v3-breaking-changes.adoc

• Authentication and authorization changes:

  • The plain login provider has been removed. Use a Redpanda SASL/SCRAM user with user impersonation instead.

  • You can no longer use group-based authorization with OIDC.

    Authorization is now handled directly by Redpanda using RBAC. Roles have become the primary primitive for access management, allowing you to define granular permissions for actions such as managing topics, clusters, and more within Redpanda Console.

  • The login stanza in the configuration file has been renamed to authentication.

  • The login.jwtSecret field in the configuration file has been renamed to authentication.jwtSigningSecret to reflect its purpose more accurately.

  • Role bindings are no longer configured in a separate file. Use the authorization.roleBindings stanza instead.

• Other changes:

  • The schemaRegistry stanza has been removed from the kafka stanza. Use the top-level schemaRegistry stanza instead.

  • kafka.protobuf, kafka.cbor, and kafka.messagePack are now all under a top-level serde stanza.

  • kafka.protobuf.schemaRegistry has been deprecated. Use the top-level schemaRegistry stanza instead.

  • connect has been renamed to kafkaConnect to avoid ambiguity with Redpanda Connect.

  • console.maxDeserializationPayloadSize has been moved into the new serde stanza.