Skip to content

[OSDOCS-15132]Improve the ROSA docs for secure auth flows (XCMSTRAT-600) #95714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[OSDOCS-15132]Improve the ROSA docs for secure auth flows (XCMSTRAT-600) #95714

wants to merge 2 commits into from
+19 −9

Conversation

mletalie
Copy link
Contributor

@mletalie mletalie commented Jul 7, 2025
edited
Loading

Version(s):

4.19+
Issue:

https://issues.redhat.com/browse/OSDOCS-15132
Link to docs preview:

HCP
Classic
QE review:

  • QE has approved this change.

Additional information:

@openshift-ci openshift-ci bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 7, 2025
@mletalie mletalie changed the title Osdocs 15132 [Osdocs 15132]Improve the ROSA and OCM docs for secure auth flows (XCMSTRAT-600) Jul 7, 2025
@mletalie mletalie changed the title [Osdocs 15132]Improve the ROSA and OCM docs for secure auth flows (XCMSTRAT-600) [OSDOCS-15132]Improve the ROSA and OCM docs for secure auth flows (XCMSTRAT-600) Jul 7, 2025
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Jul 7, 2025
edited
Loading

🤖 Tue Jul 15 20:15:16 - Prow CI generated the docs preview:

https://95714--ocpdocs-pr.netlify.app/openshift-rosa-hcp/latest/cli_reference/rosa_cli/rosa-get-started-cli.html
https://95714--ocpdocs-pr.netlify.app/openshift-rosa/latest/cli_reference/rosa_cli/rosa-get-started-cli.html

@mletalie mletalie changed the title [OSDOCS-15132]Improve the ROSA and OCM docs for secure auth flows (XCMSTRAT-600) [OSDOCS-15132]Improve the ROSA docs for secure auth flows (XCMSTRAT-600) Jul 8, 2025
@mletalie
Copy link
Contributor Author

mletalie commented Jul 9, 2025

/retest

1 similar comment
@mletalie
Copy link
Contributor Author

mletalie commented Jul 9, 2025

/retest

ocpdocs-vale-bot
ocpdocs-vale-bot reviewed Jul 15, 2025
View reviewed changes
modules/rosa-configure.adoc

Alternatively, authenticating with the Red{nbsp}Hat single sign-on (SSO) method automatically sends your CLI instance a refresh token that is valid for 10 hours. Because this authorization code is unique and temporary, it is more secure and reduces the risk of unauthorized access.

If your system has a web browser, follow the steps in Section 4.9.1, “Logging in to the OpenShift Cluster Manager CLI (ocm-cli) tool with a Red Hat Single Sign-On authorization code” to authenticate with Red Hat Single Sign-On.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

ocpdocs-vale-bot
ocpdocs-vale-bot reviewed Jul 15, 2025
View reviewed changes
modules/rosa-configure.adoc

If your system has a web browser, follow the steps in Section 4.9.1, “Logging in to the OpenShift Cluster Manager CLI (ocm-cli) tool with a Red Hat Single Sign-On authorization code” to authenticate with Red Hat Single Sign-On.

If you are working with containers, remote hosts, or other environments without a web browser, follow the steps in Section 4.9.2, “Logging in to the OpenShift Cluster Manager CLI with a Red Hat Single Sign-On device code” to authenticate with Red Hat Single Sign-On.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

ocpdocs-vale-bot
ocpdocs-vale-bot reviewed Jul 15, 2025
View reviewed changes
modules/rosa-configure.adoc

If you are working with containers, remote hosts, or other environments without a web browser, follow the steps in Section 4.9.2, “Logging in to the OpenShift Cluster Manager CLI with a Red Hat Single Sign-On device code” to authenticate with Red Hat Single Sign-On.

Clean this up: The new secure method of authenticating using Red Hat Single Sign-On will not break any existing automations that rely on offline tokens. To use offline tokens for automation or other purposes, you can download the OpenShift Cluster Manager API token from the OpenShift Cluster Manager API Token page. Use service accounts, available on the Service Accounts page, for automation purposes.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

ocpdocs-vale-bot
ocpdocs-vale-bot reviewed Jul 15, 2025
View reviewed changes
modules/rosa-configure.adoc

If you are working with containers, remote hosts, or other environments without a web browser, follow the steps in Section 4.9.2, “Logging in to the OpenShift Cluster Manager CLI with a Red Hat Single Sign-On device code” to authenticate with Red Hat Single Sign-On.

Clean this up: The new secure method of authenticating using Red Hat Single Sign-On will not break any existing automations that rely on offline tokens. To use offline tokens for automation or other purposes, you can download the OpenShift Cluster Manager API token from the OpenShift Cluster Manager API Token page. Use service accounts, available on the Service Accounts page, for automation purposes.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

ocpdocs-vale-bot
ocpdocs-vale-bot reviewed Jul 15, 2025
View reviewed changes
modules/rosa-configure.adoc
[id="rosa-login-sso_auth{context}"]
=== Authenticating the {product-title} (ROSA) CLI with Red Hat Single Sign-On authorization code


. To log into the ROSA CLI (`rosa`) with a Red{nbsp}Hat single sign-on authorization code, run the following command:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 [error] RedHat.TermsErrors: Use 'log in to' rather than 'log into'. For more information, see RedHat.TermsErrors.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 15, 2025

@mletalie: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocpdocs-vale-bot ocpdocs-vale-bot ocpdocs-vale-bot left review comments

Assignees
No one assigned
Labels
size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mletalie @ocpdocs-previewbot @ocpdocs-vale-bot