Merge pull request #910 from run-ai/auth-higher-in-nav-tree

Auth higher in nav tree

docs/Researcher/Walkthroughs/quickstart-inference.md

@@ -12,7 +12,7 @@ To complete this Quickstart you must have:
 
 * Run:ai software installed on your Kubernetes cluster. See: [Installing Run:ai on a Kubernetes Cluster](../../admin/runai-setup/installation-types.md). There are additional prerequisites for running inference. See [cluster installation prerequisites](../../admin/runai-setup/cluster-setup/cluster-prerequisites.md#inference) for more information.
 * Run:ai CLI installed on your machine. See: [Installing the Run:ai Command-Line Interface](../../admin/researcher-setup/cli-install.md)
-* You must have *ML Engineer* access rights. See [Adding, Updating and Deleting Users](../../admin/runai-setup/authentication/users.md) for more information.
+* You must have *ML Engineer* access rights. See [Adding, Updating and Deleting Users](../../admin/authentication/users.md) for more information.
 
 ## Step by Step Walkthrough
 

docs/admin/admin-ui-setup/admin-ui-users.md

@@ -11,7 +11,7 @@ date: 2023-Dec-28
 The Run:ai UI allows you to manage all of the users in the Run:ai platform. There are two types of users, **local** users and **SSO** users. Local users are users that are created and managed in the Run:ai platform and SSO users are authorized to use the Run:ai platform using an identity provider. All users are assigned levels of access to all aspects of the UI including submitting jobs on the cluster.
 
 !!! Tip
-    It is possible to connect the Run:ai UI to the organization's directory and use single sign-on (SSO). This allows you to set Run:ai roles for users and groups from the organizational directory. For further information see [single sign-on configuration](../runai-setup/authentication/authentication-overview.md).
+    It is possible to connect the Run:ai UI to the organization's directory and use single sign-on (SSO). This allows you to set Run:ai roles for users and groups from the organizational directory. For further information see [single sign-on configuration](../authentication/authentication-overview.md).
 
 ## Create a User
 
@@ -61,7 +61,7 @@ Once you have created the users you can assign them *Access rules*. This provide
 
 ### Roles and permissions
 
-Roles provide a way for administrators to group and identify collections of permissions that administrators assign to [subjects](../runai-setup/access-control/rbac.md#subjects). Permissions define the actions that can be performed on managed entities. The [Roles](../runai-setup/access-control/rbac.md#roles) table shows the default roles and permissions that come with the system. See [Role based access control](../runai-setup/access-control/rbac.md) for more information.
+Roles provide a way for administrators to group and identify collections of permissions that administrators assign to [subjects](../authentication/rbac.md#subjects). Permissions define the actions that can be performed on managed entities. The [Roles](../authentication/rbac.md#roles) table shows the default roles and permissions that come with the system. See [Role based access control](../authentication/rbac.md) for more information.
 
 To add an *Access rule* to a user:
 

docs/admin/runai-setup/access-control/rbac.md → docs/admin/authentication/rbac.md

@@ -97,7 +97,7 @@ The table contains the following columns:
 
 To create a new access rule:
 
-1. Press the ![Tools and Settings](../../admin-ui-setup/img/tools-and-settings.svg) icon, then *Access rules & Roles*.
+1. Press the ![Tools and Settings](../admin-ui-setup/img/tools-and-settings.svg) icon, then *Access rules & Roles*.
 2. Choose the *ACCESS RULES* tab, then press *NEW ACCESS RULE*.
 3. Select a subject type from the dropdown. Choose from:
 
@@ -108,12 +108,12 @@ To create a new access rule:
       3. **Application**—an application that has been created in the platform.
 
 4. Select a [Role] from the dropdown.
-5. Press the ![Scope](../../../images/scope-icon.svg) icon and select a scope, and press *SAVE RULE* when done.
+5. Press the ![Scope](../../images/scope-icon.svg) icon and select a scope, and press *SAVE RULE* when done.
 
 !!! Note
     You cannot edit access rules. To change an access rules, you need to delete the rule, then create a new rule to replace it. You can also add multiple rules for the same user.
 
 To delete a rule:
 
-1. Press the ![Tools and Settings](../../admin-ui-setup/img/tools-and-settings.svg) icon, then *Roles and Access rules*.
+1. Press the ![Tools and Settings](../admin-ui-setup/img/tools-and-settings.svg) icon, then *Roles and Access rules*.
 2. Choose *Access rules*, then select a rule and press *Delete*.

docs/admin/runai-setup/authentication/researcher-authentication.md → docs/admin/authentication/researcher-authentication.md

@@ -29,7 +29,7 @@ Assign Researchers to Projects:
 ## Kubernetes Configuration
 
 !!! Important
-    As of Run:ai version 2.15, you only need to perform this step when accessing Run:ai from the [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes
+    As of Run:ai version 2.15, you only need to perform this step when accessing Run:ai from the [command-line interface](../researcher-setup/cli-install.md) or sending [YAMLs directly](../../developer/cluster-api/submit-yaml.md) to Kubernetes
 
 As described in [authentication overview](authentication-overview.md), you must direct the Kubernetes API server to authenticate via Run:ai. This requires adding flags to the Kubernetes API Server. The flags show in the Run:ai user interface under `Settings` | `General` | `Researcher Authentication` | `Server configuration`.
 
@@ -151,7 +151,7 @@ Modifying the API Server configuration differs between Kubernetes distributions:
 
 ## Command-line Interface Access
 
-To control access to Run:ai (and Kubernetes) resources, you must modify the Kubernetes configuration file. The file is distributed to users as part of the [Command-line interface installation](../../researcher-setup/cli-install.md#kubernetes-configuration).
+To control access to Run:ai (and Kubernetes) resources, you must modify the Kubernetes configuration file. The file is distributed to users as part of the [Command-line interface installation](../researcher-setup/cli-install.md#kubernetes-configuration).
 
 When making changes to the file, keep a copy of the original file to be used for cluster administration. After making the modifications, distribute the modified file to Researchers.
 
@@ -174,4 +174,4 @@ You can also submit a Job from the Run:ai User interface and verify that the new
 * On the top-right, select `Submit Job`.
 
 !!! Tip
-    If you do not see the button or it is disabled, then you either do not have `Researcher` access or the cluster has not been set up correctly. For more information, refer to [user interface overview](../../admin-ui-setup/overview.md).
+    If you do not see the button or it is disabled, then you either do not have `Researcher` access or the cluster has not been set up correctly. For more information, refer to [user interface overview](../admin-ui-setup/overview.md).

docs/admin/researcher-setup/cli-install.md

@@ -7,7 +7,7 @@ The instructions below will guide you through the process of installing the CLI.
 
 ## Researcher Authentication
 
-When enabled, Researcher authentication requires additional setup when installing the CLI. To configure authentication see [Setup Project-based Researcher Access Control](../runai-setup/authentication/researcher-authentication.md). Use the modified Kubernetes configuration file described in the article.
+When enabled, Researcher authentication requires additional setup when installing the CLI. To configure authentication see [Setup Project-based Researcher Access Control](../authentication/researcher-authentication.md). Use the modified Kubernetes configuration file described in the article.
 
 ## Prerequisites
 

docs/admin/researcher-setup/researcher-setup-intro.md

@@ -18,7 +18,7 @@ To submit workloads with Run:ai, the Researcher must be provided with a _Project
 
 ## Provide access to the Run:ai User Interface
 
-See [Setting up users](../runai-setup/authentication/users.md) for further information on how to provide access to users.  
+See [Setting up users](../authentication/users.md) for further information on how to provide access to users.  
 
 ## Schedule an Onboarding Session
 

docs/admin/runai-setup/cluster-setup/cluster-install.md

@@ -38,7 +38,7 @@ On the next page:
 
 ## Researcher Authentication
 
-If you will be using the Run:ai [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes, you must now set up [Researcher Access Control](../authentication/researcher-authentication.md).
+If you will be using the Run:ai [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes, you must now set up [Researcher Access Control](../../authentication/researcher-authentication.md).
 
 ## Cluster Table
 
@@ -87,7 +87,7 @@ To perform these tasks. See [Set Node Roles](../config/node-roles.md).
 
 ## Next Steps
 
-* Set up Run:ai Users [Working with Users](../../runai-setup/authentication/users.md).
+* Set up Run:ai Users [Working with Users](../../authentication/users.md).
 * Set up Projects for Researchers [Working with Projects](../../aiinitiatives/org/projects.md).
 * Set up Researchers to work with the Run:ai Command-line interface (CLI). See  [Installing the Run:ai Command-line Interface](../../researcher-setup/cli-install.md) on how to install the CLI for users.
 * Review [advanced setup and maintenance](../config/overview.md) scenarios.

docs/admin/runai-setup/cluster-setup/dgx-bundle.md

@@ -65,8 +65,8 @@ Save the URL for future use.
 
 Post installation, you will want to:
 
-* (Mandatory) Set up [Researcher Access Control](../authentication/researcher-authentication.md). Without this, the Job Submit form will not work.
-* Set up Run:ai Users [Working with Users](../../runai-setup/authentication/users.md).
+* (Mandatory) Set up [Researcher Access Control](../../authentication/researcher-authentication.md). Without this, the Job Submit form will not work.
+* Set up Run:ai Users [Working with Users](../../authentication/users.md).
 * Set up Projects for Researchers [Working with Projects](../../aiinitiatives/org/projects.md).
 
 ## Troubleshooting

docs/admin/runai-setup/config/non-root-containers.md

@@ -60,7 +60,7 @@ A best practice is to store the user identifier (UID) and the group identifier (
 
 To perform this, you must:
 
-* Set up [single sign-on](../authentication/authentication-overview.md). Perform the steps for UID/GID integration.
+* Set up [single sign-on](../../authentication/authentication-overview.md). Perform the steps for UID/GID integration.
 * Run: `runai login` and enter your credentials
 * Use the flag --run-as-user
 

docs/admin/runai-setup/config/overview.md

@@ -9,8 +9,8 @@ This section provides a list of installation-related articles dealing with a wid
 |     Article                                             |  Purpose  |
 |---------------------------------------------------------|-----------|
 | [Designating Specific Role Nodes](node-roles.md) | Set one or more designated Run:ai system nodes or limit Run:ai monitoring and scheduling to specific nodes in the cluster. |
-| [Setup Project-based Researcher Access Control](../authentication/researcher-authentication.md) | Enable  Run:ai access control is at the __Project__ level. | 
-| [Single sign-on](../authentication/authentication-overview.md) | Integrate with the organization's Identity Provider to provide single sign-on for Run:ai | 
+| [Setup Project-based Researcher Access Control](../../authentication/researcher-authentication.md) | Enable  Run:ai access control is at the __Project__ level. | 
+| [Single sign-on](../../authentication/authentication-overview.md) | Integrate with the organization's Identity Provider to provide single sign-on for Run:ai | 
 | [Review Kubernetes Access provided to Run:ai](access-roles.md)     | In Restrictive Kubernetes environments such as when using OpenShift, understand and control what Kubernetes roles are provided to Run:ai | 
 | [External access to Containers](allow-external-access-to-containers.md) | Understand the available options for Researchers to access containers from the outside | 
 | [User Identity in Container](non-root-containers.md) | The identity of the user in the container determines its access to cluster resources. The document explains multiple way on how to propagate the user identity into the container. |

docs/admin/runai-setup/self-hosted/k8s/next-steps.md

@@ -4,7 +4,7 @@ title: Self Hosted installation over Kubernetes - Next Steps
 # Next Steps
 
 
-* Create additional [I Users](../../../runai-setup/authentication/users.md).
-* Set up [Project-based Researcher Access Control](../../authentication/researcher-authentication.md).
+* Create additional [I Users](../../../authentication/users.md).
+* Set up [Project-based Researcher Access Control](../../../authentication/researcher-authentication.md).
 * Set up Researchers to work with the Run:ai Command-line interface (CLI). See [Installing the Run:ai Command-line Interface](../../../researcher-setup/cli-install.md) on how to install the CLI for users.
 * Review [advanced setup and maintenace](../../config/overview.md) scenarios.

docs/admin/runai-setup/self-hosted/k8s/project-management.md

@@ -3,7 +3,7 @@ title: Self Hosted installation over Kubernetes - Create Projects
 ---
 ## Introduction
 
-The Administrator creates Run:ai Projects via the [Run:ai user interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../authentication/researcher-authentication.md) you also assign users to Projects.
+The Administrator creates Run:ai Projects via the [Run:ai user interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../../authentication/researcher-authentication.md) you also assign users to Projects.
 
 Run:ai Projects are implemented as Kubernetes namespaces. When creating a new Run:ai Project, Run:ai does the following automatically:
 

docs/admin/runai-setup/self-hosted/ocp/next-steps.md

@@ -4,7 +4,7 @@ title: Self Hosted installation over OpenShift - Next Steps
 # Next Steps
 
 
-* Create additional [Run:ai Users](../../../runai-setup/authentication/users.md).
-* Set up [Project-based Researcher Access Control](../../authentication/researcher-authentication.md).
+* Create additional [Run:ai Users](../../../authentication/users.md).
+* Set up [Project-based Researcher Access Control](../../../authentication/researcher-authentication.md).
 * Set up Researchers to work with the Run:ai Command-line interface (CLI). See [Installing the Run:ai Command-line Interface](../../../researcher-setup/cli-install.md) on how to install the CLI for users.
 * Review [advanced setup and maintenace](../../config/overview.md) scenarios.

docs/admin/runai-setup/self-hosted/ocp/project-management.md

@@ -3,7 +3,7 @@ title: Self Hosted installation over OpenShift - Create Projects
 ---
 ## Introduction
 
-The Administrator creates Run:ai Projects via the [Run:ai User Interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../authentication/researcher-authentication.md) you also assign users to Projects.
+The Administrator creates Run:ai Projects via the [Run:ai User Interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../../authentication/researcher-authentication.md) you also assign users to Projects.
 
 Run:ai Projects are implemented as Kubernetes namespaces. When creating a new Run:ai Project, Run:ai does the following automatically:
 

docs/admin/troubleshooting/troubleshooting.md

@@ -166,7 +166,7 @@
     For a self-hosted installation, check Linux clock synchronization as described above. Use the [Run:ai pre-install script](../runai-setup/cluster-setup/cluster-prerequisites.md#pre-install-script) to test this automatically. 
 
 ??? "Single-sign-on issues"
-    For single-sign-on issues, see the troubleshooting section in the [single-sign-on](../runai-setup/authentication/authentication-overview.md) configuration documents. 
+    For single-sign-on issues, see the troubleshooting section in the [single-sign-on](../authentication/authentication-overview.md) configuration documents. 
 
 ## User Interface Submit Job Issues
 
@@ -181,7 +181,7 @@
     __Resolution for 401 HTTP Error__
 
     * The Cluster certificate provided as part of the installation is valid and trusted (not self-signed).
-    * [Researcher Authentication](../runai-setup/authentication/researcher-authentication.md) has not been properly configured. Try running `runai login` from the Command-line interface. Alternatively, run: `kubectl get pods -n kube-system`, identify the api-server pod and review its logs. 
+    * [Researcher Authentication](../authentication/researcher-authentication.md) has not been properly configured. Try running `runai login` from the Command-line interface. Alternatively, run: `kubectl get pods -n kube-system`, identify the api-server pod and review its logs. 
 
     __Resolution for 403 HTTP Error__
 
@@ -211,7 +211,7 @@
 
     __Root Cause:__  SSO is on and researcher authentication is not properly configured as such.
 
-    __Resolution:__ Verify API Server settings as described in [Researcher Authentication configuration](../runai-setup/authentication/researcher-authentication.md).
+    __Resolution:__ Verify API Server settings as described in [Researcher Authentication configuration](../authentication/researcher-authentication.md).
 
 
 ??? "Job form is not opening on OpenShift"

docs/developer/deprecated/k8s-api/launch-job-via-yaml.md

@@ -28,7 +28,7 @@ Internally, Run:ai Projects are implemented as Kubernetes namespaces. The script
 
 * `<JOB-NAME>`. The name of the Job. 
 * `<IMAGE-NAME>`. The name of the docker image to use. Example: `gcr.io/run-ai-demo/quickstart`.
-* `<USER-NAME>`. The name of the user submitting the Job. The name is used for display purposes only when Run:ai is installed in an [unauthenticated mode](../../../admin/runai-setup/authentication/researcher-authentication.md).
+* `<USER-NAME>`. The name of the user submitting the Job. The name is used for display purposes only when Run:ai is installed in an [unauthenticated mode](../../../admin/authentication/researcher-authentication.md).
 * `<REQUESTED-GPUs>`. An integer number of GPUs you request to be allocated for the Job. Examples: 1, 2.
 * `<NAMESAPCE>`. The name of the Project's namespace. This is usually `runai-<PROJECT-NAME>`.
 

docs/developer/deprecated/researcher-rest-api/overview.md

@@ -22,7 +22,7 @@ This `<CLUSTER-ENDPOINT>` can be found in the Run:ai User Interface, under `Clus
 
 ## Authentication
 
-* By default, researcher APIs are unauthenticated. To protect researcher API, you must [configure researcher authentication](../../../admin/runai-setup/authentication/researcher-authentication.md).
+* By default, researcher APIs are unauthenticated. To protect researcher API, you must [configure researcher authentication](../../../admin/authentication/researcher-authentication.md).
 * Once configured, you must create a _Client Application_ to make API requests. Use the client application and secret, to obtain a time-bound bearer token (`<ACCESS-TOKEN>`). For details, see [Calling REST APIs](../../rest-auth.md).
 * Use the token for subsequent API calls. 
 

docs/developer/rest-auth.md

@@ -19,9 +19,9 @@ Run:ai APIs are accessed using *bearer tokens*. A token can be obtained in sever
 ### Access rules for the Application
 
 In order for you API requests to be accepted, you will need to set access rules for the application.
-To assign roles to an application, see [Create or Delete rules](../admin/runai-setup/access-control/rbac.md#create-or-delete-rules).
+To assign roles to an application, see [Create or Delete rules](../admin/authentication/rbac.md#create-or-delete-rules).
 
-Use the [Roles](../admin/runai-setup/access-control/rbac.md#roles) table to assign the correct roles to the application.
+Use the [Roles](../admin/authentication/rbac.md#roles) table to assign the correct roles to the application.
 
 ## Request an API Token