Update device trust docs#30821
Conversation
- remove auto enrollment page - update config.json
- content is borrowed and expanded from existing doc
github-actions
Bot
requested review from
lsgunn-teleport,
ptgott,
r0mant and
xinding33
- multiple grammar update - auto enrollment -> auto-enrollment - add signed prereqs in enforcing ddevice trust page
- udpated getting started guide to use preset require-trusted-device role - minor grammar and code formating
|
Friendly ping for review please! |
|
Hi @sshahcodes, to help me review this, would you mind explaining the problems this PR is solving? The summary in the description is helpful for understanding the changes at a high level, but I'm still not really sure why these changes are being made. Thanks! |
|
@ptgott sure, the main reason for the changes in this PR is to adjust existing contents focused on day 1 (for users approaching device trust for the first time) and day 2 (for detailed explanation of available configurations, advance use cases, learn about edge case, best practice etc) docs. Currently, it's a bit mix of reference manual vs getting started all added to a single page without focus on reader persona. It was written when the feature was released first. Lots of defaults have been changed since then, including the new ones that's addressed in #30865 and #30878. Some of the prerequisite aren't even required anymore. The content was structured for general use case but most of it would not be necessary for a admin to quickly try Device Trust, for example, knowing advance use cases and setting up roles and permissions for secure operations is not necessary at all for day 1. This was highlighted in this ticket improving Device Trust UX. Some of the issues mentioned there would have been addressed if the docs pointed to right direction, hence the changes in this PR. Most of the content is reused from "Set up device trust" page and added to the following pages. |
lsgunn-teleport
left a comment
lsgunn-teleport
left a comment
There was a problem hiding this comment.
Overall, this looks good. I might suggest some languages tweaks in a follow-on PR but I think the re-org makes sense. My only question given the current structure is why you wouldn't just but device trust concepts in with the other Device trust topics?
Device trusts
- concepts
- get-started (how-to enroll a device - simple demo/eval/test/day 1 task)
- manage devices (how-to topics)
- enforce-trust (how-to topics)
|
@lsgunn-teleport Thank you for the review.
Sure, you can also create an issue ticket and tag me there, I can collaborate to improve Device Trust docs.
Nothing concrete in particular but given docs re-org, I wanted to keep the new content minimum as there would be too many things to review. I also feel how-to topics needs proper time to find right balance on content, steps and context and so adding reference style docs, as it is in current PR was helpful in quickly grouping relevant commands together while the concepts are explained in single page. But yes, definitely something to revisit in future to add more how-to guides. |
|
Friendly ping for review please @zmb3 and @codingllama |
|
Apologies for the delay, taking a look now. |
| Categorically, we define these two requirements as Trusted Device management | ||
| and Device Trust enforcement. |
There was a problem hiding this comment.
Could we either say "Trusted Device management/enforcement" or "Device Trust management/enforcement", so there's less difference between terms?
There was a problem hiding this comment.
I hear you on this one. Between "Trusted Device management/enforcement" and "Device Trust management/enforcement", I prefer the first one as it is close to how device trust works(enrolling trusted devices, enforcing trusted device access).
Though the Device Trust Enforcement also aligns with the configuration semantics as the rule to enforce device is device_trust_mode: required and not trusted_device: required. That said, I am open to suggestions here.
Also tagging @zmb3 for more suggestions.
| </Admonition> | ||
|
|
||
|
|
||
| ## Locking a device |
There was a problem hiding this comment.
Should this be in the management guide?
There was a problem hiding this comment.
I think it belongs in enforcement but tagging @zmb3 for third opinion.
|
Lot's of great feedback here already, so I'll wait to review until this batch is addressed. |
|
Friendly ping @codingllama @zmb3. |
codingllama
left a comment
codingllama
left a comment
There was a problem hiding this comment.
Thanks for tackling this one.
public-teleport-github-review-bot
Bot
removed request for
ptgott,
r0mant and
xinding33
5 participants
Updates device trust docs:
Most of the work in this PR includes shuffling existing content to various new pages so that contents align with day 1 and day 2 usage of device trust.
I also recommend to pull these changes and view them in local docs server to review if the links and docs flow is consumable when surfing Device Trust docs.