From e8cc571befb2a60c0d691447c4c7d258d0f51d76 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Tue, 14 Apr 2026 13:59:05 -0600 Subject: [PATCH 1/2] Remove token structure examples from Cloud GBAC docs The token structure examples reference cluster properties (oidc_group_claim_path, nested_group_behavior) that Cloud users don't configure directly. Cloud users configure group claim extraction through SSO connection settings in the Cloud UI, which is already documented separately in the Cloud-specific ifdef block. Co-Authored-By: Claude Opus 4.6 (1M context) --- modules/manage/partials/gbac-token-claim-extraction.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/manage/partials/gbac-token-claim-extraction.adoc b/modules/manage/partials/gbac-token-claim-extraction.adoc index dee3978137..4c380ab98a 100644 --- a/modules/manage/partials/gbac-token-claim-extraction.adoc +++ b/modules/manage/partials/gbac-token-claim-extraction.adoc @@ -21,6 +21,7 @@ NOTE: When `nested_group_behavior` is set to `suffix`, groups that share a leaf To update these properties, use xref:manage:cluster-maintenance/cluster-property-configuration.adoc[any configuration method] (`rpk cluster config set`, the Admin API, or Redpanda Console). Changes take effect immediately without a restart. endif::[] +ifndef::env-cloud[] === Token structure examples The following examples show how Redpanda extracts group principals from different token formats. @@ -74,3 +75,4 @@ Some identity providers return group claims as a single comma-separated string i ---- Redpanda automatically splits comma-separated values and extracts principals `Group:engineering`, `Group:analytics`, and `Group:finance`. +endif::[] From 4bc68f46794a1c7b3da964fb61720e3fb7ddadcd Mon Sep 17 00:00:00 2001 From: micheleRP Date: Tue, 14 Apr 2026 14:15:01 -0600 Subject: [PATCH 2/2] Remove redundant inner ifndef::env-cloud guard The outer ifndef on line 24 already gates the entire token structure examples section from Cloud, making the inner guard around the suffix extraction subsection unnecessary. Co-Authored-By: Claude Opus 4.6 (1M context) --- modules/manage/partials/gbac-token-claim-extraction.adoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/manage/partials/gbac-token-claim-extraction.adoc b/modules/manage/partials/gbac-token-claim-extraction.adoc index 4c380ab98a..b4f95f3047 100644 --- a/modules/manage/partials/gbac-token-claim-extraction.adoc +++ b/modules/manage/partials/gbac-token-claim-extraction.adoc @@ -53,8 +53,6 @@ With `nested_group_behavior: "none"` (the default), Redpanda maps the full path {"groups": ["/departments/eng/platform", "/departments/eng/infra"]} ---- -// Not supported in Cloud -ifndef::env-cloud[] ==== Path-style group names with suffix extraction When xref:reference:properties/cluster-properties.adoc#nested_group_behavior[`nested_group_behavior`] is set to `suffix`, Redpanda maps the last path segment to principals `Group:platform` and `Group:infra`. @@ -63,7 +61,6 @@ When xref:reference:properties/cluster-properties.adoc#nested_group_behavior[`ne ---- {"groups": ["/departments/eng/platform", "/departments/eng/infra"]} ---- -endif::[] ==== CSV-formatted group claim