Merge pull request #90409 from laubai/osdocs-11789-partial-revert-hcp-publish-delay

Partial revert of ROSA split for firewall prereqs

Author: bmcelvee

modules/osd-aws-privatelink-firewall-prerequisites.adoc

@@ -4,28 +4,17 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
 
-ifeval::["{context}" == "rosa-sts-aws-prereqs"]
-:fedramp:
-:rosa-classic-sts:
-endif::[]
-ifeval::["{context}" == "aws-ccs"]
-:osd:
-endif::[]
-ifeval::["{context}" == "prerequisites"]
-:rosa-classic:
-endif::[]
-
 :_mod-docs-content-type: PROCEDURE
-ifdef::rosa-classic-sts[]
+ifdef::openshift-rosa[]
 [id="rosa-classic-firewall-prerequisites_{context}"]
-= ROSA Classic
-endif::rosa-classic-sts[]
-ifndef::rosa-classic-sts[]
+= Firewall prerequisites for ROSA (classic architecture) clusters using STS
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
 [id="osd-aws-privatelink-firewall-prerequisites_{context}"]
-= AWS firewall prerequisites
+= Firewall prerequisites
 
 If you are using a firewall to control egress traffic from {product-title}, you must configure your firewall to grant access to the certain domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service.
-endif::rosa-classic-sts[]
+endif::openshift-dedicated[]
 
 ifdef::openshift-rosa[]
 [IMPORTANT]
@@ -261,15 +250,4 @@ Alternatively, if you choose to not use a wildcard for Amazon Web Services (AWS)
 |`sftp.access.redhat.com` (Recommended)
 |22
 |The SFTP server used by `must-gather-operator` to upload diagnostic logs to help troubleshoot issues with the cluster.
-|===
-
-ifeval::["{context}" == "rosa-sts-aws-prereqs"]
-:!fedramp:
-:!rosa-classic-sts:
-endif::[]
-ifeval::["{context}" == "aws-ccs"]
-:!osd:
-endif::[]
-ifeval::["{context}" == "prerequisites"]
-:!rosa-classic:
-endif::[]
+|===

modules/rosa-hcp-firewall-prerequisites.adoc

@@ -6,9 +6,9 @@
 //TODO OSDOCS-11789: Why is this a procedure and not a reference?
 
 [id="rosa-hcp-firewall-prerequisites_{context}"]
-= Firewall prerequisites
+= Firewall prerequisites for {hcp-title}
 
-* If you are using a firewall to control egress traffic from {product-title}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
+* If you are using a firewall to control egress traffic from {hcp-title-first}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
 
 * You must also configure your firewall to grant access to the following domain and port combinations.
 //TODO OSDOCS-11789: From your deploy machine? From your cluster?
@@ -127,4 +127,4 @@ Your workload may require access to other sites that provide resources for progr
 |`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
 | 443
 | Optional. Required for Sonatype Nexus, F5 Big IP operators.
-|===
+|===

networking/network-verification.adoc

@@ -41,7 +41,7 @@ ifdef::openshift-dedicated[]
 * Egress is available to the required domain and port combinations that are specified in the xref:../osd_planning/aws-ccs.adoc#osd-aws-privatelink-firewall-prerequisites_aws-ccs[AWS firewall prerequisites] section.
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-* Egress is available to the required domain and port combinations that are specified in the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites] section.
+* Egress is available to the required domain and port combinations that are specified in the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites] section.
 endif::openshift-rosa[]
 
 include::modules/automatic-network-verification-bypassing.adoc[leveloffset=+1]

rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc

@@ -10,12 +10,15 @@ This documentation outlines Red{nbsp}Hat, Amazon Web Services (AWS), and custome
 
 include::modules/rosa-policy-responsibilities.adoc[leveloffset=+1]
 
-ifndef::openshift-rosa-hcp[]
 [role="_additional-resources"]
 .Additional resources
+ifdef::openshift-rosa[]
+* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for ROSA (classic architecture) clusters using STS]
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]
+endif::openshift-dedicated[]
 
-* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
-endif::openshift-rosa-hcp[]
 
 
 
@@ -32,12 +35,17 @@ include::modules/managed-cluster-notification-policy.adoc[leveloffset=+2]
 include::modules/rosa-policy-incident.adoc[leveloffset=+1]
 include::modules/rosa-policy-change-management.adoc[leveloffset=+1]
 
-ifndef::openshift-rosa-hcp[]
 [role="_additional-resources"]
 .Additional resources
-
-* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
+ifdef::openshift-rosa-hcp[]
+* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for {hcp-title}]
 endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa[]
+* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for ROSA (classic architecture) clusters using STS]
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]
+endif::openshift-dedicated[]
 
 include::modules/rosa-policy-security-and-compliance.adoc[leveloffset=+1]
 include::modules/rosa-policy-disaster-recovery.adoc[leveloffset=+1]

rosa_cluster_admin/rosa-cluster-notifications.adoc

@@ -60,5 +60,11 @@ include::modules/managed-cluster-remove-notification-contacts.adoc[leveloffset=+
 * Ensure that your cluster can access resources at `api.openshift.com`.
 // TODO: Include this xref once all of the files have been added to the ROSA HCP distro.
 ifndef::openshift-rosa-hcp[]
-* Ensure that your firewall is configured according to the documented prerequisites: xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
-endif::openshift-rosa-hcp[]
+* Ensure that your firewall is configured according to the documented prerequisites:
+ifdef::openshift-rosa[]
+** xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for ROSA (classic architecture) clusters using STS]
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+** xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]
+endif::openshift-dedicated[]
+endif::openshift-rosa-hcp[]

rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc

@@ -16,6 +16,7 @@ include::modules/rosa-additional-principals-overview.adoc[leveloffset=+1]
 include::modules/rosa-additional-principals-create.adoc[leveloffset=+2]
 include::modules/rosa-additional-principals-edit.adoc[leveloffset=+2]
 
+//unclear on why this is here given this is a HCP assembly
 ifndef::openshift-rosa-hcp[]
 [id="next-steps_rosa-hcp-aws-private-creating-cluster"]
 == Next steps
@@ -26,7 +27,6 @@ xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.a
 == Additional resources
 
 * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-sts-aws-prereqs[AWS PrivateLink firewall prerequisites]
-//* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS PrivateLink firewall prerequisites]
 * xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-overview-of-the-deployment-workflow[Overview of the ROSA with STS deployment workflow]
 * xref:../rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc#rosa-sts-deleting-cluster[Deleting a ROSA cluster]
 * xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture models]

rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc

@@ -20,7 +20,15 @@ include::modules/osd-aws-privatelink-config-dns-forwarding.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS PrivateLink firewall prerequisites]
+ifdef::openshift-rosa-hcp[]
+* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for {hcp-title}]
+endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa[]
+* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for ROSA (classic architecture) clusters using STS]
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]
+endif::openshift-dedicated[]
 * xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-overview-of-the-deployment-workflow[Overview of the ROSA with STS deployment workflow]
 * xref:../rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc#rosa-sts-deleting-cluster[Deleting a ROSA cluster]
 * xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture models]

rosa_planning/rosa-cloud-expert-prereq-checklist.adoc

@@ -172,7 +172,7 @@ include::modules/mos-network-prereqs-min-bandwidth.adoc[leveloffset=+2]
 //TODO OSDOCS-11789: Are these things that your cluster needs access to, or your deploying machine needs access to?
 * Configure your firewall to allow access to the domains and ports listed in
 ifdef::openshift-rosa[]
-xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites].
+xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites].
 endif::openshift-rosa[]
 ifdef::openshift-rosa-hcp[]
 xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-hcp-prereqs[AWS firewall prerequisites]

rosa_planning/rosa-sts-aws-prereqs.adoc

@@ -4,7 +4,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 ifndef::openshift-rosa-hcp[]
 :context: rosa-sts-aws-prereqs
 [id="rosa-sts-aws-prereqs"]
-= Detailed requirements for deploying ROSA using STS
+= Detailed requirements for deploying ROSA (classic architecture) using STS
 endif::openshift-rosa-hcp[]
 ifdef::openshift-rosa-hcp[]
 :context: rosa-hcp-prereqs
@@ -55,9 +55,12 @@ include::modules/rosa-sts-aws-requirements-security-req.adoc[leveloffset=+2]
 [role="_additional-resources"]
 [id="additional-resources_aws-security-requirements_{context}"]
 .Additional resources
-ifndef::openshift-rosa-hcp[]
+ifdef::openshift-dedicated[]
 * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
-endif::openshift-rosa-hcp[]
+endif::openshift-dedicated[]
+ifdef::openshift-rosa[]
+* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
+endif::openshift-rosa[]
 ifdef::openshift-rosa-hcp[]
 * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-hcp-prereqs[AWS firewall prerequisites]
 endif::openshift-rosa-hcp[]
@@ -112,12 +115,14 @@ include::modules/mos-network-prereqs-min-bandwidth.adoc[leveloffset=+2]
 
 // Keeping existing ID to prevent link breakage
 ifdef::openshift-rosa[]
-[id="osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs"]
-=== AWS firewall prerequisites
+//[id="osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs"]
+//=== AWS firewall prerequisites
 
-If you are using a firewall to control egress traffic from your {product-title}, you must configure your firewall to grant access to the certain domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service.
+//If you are using a firewall to control egress traffic from your {product-title}, you must configure your firewall to grant access to the certain domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service.
 
-include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+3]
+include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+2]
+// TODO HCP SPLIT - remove openshift-rosa from below condition when HCP docs are published
+include::modules/rosa-hcp-firewall-prerequisites.adoc[leveloffset=+2]
 endif::openshift-rosa[]
 
 ifdef::openshift-rosa-hcp[]
@@ -130,9 +135,11 @@ ifdef::openshift-rosa[]
 * xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
 endif::openshift-rosa[]
 
+[discrete]
 == Next steps
 * xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas_rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]
 
+[discrete]
 [role="_additional-resources"]
 [id="additional-resources_aws-prerequisites_{context}"]
 == Additional resources