diff --git a/README.md b/README.md
index 55a6e00bc..4772ae450 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ Additionally, Kuadrant provides the following CRDs
|--------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| [Kuadrant CRD](https://github.com/Kuadrant/kuadrant-operator/blob/main/api/v1beta1/kuadrant_types.go) | [Kuadrant Operator](https://github.com/Kuadrant/kuadrant-operator) | Represents an instance of kuadrant | [Kuadrant CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/config/samples/kuadrant_v1beta1_kuadrant.yaml) |
| [Limitador CRD](https://github.com/Kuadrant/limitador-operator/blob/main/api/v1alpha1/limitador_types.go) | [Limitador Operator](https://github.com/Kuadrant/limitador-operator) | Represents an instance of Limitador | [Limitador CR](https://github.com/Kuadrant/limitador-operator/blob/main/config/samples/limitador_v1alpha1_limitador.yaml) |
-| [Authorino CRD](https://docs.kuadrant.io/authorino-operator/#the-authorino-custom-resource-definition-crd) | [Authorino Operator](https://github.com/Kuadrant/authorino-operator) | Represents an instance of Authorino | [Authorino CR](https://github.com/Kuadrant/authorino-operator/blob/main/config/samples/authorino-operator_v1beta1_authorino.yaml) |
+| [Authorino CRD](https://docs.kuadrant.io/latest/authorino-operator/#the-authorino-custom-resource-definition-crd) | [Authorino Operator](https://github.com/Kuadrant/authorino-operator) | Represents an instance of Authorino | [Authorino CR](https://github.com/Kuadrant/authorino-operator/blob/main/config/samples/authorino-operator_v1beta1_authorino.yaml) |
diff --git a/doc/auth.md b/doc/auth.md
index a63aa439b..8f2fb7dc0 100644
--- a/doc/auth.md
+++ b/doc/auth.md
@@ -332,11 +332,11 @@ Check out [Route selectors](reference/route-selectors.md) for a full description
Use `when` conditions to conditionally activate policies and policy rules based on attributes that cannot be expressed in the HTTPRoutes' `spec.hostnames` and `spec.rules.matches` fields, or in general in AuthPolicies that target a Gateway.
-`when` conditions in an AuthPolicy are compatible with Authorino [conditions](https://docs.kuadrant.io/authorino/docs/features/#common-feature-conditions-when), thus supporting complex boolean expressions with AND and OR operators, as well as grouping.
+`when` conditions in an AuthPolicy are compatible with Authorino [conditions](https://docs.kuadrant.io/latest/authorino/docs/features/#common-feature-conditions-when), thus supporting complex boolean expressions with AND and OR operators, as well as grouping.
The selectors within the `when` conditions of an AuthPolicy are a subset of Kuadrant's Well-known Attributes ([RFC 0002](https://github.com/Kuadrant/architecture/blob/main/rfcs/0002-well-known-attributes.md)). Check out the reference for the full list of supported selectors.
-Authorino [JSON path string modifiers](https://docs.kuadrant.io/authorino/docs/features/#string-modifiers) can also be applied to the selectors within the `when` conditions of an AuthPolicy.
+Authorino [JSON path string modifiers](https://docs.kuadrant.io/latest/authorino/docs/features/#string-modifiers) can also be applied to the selectors within the `when` conditions of an AuthPolicy.
### Examples
@@ -434,7 +434,7 @@ To avoid these problems, use different hostnames in each route.
## Implementation details
-Under the hood, for each AuthPolicy, Kuadrant creates an Istio [`AuthorizationPolicy`](https://istio.io/latest/docs/reference/config/security/authorization-policy) and an Authorino [`AuthConfig`](https://docs.kuadrant.io/authorino/docs/architecture/#the-authorino-authconfig-custom-resource-definition-crd) custom resources.
+Under the hood, for each AuthPolicy, Kuadrant creates an Istio [`AuthorizationPolicy`](https://istio.io/latest/docs/reference/config/security/authorization-policy) and an Authorino [`AuthConfig`](https://docs.kuadrant.io/latest/authorino/docs/architecture/#the-authorino-authconfig-custom-resource-definition-crd) custom resources.
Only requests that matches the rules in the Istio `AuthorizationPolicy` cause an authorization request to be sent to the external authorization service ("Authorino"), i.e., only requests directed to the HTTPRouteRules targeted by the AuthPolicy (directly or indirectly), according to the declared top-level route selectors (if present), or all requests for which a matching HTTPRouteRule exists (otherwise).
diff --git a/doc/install/install-openshift.md b/doc/install/install-openshift.md
index 8dad89cef..2ed603ddb 100644
--- a/doc/install/install-openshift.md
+++ b/doc/install/install-openshift.md
@@ -108,7 +108,7 @@ If you have user workload monitoring enabled, it is best to configure remote wri
- [OpenShift remote write configuration](https://docs.openshift.com/container-platform/latest/observability/monitoring/configuring-the-monitoring-stack.html#configuring_remote_write_storage_configuring-the-monitoring-stack)
- [Kube Thanos](https://github.com/thanos-io/kube-thanos)
-The [example dashboards and alerts](https://docs.kuadrant.io/kuadrant-operator/doc/observability/examples/) for observing Kuadrant functionality use low-level CPU metrics and network metrics available from the user monitoring stack in OpenShift. They also use resource state metrics from Gateway API and Kuadrant resources.
+The [example dashboards and alerts](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/examples/) for observing Kuadrant functionality use low-level CPU metrics and network metrics available from the user monitoring stack in OpenShift. They also use resource state metrics from Gateway API and Kuadrant resources.
To scrape these additional metrics, you can install a `kube-state-metrics instance`, with a custom resource configuration as follows:
@@ -123,7 +123,7 @@ To enable request metrics in Istio, you must create a `telemetry` resource as fo
kubectl apply -f https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/config/observability/openshift/telemetry.yaml
```
-If you have Grafana installed in your cluster, you can import the [example dashboards and alerts](https://docs.kuadrant.io/kuadrant-operator/doc/observability/examples).
+If you have Grafana installed in your cluster, you can import the [example dashboards and alerts](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/examples).
For example installation details, see [installing Grafana on OpenShift](https://cloud.redhat.com/experts/o11y/ocp-grafana/). When installed, you must add your Thanos instance as a data source to Grafana. Alternatively, if you are using only the user workload monitoring stack in your OpenShift cluster, and not writing metrics to an external Thanos instance, you can [set up a data source to the thanos-querier route in the OpenShift cluster](https://docs.openshift.com/container-platform/4.15/observability/monitoring/accessing-third-party-monitoring-apis.html#accessing-metrics-from-outside-cluster_accessing-monitoring-apis-by-using-the-cli).
diff --git a/doc/observability/examples.md b/doc/observability/examples.md
index ef27e5aa6..5169eb3a1 100644
--- a/doc/observability/examples.md
+++ b/doc/observability/examples.md
@@ -21,7 +21,7 @@ For more details on how to import dashboards into Grafana, visit the [import das
- **ID** - Use the 'Import' feature in the Grafana UI to import via [Grafana.com](https://grafana.com/grafana/dashboards/) using a Dashboard ID.
- **ConfigMap Method:** Automate dashboard provisioning by adding files to a ConfigMap, which should be mounted at `/etc/grafana/provisioning/dashboards`.
-Datasources are configured as template variables, automatically integrating with your existing data sources. Metrics for these dashboards are sourced from [Prometheus](https://github.com/prometheus/prometheus). For more details on the metrics used, visit the [metrics](https://docs.kuadrant.io/kuadrant-operator/doc/observability/metrics/) documentation page.
+Datasources are configured as template variables, automatically integrating with your existing data sources. Metrics for these dashboards are sourced from [Prometheus](https://github.com/prometheus/prometheus). For more details on the metrics used, visit the [metrics](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/metrics/) documentation page.
## Alerts
@@ -31,4 +31,4 @@ You can integrate the [example alerts](https://github.com/Kuadrant/kuadrant-oper
Additionally, [Service Level Objective (SLO)](https://sre.google/sre-book/service-level-objectives/) alerts generated with [Sloth](https://sloth.dev/) are included. A benefit of these alerts is the ability to integrate them with this [SLO dashboard](https://grafana.com/grafana/dashboards/14348-slo-detail/), which utilizes generated labels to comprehensively overview your SLOs.
-Further information on the metrics used for these alerts can be found on the [metrics](https://docs.kuadrant.io/kuadrant-operator/doc/observability/metrics/) page.
+Further information on the metrics used for these alerts can be found on the [metrics](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/metrics/) page.
diff --git a/doc/observability/tracing.md b/doc/observability/tracing.md
index fc2012a28..16ecd1184 100644
--- a/doc/observability/tracing.md
+++ b/doc/observability/tracing.md
@@ -123,4 +123,4 @@ If you centrally aggregate logs using something like promtail and loki, you can
Using a combination of tracing and logs, you can visualise and troubleshoot reuqest timing issues and drill down to specific services.
-This method becomes even more powerful when combined with [metrics](https://docs.kuadrant.io/kuadrant-operator/doc/observability/metrics/) and [dashboards](https://docs.kuadrant.io/kuadrant-operator/doc/observability/dashboards/) to get a more complete picture of your users traffic.
+This method becomes even more powerful when combined with [metrics](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/metrics/) and [dashboards](https://docs.kuadrant.io/latest/kuadrant-operator/doc/observability/examples/) to get a more complete picture of your users traffic.
diff --git a/doc/reference/authpolicy.md b/doc/reference/authpolicy.md
index 073adf923..473b09980 100644
--- a/doc/reference/authpolicy.md
+++ b/doc/reference/authpolicy.md
@@ -31,7 +31,7 @@
| `rules` | [AuthScheme](#authscheme) | No | Implicit default authentication/authorization rules |
| `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector) | No | List of implicit default selectors of HTTPRouteRules whose matching rules activate the policy. At least one HTTPRouteRule must be selected to activate the policy. If omitted, all HTTPRouteRules of the targeted HTTPRoute activate the policy. Do not use it in policies targeting a Gateway. |
| `patterns` | Map | No | Implicit default named patterns of lists of `selector`, `operator` and `value` tuples, to be reused in `when` conditions and pattern-matching authorization rules. |
-| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/authorino/docs/features/#common-feature-conditions-when) | No | List of implicit default additional dynamic conditions (expressions) to activate the policy. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
+| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/latest/authorino/docs/features/#common-feature-conditions-when) | No | List of implicit default additional dynamic conditions (expressions) to activate the policy. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
| `defaults` | [AuthPolicyCommonSpec](#authPolicyCommonSpec) | No | Explicit default definitions. This field is mutually exclusive with any of the implicit default definitions: `spec.rules`, `spec.routeSelectors`, `spec.patterns`, `spec.when` |
| `overrides` | [AuthPolicyCommonSpec](#authPolicyCommonSpec) | No | Atomic overrides definitions. This field is mutually exclusive with any of the implicit or explicit default definitions: `spec.rules`, `spec.routeSelectors`, `spec.patterns`, `spec.when`, `spec.default` |
@@ -43,7 +43,7 @@
| `rules` | [AuthScheme](#authscheme) | No | Authentication/authorization rules |
| `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector) | No | List of selectors of HTTPRouteRules whose matching rules activate the policy. At least one HTTPRouteRule must be selected to activate the policy. If omitted, all HTTPRouteRules of the targeted HTTPRoute activate the policy. Do not use it in policies targeting a Gateway. |
| `patterns` | Map | No | Named patterns of lists of `selector`, `operator` and `value` tuples, to be reused in `when` conditions and pattern-matching authorization rules. |
-| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/authorino/docs/features/#common-feature-conditions-when) | No | List of additional dynamic conditions (expressions) to activate the policy. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
+| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/latest/authorino/docs/features/#common-feature-conditions-when) | No | List of additional dynamic conditions (expressions) to activate the policy. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
### AuthScheme
@@ -60,8 +60,8 @@
| **Field** | **Type** | **Required** | **Description** |
|-------------------------|--------------------------------------------------------------------------------------------------------------|:------------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector) | No | List of selectors of HTTPRouteRules whose matching rules activate the auth rule. At least one HTTPRouteRule must be selected to activate the auth rule. If omitted, the auth rule is activated at all requests where the policy is enforced. Do not use it in policies targeting a Gateway. |
-| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/authorino/docs/features/#common-feature-conditions-when) | No | List of additional dynamic conditions (expressions) to activate the auth rule. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
-| `cache` | [Caching spec](https://docs.kuadrant.io/authorino/docs/features/#common-feature-caching-cache) | No | Caching options for the resolved object returned when applying this auth rule. (Default: disabled) |
+| `when` | [][PatternExpressionOrRef](https://docs.kuadrant.io/latest/authorino/docs/features/#common-feature-conditions-when) | No | List of additional dynamic conditions (expressions) to activate the auth rule. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway. |
+| `cache` | [Caching spec](https://docs.kuadrant.io/latest/authorino/docs/features/#common-feature-caching-cache) | No | Caching options for the resolved object returned when applying this auth rule. (Default: disabled) |
| `priority` | Integer | No | Priority group of the auth rule. All rules in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. (Default: `0`) |
| `metrics` | Boolean | No | Whether the auth rule emits individual observability metrics. (Default: `false`) |
@@ -69,43 +69,43 @@
| **Field** | **Type** | **Required** | **Description** |
|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `apiKey` | [API Key authentication spec](https://docs.kuadrant.io/authorino/docs/features/#api-key-authenticationapikey) | No | Authentication based on API keys stored in Kubernetes secrets. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `kubernetesTokenReview` | [KubernetesTokenReview spec](https://docs.kuadrant.io/authorino/docs/features/#kubernetes-tokenreview-authenticationkubernetestokenreview) | No | Authentication by Kubernetes token review. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `jwt` | [JWT verification spec](https://docs.kuadrant.io/authorino/docs/features/#jwt-verification-authenticationjwt) | No | Authentication based on JSON Web Tokens (JWT). Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `oauth2Introspection` | [OAuth2 Token Introscpection spec](https://docs.kuadrant.io/authorino/docs/features/#oauth-20-introspection-authenticationoauth2introspection) | No | Authentication by OAuth2 token introspection. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `x509` | [X.509 authentication spec](https://docs.kuadrant.io/authorino/docs/features/#x509-client-certificate-authentication-authenticationx509) | No | Authentication based on client X.509 certificates. The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `plain` | [Plain identity object spec](https://docs.kuadrant.io/authorino/docs/features/#plain-authenticationplain) | No | Identity object extracted from the context. Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `anonymous` | [Anonymous access](https://docs.kuadrant.io/authorino/docs/features/#anonymous-access-authenticationanonymous) | No | Anonymous access. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
-| `credentials` | [Auth credentials spec](https://docs.kuadrant.io/authorino/docs/features/#extra-auth-credentials-authenticationcredentials) | No | Customizations to where credentials are required to be passed in the request for authentication based on this auth rule. Defaults to HTTP Authorization header with prefix "Bearer". |
-| `overrides` | [Identity extension spec](https://docs.kuadrant.io/authorino/docs/features/#extra-identity-extension-authenticationdefaults-and-authenticationoverrides) | No | JSON overrides to set to the resolved identity object. Do not use it with identity objects of other JSON types (array, string, etc). |
-| `defaults` | [Identity extension spec](https://docs.kuadrant.io/authorino/docs/features/#extra-identity-extension-authenticationdefaults-and-authenticationoverrides) | No | JSON defaults to set to the resolved identity object. Do not use it with identity objects of other JSON types (array, string, etc). |
+| `apiKey` | [API Key authentication spec](https://docs.kuadrant.io/latest/authorino/docs/features/#api-key-authenticationapikey) | No | Authentication based on API keys stored in Kubernetes secrets. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `kubernetesTokenReview` | [KubernetesTokenReview spec](https://docs.kuadrant.io/latest/authorino/docs/features/#kubernetes-tokenreview-authenticationkubernetestokenreview) | No | Authentication by Kubernetes token review. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `jwt` | [JWT verification spec](https://docs.kuadrant.io/latest/authorino/docs/features/#jwt-verification-authenticationjwt) | No | Authentication based on JSON Web Tokens (JWT). Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `oauth2Introspection` | [OAuth2 Token Introscpection spec](https://docs.kuadrant.io/latest/authorino/docs/features/#oauth-20-introspection-authenticationoauth2introspection) | No | Authentication by OAuth2 token introspection. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `x509` | [X.509 authentication spec](https://docs.kuadrant.io/latest/authorino/docs/features/#x509-client-certificate-authentication-authenticationx509) | No | Authentication based on client X.509 certificates. The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `plain` | [Plain identity object spec](https://docs.kuadrant.io/latest/authorino/docs/features/#plain-authenticationplain) | No | Identity object extracted from the context. Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `anonymous` | [Anonymous access](https://docs.kuadrant.io/latest/authorino/docs/features/#anonymous-access-authenticationanonymous) | No | Anonymous access. Use one of: `apiKey`, `jwt`, `oauth2Introspection`, `kubernetesTokenReview`, `x509`, `plain`, `anonymous`. |
+| `credentials` | [Auth credentials spec](https://docs.kuadrant.io/latest/authorino/docs/features/#extra-auth-credentials-authenticationcredentials) | No | Customizations to where credentials are required to be passed in the request for authentication based on this auth rule. Defaults to HTTP Authorization header with prefix "Bearer". |
+| `overrides` | [Identity extension spec](https://docs.kuadrant.io/latest/authorino/docs/features/#extra-identity-extension-authenticationdefaults-and-authenticationoverrides) | No | JSON overrides to set to the resolved identity object. Do not use it with identity objects of other JSON types (array, string, etc). |
+| `defaults` | [Identity extension spec](https://docs.kuadrant.io/latest/authorino/docs/features/#extra-identity-extension-authenticationdefaults-and-authenticationoverrides) | No | JSON defaults to set to the resolved identity object. Do not use it with identity objects of other JSON types (array, string, etc). |
| _(inline)_ | [AuthRuleCommon](#authrulecommon) | No | |
#### MetadataRule
| **Field** | **Type** | **Required** | **Description** |
|-------------|-----------------------------------------------------------------------------------------------------------------------------------|:------------:|-----------------------------------------------------------------------------------------------------------------------------------------|
-| `http` | [HTTP GET/GET-by-POST external metadata spec](https://docs.kuadrant.io/authorino/docs/features/#http-getget-by-post-metadatahttp) | No | External source of auth metadata via HTTP request. Use one of: `http`, `userInfo`, `uma`. |
-| `userInfo` | [OIDC UserInfo spec](https://docs.kuadrant.io/authorino/docs/features/#oidc-userinfo-metadatauserinfo) | No | OpendID Connect UserInfo linked to an OIDC authentication rule declared in this same AuthPolicy. Use one of: `http`, `userInfo`, `uma`. |
-| `uma` | [UMA metadata spec](https://docs.kuadrant.io/authorino/docs/features/#user-managed-access-uma-resource-registry-metadatauma) | No | User-Managed Access (UMA) source of resource data. Use one of: `http`, `userInfo`, `uma`. |
+| `http` | [HTTP GET/GET-by-POST external metadata spec](https://docs.kuadrant.io/latest/authorino/docs/features/#http-getget-by-post-metadatahttp) | No | External source of auth metadata via HTTP request. Use one of: `http`, `userInfo`, `uma`. |
+| `userInfo` | [OIDC UserInfo spec](https://docs.kuadrant.io/latest/authorino/docs/features/#oidc-userinfo-metadatauserinfo) | No | OpendID Connect UserInfo linked to an OIDC authentication rule declared in this same AuthPolicy. Use one of: `http`, `userInfo`, `uma`. |
+| `uma` | [UMA metadata spec](https://docs.kuadrant.io/latest/authorino/docs/features/#user-managed-access-uma-resource-registry-metadatauma) | No | User-Managed Access (UMA) source of resource data. Use one of: `http`, `userInfo`, `uma`. |
| _(inline)_ | [AuthRuleCommon](#authrulecommon) | No | |
#### AuthorizationRule
| **Field** | **Type** | **Required** | **Description** |
|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|--------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `patternMatching` | [Pattern-matching authorization spec](https://docs.kuadrant.io/authorino/docs/features/#pattern-matching-authorization-authorizationpatternmatching) | No | Pattern-matching authorization rules. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
-| `opa` | [OPA authorization spec](https://docs.kuadrant.io/authorino/docs/features/#open-policy-agent-opa-rego-policies-authorizationopa) | No | Open Policy Agent (OPA) Rego policy. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
-| `kubernetesSubjectAccessReview` | [Kubernetes SubjectAccessReview spec](https://docs.kuadrant.io/authorino/docs/features/#kubernetes-subjectaccessreview-authorizationkubernetessubjectaccessreview) | No | Authorization by Kubernetes SubjectAccessReview. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
-| `spicedb` | [SpiceDB authorization spec](https://docs.kuadrant.io/authorino/docs/features/#spicedb-authorizationspicedb) | No | Authorization decision delegated to external Authzed/SpiceDB server. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
+| `patternMatching` | [Pattern-matching authorization spec](https://docs.kuadrant.io/latest/authorino/docs/features/#pattern-matching-authorization-authorizationpatternmatching) | No | Pattern-matching authorization rules. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
+| `opa` | [OPA authorization spec](https://docs.kuadrant.io/latest/authorino/docs/features/#open-policy-agent-opa-rego-policies-authorizationopa) | No | Open Policy Agent (OPA) Rego policy. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
+| `kubernetesSubjectAccessReview` | [Kubernetes SubjectAccessReview spec](https://docs.kuadrant.io/latest/authorino/docs/features/#kubernetes-subjectaccessreview-authorizationkubernetessubjectaccessreview) | No | Authorization by Kubernetes SubjectAccessReview. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
+| `spicedb` | [SpiceDB authorization spec](https://docs.kuadrant.io/latest/authorino/docs/features/#spicedb-authorizationspicedb) | No | Authorization decision delegated to external Authzed/SpiceDB server. Use one of: `patternMatching`, `opa`, `kubernetesSubjectAccessReview`, `spicedb`. |
| _(inline)_ | [AuthRuleCommon](#authrulecommon) | No | |
#### ResponseSpec
| **Field** | **Type** | **Required** | **Description** |
|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|------------------------------------------------------------------------------------------------------------------------------------|
-| `unauthenticated` | [Custom denial status spec](https://docs.kuadrant.io/authorino/docs/features/#custom-denial-status-responseunauthenticated-and-responseunauthorized) | No | Customizations on the denial status and other HTTP attributes when the request is unauthenticated. (Default: `401 Unauthorized`) |
-| `unauthorized` | [Custom denial status spec](https://docs.kuadrant.io/authorino/docs/features/#custom-denial-status-responseunauthenticated-and-responseunauthorized) | No | Customizations on the denial status and other HTTP attributes when the request is unauthorized. (Default: `403 Forbidden`) |
+| `unauthenticated` | [Custom denial status spec](https://docs.kuadrant.io/latest/authorino/docs/features/#custom-denial-status-responseunauthenticated-and-responseunauthorized) | No | Customizations on the denial status and other HTTP attributes when the request is unauthenticated. (Default: `401 Unauthorized`) |
+| `unauthorized` | [Custom denial status spec](https://docs.kuadrant.io/latest/authorino/docs/features/#custom-denial-status-responseunauthenticated-and-responseunauthorized) | No | Customizations on the denial status and other HTTP attributes when the request is unauthorized. (Default: `403 Forbidden`) |
| `success` | [SuccessResponseSpec](#successresponsespec) | No | Response items to be included in the auth response when the request is authenticated and authorized. |
##### SuccessResponseSpec
@@ -119,16 +119,16 @@
| **Field** | **Type** | **Required** | **Description** |
|-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `plain` | [Plain text response item](https://docs.kuadrant.io/authorino/docs/features/#plain-text-responsesuccessheadersdynamicmetadataplain) | No | Plain text content. Use one of: `plain`, `json`, `wristband`. |
-| `json` | [JSON injection response item](https://docs.kuadrant.io/authorino/docs/features/#json-injection-responsesuccessheadersdynamicmetadatajson) | No | Specification of a JSON object. Use one of: `plain`, `json`, `wristband`. |
-| `wristband` | [Festival Wristband token response item](https://docs.kuadrant.io/authorino/docs/features/#festival-wristband-tokens-responsesuccessheadersdynamicmetadatawristband) | No | Specification of a JSON object. Use one of: `plain`, `json`, `wristband`. |
+| `plain` | [Plain text response item](https://docs.kuadrant.io/latest/authorino/docs/features/#plain-text-responsesuccessheadersdynamicmetadataplain) | No | Plain text content. Use one of: `plain`, `json`, `wristband`. |
+| `json` | [JSON injection response item](https://docs.kuadrant.io/latest/authorino/docs/features/#json-injection-responsesuccessheadersdynamicmetadatajson) | No | Specification of a JSON object. Use one of: `plain`, `json`, `wristband`. |
+| `wristband` | [Festival Wristband token response item](https://docs.kuadrant.io/latest/authorino/docs/features/#festival-wristband-tokens-responsesuccessheadersdynamicmetadatawristband) | No | Specification of a JSON object. Use one of: `plain`, `json`, `wristband`. |
| `key` | String | No | The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). Defaults to the name of the response item if omitted. |
#### CallbackRule
| **Field** | **Type** | **Required** | **Description** |
|------------------|----------------------------------------------------------------------------------------------------------------|:------------:|-----------------------------------------------------------------|
-| `http` | [HTTP endpoints callback spec](https://docs.kuadrant.io/authorino/docs/features/#http-endpoints-callbackshttp) | No | HTTP endpoint settings to build the callback request (webhook). |
+| `http` | [HTTP endpoints callback spec](https://docs.kuadrant.io/latest/authorino/docs/features/#http-endpoints-callbackshttp) | No | HTTP endpoint settings to build the callback request (webhook). |
| _(inline)_ | [AuthRuleCommon](#authrulecommon) | No | |
### NamedPattern
diff --git a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
index 5b97edd78..a739ec31b 100644
--- a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
+++ b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
@@ -285,7 +285,7 @@ EOF
The example above is for non-resource URL Kubernetes roles. For using `Roles` and `RoleBindings` instead of
`ClusterRoles` and `ClusterRoleBindings`, thus more flexible resource-based permissions to protect the API,
- see the spec for [Kubernetes SubjectAccessReview authorization](https://docs.kuadrant.io/authorino/docs/features/#kubernetes-subjectaccessreview-authorizationkubernetessubjectaccessreview)
+ see the spec for [Kubernetes SubjectAccessReview authorization](https://docs.kuadrant.io/latest/authorino/docs/features/#kubernetes-subjectaccessreview-authorizationkubernetessubjectaccessreview)
in the Authorino docs.
diff --git a/doc/user-guides/secure-protect-connect-single-multi-cluster.md b/doc/user-guides/secure-protect-connect-single-multi-cluster.md
index 5801ad5eb..63a271213 100644
--- a/doc/user-guides/secure-protect-connect-single-multi-cluster.md
+++ b/doc/user-guides/secure-protect-connect-single-multi-cluster.md
@@ -429,7 +429,7 @@ export gatewayNS=api-gateway
You can generate Kuadrant and Gateway API resources directly from OAS documents by using an `x-kuadrant` extension.
-NOTE: For a more in-depth look at the OAS extension, see the [kuadrantctl documentation](https://docs.kuadrant.io/kuadrantctl/).
+NOTE: For a more in-depth look at the OAS extension, see the [kuadrantctl documentation](https://docs.kuadrant.io/latest/kuadrantctl/).
You will use `kuadrantctl` to generate your `HTTPRoute`.
@@ -533,7 +533,7 @@ This section of the walkthrough uses the `kuadrantctl` tool to create an `AuthPo
The platform engineer workflow established default policies for authentication and rate limiting at your Gateway. The new developer-defined policies, which you will create, are intended to target your HTTPRoute and will supersede the existing policies for requests to your API endpoints, similar to your previous API key example.
-The example OAS uses Kuadrant-based extensions. These extensions enable you to define routing and service protection requirements. For more details, see [OpenAPI Kuadrant extensions](https://docs.kuadrant.io/kuadrantctl/doc/openapi-kuadrant-extensions/).
+The example OAS uses Kuadrant-based extensions. These extensions enable you to define routing and service protection requirements. For more details, see [OpenAPI Kuadrant extensions](https://docs.kuadrant.io/latest/kuadrantctl/doc/openapi-kuadrant-extensions/).
#### Prerequisites
@@ -603,7 +603,7 @@ You should see a `200` response code.
### Step 7 - Set up rate limiting
-Lastly, you can generate your `RateLimitPolicy` to add your rate limits, based on your OAS file. Rate limiting is simplified for this walkthrough and is based on either the bearer token or the API key value. There are more advanced examples in the How-to guides on the Kuadrant documentation site, for example: [Authenticated rate limiting with JWTs and Kubernetes RBAC](https://docs.kuadrant.io/kuadrant-operator/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz/).
+Lastly, you can generate your `RateLimitPolicy` to add your rate limits, based on your OAS file. Rate limiting is simplified for this walkthrough and is based on either the bearer token or the API key value. There are more advanced examples in the How-to guides on the Kuadrant documentation site, for example: [Authenticated rate limiting with JWTs and Kubernetes RBAC](https://docs.kuadrant.io/latest/kuadrant-operator/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz/).
You can continue to use this sample OAS document, which includes both authentication and a rate limit:
diff --git a/doc/user-guides/secure-protect-connect.md b/doc/user-guides/secure-protect-connect.md
index 9f02d0dd2..18edc5787 100644
--- a/doc/user-guides/secure-protect-connect.md
+++ b/doc/user-guides/secure-protect-connect.md
@@ -2,7 +2,7 @@
## Prerequisites
-- You have completed the [Single-cluster Quick Start](https://docs.kuadrant.io/getting-started-single-cluster/) or [Multi-cluster Quick Start](https://docs.kuadrant.io/getting-started-multi-cluster/).
+- You have completed the [Single-cluster Quick Start](https://docs.kuadrant.io/latest/getting-started-single-cluster/) or [Multi-cluster Quick Start](https://docs.kuadrant.io/latest/getting-started-multi-cluster/).
## Overview
diff --git a/hack/quickstart-setup.sh b/hack/quickstart-setup.sh
index 8c34ff288..392d09ef9 100755
--- a/hack/quickstart-setup.sh
+++ b/hack/quickstart-setup.sh
@@ -545,7 +545,7 @@ fi
info "Next steps:"
info " - Explore your new Kuadrant environment using 'kubectl get all -n kuadrant-system'."
info " - Head over to the Kuadrant quick start guide for further instructions on how to use Kuadrant with this environment:"
-info " 🔗 https://docs.kuadrant.io/kuadrant-operator/doc/user-guides/secure-protect-connect/"
+info " 🔗 https://docs.kuadrant.io/latest/kuadrant-operator/doc/user-guides/secure-protect-connect/"
echo ""
info "Thank you for using Kuadrant! If you have any questions or feedback, please reach out to our community."