From 7de7378da60c828b65b898ff750743a5f3e747ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@dashbit.co>
Date: Fri, 8 Nov 2024 07:58:57 +0100
Subject: [PATCH] Update docs around authentication

---
 README.md                         |  4 ++--
 docs/authentication.md            |  2 +-
 docs/authentication/basic_auth.md | 11 ++---------
 docs/authentication/cloudflare.md |  2 +-
 docs/authentication/google_iap.md |  2 +-
 docs/authentication/tailscale.md  |  2 +-
 docs/deployment/clustering.md     |  2 +-
 docs/deployment/docker.md         |  2 +-
 mix.exs                           |  3 +--
 9 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index abf812d7b..b8d212b22 100644
--- a/README.md
+++ b/README.md
@@ -233,8 +233,8 @@ The following environment variables can be used to configure Livebook on boot:
     user's operating system home.
 
   * `LIVEBOOK_IDENTITY_PROVIDER` - controls whether Zero Trust Authentication
-    must be used as the identity provider. This is useful when deploying
-    Livebook inside a cloud platform, such as Cloudflare and Google.
+    must be used for this Livebook instance. This is useful when deploying
+    Livebook airgapped inside a cloud platform, such as Cloudflare and Google.
     Supported values are:
 
       * `basic_auth:<username>:<password>`
diff --git a/docs/authentication.md b/docs/authentication.md
index d1f9979ff..315548abd 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -2,7 +2,7 @@
 
 Livebook has three levels of authentication:
 
-  * Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. This is done via Zero Trust Authentication and typically used when deploying Livebook to production. See the "Authentication" section on the sidebar for more information.
+  * Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. If you are deploying your Livebook instances with [Livebook Teams](https://livebook.dev/teams), all instances include Livebook Teams authentication by default. You can also manually configure your Livebook instance to have their own authentication, see the "Airgapped Authentication" section.
 
   * Admin authentication: this authenticates access to Livebook admin interface, where users can create, write, and manage notebooks. Both password and token authentication are available. See the next section for more information.
 
diff --git a/docs/authentication/basic_auth.md b/docs/authentication/basic_auth.md
index 621d68295..f32d36765 100644
--- a/docs/authentication/basic_auth.md
+++ b/docs/authentication/basic_auth.md
@@ -4,18 +4,11 @@ Setting up Basic Authentication is a simple mechanism for protecting all routes
 
 ## How to
 
-To integrate Basic Authentication with Livebook, set the `LIVEBOOK_IDENTITY_PROVIDER` environment variable to `basic_auth:<username>:<password>`.
-
-To do it, run:
-
-```bash
-LIVEBOOK_IDENTITY_PROVIDER=basic_auth:user:pass \
-livebook server
-```
+To integrate Basic Authentication with Livebook, set the `LIVEBOOK_IDENTITY_PROVIDER` environment variable to `basic_auth:<username>:<password>`, and then deploy or directly run your Livebook instance.
 
 ## Livebook Teams
 
-[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with pre-configured Zero Trust Authentication, shared team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
+[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with built-in authentication via Livebook Teams. You can also pre-configure environment variables (such as `LIVEBOOK_IDENTITY_PROVIDER`), share team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
 
 Furthermore, if you are deploying multi-session apps via [Livebook Teams](https://livebook.dev/teams/), you can programmatically access data from the authenticated user by calling [`Kino.Workspace.app_info/0`](https://hexdocs.pm/kino/Kino.Workspace.html#app_info/0).
 
diff --git a/docs/authentication/cloudflare.md b/docs/authentication/cloudflare.md
index 3277100c1..0d8ad30f7 100644
--- a/docs/authentication/cloudflare.md
+++ b/docs/authentication/cloudflare.md
@@ -17,7 +17,7 @@ https://developers.cloudflare.com/cloudflare-one/.
 
 ## Livebook Teams
 
-[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with pre-configured Zero Trust Authentication, shared team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
+[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with built-in authentication via Livebook Teams. You can also pre-configure environment variables (such as `LIVEBOOK_IDENTITY_PROVIDER`), share team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
 
 Furthermore, if you are deploying multi-session apps via [Livebook Teams](https://livebook.dev/teams/), you can programmatically access data from the authenticated user by calling [`Kino.Workspace.app_info/0`](https://hexdocs.pm/kino/Kino.Workspace.html#app_info/0).
 
diff --git a/docs/authentication/google_iap.md b/docs/authentication/google_iap.md
index 502e78258..df0ee7eb2 100644
--- a/docs/authentication/google_iap.md
+++ b/docs/authentication/google_iap.md
@@ -17,7 +17,7 @@ For more details about how to find your JWT audience, see https://cloud.google.c
 
 ## Livebook Teams
 
-[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with pre-configured Zero Trust Authentication, shared team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
+[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with built-in authentication via Livebook Teams. You can also pre-configure environment variables (such as `LIVEBOOK_IDENTITY_PROVIDER`), share team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
 
 Furthermore, if you are deploying multi-session apps via [Livebook Teams](https://livebook.dev/teams/), you can programmatically access data from the authenticated user by calling [`Kino.Workspace.app_info/0`](https://hexdocs.pm/kino/Kino.Workspace.html#app_info/0).
 
diff --git a/docs/authentication/tailscale.md b/docs/authentication/tailscale.md
index 4d3ba342d..a671f46a2 100644
--- a/docs/authentication/tailscale.md
+++ b/docs/authentication/tailscale.md
@@ -42,7 +42,7 @@ livebook server
 
 ## Livebook Teams
 
-[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with pre-configured Zero Trust Authentication, shared team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
+[Livebook Teams](https://livebook.dev/teams/) users can deploy notebooks with the click of a button with built-in authentication via Livebook Teams. You can also pre-configure environment variables (such as `LIVEBOOK_IDENTITY_PROVIDER`), share team secrets, and file storages. Both online and airgapped deployment mechanisms are supported.
 
 Furthermore, if you are deploying multi-session apps via [Livebook Teams](https://livebook.dev/teams/), you can programmatically access data from the authenticated user by calling [`Kino.Workspace.app_info/0`](https://hexdocs.pm/kino/Kino.Workspace.html#app_info/0).
 
diff --git a/docs/deployment/clustering.md b/docs/deployment/clustering.md
index 563640ae5..29cb1890f 100644
--- a/docs/deployment/clustering.md
+++ b/docs/deployment/clustering.md
@@ -10,7 +10,7 @@ You may set `LIVEBOOK_CLUSTER` to one of the following values.
 
 ### `auto`
 
-Detects the hosting platform and automatically sets up a cluster using DNS configuration. Currently the only supported platform is Fly.io.
+Detects the hosting platform and automatically sets up a cluster using DNS configuration. Currently the supported platforms are Fly.io and Kubernetes.
 
 ### `dns:QUERY`
 
diff --git a/docs/deployment/docker.md b/docs/deployment/docker.md
index fcd3c583e..cbd8c6fc1 100644
--- a/docs/deployment/docker.md
+++ b/docs/deployment/docker.md
@@ -147,4 +147,4 @@ If you are using [Livebook Teams](https://livebook.dev/teams/), you can also dep
 
 The deployment steps will show you to deploy your notebooks within Docker, Fly.io, and Kubernetes. This is effectively done by setting the `LIVEBOOK_TEAMS_AUTH`, which configures Livebook to run as a read-only instance connected to Livebook Teams.
 
-Livebook Teams also support airgapped deployments, pre-configured Zero Trust Authentication, shared team secrets, file storages, and more.
\ No newline at end of file
+Livebook Teams also support airgapped deployments, pre-configured environment variables, shared team secrets, file storages, and more.
\ No newline at end of file
diff --git a/mix.exs b/mix.exs
index 20c20b861..5e808fbc9 100644
--- a/mix.exs
+++ b/mix.exs
@@ -184,7 +184,6 @@ defmodule Livebook.MixProject do
   defp remove_cookie(release) do
     # We remove the COOKIE file when assembling the release, because we
     # don't want to share the same cookie across users.
-
     File.rm!(Path.join(release.path, "releases/COOKIE"))
     release
   end
@@ -237,7 +236,7 @@ defmodule Livebook.MixProject do
       groups_for_extras: [
         "Livebook Teams": Path.wildcard("docs/teams/*"),
         Deployment: Path.wildcard("docs/deployment/*"),
-        Authentication: Path.wildcard("docs/authentication/*")
+        "Airgapped Authentication": Path.wildcard("docs/authentication/*")
       ]
     ]
   end