[v8] Fix Doctests CI (#10117)

.cloudbuild/ci/doc-tests.yaml

@@ -3,6 +3,9 @@ steps:
     id: docs-test
     env:
       - WITH_EXTERNAL_LINKS=true
+    entrypoint: /bin/bash
     dir: /src
-    args: ['yarn', 'remark', '/workspace/docs/pages/**/*.mdx', '--frail']
+    args: 
+      - -c 
+      - ln -s /workspace /src/content && yarn markdown-lint-external-links
     timeout: 10m

CHANGELOG.md

@@ -773,7 +773,7 @@ To learn more about configuring role-based access control for Database Access, c
 
 See [Reference](https://goteleport.com/teleport/docs/database-access/reference/) for an overview of Database Access related configuration and CLI commands.
 
-Finally, check out [Frequently Asked Questions](./database-access/faq/).
+Finally, check out [Frequently Asked Questions](./database-access/faq.mdx).
 
 #### OSS RBAC
 
@@ -1338,7 +1338,7 @@ This release of Teleport contains multiple bug fixes.
 
 ## 4.3.0
 
-This is a major Teleport release with a focus on new features, functionality, and bug fixes. It’s a substantial release and users can review [4.3 closed issues](https://github.com/gravitational/teleport/milestone/37?closed=1) on Github for details of all items. We would love your feedback - please pick a [time slot for a remote UX feedback session](https://calendly.com/benarent-gravitational/teleport-4-3-feedback-session?month=2020-06) if you’re interested.
+This is a major Teleport release with a focus on new features, functionality, and bug fixes. It’s a substantial release and users can review [4.3 closed issues](https://github.com/gravitational/teleport/milestone/37?closed=1) on Github for details of all items.
 
 #### New Features
 
@@ -1547,19 +1547,19 @@ This is a minor Teleport release with a focus on new features and bug fixes.
 
 ### Improvements
 
-* Alpha: Enhanced Session Recording lets you know what's really happening during a Teleport Session. [Read the docs](https://gravitational.com/teleport/docs/ver/4.2/features/enhanced_session_recording/). [#2948](https://github.com/gravitational/teleport/issues/2948)
-* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](https://gravitational.com/teleport/docs/ver/4.2/enterprise/#approval-workflows). [#3006](https://github.com/gravitational/teleport/issues/3006)
-* Beta: Teleport provides HA Support using Firestore and Google Cloud Storage using Google Cloud Platform. [Read the docs](https://gravitational.com/teleport/docs/ver/4.2/gcp_guide/). [#2821](https://github.com/gravitational/teleport/pull/2821)
-* Remote tctl execution is now possible. [Read the docs](https://gravitational.com/teleport/docs/ver/4.2/cli-docs/#tctl). [#1525](https://github.com/gravitational/teleport/issues/1525) [#2991](https://github.com/gravitational/teleport/issues/2991)
+* Alpha: Enhanced Session Recording lets you know what's really happening during a Teleport Session. [#2948](https://github.com/gravitational/teleport/issues/2948)
+* Alpha: Workflows API lets admins escalate RBAC roles in response to user requests. [Read the docs](./enterprise/workflow). [#3006](https://github.com/gravitational/teleport/issues/3006)
+* Beta: Teleport provides HA Support using Firestore and Google Cloud Storage using Google Cloud Platform. [Read the docs](./setup/deployments/gcp.mdx). [#2821](https://github.com/gravitational/teleport/pull/2821)
+* Remote tctl execution is now possible. [Read the docs](./setup/reference/cli.mdx#tctl). [#1525](https://github.com/gravitational/teleport/issues/1525) [#2991](https://github.com/gravitational/teleport/issues/2991)
 
 ### Fixes
 
 * Fixed issue in socks4 when rendering remote address [#3110](https://github.com/gravitational/teleport/issues/3110)
 
 ### Documentation
 
-* Adopting root/leaf terminology for trusted clusters. [Trusted cluster documentation](https://gravitational.com/teleport/docs/ver/4.2/trustedclusters/).
-* Documented Teleport FedRAMP & FIPS Support. [FedRAMP & FIPS documentation](https://gravitational.com/teleport/docs/ver/4.2/enterprise/ssh_fips/).
+* Adopting root/leaf terminology for trusted clusters. [Trusted cluster documentation](./setup/admin/trustedclusters.mdx).
+* Documented Teleport FedRAMP & FIPS Support. [FedRAMP & FIPS documentation](./enterprise/fedramp.mdx).
 
 ## 4.1.11
 
@@ -1790,7 +1790,7 @@ With this release of Teleport, we have built out the foundation to help Teleport
 
 ### Improvements
 
-* Teleport now support 10,000 remote connections to a single Teleport cluster. [Using our recommend hardware setup.](https://gravitational.com/teleport/faq/#whats-teleport-scalability-and-hardware-recommendations)
+* Teleport now support 10,000 remote connections to a single Teleport cluster. [Using our recommend hardware setup.](./setup/operations/scaling.mdx#hardware-recommendations)
 * Added ability to delete node using `tctl rm`. [#2685](https://github.com/gravitational/teleport/pull/2685)
 * Output of `tsh ls` is now sorted by node name. [#2534](https://github.com/gravitational/teleport/pull/2534)
 
@@ -2274,7 +2274,7 @@ available Teleport clusters with ease.
 #### Configuration Changes
 
 * Role templates (depreciated in Teleport 2.3) were fully removed. We recommend
-  migrating to role variables which are documented [here](https://gravitational.com/teleport/docs/ssh_rbac/#roles)
+  migrating to role variables which are documented [here](./access-controls/guides/role-templates.mdx)
 
 * Resource names (like roles, connectors, trusted clusters) can no longer
   contain unicode or other special characters. Update the names of all user

docs/pages/application-access/guides/aws-console.mdx

@@ -15,7 +15,7 @@ This guide will explain how to:
 - Setup example AWS IAM Read Only and Power User roles.
 - Use Teleport's role-based access control with AWS IAM roles.
 - View Teleport users' AWS console activity in CloudTrail.
--  Access the AWS Command Line Interface (CLI) through Teleport.
+- Access the AWS Command Line Interface (CLI) through Teleport.
 
 ## Prerequisites
 

docs/pages/database-access/guides/azure-postgres-mysql.mdx

@@ -97,7 +97,7 @@ achieve that:
 <Tabs>
 <TabItem label="Using managed identity">
   Go to the [Managed Identities](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.ManagedIdentity%2FuserAssignedIdentities)
-  page in your Azure portal and click _Create_ to create a new user-assigned
+  page in your Azure portal and click *Create* to create a new user-assigned
   managed identity:
 
   ![Managed identities](../../../img/database-access/guides/azure/[email protected])
@@ -106,7 +106,7 @@ achieve that:
 
   ![New identity](../../../img/database-access/guides/azure/[email protected])
 
-  Take note of the created identity's _Client ID_:
+  Take note of the created identity's *Client ID*:
 
   ![Created identity](../../../img/database-access/guides/azure/[email protected])
 
@@ -131,8 +131,8 @@ achieve that:
 
   ![App registrations](../../../img/database-access/guides/azure/[email protected])
 
-  Pick a name (e.g. _DatabaseService_) and register a new application. Once the
-  app has been created, take note of its _Application (client) ID_ and click on
+  Pick a name (e.g. *DatabaseService*) and register a new application. Once the
+  app has been created, take note of its *Application (client) ID* and click on
   *Add a certificate or secret*:
 
   ![Registered app](../../../img/database-access/guides/azure/[email protected])
@@ -164,8 +164,8 @@ principal you need to create Azure AD users for that principal in the database.
 ### Assign Azure AD administrator
 
 Only the Azure AD administrator for the database can connect to it and create
-Azure AD users. Go to your database's _Active Directory admin_ page
-and set the AD admin using the _Set admin_ button:
+Azure AD users. Go to your database's *Active Directory admin* page
+and set the AD admin using the *Set admin* button:
 
 ![Set AD admin](../../../img/database-access/guides/azure/[email protected])
 

docs/pages/database-access/guides/mysql-cloudsql.mdx

@@ -198,7 +198,7 @@ $ teleport start --config=/path/to/teleport-db.yaml --token=/tmp/token
 ### GCP credentials
 
 Teleport Database Service must have credentials of `teleport-db-service` GCP
-service account we created [above](#create-service-account-for-teleport-database-service)
+service account we created [above](#create-a-service-account-for-the-teleport-database-service)
 in order to be able to login.
 
 The easiest way to ensure that is to set `GOOGLE_APPLICATION_CREDENTIALS`

docs/pages/database-access/guides/postgres-cloudsql.mdx

@@ -274,7 +274,7 @@ $ teleport start --config=/path/to/teleport-db.yaml --token=/tmp/token
 ### GCP credentials
 
 Teleport Database Service must have credentials of `teleport-db-service` GCP
-service account we created [above](#create-service-account-for-teleport-database-service)
+service account we created [above](#create-a-service-account-for-teleport-database-service)
 in order to be able to generate IAM auth tokens.
 
 The easiest way to ensure that is to set `GOOGLE_APPLICATION_CREDENTIALS`
@@ -326,7 +326,7 @@ $ tsh db login --db-user=teleport@<project-id>.iam --db-name=postgres cloudsql
   title="What database user name to use?"
 >
   When connecting to the database, use the name of the database service account
-  that you added as IAM database user [above](#create-service-account-for-database),
+  that you added as IAM database user [above](#create-a-service-account-for-the-database),
   minus the `.gserviceaccount.com` suffix. The database user name is shown on
   the Users page of your Cloud SQL instance.
 </Admonition>

docs/pages/desktop-access/reference.mdx

@@ -25,7 +25,7 @@ description: Teleport Desktop Access configuration and CLI reference.
 # You can have multiple Desktop Access services in your cluster (but not in the
 # same teleport.yaml), connected to the same or different Active Directory
 # domains.
-(!docs/pages/includes/desktop-access/desktop-config.mdx!)
+(!docs/pages/includes/desktop-access/desktop-config.yaml!)
 ```
 
 This `host_labels` configuration would apply the `environment: dev` label to a
@@ -36,14 +36,14 @@ to a desktop named `desktop.prod.example.com`.
 
 The Windows Desktop Service can be deployed in two modes.
 
-In _direct_ mode, Windows Desktop Services registers directly with the Teleport
+In *direct* mode, Windows Desktop Services registers directly with the Teleport
 Auth Server, and listens for desktop connections from the Teleport Proxy. To
 enable direct mode, set `windows_desktop_service.listen_addr` in
 `teleport.yaml`, and ensure that `teleport.auth_servers` points directly at the
 auth server. Direct mode requires network connectivity from the Teleport Proxy
 to Windows Desktop Service, and from Windows Desktop Service to the auth server.
 
-In _IoT mode_, Windows Desktop Service only needs to be able to make an outbound
+In *IoT mode*, Windows Desktop Service only needs to be able to make an outbound
 connection to a Teleport Proxy. The Windows Desktop Service establishes a
 reverse tunnel to the proxy, and both registration with the auth server and
 desktop sessions are performed over this tunnel. To enable this mode, ensure

docs/pages/getting-started/linux-server.mdx

@@ -105,7 +105,7 @@ Next, generate a configuration file for Teleport using the `teleport configure`
   # Wrote config to file "/etc/teleport.yaml". Now you can start the server. Happy Teleporting!
   ```
 
-  The `--acme-email` flag indicates an email address that Let's Encrypt can use for notifications, and does _not_ require the same domain name as your Teleport host. 
+  The `--acme-email` flag indicates an email address that Let's Encrypt can use for notifications, and does *not* require the same domain name as your Teleport host. 
 
   For the `--cluster-name` flag, enter the domain name you used when creating a DNS A record earlier.
 

docs/pages/kubernetes-access/guides/multiple-clusters.mdx

@@ -5,7 +5,7 @@ description: Connecting a Kubernetes cluster to Teleport.
 
 ## Prerequisites
 
-- [Kubernetes](https://kubernetes.io) >= v(=kubernetes.major_version=).(=kubernetes_minor_version=).0
+- [Kubernetes](https://kubernetes.io) >= v(=kubernetes.major_version=).(=kubernetes.minor_version=).0
 - [Helm](https://helm.sh) >= (=helm.version=)
 - Installed and running Teleport Cluster
 

docs/pages/setup/reference/config.mdx

@@ -696,5 +696,5 @@ db_service:
       period: 1m0s
 
 # This section configures the windows desktop service
-(!docs/pages/includes/desktop-access/desktop-config.mdx!)
+(!docs/pages/includes/desktop-access/desktop-config.yaml!)
 ```

docs/pages/setup/security/reduce-blast-radius.mdx

@@ -197,7 +197,7 @@ spec:
       - contractors
 ```
 
-Analysts sometimes need write access to your organization's database in order to create stored procedures, and can request access to the `db-writer` role. Only trusted analysts can request this access, and belong to a special `admins` group. Using `deny` rules, you can prevent analysts who are _not_ in the `admins` group from requesting access to the `db-writer` role:
+Analysts sometimes need write access to your organization's database in order to create stored procedures, and can request access to the `db-writer` role. Only trusted analysts can request this access, and belong to a special `admins` group. Using `deny` rules, you can prevent analysts who are *not* in the `admins` group from requesting access to the `db-writer` role:
 
 ```yaml
 kind: role
@@ -219,7 +219,7 @@ spec:
           deny: 1
 ```
 
-The `claims_to_roles` field within an `allow` or `deny` rule maps a user's `traits` to `roles` that they are either permitted or forbidden to request. In this case, we use the `{{regexp.not_match(\"admin\")}}` template function to prevent any user  from requesting the `db-writer` role unless they have a `groups` trait with a value like `administrator` or `admins`. Users who _do_ have such a trait can request the role with two approvals.
+The `claims_to_roles` field within an `allow` or `deny` rule maps a user's `traits` to `roles` that they are either permitted or forbidden to request. In this case, we use the `{{regexp.not_match(\"admin\")}}` template function to prevent any user  from requesting the `db-writer` role unless they have a `groups` trait with a value like `administrator` or `admins`. Users who *do* have such a trait can request the role with two approvals.
 
 
 ## Set up your RBAC without admin roles
@@ -268,7 +268,7 @@ Two `user`s can grant elevated privileges to another `user` temporarily without
 - [Per-session MFA](../../access-controls/guides/per-session-mfa.mdx)
 - [Dual authorization](../../access-controls/guides/dual-authz.mdx)
 - [Role templates, allow/deny rules, and traits](../../access-controls/guides/role-templates.mdx)
-- [Access requests and plugins](../../enterprise/workflow.mdx)
+- [Access requests and plugins](../../enterprise/workflow)
 
 ### Background reading
 - [Authentication connectors](../reference/authentication.mdx)