Port rbac topics to template (#389)

datacenter/ucp/3.0/guides/authorization/create-teams-with-ldap.md

@@ -1,8 +1,12 @@
 ---
 title: Create teams with LDAP
 description: Learn how to enable LDAP and sync users and teams in Docker Universal Control Plane.
-keywords: authorize, authentication, users, teams, UCP, Docker, LDAP
+keywords: authorize, authentication, users, teams, UCP, LDAP
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
 ---
+{% if include.version=="ucp-3.0" %}
 
 To enable LDAP in UCP and sync to your LDAP directory:
 
@@ -54,3 +58,5 @@ synced to match the users in the search results.
   scope are added as members of the team.
 - **Search subtree**: Defines search through the full LDAP tree, not just one
   level, starting at the Base DN.
+
+{% endif %}

datacenter/ucp/3.0/guides/authorization/create-users-and-teams-manually.md

@@ -1,8 +1,21 @@
 ---
 title: Create users and teams manually
 description: Learn how to add users and define teams in Docker Universal Control Plane.
-keywords: rbac, authorize, authentication, users, teams, UCP, Docker
+keywords: rbac, authorize, authentication, users, teams, UCP
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: create-teams-with-ldap/
+  title: Synchronize teams with LDAP
+- path: define-roles/
+  title: Define roles with authorized API operations
+- path: group-resources/
+  title: Group and isolate cluster resources
+- path: grant-permissions/
+  title: Grant role-access to cluster resources
 ---
+{% if include.version=="ucp-3.0" %}
 
 Users, teams, and organizations are referred to as subjects in Docker EE.
 
@@ -44,7 +57,7 @@ The general flow of designing an organization with teams in UCP is:
 
 ### Create an organization with teams
 
-To create an organzation in UCP:
+To create an organization in UCP:
 
 1. Click **Organization & Teams** under **User Management**.
 2. Click **Create Organization**.
@@ -69,7 +82,7 @@ New users are assigned a default permission level so that they can access the
 cluster. To extend a user's default permissions, add them to a team and [create grants](grant-permissions.md). You can optionally grant them Docker EE
 administrator permissions.
 
-To manally create users in UCP:
+To manually create users in UCP:
 
 1. Click **Users** under **User Management**.
 2. Click **Create User**.
@@ -83,10 +96,4 @@ To manally create users in UCP:
 ![](../images/ucp_usermgmt_users_create01.png){: .with-border}
 ![](../images/ucp_usermgmt_users_create02.png){: .with-border}
 
-
-# Next steps
-
-* [Synchronize teams with LDAP](create-teams-with-ldap.md)
-* [Define roles with authorized API operations](define-roles.md)
-* [Group and isolate cluster resources](group-resources.md)
-* [Grant role-access to cluster resources](grant-permissions.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/define-roles.md

@@ -2,7 +2,18 @@
 title: Define roles with authorized API operations
 description: Learn how to create roles and set permissions in Docker Universal Control Plane.
 keywords: rbac, authorization, authentication, users, teams, UCP
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: create-users-and-teams-manually/
+  title: Create and configure users and teams
+- path: group-resources/
+  title: Group and isolate cluster resources
+- path: grant-permissions/
+  title: Grant role-access to cluster resources
 ---
+{% if include.version=="ucp-3.0" %}
 
 A role defines a set of API operations permitted against a group of resources.
 Roles are applied to users and teams with grants.
@@ -46,8 +57,4 @@ the same name to different collections or namespaces.
 > - Roles used within a grant can only be deleted after first deleting the grant.
 > - Only administrators can create and delete roles.
 
-## Next steps
-
-* [Create and configure users and teams](create-users-and-teams-manually.md)
-* [Group and isolate cluster resources](group-resources.md)
-* [Grant role-access to cluster resources](grant-permissions.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/deploy-stateless-app.md

@@ -2,7 +2,11 @@
 title: Deploy a simple stateless app with RBAC
 description: Learn how to deploy a simple application and customize access to resources.
 keywords: rbac, authorize, authentication, users, teams, UCP, Docker
+ui_tabs:
+- version: ucp-3.0
+  orhigher: false
 ---
+{% if include.version=="ucp-3.0" %}
 
 This tutorial explains how to deploy a nginx web server and limit access to one
 team with role-based access control (RBAC).
@@ -64,7 +68,7 @@ simple role for the ops team:
 4. On the **Operations** tab, check all **Kubernetes Deployment Operations**.
 5. Click **Create**.
 
-See: [Create and configure users and teams](define-roles.md).
+See: [Create and configure users and teams](create-users-and-teams-manually.md).
 
 ### Grant access
 
@@ -83,7 +87,7 @@ You've configured Docker EE. The `ops` team can now deploy `nginx`.
 2. Click **Kubernetes** > **Namespaces**.
 3. Paste the following manifest in the terminal window and click **Create**.
 
-```
+```yaml
 apiVersion: apps/v1beta2  # Use apps/v1beta1 for versions < 1.8.0
 kind: Deployment
 metadata:
@@ -109,7 +113,7 @@ spec:
 - `dba` (alex) cannot see `nginx-namespace`.
 - `dev` (bett) cannot see `nginx-namespace`.
 
-## Swarm Stack
+## Swarm stack
 
 In this section, we deploy `nginx` as a Swarm service. See [Kubernetes Deployment](#kubernetes-deployment)
 for the same exercise with Swarm.
@@ -153,7 +157,7 @@ acme-datacenter/ops + Swarm Deploy + /Shared/nginx-collection
 
 See: [Grant role-access to cluster resources](grant-permissions.md).
 
-### Deploy Nginx
+### Deploy NGINX
 
 You've configured Docker EE. The `ops` team can now deploy an `nginx` Swarm
 service.
@@ -171,3 +175,5 @@ service.
 7. Log on to UCP as each user and ensure that:
    - `dba` (alex) cannot see `nginx-collection`.
    - `dev` (bett) cannot see `nginx-collection`.
+
+{% endif %}

datacenter/ucp/3.0/guides/authorization/ee-advanced.md

@@ -2,7 +2,11 @@
 title: Access control design with Docker EE Advanced
 description: Learn how to architect multitenancy with Docker Enterprise Edition Advanced.
 keywords: authorize, authentication, users, teams, groups, sync, UCP, role, access control
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
 ---
+{% if include.version=="ucp-3.0" %}
 
 Go through the [Docker Enterprise Standard tutorial](ee-standard.md),
 before continuing here with Docker Enterprise Advanced.
@@ -134,6 +138,4 @@ that are provided by the `db` team.
 
 ![image](../images/design-access-control-adv-mobile.png){: .with-border}
 
-## Next steps
-
-* [Access control design with Docker EE Standard](ee-standard.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/ee-standard.md

@@ -2,7 +2,14 @@
 title: Access control design with Docker EE Standard
 description: Learn how to architect multitenancy by using Docker Enterprise Edition Advanced.
 keywords: authorize, authentication, users, teams, groups, sync, UCP, role, access control
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: ee-advanced/
+  title: Access control design with Docker EE Advanced
 ---
+{% if include.version=="ucp-3.0" %}
 
 [Collections and grants](index.md) are strong tools that can be used to control
 access and visibility to resources in UCP.
@@ -128,6 +135,4 @@ minus the database tier that is managed by the `db` team.
 
 ![image](../images/design-access-control-adv-4.png){: .with-border}
 
-## Next steps
-
-* [Access control design with Docker EE Advanced](ee-advanced.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/grant-permissions.md

@@ -1,8 +1,15 @@
 ---
 title: Grant role-access to cluster resources
 description: Learn how to grant users and teams access to cluster resources with role-based access control.
-keywords: rbac, ucp, grant, role, permission, authentication, authorization
+keywords: rbac, ucp, grant, role, permission, authentication, authorization, namespace
+ui_tabs:
+- version: ucp-3.0
+  orhigher: false
+next_steps:
+- path: deploy-stateless-app/
+  title: Deploy a simple stateless app with RBAC
 ---
+{% if include.version=="ucp-3.0" %}
 
 Docker EE administrators can create _grants_ to control how users and
 organizations access resources.
@@ -67,6 +74,4 @@ To create a grant in UCP:
 > To apply permissions to all Docker EE users, create a grant with the
 > `docker-datacenter` org as a subject.
 
-## Next steps
-
-* [Deploy a simple stateless app with RBAC](deploy-stateless-app.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/group-resources.md

@@ -1,8 +1,19 @@
 ---
 title: Group and isolate cluster resources
 description: Learn how to group resources into collections or namespaces to control access.
-keywords: rbac, ucp, grant, role, permission, authentication, resource collection
+keywords: rbac, ucp, grant, role, permission, authentication, resource collection, namespace
+ui_tabs:
+- version: ucp-3.0
+  orhigher: false
+next_steps:
+- path: create-users-and-teams-manually/
+  title: Create and configure users and teams
+- path: define-roles/
+  title: Define roles with authorized API operations
+- path: grant-permissions/
+  title: Grant role-access to cluster resources
 ---
+{% if include.version=="ucp-3.0" %}
 
 ## Kubernetes namespace
 
@@ -145,8 +156,4 @@ If you want to isolate nodes against other teams, place these nodes in new
 collections, and assign the `Scheduler` role, which contains the `Node Schedule`
 permission, to the team. [Isolate swarm nodes to a specific team](isolate-nodes.md).
 
-## Next case
-
-* [Create and configure users and teams](create-users-and-teams-manually.md)
-* [Define roles with authorized API operations](define-roles.md)
-* [Grant role-access to cluster resources](grant-permissions.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/index.md

@@ -2,7 +2,20 @@
 title: Access control model
 description: Manage access to resources with role-based access control.
 keywords: ucp, grant, role, permission, authentication, authorization
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: create-users-and-teams-manually/
+  title: Create and configure users and teams
+- path: define-roles/
+  title: Define roles with authorized API operations
+- path: group-resources/
+  title: Group and isolate cluster resources
+- path: grant-permissions/
+  title: Grant role-access to cluster resources
 ---
+{% if include.version=="ucp-3.0" %}
 
 [Docker Universal Control Plane (UCP)](../index.md),
 the UI for [Docker EE](https://www.docker.com/enterprise-edition), lets you
@@ -88,11 +101,6 @@ Only an administrator can manage grants, subjects, roles, and resources.
 > into directories or namespaces, define roles by selecting allowable operations,
 > and apply grants to users and teams.
 
-For more, see: [Grant access to cluster resources](grant-permissions.md).
+For more info, see: [Grant access to cluster resources](grant-permissions.md).
 
-## Next steps
-
-* [Create and configure users and teams](create-users-and-teams-manually.md)
-* [Define roles with authorized API operations](define-roles.md)
-* [Group and isolate cluster resources](group-resources.md)
-* [Grant role-access to cluster resources](grant-permissions.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/isolate-nodes.md

@@ -2,7 +2,16 @@
 title: Isolate cluster nodes in Docker Advanced
 description: Create grants that limit access to nodes to specific teams.
 keywords: ucp, grant, role, permission, authentication, node, Kubernetes
+ui_tabs:
+- version: ucp-3.0
+  orhigher: false
+- version: ucp-2.2
+  orlower: true
+next_steps:
+- path: isolate-volumes/
+  title: Isolate volumes
 ---
+{% if include.version=="ucp-3.0" %}
 
 With Docker EE Advanced, you can enable physical isolation of resources
 by organizing nodes into collections and granting `Scheduler` access for
@@ -274,6 +283,9 @@ The last step is to link the Kubernetes namespace the `/Prod` collection.
 
     ![](../images/isolate-nodes-10.png){: .with-border}
 
-## Next steps
 
-* [Isolate volumes](isolate-volumes.md)
+{% elsif include.version=="ucp-2.2" %}
+
+Learn about [isolating cluster nodes in Docker Advanced](/datacenter/ucp/2.2/guides/access-control/isolate-nodes-between-teams.md).
+
+{% endif %}

datacenter/ucp/3.0/guides/authorization/isolate-volumes.md

@@ -2,7 +2,14 @@
 title: Isolate volumes to a specific team
 description: Create grants that limit access to volumes to specific teams.
 keywords: ucp, grant, role, permission, authentication
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
+next_steps:
+- path: isolate-nodes/
+  title: Isolate Swarm nodes in Docker Advanced
 ---
+{% if include.version=="ucp-3.0" %}
 
 In this example, two teams are granted access to volumes in two different
 resource collections. UCP access control prevents the teams from viewing and
@@ -91,6 +98,4 @@ created by the Dev and Prod users.
 
 ![](../images/isolate-volumes-4.png){: .with-border}
 
-## Next steps
-
-* [Isolate Swarm nodes in Docker Advanced](isolate-nodes.md)
+{% endif %}

datacenter/ucp/3.0/guides/authorization/reset-user-password.md

@@ -1,10 +1,14 @@
 ---
 title: Reset a user password
-description: Learn how to recover your Docker Datacenter credentials.
-keywords: ucp, authentication
+description: Learn how to recover your Docker Enterprise Edition credentials.
+keywords: ucp, authentication, password
+ui_tabs:
+- version: ucp-3.0
+  orlower: true
 ---
+{% if include.version=="ucp-3.0" %}
 
-## User passwords
+## Change user passwords
 
 Docker EE administrators can reset user passwords managed in UCP:
 
@@ -18,7 +22,7 @@ Users passwords managed with an LDAP service must be changed on the LDAP server.
 
 ![](../images/recover-a-user-password-1.png){: .with-border}
 
-## Administrator passwords
+## Change administrator passwords
 
 Administrators who need a password change can ask another administrator for help
 or use **ssh** to log in to a manager node managed by Docker EE and run:
@@ -30,3 +34,7 @@ docker exec -it ucp-auth-api enzi \
   passwd -i
 {% endraw %}
 ```
+
+{% endif %}
+
+