DOCS-780: Bug Stomping (#844)

A few big things here:

- Updated to Sphinx 6.2.1 successfully. I'm using Python 3.10.10
- Upgraded to docutils 0.19, which is latest
- Upgrade myst-parser and sphinx-design to latest stable
- Fixed a bunch of warning outputs

requirements.txt

@@ -1,13 +1,13 @@
-docutils == 0.17
-sphinx == 4.3.2
-sphinx-copybutton == 0.5.0
-sphinx-design == 0.2.0
+docutils == 0.19
+sphinx == 6.2.1
+sphinx-copybutton == 0.5.2
+sphinx-design == 0.4.1
 sphinx-markdown-tables == 0.0.15
 Sphinx-Substitution-Extensions == 2020.9.30.0
-sphinx-sitemap == 2.2.0
+sphinx-sitemap == 2.5.0
 sphinx-togglebutton === 0.3.2
 sphinxcontrib-images === 0.9.4
-myst-parser === 0.18.0
+myst-parser === 1.0.0
 linkify === 1.4
 linkify-it-py === 2.0.0
 pyyaml === 6.0

source/_static/scss/includes/_toc.scss

@@ -73,6 +73,7 @@ div.topic {
 #table-of-contents {
     flex: 1;
     position: relative;
+    border: none;
 
     .topic-title {
         @include breakpoint-max(breakpoints(lg)) {

source/administration/identity-access-management.rst

@@ -72,7 +72,7 @@ assigning a policy to a user or group depends on the configured
 
 MinIO deployments using the :ref:`MinIO Internal IDP <minio-internal-idp>`
 require explicitly associating a user to a policy or policies using the
-:mc-cmd:`mc admin policy attach` command. A user can also inherit the policies
+:mc:`mc admin policy attach` command. A user can also inherit the policies
 attached to the :ref:`groups <minio-groups>` in which they have membership.
 
 By default, MinIO *denies* access to actions or resources not explicitly allowed

source/administration/identity-access-management/ad-ldap-access-management.rst

@@ -59,7 +59,7 @@ Use either of the following methods to create a new access keys:
 
 - Log into the :ref:`MinIO Console <minio-console>` using the AD/LDAP-managed user credentials. From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Access Keys` followed by the :guilabel:`Create access keys +` button.
 
-- Use the :mc-cmd:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys.
+- Use the :mc:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys.
 
 
 Mapping Policies to User DN

source/administration/identity-access-management/minio-user-management.rst

@@ -56,7 +56,7 @@ A MinIO user can generate any number of access keys.
 This allows application owners to generate arbitrary access keys for their applications without requiring action from the MinIO administrators. 
 Since the generated access keys have the same or fewer permissions as the parents, administrators can focus on managing the top-level parent users without micro-managing generated access keys.
 
-You can create access keys using either the :ref:`MinIO Console <minio-console-user-access-keys>` *or* by using the :mc-cmd:`mc admin user svcacct add` command.
+You can create access keys using either the :ref:`MinIO Console <minio-console-user-access-keys>` *or* by using the :mc:`mc admin user svcacct add` command.
 Identities created by these methods do not expire until you remove the access key or the parent account.
 
 You can also create :ref:`security token service <minio-security-token-service>` accounts programmatically with the ``AssumeRole`` STS API endpoint.
@@ -119,7 +119,7 @@ User Management
 Create a User
 ~~~~~~~~~~~~~
 
-Use the :mc-cmd:`mc admin user add` command to create a new user on the
+Use the :mc:`mc admin user add` command to create a new user on the
 MinIO deployment:
 
 .. code-block:: shell
@@ -127,12 +127,12 @@ MinIO deployment:
 
    mc admin user add ALIAS ACCESSKEY SECRETKEY
 
-- Replace :mc-cmd:`ALIAS <mc admin user add TARGET>` with the
+- Replace :mc-cmd:`ALIAS <mc admin user add ALIAS>` with the
   :mc:`alias <mc alias>` of the MinIO deployment.
 
 - Replace :mc-cmd:`ACCESSKEY <mc admin user add ACCESSKEY>` with the 
   access key for the user. MinIO allows retrieving the access key after
-  user creation through the :mc-cmd:`mc admin user info` command.
+  user creation through the :mc:`mc admin user info` command.
 
 - Replace :mc-cmd:`SECRETKEY <mc admin user add SECRETKEY>` with the
   secret key for the user. MinIO *does not* provide any method for retrieving
@@ -142,7 +142,7 @@ Specify a unique, random, and long string for both the ``ACCESSKEY`` and
 ``SECRETKEY``. Your organization may have specific internal or regulatory
 requirements around generating values for use with access or secret keys. 
 
-After creating the user, use :mc-cmd:`mc admin policy attach` to associate a
+After creating the user, use :mc:`mc admin policy attach` to associate a
 :ref:`MinIO Policy Based Access Control <minio-policy>` to the new user. 
 The following command assigns the built-in :userpolicy:`readwrite` policy:
 
@@ -156,7 +156,7 @@ Replace ``USERNAME`` with the ``ACCESSKEY`` created in the previous step.
 Delete a User
 ~~~~~~~~~~~~~
 
-Use the :mc-cmd:`mc admin user remove` command to remove a user on a 
+Use the :mc:`mc admin user remove` command to remove a user on a 
 MinIO deployment:
 
 .. code-block:: shell
@@ -164,7 +164,7 @@ MinIO deployment:
 
    mc admin user remove ALIAS USERNAME
 
-- Replace :mc-cmd:`ALIAS <mc admin user remove TARGET>` with the
+- Replace :mc-cmd:`ALIAS <mc admin user remove ALIAS>` with the
   :mc:`alias <mc alias>` of the MinIO deployment.
 
 - Replace :mc-cmd:`USERNAME <mc admin user remove USERNAME>` with the name of

source/administration/identity-access-management/policy-based-access-control.rst

@@ -97,7 +97,7 @@ MinIO provides the following built-in policies for assigning to
    location without requiring any listing. 
    Equivalent to the :policy-action:`s3:PutObject` action.
 
-Use :mc-cmd:`mc admin policy attach` to associate a policy to a 
+Use :mc:`mc admin policy attach` to associate a policy to a 
 user or group on a MinIO deployment.
 
 For example, consider the following table of users. Each user is assigned

source/default-conf.py

@@ -51,36 +51,37 @@ extensions = [
 # Helpful for sites we tend to make lots of references to.
 
 extlinks = {
-    'kube-docs'       : ('https://kubernetes.io/docs/%s', ''),
-    'minio-git'       : ('https://github.com/minio/%s',''),
-    'github'          : ('https://github.com/%s',''),
-    'kube-api'        : ('https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/%s',''),
-    'aws-docs'        : ('https://docs.aws.amazon.com/%s',''),
-    's3-docs'         : ('https://docs.aws.amazon.com/AmazonS3/latest/userguide/%s',''),
-    's3-api'          : ('https://docs.aws.amazon.com/AmazonS3/latest/API/%s',''),
-    'iam-docs'        : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s',''),
-    'minio-release'   : ('https://github.com/minio/minio/releases/tag/%s',''),
-    'mc-release'      : ('https://github.com/minio/mc/releases/tag/%s',''),
-    'prometheus-docs' : ('https://prometheus.io/docs/%s',''),
-    'podman-docs'     : ('https://docs.podman.io/en/latest/%s',''),
-    'podman-git'      : ('https://github.com/containers/podman/%s',''),
-    'docker-docs'     : ('https://docs.docker.com/%s', ''),
-    'openshift-docs'  : ('https://docs.openshift.com/container-platform/4.11/%s', ''),
-    'influxdb-docs'   : ('https://docs.influxdata.com/influxdb/v2.4/%s',''),
-    'eks-docs'        : ('https://docs.aws.amazon.com/eks/latest/userguide/%s',''),
-    'minio-web'       : ('https://min.io/%s?ref=docs',''),
-    'minio-docs'      : ('https://min.io/docs/%s?ref=docs-internal',''),
-    'gke-docs'        : ('https://cloud.google.com/kubernetes-engine/docs/%s',''),
-    'gcp-docs'        : ('https://cloud.google.com/compute/docs/%s',''),
-    'gcs-docs'        : ('https://cloud.google.com/storage/docs/%s',''),
-    'aks-docs'        : ('https://learn.microsoft.com/en-us/azure/aks/%s',''),
-    'azure-docs'      : ('https://learn.microsoft.com/en-us/azure/%s',''),
+    'kube-docs'       : ('https://kubernetes.io/docs/%s', None),
+    'minio-git'       : ('https://github.com/minio/%s', None),
+    'github'          : ('https://github.com/%s', None),
+    'kube-api'        : ('https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/%s', None),
+    'aws-docs'        : ('https://docs.aws.amazon.com/%s', None),
+    's3-docs'         : ('https://docs.aws.amazon.com/AmazonS3/latest/userguide/%s', None),
+    's3-api'          : ('https://docs.aws.amazon.com/AmazonS3/latest/API/%s', None),
+    'iam-docs'        : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s', None),
+    'minio-release'   : ('https://github.com/minio/minio/releases/tag/%s', None),
+    'mc-release'      : ('https://github.com/minio/mc/releases/tag/%s', None),
+    'prometheus-docs' : ('https://prometheus.io/docs/%s', None),
+    'podman-docs'     : ('https://docs.podman.io/en/latest/%s', None),
+    'podman-git'      : ('https://github.com/containers/podman/%s', None),
+    'docker-docs'     : ('https://docs.docker.com/%s', None),
+    'openshift-docs'  : ('https://docs.openshift.com/container-platform/4.11/%s', None),
+    'influxdb-docs'   : ('https://docs.influxdata.com/influxdb/v2.4/%s', None),
+    'eks-docs'        : ('https://docs.aws.amazon.com/eks/latest/userguide/%s', None),
+    'minio-web'       : ('https://min.io/%s?ref=docs', None),
+    'minio-docs'      : ('https://min.io/docs/%s?ref=docs-internal', None),
+    'gke-docs'        : ('https://cloud.google.com/kubernetes-engine/docs/%s', None),
+    'gcp-docs'        : ('https://cloud.google.com/compute/docs/%s', None),
+    'gcs-docs'        : ('https://cloud.google.com/storage/docs/%s', None),
+    'aks-docs'        : ('https://learn.microsoft.com/en-us/azure/aks/%s', None),
+    'azure-docs'      : ('https://learn.microsoft.com/en-us/azure/%s', None),
 
 }
 
 suppress_warnings = [
     'toc.excluded',
     'myst.header',
+    'myst.xref_missing',
     'ref.myst'
 ]
 
@@ -99,6 +100,8 @@ exclude_patterns = ['includes/*', '*-template.rst']
 # html_baseurl is used by sphinx_sitemap extension to generate a sitemap.xml for each platform.
 # The sitemaps are combined in a sitemapindex.xml file at the root level.
 
+sitemap_url_scheme = "{link}"
+
 excludes = []
 
 if tags.has("linux"):
@@ -177,8 +180,10 @@ elif tags.has("aks"):
 exclude_patterns.extend(excludes)
 
 # MyST Parser Customization
-myst_gfm_only = True
+#myst_gfm_only = True
 myst_heading_anchors = 2
+myst_all_links_external=False
+myst_url_schemes={'http': None, 'https': None, 'mailto': None, 'ftp': None}
 
 # Copy-Button Customization
 

source/includes/common/common-configure-keycloak-identity-management.rst

@@ -266,7 +266,7 @@ Select :guilabel:`Save` to apply the configuration.
 .. start-configure-keycloak-minio-cli
 
 
-You can use the :mc:`mc admin idp openid add` command to create a new configuration for the Keycloak service.
+You can use the :mc-cmd:`mc admin idp openid add` command to create a new configuration for the Keycloak service.
 The command takes all supported :ref:`OpenID Configuration Settings <minio-open-id-config-settings>`:
 
 .. code-block:: shell

source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst

@@ -81,13 +81,13 @@ You must explicitly assign MinIO policies to a given user or group Distinguished
 
 The following example assumes an existing :ref:`alias <alias>` configured for the MinIO Tenant.
 
-Use the :mc-cmd:`mc admin policy set` command to assign a user or group DN to an existing MinIO Policy:
+Use the :mc:`mc admin policy attach` command to assign a user or group DN to an existing MinIO Policy:
 
 .. code-block:: shell
    :class: copyable
 
-   mc admin policy set minio-tenant POLICY user='uid=primary,cn=applications,dc=domain,dc=com'
-   mc admin policy set minio-tenant policy group='cn=applications,ou=groups,dc=domain,dc=com'
+   mc admin policy attach minio-tenant POLICY user='uid=primary,cn=applications,dc=domain,dc=com'
+   mc admin policy attach minio-tenant POLICY group='cn=applications,ou=groups,dc=domain,dc=com'
 
 Replace ``POLICY`` with the name of the MinIO policy to assign to the user or group DN.
 

source/includes/k8s/steps-configure-openid-external-identity-management.rst

@@ -100,7 +100,7 @@ Consider the following example policy that grants general S3 API access on only
       ]
    }
 
-Use the :mc-cmd:`mc admin policy add` command to create a policy for use by an OIDC user:
+Use the :mc:`mc admin policy attach` command to create a policy for use by an OIDC user:
 
 .. code-block:: shell
    :class: copyable

source/operations/external-iam.rst

@@ -176,7 +176,7 @@ MinIO uses :ref:`Policy Based Access Control (PBAC) <minio-access-management>` t
 When using an Active Directory/LDAP server for identity management (authentication), MinIO maintains control over access (authorization) through PBAC. 
 
 When a user successfully authenticates to MinIO using their AD/LDAP credentials, MinIO searches for all :ref:`policies <minio-policy>` which are explicitly associated to that user's Distinguished Name (DN). 
-Specifically, the policy must be assigned to a user with a matching DN using the :mc-cmd:`mc admin policy attach` command. 
+Specifically, the policy must be assigned to a user with a matching DN using the :mc:`mc admin policy attach` command. 
 
 MinIO also supports querying for the user's AD/LDAP group membership. 
 MinIO attempts to match existing policies to the DN for each of the user's groups. 

source/operations/external-iam/configure-keycloak-identity-management.rst

@@ -221,7 +221,7 @@ You can validate the functionality by using the Admin REST API with the MinIO cl
 
 MinIO supports multiple methods for configuring Keycloak Admin API Support:
 
-- Using a terminal/shell and the :mc-cmd:`mc admin idp openid` command
+- Using a terminal/shell and the :mc:`mc admin idp openid` command
 - Using environment variables set prior to starting MinIO
 
 .. tab-set::

source/operations/troubleshooting.rst

@@ -229,7 +229,7 @@ Enabling or Disabling Call Home
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Call Home is **disabled** by default.
-You can :mc-cmd:`~mc support callhome enable` and :mc-cmd:`~mc support callhome disable` Call Home functionality at any time using the MinIO Client's :mc-cmd:`mc support callhome` commands.
+You can :mc-cmd:`~mc support callhome enable` and :mc-cmd:`~mc support callhome disable` Call Home functionality at any time using the MinIO Client's :mc:`mc support callhome` commands.
 The command and its subcommands allow you to enable Call Home uploads for only the diagnostics, only the error logs, or both.
 Refer to the documentation on the commands for more details.
 

source/reference/minio-mc-admin/mc-admin-user-disable.rst

@@ -89,7 +89,7 @@ Use :mc-cmd:`mc admin user disable` to disable a user on a MinIO deployment.
 
    mc admin user disable ALIAS USERNAME
 
-- Replace :mc-cmd:`ALIAS <mc admin user disable TARGET>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
+- Replace :mc-cmd:`ALIAS <mc admin user disable ALIAS>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
 
 - Replace :mc-cmd:`USERNAME <mc admin user disable USERNAME>` with the username of the user to disable.
 

source/reference/minio-mc-admin/mc-admin-user-remove.rst

@@ -85,7 +85,7 @@ Use :mc-cmd:`mc admin user remove` to remove a user from a MinIO deployment:
 
    mc admin user remove ALIAS USERNAME
 
-- Replace :mc-cmd:`ALIAS <mc admin user remove TARGET>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
+- Replace :mc-cmd:`ALIAS <mc admin user remove ALIAS>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
 
 - Replace :mc-cmd:`USERNAME <mc admin user remove USERNAME>` with the username of the user to remove.
 

source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst

@@ -18,10 +18,12 @@ Syntax
 
 .. start-mc-admin-svcacct-info-desc
 
-The :mc-cmd:`mc admin user svcacct info` command returns a description of the specified access key.
+The :mc-cmd:`mc admin user svcacct info` command returns a description of the specified :ref:`access key <minio-id-access-keys>`.
 
 .. end-mc-admin-svcacct-info-desc
 
+"Access Keys" have equivalent functionality to and replace the concept of "Service Accounts" in MinIO.
+
 The description output includes the following details, as available:
 
 - Access Key
@@ -42,7 +44,7 @@ Use :mc-cmd:`~mc admin user svcacct info --policy` to view the attached policies
       .. code-block:: shell  
          :class: copyable 
   
-         mc admin user svcacct info myminio myuserserviceaccount 
+         mc admin user svcacct info myminio myuseraccesskey 
 
    .. tab-item:: SYNTAX
 
@@ -54,7 +56,7 @@ Use :mc-cmd:`~mc admin user svcacct info --policy` to view the attached policies
          mc [GLOBALFLAGS] admin user svcacct info           \  
                                              [--policy]     \  
                                              ALIAS          \  
-                                             SERVICEACCOUNT
+                                             ACCESSKEY
 
       .. include:: /includes/common-minio-mc.rst
          :start-after: start-minio-syntax
@@ -69,11 +71,16 @@ Parameters
 
    The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
 
-.. mc-cmd:: SERVICEACCOUNT
+.. mc-cmd:: ACCESSKEY
    :required:
 
    The service account access key to display.
 
+.. mc-cmd:: --policy
+   :optional:
+
+   Displays policies attached to the specified service account.
+
 
 Global Flags
 ~~~~~~~~~~~~
@@ -93,11 +100,11 @@ Use :mc-cmd:`mc admin user svcacct info` to display details of a service account
 .. code-block:: shell
    :class: copyable
 
-      mc admin user svcacct info ALIAS SERVICEACCOUNT
+      mc admin user svcacct info ALIAS ACCESSKEY
 
 - Replace :mc-cmd:`ALIAS <mc admin user add ALIAS>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
 
-- Replace :mc-cmd:`SERVICEACCOUNT <mc admin user svcacct info SERVICEACCOUNT>` with the service account access key.
+- Replace :mc-cmd:`ACCESSKEY <mc admin user svcacct info ACCESSKEY>` with the service account access key.
 
 
 The output resembles the following:
@@ -120,11 +127,11 @@ Use :mc-cmd:`mc admin user svcacct info` to display the policies attached to ser
 .. code-block:: shell
    :class: copyable
 
-      mc admin user svcacct info --policy ALIAS SERVICEACCOUNT
+      mc admin user svcacct info --policy ALIAS ACCESSKEY
 
 - Replace :mc-cmd:`ALIAS <mc admin user add ALIAS>` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
 
-- Replace :mc-cmd:`SERVICEACCOUNT <mc admin user svcacct info SERVICEACCOUNT>` with the service account access key.
+- Replace :mc-cmd:`ACCESSKEY <mc admin user svcacct info ACCESSKEY>` with the service account access key.
 
 The output resembles the following:
 

source/url-excludes.yaml

@@ -8,6 +8,7 @@ excludes:
 - 'operations/install-deploy-manage/delete-minio-tenant.rst'
 - 'operations/install-deploy-manage/minio-operator-console.rst'
 - 'operations/deploy-manage-tenants.rst'
+- 'developers/sts-for-operator.rst'
 - 'reference/kubectl-minio-plugin.rst'
 - 'reference/kubectl-minio-plugin/kubectl-minio-delete.rst'
 - 'reference/kubectl-minio-plugin/kubectl-minio-init.rst'

sphinxext/cond.py

@@ -12,7 +12,6 @@ from docutils import nodes
 from docutils.nodes import Element, Node
 from docutils.parsers.rst import Directive, directives
 from sphinx.util.docutils import SphinxDirective
-from docutils.utils import SafeString
 from sphinx.util.nodes import nested_parse_with_titles, set_source_info, Node
 from typing import TYPE_CHECKING, Any, Dict, List, cast
 
@@ -33,7 +32,7 @@ class Cond(Directive):
         try:
             result = config._raw_config['tags'].eval_condition(self.arguments[0])
         except ValueError as err:
-            raise self.severe(u'Error parsing conditional parsing expression: {}'.format(SafeString(str(err))))
+            raise self.severe(u'Error parsing conditional parsing expression: {}'.format(str(err)))
 
         if result:
             node = nodes.Element()
@@ -58,7 +57,7 @@ class CondPlus(SphinxDirective):
         try:
             result = config._raw_config['tags'].eval_condition(self.arguments[0])
         except ValueError as err:
-            raise self.severe(u'Error parsing conditional parsing expression: {}'.format(SafeString(str(err))))
+            raise self.severe(u'Error parsing conditional parsing expression: {}'.format(str(err)))
 
         if not result:
              # early exit if we know there's no match