docs: various nits in specs

Signed-off-by: Hidde Beydals <[email protected]>

Author: hiddeco

docs/spec/v1beta2/buckets.md

@@ -440,8 +440,8 @@ data:
 ##### Workload Identity
 
 If you have [Workload Identity mutating webhook](https://azure.github.io/azure-workload-identity/docs/installation/managed-clusters.html)
-installed on your cluster. You would need to create an Azure Identity and
-give it access to Azure Blob Storage.
+installed on your cluster. You need to create an Azure Identity and give it
+access to Azure Blob Storage.
 
 ```shell
 export IDENTITY_NAME="blob-access"
@@ -451,7 +451,7 @@ az role assignment create --role "Storage Blob Data Reader" \
 --scope "/subscriptions/<SUBSCRIPTION-ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<account-name>/blobServices/default/containers/<container-name>"
 ```
 
-Establish federated identity between the identity and the source-controller
+Establish a federated identity between the Identity and the source-controller
 ServiceAccount.
 
 ```shell
@@ -500,7 +500,7 @@ patches:
               azure.workload.identity/use: "true"
 ```
 
-If you have set Workload Identity up correctly and labeled the source-controller
+If you have set up Workload Identity correctly and labeled the source-controller
 Pod and ServiceAccount, then you don't need to reference a Secret. For more information,
 please see [documentation](https://azure.github.io/azure-workload-identity/docs/quick-start.html).
 
@@ -520,7 +520,7 @@ spec:
 ##### Managed Identity with AAD Pod Identity
 
 If you are using [aad pod identity](https://azure.github.io/aad-pod-identity/docs),
-you can create an identity that has access to Azure Storage.
+You need to create an Azure Identity and give it access to Azure Blob Storage.
 
 ```sh
 export IDENTITY_NAME="blob-access"
@@ -533,7 +533,7 @@ export IDENTITY_CLIENT_ID="$(az identity show -n ${IDENTITY_NAME} -g ${RESOURCE_
 export IDENTITY_RESOURCE_ID="$(az identity show -n ${IDENTITY_NAME} -otsv --query id)"
 ```
 
-Create an `AzureIdentity` object that references the identity created above:
+Create an AzureIdentity object that references the identity created above:
 
 ```yaml
 ---
@@ -548,7 +548,8 @@ spec:
   type: 0  # user-managed identity
 ```
 
-Create an `AzureIdentityBinding` object that binds pods with a specific selector with the `AzureIdentity` created:
+Create an AzureIdentityBinding object that binds Pods with a specific selector
+with the AzureIdentity created:
 
 ```yaml
 apiVersion: "aadpodidentity.k8s.io/v1"
@@ -575,8 +576,8 @@ spec:
         aadpodidbinding: ${IDENTITY_NAME}  # match the AzureIdentity name
 ```
 
-If you have set aad-pod-identity up correctly and labeled the source-controller
-pod, then you don't need to reference a secret.
+If you have set up aad-pod-identity correctly and labeled the source-controller
+Pod, then you don't need to reference a Secret.
 
 ```yaml
 apiVersion: source.toolkit.fluxcd.io/v1beta2
@@ -618,13 +619,16 @@ data:
   sasKey: <base64>
 ```
 
-The sasKey only contains the SAS token e.g `?sv=2020-08-0&ss=bfqt&srt=co&sp=rwdlacupitfx&se=2022-05-26T21:55:35Z&st=2022-05...`.
-The leading question mark is optional.
-The query values from the `sasKey` data field in the Secrets gets merged with the ones in the `spec.endpoint` of the `Bucket`.
-If the same key is present in the both of them, the value in the `sasKey` takes precedence.
+The `sasKey` only contains the SAS token e.g
+`?sv=2020-08-0&ss=bfqt&srt=co&sp=rwdlacupitfx&se=2022-05-26T21:55:35Z&st=2022-05...`.
+The leading question mark (`?`) is optional. The query values from the `sasKey`
+data field in the Secrets gets merged with the ones in the `.spec.endpoint` of
+the Bucket. If the same key is present in the both of them, the value in the
+`sasKey` takes precedence.
 
-**Note:** The SAS token has an expiry date and it must be updated before it expires to allow Flux to
-continue to access Azure Storage. It is allowed to use an account-level or container-level SAS token.
+**Note:** The SAS token has an expiry date, and it must be updated before it
+expires to allow Flux to continue to access Azure Storage. It is allowed to use
+an account-level or container-level SAS token.
 
 The minimum permissions for an account-level SAS token are:
 
@@ -839,7 +843,7 @@ spec:
 
 ### Triggering a reconcile
 
-To manually tell the source-controller to reconcile a Bucket outside of the
+To manually tell the source-controller to reconcile a Bucket outside the
 [specified interval window](#interval), a Bucket can be annotated with
 `reconcile.fluxcd.io/requestedAt: <arbitrary value>`. Annotating the resource
 queues the Bucket for reconciliation if the `<arbitrary-value>` differs from

docs/spec/v1beta2/helmrepositories.md

@@ -233,7 +233,7 @@ by extension gain access to ACR.
 When the kubelet managed identity has access to ACR, source-controller running on 
 it will also have access to ACR.
 
-##### Workload Identity
+##### Azure Workload Identity
 
 When using Workload Identity to enable access to ACR, add the following patch to
 your bootstrap repository, in the `flux-system/kustomization.yaml` file:
@@ -317,7 +317,7 @@ Workload Identity, and by extension gain access to GCR or Artifact Registry.
 When the GKE nodes have the appropriate OAuth scope for accessing GCR and Artifact Registry,
 source-controller running on it will also have access to them.
 
-#### Workload Identity
+#### GKE Workload Identity
 
 When using Workload Identity to enable access to GCR or Artifact Registry, add the
 following patch to your bootstrap repository, in the `flux-system/kustomization.yaml`