Suggested edits for identity doc updates

[schavis]

Description

What does this PR do?

TODO only if you're a HashiCorp employee

• Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
  • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
  of a public function, even if that change is in a CE file, double check that
  applying the patch for this PR to the ENT repo and running tests doesn't
  break any tests. Sometimes ENT only tests rely on public functions in CE
  files.
• Jira: If this change has an associated Jira, it's referenced either
  in the PR description, commit message, or branch name.
• RFC: If this change has an associated RFC, please link it in the description.
• ENT PR: If this change has an associated ENT PR, please link it in the
  description. Also, make sure the changelog is in this PR, not in your ENT PR.

[github-actions]

CI Results:
All Go tests succeeded! ✅

[github-actions]

Build Results:
All builds succeeded! ✅

[banks]

Here's the list of tempalte varaible - it's the four that refer to entity or group name that matter.

[banks]

Suggested change

	aliases. For example, you could append a unique ID to the alias name to
	differentiate between similar usernames. Be mindful of how the modified behavior
	may disrupt users as you roll out the change.
	aliases. For example, if the auth plugin allows it you could choose to append a unique ID to the alias name to
	differentiate between similar usernames. Be mindful of how the modified behavior
	may disrupt users as you roll out the change.

I forget if I wrote this or not, but often the way auth plugins map external things to alias names is not entirely in the user's control - some allow different options for it but I'm not sure how universal those are so this edit was intended to set expectations since it's probably not up to the user entirely.

[banks]

Suggested change

	* Listing by IS will return _all_ duplicates
	* Listing by ID will return _all_ duplicates

[banks]

Val also correctly pointed out that it's a little confusing that these are here. These last two are not unexpected behaviors they are correct, I was trying to point out the inconsistency between different operation types (some work some don't) but overall it's a little confusing for sure!

[banks]

There is a bunch of nuace here. In many cases I suspect it's pragmatic to go ahead anyway and deal with any fixes needed after the fact. We have to walk the line of making operators aware of the risks, however small, and what they might do if they do hit them, but also don't want to make this process seem totally unfeasable and like way more work than it probably should be - we automated almost all of it with this feature and just need to make sure these edge cases are understood.

With that in mind, I wonder if there is a clear way to message that? I tried to do that originally by giving options for remediation where the first one was "accept the risk and do it anyway" to make it clear that that might be OK for many.

[schavis]

I added a new section called "find template policies" that talks about consulting the relevant teams. Let me know if that addresses your concern

[digital-content-events]

📄 Content Checks

Updated: Fri, 24 Jan 2025 17:27:42 GMT

Found 2 error(s)

content/docs/upgrading/upgrade-to-1.19.x.mdx

Position	Description	Rule
58:55-58:75	Unexpected folder-relative link found: . Ensure this link is an absolute Developer path.	ensure-valid-link-format

content/docs/upgrading/deduplication/entity-group.mdx

Position	Description	Rule
75:12-76:22	Unexpected folder-relative link found: . Ensure this link is an absolute Developer path.	ensure-valid-link-format