Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔌 Plugin: Not able to show custom plugin to in admin page drop down #1522

Open
2 tasks done
ravimandalasapient opened this issue Apr 18, 2024 · 12 comments
Open
2 tasks done

🔌 Plugin: Not able to show custom plugin to in admin page drop down #1522

ravimandalasapient opened this issue Apr 18, 2024 · 12 comments
Labels
jira kind/bug Something isn't working status/triage

Comments

@ravimandalasapient
Copy link

ravimandalasapient commented Apr 18, 2024
edited by invincibleJai
Loading

🔖 Summary

I have added permission in app-config.yaml and enable the permission framework. But still, not showing custom plugin admin page plugin dropdown.Please let me know if anything i can add to enable that.
access-demo is my plugin id.

permission:
  enabled: true
  rbac:
    #policies-csv-file: ../../examples/rbac-policy.csv
    pluginsWithPermission:
        - acccess-demo

🌐 Project website (if applicable)

No response

✌️ Context

No response

👀 Have you spent some time to check if this plugin request has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

None
@github-actions github-actions bot added the jira label Apr 18, 2024
@invincibleJai
Copy link
Member

@ravimandalasapient thanks for reporting the issue, i have below initial observations

  • the indentation in config provided seems wrong, this should be as below
permission:
  enabled: true
  rbac:
    pluginsWithPermission:
      - kubernetes
      - jenkins
      - <plugin_id>
    admin:
      users:
        - name: user:default/<user-name>

  • Can you also provide the version of rbac plugin , backstage version, or any other version which would be useful?

  • What is acccess-demo ? is it a plugin ID? can you provide the GH or npm link for this?

@ravimandalasapient
Copy link
Author

ravimandalasapient commented Apr 18, 2024
edited
Loading

@invincibleJai Rbac plugin version is latest one.i.e 1.17.5.
acccess-demo is my custom plugin id(created front end & backend)

Indentation correct only.May be copy paste problem.

permission:
enabled: true
rbac:
#policies-csv-file: ../../examples/rbac-policy.csv
pluginsWithPermission:
- acccess-demo
admin:
users:
- name: user:default/ravimandalasapient
- name: group:default/admins

   policies-csv-file: C:\Users\ravmanda1\NEOM\Projects\test-rbac-feature\cie-poc-developer-portal\examples\rbac-policies.csv

@invincibleJai
Copy link
Member

it's difficult to test/reproduce with plugin that we don't have access to. is it working for other community plugins i.e kubernetes , jenkins etc ?

https://github.com/janus-idp/backstage-plugins/blob/main/plugins/rbac/README.md#installation

@ravimandalasapient
Copy link
Author

@invincibleJai it is not working for any plugin(Kubernetes, Jenkins as well). I created simple plugin and tried.
please, you can create any simple plugin and check.

@invincibleJai
Copy link
Member

@ravimandalasapient i'll try to create a new plugin and test

@PatAKnight / @AndrienkoAleksandr do you see any obvious missing piece here ^^

@PatAKnight
Copy link
Member

I am not seeing any immediate issues, but I will also take a look.

@jasperchui jasperchui added the kind/bug Something isn't working label Apr 18, 2024
@invincibleJai
Copy link
Member

invincibleJai commented Apr 18, 2024
edited
Loading

@ravimandalasapient i did create a new plugin todolist added some permission and verified it and it does work for me.

image

Can check the code here https://github.com/invincibleJai/todo-app-rbac

  • make sure your plugin in enabled and it does define permissions
  • make sure pluginID and route for backend plugins is same and it is used in config as below
permission:
  enabled: true
  rbac:
    pluginsWithPermission:
      - todolist
    policies-csv-file: /Users/jakumar/Workspaces/testBackstage/todo-app-rbac/rbac-policy.csv
    admin:
      users:
        - name: user:default/invincibleJai

Even kubernetes plugin works i needed to enable the plugin and update the config

Hope this could be helpful for you to figure out what wrong with your config or plugin.

@ravimandalasapient
Copy link
Author

@invincibleJai thanks a lot! I will look at my config once.
Can you please let me know if any documentation is there for below.

  1. I want to control the custom plugin pages based on plugin permissions which is there in left pane of the layout.is it possible with this plugin?
  2. users and groups are not populating as shown below.
    image
  3. what is the process for database integration.

@invincibleJai
Copy link
Member

@invincibleJai thanks a lot! I will look at my config once. Can you please let me know if any documentation is there for below.

  1. I want to control the custom plugin pages based on plugin permissions which is there in left pane of the layout.is it possible with this plugin?

RBAC only acts as an interface to enable the permission rules defined by the plugin on its own no UI will change unless the plugin handles it to see more about how plugins handle read here https://backstage.io/docs/permissions/frontend-integration

  1. users and groups are not populating as shown below.

Backstage can ingest user and group data directly from GitHub, GitHub Enterprise, GitLab, or an LDAP compatible service. The data is then transformed into Backstage entities and persists to the software catalog

can refer to backstage docs for more info on this

  1. what is the process for database integration.

can refer https://github.com/janus-idp/backstage-plugins/blob/main/plugins/rbac-backend/README.md#configuring-database-storage-for-policies and https://backstage.io/docs/tutorials/configuring-plugin-databases/

@ravimandalasapient
Copy link
Author

Thanks @invincibleJai . I have done 1 & 2 steps successfully. For 3 rd one, i am not able to see any users/groups/roles data in the postgress tables.But if any invoke this end point **http://localhost:7007/api/permission/roles**,i am able to fetch the data.
Where these data is storing?is it in the local files?Please tell me how to access them and externalize to DB.

Thanks for your responses.

@ravimandalasapient
Copy link
Author

@invincibleJai I have one more scenario:
I have added one user (ravi) to group (backstage-group) and assigned this group to one role my_role.But in this case,ravi is not able see the plugin page even if that role has permission.
But if assign my_role to directly to user ravi then ravi is able to see that plugin page.
Why group level access permissions are not working?

@ravimandalasapient
Copy link
Author

@invincibleJai @PatAKnight

I am observing one issue with create a role, its permissions for the particular plugin and assigned to user with RBAC plugin UI which is using rest internally. When i try to login with that user,i will not be able to see that plugin. But
if upload these details using policy plugin then that user is able to see that plugin.
Is there any extra configurations are required to make rbac rest also works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
jira kind/bug Something isn't working status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@invincibleJai @jasperchui @ravimandalasapient @PatAKnight