Improve authorization tech preview documentation

dell · May 22, 2024 · 8330ddf · 8330ddf
1 parent 1adc2b0
commit 8330ddf
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 3 deletions.
diff --git a/content/docs/authorization/v2.0 Tech Preview/_index.md b/content/docs/authorization/v2.0 Tech Preview/_index.md
@@ -14,4 +14,39 @@ tags:
 
 The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator.
 
-This is the introduction to a Stateless Architecture for Authorization. The creation of storage, roles and tenants are purely done through Customer Resources (CRs) which are tracked and contained within authorization. The underlying communication is consistent from the previous architecture which makes creation of volumes seemless.
+![HA CSM Authorization](authorization-ha-example.png)
+
+This is the introduction to a Stateless Architecture for Authorization. The creation of storage, roles, and tenants is done through Custom Resources (CRs) which are tracked and contained within CSM Authorization. The underlying communication is consistent with the previous architecture which makes the creation of volumes and snapshots seamless.
+
+## CSM for Authorization Capabilities
+{{<table "table table-striped table-bordered table-sm">}}
+| Feature                                                                                                                        | PowerFlex | PowerMax | PowerScale |
+| -----------------------------------------------------------------------------------------------------------------------------  | --------- | -------- | ---------- |
+| Ability to set storage quota limits to ensure k8s tenants are not overconsuming storage                                        | Yes       | Yes      | No         |
+| Ability to create access control policies to ensure k8s tenant clusters are not accessing storage that does not belong to them | Yes       | Yes      | No         |
+| Ability to shield storage credentials from Kubernetes administrators by storing them in vault                                  | Yes       | No       | No         |
+| Ability to create snapshots from owned volumes that consume the storage quota                                                  | Yes       | No       | No         |
+| Ability to periodically query storage array to keep quota consumption in sync                                                  | Yes       | No       | No         |
+{{</table>}}
+
+## Roles and Responsibilities
+
+The Stateless CSM Authorization contains the following roles:
+- Storage Administrators
+- Kubernetes Tenant Administrators
+
+### Storage Administrators
+
+Storage Administrators perform the following:
+
+- Storage System Management (create, get, delete)
+- Role Management (create, get, delete)
+- Tenant Management (create, get, delete)
+
+For more information on the configuration of the above, see the configuration of the [Proxy Server](../v2.0-tech-preview/configuration/proxy-server/#configuring-storage).
+
+### Tenant Administrators
+
+Tenants of CSM for Authorization can use dellctl to generate a token for the configured tenant  by the Storage Administrators.
+
+For more information on the token generation, see the configuration for the [PowerFlex driver](../v2.0-tech-preview/configuration/powerflex).
diff --git a/content/docs/authorization/v2.0 Tech Preview/authorization-ha-example.png b/content/docs/authorization/v2.0 Tech Preview/authorization-ha-example.png
diff --git a/content/docs/authorization/v2.0 Tech Preview/configuration/proxy-server/_index.md b/content/docs/authorization/v2.0 Tech Preview/configuration/proxy-server/_index.md
@@ -47,7 +47,7 @@ Afterwards, the storage administrator can configure Authorization with the follo
 
 ## Configuring Storage
 
-A `storage` entity in CSM Authorization consists of the storage type (PowerFlex), the system ID, the API endpoint, and the vault credentials. For example, to create PowerFlex storage:
+A `storage` entity in CSM Authorization consists of the storage type (PowerFlex), the system ID, the API endpoint, and the vault credentials path. For example, to create PowerFlex storage:
 
 ```yaml
 apiVersion: csm-authorization.storage.dell.com/v1alpha1
@@ -70,7 +70,7 @@ spec:
 
 ## Configuring Roles
 
-A `role` consists of a name, the storage to use, and the quota limit for the storage pool to be used. For example, to create a role named `rol1` using the PowerFlex storage created above with a quota limit of 128GB in storage pool `myStoragePool`:
+A `role` consists of a name, the storage array to use, and the quota limit for the storage pool to be used. For example, to create a role named `role1` using the PowerFlex storage created above with a quota limit of 128GB in storage pool `myStoragePool`:
 
 ```yaml
 apiVersion: csm-authorization.storage.dell.com/v1alpha1