updates worker filter UI descriptions and screenshots

1 year ago · 41dbe85148
parent 54f4628422
commit 41dbe85148
4 changed files with 15 additions and 15 deletions
--- a/website/content/docs/concepts/filtering/worker-tags.mdx
+++ b/website/content/docs/concepts/filtering/worker-tags.mdx
@ -107,7 +107,7 @@ array with the tags intended for the particular key is required:
  ```

 </Tab>
-<Tab heading="UI" group="UI">
+<Tab heading="UI" group="ui">

 You can tag workers with a set of key/value API tags in the Boundary Admin UI. The keys and values can be any lower-cased printable value. Each key can have more than one value:

@ -410,8 +410,8 @@ This is the worker a client connects to when initiating a connection to a target

 Example of a filter configured on a target in the Admin UI:

-![](/img/target-worker-filter-light.png#light-theme-only)
-![](/img/target-worker-filter-dark.png#dark-theme-only)
+![Example of a target ingress worker filter](/img/ui/target-ingress-worker-filter_light.png#light-theme-only)
+![Example of a target ingress worker filter](/img/ui/target-ingress-worker-filter_dark.png#dark-theme-only)

 </Tab>
 <Tab heading="CLI" group="cli">
@ -441,8 +441,6 @@ resource "boundary_target" "aws-webservers-prod" {

 ### Example worker filter for Vault credential store

-
-
 Tags are used to control which [workers] can manage Vault requests by specifying
 a `worker_filter`attribute when configuring [credential stores].

@ -464,8 +462,8 @@ Vault requests to Boundary controllers.

 Example of a worker filter configured on a Vault credential store in the Admin UI:

-![](/img/vault-worker-filter-light.png#light-theme-only)
-![](/img/vault-worker-filter-dark.png#dark-theme-only)
+![Example of a credential store worker filter](/img/ui/vault-worker-filter_light.png#light-theme-only)
+![Example of a credential store worker filter](/img/ui/vault-worker-filter_dark.png#dark-theme-only)

 </Tab>
 <Tab heading="CLI" group="cli">
@ -495,6 +493,7 @@ resource "boundary_credential_store_vault" "vault_cred_store" {
 </Tabs>

 ### Example worker filter for storage buckets
+
 <EnterpriseAlert product="boundary">Storage buckets are used for session recording, which requires <a href="https://www.hashicorp.com/products/boundary">HCP Boundary or Boundary Enterprise</a></EnterpriseAlert>

 Session recording functions are performed by Boundary workers. Workers also store recordings on Boundary storage buckets. When you create Boundary storage buckets, you can use tags to select the workers you prefer to use for session recording responsibilities.
@ -504,8 +503,8 @@ Session recording functions are performed by Boundary workers. Workers also stor

 Example of a worker filter configured on a storage bucket in the Admin UI:

-![](/img/session-rec-worker-filter-light.png#light-theme-only)
-![](/img/session-rec-worker-filter-dark.png#dark-theme-only)
+![Example of a storage bucket worker filter](/img/ui/session-rec-worker-filter_light.png#light-theme-only)
+![Example of a storage bucket worker filter](/img/ui/session-rec-worker-filter_dark.png#dark-theme-only)

 </Tab>
 <Tab heading="CLI" group="cli">
--- a/website/content/docs/configuration/credential-management/static-cred-vault.mdx
+++ b/website/content/docs/configuration/credential-management/static-cred-vault.mdx
@ -32,7 +32,7 @@ Complete the following steps to create a Vault credential store:
 1. Provide a name for your credential store and select type **Vault**.
 1. Complete the fields related to your Vault instance:
    - **Address** - The address of your Vault instance.
-    - **Worker Filter** (optional) - If your Vault instance does not have a publicly accessible address and instead is proxied through a Boundary worker, enter the worker filter. This should be a boolean expression. Refer to the examples in the [Worker tags](/boundary/docs/concepts/filtering/worker-tags) documentation.
+    - **Worker Filter** (optional) - If your Vault instance does not have a publicly accessible address and instead is proxied through a Boundary worker, enter the worker filter. This should be a boolean expression. To generate a worker filter in the correct format, toggle the **Show filter generator** switch. Refer to the examples in the [Worker tags](/boundary/docs/concepts/filtering/worker-tags) documentation.
    - **Token** - Token provided by Vault that provides access to the static credentials within your Vault instance.
    - **Namespace** (optional) - Vault namespace. Requires Vault Enterprise.
    - **TLS Server Name** (optional) - Name to use as the SNI host if you connect to Vault via TLS.
--- a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
+++ b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
@ -61,7 +61,7 @@ Complete the following steps to create a storage bucket in Boundary.

   - **Access key ID**: (Required) The access key ID that AWS generates for the IAM user to use with the storage bucket.
   - **Secret access key**: (Required) The secret access key that AWS generates for the IAM user to use with this storage bucket.
-   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
+   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker to create a Boundary storage bucket. This should be a boolean expression. To generate a worker filter in the correct format, toggle the **Show filter generator** switch. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
   - **Disable credential rotation**: (Optional) Prevents the AWS plugin from automatically rotating credentials.

      Although credentials are stored encrypted in Boundary, by default the [AWS plugin](https://github.com/hashicorp/boundary-plugin-aws) attempts to rotate the credentials you provide. The given credentials are used to create a new credential, and then the original credential is revoked.
@ -79,7 +79,7 @@ Complete the following steps to create a storage bucket in Boundary.
   For more information, refer to the AWS documentation for [Logging IAM and AWS STS API calls with AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html).
   - **Role tags**: An object with key-value pair attributes that is passed when you assume an IAM role.
   For more information, refer to the AWS documentation for [Passing session tags in AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html).
-   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
+   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker to create a Boundary storage bucket. This should be a boolean expression. To generate a worker filter in the correct format, toggle the **Show filter generator** switch. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
   - **Disable credential rotation**: (Required) Prevents the AWS plugin from automatically rotating credentials.
   This option is required if you use dynamic credentials.

@ -275,7 +275,7 @@ Complete the following steps to create a storage bucket in Boundary.
   - **Region**: (Optional) The region to configure the storage bucket for.
   - **Access key ID** (Required): The MinIO service account's access key to use with this storage bucket.
   - **Secret access key** (Required): The MinIO service account's secret key to use with this storage bucket.
-   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
+   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker to create a Boundary storage bucket. This should be a boolean expression. To generate a worker filter in the correct format, toggle the **Show filter generator** switch. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
   - **Disable credential rotation**: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set to false, or not provided, the plugin will rotate the incoming credentials, using them to create a new MinIO service account, then delete the incoming credentials.

 1. Click **Save**.
@ -384,7 +384,7 @@ Complete the following steps to create a storage bucket in Boundary using an S3-
   - **Region**: (Optional) The region to configure the storage bucket for.
   - **Access key ID** (Required): The storage provider's service account's access key to use with this storage bucket.
   - **Secret access key** (Required): The storage provider's service account's secret key to use with this storage bucket.
-   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
+   - **Worker filter**: (Required) A filter expression that indicates which Boundary workers have access to the storage. The filter must match an existing worker to create a Boundary storage bucket. This should be a boolean expression. To generate a worker filter in the correct format, toggle the **Show filter generator** switch. Refer to [filter examples](/boundary/docs/concepts/filtering/worker-tags#example-worker-filter-for-storage-buckets) to learn about worker tags and filters.
   - **Disable credential rotation**: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new storage service account. If this attribute is set to false, or not provided, the plugin will rotate the incoming credentials, using them to create a new storage service account, then delete the incoming credentials.

     Note that credential rotation is not supported for Hitachi Content Platform, and it may not function for other S3-compatible providers.
--- a/website/content/docs/configuration/session-recording/enable-session-recording.mdx
+++ b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
@ -47,7 +47,8 @@ The following setting is required for session recording:
 1. Click **Save**.
 1. Click **Enable recording**.

-   ![Enable session recording](/img/enable-session-recording.png)
+   ![Example of enabling session recording](/img/ui/enable-session-recording_light.png#light-theme-only)
+   ![Example of enabling session recording](/img/ui/enable-session-recording_dark.png#dark-theme-only)

 1. Enable the **Record sessions for this target** option.
 1. Select the storage bucket where you want to store recordings from this target.