-short} instance.
+. Apply your {product-custom-resource-type} CR to start or update your {product-short} instance.
 +
 [source,terminal,subs="+attributes,+quotes"]
 ----

modules/customizing-techdocs/proc-techdocs-configure-odf-operator.adoc

@@ -2,7 +2,7 @@
 [id="proc-techdocs-configure-odf-operator_{context}"]
 = Making object storage accessible to containers by using the Operator
 
-Creating a `ObjectBucketClaim` Custom Resource (CR) automatically generates both the {product-short} `ObjectBucketClaim` config map and secret. The config map and secret contain `ObjectBucket` access information. Adding the access information to the Operator configuration makes it accessible to the {product-short} container by adding the following environment variables to the container:
+Creating a `ObjectBucketClaim` custom resource (CR) automatically generates both the {product-short} `ObjectBucketClaim` config map and secret. The config map and secret contain `ObjectBucket` access information. Adding the access information to the Operator configuration makes it accessible to the {product-short} container by adding the following environment variables to the container:
 
 * `BUCKET_NAME`
 * `BUCKET_HOST`
@@ -21,7 +21,7 @@ These variables are then used in the TechDocs plugin configuration.
 
 .Procedure
 
-* In the {product-short} `Backstage` CR, enter the name of the {product-short} `ObjectBucketClaim` config map as the value for the `spec.application.extraEnvs.configMaps` field and enter the {product-short} `ObjectBucketClaim` secret name as the value for the `spec.application.extraEnvs.secrets` field. For example:
+* In your `{product-custom-resource-type}` CR, enter the name of the {product-short} `ObjectBucketClaim` config map as the value for the `spec.application.extraEnvs.configMaps` field and enter the {product-short} `ObjectBucketClaim` secret name as the value for the `spec.application.extraEnvs.secrets` field. For example:
 +
 [source,yaml]
 ----

modules/dynamic-plugins/proc-config-dynamic-plugins-rhdh-operator.adoc

@@ -6,7 +6,7 @@
 [id="proc-config-dynamic-plugins-rhdh-operator_{context}"]
 = Installing dynamic plugins with the {product} Operator
 
-You can store the configuration for dynamic plugins in a `ConfigMap` object that your `Backstage` custom resource (CR) can reference.
+You can store the configuration for dynamic plugins in a `ConfigMap` object that your `{product-custom-resource-type}` custom resource (CR) can reference.
 
 [NOTE]
 ====
@@ -50,7 +50,7 @@ data:
 +
 image::rhdh/operator-install-2.png[]
 
-. Add the `dynamicPluginsConfigMapName` field to your `Backstage` CR. For example:
+. Add the `dynamicPluginsConfigMapName` field to your `{product-custom-resource-type}` CR. For example:
 +
 [source,yaml]
 ----

modules/dynamic-plugins/proc-topology-configure.adoc

@@ -231,7 +231,7 @@ annotations:
 
 The Red Hat OpenShift Dev Spaces instance is not accessible using the source code editor if the `backstage.io/kubernetes-namespace` annotation is added to the `catalog-info.yaml` file.
 
-To retrieve the instance URL, you require the CheCluster Custom Resource (CR). As the CheCluster CR is created in the openshift-devspaces namespace, the instance URL is not retrieved if the namespace annotation value is not openshift-devspaces.
+To retrieve the instance URL, you require the CheCluster custom resource (CR). As the CheCluster CR is created in the openshift-devspaces namespace, the instance URL is not retrieved if the namespace annotation value is not openshift-devspaces.
 
 === Label selector query annotation
 You can write your own custom label, which RHDH uses to find the Kubernetes resources. The label selector takes precedence over the ID annotations: