1.33.3 • Published 11 months ago

@oandriie/plugin-rbac v1.33.3

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
11 months ago

RBAC frontend plugin for Backstage

The RBAC UI plugin offers a streamlined user interface for effectively managing permissions in your Backstage instance. It allows you to assign permissions to users and groups, empowering them to view, create, modify and delete Roles, provided they have the necessary permissions.

For administrators

Installation

Installing as a dynamic plugin?

The sections below are relevant for static plugins. If the plugin is expected to be installed as a dynamic one:

Prerequisites

Follow the RBAC backend plugin README to integrate rbac in your Backstage instance.

NOTE

  • For non-admin users, to enable create/edit role button on Administration -> RBAC roles list page, the role associated with your user should have the following permission policies associated with it. Add the following in your permission policies configuration file:
p, role:default/team_a, catalog-entity, read, allow
p, role:default/team_a, policy-entity, read, allow
p, role:default/team_a, policy-entity, create, allow
g, user:default/<login-id/user-name>, role:default/team_a

Note: Make sure required users/groups are available in catalog as a role cannot be created without users/groups.

Note: Even after ingesting users/groups in catalog and applying above permissions if the create/edit button is still disabled then please contact your administrator as you might be conditionally restricted from accessing the create/edit button.

  • To fetch the permissions from other plugins like Kubernetes and Jenkins in the Role Form as mentioned here, add the following configuration in your app-config.yaml:
permission:
  enabled: true
  rbac:
    pluginsWithPermission:
      - kubernetes
      - jenkins
    admin:
      users:
        - name: user:default/<user-name>

Procedure

  1. Install the RBAC UI plugin executing the following command from the Backstage root directory :

    yarn workspace app add @oandriie/plugin-rbac

  2. Add Route in packages/app/src/App.tsx:

    /* highlight-add-next-line */
import { RbacPage } from '@oandriie/plugin-rbac';

<Route path="/rbac" element={<RbacPage />} />;

  3. Add Administration Sidebar Item in packages/app/src/components/Root/Root.tsx:

    /* highlight-add-next-line */
import { Administration } from '@oandriie/plugin-rbac';

export const Root = ({ children }: PropsWithChildren<{}>) => (
  <SidebarPage>
    <Sidebar>
      ...
      <Administration />
      ...
    </Sidebar>
  </SidebarPage>
);

  4. For users with vanilla backstage instance, would need to integrate Auth in to the instance:

    • # see https://backstage.io/docs/auth/ to learn about auth providers
environment: development
providers:
   # Plugin: GitHub
   github:
      development:
      clientId: ${GITHUB_BUCKET_CLIENT_ID}
      clientSecret: ${GITHUB_BUCKET_SECRET}
   # Plugin: BitBucket
   bitbucket:
      development:
      clientId: ${BIT_BUCKET_CLIENT_ID}
      clientSecret: ${BIT_BUCKET_SECRET}
   ...

    • Integrate the SignIn component to be able to sign-in to the Backstage instance.

support:productionlifecycle:activebackstageplugin
@oandriie/plugin-rbac-common@backstage/catalog-model@backstage/core-components@backstage/core-plugin-api@backstage/plugin-catalog@backstage/plugin-catalog-common@backstage/plugin-permission-common@backstage/plugin-permission-react@backstage/theme@janus-idp/shared-react@mui/icons-material@mui/material@mui/styles@rjsf/core@rjsf/mui@rjsf/utils@rjsf/validator-ajv8autosuggest-highlightformikreact-useyup
1.33.3

11 months ago