Move Security related documentation to a top-level category (apache#2051

) *Motivation* Security is one of the most important features that Apache Pulsar offers. It is making sense to have a top-level cateory to hold all the documentation related to security. e.g. - tls encryption and authentication - authenz authentication - authorization - end-to-end encryption *Solution* All security documentation are now in `Security` category.
yew1eb · Jul 7, 2018 · 5402d21 · 5402d21
1 parent 027f535
commit 5402d21
Show file tree

Hide file tree

Showing 20 changed files with 661 additions and 353 deletions.
diff --git a/site/_data/messages.yaml b/site/_data/messages.yaml
@@ -54,7 +54,7 @@ shared_mode_limitations:
     2. You cannot use [cumulative acknowledgment](#acknowledgement) with shared mode.
 superuser:
   type: warning
-  content: Please note that this operation requires [superuser](../../admin/Authz#superusers) privileges.
+  content: Please note that this operation requires [superuser](../../security/authorization#superusers) privileges.
 mark_delete:
   type: info
   content: TODO
diff --git a/site/_data/sidebar.yaml b/site/_data/sidebar.yaml
@@ -85,8 +85,6 @@ groups:
     endpoint: ZooKeeperBookKeeper
   - title: Geo-replication
     endpoint: GeoReplication
-  - title: Authentication and authorization
-    endpoint: Authz
   - title: Dashboard
     endpoint: Dashboard
   - title: Pulsar statistics
@@ -96,6 +94,22 @@ groups:
   - title: Pulsar proxy
     endpoint: Proxy
 
+- title: Security
+  dir: security
+  docs:
+  - title: Overview
+    endpoint: overview
+  - title: Encryption and Authentication using TLS
+    endpoint: tls
+  - title: Authentication using Athenz
+    endpoint: athenz
+  - title: Authorization and ACLs
+    endpoint: authorization
+  - title: End-to-End Encryption
+    endpoint: encryption
+  - title: Extending Authentication and Authorization
+    endpoint: extending
+
 - title: Client libraries
   dir: clients
   docs:
@@ -187,5 +201,3 @@ groups:
     endpoint: CliTools
   - title: Pulsar configuration
     endpoint: Configuration
-  - title: Authn & Authz plugins
-    endpoint: CustomAuth
diff --git a/site/_includes/explanations/admin-setup.md b/site/_includes/explanations/admin-setup.md
@@ -19,11 +19,11 @@
 
 -->
 
-Each of Pulsar's three admin interfaces---the [`pulsar-admin`](../../reference/CliTools#pulsar-admin) CLI tool, the [Java admin API](/api/admin), and the [REST API](../../reference/RestApi)---requires some special setup if you have [authentication](../../admin/Authz#authentication-providers) enabled in your Pulsar {% popover instance %}.
+Each of Pulsar's three admin interfaces---the [`pulsar-admin`](../../reference/CliTools#pulsar-admin) CLI tool, the [Java admin API](/api/admin), and the [REST API](../../reference/RestApi)---requires some special setup if you have [authentication](../../security/overview#authentication-providers) enabled in your Pulsar {% popover instance %}.
 
 ### pulsar-admin
 
-If you have [authentication](../../admin/Authz#authentication-providers) enabled, you will need to provide an auth configuration to use the [`pulsar-admin`](../../reference/CliTools#pulsar-admin) tool. By default, the configuration for the `pulsar-admin` tool is found in the [`conf/client.conf`](../../reference/Configuration#client) file. Here are the available parameters:
+If you have [authentication](../../security/overview#authentication-providers) enabled, you will need to provide an auth configuration to use the [`pulsar-admin`](../../reference/CliTools#pulsar-admin) tool. By default, the configuration for the `pulsar-admin` tool is found in the [`conf/client.conf`](../../reference/Configuration#client) file. Here are the available parameters:
 
 {% include config.html id="client" %}
 

diff --git a/site/_includes/explanations/client-url.md b/site/_includes/explanations/client-url.md
@@ -33,7 +33,7 @@ A URL for a production Pulsar cluster may look something like this:
 pulsar://pulsar.us-west.example.com:6650
 ```
 
-If you're using [TLS](../../admin/Authz#tls-client-auth) authentication, the URL will look like something like this:
+If you're using [TLS](../../security/tls) authentication, the URL will look like something like this:
 
 ```
 pulsar+ssl://pulsar.us-west.example.com:6651

diff --git a/site/_includes/explanations/tenants-namespaces.md b/site/_includes/explanations/tenants-namespaces.md
@@ -25,7 +25,7 @@ Pulsar was designed from the ground up to be a {% popover multi-tenant %} system
 
 To each property in a Pulsar instance you can assign:
 
-* An [authorization](../../admin/Authz#authorization) scheme
+* An [authorization](../../security/authorization) scheme
 * The set of {% popover clusters %} to which the tenant's configuration applies
 
 ### Namespaces

diff --git a/site/docs/latest/admin-api/clusters.md b/site/docs/latest/admin-api/clusters.md
@@ -96,7 +96,7 @@ bin/pulsar initialize-cluster-metadata \
   --broker-service-url-tls pulsar+ssl://pulsar.us-west.example.com:6651/
 ```
 
-You'll need to use `--*-tls` flags only if you're using [TLS authentication](../../admin/Authz#tls-client-auth) in your instance.
+You'll need to use `--*-tls` flags only if you're using [TLS authentication](../../security/tls) in your instance.
 
 ### Get configuration