[Docs] Changes to ordered and unordered lists for lint warnings in 14.x

docs/pages/access-controls/access-request-plugins/ssh-approval-jira.mdx

@@ -37,9 +37,9 @@ You'll need the project Jira key to configure the plugin.
 
 Create a new board for tasks in the permission management project. The board has to have at least these three columns:
 
-1. Pending
-2. Approved
-3. Denied
+- Pending
+- Approved
+- Denied
 
 Teleport's Jira plugin will create a new issue for each new permission request in the first available column on the board. When you drag the request task to the Approved column in Jira, the request will be approved. If you drag the request task to the Denied column in Jira, the request will be denied.
 
@@ -158,10 +158,10 @@ plugin to Teleport.
 
 The `[jira]` section requires a few things:
 
-1. Your Jira Cloud or Jira Server URL. For Jira Cloud, it looks something like `yourcompany.atlassian.net`.
-2. Your username on Jira, i.e. [ben@goteleport.com](mailto:ben@goteleport.com)
-3. Your Jira API token that you've created above.
-4. A Jira Project key, available in Project settings.
+- Your Jira Cloud or Jira Server URL. For Jira Cloud, it looks something like `yourcompany.atlassian.net`.
+- Your username on Jira, i.e. [ben@goteleport.com](mailto:ben@goteleport.com)
+- Your Jira API token that you've created above.
+- A Jira Project key, available in Project settings.
 
 The `[http]` setting block describes how the plugin's HTTP server works. The HTTP server is responsible for listening for updates from Jira, and processing updates, like when someone drags a task from Inbox to Approved column.
 

docs/pages/access-controls/access-requests/oss-role-requests.mdx

@@ -11,19 +11,19 @@ requesting a role via the Teleport CLI. Full Access Request functionality,
 including Resource Access Requests and an intuitive and searchable UI are
 available in Teleport Enterprise.
 
-## RBAC Setup
+## RBAC security setup
 
 Teleport's role-based access control (RBAC) allows you to configure what roles
 users can request access to. In this example, we will define two roles:
 
-1. `contractor`: users with this role can request elevated access to the `dba` role
-2. `dba`: this role grants access to databases
+- `contractor`: users with this role can request elevated access to the `dba` role
+- `dba`: this role grants access to databases
 
 There is no role for request approvers, because request approval rules can only
 be configured for Teleport Enterprise. In Open Source Teleport, approvals must
 be performed by running `tctl` on the Auth Server.
 
-**Contractor Role**
+**Contractor role**
 
 Users with this role can request access to the `dba` role.
 
@@ -51,7 +51,7 @@ $ tctl users update --set-roles \
     $(tctl get users/alice --format=json | jq -r '.[].spec.roles | join(",")'),contractor alice
 ```
 
-**DBA Role**
+**DBA role**
 
 This role grants access to databases.
 

docs/pages/access-controls/access-requests/role-requests.mdx

@@ -18,9 +18,9 @@ via ChatOps or anywhere else via our flexible Authorization Workflow API.
 
 In this example, we will define three roles:
 
-1. `contractor`: users with this role can request elevated access to the `dba` role
-2. `dba`: this role grants access to databases
-3. `approver`: users with this role can approve requests for access to the `dba` role
+- `contractor`: users with this role can request elevated access to the `dba` role
+- `dba`: this role grants access to databases
+- `approver`: users with this role can approve requests for access to the `dba` role
 
 **Contractor Role**
 

docs/pages/access-controls/device-trust/jamf-integration.mdx

@@ -32,7 +32,7 @@ Create a readonly Jamf user for inventory sync.
 1. Access `https://yourtenant.jamfcloud.com/accounts.html`, replacing
    `yourtenant` with your Jamf Pro account.
 
-2. Create a new Standard Account with the following settings:
+1. Create a new Standard Account with the following settings:
 
    - Username: teleport (change as desired)
    - Access Level: Full Access

docs/pages/access-controls/guides/moderated-sessions.mdx

@@ -249,8 +249,8 @@ this policy requires.
 The `on_leave` string option in require policies is used to define what happens when a moderator leaves a session, causing a policy to no longer be satisfied.
 
 There are two possible actions to take in this scenario:
-1. Terminate the session and disconnect all participants, corresponding to the `"terminate"` value.
-2. Pause the session and stop any input/output streaming until the policy is satisfied again, corresponding to the `"pause"` value.
+- Terminate the session and disconnect all participants, corresponding to the `"terminate"` value.
+- Pause the session and stop any input/output streaming until the policy is satisfied again, corresponding to the `"pause"` value.
 
 By default, Teleport treats an empty string in this field as the same as `terminate`.
 That is, the session is terminated instantly and all participants are disconnected.

docs/pages/access-controls/login-rules/reference.mdx

@@ -17,8 +17,7 @@ To learn how to add the first login rule to your cluster, checkout out the
 
 ## `traits_map` vs `traits_expression`
 
-Every login rule spec must contain either the `traits_map` field or a
-`traits_expression` field.
+Every login rule spec must contain either the `traits_map` field or a `traits_expression` field.
 
 They both serve the same purpose of transforming user traits.
 The logic difference lies only in the syntax you prefer for your use case, since you can write
@@ -29,8 +28,8 @@ every `traits_map` as an equivalent `traits_expression`.
 while keeping the rest unchanged.
 The `traits_map` behavior can be useful if you want to keep only a handful
 of necessary traits while filtering out all others.
-If lower priority Login Rules set traits those must be also included with higher priority `traits_map`
-to remain populated. For example this configuration will keep the `groups` trait unmodified.
+If lower priority Login Rules set traits, those traits must be also included with higher priority `traits_map`
+to remain populated. For example, the following configuration keeps the `groups` trait unmodified.
 
 ```yaml
   traits_map:
@@ -40,15 +39,16 @@ to remain populated. For example this configuration will keep the `groups` trait
 
 ### `traits_map`
 
-Here is an example Login Rule using a `traits_map` which implements the
+Here is an example Login Rule that uses a `traits_map` to implement the
 following rules:
-1. Every user with the `groups: devs` trait should receive an extra trait
+
+- Every user with the `groups: devs` trait should receive an extra trait
    `access: [staging]`.
-2. Every user with the `groups: admins` trait should receive an extra trait
+- Every user with the `groups: admins` trait should receive an extra trait
    `access: [staging, prod]`.
-3. Every user should receive a `logins` trait with the value of their incoming
+- Every user should receive a `logins` trait with the value of their incoming
    `username` trait converted to lowercase.
-4. All traits other than `groups`, `logins`, and `access` should be filtered
+- All traits other than `groups`, `logins`, and `access` should be filtered
    out.
 
 ```yaml

docs/pages/access-controls/sso/azuread.mdx

@@ -38,17 +38,17 @@ Before you get started, you’ll need:
 
    ![Select Enterprise Applications From Manage](../../../img/azuread/azuread-1-home.png)
 
-2. Select **New application**
+1. Select **New application**
 
    ![Select New Applications From Manage](../../../img/azuread/azuread-2-newapp.png)
 
-3. Select **Create your own application**, enter the application name (for example,
+1. Select **Create your own application**, enter the application name (for example,
    Teleport), and select **Integrate any other application you don't find in
    the gallery (Non-gallery)**.
 
    ![Select Non-gallery application](../../../img/azuread/azuread-3-createnongalleryapp.png)
 
-4. Select **Properties** under **Manage** and set **Assignment required?** to **No**
+1. Select **Properties** under **Manage** and set **Assignment required?** to **No**
 
    ![Turn off user assignment](../../../img/azuread/azuread-4-turnoffuserassign.png)
 
@@ -60,11 +60,11 @@ Before you get started, you’ll need:
 
    ![Select SAML](../../../img/azuread/azuread-5-selectsaml.png)
 
-2. Edit the **Basic SAML Configuration**
+1. Edit the **Basic SAML Configuration**
 
    ![Edit Basic SAML Configuration](../../../img/azuread/azuread-6-editbasicsaml.png)
 
-3. Enter the URL for your Teleport cluster or Teleport tenant in the **Entity ID** and **Reply URL**  fields. For example:
+1. Enter the URL for your Teleport cluster or Teleport tenant in the **Entity ID** and **Reply URL**  fields. For example:
    name="mytenant.teleport.sh:443" /> to the host and HTTPS port of your
    Teleport Proxy Service (or Teleport Team/Enterprise Cloud tenant):
 
@@ -76,7 +76,7 @@ Before you get started, you’ll need:
 
    Click **Save** before proceeding to the next step.
 
-4. In **SAML Certificates** section, copy the **App Federation
+1. In **SAML Certificates** section, copy the **App Federation
    Metadata URL** link and save it for use in our Teleport connector configuration:
 
    ![Download Federation Metadata XML](../../../img/azuread/azuread-9-fedmeatadataxml.png)
@@ -85,16 +85,16 @@ Before you get started, you’ll need:
 
 1. Click on **Unique User Identifier (Name ID)** under **Required claim**.
 
-2. Change the "name identifier format" to **Default**. Make sure the source
+1. Change the "name identifier format" to **Default**. Make sure the source
   attribute is `user.userprincipalname`.
 
    ![Confirm Name Identifier](../../../img/azuread/azuread-8a-nameidentifier.png)
 
-3. Add a group claim to make user security groups available to the connector:
+1. Add a group claim to make user security groups available to the connector:
 
    ![Put in Security group claim](../../../img/azuread/azuread-8b-groupclaim.png)
 
-4. Add a claim that transforms the format of the Azure AD username to lower case, in order to pass it to
+1. Add a claim that transforms the format of the Azure AD username to lower case, in order to pass it to
    Teleport. Set the Source to "Transformation". In the new panel:
 
    - Set the Transformation value to "Extract()"

docs/pages/access-controls/sso/gitlab.mdx

@@ -41,12 +41,12 @@ to each of these groups.
 
    ![Create App](../../../img/sso/gitlab/gitlab-oidc-0.png)
 
-2. Collect the `Application ID` and `Secret` in the Application. These will be
+1. Collect the `Application ID` and `Secret` in the Application. These will be
    used in the Teleport OIDC auth connector:
 
    ![Collection Information](../../../img/sso/gitlab/gitlab-oidc-1.png)
 
-3. Confirm the GitLab issuer address.
+1. Confirm the GitLab issuer address.
 
    For GitLab.com, the issuer address is `https://gitlab.com`. This allows
    Teleport to access the Open-ID configuration at

docs/pages/agents/introduction.mdx

@@ -77,9 +77,9 @@ Services to your Cluster](./join-services-to-your-cluster.mdx) guides.
 
 There are two ways to enroll infrastructure resources with Teleport agents:
 
-1. **Static**: Edit an agent's configuration file to configure a specific
+- **Static**: Edit an agent's configuration file to configure a specific
    infrastructure resource to proxy.
-2. **Dynamic**: Apply a [configuration
+- **Dynamic**: Apply a [configuration
    resource](../management/dynamic-resources.mdx) that configures a resource to
    proxy.
 

docs/pages/agents/join-services-to-your-cluster/aws-ec2.mdx

@@ -58,7 +58,7 @@ The Teleport Auth Service needs permission to call `ec2:DescribeInstances` in or
 that the EC2 instances attempting to join your cluster are legitimate and
 currently running.
 
-### Step 1.1. Create the IAM policy
+### Create the IAM policy
 
 Create the following AWS IAM policy named `teleport-DescribeInstances-policy` in
 your account:
@@ -76,7 +76,7 @@ your account:
 }
 ```
 
-### Step 1.2. Attach the IAM policy
+### Attach the IAM policy
 
 If your Teleport Auth Service is running on an EC2 instance and already has an
 attached "IAM role for Amazon EC2", add the above
@@ -194,16 +194,16 @@ have permissions to assume an IAM role in each of those accounts and call
 
 In each AWS account where your EC2 instances will be running:
 
-1. Create the `teleport-DescribeInstances-policy` from [Step 1.1](#step-11-create-the-iam-policy).
+1. Create the `teleport-DescribeInstances-policy` from [Step 1.1](#create-the-iam-policy).
 
-2. Create an IAM role `teleport-DescribeInstances-role` that can be assumed from
+1. Create an IAM role `teleport-DescribeInstances-role` that can be assumed from
    the account where your Teleport Auth Service is running.
 
    Go to the AWS IAM Console, select Create Role, and for "Select type of
    trusted entity", select "Another AWS account" and enter the AWS Account ID of
    the account where your Teleport Auth Service is running.
 
-   Attach the `teleport-DescribeInstances-policy` to the role.
+1. Attach the `teleport-DescribeInstances-policy` to the role.
 
 In the AWS account where your Teleport Auth Service is running:
 
@@ -228,8 +228,8 @@ In the AWS account where your Teleport Auth Service is running:
 }
 ```
 
-2. Attach this `teleport-AssumeRole-policy` to the IAM role your Teleport Auth
-   Service has credentials for, see [Step 1.2](#step-12-attach-the-iam-policy).
+1. Attach this `teleport-AssumeRole-policy` to the IAM role your Teleport Auth
+   Service has credentials for, see [Step 1.2](#attach-the-iam-policy).
 
 When creating the AWS joining token, include an allow rule for each foreign
 account and specify the AWS ARN for the foreign

docs/pages/ai-assist.mdx

@@ -58,16 +58,16 @@ Follow these steps to generate your OpenAI API key:
 
 1. Sign in to your OpenAI account or
    [sign up](https://platform.openai.com/signup) if you don't have one.
-2. Navigate to the [API section](https://platform.openai.com/account/api-keys)
+1. Navigate to the [API section](https://platform.openai.com/account/api-keys)
    in your OpenAI dashboard.
-3. Click on "Create new secret key".
-4. Give your key a descriptive name.
-5. Click "Create secret key".
-6. Your new API key will be displayed. Make sure to copy it and save it in a
+1. Click on "Create new secret key".
+1. Give your key a descriptive name.
+1. Click "Create secret key".
+1. Your new API key will be displayed. Make sure to copy it and save it in a
    file on the system where the Teleport Proxy Service is running, e.g.,
    `/etc/teleport/openai_key`. If you have multiple instances of Teleport Proxy,
    you must copy the file to all of them.
-7. Set read-only permissions and change the file owner to the user that the
+1. Set read-only permissions and change the file owner to the user that the
    Teleport Proxy Service uses by running the following commands:
 
 ```bash
@@ -86,29 +86,30 @@ To enable Teleport Assist, you need to provide your OpenAI API key. On each
 Proxy and Auth Service host, perform the following actions:
 
 1. Open your Teleport configuration file. This is typically located at `/etc/teleport.yaml`.
-2. Add your OpenAI API key to the `assist` section:
 
-If the host is running the Auth Service, add the following section:
+1. Add your OpenAI API key to the `assist` section:
 
- ```yaml
-auth_service:
-  assist:
-    openai:
-      api_token_path: /etc/teleport/openai_key
-```
-
-If the host is running the Proxy Service, add the following section:
+   If the host is running the Auth Service, add the following section:
+   
+   ```yaml
+   auth_service:
+     assist:
+       openai:
+         api_token_path: /etc/teleport/openai_key
+   ```
 
-```yaml
-proxy_service:
-  assist:
-    openai:
-      api_token_path: /etc/teleport/openai_key
-```
+   If the host is running the Proxy Service, add the following section:
+
+   ```yaml
+   proxy_service:
+     assist:
+       openai:
+         api_token_path: /etc/teleport/openai_key
+   ```
 
-3. Save the changes and close the file.
-4. Restart Teleport for the changes to take effect.
+1. Save the changes and close the file.
 
+1. Restart Teleport for the changes to take effect.
 
 Make sure that your Teleport user has the `assistant` permission. By default, users
 with built-in `access` and `editor` roles have this permission. You can also
@@ -137,10 +138,10 @@ spec:
 Now that you have Teleport Assist enabled, you can start using it.
 
 1. Open Teleport's Web UI in your browser (e.g., https://teleport.example.com).
-2. Log in to the Web UI using your Teleport credentials.
-3. Click on the "Assist" button in the top left dropdown menu.
+1. Log in to the Web UI using your Teleport credentials.
+1. Click on the "Assist" button in the top left dropdown menu.
 ![Teleport Assist Menu](../img/assist/main-screen.png)
-4. Click "New Conversation" to start a new conversation with Teleport Assist.
+1. Click "New Conversation" to start a new conversation with Teleport Assist.
 ![Teleport Assist New Chat](../img/assist/assist-screen.png)
 
 Remember, Teleport Assist is powered by OpenAI, so the more specific your query,

docs/pages/api/getting-started.mdx

@@ -8,9 +8,9 @@ to a Teleport Auth Service.
 
 Here are the steps we'll walkthrough:
 
-1. Create an API user using a simple role-based authentication method.
-2. Generate credentials for that user.
-3. Create and connect a Go client to interact with Teleport's API.
+- Create an API user using a simple role-based authentication method.
+- Generate credentials for that user.
+- Create and connect a Go client to interact with Teleport's API.
 
 ## Prerequisites
 

docs/pages/architecture/authentication.mdx

@@ -77,10 +77,10 @@ to the public key with a certificate authority's signature.
 
 OpenSSH certificate contain metadata used to authenticate users and hosts:
 
-1. List of principals (identities) this certificate belongs to.
-2. Signature of the certificate authority who issued it.
-3. The expiration date, also known as "time-to-live" or simply TTL.
-4. Additional data, such as the node role, is stored as a certificate extension.
+- List of principals (identities) this certificate belongs to.
+- Signature of the certificate authority who issued it.
+- The expiration date, also known as "time-to-live" or simply TTL.
+- Additional data, such as the node role, is stored as a certificate extension.
 
 ### Making Time Work For You