DOC-1200 Unified impersonation in Cloud #370
Conversation
✅ Deploy Preview for rp-cloud ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the 📝 WalkthroughWalkthroughThe changes update the Sequence Diagram(s)Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Assessment against linked issues
Assessment against linked issues: Out-of-scope changes
Possibly related PRs
Suggested reviewers
✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
micheleRP
requested review from
andresaristizabal,
deniscoady and
sago2k8
and removed request for
andresaristizabal
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
modules/security/pages/cloud-authentication.adoc (1)
22-25: Minor wording nitpick“Set up is different for most IdPs.” → “Setup differs across IdPs.” is shorter and avoids splitting the phrasal verb.
Purely editorial—adjust if you agree.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
local-antora-playbook.yml(1 hunks)modules/security/pages/cloud-authentication.adoc(11 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#334
File: modules/networking/partials/psc-api2.adoc:15-16
Timestamp: 2025-06-18T21:02:38.074Z
Learning: In the Redpanda Cloud documentation system, cross-reference anchors using the format `#patch-/v1/clusters/-cluster.id-` work correctly for referencing API endpoints, even with dashes instead of curly braces around parameter names.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#350
File: modules/get-started/pages/cloud-overview.adoc:55-56
Timestamp: 2025-07-16T21:11:59.964Z
Learning: In the Redpanda Cloud documentation system using Asciidoctor, glossary cross-references with spaces in the ID (like `glossterm:data plane[]`) work correctly and do not need to be changed to hyphenated forms. The existing syntax is functional and should not be modified.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#261
File: modules/get-started/pages/cluster-types/byoc/aws/create-byoc-cluster-aws.adoc:46-50
Timestamp: 2025-04-18T19:43:32.991Z
Learning: In the Redpanda documentation using AsciiDoc format, explanatory text that provides additional information about a step should not be formatted as a separate numbered step. Instead, it should appear as regular text with bullets (using ** syntax) for any sub-points.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.
📚 Learning: in asciidoc documentation used by redpanda, empty cross-references (xrefs) without link text (like `...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#278
File: modules/manage/pages/cluster-maintenance/config-cluster.adoc:75-75
Timestamp: 2025-04-29T18:43:42.666Z
Learning: In AsciiDoc documentation used by Redpanda, empty cross-references (xrefs) without link text (like `xref:manage:rpk/intro-to-rpk.adoc[]`) automatically use the target page's title as the link text.
Applied to files:
local-antora-playbook.yml
📚 Learning: the notification timeline for redpanda cloud deprecations has been deliberately removed from the doc...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.
Applied to files:
modules/security/pages/cloud-authentication.adoc
📚 Learning: in the redpanda cloud documentation system, cross-reference anchors using the format `#patch-/v1/clu...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#334
File: modules/networking/partials/psc-api2.adoc:15-16
Timestamp: 2025-06-18T21:02:38.074Z
Learning: In the Redpanda Cloud documentation system, cross-reference anchors using the format `#patch-/v1/clusters/-cluster.id-` work correctly for referencing API endpoints, even with dashes instead of curly braces around parameter names.
Applied to files:
modules/security/pages/cloud-authentication.adoc
📚 Learning: the timeline for major upgrade notifications (180 days in advance) was intentionally removed from th...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:63-64
Timestamp: 2025-04-25T01:42:09.318Z
Learning: The timeline for major upgrade notifications (180 days in advance) was intentionally removed from the Redpanda Cloud maintenance documentation, even though it was mentioned in the PR objectives.
Applied to files:
modules/security/pages/cloud-authentication.adoc
🔇 Additional comments (1)
local-antora-playbook.yml (1)
37-37: Addition ofbadgemacro looks correct.The macro path and indentation are consistent with the existing list, so Antora should pick it up without issues. No further action required.
There was a problem hiding this comment.
If this is going to Public Beta, then i'm happy to approve this, as people will need to have docs around this if it's discoverable.
cc: @sago2k8 can you check and give thumbs up?
| To enable user impersonation, go to the *Cluster settings* page and select the option to enable it. | ||
|
|
||
| After enabling user impersonation, new Readers and Writers added to the cluster must have their roles or ACLs granted by Admins in the cluster *Security* page. | ||
|
|
||
| CAUTION: Enabling user impersonation does not affect Admin users, but Readers and Writers will lose access until they are granted roles or ACLs. |
There was a problem hiding this comment.
This is not yet implemented, it will be a closed beta, until we solve some issues:
- We haven't enabled any button to enabled the feature. this will require agreement within the cloud team. so not ready to be delivered yet, the reason is that customers could be locked out of their environments.
- Here is a writeup of the status of the feature. https://docs.google.com/document/d/14-7YZBtvvdL3U4LZSLnj6okv0kM0UueINZN1er1BX80/edit?tab=t.0#heading=h.u57fkmq321of
There was a problem hiding this comment.
Moving PR to draft until we're farther along. Thank you @sago2k8!
micheleRP
force-pushed
the
DOC-1200-Document-feature-Console-Unified-cluster-AuthN-AuthZ-Cloud-rollout-including-Serverless
branch
from
b205f62 to
58685dc
Compare
micheleRP
force-pushed
the
DOC-1200-Document-feature-Console-Unified-cluster-AuthN-AuthZ-Cloud-rollout-including-Serverless
branch
from
58685dc to
abceb5c
Compare
# Conflicts: # modules/security/pages/cloud-authentication.adoc
# Conflicts: # modules/security/pages/cloud-authentication.adoc # Conflicts: # modules/security/pages/cloud-authentication.adoc
micheleRP
force-pushed
the
DOC-1200-Document-feature-Console-Unified-cluster-AuthN-AuthZ-Cloud-rollout-including-Serverless
branch
from
5de9285 to
4b05a59
Compare
|
STATUS: Moving this back into Draft, since we may skip public beta and go straight to GA in Nov. |
Description
This pull request introduces a beta feature for user impersonation, enabling unified authentication and authorization between Redpanda Cloud and Redpanda clusters. Explained its benefits, configuration steps, and impact on roles and access control.
asciidocsection oflocal-antora-playbook.yml.Resolves https://redpandadata.atlassian.net/browse/DOC-1200
Review deadline:
Page previews
What's New
Authentication - User impersonation
Checks