Adding the Security HCP cherrypick

Author: EricPonvelle

.s2i/httpd-cfg/01-commercial.conf

@@ -386,7 +386,11 @@ AddType text/vtt                            vtt
 
     # Service Mesh landing page
 
+<<<<<<< HEAD
     RewriteRule ^container-platform/(4\.14|4\.15|4\.16|4\.17|4\.18)/service_mesh/v3x/ossm-service-mesh-3-0-overview.html /service-mesh/3.0.0tp1/about/ossm-about-openshift-service-mesh.html [NE,R=302]
+=======
+    RewriteRule ^container-platform/(4\.9|4\.10|4\.11|4\.12|4\.13|4\.14|4\.15|4\.16|4\.17|4\.18)/service-mesh/about/ossm-about-openshift-service-mesh.html /service-mesh/latest/about/ossm-about-openshift-service-mesh.html [NE,R=302]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
     # Pipelines handling unversioned and latest links
     RewriteRule ^pipelines/?$ /pipelines/latest [R=302]

_attributes/common-attributes.adoc

@@ -40,8 +40,11 @@ endif::[]
 :oadp-full: OpenShift API for Data Protection
 :oadp-short: OADP
 :oadp-version: 1.4.1
+<<<<<<< HEAD
 :oadp-version-1-3: 1.3.3
 :oadp-version-1-4: 1.4.1
+=======
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 :oc-first: pass:quotes[OpenShift CLI (`oc`)]
 :product-registry: OpenShift image registry
 :product-mirror-registry: Mirror registry for Red Hat OpenShift

_topic_maps/_topic_map.yml

@@ -135,22 +135,22 @@ Topics:
 - Name: Updating a cluster in a disconnected environment
   Dir: updating
   Topics:
-    - Name: About cluster updates in a disconnected environment
-      File: index
-    - Name: Mirroring OpenShift Container Platform images
-      File: mirroring-image-repository
-    - Name: Updating a cluster in a disconnected environment using OSUS
-      File: disconnected-update-osus
-      Distros: openshift-enterprise
-    - Name: Updating a cluster in a disconnected environment without OSUS
-      File: disconnected-update
-      Distros: openshift-enterprise
-    - Name: Updating a cluster in a disconnected environment by using the CLI
-      File: disconnected-update
-      Distros: openshift-origin
-    - Name: Uninstalling OSUS from a cluster
-      File: uninstalling-osus
-      Distros: openshift-enterprise
+  - Name: About cluster updates in a disconnected environment
+    File: index
+  - Name: Mirroring OpenShift Container Platform images
+    File: mirroring-image-repository
+  - Name: Updating a cluster in a disconnected environment using OSUS
+    File: disconnected-update-osus
+    Distros: openshift-enterprise
+  - Name: Updating a cluster in a disconnected environment without OSUS
+    File: disconnected-update
+    Distros: openshift-enterprise
+  - Name: Updating a cluster in a disconnected environment by using the CLI
+    File: disconnected-update
+    Distros: openshift-origin
+  - Name: Uninstalling OSUS from a cluster
+    File: uninstalling-osus
+    Distros: openshift-enterprise
 ---
 Name: Installing
 Dir: installing
@@ -2522,11 +2522,17 @@ Topics:
     File: hcp-destroy-virt
   - Name: Destroying a hosted cluster on IBM Z
     File: hcp-destroy-ibmz
+<<<<<<< HEAD
   - Name: Destroying a hosted cluster on IBM Power
     File: hcp-destroy-ibmpower
   - Name: Destroying a hosted cluster on non-bare metal agent machines
     File: hcp-destroy-non-bm
 - Name: Manually importing a hosted cluster
+=======
+  - Name: Destroying a hosted cluster on non-bare metal agent machines
+    File: hcp-destroy-non-bm
+- Name: Manually importing a hosted control plane cluster
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
   File: hcp-import
 ---
 Name: Nodes

_topic_maps/_topic_map_ms.yml

@@ -33,8 +33,13 @@ Name: Red Hat build of MicroShift release notes
 Dir: microshift_release_notes
 Distros: microshift
 Topics:
+<<<<<<< HEAD
 - Name: Red Hat build of MicroShift 4.18 release notes
   File: microshift-4-18-release-notes
+=======
+- Name: Red Hat build of MicroShift 4.17 release notes
+  File: microshift-4-17-release-notes
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 ---
 Name: Getting ready to install MicroShift
 Dir: microshift_install_get_ready
@@ -110,7 +115,11 @@ Dir: microshift_configuring
 Distros: microshift
 Topics:
 - Name: Using the MicroShift configuration file
+<<<<<<< HEAD
   File: microshift-using-config-yaml
+=======
+  File: microshift-using-config-tools
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 - Name: Configuring IPv6 networking
   File: microshift-nw-ipv6-config
 - Name: Cluster access with kubeconfig
@@ -121,8 +130,11 @@ Topics:
   File: microshift-greenboot-checking-status
 - Name: Configuring audit logging policies
   File: microshift-audit-logs-config
+<<<<<<< HEAD
 - Name: Disabling LVMS CSI provider and CSI snapshot
   File: microshift-disable-lvms-csi-provider-csi-snapshot
+=======
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 - Name: Configuring low latency
   Dir: microshift_low_latency
   Topics:

_topic_maps/_topic_map_rosa_hcp.yml

@@ -576,6 +576,90 @@ Distros: openshift-rosa-hcp
 Topics:
 - Name: Adding additional constraints for IP-based AWS role assumption
   File: rosa-adding-additional-constraints-for-ip-based-aws-role-assumption
+# ---
+# - Name: Security
+#   File: rosa-security
+# - Name: Application and cluster compliance
+#   File: rosa-app-security-compliance
+# ---
+# Name: Authentication and authorization
+# Dir: authentication
+# Distros: openshift-rosa-hcp
+# Topics:
+# - Name: Authentication and authorization overview
+#   File: index
+# - Name: Understanding authentication
+#   File: understanding-authentication
+#  - Name: Configuring the internal OAuth server
+#    File: configuring-internal-oauth
+#  - Name: Configuring OAuth clients
+#    File: configuring-oauth-clients
+# - Name: Managing user-owned OAuth access tokens
+#   File: managing-oauth-access-tokens
+#  - Name: Understanding identity provider configuration
+#    File: understanding-identity-provider
+# - Name: Configuring identity providers
+#   File: sd-configuring-identity-providers
+#  - Name: Configuring identity providers
+#    Dir: identity_providers
+#    Topics:
+#    - Name: Configuring an htpasswd identity provider
+#      File: configuring-htpasswd-identity-provider
+#    - Name: Configuring a Keystone identity provider
+#      File: configuring-keystone-identity-provider
+#    - Name: Configuring an LDAP identity provider
+#      File: configuring-ldap-identity-provider
+#    - Name: Configuring a basic authentication identity provider
+#      File: configuring-basic-authentication-identity-provider
+#    - Name: Configuring a request header identity provider
+#      File: configuring-request-header-identity-provider
+#    - Name: Configuring a GitHub or GitHub Enterprise identity provider
+#      File: configuring-github-identity-provider
+#    - Name: Configuring a GitLab identity provider
+#      File: configuring-gitlab-identity-provider
+#    - Name: Configuring a Google identity provider
+#      File: configuring-google-identity-provider
+#    - Name: Configuring an OpenID Connect identity provider
+#      File: configuring-oidc-identity-provider
+# - Name: Using RBAC to define and apply permissions
+#   File: using-rbac
+#  - Name: Removing the kubeadmin user
+#    File: remove-kubeadmin
+# - Name: Configuring LDAP failover
+#   File: configuring-ldap-failover
+# - Name: Understanding and creating service accounts
+#   File: understanding-and-creating-service-accounts
+# - Name: Using service accounts in applications
+#   File: using-service-accounts-in-applications
+# - Name: Using a service account as an OAuth client
+#   File: using-service-accounts-as-oauth-client
+# - Name: Assuming an AWS IAM role for a service account
+#   File: assuming-an-aws-iam-role-for-a-service-account
+# - Name: Scoping tokens
+#   File: tokens-scoping
+# - Name: Using bound service account tokens
+#   File: bound-service-account-tokens
+# - Name: Managing security context constraints
+#   File: managing-security-context-constraints
+# - Name: Understanding and managing pod security admission
+#   File: understanding-and-managing-pod-security-admission
+#  - Name: Impersonating the system:admin user
+#    File: impersonating-system-admin
+# - Name: Syncing LDAP groups
+#   File: ldap-syncing
+#  - Name: Managing cloud provider credentials
+#    Dir: managing_cloud_provider_credentials
+#    Topics:
+#    - Name: About the Cloud Credential Operator
+#      File: about-cloud-credential-operator
+#    - Name: Mint mode
+#      File: cco-mode-mint
+#    - Name: Passthrough mode
+#      File: cco-mode-passthrough
+#    - Name: Manual mode with long-term credentials for components
+#      File: cco-mode-manual
+#    - Name: Manual mode with short-term credentials for components
+#      File: cco-short-term-creds
 ---
 # ---
 # Name: Authentication and authorization

backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc

@@ -14,7 +14,10 @@ The release notes for {oadp-first} describe new features and enhancements, depre
 For additional information about {oadp-short}, see link:https://access.redhat.com/articles/5456281[{oadp-first} FAQs]
 ====
 
+<<<<<<< HEAD
 include::modules/oadp-1-4-1-release-notes.adoc[leveloffset=+1]
+=======
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 include::modules/oadp-1-4-0-release-notes.adoc[leveloffset=+1]
 include::modules/oadp-backing-up-dpa-configuration-1-4-0.adoc[leveloffset=+3]
 include::modules/oadp-upgrading-oadp-operator-1-4-0.adoc[leveloffset=+3]
@@ -28,4 +31,8 @@ include::modules/oadp-upgrading-oadp-operator-1-4-0.adoc[leveloffset=+3]
 
 To upgrade from OADP 1.3 to 1.4, no Data Protection Application (DPA) changes are required.
 
-include::modules/oadp-verifying-upgrade-1-4-0.adoc[leveloffset=+2]
+<<<<<<< HEAD
+include::modules/oadp-verifying-upgrade-1-4-0.adoc[leveloffset=+2]
+=======
+include::modules/oadp-verifying-upgrade-1-4-0.adoc[leveloffset=+2]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)

edge_computing/image_based_upgrade/cnf-understanding-image-based-upgrade.adoc

@@ -76,8 +76,11 @@ include::modules/cnf-image-based-upgrade.adoc[leveloffset=+1]
 
 * xref:../../edge_computing/image_based_upgrade/cnf-image-based-upgrade-base.adoc#cnf-image-based-upgrade[Performing an image-based upgrade for {sno} clusters with {lcao}]
 
+<<<<<<< HEAD
 * xref:../../edge_computing/image_based_upgrade/ztp-image-based-upgrade.adoc#ztp-image-based-upgrade[Performing an image-based upgrade for {sno} clusters using {ztp}]
 
+=======
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 include::modules/cnf-image-based-upgrade-guidelines.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

edge_computing/image_based_upgrade/ztp-image-based-upgrade.adoc

@@ -6,17 +6,33 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+<<<<<<< HEAD
 // Lifecycle Agent (LCA)
 
 You can use a single resource on the hub cluster, the `ImageBasedGroupUpgrade` custom resource (CR), to manage an imaged-based upgrade on a selected group of managed clusters through all stages.
 {cgu-operator-first} reconciles the `ImageBasedGroupUpgrade` CR and creates the underlying resources to complete the defined stage transitions, either in a manually controlled or a fully automated upgrade flow.
 
 For more information about the image-based upgrade, see "Understanding the image-based upgrade for single-node OpenShift clusters".
+=======
+You can use a single resource on the hub cluster, the `ImageBasedGroupUpgrade` custom resource (CR), to manage an imaged-based upgrade on a selected group of managed clusters through all stages.
+{cgu-operator-first} reconciles the `ImageBasedGroupUpgrade` CR and creates the underlying resources to complete the defined stage transitions, either in a manually controlled or a fully automated upgrade flow.
+
+// Lifecycle Agent (LCA)
+
+include::modules/ztp-image-based-upgrade-concept.adoc[leveloffset=+1]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
 [role="_additional-resources"]
 .Additional resources
 
+<<<<<<< HEAD
 * xref:../../edge_computing/image_based_upgrade/cnf-understanding-image-based-upgrade.adoc#cnf-understanding-image-based-upgrade[Understanding the image-based upgrade for single-node OpenShift clusters]
+=======
+* xref:../../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-3-expired-certs.adoc#dr-scenario-3-recovering-expired-certs_dr-recovering-expired-certs[Recovering from expired control plane certificates]
+
+////
+* xref:../../edge_computing/ztp-preparing-the-hub-cluster.adoc#ztp-preparing-the-ztp-git-repository-ver-ind_ztp-preparing-the-hub-cluster[Preparing the {ztp} site configuration repository for version independence]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
 include::modules/ztp-image-based-upgrade-concept.adoc[leveloffset=+1]
 
@@ -34,6 +50,7 @@ include::modules/ztp-image-based-upgrade-procedure-steps.adoc[leveloffset=+1]
 * xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc#oadp-creating-backup-cr-doc[Creating a Backup CR]
 
 * xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-cr_restoring-applications[Creating a Restore CR]
+<<<<<<< HEAD
 
 * xref:../../edge_computing/image_based_upgrade/ztp-image-based-upgrade.adoc#ztp-image-based-upgrade-supported-combinations_ztp-gitops[Supported action combinations]
 
@@ -47,6 +64,9 @@ include::modules/ztp-image-based-upgrade-procedure-cancel.adoc[leveloffset=+1]
 * xref:../../edge_computing/image_based_upgrade/ztp-image-based-upgrade.adoc#ztp-image-based-upgrade-supported-combinations_ztp-gitops[Supported action combinations]
 
 include::modules/ztp-image-based-upgrade-procedure-rollback.adoc[leveloffset=+1]
+=======
+////
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
 [role="_additional-resources"]
 .Additional resources

hosted_control_planes/hcp-deploy/hcp-deploy-non-bm.adoc

@@ -58,7 +58,11 @@ include::modules/hcp-non-bm-hc.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+<<<<<<< HEAD
 * xref:../../hosted_control_planes/hcp-import.adoc#hcp-import-manual_hcp-import[Manually importing a hosted cluster]
+=======
+* xref:../../hosted_control_planes/hcp-import.adoc#hcp-import-manual_hcp-import[Manually importing a hosted control plane cluster]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
 include::modules/hcp-non-bm-hc-console.adoc[leveloffset=+2]
 

installing/installing_openstack/installing-openstack-three-node.adoc

@@ -8,9 +8,18 @@ toc::[]
 
 In {product-title} version {product-version}, you can install a three-node cluster on {rh-openstack-first}. A three-node cluster consists of three control plane machines, which also act as compute machines. This type of cluster provides a smaller, more resource efficient cluster, for cluster administrators and developers to use for testing, development, and production.
 
+<<<<<<< HEAD
 You can install a three-node cluster on installer-provisioned infrastructure only.
+=======
+You can install a three-node cluster by using either installer-provisioned or user-provisioned infrastructure.
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)
 
 include::modules/installation-three-node-cluster-cloud-provider.adoc[leveloffset=+1]
 
 == Next steps
-* xref:../../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[Installing a cluster on OpenStack with customizations]
+<<<<<<< HEAD
+* xref:../../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[Installing a cluster on OpenStack with customizations]
+=======
+* xref:../../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[Installing a cluster on OpenStack with customizations]
+* xref:../../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[Installing a cluster on OpenStack on your own infrastructure]
+>>>>>>> c17ffd7cec (Adding the Security HCP cherrypick)