From 0331fcf83260d17cab1cc3c28a29e1a0c43bc534 Mon Sep 17 00:00:00 2001
From: Steven Smith <77019920+stevsmit@users.noreply.github.com>
Date: Fri, 13 Sep 2024 09:49:12 -0400
Subject: [PATCH] Book split for security (#1100)

Co-authored-by: Steven Smith <stevsmit@stevsmit-thinkpadt14gen4.remote.csb>
---
 .../docinfo.xml                               |  4 +-
 access_permissions_management/master.adoc     | 49 ++++++++++++
 .../modules                                   |  0
 securing_quay/docinfo.xml                     | 10 +++
 securing_quay/master.adoc                     | 40 ++++++++++
 securing_quay/modules                         |  1 +
 tls-config/master.adoc                        | 75 -------------------
 7 files changed, 102 insertions(+), 77 deletions(-)
 rename {tls-config => access_permissions_management}/docinfo.xml (70%)
 create mode 100644 access_permissions_management/master.adoc
 rename {tls-config => access_permissions_management}/modules (100%)
 create mode 100644 securing_quay/docinfo.xml
 create mode 100644 securing_quay/master.adoc
 create mode 120000 securing_quay/modules
 delete mode 100644 tls-config/master.adoc

diff --git a/tls-config/docinfo.xml b/access_permissions_management/docinfo.xml
similarity index 70%
rename from tls-config/docinfo.xml
rename to access_permissions_management/docinfo.xml
index ad2d96795..858180e42 100644
--- a/tls-config/docinfo.xml
+++ b/access_permissions_management/docinfo.xml
@@ -1,8 +1,8 @@
 <productname>{productname}</productname>
 <productnumber>{producty}</productnumber>
-<subtitle>Configuring SSL/TLS for {productname}</subtitle>
+<subtitle>Securing {productname}</subtitle>
 <abstract>
-    <para>Using SSL/TLS with {productname}</para>
+    <para>Securing {productname}: SSL/TLS, Certificates, and Encryption</para>
 </abstract>
 <authorgroup>
     <orgname>Red Hat OpenShift Documentation Team</orgname>
diff --git a/access_permissions_management/master.adoc b/access_permissions_management/master.adoc
new file mode 100644
index 000000000..689cc53b9
--- /dev/null
+++ b/access_permissions_management/master.adoc
@@ -0,0 +1,49 @@
+include::modules/attributes.adoc[]
+
+:_content-type: ASSEMBLY
+[id="access-permissions-management-quay"]
+= Managing access and permissions for {productname}
+:context: quay-security
+
+{productname} offers a comprehensive permissions model, which allows administrators the ability to control who can access, manage, and modify repositories at a granular level. The following sections show you how to manage user access, define team roles, set permissions for users and robot accounts, and define the visibility of a repository. These guides include instructions using both the {productname} UI and the API. 
+
+The following topics are covered:
+
+* Role-based access controls
+* Adjusting repository visibility
+* Creating and managing robot accounts
+* Clair vulnerability reporting
+
+//rbac
+
+include::modules/role-based-access-control-intro.adoc[leveloffset=+1]
+include::modules/teams-overview.adoc[leveloffset=+2]
+include::modules/set-team-role.adoc[leveloffset=+3]
+include::modules/managing-team-members-repo-permissions-ui.adoc[leveloffset=+3]
+include::modules/setting-role-of-team-within-organization-api.adoc[leveloffset=+3]
+include::modules/default-permissions-v2-ui.adoc[leveloffset=+2]
+include::modules/default-permissions-api.adoc[leveloffset=+2]
+include::modules/allow-access-user-repo.adoc[leveloffset=+2]
+include::modules/adjust-access-user-repo-api.adoc[leveloffset=+2]
+
+//private repo
+include::modules/proc_use-quay-create-repo.adoc[leveloffset=+1]
+include::modules/adjusting-repository-visibility-via-the-ui.adoc[leveloffset=+2]
+include::modules/adjusting-repository-access-via-the-api.adoc[leveloffset=+2]
+
+//robot accounts
+include::modules/robot-account-overview.adoc[leveloffset=+1]
+include::modules/creating-robot-account-v2-ui.adoc[leveloffset=+2]
+include::modules/creating-robot-account-api.adoc[leveloffset=+2]
+include::modules/managing-robot-account-permissions-v2-ui.adoc[leveloffset=+2]
+include::modules/disabling-robot-account.adoc[leveloffset=+2]
+include::modules/regenerating-robot-account-token-api.adoc[leveloffset=+2]
+include::modules/deleting-robot-account-v2-ui.adoc[leveloffset=+2]
+include::modules/deleting-robot-account-api.adoc[leveloffset=+2]
+
+
+//isolated builds
+
+
+//clair
+include::modules/clair-vulnerability-scanner-overview.adoc[leveloffset=+1]
diff --git a/tls-config/modules b/access_permissions_management/modules
similarity index 100%
rename from tls-config/modules
rename to access_permissions_management/modules
diff --git a/securing_quay/docinfo.xml b/securing_quay/docinfo.xml
new file mode 100644
index 000000000..858180e42
--- /dev/null
+++ b/securing_quay/docinfo.xml
@@ -0,0 +1,10 @@
+<productname>{productname}</productname>
+<productnumber>{producty}</productnumber>
+<subtitle>Securing {productname}</subtitle>
+<abstract>
+    <para>Securing {productname}: SSL/TLS, Certificates, and Encryption</para>
+</abstract>
+<authorgroup>
+    <orgname>Red Hat OpenShift Documentation Team</orgname>
+</authorgroup>
+<xi:include href="Common_Content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
diff --git a/securing_quay/master.adoc b/securing_quay/master.adoc
new file mode 100644
index 000000000..395032397
--- /dev/null
+++ b/securing_quay/master.adoc
@@ -0,0 +1,40 @@
+include::modules/attributes.adoc[]
+
+:_content-type: ASSEMBLY
+[id="securing-quay"]
+= Securing {productname}
+:context: quay-security
+
+{productname} offers administrators the ability to secure communication and trusted access to their repositories through the use of Transport Layer Security (TLS), certificate management, and encryption techniques. Properly configuring SSL/TLS and implementing custom certificates can help safeguard data, secure external connections, and maintain trust between {productname} and the integrated services of your choosing. 
+
+The following topics are covered:
+
+* Configuring custom SSL/TLS certificates for standalone {productname} deployments
+* Configuring custom SSL/TLS certificates for {productname-ocp}
+* Adding additional Certificate Authorities to the {productname} container
+* Adding additional Certificate Authorities to {productname-ocp}
+
+//creating ssl-tls-certificates
+include::modules/ssl-tls-quay-overview.adoc[leveloffset=+1]
+include::modules/ssl-create-certs.adoc[leveloffset=+2]
+//SSL/TLS Standalone
+include::modules/configuring-ssl-tls.adoc[leveloffset=+2]
+include::modules/ssl-config-cli.adoc[leveloffset=+3]
+include::modules/ssl-trust-ca-podman.adoc[leveloffset=+3]
+include::modules/ssl-trust-ca-system.adoc[leveloffset=+3]
+//SSL/TLS Operator
+include::modules/operator-custom-ssl-certs-config-bundle.adoc[leveloffset=+2]
+include::modules/creating-custom-ssl-certs-config-bundle.adoc[leveloffset=+3]
+
+//additional ca certificates
+include::modules/config-extra-ca-certs-quay.adoc[leveloffset=+1]
+//Additional CA Certificates standalone
+include::modules/config-custom-ssl-certs-manual.adoc[leveloffset=+2]
+//Additional CA Certificates Operator
+include::modules/config-additional-ca-certs-operator.adoc[leveloffset=+2]
+include::modules/operator-config-cli-download.adoc[leveloffset=+3]
+include::modules/adding-ca-certs-to-config.adoc[leveloffset=+3]
+//Kubernetes
+include::modules/config-custom-ssl-certs-kubernetes.adoc[leveloffset=+2]
+
+//isolated builds
diff --git a/securing_quay/modules b/securing_quay/modules
new file mode 120000
index 000000000..43aab75b5
--- /dev/null
+++ b/securing_quay/modules
@@ -0,0 +1 @@
+../modules/
\ No newline at end of file
diff --git a/tls-config/master.adoc b/tls-config/master.adoc
deleted file mode 100644
index 685245d18..000000000
--- a/tls-config/master.adoc
+++ /dev/null
@@ -1,75 +0,0 @@
-include::modules/attributes.adoc[]
-
-:_content-type: ASSEMBLY
-[id="ssl-tls-quay"]
-= Red Hat Quay security enhancements
-:context: quay-security
-
-{productname} is built for enterprise use cases where content governance and security are two major focus areas. 
-
-This guide provides guidance for enhancing the security of your {productname} deployment. The following topics are covered:
-
-* Adjusting repository visibility
-* Creating and managing robot accounts
-* Creating self-signed Certificate Authorities
-* Configuring custom SSL/TLS certificates for standalone {productname} deployments
-* Configuring custom SSL/TLS certificates for {productname-ocp}
-* Adding additional Certificate Authorities to the {productname} container
-* Adding additional Certificate Authorities to {productname-ocp}
-* Clair vulnerability reporting
-
-//rbac
-
-include::modules/role-based-access-control-intro.adoc[leveloffset=+1]
-include::modules/teams-overview.adoc[leveloffset=+2]
-include::modules/set-team-role.adoc[leveloffset=+3]
-include::modules/managing-team-members-repo-permissions-ui.adoc[leveloffset=+3]
-include::modules/setting-role-of-team-within-organization-api.adoc[leveloffset=+3]
-include::modules/default-permissions-v2-ui.adoc[leveloffset=+2]
-include::modules/default-permissions-api.adoc[leveloffset=+2]
-include::modules/allow-access-user-repo.adoc[leveloffset=+2]
-include::modules/adjust-access-user-repo-api.adoc[leveloffset=+2]
-
-//private repo
-include::modules/proc_use-quay-create-repo.adoc[leveloffset=+1]
-include::modules/adjusting-repository-visibility-via-the-ui.adoc[leveloffset=+2]
-include::modules/adjusting-repository-access-via-the-api.adoc[leveloffset=+2]
-
-//robot accounts
-include::modules/robot-account-overview.adoc[leveloffset=+1]
-include::modules/creating-robot-account-v2-ui.adoc[leveloffset=+2]
-include::modules/creating-robot-account-api.adoc[leveloffset=+2]
-include::modules/managing-robot-account-permissions-v2-ui.adoc[leveloffset=+2]
-include::modules/disabling-robot-account.adoc[leveloffset=+2]
-include::modules/regenerating-robot-account-token-api.adoc[leveloffset=+2]
-include::modules/deleting-robot-account-v2-ui.adoc[leveloffset=+2]
-include::modules/deleting-robot-account-api.adoc[leveloffset=+2]
-
-//creating ssl-tls-certificates
-include::modules/ssl-tls-quay-overview.adoc[leveloffset=+1]
-include::modules/ssl-create-certs.adoc[leveloffset=+2]
-//SSL/TLS Standalone
-include::modules/configuring-ssl-tls.adoc[leveloffset=+2]
-include::modules/ssl-config-cli.adoc[leveloffset=+3]
-include::modules/ssl-trust-ca-podman.adoc[leveloffset=+3]
-include::modules/ssl-trust-ca-system.adoc[leveloffset=+3]
-//SSL/TLS Operator
-include::modules/operator-custom-ssl-certs-config-bundle.adoc[leveloffset=+2]
-include::modules/creating-custom-ssl-certs-config-bundle.adoc[leveloffset=+3]
-
-//additional ca certificates
-include::modules/config-extra-ca-certs-quay.adoc[leveloffset=+1]
-//Additional CA Certificates standalone
-include::modules/config-custom-ssl-certs-manual.adoc[leveloffset=+2]
-//Additional CA Certificates Operator
-include::modules/config-additional-ca-certs-operator.adoc[leveloffset=+2]
-include::modules/operator-config-cli-download.adoc[leveloffset=+3]
-include::modules/adding-ca-certs-to-config.adoc[leveloffset=+3]
-//Kubernetes
-include::modules/config-custom-ssl-certs-kubernetes.adoc[leveloffset=+2]
-
-//isolated builds
-
-
-//clair
-include::modules/clair-vulnerability-scanner-overview.adoc[leveloffset=+1]