openshift · tmalove · Jul 13, 2023 · Feb 6, 2024 · Feb 7, 2024 · Feb 9, 2024
diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml
@@ -377,14 +377,14 @@ Topics:
   Topics:
     # - Name: CLI and web console
     #   File: rosa-cli-openshift-console
-    - Name: Getting started with the ROSA CLI
-      File: rosa-get-started-cli
-    - Name: Managing objects with the ROSA CLI
-      File: rosa-manage-objects-cli
-    - Name: Checking account and version information with the ROSA CLI
-      File: rosa-checking-acct-version-cli
-    - Name: Checking logs with the ROSA CLI
-      File: rosa-checking-logs-cli
+  - Name: Getting started with the ROSA CLI
+    File: rosa-get-started-cli
+  - Name: Managing objects with the ROSA CLI
+    File: rosa-manage-objects-cli
+  - Name: Checking account and version information with the ROSA CLI
+    File: rosa-checking-acct-version-cli
+  - Name: Checking logs with the ROSA CLI
+    File: rosa-checking-logs-cli
 ---
 Name: Red Hat OpenShift Cluster Manager
 Dir: ocm
@@ -437,18 +437,257 @@ Topics:
   - Name: Configuring cluster memory to meet container memory and risk requirements
     File: nodes-cluster-resource-configure
 ---
+# Ported via PR #62384
 Name: Security and compliance
 Dir: security
 Distros: openshift-rosa
 Topics:
-- Name: Audit logs
-  File: audit-log-view
-- Name: Adding additional constraints for IP-based AWS role assumption
-  File: rosa-adding-additional-constraints-for-ip-based-aws-role-assumption
-#- Name: Security
-#  File: rosa-security
-#- Name: Application and cluster compliance
-#  File: rosa-app-security-compliance
+- Name: Security and compliance overview
+  File: index
+- Name: Container security
+  Dir: container_security
+  Topics:
+  - Name: Understanding container security
+    File: security-understanding
+  - Name: Understanding host and VM security
+    File: security-hosts-vms
+  # - Name: Hardening Red Hat Enterprise Linux CoreOS
+  # File: security-hardening
+  #  Distros: openshift-rosa
+  #- Name: Container image signatures
+  #  File: security-container-signature
+  # - Name: Hardening Fedora CoreOS
+  #   File: security-hardening
+  #   Distros: openshift-rosa
+  # - Name: Understanding compliance
+  #   File: security-compliance
+  # - Name: Securing container content
+  #   File: security-container-content
+  # - Name: Using container registries securely
+  #   File: security-registries
+  # - Name: Securing the build process
+  #   File: security-build
+  # - Name: Deploying containers
+  #   File: security-deploy
+  # - Name: Securing the container platform
+  #   File: security-platform
+  # - Name: Securing networks
+  #   File: security-network
+  # - Name: Securing attached storage
+  #  File: security-storage
+  #- Name: Monitoring cluster events and logs
+  #   File: security-monitoring
+- Name: Configuring certificates
+  Dir: certificates
+  Distros: openshift-rosa
+  Topics:
+  - Name: Replacing the default ingress certificate
+    File: replacing-default-ingress-certificate
+  - Name: Adding API server certificates
+    File: api-server
+  - Name: Securing service traffic using service serving certificates
+    File: service-serving-certificate
+  - Name: Updating the CA bundle
+    File: updating-ca-bundle
+# - Name: Certificate types and descriptions
+#   Dir: certificate_types_descriptions
+#   Distros: openshift-rosa
+#   Topics:
+#   - Name: User-provided certificates for the API server
+#     File: user-provided-certificates-for-api-server
+#   - Name: Proxy certificates
+#     File: proxy-certificates
+#   - Name: Service CA certificates
+#     File: service-ca-certificates
+#   - Name: Node certificates
+#     File: node-certificates
+#   - Name: Bootstrap certificates
+#     File: bootstrap-certificates
+#   - Name: etcd certificates
+#     File: etcd-certificates
+#   - Name: OLM certificates
+#     File: olm-certificates
+#   - Name: Aggregated API client certificates
+#     File: aggregated-api-client-certificates
+#   - Name: Machine Config Operator certificates
+#     File: machine-config-operator-certificates
+#   - Name: User-provided certificates for default ingress
+#     File: user-provided-certificates-for-default-ingress
+#   - Name: Ingress certificates
+#     File: ingress-certificates
+#   - Name: Monitoring and cluster logging Operator component certificates
+#     File: monitoring-and-cluster-logging-operator-component-certificates
+#   - Name: Control plane certificates
+#     File: control-plane-certificates
+#  The commented topics in the Compliance Operator section are as a result of a realignment for OCP docs. They are now in subdirectories. (10/2023)
+# - Name: Supported compliance profiles
+#   File: compliance-operator-supported-profiles
+#  - Name: Installing the Compliance Operator
+#    File: compliance-operator-installation
+# - Name: Updating the Compliance Operator
+#   File: compliance-operator-updating
+#  - Name: Compliance Operator scans
+#    File: compliance-scans
+#  - Name: Managing the Compliance Operator
+#    File: compliance-operator-manage
+#   - Name: Compliance Operator scans
+#    File: compliance-scans
+#  - Name: Tailoring the Compliance Operator
+#    File: compliance-operator-tailor
+#  - Name: Retrieving Compliance Operator raw results
+#    File: compliance-operator-raw-results
+#  - Name: Managing Compliance Operator remediation
+#    File: compliance-operator-remediation
+#  - Name: Performing advanced Compliance Operator tasks
+#    File: compliance-operator-advanced
+#  - Name: Troubleshooting the Compliance Operator
+#    File: compliance-operator-troubleshooting
+#  - Name: Uninstalling the Compliance Operator
+#    File: compliance-operator-uninstallation
+#  - Name: Using the oc-compliance plugin
+#    File: oc-compliance-plug-in-using
+#  - Name: Understanding the Custom Resource Definitions
+#    File: compliance-operator-crd
+# Per mtg with Aaren de Jong, Lance Bragstad, and William Dettlebeck, remove  Compliance and File Integrity Operator sections until tested (2/7/2024)
+#- Name: Compliance Operator
+#  Dir: compliance_operator
+#  Distros: openshift-rosa
+#  Topics:
+#  - Name: Compliance Operator overview
+#    File: co-overview
+#  - Name: Compliance Operator release notes
+#    File: compliance-operator-release-notes
+#  - Name: Compliance Operator concepts
+#    Dir: co-concepts
+#    Topics:
+#    - Name: Understanding the Compliance Operator
+#      File: compliance-operator-understanding
+#    - Name: Understanding the Custom Resource Definitions
+#      File: compliance-operator-crd
+#  - Name: Compliance Operator management
+#    Dir: co-management
+#    Distros: openshift-rosa
+#    Topics:
+#    - Name: Installing the Compliance Operator
+#      File: compliance-operator-installation
+#    - Name: Updating the Compliance Operator
+#      File: compliance-operator-updating
+#    - Name: Managing the Compliance Operator
+#      File: compliance-operator-manage
+#    - Name: Uninstalling the Compliance Operator
+#      File: compliance-operator-uninstallation
+#  - Name: Compliance Operator scan management
+#    Dir: co-scans
+#    Distros: openshift-rosa
+#    Topics:
+#    - Name: Supported compliance profiles
+#      File: compliance-operator-supported-profiles
+#    - Name: Compliance Operator scans
+#      File: compliance-scans
+#    - Name: Tailoring the Compliance Operator
+#      File: compliance-operator-tailor
+#    - Name: Retrieving Compliance Operator raw results
+#      File: compliance-operator-raw-results
+#    - Name: Managing Compliance Operator remediation
+#      File: compliance-operator-remediation
+#    - Name: Performing advanced Compliance Operator tasks
+#      File: compliance-operator-advanced
+#    - Name: Troubleshooting the Compliance Operator
+#      File: compliance-operator-troubleshooting
+#    - Name: Using the oc-compliance plugin
+#      File: oc-compliance-plug-in-using
+#- Name: File Integrity Operator
+#  Dir: file_integrity_operator
+#  Distros: openshift-rosa
+#  Topics:
+#  - Name: File Integrity Operator release notes
+#    File: file-integrity-operator-release-notes
+#  - Name: Installing the File Integrity Operator
+#    File: file-integrity-operator-installation
+#  - Name: Updating the File Integrity Operator
+#    File: file-integrity-operator-updating
+#  - Name: Understanding the File Integrity Operator
+#    File: file-integrity-operator-understanding
+#  - Name: Configuring the File Integrity Operator
+#    File: file-integrity-operator-configuring
+#  - Name: Performing advanced File Integrity Operator tasks
+#    File: file-integrity-operator-advanced-usage
+#  - Name: Troubleshooting the File Integrity Operator
+#    File: file-integrity-operator-troubleshooting
+#- Name: Security Profiles Operator
+#  Dir: security_profiles_operator
+#  Topics:
+#  - Name: Security Profiles Operator overview
+#    File: spo-overview
+#  - Name: Security Profiles Operator release notes
+#    File: spo-release-notes
+#  - Name: Understanding the Security Profiles Operator
+#    File: spo-understanding
+#  - Name: Enabling the Security Profiles Operator
+#    File: spo-enabling
+#  - Name: Managing seccomp profiles
+#    File: spo-seccomp
+#  - Name: Managing SELinux profiles
+#    File: spo-selinux
+#  - Name: Advanced Security Profiles Operator tasks
+#    File: spo-advanced
+#  - Name: Troubleshooting the Security Profiles Operator
+#    File: spo-troubleshooting
+#  - Name: Uninstalling the Security Profiles Operator
+#    File: spo-uninstalling
+# - Name: cert-manager Operator for Red Hat OpenShift
+#   Dir: cert_manager_operator
+#   Distros: openshift-rosa
+#   Topics:
+#  - Name: cert-manager Operator for Red Hat OpenShift overview
+#    File: index
+#  - Name: cert-manager Operator for Red Hat OpenShift release notes
+#    File: cert-manager-operator-release-notes
+#  - Name: Installing the cert-manager Operator for Red Hat OpenShift
+#    File: cert-manager-operator-install
+#  - Name: Enabling monitoring for the cert-manager Operator for Red Hat OpenShift
+#    File: cert-manager-monitoring
+#  - Name: Configuring the egress proxy for the cert-manager Operator for Red Hat OpenShift
+#    File: cert-manager-operator-proxy
+#  - Name: Customizing cert-manager by using the cert-manager Operator API fields
+#    File: cert-manager-customizing-api-fields
+#  - Name: Authenticating the cert-manager Operator with AWS Security Token Service
+#    File: cert-manager-authenticate-aws
+#  - Name: Configuring log levels for cert-manager and the cert-manager Operator for Red Hat OpenShift
+#    File: cert-manager-log-levels
+#  - Name: Authenticating the cert-manager Operator for Red Hat OpenShift on AWS
+#    File: cert-manager-authentication-non-sts
+#  - Name: Uninstalling the cert-manager Operator for Red Hat OpenShift
+#    File: cert-manager-operator-uninstall
+# - Name: Viewing audit logs
+#   File: audit-log-view
+# - Name: Configuring the audit log policy
+#   File: audit-log-policy-config
+# - Name: Configuring TLS security profiles
+#   File: tls-security-profiles
+# - Name: Configuring seccomp profiles
+#   File: seccomp-profiles
+# - Name: Allowing JavaScript-based access to the API server from additional hosts
+#   File: allowing-javascript-access-api-server
+#   Distros: openshift-rosa
+# - Name: Encrypting etcd data
+#   File: encrypting-etcd
+#   Distros: openshift-rosa
+# - Name: Scanning pods for vulnerabilities
+#   File: pod-vulnerability-scan
+#   Distros: openshift-rosa
+# - Name: Network-Bound Disk Encryption (NBDE)
+#   Dir: network_bound_disk_encryption
+#   Topics:
+#  - Name: About disk encryption technology
+#    File: nbde-about-disk-encryption-technology
+#  - Name: Tang server installation considerations
+#    File: nbde-tang-server-installation-considerations
+#  - Name: Tang server encryption key management
+#    File: nbde-managing-encryption-keys
+#  - Name: Disaster recovery considerations
+#    File: nbde-disaster-recovery-considerations
+#    Distros: openshift-rosa
 ---
 Name: Authentication and authorization
 Dir: authentication
@@ -537,15 +776,14 @@ Topics:
     File: using-s21-images
   - Name: Customizing source-to-image images
     File: customizing-s2i-images
----
-  Name: Add-on services
-  Dir: adding_service_cluster
-  Distros: openshift-rosa
-  Topics:
-  - Name: Adding services to a cluster
-    File: adding-service
-  - Name: Available services
-    File: rosa-available-services
+  - Name: Add-on services
+    Dir: adding_service_cluster
+    Distros: openshift-rosa
+    Topics:
+    - Name: Adding services to a cluster
+      File: adding-service
+    - Name: Available services
+      File: rosa-available-services
 ---
 Name: Storage
 Dir: storage
@@ -812,8 +1050,8 @@ Topics:
   Dir: deployments
   Distros: openshift-rosa
   Topics:
-    - Name: Custom domains for applications
-      File: osd-config-custom-domains-applications
+  - Name: Custom domains for applications
+    File: osd-config-custom-domains-applications
 # - Name: Application GitOps workflows
 #   File: rosa-app-gitops-workflows
 # - Name: Application logging

diff --git a/modules/checking-file-intergrity-cr-status.adoc b/modules/checking-file-intergrity-cr-status.adoc
@@ -12,10 +12,19 @@ The `FileIntegrity` custom resource (CR) reports its status through the .`status
 
 * To query the `FileIntegrity` CR status, run:
 +
+ifndef::openshift-dedicated,openshift-rosa[]
 [source,terminal]
 ----
 $ oc get fileintegrities/worker-fileintegrity  -o jsonpath="{ .status.phase }"
 ----
+endif::[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[source,terminal]
+----
+$ oc get fileintegrities/worker-fileintegrity  -o jsonpath="{ .status.phase }" -n openshift-file-integrity
+----
+endif::[]
 +
 .Example output
 [source,terminal]

diff --git a/modules/file-integrity-events.adoc b/modules/file-integrity-events.adoc
@@ -10,7 +10,12 @@ Transitions in the status of the `FileIntegrity` and `FileIntegrityNodeStatus` o
 
 [source,terminal]
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 $ oc get events --field-selector reason=FileIntegrityStatus
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+$ oc get events --field-selector reason=FileIntegrityStatus -n openshift-file-integrity
+endif::[]
 ----
 
 .Example output
@@ -26,7 +31,12 @@ When a node scan fails, an event is created with the `add/changed/removed` and c
 
 [source,terminal]
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 $ oc get events --field-selector reason=NodeIntegrityStatus
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+$ oc get events --field-selector reason=NodeIntegrityStatus -n openshift-file-integrity
+endif::[]
 ----
 
 .Example output
@@ -46,7 +56,12 @@ Changes to the number of added, changed, or removed files results in a new event
 
 [source,terminal]
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 $ oc get events --field-selector reason=NodeIntegrityStatus
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+$ oc get events --field-selector reason=NodeIntegrityStatus -n openshift-file-integrity
+endif::[]
 ----
 
 .Example output

diff --git a/modules/file-integrity-examine-default-config.adoc b/modules/file-integrity-examine-default-config.adoc
@@ -15,5 +15,10 @@ the same name as the `FileIntegrity` CR.
 +
 [source,terminal]
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 $ oc describe cm/worker-fileintegrity
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+$ oc describe cm/worker-fileintegrity -n openshift-file-integrity
+endif::[]
 ----