Skip to content

Fix Console migration guide #1076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JakeSCahill merged 2 commits into from
Apr 15, 2025
Merged

Fix Console migration guide #1076

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cf104c9
Rename jwtSigningSecret to jwtSigningKey for clarity in authenticatio…
JakeSCahill Apr 15, 2025
22e9067
Allow more variation in JS filter screenshot
JakeSCahill Apr 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions modules/console/pages/config/security/authentication.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ Here is an example configuration for **runtime acquisition mode**:
[,yaml]
----
authentication:
jwtSigningSecret: "<secret-key>" <1>
jwtSigningKey: "<secret-key>" <1>
useSecureCookies: true <2>
oidc:
enabled: true <3>
Expand All @@ -125,7 +125,7 @@ authentication:
prompt: "consent" <10>
----

<1> `authentication.jwtSigningSecret` (required): The secret key for signing JWTs. Keep it confidential. It must be at least 32 characters long. Use xref:console:config/configure-console.adoc#environment-variables[environment variables] or command-line flags for sensitive data.
<1> `authentication.jwtSigningKey` (required): The secret key for signing JWTs. Keep it confidential. It must be at least 32 characters long. Use xref:console:config/configure-console.adoc#environment-variables[environment variables] or command-line flags for sensitive data.
<2> `authentication.useSecureCookies`: A boolean flag indicating whether session cookies should be marked as secure. This should be set to true in production environments to enforce HTTPS.
<3> `authentication.oidc.enabled` (required): Enables OIDC-based authentication. When enabled, external identity providers can be used for single sign-on.
<4> `authentication.oidc.issuerUrl` (required): The URL of the OIDC identity provider.
Expand All @@ -141,7 +141,7 @@ Here is an example configuration for **static token mode**:
[,yaml]
----
authentication:
jwtSigningSecret: "<secret-key>"
jwtSigningKey: "<secret-key>"
useSecureCookies: true
oidc:
enabled: true
Expand Down Expand Up @@ -175,7 +175,7 @@ authentication:
basic:
enabled: true <3>
----
<1> `authentication.jwtSigningSecret` (required): The secret key for signing JWTs. Keep it confidential. Minimum 32 characters. Use xref:console:config/configure-console.adoc#environment-variables[environment variables] or command-line flags for sensitive data.
<1> `authentication.jwtSigningKey` (required): The secret key for signing JWTs. Keep it confidential. Minimum 32 characters. Use xref:console:config/configure-console.adoc#environment-variables[environment variables] or command-line flags for sensitive data.
<2> `authentication.useSecureCookies`: A boolean flag indicating whether the JWT cookie should be marked as secure. Set to true in production to enforce HTTPS.
<3> `authentication.basic.enabled` (required): Enables or disables basic (username/password) authentication. When enabled, credentials are mapped to SASL-SCRAM for Kafka.

Expand Down
2 changes: 1 addition & 1 deletion modules/get-started/pages/quick-start.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ Suppose you're asked to find all transactions related to the `.edu` domain. You
// (step {"action":"find", "selector": "[data-testid='add-topic-filter-javascript']", "matchText": "JavaScript Filter", "click": true, "timeout": 10000})
. Give your filter a name, such as "Find .edu domains".
// (step {"action":"find", "selector": "[data-testid='add-javascript-filter-name']", "typeKeys": "Find .edu domains", "click": true, "timeout": 10000})
// (step {"action":"saveScreenshot", "path": "js-filter.png", "directory": "../../modules/console/images", "overwrite": "byVariation", "maxVariation": 10})
// (step {"action":"saveScreenshot", "path": "js-filter.png", "directory": "../../modules/console/images", "overwrite": "byVariation", "maxVariation": 30})
+
image::console:js-filter.png[]

Expand Down
4 changes: 2 additions & 2 deletions modules/get-started/pages/release-notes/redpanda.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ See xref:console:config/security/authentication.adoc[] for more information.

* **Authentication and authorization:**
- Renamed the `login` stanza to `authentication`.
- Renamed `login.jwtSecret` to `authentication.jwtSigningSecret`.
- Renamed `login.jwtSecret` to `authentication.jwtSigningKey`.
- Removed the plain login provider.
- OIDC group-based authorization is no longer supported.
- Role bindings must now be configured in the `authorization.roleBindings` stanza (no longer stored in a separate file).
Expand All @@ -52,7 +52,7 @@ See xref:console:config/security/authentication.adoc[] for more information.
- Renamed the `connect` stanza to `kafkaConnect` to avoid ambiguity with Redpanda Connect.

* **Console settings:**
- Moved `console.maxDeserializationPayloadSize` to `serde.console.maxDeserializationPayloadSize`.
- Moved `console.maxDeserializationPayloadSize` to `serde.maxDeserializationPayloadSize`.

*Action required*: xref:upgrade:migrate/console-v3.adoc[].

Expand Down
2 changes: 1 addition & 1 deletion modules/shared/attachments/redpanda-console-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ schemaRegistry:
# Console authentication
#----------------------------------------------------------------------------
authentication:
jwtSigningSecret: "secret-value"
jwtSigningKey: "secret-value"
useSecureCookies: true
# Optionally enable cookie chunking if cookie size is an issue.
# useCookieChunking: false
Expand Down
2 changes: 1 addition & 1 deletion modules/upgrade/pages/deprecated/index.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ See xref:upgrade:migrate/console-v3.adoc[].

| v3.0.0
| `login.jwtSecret`
| The field `login.jwtSecret` has been renamed to `authentication.jwtSigningSecret` to reflect its purpose more accurately.
| The field `login.jwtSecret` has been renamed to `authentication.jwtSigningKey` to reflect its purpose more accurately.

| v3.0.0
| Group-based authorization through OIDC
Expand Down
9 changes: 4 additions & 5 deletions modules/upgrade/pages/migrate/console-v3.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ schemaRegistry:
authentication:
impersonateUser: true
authentication: <2>
jwtSigningSecret: "secret-key"
jwtSigningKey: "secret-key"
useSecureCookies: false
basic:
enabled: true <3>
Expand Down Expand Up @@ -99,7 +99,7 @@ redpanda:
password: "some-other-secret-password"
#bearerToken: "example-bearer-token" # For OAuth2 bearer token
authentication:
jwtSigningSecret: "secret-key"
jwtSigningKey: "secret-key"
useSecureCookies: false
basic:
enabled: true
Expand Down Expand Up @@ -155,7 +155,7 @@ kafka:
enabled: true
impersonateUser: true <1>
authentication: <2>
jwtSigningSecret: "old-google-secret"
jwtSigningKey: "old-google-secret"
useSecureCookies: true
oidc: <3>
enabled: true
Expand Down Expand Up @@ -289,15 +289,14 @@ connect:
[source,yaml,role="no-wrap"]
----
serde:
maxDeserializationPayloadSize: 20480
protobuf:
enabled: false
mappings: []
cbor:
enabled: false
messagePack:
enabled: false
console:
maxDeserializationPayloadSize: 20480
kafkaConnect:
enabled: false
clusters: []
Expand Down
Loading