Remove token structure examples from Cloud GBAC docs

[micheleRP]

Summary

• Wraps the "Token structure examples" section in ifndef::env-cloud[] in the gbac-token-claim-extraction.adoc partial
• This removes from Cloud docs: flat group values, nested claim, path-style group names, and CSV-formatted group claim examples
• Cloud users still see the SSO connection configuration instructions for setting up group claim extraction through the Cloud UI

Why

The token structure examples reference cluster properties (oidc_group_claim_path, nested_group_behavior) that Cloud users don't configure directly. This content is confusing for Cloud customers, who configure group claim extraction through SSO connection settings in the Cloud UI.

Preview pages

Self-managed (unchanged — examples still present)

• GBAC (self-managed)

Cloud (changed — examples removed)

• GBAC in the Data Plane
• GBAC in the Control Plane

Cloud preview via companion PR: redpanda-data/cloud-docs#553 (⚠️ close after merge)

Test plan

• Verify Cloud GBAC data plane page no longer shows "Token structure examples" section
• Verify Cloud GBAC control plane page no longer shows "Token structure examples" section
• Verify self-managed GBAC page still shows all token structure examples

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Name	Link
🔨 Latest commit	4bc68f4
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/69dea05d81ea2d0008910049
😎 Deploy Preview	https://deploy-preview-1669--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5c04ff35-ba74-4ef3-a826-661d4db1803c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The documentation file for GBAC token claim extraction was updated to conditionally exclude the "Token structure examples" section from cloud environment builds. An ifndef::env-cloud[] directive was added before the examples block, preventing this content from appearing in the generated documentation when building for cloud deployments. The example content itself remains unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• sago2k8
• kbatuigas
• treevon

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: wrapping the token structure examples section in a conditional block to exclude it from Cloud documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description follows the template structure with all key sections completed: a clear summary, rationale, preview pages for both Cloud and self-managed versions, test plan items, and proper context.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/remove-token-examples-from-cloud-gbac

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

modules/manage/partials/gbac-token-claim-extraction.adoc (1)

56-67: Remove redundant nested ifndef::env-cloud[] inside already gated block.

Since Line 24 already gates the full section for non-Cloud builds, the inner ifndef::env-cloud[] block adds unnecessary nesting.

♻️ Suggested simplification

-// Not supported in Cloud
-ifndef::env-cloud[]
 ==== Path-style group names with suffix extraction

 When xref:reference:properties/cluster-properties.adoc#nested_group_behavior[`nested_group_behavior`] is set to `suffix`, Redpanda maps the last path segment to principals `Group:platform` and `Group:infra`.

 [,json]
 ----
 {"groups": ["/departments/eng/platform", "/departments/eng/infra"]}
 ----
-endif::[]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/manage/partials/gbac-token-claim-extraction.adoc` around lines 56 -
67, The inner conditional block `ifndef::env-cloud[]` is redundant because the
whole section is already gated for non-Cloud builds; remove the nested
`ifndef::env-cloud[]`/`endif::[]` wrapper around the "Path-style group names
with suffix extraction" subsection so the header, the `nested_group_behavior`
reference, and the JSON example (["/departments/eng/platform",
"/departments/eng/infra"]) remain directly inside the outer non-Cloud guard;
ensure only the outer guard remains so the subsection renders unchanged for
non-Cloud builds.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@modules/manage/partials/gbac-token-claim-extraction.adoc`:
- Around line 56-67: The inner conditional block `ifndef::env-cloud[]` is
redundant because the whole section is already gated for non-Cloud builds;
remove the nested `ifndef::env-cloud[]`/`endif::[]` wrapper around the
"Path-style group names with suffix extraction" subsection so the header, the
`nested_group_behavior` reference, and the JSON example
(["/departments/eng/platform", "/departments/eng/infra"]) remain directly inside
the outer non-Cloud guard; ensure only the outer guard remains so the subsection
renders unchanged for non-Cloud builds.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a385140c-be06-4782-8ed2-c97e3f3e07e1

📥 Commits

Reviewing files that changed from the base of the PR and between 1d14295 and e8cc571.

📒 Files selected for processing (1)

• modules/manage/partials/gbac-token-claim-extraction.adoc