(DOCSP-35342): Added AKO BCP content. (#14)

* (DOCSP-35342): Added AKO BCP content.

* (DOCSP-35342): Incorporated Roo and Dan's feedback.

* (DOCSP-35342): Incorporated Serguisz's feedback.

* (DOCSP-35342): Incorporated Evelyn's feedback.

* (DOCSP-35342): Incorporated Roo's feedback.

* (DOCSP-35342): Incorporated Roo's feedback.

* (DOCSP-35342): Added shortcut.

Author: corryroot

snooty.toml

@@ -16,7 +16,8 @@ intersphinx = [ "https://www.mongodb.com/docs/master/objects.inv",
 toc_landing_pages = [
     "/configure-ak8so-access-to-atlas",
     "/custom-resources",
-    "/ak8so-private-link"
+    "/ak8so-private-link",
+    "/ak8so-back-up-deployment"
 ]
 
 [constants]

source/ak8so-back-up-deployment.txt

@@ -76,6 +76,24 @@ Review the following considerations:
   You can configure this with the ``spec.copySetting`` field in the 
   :ref:`atlasbackupschedule-custom-resource`.
 
+.. note::
+
+   If you have a :ref:`{+bcp+} enabled <ak8so-bcp>`, you 
+   can't modify the :ref:`backup policy <configure-backup-policy>` for 
+   an individual {+cluster+} below the minimum requirements set in the 
+   {+bcp+}. You can modify the {+cluster+}-level backup policy at any 
+   time. |service| augments any preexisting {+cluster+}-level policies 
+   to meet the minimum requirements of the {+bcp+}. All new 
+   {+clusters+} use the {+bcp+}. If you reduce the frequency of a 
+   backup schedule, the change applies only to future backups. Any 
+   existing :term:`oplog` remains for the original window. The minimum 
+   requirements of the {+bcp+} apply. You can 
+   :ref:`configure extra snapshot retention 
+   <config-extra-snapshot-retention>`. You can also view backup details 
+   for all ``M10+`` {+dedicated-clusters+} including deleted 
+   {+clusters+} with retained snapshots. To learn more, see 
+   :ref:`backup-retained-snapshots`.
+
 Limitations
 -----------
 
@@ -184,3 +202,8 @@ Follow these steps to enable {+cloud-backup+} for your |ak8so|-managed
              namespace: mongodb-atlas-system              
          EOF
 
+.. toctree::
+   :titlesonly:
+
+   Backup Compliance Policies </ak8so-bcp>
+   

source/ak8so-bcp.txt

@@ -0,0 +1,161 @@
+.. _ak8so-bcp:
+
+====================================
+Configure a {+bcp+}
+====================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+If you have strict data protection requirements, you can use |ak8so| to 
+enable a :ref:`{+bcp+} <backup-compliance-policy>` to protect your 
+backup data.
+
+.. include:: /includes/fact-you-cannot-disable-bcp.rst
+   
+.. _ak8so-bcp-prohibited-actions:
+
+Prohibited Actions
+------------------
+
+If you enable a {+bcp+}, no user, regardless of role, can do certain 
+actions. Carefully review the :ref:`prohibited actions 
+<bcp-prohibited-actions>`.
+
+.. important::
+
+   If you set this parameter to ``true``, |service| upgrades all 
+   backup policies in the project regardless of what is specified in 
+   the :ref:`atlasbackuppolicy-custom-resource`. |service| overrides 
+   the :ref:`atlasbackuppolicy-custom-resource` and the status 
+   of that custom resource updates to ``Ready: False``. You must 
+   manually update the :ref:`atlasbackuppolicy-custom-resource` to 
+   align with the {+bcp+}.
+
+   If you set this parameter to ``false``, creating the {+bcp+} fails 
+   if the existing backup policies do not satisfy the {+bcp+}.
+
+.. _ak8so-bcp-considerations:
+
+Considerations
+--------------
+
+After you enable a {+bcp+}, certain behaviors apply. Carefully 
+review the :ref:`considerations <bcp-considerations>`.
+
+Required Access
+---------------
+
+To configure a {+bcp+}, you must have :authrole:`Project Owner` access 
+to the project. Users with :authrole:`Organization Owner` access must 
+add themselves as a ``Project Owner`` to the project before configuring 
+a {+bcp+}.
+
+Prerequisites
+-------------
+
+- Only MongoDB Support can do the following actions:
+ 
+  - Disable the {+bcp+}.
+   
+  - Disable :ref:`{+PIT-Restore+} <create-cluster-backups>` if the 
+    {+bcp+} has the 
+    :guilabel:`Require Point in Time Restore to all clusters` option 
+    set to :guilabel:`On`.
+
+  - Reduce the :ref:`{+PIT-Restore+} Restore Window 
+    <create-pit-policy>`.
+
+  - Delete :ref:`policy items <creating-backup-policy>` specified in 
+    the {+bcp+}.
+    
+- Only the specified security or legal representative can 
+  :ref:`request support <request-support>`.
+
+- You can apply a {+bcp+} to ``M10+`` {+dedicated-clusters+} only.
+
+  .. note::
+
+     You can't convert a {+dedicated-cluster+} to an ``M0`` 
+     {+free-cluster+}, an ``M2`` or ``M5`` {+shared-cluster+}, or a 
+     {+serverless-instance+}.
+
+Procedure
+---------
+
+.. procedure::
+   :style: normal
+
+   .. step:: Create the {+bcp+}.
+
+      To learn more about the parameters for a {+bcp+}, see the 
+      :ref:`bcp-custom-resource`.
+
+      **Example:**
+
+      .. code-block:: sh
+
+         cat <<EOF | kubectl apply -f -
+         apiVersion: atlas.mongodb.com/v1
+         kind: AtlasBackupCompliancePolicy
+         metadata:
+           name: my-backup-compliance-policy
+           namespace: mongdb-atlas-system
+         spec:
+           authorizedEmail: [email protected]
+           authorizedUserFirstName: John
+           authorizedUserLastName: Doe
+           copyProtectionEnabled: false
+           encryptionAtRestEnabled: false
+           onDemandPolicy:
+             retentionUnit: weeks
+             retentionValue: 3
+           overwriteBackupPolicies: false
+           pointInTimeEnabled: true
+           restoreWindowDays: 42
+           scheduledPolicyItems:
+           - frequencyInterval: 2
+             frequencyType: daily
+             retentionUnit: days
+             retentionValue: 7
+         EOF
+
+      .. note::
+
+         This {+bcp+} applies as the minimum backup policy to all 
+         {+clusters+} in the project. The {+bcp+} protects all 
+         existing snapshots. The {+bcp+} prevents any user, 
+         regardless of role, from modifying or deleting existing 
+         snapshots prior to their expiration. Changes made to this 
+         {+bcp+} apply only to future snapshots. If you enable a 
+         {+bcp+}, the {+bcp+} limits your ability to reduce backup 
+         storage costs. You can't adjust the retention or delete a 
+         backup to reduce the backup storage costs.
+
+   .. step:: Apply the {+bcp+} to the project.
+
+      In the :setting:`spec.backupCompliancePolicyRef` parameter in the 
+      :ref:`atlasproject-custom-resource`, specify the name and 
+      namespace of the opaque |k8s-secret| that references the 
+      :ref:`bcp-custom-resource`.
+
+      **Example:**
+
+      .. code-block:: sh
+
+         cat <<EOF | kubectl apply -f -
+         apiVersion: atlas.mongodb.com/v1
+         kind: AtlasProject
+         metadata:
+           name: my-project
+         spec:
+           backupCompliancePolicyRef:
+             name: my-backup-compliance-policy
+             namespace: mongodb-atlas-system
+         EOF
+      

source/atlasproject-custom-resource.txt

@@ -1109,6 +1109,35 @@ This section describes the ``AtlasProject`` custom resource parameters:
    must specify this setting. To learn more, see 
    :ref:`enable-audit-logs`.
 
+.. setting:: spec.backupCompliancePolicyRef
+
+   *Type*: object
+
+   *Conditional*
+
+   Object that contains the name and namespace of the opaque
+   |k8s-secret| that references the :ref:`bcp-custom-resource`. If you 
+   enable a {+bcp+}, you must specify this parameter.
+
+.. setting:: spec.backupCompliancePolicyRef.name
+
+   *Type*: string
+
+   *Conditional*
+
+   Name of the opaque |k8s-secret| that references the 
+   :ref:`bcp-custom-resource`. If you enable a {+bcp+}, you must 
+   specify this parameter.
+
+.. setting:: spec.backupCompliancePolicyRef.namespace
+
+   *Type*: object
+
+   *Conditional*
+
+   Namespace of the opaque |k8s-secret| that references the 
+   :ref:`bcp-custom-resource`. If you enable a {+bcp+}, you must 
+   specify this parameter.
 
 .. setting:: spec.connectionSecretRef.name