From cf98a7c9ead799da900df278cf406f0535e2f6f1 Mon Sep 17 00:00:00 2001
From: Ron Stone <ronald.stone@windriver.com>
Date: Tue, 4 Jan 2022 14:10:02 -0500
Subject: [PATCH] OIDC script updates

Per Teresa H. OIDC CLI access script is part of image and does not need to
be downloaded.
Cleaned up explicit references to DS doenloads location and replaced with
placeholder.
Added note that oidc-auth script needs to be downloaded if used from remote
hosts
Patchset2 review updates

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: I9e713b9c41d8dbe4bad0fe0c2866c913853a79db
---
 .../configuring-a-pxe-boot-server.rst         |  8 +++----
 .../configuring-a-pxe-boot-server.rst         |  8 +++----
 ...token-using-the-oidc-auth-shell-script.rst | 22 +++++++++----------
 .../overview-of-windows-active-directory.rst  | 15 ++++++-------
 4 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst b/doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst
index 8e7a3abff..af1d5cdd4 100644
--- a/doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst
+++ b/doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst
@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
-    temporary location on the PXE boot server.
+#.  Copy the ISO image from the source \(product DVD, USB device, or
+    |dnload-loc| to a temporary location on the |PXE| boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 
diff --git a/doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst b/doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst
index ffe016789..40ba68036 100644
--- a/doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst
+++ b/doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst
@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb-r6:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
-    temporary location on the PXE boot server.
+#.  Copy the ISO image from the source \(product DVD, USB device, or
+    |dnload-loc| to a temporary location on the |PXE| boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 
diff --git a/doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst b/doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst
index 9141baedf..6ebb506df 100644
--- a/doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst
+++ b/doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst
@@ -24,6 +24,8 @@ credential for the user in the **kubectl** config file.
 -   On controller-0, **oidc-auth** is installed as part of the base |prod|
     installation, and ready to use.
 
+-   On remote hosts, **oidc-auth** must be installed from |dnload-loc|.
+
 .. xbooklink
 
    -   On a remote workstation using remote-cli container, **oidc-auth** is
@@ -31,17 +33,15 @@ credential for the user in the **kubectl** config file.
         information on configuring remote CLI access, see |sysconf-doc|:
         :ref:`Configure Remote CLI Access <configure-remote-cli-access>`.
 
--   On a remote host, when using directly installed **kubectl** and **helm**, the following setup is required:
+-   On a remote host, when using directly installed **kubectl** and **helm**,
+    the following setup is required:
 
 
     -   Install "Python Mechanize" module using the following command:
 
         .. code-block:: none
 
-            # sudo pip2 install mechanize
-
-    -   Get the **oidc-auth** script from WindShare.
-
+            sudo pip2 install mechanize
 
 
 .. note::
@@ -55,7 +55,8 @@ credential for the user in the **kubectl** config file.
     credentials in **kubectl** config file with the retrieved token.
 
 
-    -   If **oidc-auth-apps** is deployed with a single backend **ldap** connector, run the following command:
+    -   If **oidc-auth-apps** is deployed with a single backend **ldap**
+        connector, run the following command:
 
         .. code-block:: none
 
@@ -71,17 +72,16 @@ credential for the user in the **kubectl** config file.
             Updating kubectl config ...
             User testuser set.
 
-    -   If **oidc-auth-apps** is deployed with multiple backend **ldap** connectors, run the following command:
+    -   If **oidc-auth-apps** is deployed with multiple backend **ldap**
+        connectors, run the following command:
 
         .. code-block:: none
 
             ~(keystone_admin)]$ oidc-auth -b <connector-id> -c <ip> -u <username>
 
-
-
     .. note::
-        If you are running **oidc-auth** within the |prod| containerized
-        remote CLI, you must use the -p <password> option to run the command
+        If you are running **oidc-auth** within the |prod| containerized remote
+        CLI, you must use the ``-p <password>`` option to run the command
         non-interactively.
 
 
diff --git a/doc/source/security/kubernetes/overview-of-windows-active-directory.rst b/doc/source/security/kubernetes/overview-of-windows-active-directory.rst
index 3cd865cf0..257777996 100644
--- a/doc/source/security/kubernetes/overview-of-windows-active-directory.rst
+++ b/doc/source/security/kubernetes/overview-of-windows-active-directory.rst
@@ -11,14 +11,13 @@ to authenticate users of the Kubernetes API, using the **oidc-auth-apps**
 application.
 
 The **oidc-auth-apps** application installs a proxy |OIDC| identity provider
-that can be configured to proxy authentication requests to an LDAP \(s\)
-identity provider, such as Windows Active Directory. For more information,
-see, `https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
-**oidc-auth-apps** application also provides an |OIDC| client for accessing
-the username and password |OIDC| login page for user authentication and
-retrieval of tokens. An **oidc-auth** CLI script, available on Wind Share, at
-`https://windshare.windriver.com/ <https://windshare.windriver.com/>`__, can
-also be used for |OIDC| user authentication and retrieval of tokens.
+that can be configured to proxy authentication requests to an |LDAP| \(s\)
+identity provider, such as Windows Active Directory. For more information, see,
+`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
+**oidc-auth-apps** application also provides an |OIDC| client for accessing the
+username and password |OIDC| login page for user authentication and retrieval
+of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user
+authentication and retrieval of tokens.
 
 In addition to installing and configuring the **oidc-auth-apps**
 application, the admin must also configure Kubernetes cluster's