From c88752849b96caab7ff26af660c439ebefe1ba5f Mon Sep 17 00:00:00 2001 From: Margarita Staneva Date: Fri, 29 Sep 2023 15:31:04 +0300 Subject: [PATCH] SAs will be available for all customers for sometime. --- pages/doc/csp_api_tokens.md | 4 +++- pages/doc/csp_area_differences.md | 4 +++- pages/doc/csp_supported_integrations.md | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pages/doc/csp_api_tokens.md b/pages/doc/csp_api_tokens.md index 6fe210ed9..3dee34582 100644 --- a/pages/doc/csp_api_tokens.md +++ b/pages/doc/csp_api_tokens.md @@ -66,7 +66,9 @@ For details on how to create, view, and modify the details of the OAuth 2.0 apps If you want to set up one of the [integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with an **Operations for Applications API token**, you must create a [service account](csp_service_accounts.html) and generate an API token associated with it. -{% include warning.html content="The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future. Тo temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team. "%} +{% include warning.html content="The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future. "%} + + As a user with the **Admin** service role, you can generate and manage the API tokens for [service accounts](csp_service_accounts.html) upon creation or at a later stage. diff --git a/pages/doc/csp_area_differences.md b/pages/doc/csp_area_differences.md index 8098125b2..ae6657ff0 100644 --- a/pages/doc/csp_area_differences.md +++ b/pages/doc/csp_area_differences.md @@ -30,7 +30,9 @@ Some administrative tasks, done by **Super Admins** and users with the **Account With the 2023-38 release, we introduce the **Admin** permission and service role, which partially correspond to the **Accounts** permission for original subscriptions. Users with the **Admin** service role can manage service accounts and Operations for Applications API tokens. They can also restrict access to new dashboards and alerts and set the organization settings. For example, they can restrict the access to the object creator only and set default settings, such as display settings, PromQL support, default way of building queries, and define Logs settings. -{% include warning.html content="Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. Service accounts and the API tokens associated with them will be deprecated in the future. It's strongly recommended that you incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) which authenticate with more secure VMware Cloud services access tokens. For information on how to do this, see [How to Replace a Service Account with a Server to Server App?](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app). To temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %} +{% include warning.html content="Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. Service accounts and the API tokens associated with them will be deprecated in the future. It's strongly recommended that you incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) which authenticate with more secure VMware Cloud services access tokens. For information on how to do this, see [How to Replace a Service Account with a Server to Server App?](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app)." %} + + ![A graphic showing the differences in the admin tasks for original and onboarded subscriptions. The information displayed is described in the table below.](images/csp-admin-tasks.png) diff --git a/pages/doc/csp_supported_integrations.md b/pages/doc/csp_supported_integrations.md index ac75a5bb9..a2ab2d161 100644 --- a/pages/doc/csp_supported_integrations.md +++ b/pages/doc/csp_supported_integrations.md @@ -39,7 +39,9 @@ The Wavefront proxy requires a VMware Cloud services access token with the **Pro For a limited number of integrations, you must still use an Operations for Applications API token, associated with a [service account](csp_service_accounts.html) that has the **Proxies** permission. As a user with the **Admin** service role, you can create a service account with the **Proxies** permission and generate an API token for it. Then, you can install the Wavefront proxy and set up your integration to pass the API token of the service account. -{% include warning.html content=" Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Тo temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %} +{% include warning.html content=" Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future." %} + + To understand how you can manage the API tokens for service accounts, see [Managing the Operations for Applications API Tokens for a Service Account](csp_api_tokens.html#managing-the-operations-for-applications-api-tokens-for-a-service-account).