Hide Access Controls links/pages based on scope

Backports #12708 See #11383 Ensure that no visitor to the Teleport docs site sees content that is irrelevant to their scope (e.g., Cloud, Open Source, or Enterprise) by hiding scope-irrelevant content from the navigation menu and menu pages. For pages that are only relevant to a specific scope, show users with unintended scopes a menu of links to supported scopes. This PR focuses on the Access Controls section.
gravitational · Jun 3, 2022 · db29642 · db29642
1 parent e737a74
commit db29642
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 17 deletions.
diff --git a/docs/config.json b/docs/config.json
@@ -424,12 +424,31 @@
           "title": "Guides",
           "slug": "/access-controls/guides/",
           "entries": [
-            { "title": "Role Templates", "slug": "/access-controls/guides/role-templates/" },
-            { "title": "Session Locking", "slug": "/access-controls/guides/locking/" },
-            { "title": "Second Factor - WebAuthn", "slug": "/access-controls/guides/webauthn/" },
-            { "title": "Per-session MFA", "slug": "/access-controls/guides/per-session-mfa/" },
-            { "title": "Dual Authorization", "slug": "/access-controls/guides/dual-authz/" },
-            { "title": "Impersonation", "slug": "/access-controls/guides/impersonation/" }
+            {
+              "title": "Role Templates",
+              "slug": "/access-controls/guides/role-templates/"
+            },
+            {
+              "title": "Session Locking",
+              "slug": "/access-controls/guides/locking/"
+            },
+            {
+              "title": "Second Factor - WebAuthn",
+              "slug": "/access-controls/guides/webauthn/"
+            },
+            {
+              "title": "Per-session MFA",
+              "slug": "/access-controls/guides/per-session-mfa/"
+            },
+            {
+              "title": "Dual Authorization",
+              "slug": "/access-controls/guides/dual-authz/",
+              "hideInScopes": "oss"
+            },
+            {
+              "title": "Impersonation",
+              "slug": "/access-controls/guides/impersonation/"
+            }
           ]
         },
         { "title": "Reference", "slug": "/access-controls/reference/" },

diff --git a/docs/pages/access-controls/guides.mdx b/docs/pages/access-controls/guides.mdx
@@ -5,9 +5,11 @@ layout: tocless-doc
 ---
 
 <ul>
+  <ScopedBlock scope={["cloud", "enterprise"]}>
   <li>
     [Dual Authorization](./guides/dual-authz.mdx). Protect access to critial resources with dual authorization.
   </li>
+  </ScopedBlock>
   <li>
     [Role Templates](./guides/role-templates.mdx). Setup dynamic access policies with Role Templates.
   </li>

diff --git a/docs/pages/access-controls/guides/dual-authz.mdx b/docs/pages/access-controls/guides/dual-authz.mdx
@@ -10,17 +10,27 @@ Here are the most common scenarios:
 - Improve the security of your system and prevent one successful phishing attack from compromising your system.
 - Satisfy FedRAMP AC-3 Dual authorization control that requires approval of two authorized individuals.
 
-Let's set up Teleport's access requests to require the approval of two team members
-for a privileged role `dbadmin`.
+In this guide, we will set up Teleport's access requests to require the approval
+of two team members for a privileged role `dbadmin`.
+
+<ScopedBlock scope="oss">
 
-<Notice
-  type="danger"
-  scope="oss"
->
   This guide requires a commercial edition of Teleport. The open source
   edition of Teleport only supports [GitHub](../../setup/admin/github-sso.mdx) as
   an SSO provider.
-</Notice>
+
+  View this guide as a user of another Teleport edition:
+
+  <TileSet>
+  <Tile href="./dual-authz.mdx/?scope=cloud" title="Teleport Cloud" icon="cloud">
+  </Tile>
+  <Tile href="./dual-authz.mdx/?scope=enterprise" title="Teleport Enterprise" icon="building">
+  </Tile>
+  </TileSet>
+
+</ScopedBlock>
+
+<ScopedBlock scope={["enterprise", "cloud"]}>
 
 <Admonition title="Note" type="tip">
   The steps below describe how to use Teleport with Mattermost. You can also [integrate with many other providers](../../enterprise/workflow/index.mdx).
@@ -284,3 +294,5 @@ auth_service:
 ```
 
 </ScopedBlock>
+
+</ScopedBlock>
diff --git a/docs/pages/enterprise/sso.mdx b/docs/pages/enterprise/sso.mdx
@@ -266,8 +266,6 @@ If something is not working, we recommend to:
 If you get "access denied" or other login errors, the number one place to check is the Audit
 Log. You can access it in the **Activity** tab of the Teleport Web UI.
 
-![Audit Log Entry for SSO Login error](../../img/sso/teleportauditlogssofailed.png)
-
 Example of a user being denied because the role `clusteradmin` wasn't set up:
 
 ```json

diff --git a/docs/pages/setup/guides.mdx b/docs/pages/setup/guides.mdx
@@ -8,5 +8,4 @@ layout: tocless-doc
   - [Docker](./guides/docker.mdx). Getting started with Teleport Open Source using Docker.
   - [Fluentd Event Forwarder](./guides/fluentd.mdx). Forwarding events with Fluentd and the Teleport Events Handler.
   - [EC2 tags as Teleport Nodes](./guides/ec2-tags.mdx). How to set up Teleport Node labels based on EC2 tags.
-  - [Joining Nodes via AWS IAM Role](./guides/joining-nodes-aws-iam.mdx). Use the IAM join method to add Nodes to your Teleport cluster on AWS.
-  - [Using Teleport's Certificate Authority with GitHub](./guides/ssh-key-extensions.mdx). Use Teleport's short-lived certificates with GitHub's Certificate Authority.
+  - [Joining Nodes on AWS](./guides/joining-nodes-aws.mdx). Automatically add Nodes to your Teleport cluster on AWS.