Merge pull request #386 from authzed/axe-extenders-page

remove extenders page

Author: miparnisari

pages/authzed/concepts/audit-logging.mdx

@@ -162,16 +162,30 @@ This is an example trust policy that allows the AuthZed account to assume the ro
 ## Configuration
 
 The process for setting up audit logging varies depending on the AuthZed product you're using.
-Find the instructions for your product below.
 
-### Dedicated
+### Dedicated & Cloud
 
 Using the web dashboard, navigate to the Permission System's settings page to find the Audit Log settings.
 
 ### Self-Hosted
 
-Audit logging is configured using command-line flags.
-See the full list of flags in the [Extenders section](extenders#flags).
+Use the following command-line flags:
+
+| Flag                                             | Description                                                                                                                                                          | Default   |
+|--------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|
+| --extender-enabled                               | must be set to`authzed-audit`                                                                                                                                        |           |
+| --extender-audit-batch-size-limit                | defines the maximum number of audit events to be processed as a unit                                                                                                 | `10000`   |
+| --extender-audit-buffer-size                     | defines the size of the audit log buffer that holds events to be processed by workers                                                                                | `1000000` |
+| --extender-audit-buffer-window                   | defines maximum amount of time events are buffered before being pushed                                                                                               | `1s`      |
+| --extender-audit-disabled-on-methods strings     | list of comma-separated, fully-qualified API methods to disable events for. Watch API is always excluded (e.g. `/authzed.api.v1.PermissionsService/CheckPermission`) |           |
+| --extender-audit-initial-retry-interval duration | sets the first retry backoff in case of a failure to push audit events to the backend                                                                                | `1s`      |
+| --extender-audit-max-retry-interval duration     | sets the maximum backoff duration in case of failure to push events                                                                                                  | `30s`     |
+| --extender-audit-retry-randomizer-factor         | sets the randomization factor for the backoff duration - this helps prevent thundering herds on event push errors                                                    | `0.5`     |
+| --extender-audit-stream-name                     | defines the name of the target stream/topic (e.g. Kafka Topic, Kinesis Stream...)                                                                                    | `spicedb` |
+| --extender-audit-target-configuration            | target-type specific configuration                                                                                                                                   | `[]`      |
+| --extender-audit-target-endpoint-url string      | defines the URL of target endpoint to ingest audit events. If left unspecified, some types will try to determine automatically (e.g. AWS SDK)                        |           |
+| --extender-audit-target-type                     | defines the type of target to ingest audit events                                                                                                                    | `noop`    |
+| --extender-audit-worker-count                    | defines the number of worker goroutines to process audit events (default 5)                                                                                          |           |
 
 ### Tokens in Audit Logs
 

pages/authzed/concepts/extenders.mdx

@@ -4,9 +4,6 @@ The Management Dashboard is a web-based application for organizations to manage
 The dashboard is primarily targeting platform operators that want to configure and monitor the service.
 
 The Management Dashboard is exclusive to AuthZed [Dedicated] and [Cloud].
-In order to support a wider variety of environments, [Enterprise] customers configure [Extenders] directly instead of the Management Dashboard.
 
 [Dedicated]: ../guides/picking-a-product#dedicated
 [Cloud]: ../guides/picking-a-product#cloud
-[Enterprise]: ../guides/picking-a-product#enterprise
-[Extenders]: ./extenders

pages/authzed/concepts/management-dashboard.mdx

@@ -1,5 +1,4 @@
 import { Callout, Tabs } from 'nextra/components'
-import { Bleed } from 'nextra-theme-docs'
 
 # Restricted API Access
 
@@ -62,8 +61,6 @@ The command should output the hash, which can be referenced in your static confi
 71c73ba92f2032416b18a4f4fffb2a825755bea6a8430f2622ab1f3fb35a10d0
 ```
 
-[static configuration]: #static-configuration
-
 ### Roles
 
 Roles define rules for accessing the SpiceDB API.
@@ -189,18 +186,29 @@ This CEL expression limits CheckPermissions requests to only be able to check a
 CheckPermissionRequest.permission == "admin"
 ```
 
-## Static Configuration
+## Configuration
 
-Enterprise builds of SpiceDB can have their API access configured statically with a YAML configuration file.
+The process for setting up this feature varies depending on the AuthZed product you're using.
 
-<Callout type="warning">
-  These configuration files contain hashes of Tokens and should be treated like secrets.
-</Callout>
+### Dedicated & Cloud
+
+Using the web dashboard, navigate to the Permission System's "Access" tab.
+
+### Self-Hosted
 
-This functionality is configured with the following flag:
+Use the following command-line flags:
 
-- `--extender-enabled authzed-fgam`
-- `--extender-authzed-fgam-endpoint /path/to/configuration.yaml`
+| Flag                                  | Description                                                                                                                                                                           | Default |
+|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
+| --extender-authzed-fgam-endpoint      | defines the external SpiceDB endpoint used to authorize operations for the authzed-fgam extender. If a file:// endpoint is provided, server is run embedded with static configuration |         |
+| --extender-authzed-fgam-preshared-key | defines the external SpiceDB preshared key used to authorize operations for the authzed-fgam extender. Ignored if endpoint is local (file://)                                         |         |
+| --extender-enabled                    | must be set to `authzed-fgam`                                                                                                                                                         |         |
+
+If you set `--extender-authzed-fgam-endpoint` to a file, it must be a YAML configuration file.
+
+<Callout type="warning">
+  This configuration file should be treated like a secret because it contains token hashes.
+</Callout>
 
 Here's an example showcasing the structure of static configuration:
 
@@ -235,7 +243,7 @@ policy:
 
 ## Enabling without downtime
 
-If you want to apply a static configuration to an existing SpiceDB cluster without downtime, you must conduct an upgrade process with the following steps:
+If you want to apply a configuration to an existing SpiceDB cluster without downtime, you must conduct an upgrade process with the following steps:
 
 1. Create pre-shared keys that follow the token format for each client of your SpiceDB instance.
    You should add those to your SpiceDB instance configuration.