Skip to content

Commit

Permalink
Merge pull request #962 from wavefrontHQ/mstaneva-CSP-feedback
Browse files Browse the repository at this point in the history
Changed important notes to warnings
  • Loading branch information
Margarita-Staneva authored Sep 29, 2023
2 parents 23371fc + d092dd1 commit f02e8e7
Show file tree
Hide file tree
Showing 7 changed files with 14 additions and 9 deletions.
4 changes: 2 additions & 2 deletions pages/doc/csp_accounts-service.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ summary: Learn how you can create and manage service accounts.

{% include note.html content="Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for VMware Cloud services subscriptions. For **original** subscriptions, see [Manage Service Accounts](service-accounts.html)."%}

{% include important.html content="Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions, because The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future. To enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team. "%}
{% include warning.html content="The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future."%}

If your service was recently onboarded to VMware Cloud services, you might have some legacy service accounts for backward compatibility. It's recommended that you incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) which authenticate with more secure VMware Cloud services access tokens. See [How to Replace a Service Account with a Server to Server App?](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app).
If your service was recently onboarded to VMware Cloud services, you might have some legacy service accounts for backward compatibility. It's strongly recommended that you incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) which authenticate with more secure VMware Cloud services access tokens. See [How to Replace a Service Account with a Server to Server App?](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app).

## What Are Service Accounts?

Expand Down
7 changes: 6 additions & 1 deletion pages/doc/csp_api_tokens.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@ If you want to set up one of the [integrations](integrations_onboarded_subscript

{% include important.html content="Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions, because The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future. To enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team. "%}

{% include warning.html content=" Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future. Тo temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %}


As a user with the **Admin** service role, you can generate and manage the API tokens for [service accounts](csp_service_accounts.html) upon creation or at a later stage.

To generate and manage the API tokens for an existing **service account**:
Expand All @@ -84,11 +87,13 @@ To generate and manage the API tokens for an existing **service account**:
3. To rename an API token, click the **Edit** icon for the token, enter the name, and press Enter.
6. Select the appropriate permissions for the service account and click **Update**.



## Manage the Operations for Applications API Tokens in Your Service Instance

As a user with the **Admin** service role, you can view and revoke the API tokens of any service account in your service instance.

{% include note.html content="If your original Operations for Applications subscription was onboarded to VMware Cloud services, for backward compatibility, you might have some legacy Operations for Applications API tokens that are associated with user accounts. It’s recommended that you incrementally [replace them with VMware Cloud services API tokens](csp_migration.html#how-to-replace-an-operations-for-applications-api-token-with-a-vmware-cloud-services-access-token)."%}
{% include warning.html content="If your original Operations for Applications subscription was onboarded to VMware Cloud services, for backward compatibility, you might have some legacy Operations for Applications API tokens that are associated with user accounts. It’s recommended that you incrementally [replace them with VMware Cloud services API tokens](csp_migration.html#how-to-replace-an-operations-for-applications-api-token-with-a-vmware-cloud-services-access-token)."%}

1. Log in to your service instance as an **Admin** user.
2. Click the gear icon <i class="fa fa-cog"/> on the toolbar and select **Accounts**.
Expand Down
4 changes: 2 additions & 2 deletions pages/doc/csp_area_differences.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Some administrative tasks, done by **Super Admins** and users with the **Account

With the 2023-38 release, we introduce the **Admin** permission and service role, which partially correspond to the **Accounts** permission for original subscriptions. Users with the **Admin** service role can manage service accounts and Operations for Applications API tokens. They can also restrict access to new dashboards and alerts and set the organization settings. For example, they can restrict the access to the object creator only and set default settings, such as display settings, PromQL support, default way of building queries, and define Logs settings.

{% include note.html content="Service accounts are enabled only for a limited number of VMware Cloud services subscriptions, because in most cases they should use [server to server OAuth apps](csp_server_to_server_apps.html). To enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %}
{% include warning.html content="Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions.Service accounts and the API tokens associated with them will be deprecated in the future. It's strongly recommended that you incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) which authenticate with more secure VMware Cloud services access tokens. For information on how to do this, see [How to Replace a Service Account with a Server to Server App?](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app). To temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %}

![A graphic showing the differences in the admin tasks for original and onboarded subscriptions. The information displayed is described in the table below.](images/csp-admin-tasks.png)

Expand Down Expand Up @@ -158,7 +158,7 @@ With the 2023-38 release, we introduce the **Admin** permission and service role

For original subscriptions, using the Operations for Applications REST API requires an API token associated with a user account or a service account. To generate API tokens for your user account you need the **API Tokens** permission. To generate API tokens for service accounts and to manage the API tokens in your Operations for Applications organization, you need the **Accounts** permission.

When your service is onboarded to VMware Cloud services and you want to access the Operations for Applications REST API, you need a VMware Cloud services **access token**. In a few cases, when setting up a Wavefront proxy for a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-supported-with-service-accounts), authentication with an Operations for Applications API token is also supported. However, using a VMware Cloud services **access token** is the recommended way. To obtain such a token, you can:
When your service is onboarded to VMware Cloud services and you want to access the Operations for Applications REST API, you need a VMware Cloud services **access token**. In a few cases, when setting up a Wavefront proxy for a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-supported-with-service-accounts), authentication with an Operations for Applications API token is also supported. However, using a VMware Cloud services **access token** is the recommended way as we will deprecate the service accounts in the future. To obtain an **access token**, you can:

* Generate a VMware Cloud services API token associated with your user account and exchange it for an access token.

Expand Down
2 changes: 1 addition & 1 deletion pages/doc/csp_migration.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ During the process of onboarding your Operations for Applications service to VMw

During the process of onboarding your Operations for Applications service to VMware Cloud services, the service accounts **are not** migrated to VMware Cloud services, because VMware Cloud services supports [server to server OAuth apps](csp_server_to_server_apps.html), which are equivalent to the services accounts in Operations for Applications.

{% include important.html content="The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future."%}
{% include warning.html content="The usage of service accounts in Operations for Applications on VMware Cloud services is **restricted** to support only a [limited list of integrations](integrations_onboarded_subscriptions.html#integrations-that-use-operations-for-applications-api-tokens) that still authenticate with Operations for Applications API tokens. We are in the process of updating all of our integrations to authenticate with VMware Cloud services access tokens. Service accounts and Operations for Applications API tokens will be deprecated in the future."%}

For backward compatibility, all of your service accounts are **preserved** in Operations for Applications as follows:

Expand Down
2 changes: 1 addition & 1 deletion pages/doc/csp_supported_integrations.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ The Wavefront proxy requires a VMware Cloud services access token with the **Pro

For a limited number of integrations, you must still use an Operations for Applications API token, associated with a [service account](csp_service_accounts.html) that has the **Proxies** permission. As a user with the **Admin** service role, you can create a service account with the **Proxies** permission and generate an API token for it. Then, you can install the Wavefront proxy and set up your integration to pass the API token of the service account.

{% include note.html content=" Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions, because in most cases they should use [server to server OAuth apps](csp_server_to_server_apps.html). Тo enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team. It is recommended that you gradually switch to using server to server OAuth apps which authenticate with more secure VMware Cloud services access tokens." %}
{% include warning.html content=" Service accounts are enabled only for a **limited number** of VMware Cloud services subscriptions. It is strongly recommended that you gradually [switch to using server to server OAuth apps](csp_migration.html#how-to-replace-a-service-account-with-a-server-to-server-app) which authenticate with more secure VMware Cloud services access tokens. Тo temporarily enable service accounts for your service instance, [contact](wavefront_support_feedback.html) our Technical Support team." %}

To understand how you can manage the API tokens for service accounts, see [Managing the Operations for Applications API Tokens for a Service Account](csp_api_tokens.html#managing-the-operations-for-applications-api-tokens-for-a-service-account).

Expand Down
2 changes: 1 addition & 1 deletion pages/doc/csp_ui_differences.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ The gear icon menu also differs, because many of the tasks for VMware Cloud serv

Most of the identity and access management tasks for VMware Cloud services subscribers are done by using the VMware Cloud Services Console. Therefore, if you are a user with the **Admin** service role assigned (this role partially covers the **Accounts** permission for original subscriptions), when you click the gear icon on the toolbar and select **Accounts**, you will see only the **Service Accounts** and the **API Tokens** tabs.

{% include note.html content=" This page is available only for a **limited number** of VMware Cloud services subscriptions, because in most cases you should use [server to server OAuth apps](csp_server_to_server_apps.html) and [VMware Cloud services API tokens](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-3A9C29E0-460B-4586-B51A-084443A960D0.html)." %}
{% include warning.html content=" This page is available only for a **limited number** of VMware Cloud services subscriptions, because you should incrementally switch to using [server to server OAuth apps](csp_server_to_server_apps.html) and [VMware Cloud services API tokens](https://docs.vmware.com/en/VMware-Cloud-services/services/Using-VMware-Cloud-Services/GUID-3A9C29E0-460B-4586-B51A-084443A960D0.html). Service accounts and the API tokens associated with them will be deprecated in the future." %}

![An image showing the differences in the Accounts menu and the Service Accounts tab.](images/new-vs-original-accounts.png)

Expand Down
2 changes: 1 addition & 1 deletion pages/doc/start_trial.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ VMware Cloud services provides provides single sign-on (SSO) and identity access

You are redirected to the Operations for Applications GUI. You are logged with your VMware account.

Initially, you have only the [**Viewer** Operations for Applications service role](csp_users_roles.html#manage-roles) but, as a VMware Cloud **Organization Owner**, you can change your roles. You can also add users to your service. See [Manage User Accounts](csp_user_management.html) for details.
{% include note.html content="Initially, you have only the [**Viewer** Operations for Applications service role](csp_users_roles.html#operations-for-applications-service-roles-built-in). As a VMware Cloud **Organization Owner**, you can [change your roles](csp_users_roles.html#manage-roles). It's recommended that when you start your free trial, you change your role to **Super Admin**. You can also add users to your service. See [Manage User Accounts](csp_user_management.html) for details." %}

## Learn More!
* [Get Started with Operations for Applications on VMware Cloud Services](csp_getting_started.html).
Expand Down

0 comments on commit f02e8e7

Please sign in to comment.