NetAppDocs / ontap

https://docs.netapp.com/us-en/ontap/
27 stars 71 forks source link

Documentation doesn't match ONTAP 9.14.1 CLI #1448

Open ntap-cfouts opened 2 months ago

ntap-cfouts commented 2 months ago

Page URL

https://docs.netapp.com/us-en/ontap/authentication/oauth2-deployment-scenarios.html

Page title

OAuth 2.0 deployment scenarios

Summary

Under the "Summary of the configuration parameters" there are inaccuracies for the parameters when compared with the security oauth2 client create CLI command. I am using ONTAP 9.14.1.

  1. Name - There isn't a "name" parameter available with security oauth2 client commands. There is a "Configuration Name" (-config-name param) that is used to name the OAuth2 client configuration in ONTAP.
  2. Remove user claim - This is a typo and should be "Remote user claim" to match the -remote-user-claim parameter.
  3. Audience - Reference to the -audience parameter is missing.

Public issues must not contain sensitive information

dmp-netapp commented 2 months ago

Thanks for your feedback. We are reviewing.

dmp-netapp commented 2 months ago

The page you are referring to is designed to provide a list of the ways OAuth 2,0 can be deployed and configured with ONTAP. There are a total of five deployment scenarios divided into local validation (4) and remote introspection (1). Each scenario provides the parameters needed for that scenario. The issue is that configuration is not confined to the CLI only as you suggest, but rather it can be done using 1.) System Manager or 2.) ONTAP CLI or 3.) REST API. Further, the exact name for a specific parameter can vary across these three administrative interfaces. This makes it challenging to provide a concise summary because there are three names for each parameter depending on the interface. And so rather than use the exact parameter names, I am using a generic name for each parameter. The exact parameter name for the interface you're using should be easy to determine. I actually explain this in the paragraph just above the table in that section. I repeat it here for your convenience:

"The parameter names can vary slightly depending on the ONTAP administrative interface. For example, when configuring remote introspection, the endpoint is identified using the CLI command parameter -introspection-endpoint. But with the System Manager, the equivalent field is Authorization server token introspection URI. To accommodate all the ONTAP administrative interfaces, a general description of the parameters is provided. The exact parameter or field should be obvious based on the context."

I'll look at any possibility for spelling out the three versions of each parameter, perhaps one time in a table at the top of the page (along with the generic name). At a minimum I can place the text above under a NOTE on the page to make it stand out.

ntap-cfouts commented 2 months ago

Thanks for pointing out that the parameter table tries to address both System Manager and the ONTAP CLI. I think there needs to be some additional work though as the current state of the table is confusing.

  1. Name - is there a name field in System Manager? If so then add to the description for this parameter that it only applies to System Manager. Otherwise this isn't "The name of the authorization server as it is known to ONTAP."
  2. Remove user claim - There isn't a "remove user claim" in System Manager. Remove is a typo and should instead be "Remote".
  3. Audience - This is an important OAuth2.0 field that should be described in this table.
dmp-netapp commented 2 months ago

Thanks. As far as #1 in your list, this feature can be accessed through the CLI and System Manager and REST API. Three ONTAP administrative interfaces. As a general statement, the name of a specific parameter can be different across all three. We are exploring the best option for presenting this in the doc but will have a solution soon.

Item #2 is a typo will correct. And #3 looks to be missing, will confirm in the ENG notes and add.