rpk: fix rpk security acl user (#474)

Co-authored-by: Paulo Borges <[email protected]>

modules/ROOT/nav.adoc

@@ -391,18 +391,18 @@
 ***** xref:reference:rpk/rpk-security/rpk-security-acl-create.adoc[]
 ***** xref:reference:rpk/rpk-security/rpk-security-acl-delete.adoc[]
 ***** xref:reference:rpk/rpk-security/rpk-security-acl-list.adoc[]
-***** xref:reference:rpk/rpk-security/rpk-security-acl-user.adoc[]
-****** xref:reference:rpk/rpk-security/rpk-security-acl-user-create.adoc[]
-****** xref:reference:rpk/rpk-security/rpk-security-acl-user-delete.adoc[]
-****** xref:reference:rpk/rpk-security/rpk-security-acl-user-update.adoc[]
-****** xref:reference:rpk/rpk-security/rpk-security-acl-user-list.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-assign.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-create.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-delete.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-describe.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-list.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role-unassign.adoc[]
 **** xref:reference:rpk/rpk-security/rpk-security-role.adoc[]
+**** xref:reference:rpk/rpk-security/rpk-security-user.adoc[]
+***** xref:reference:rpk/rpk-security/rpk-security-user-create.adoc[]
+***** xref:reference:rpk/rpk-security/rpk-security-user-delete.adoc[]
+***** xref:reference:rpk/rpk-security/rpk-security-user-update.adoc[]
+***** xref:reference:rpk/rpk-security/rpk-security-user-list.adoc[]
 *** xref:reference:rpk/rpk-topic/rpk-topic.adoc[]
 **** xref:reference:rpk/rpk-topic/rpk-topic-add-partitions.adoc[]
 **** xref:reference:rpk/rpk-topic/rpk-topic-alter-config.adoc[]

modules/deploy/pages/deployment-option/cloud/cloud-overview.adoc

@@ -244,7 +244,7 @@ Redpanda Cloud does not support the following self-hosted functionality:
 - Admin API
 - The following `rpk` commands (which use the Admin API):
 
-** `rpk security acl user`
+** `rpk security user`
 ** `rpk cluster health`
 ** `rpk cluster config`
 ** `rpk cluster license`

modules/deploy/pages/deployment-option/cloud/serverless.adoc

@@ -52,7 +52,7 @@ Similar to Dedicated and BYOC clusters, you can interact with your Serverless cl
 * xref:reference:rpk/rpk-cloud/rpk-cloud-login.adoc[`rpk cloud login`]: Use this to log in to Redpanda Cloud or to refresh the session.
 * xref:reference:rpk/rpk-topic.adoc[`rpk topic`]: Use this to manage topics, produce data, and consume data. 
 * xref:reference:rpk/rpk-profile/rpk-profile-print.adoc[`rpk profile print`]: Use this to view your `rpk` configuration and see the URL for your Serverless cluster.
-* xref:reference:rpk/rpk-acl/rpk-acl-user.adoc[`rpk security acl user`]: Use this to manage users and permissions. 
+* xref:reference:rpk/rpk-security/rpk-security-user.adoc[`rpk security user`]: Use this to manage users and permissions. 
 
 Alternatively, in the Redpanda Cloud UI, you can navigate to the *Topics* page and open the `hello-world` topic to see the included messages. Under the *Actions* dropdown, you can produce messages to it. Add team members and grant them access with ACLs on the *Security* page. 
 

modules/deploy/partials/kubernetes/guides/create-user.adoc

@@ -9,7 +9,7 @@ TIP: As a security best practice, you should use the superuser only to grant per
 [,bash]
 ----
 kubectl --namespace <namespace> exec -ti redpanda-0 -c redpanda -- \
-rpk security acl user create redpanda-twitch-account \
+rpk security user create redpanda-twitch-account \
 -p changethispassword
 ----
 +

modules/get-started/pages/broker-admin.adoc

@@ -17,17 +17,17 @@ To determine whether a command needs the `-X brokers` flag or the `-X admin.host
 * Broker addresses are required for communicating with the Kafka API.
 Provide these addresses by using the `-X brokers` flag for commands related to Kafka broker tasks; for example, xref:reference:rpk/rpk-topic/rpk-topic-create.adoc[`rpk topic create`], xref:reference:rpk/rpk-topic/rpk-topic-produce.adoc[`rpk topic produce`], and xref:reference:rpk/rpk-topic/rpk-topic-consume.adoc[`rpk topic consume`].
 * Admin API addresses are required for communicating with the Admin API.
-Provide these addresses by using the `—-api-urls` flag for commands related to cluster or user tasks; for example, xref:reference:rpk/rpk-cluster/rpk-cluster-health.adoc[`rpk cluster health`], xref:reference:rpk/rpk-cluster/rpk-cluster-maintenance.adoc[`rpk cluster maintenance enable <node_id>`], and xref:reference:rpk/rpk-acl/rpk-acl-user.adoc[`rpk security acl user`]. Note that xref:reference:rpk/rpk-cluster/rpk-cluster-metadata.adoc[`rpk cluster info`] is an exception to this rule, since it requires the `-X brokers` flag.
+Provide these addresses by using the `—-api-urls` flag for commands related to cluster or user tasks; for example, xref:reference:rpk/rpk-cluster/rpk-cluster-health.adoc[`rpk cluster health`], xref:reference:rpk/rpk-cluster/rpk-cluster-maintenance.adoc[`rpk cluster maintenance enable <node_id>`], and xref:reference:rpk/rpk-security/rpk-security-user.adoc[`rpk security user`]. Note that xref:reference:rpk/rpk-cluster/rpk-cluster-metadata.adoc[`rpk cluster info`] is an exception to this rule, since it requires the `-X brokers` flag.
 
 The following table shows which `rpk` commands require the `-X brokers` flag, which require the `-X admin.hosts` or `--hosts` flag, and which don't require either flag.
 
 |===
 | Command | Address flag required
 
-| `rpk security acl` (all except `rpk security acl user`)
+| `rpk security acl`
 | `-X brokers`
 
-| `rpk security acl user`
+| `rpk security user`
 | `-X admin.hosts`
 
 | `rpk cloud`

modules/manage/pages/security/authorization/acl.adoc

@@ -207,7 +207,7 @@ For example, to create a user:
 
 [,bash]
 ----
-rpk security acl user create Jack \
+rpk security user create Jack \
 --password '<password>' \
 -X admin.hosts=localhost:9644
 ----
@@ -446,7 +446,7 @@ This command manages the SCRAM users. If SASL is enabled, a SCRAM user talks to
 
 [,bash]
 ----
-rpk security acl user [command] [globalACLFlags] [globalUserFlags]
+rpk security user [command] [globalACLFlags] [globalUserFlags]
 ----
 
 Following are the available global user flags:
@@ -473,7 +473,7 @@ To create a SASL/SCRAM user, run:
 
 [,bash]
 ----
-rpk security acl user create [user] -p [password] [globalACLFlags] [globalUserFlags] [localFlags]
+rpk security user create [user] -p [password] [globalACLFlags] [globalUserFlags] [localFlags]
 ----
 
 Here are the local flags:
@@ -494,7 +494,7 @@ This command deletes the specified SASL account from Redpanda. This does not del
 
 [,bash]
 ----
-rpk security acl user delete [USER] [globalACLFlags] [globalUserFlags]
+rpk security user delete [USER] [globalACLFlags] [globalUserFlags]
 ----
 
 === User list
@@ -503,7 +503,7 @@ This command lists SASL users.
 
 [,bash]
 ----
-rpk security acl user list [globalACLFlags] [globalUserFlags]
+rpk security user list [globalACLFlags] [globalUserFlags]
 ----
 
 You can also use the shortened version changing `list` to `ls`.

modules/manage/partials/authentication.adoc

@@ -389,7 +389,7 @@ This can be a new user or an existing user. For example, if you use the superuse
 +
 [,bash]
 ----
-rpk security acl user create <superuser-username> \
+rpk security user create <superuser-username> \
   -p '<superuser-password>' \
   --mechanism=<superuser-authentication-mechanism> \
   -X admin.hosts=localhost:9644
@@ -557,11 +557,11 @@ When you have SASL authentication enabled for your Redpanda cluster, you can cre
 
 By default, SCRAM users don't have any permissions in the cluster. Only superusers can grant permissions to new users through ACLs.
 
-. To create the SCRAM user `myuser` with a password `changethispassword`, run xref:reference:rpk/rpk-acl/rpk-acl-user-create.adoc[`rpk security acl user create`]:
+. To create the SCRAM user `<my-user>` with a password `<change-this-password>`, run xref:reference:rpk/rpk-security/rpk-security-user-create.adoc[`rpk security user create`]:
 +
 ```bash
-rpk security acl user create myuser \
-  -p 'changethispassword' \
+rpk security user create <my-user> \
+  -p '<change-this-password>' \
   --mechanism SCRAM-SHA-256
 ```
 +
@@ -1192,7 +1192,7 @@ Before you can enable basic authentication for these HTTP APIs, you must <<sasl,
 * *HTTP Proxy*: Access to the Kafka API impersonates the user whose credentials were used to authenticate to HTTP Proxy, and the user is subject to authorization restrictions by Redpanda ACLs. To support this design, Redpanda passes the username/password in memory to a SASL-enabled Kafka client.
 * *Schema Registry*: Authorization is "all or nothing": if the user presents a valid user account, then they have full read/write access.
 
-To add users to the Redpanda credential store that HTTP basic authentication uses, create users with xref:reference:rpk/rpk-acl/rpk-acl-user-create.adoc[`rpk security acl user create`].
+To add users to the Redpanda credential store that HTTP basic authentication uses, create users with xref:reference:rpk/rpk-acl/rpk-acl-user-create.adoc[`rpk security user create`].
 
 ifdef::env-kubernetes[]
 When you <<enable-authentication, enable authentication>> in the Redpanda Helm chart, the Schema Registry API and the HTTP Proxy API are configured with basic authentication by default.

modules/reference/pages/rpk/rpk-security/rpk-security-acl-user-create.adoc → modules/reference/pages/rpk/rpk-security/rpk-security-user-create.adoc

@@ -1,5 +1,5 @@
-= rpk security acl user create
-:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-create.adoc
+= rpk security user create
+:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-create.adoc, reference:rpk/rpk-security/rpk-security-acl-user-create.adoc
 
 Create a SASL user.
 
@@ -20,7 +20,7 @@ acl help text for more info.
 
 [,bash]
 ----
-rpk security acl user create [USER] -p [PASS] [flags]
+rpk security user create [USER] -p [PASS] [flags]
 ----
 
 == Flags

modules/reference/pages/rpk/rpk-security/rpk-security-acl-user-delete.adoc → modules/reference/pages/rpk/rpk-security/rpk-security-user-delete.adoc

@@ -1,5 +1,5 @@
-= rpk security acl user delete
-:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-delete.adoc
+= rpk security user delete
+:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-delete.adoc, reference:rpk/rpk-security/rpk-security-acl-user-delete.adoc
 
 Delete a SASL user.
 
@@ -10,7 +10,7 @@ delete any ACLs that may exist for this user.
 
 [,bash]
 ----
-rpk security acl user delete [USER] [flags]
+rpk security user delete [USER] [flags]
 ----
 
 == Flags

modules/reference/pages/rpk/rpk-security/rpk-security-acl-user-list.adoc → modules/reference/pages/rpk/rpk-security/rpk-security-user-list.adoc

@@ -1,13 +1,13 @@
-= rpk security acl user list
-:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-list.adoc
+= rpk security user list
+:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-list.adoc, reference:rpk/rpk-security/rpk-security-acl-user-list.adoc
 
 List SASL users.
 
 == Usage
 
 [,bash]
 ----
-rpk security acl user list [flags]
+rpk security user list [flags]
 ----
 
 == Aliases

modules/reference/pages/rpk/rpk-security/rpk-security-acl-user-update.adoc → modules/reference/pages/rpk/rpk-security/rpk-security-user-update.adoc

@@ -1,13 +1,13 @@
-= rpk security acl user update
-:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-update.adoc
+= rpk security user update
+:page-aliases: reference:rpk/rpk-acl/rpk-acl-user-update.adoc, reference:rpk/rpk-security/rpk-security-acl-user-update.adoc
 
 Update SASL user credentials
 
 == Usage
 
 [,bash]
 ----
-rpk security acl user update [USER] --new-password [PW] [flags]
+rpk security user update [USER] --new-password [PW] [flags]
 ----
 
 == Flags

modules/reference/pages/rpk/rpk-security/rpk-security-acl-user.adoc → modules/reference/pages/rpk/rpk-security/rpk-security-user.adoc

@@ -1,19 +1,19 @@
-= rpk security acl user
-:page-aliases: reference:rpk/rpk-acl/rpk-acl-user.adoc
+= rpk security user
+:page-aliases: reference:rpk/rpk-acl/rpk-acl-user.adoc, reference:rpk/rpk-security/rpk-security-acl-user.adoc
 
 Manage SCRAM users.
 
 If SCRAM is enabled, a SCRAM user is what you use to talk to Redpanda, and ACLs
 control what your user has access to. See `rpk security acl --help` for more information
-about ACLs, and `rpk security acl user create --help` for more information about
+about ACLs, and `rpk security user create --help` for more information about
 creating SCRAM users. Using SCRAM requires setting `kafka_enable_authorization: true` and `authentication_method: sasl` in the
 redpanda section of your `redpanda.yaml`, and setting `sasl_mechanisms` with `SCRAM` for your Redpanda cluster.
 
 == Usage
 
 [,bash]
 ----
-rpk security acl user [command] [flags]
+rpk security user [command] [flags]
 ----
 
 == Flags