Use Cloud API for RBAC (#211)

* Initialize section for RBAC examples

* Specify entities for code examples

* Update xrefs, minor edits

* Update visible cloud API URLs to v1

* Cloud API going into GA

* v1 endpoint URLs are now available from cloudv2

* Revert URL update for v1alpha2 since the updated spec isn't yet available

* Forgot to revert a data plane version and URL

* Create role binding call takes predefined role names

* Apply suggestions from code review

Co-authored-by: Santiago Jimenez Giraldo <[email protected]>

* Update modules/manage/partials/controlplane-api.adoc

Co-authored-by: Santiago Jimenez Giraldo <[email protected]>

* Apply suggestion from review

* Update the rest of data plane URLs

* Remove API from beta list

* Update links to RPCN tag

* Add API GA to What's New

---------

Co-authored-by: Santiago Jimenez Giraldo <[email protected]>

Author: kbatuigas

modules/develop/pages/connect/about.adoc

@@ -1,5 +1,5 @@
 = Redpanda Connect in Redpanda Cloud
-:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--PipelineService
+:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--Redpanda-Connect-Pipeline
 :description: Learn about Redpanda Connect in Redpanda Cloud and its wide range of connectors.
 
 Redpanda Connect in Redpanda Cloud lets you quickly build and deploy streaming data pipelines on your clusters from a fully-integrated UI or using the pass:a,m[xref:{tag-pipeline-service}[Data Plane API\]]. 

modules/develop/pages/connect/configuration/resource-management.adoc

@@ -137,7 +137,7 @@ Data Plane API::
 +
 --
 . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API. 
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1alpha2/redpanda-connect/pipelines[`GET /v1alpha2/redpanda-connect/pipelines`], which lists details of all pipelines on your cluster by ID. 
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1/redpanda-connect/pipelines[`GET /v1/redpanda-connect/pipelines`], which lists details of all pipelines on your cluster by ID. 
 +
 * Memory (`memory_shares`) is displayed in megabytes. For example, `1` compute unit is `400M` or 400 MB.
 * CPU resources (`cpu_shares`) are displayed milliCPU. For example, `1` compute unit is `100m` or 0.1 CPU.
@@ -165,8 +165,8 @@ Data Plane API::
 You can only update CPU resources using the Data Plane API. For every 0.1 CPU that you allocate, Redpanda Cloud automatically reserves 400 MB of memory for the exclusive use of the pipeline.
 
 . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API, if you haven't already.
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1alpha2/redpanda-connect/pipelines/-id-[`GET /v1alpha2/redpanda-connect/pipelines/\{id}`], including the ID of the pipeline you want to update. You'll use the returned values in the next step.
-. Now make a request to xref:api:ROOT:cloud-dataplane-api.adoc#put-/v1alpha2/redpanda-connect/pipelines/-id-[`PUT /v1alpha2/redpanda-connect/pipelines/\{id}`], to update the pipeline resources:
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1/redpanda-connect/pipelines/-id-[`GET /v1/redpanda-connect/pipelines/\{id}`], including the ID of the pipeline you want to update. You'll use the returned values in the next step.
+. Now make a request to xref:api:ROOT:cloud-dataplane-api.adoc#put-/v1/redpanda-connect/pipelines/-id-[`PUT /v1/redpanda-connect/pipelines/\{id}`], to update the pipeline resources:
 +
 * Reuse the values returned by your `GET` request to populate the request body. 
 * Replace the `cpu_shares` value with the resources you want to allocate, and enter any valid value for `memory_shares`.
@@ -175,7 +175,7 @@ This example allocates 0.2 CPU or 200 milliCPU to a data pipeline. For `cpu_shar
 +
 [,bash,role=“no-placeholders”]
 ----
-curl -X PUT "https://<data-plane-api-url>/v1alpha2/redpanda-connect/pipelines/xxx..." \
+curl -X PUT "https://<data-plane-api-url>/v1/redpanda-connect/pipelines/xxx..." \
  -H 'accept: application/json'\
  -H 'authorization: Bearer xxx...' \
  -H "content-type: application/json" \
@@ -190,6 +190,6 @@ curl -X PUT "https://<data-plane-api-url>/v1alpha2/redpanda-connect/pipelines/xx
 ----
 +
 A successful response shows the updated resource allocations with the `cpu_shares` value returned in milliCPU.
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1alpha2/redpanda-connect/pipelines[`GET /v1alpha2/redpanda-connect/pipelines`] to verify your pipeline resource updates.
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#get-/v1/redpanda-connect/pipelines[`GET /v1/redpanda-connect/pipelines`] to verify your pipeline resource updates.
 --
 =====

modules/develop/pages/connect/configuration/secret-management.adoc

@@ -62,11 +62,11 @@ Data Plane API::
 You must use a Base64-encoded secret.
 
 . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API.
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#post-/v1alpha2/secrets[`POST /v1alpha2/secrets`].
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#post-/v1/secrets[`POST /v1/secrets`].
 +
 [,bash]
 ----
-curl -X POST "https://<dataplane-api-url>/v1alpha2/secrets" \
+curl -X POST "https://<dataplane-api-url>/v1/secrets" \
  -H 'accept: application/json'\
  -H 'authorization: Bearer <token>'\
  -H 'content-type: application/json' \
@@ -127,11 +127,11 @@ Data Plane API::
 You must use a Base64-encoded secret.
 
 . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API.
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#put-/v1alpha2/secrets/-id-[`PUT /v1alpha2/secrets/\{id}`].
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#put-/v1/secrets/-id-[`PUT /v1/secrets/\{id}`].
 +
 [,bash]
 ----
-curl -X PUT "https://<dataplane-api-url>/v1alpha2/secrets/<secret-name>" \
+curl -X PUT "https://<dataplane-api-url>/v1/secrets/<secret-name>" \
  -H 'accept: application/json'\
  -H 'authorization: Bearer <token>'\
  -H 'content-type: application/json' \
@@ -188,11 +188,11 @@ Data Plane API::
 --
 
 . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API.
-. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#delete-/v1alpha2/secrets/-id-[`DELETE /v1alpha2/secrets/\{id}`].
+. Make a request to xref:api:ROOT:cloud-dataplane-api.adoc#delete-/v1/secrets/-id-[`DELETE /v1/secrets/\{id}`].
 +
 [,bash]
 ----
-curl -X DELETE "https://<dataplane-api-url>/v1alpha2/secrets/<secret-name>" \
+curl -X DELETE "https://<dataplane-api-url>/v1/secrets/<secret-name>" \
  -H 'accept: application/json'\
  -H 'authorization: Bearer <token>'\
 ----

modules/get-started/pages/cloud-overview.adoc

@@ -1,7 +1,7 @@
 = Redpanda Cloud Overview
 :description: Learn about Redpanda Serverless Standard, Serverless Pro, Dedicated, and Bring Your Own Cloud (BYOC) clusters.
 :description: Learn about Redpanda Serverless, Dedicated, and Bring Your Own Cloud (BYOC) clusters.
-:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--PipelineService
+:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--Redpanda-Connect-Pipeline
 :page-aliases: cloud:dedicated-byoc.adoc, deploy:deployment-option/cloud/dedicated-byoc.adoc, deploy:deployment-option/cloud/cloud-overview.adoc
 
 
@@ -315,7 +315,6 @@ Features in beta are available for testing and feedback. They are not covered by
 The following features are currently in beta in Redpanda Cloud:
 
 * Redpanda Connect for Serverless
-* Cloud API
 * Redpanda Terraform provider
 * BYOVPC for AWS and Azure
 * Remote Read Replicas for AWS and GCP

modules/get-started/pages/cluster-types/byoc/aws/vpc-byo-aws.adoc

@@ -155,7 +155,7 @@ EOF
 . Use the Cloud API to create the network and retrieve the network ID: 
 +
 ```bash
-export REDPANDA_NETWORK_ID=$(curl -X POST "https://api.redpanda.com/v1beta2/networks" \
+export REDPANDA_NETWORK_ID=$(curl -X POST "https://api.redpanda.com/v1/networks" \
  -H "accept: application/json" \
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" \
@@ -170,7 +170,7 @@ The Create Network request returns a `resource_id`. For example:
    "operation":{
       "id":"cpas8k6r4up5li18auh0",
       "metadata":{
-         "@type":"type.googleapis.com/redpanda.api.controlplane.v1beta2.CreateNetworkMetadata",
+         "@type":"type.googleapis.com/redpanda.api.controlplane.v1.CreateNetworkMetadata",
          "network_id":"cpb338gekjj5i1cpj3t0"
       },
       "state":"STATE_IN_PROGRESS",
@@ -261,7 +261,7 @@ EOF
 . Use the Cloud API to deploy the cluster and retrieve its ID:
 +
 ```bash
-export REDPANDA_ID=$(curl -X POST "https://api.redpanda.com/v1beta2/clusters" \
+export REDPANDA_ID=$(curl -X POST "https://api.redpanda.com/v1/clusters" \
  -H "accept: application/json" \
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" \
@@ -276,7 +276,7 @@ The create cluster request returns a `resource_id`, which is required in the nex
    "operation":{
       "id":"cpas8k6r4up5li18auhg",
       "metadata":{
-         "@type":"type.googleapis.com/redpanda.api.controlplane.v1beta2.CreateClusterMetadata",
+         "@type":"type.googleapis.com/redpanda.api.controlplane.v1.CreateClusterMetadata",
          "cluster_id":"cpb33c8ekjj5i1cpj3v0"
       },
       "state":"STATE_IN_PROGRESS",
@@ -356,7 +356,7 @@ Cluster creation is an example of an operation that can take a longer period of
 Example using the operation ID returned from your create cluster command:
 
 ```bash
-curl -X GET "https://api.redpanda.com/v1beta2/operations/${REDPANDA_ID}" \
+curl -X GET "https://api.redpanda.com/v1/operations/${REDPANDA_ID}" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}"
@@ -365,7 +365,7 @@ curl -X GET "https://api.redpanda.com/v1beta2/operations/${REDPANDA_ID}" \
 Example retrieving cluster:
 
 ```bash
-curl -X GET "https://api.redpanda.com/v1beta2/clusters/${REDPANDA_ID}" \
+curl -X GET "https://api.redpanda.com/v1/clusters/${REDPANDA_ID}" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}"
@@ -376,7 +376,7 @@ curl -X GET "https://api.redpanda.com/v1beta2/clusters/${REDPANDA_ID}" \
 To delete the cluster, first send a DELETE request to the Cloud API, and retrieve the `resource_id` of the DELETE operation. Then run the `rpk` command to destroy the cluster identified by the `resource_id`.
 
 ```bash
-export REDPANDA_ID=$(curl -X DELETE "https://api.redpanda.com/v1beta2/clusters/${REDPANDA_ID}" \
+export REDPANDA_ID=$(curl -X DELETE "https://api.redpanda.com/v1/clusters/${REDPANDA_ID}" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" | jq -r '.operation.resource_id')

modules/get-started/pages/cluster-types/byoc/azure/create-byoc-cluster-azure.adoc

@@ -128,11 +128,11 @@ To enable xref:develop:managed-connectors/index.adoc[Kafka Connect] for clusters
 
 . Authenticate to the Redpanda Cloud API. Follow the steps in xref:manage:api/cloud-api-authentication.adoc[].
 
-. Enable Kafka Connect by making a xref:api:ROOT:cloud-controlplane-api.adoc#patch-/v1beta2/clusters/-cluster.id-[`PATCH /v1beta2/clusters`] request:
+. Enable Kafka Connect by making a xref:api:ROOT:cloud-controlplane-api.adoc#patch-/v1/clusters/-cluster.id-[`PATCH /v1/clusters`] request:
 +
 [,bash]
 ----
-curl -X PATCH "https://api.redpanda.com/v1beta2/clusters/<cluster-id>" \
+curl -X PATCH "https://api.redpanda.com/v1/clusters/<cluster-id>" \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \

modules/get-started/pages/cluster-types/byoc/azure/vnet-azure.adoc

@@ -326,7 +326,7 @@ EOF
 . Use the Cloud API to create the network and retrieve the network ID:
 +
 ```bash
-export REDPANDA_NETWORK_ID=$(curl -X POST "https://api.redpanda.com/v1beta2/networks" \
+export REDPANDA_NETWORK_ID=$(curl -X POST "https://api.redpanda.com/v1/networks" \
  -H "accept: application/json" \
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" \
@@ -396,7 +396,7 @@ TIP: See the full list of zones and tiers available with each provider in the xr
 . Make a Cloud API call to create a Redpanda network and get the network ID from the response in JSON `.operation.metadata.network_id`.
 +
 ```bash
-export REDPANDA_ID=$(curl -X POST "https://api.redpanda.com/v1beta2/clusters" \
+export REDPANDA_ID=$(curl -X POST "https://api.redpanda.com/v1/clusters" \
  -H "accept: application/json"\ 
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" \
@@ -428,7 +428,7 @@ Cluster creation is an example of an operation that can take a longer period of
 Example using the returned `operation_id`:
 
 ```bash
-curl -X GET "https://api.redpanda.com/v1beta2/operations/<operation_id of operation from previous step>" \
+curl -X GET "https://api.redpanda.com/v1/operations/<operation-id>" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}"
@@ -437,7 +437,7 @@ curl -X GET "https://api.redpanda.com/v1beta2/operations/<operation_id of operat
 Example retrieving cluster:
 
 ```bash
-curl -X GET "https://api.redpanda.com/v1beta2/clusters/<resource_id of cluster from previous step>" \
+curl -X GET "https://api.redpanda.com/v1/clusters/<resource-id>" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}"
@@ -448,7 +448,7 @@ curl -X GET "https://api.redpanda.com/v1beta2/clusters/<resource_id of cluster f
 To delete the cluster, first send a DELETE request to the Cloud API, and retrieve the `resource_id` of the DELETE operation. Then run the `rpk` command to destroy the cluster identified by the `resource_id`.
 
 ```bash
-export REDPANDA_ID=$(curl -X DELETE "https://api.redpanda.com/v1beta2/clusters/${REDPANDA_ID}" \
+export REDPANDA_ID=$(curl -X DELETE "https://api.redpanda.com/v1/clusters/${REDPANDA_ID}" \
  -H "accept: application/json"\
  -H "content-type: application/json" \
  -H "authorization: Bearer ${BEARER_TOKEN}" | jq -r '.operation.resource_id')

modules/get-started/pages/cluster-types/byoc/remote-read-replicas.adoc

@@ -53,13 +53,13 @@ This should be done in the Terraform of the reader cluster.
 
 Add or remove reader clusters to a source cluster in Redpanda Cloud with the xref:redpanda-cloud:manage:api/controlplane/index.adoc[Cloud Control Plane API]. For information on accessing the Cloud API, see xref:manage:api/cloud-api-authentication.adoc[].
 
-. To update your source cluster to add one or more reader cluster IDs, make a xref:api:ROOT:cloud-controlplane-api.adoc#patch-/v1beta2/clusters/-cluster.id-[`PATCH /v1beta2/clusters/{cluster.id}`] request. The full list of clusters is expected on every call. If an ID is removed from the list, it is removed as a reader cluster.
+. To update your source cluster to add one or more reader cluster IDs, make a xref:api:ROOT:cloud-controlplane-api.adoc#patch-/v1/clusters/-cluster.id-[`PATCH /v1/clusters/{cluster.id}`] request. The full list of clusters is expected on every call. If an ID is removed from the list, it is removed as a reader cluster.
 +
 ```bash
 export SOURCE_CLUSTER_ID=.......
 export READER_CLUSTER_ID=.......
 
-curl -X PATCH $API_HOST/v1beta2/clusters/$SOURCE_CLUSTER_ID \
+curl -X PATCH $API_HOST/v1/clusters/$SOURCE_CLUSTER_ID \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer $API_TOKEN" \
 -d @- << EOF 
@@ -69,12 +69,12 @@ curl -X PATCH $API_HOST/v1beta2/clusters/$SOURCE_CLUSTER_ID \
 EOF
 ```
 
-. Optional: To see the list of reader clusters on a given source cluster, make a xref:api:ROOT:cloud-controlplane-api.adoc#get-/v1beta2/clusters/-id-[`GET /v1beta2/clusters/\{id}`] request:
+. Optional: To see the list of reader clusters on a given source cluster, make a xref:api:ROOT:cloud-controlplane-api.adoc#get-/v1/clusters/-id-[`GET /v1/clusters/\{id}`] request:
 +
 ```bash
 export SOURCE_CLUSTER_ID=.......
 
-curl -X GET $API_HOST/v1beta2/clusters/$SOURCE_CLUSTER_ID \
+curl -X GET $API_HOST/v1/clusters/$SOURCE_CLUSTER_ID \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer $API_TOKEN"
 ```

modules/get-started/pages/whats-new-cloud.adoc

@@ -1,6 +1,6 @@
 = What's New in Redpanda Cloud
 :description: Summary of new features in Redpanada Cloud.
-:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--PipelineService
+:tag-pipeline-service: api:ROOT:cloud-dataplane-api.adoc#tag--Redpanda-Connect-Pipeline
 :page-aliases: deploy:deployment-option/cloud/whats-new-cloud.adoc
 :page-toclevels: 1
 
@@ -9,6 +9,12 @@ This page lists new features added in Redpanda Cloud.
 
 == March 2025
 
+=== Cloud API: GA
+
+The xref:manage:api/cloud-api-overview.adoc[Cloud API] is now generally available. It includes endpoints for xref:manage:api/cloud-serverless-controlplane-api.adoc[managing Serverless clusters], configuring RBAC in xref:manage:api/cloud-byoc-controlplane-api.adoc#manage-rbac[BYOC], xref:manage:api/cloud-serverless-controlplane-api.adoc#manage-rbac[Serverless], and xref:manage:api/cloud-dedicated-controlplane-api.adoc#manage-rbac[Dedicated] clusters, and xref:manage:api/cloud-dataplane-api.adoc#use-redpanda-connect[using Redpanda Connect]. 
+
+To get started, try the xref:manage:api/cloud-api-quickstart.adoc[Cloud API Quickstart], or see the full xref:api:ROOT:cloud-controlplane-api.adoc[Control Plane API] and xref:api:ROOT:cloud-dataplane-api.adoc[Data Plane API] reference documentation.
+
 === Support for additional regions
 
 xref:reference:tiers/byoc-tiers.adoc#byoc-supported-regions[BYOC clusters] on GCP now support the europe-southwest1 (Madrid) region.

modules/manage/pages/api/cloud-api-authentication.adoc

@@ -3,7 +3,6 @@
 :page-aliases: deploy:deployment-option/cloud/api/cloud-api-authentication.adoc
 :page-api: cloud
 :page-api-slot: auth
-:page-beta: true
 
 The Cloud API uses the Client Credentials Flow as defined in https://datatracker.ietf.org/doc/html/rfc6749#section-4.4O[Auth 2.0 RFC 6749, section 4.4^]. In Redpanda Cloud, you must first create a *service account* through which you can authenticate requests to the Cloud API. The service account is associated with your Redpanda Cloud organization. The service account acts as an OAuth 2.0 client that provides its credentials (client ID and client secret) to the API authentication server. The authentication server grants an access token in return. You can then include the access token in each request to the API.