Assorted renaming and string changes

docs/auth/README.md

@@ -1,6 +1,6 @@
-This folder describes third-party authentications supported by Ansible Tower. These authentications can be configured and enabled inside Tower.
+This folder describes third-party authentications supported by AWX. These authentications can be configured and enabled inside AWX.
 
-When a user wants to log into Tower, she can explicitly choose some of the supported authentications to log in instead of Tower's own authentication using username and password. Here is a list of such authentications:
+When a user wants to log into AWX, she can explicitly choose some of the supported authentications to log in instead of AWX's own authentication using username and password. Here is a list of such authentications:
 * Google OAuth2
 * Github OAuth2
 * Github Organization OAuth2
@@ -10,18 +10,18 @@ When a user wants to log into Tower, she can explicitly choose some of the suppo
 * Github Enterprise Team OAuth2
 * Microsoft Azure Active Directory (AD) OAuth2
 
-On the other hand, the other authentication methods use the same types of login info as Tower (username and password), but authenticate using external auth systems rather than Tower's own database. If some of these methods are enabled, Tower will try authenticating using the enabled methods *before Tower's own authentication method*. The order of precedence is:
+On the other hand, the other authentication methods use the same types of login info (username and password), but authenticate using external auth systems rather than AWX's own database. If some of these methods are enabled, AWX will try authenticating using the enabled methods *before AWX's own authentication method*. The order of precedence is:
 * LDAP
 * RADIUS
 * TACACS+
 * SAML
 
-Tower will try authenticating against each enabled authentication method *in the specified order*, meaning if the same username and password is valid in multiple enabled auth methods (*e.g.*, both LDAP and TACACS+), Tower will only use the first positive match (in the above example, log a user in via LDAP and skip TACACS+).
+AWX will try authenticating against each enabled authentication method *in the specified order*, meaning if the same username and password is valid in multiple enabled auth methods (*e.g.*, both LDAP and TACACS+), AWX will only use the first positive match (in the above example, log a user in via LDAP and skip TACACS+).
 
 ## Notes:
 SAML users, RADIUS users and TACACS+ users are categorized as 'Enterprise' users. The following rules apply to Enterprise users:
 
   * Enterprise users can only be created via the first successful login attempt from remote authentication backend.
-  * Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in Tower.
-  * Tower passwords of Enterprise users should always be empty and cannot be set by any user if there are enterprise backends enabled.
-  * If enterprise backends are disabled, an Enterprise user can be converted to a normal Tower user by setting password field. But this operation is irreversible (the converted Tower user can no longer be treated as Enterprise user).
+  * Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX.
+  * AWX passwords of Enterprise users should always be empty and cannot be set by any user if there are enterprise backends enabled.
+  * If enterprise backends are disabled, an Enterprise user can be converted to a normal AWX user by setting password field. But this operation is irreversible (the converted AWX user can no longer be treated as Enterprise user).

docs/auth/oauth.md

@@ -1,5 +1,5 @@
 ## Introduction
-Starting from Tower 3.3, OAuth2 will be used as the new means of token-based authentication. Users
+OAuth2 is the AWX means of token-based authentication. Users
 will be able to manage OAuth2 tokens as well as applications, a server-side representation of API
 clients used to generate tokens. With OAuth2, a user can authenticate by passing a token as part of
 the HTTP authentication header. The token can be scoped to have more restrictive permissions on top of
@@ -166,7 +166,7 @@ For an OAuth2 token, the only fully mutable fields are `scope` and `description`
 field is *immutable on update*, and all other fields are totally immutable, and will be auto-populated
 during creation.
 * `user` - this field corresponds to the user the token is created for
-* `expires` will be generated according to Tower configuration setting `OAUTH2_PROVIDER`
+* `expires` will be generated according to the configuration setting `OAUTH2_PROVIDER`
 * `token` and `refresh_token` will be auto-generated to be non-clashing random strings.  
 
 Both application tokens and personal access tokens will be shown at the `/api/v2/tokens/`
@@ -398,6 +398,6 @@ at `/api/v2/tokens/`.
 * Incoming requests using unexpired OAuth2 token correctly in authentication header should be able
   to successfully authenticate themselves.
 * Token scope mask over RBAC should work as described.
-* Tower configuration setting `OAUTH2_PROVIDER` should be configurable and function as described.
+* AWX configuration setting `OAUTH2_PROVIDER` should be configurable and function as described.
 * `/api/o/` endpoint should work as expected. In specific, all examples given in the description
   help text should be working (a user following the steps should get expected result).

docs/auth/session.md

@@ -1,8 +1,6 @@
 ## Introduction
 
-Before Tower 3.3, an auth token was used as the main authentication method. Starting from Tower 3.3,
-session-based authentication will take its place as the main authentication method, and auth token
-will be replaced by OAuth 2 tokens.
+Session-based authentication is the main authentication method, and auth tokens have been replaced by OAuth 2 tokens.
 
 Session authentication is a safer way of utilizing HTTP(S) cookies. Theoretically, the user can provide authentication information, like username and password, as part of the
 `Cookie` header, but this method is vulnerable to cookie hijacks, where crackers can see and steal user

docs/auth/tacacsplus.md

@@ -1,7 +1,7 @@
 # TACACS+
-[Terminal Access Controller Access-Control System Plus (TACACS+)](https://en.wikipedia.org/wiki/TACACS) is a protocol developed by Cisco to handle remote authentication and related services for networked access control through a centralized server. In specific, TACACS+ provides authentication, authorization and accounting (AAA) services. Ansible Tower currently utilizes its authentication service.
+[Terminal Access Controller Access-Control System Plus (TACACS+)](https://en.wikipedia.org/wiki/TACACS) is a protocol developed by Cisco to handle remote authentication and related services for networked access control through a centralized server. In specific, TACACS+ provides authentication, authorization and accounting (AAA) services. AWX currently utilizes its authentication service.
 
-TACACS+ is configured by Tower configuration and is available under `/api/v2/settings/tacacsplus/`. Here is a typical configuration with every configurable field included:
+TACACS+ is configured by settings configuration and is available under `/api/v2/settings/tacacsplus/`. Here is a typical configuration with every configurable field included:
 ```
 {
     "TACACSPLUS_HOST": "127.0.0.1",
@@ -21,7 +21,7 @@ Each field is explained below:
 | `TACACSPLUS_SESSION_TIMEOUT` | Integer             | 5                   | TACACS+ session timeout value in seconds.                          |
 | `TACACSPLUS_AUTH_PROTOCOL`   | String with choices | 'ascii'             | The authentication protocol used by TACACS+ client (choices are `ascii` and `pap`).                |
 
-Under the hood, Tower uses [open-source TACACS+ python client](https://github.com/ansible/tacacs_plus) to communicate with the remote TACACS+ server. During authentication, Tower passes username and password to TACACS+ client, which packs up auth information and sends it to the TACACS+ server. Based on what the server returns, Tower will invalidate login attempt if authentication fails. If authentication passes, Tower will create a user if she does not exist in database, and log the user in.
+Under the hood, AWX uses [open-source TACACS+ python client](https://github.com/ansible/tacacs_plus) to communicate with the remote TACACS+ server. During authentication, AWX passes username and password to TACACS+ client, which packs up auth information and sends it to the TACACS+ server. Based on what the server returns, AWX will invalidate login attempt if authentication fails. If authentication passes, AWX will create a user if she does not exist in database, and log the user in.
 
 ## Test Environment Setup
 
@@ -41,9 +41,9 @@ The playbook creates a user named 'tower' with ascii password default to 'login'
 
 ## Acceptance Criteria
 
-* All specified Tower configuration fields should be shown and configurable as documented.
-* A user defined by the TACACS+ server should be able to log into Tower.
-* User not defined by TACACS+ server should not be able to log into Tower via TACACS+.
-* A user existing in TACACS+ server but not in Tower should be created after the first successful log in.
+* All specified in configuration fields should be shown and configurable as documented.
+* A user defined by the TACACS+ server should be able to log into AWX.
+* User not defined by TACACS+ server should not be able to log into AWX via TACACS+.
+* A user existing in TACACS+ server but not in AWX should be created after the first successful log in.
 * TACACS+ backend should stop an authentication attempt after configured timeout and should not block the authentication pipeline in any case.
-* If exceptions occur on TACACS+ server side, the exception details should be logged in Tower, and Tower should not authenticate that user via TACACS+.
+* If exceptions occur on TACACS+ server side, the exception details should be logged in AWX, and AWX should not authenticate that user via TACACS+.