OSDOCS-14108

Author: jneczypor

modules/authentication-authorization-common-terms.adoc

@@ -49,10 +49,10 @@ manual mode::
 In manual mode, a user manages cloud credentials instead of the Cloud Credential Operator (CCO).
 endif::openshift-dedicated,openshift-rosa[]
 
-ifndef::openshift-dedicated,openshift-rosa[]
+ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
 mint mode::
 Mint mode is the default and recommended best practice setting for the Cloud Credential Operator (CCO) to use on the platforms for which it is supported. In this mode, the CCO uses the provided administrator-level cloud credential to create new credentials for components in the cluster with only the specific permissions that are required.
-endif::openshift-dedicated,openshift-rosa[]
+endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
 
 namespace::
 A namespace isolates specific system resources that are visible to all processes. Inside a namespace, only processes that are members of that namespace can see those resources.

modules/config-github-idp.adoc

@@ -45,9 +45,16 @@ https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp
 +
 For example:
 +
+ifndef::openshift-rosa-hcp[]
 ----
 https://oauth-openshift.apps.openshift-cluster.example.com/oauth2callback/github
 ----
+endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa-hcp[]
+----
+https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
+----
+endif::openshift-rosa-hcp[]
 
 . link:https://docs.github.com/en/developers/apps/creating-an-oauth-app[Register an application on GitHub].
 

modules/config-gitlab-idp.adoc

@@ -33,9 +33,16 @@ You can also click the *Add Oauth configuration* link in the warning message dis
 . Enter a unique name for the identity provider. This name cannot be changed later.
 ** An *OAuth callback URL* is automatically generated in the provided field. You will provide this URL to GitLab.
 +
+ifndef::openshift-rosa-hcp[]
 ----
 https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
 ----
+endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa-hcp[]
+----
+https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
+----
+endif::openshift-rosa-hcp[]
 +
 For example:
 +

modules/config-google-idp.adoc

@@ -36,9 +36,16 @@ You can also click the *Add Oauth configuration* link in the warning message dis
 . Enter a unique name for the identity provider. This name cannot be changed later.
 ** An *OAuth callback URL* is automatically generated in the provided field. You will provide this URL to Google.
 +
+ifndef::openshift-rosa-hcp[]
 ----
 https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
 ----
+endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa-hcp[]
+----
+https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
+----
+endif::openshift-rosa-hcp[]
 +
 For example:
 +

modules/config-openid-idp.adoc

@@ -73,9 +73,16 @@ You can also click the *Add Oauth configuration* link in the warning message dis
 . Enter a unique name for the identity provider. This name cannot be changed later.
 ** An *OAuth callback URL* is automatically generated in the provided field.
 +
+ifndef::openshift-rosa-hcp[]
 ----
 https://oauth-openshift.apps.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
 ----
+endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa-hcp[]
+----
+https://oauth.<cluster_name>.<cluster_domain>/oauth2callback/<idp_provider_name>
+----
+endif::openshift-rosa-hcp[]
 +
 For example:
 +

modules/oauth-server-overview.adoc

@@ -7,7 +7,7 @@
 [id="oauth-server-overview_{context}"]
 = {product-title} OAuth server
 
-The {product-title} master includes a built-in OAuth server. Users obtain OAuth
+The {product-title} Control Plane includes a built-in OAuth server. Users obtain OAuth
 access tokens to authenticate themselves to the API.
 
 When a person requests a new OAuth token, the OAuth server uses the configured

modules/oauth-token-requests.adoc

@@ -41,11 +41,13 @@ cannot display interactive login pages, such as the CLI. Therefore,
 {product-title} supports authenticating using a `WWW-Authenticate`
 challenge in addition to interactive login flows.
 
+ifndef::openshift-rosa-hcp[]
 If an authenticating proxy is placed in front of the
 `<namespace_route>/oauth/authorize` endpoint, it sends unauthenticated,
 non-browser user-agents `WWW-Authenticate` challenges rather than
 displaying an interactive login page or redirecting to an interactive
 login flow.
+endif::openshift-rosa-hcp[]
 
 [NOTE]
 ====

modules/rosa-create-cluster-admins.adoc

@@ -43,6 +43,7 @@ cluster-admins    rh-rosa-test-user
 dedicated-admins  rh-rosa-test-user
 ----
 +
+ifndef::openshift-rosa-hcp[]
 . Enter the following command to verify that your user now has `cluster-admin` access. A cluster administrator can run this command without errors, but a dedicated administrator cannot.
 +
 [source,terminal]
@@ -62,3 +63,4 @@ service/api   ClusterIP   172.30.23.241   <none>        443/TCP   18h
 NAME                       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                     AGE
 daemonset.apps/apiserver   3         3         3       3            3           node-role.kubernetes.io/master=   18h
 ----
+endif::openshift-rosa-hcp[]

modules/setting-up-an-aws-iam-role-a-service-account.adoc

@@ -45,7 +45,7 @@ In {product-title} with STS clusters, the OIDC provider is created during instal
     ]
 }
 ----
-<1> Replace `<oidc_provider_arn>` with the ARN of your OIDC provider, for example `arn:aws:iam::<aws_account_id>:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`.
+<1> Replace `<oidc_provider_arn>` with the ARN of your OIDC provider, for example link:https://rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres[`arn:aws:iam::<aws_account_id>:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`.] You can retrieve the ARN by using the `rosa describe cluster` CLI command.
 <2> Limits the role to the specified project and service account. Replace `<oidc_provider_name>` with the name of your OIDC provider, for example `rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`. Replace `<project_name>:<service_account_name>` with your project name and service account name, for example `my-project:test-service-account`.
 +
 [NOTE]