[v8] Revert Moderated Sessions docs (#10399)

* Revert "Set role examples to v4 and add detail warnings (#10345)"

This reverts commit b390fb5.

* Revert "Add documentation for moderated sessions (#9425) (#10302)"

This reverts commit e8ed183.

docs/config.json

@@ -238,8 +238,7 @@
             { "title": "Second Factor - WebAuthn", "slug": "/access-controls/guides/webauthn/" },
             { "title": "Per-session MFA", "slug": "/access-controls/guides/per-session-mfa/" },
             { "title": "Dual Authorization", "slug": "/access-controls/guides/dual-authz/" },
-            { "title": "Impersonation", "slug": "/access-controls/guides/impersonation/" },
-            { "title": "Moderated Sessions", "slug": "/access-controls/guides/moderated-sessions/" }
+            { "title": "Impersonation", "slug": "/access-controls/guides/impersonation/" }
           ]
         },
         { "title": "Reference", "slug": "/access-controls/reference/" },

docs/pages/access-controls/guides.mdx

@@ -23,7 +23,4 @@ layout: tocless-doc
   <li>
     [Locking](./guides/locking.mdx). Lock access to active user sessions or hosts.
   </li>
-  <li>
-    [Moderated Sessions](./guides/moderated-sessions.mdx). Require session auditors and allow fine-grained live session access.
-  </li>
 </ul>

docs/pages/access-controls/reference.mdx

@@ -41,12 +41,6 @@ $ tctl get roles
 
 A role definition looks like this:
 
-<Details title="Role Versioning" min="8.3" opened>
-  The role example below uses `version: v4` for compatability reasons. Note that
-  the `join_sessions` and `require_session_join` fields are only supported on `version: v5` roles,
-  which are otherwise identical to `version: v4`.
-</Details>
-
 ```yaml
 kind: role
 version: v4
@@ -136,35 +130,6 @@ spec:
     - resources: [token]
       verbs: [list,create,read,update,delete]
 
-    # Moderated Sessions policy that dictates requirements for starting a session.
-    require_session_join:
-      # Defines the name of the policy. The name serves only as an
-      # identifier in logs and for organisation/categorisation.
-      - name: Auditor oversight
-        # Specifies an RBAC predicate that is used to define
-        # which users count against the required user count of the policy.
-        filter: 'contains(user.roles, "auditor")'
-        # The different session kinds this policy applies to.
-        kinds: ['k8s', 'ssh']
-        # A list of session participant modes that a participant must have
-        # one of in order to count against the policy.
-        modes: ['moderator']
-        # The minimum amount of users that need to match the filter expression
-        # in order to satisfy the policy.
-        count: 1
-     
-    # Moderated Sessions policy that dictates the ability to join sessions
-    join_sessions:
-      # Defines the name of the policy. The name serves only as an
-      # identifier in logs and for organisation/categorisation.
-      - name: Auditor oversight
-        # Allows one to join sessions created by other users with these roles
-        roles : ['prod-access']
-        # The different session kinds this policy applies to.
-        kinds: ['k8s', 'ssh']
-        # The list of session participant modes the role may join the session as.
-        modes: ['moderator', 'observer']
-
   # The deny section uses the identical format as the 'allow' section.
   # The deny rules always override allow rules.
   deny: {}
@@ -236,17 +201,11 @@ that are more appropriately scoped.
 
 ### Role versions
 
-There are currently three supported role versions: `v3`, `v4` and `v5`. `v4` roles are
-completely backwards-compatible with `v3`. The only difference lies in the
-default allow labels, which will be applied to the role if they are not
+There are currently two supported role versions: `v3` and `v4`. `v4` roles are
+completely backwards-compatible with `v3`, the only difference lies in the
+default allow labels which will be applied to the role if they are not
 explicitly set.
 
-`v5` roles are also backwards compatible with `v4`. They add
-the `join_sessions` and `require_session_join` fields related to [Moderated Sessions](./guides/moderated-sessions.mdx).
-
-Upon upgrading to Telport 8.3.0 or later, new roles will be created with `version: v5` and old roles
-will be migrated as they are edited but not automatically.
-
 Label              | `v3` Default   | `v4` Default
 ------------------ | -------------- | ---------------
 `node_labels`       | `[{"*": "*"}]` if the role has any logins, else `[]` | `[]`

docs/pages/getting-started/docker-compose.mdx

@@ -215,4 +215,4 @@ tctl auth sign --host=mars.openssh.teleport --format=openssh --overwrite --out=m
 
 # Adds generated certs to SSH agent on start
 cd /mnt/shared/certs && /usr/bin/ssh-add bot;
-```
+```

docs/pages/setup/security/reduce-blast-radius.mdx

@@ -273,4 +273,4 @@ Two `user`s can grant elevated privileges to another `user` temporarily without
 ### Background reading
 - [Authentication connectors](../reference/authentication.mdx)
 - [Proxy Service](../../architecture/proxy.mdx)
-- [Auth Service](../../architecture/authentication.mdx)
+- [Auth Service](../../architecture/authentication.mdx)