-
Notifications
You must be signed in to change notification settings - Fork 5
DOC-1200 Unified impersonation in Cloud #370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
DOC-1200 Unified impersonation in Cloud #370
Conversation
✅ Deploy Preview for rp-cloud ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the 📝 WalkthroughWalkthroughThe changes update the Sequence Diagram(s)Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Assessment against linked issues
Assessment against linked issues: Out-of-scope changes
Possibly related PRs
Suggested reviewers
✨ Finishing touches🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal). Please share your feedback with us on this Discord post. Comment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Nitpick comments (1)
modules/security/pages/cloud-authentication.adoc (1)
22-25
: Minor wording nitpick“Set up is different for most IdPs.” → “Setup differs across IdPs.” is shorter and avoids splitting the phrasal verb.
Purely editorial—adjust if you agree.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
local-antora-playbook.yml
(1 hunks)modules/security/pages/cloud-authentication.adoc
(11 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#334
File: modules/networking/partials/psc-api2.adoc:15-16
Timestamp: 2025-06-18T21:02:38.074Z
Learning: In the Redpanda Cloud documentation system, cross-reference anchors using the format `#patch-/v1/clusters/-cluster.id-` work correctly for referencing API endpoints, even with dashes instead of curly braces around parameter names.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#350
File: modules/get-started/pages/cloud-overview.adoc:55-56
Timestamp: 2025-07-16T21:11:59.964Z
Learning: In the Redpanda Cloud documentation system using Asciidoctor, glossary cross-references with spaces in the ID (like `glossterm:data plane[]`) work correctly and do not need to be changed to hyphenated forms. The existing syntax is functional and should not be modified.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#261
File: modules/get-started/pages/cluster-types/byoc/aws/create-byoc-cluster-aws.adoc:46-50
Timestamp: 2025-04-18T19:43:32.991Z
Learning: In the Redpanda documentation using AsciiDoc format, explanatory text that provides additional information about a step should not be formatted as a separate numbered step. Instead, it should appear as regular text with bullets (using ** syntax) for any sub-points.
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.
📚 Learning: in asciidoc documentation used by redpanda, empty cross-references (xrefs) without link text (like `...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#278
File: modules/manage/pages/cluster-maintenance/config-cluster.adoc:75-75
Timestamp: 2025-04-29T18:43:42.666Z
Learning: In AsciiDoc documentation used by Redpanda, empty cross-references (xrefs) without link text (like `xref:manage:rpk/intro-to-rpk.adoc[]`) automatically use the target page's title as the link text.
Applied to files:
local-antora-playbook.yml
📚 Learning: the notification timeline for redpanda cloud deprecations has been deliberately removed from the doc...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.
Applied to files:
modules/security/pages/cloud-authentication.adoc
📚 Learning: in the redpanda cloud documentation system, cross-reference anchors using the format `#patch-/v1/clu...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#334
File: modules/networking/partials/psc-api2.adoc:15-16
Timestamp: 2025-06-18T21:02:38.074Z
Learning: In the Redpanda Cloud documentation system, cross-reference anchors using the format `#patch-/v1/clusters/-cluster.id-` work correctly for referencing API endpoints, even with dashes instead of curly braces around parameter names.
Applied to files:
modules/security/pages/cloud-authentication.adoc
📚 Learning: the timeline for major upgrade notifications (180 days in advance) was intentionally removed from th...
Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:63-64
Timestamp: 2025-04-25T01:42:09.318Z
Learning: The timeline for major upgrade notifications (180 days in advance) was intentionally removed from the Redpanda Cloud maintenance documentation, even though it was mentioned in the PR objectives.
Applied to files:
modules/security/pages/cloud-authentication.adoc
🔇 Additional comments (1)
local-antora-playbook.yml (1)
37-37
: Addition ofbadge
macro looks correct.The macro path and indentation are consistent with the existing list, so Antora should pick it up without issues. No further action required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is going to Public Beta, then i'm happy to approve this, as people will need to have docs around this if it's discoverable.
cc: @sago2k8 can you check and give thumbs up?
To enable user impersonation, go to the *Cluster settings* page and select the option to enable it. | ||
|
||
After enabling user impersonation, new Readers and Writers added to the cluster must have their roles or ACLs granted by Admins in the cluster *Security* page. | ||
|
||
CAUTION: Enabling user impersonation does not affect Admin users, but Readers and Writers will lose access until they are granted roles or ACLs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not yet implemented, it will be a closed beta, until we solve some issues:
- We haven't enabled any button to enabled the feature. this will require agreement within the cloud team. so not ready to be delivered yet, the reason is that customers could be locked out of their environments.
- Here is a writeup of the status of the feature. https://docs.google.com/document/d/14-7YZBtvvdL3U4LZSLnj6okv0kM0UueINZN1er1BX80/edit?tab=t.0#heading=h.u57fkmq321of
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moving PR to draft until we're farther along. Thank you @sago2k8!
# Conflicts: # modules/security/pages/cloud-authentication.adoc
b205f62
to
58685dc
Compare
Description
This pull request introduces a beta feature for user impersonation, enabling unified authentication and authorization between Redpanda Cloud and Redpanda clusters. Explained its benefits, configuration steps, and impact on roles and access control.
asciidoc
section oflocal-antora-playbook.yml
.Resolves https://redpandadata.atlassian.net/browse/DOC-1200
Review deadline:
Page previews
Authentication - User impersonation
Checks