From 6e71e63362216b8b735df5edc0d0bf4b718481d3 Mon Sep 17 00:00:00 2001 From: Dominika Zemanovicova Date: Thu, 19 Dec 2024 15:02:23 +0100 Subject: [PATCH 1/5] Introduce pluginsWithPermission information Signed-off-by: Dominika Zemanovicova --- .../rbac/plugins/rbac-backend/README.md | 22 +++++++++++++++++++ workspaces/rbac/plugins/rbac/README.md | 22 +++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/workspaces/rbac/plugins/rbac-backend/README.md b/workspaces/rbac/plugins/rbac-backend/README.md index a744c4b0e9..1588a644bb 100644 --- a/workspaces/rbac/plugins/rbac-backend/README.md +++ b/workspaces/rbac/plugins/rbac-backend/README.md @@ -85,6 +85,28 @@ permission: For more information on the available API endpoints accessible to the policy administrators, refer to the [API documentation](./docs/apis.md). +### Configure plugins with permission + +In order for the RBAC UI to display available permissions provided by installed plugins, the corresponding +plugin IDs must be added to the `app-config.yaml`. + +You can specify the plugins with permission in your application configuration as follows: + +```YAML +permission: + enabled: true + rbac: + pluginsWithPermission: + - catalog + - scaffolder + admin: + users: + - name: user:default/alice + - name: group:default/admins +``` + +For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](./docs/permissions.md). + ### Configuring policies via file The RBAC plugin also allows you to import policies from an external file. These policies are defined in the [Casbin rules format](https://casbin.org/docs/category/the-basics), known for its simplicity and clarity. For a quick start, please refer to the format details in the provided link. diff --git a/workspaces/rbac/plugins/rbac/README.md b/workspaces/rbac/plugins/rbac/README.md index 90dac8ca88..f8ffd45761 100644 --- a/workspaces/rbac/plugins/rbac/README.md +++ b/workspaces/rbac/plugins/rbac/README.md @@ -104,3 +104,25 @@ permission: ``` - Integrate the [`SignIn`](https://backstage.io/docs/auth/#sign-in-configuration) component to be able to sign-in to the Backstage instance. + +### Configure plugins with permission + +In order for the RBAC UI to display available permissions provided by installed plugins, the corresponding +plugin IDs must be added to the `app-config.yaml`. + +You can specify the plugins with permission in your application configuration as follows: + +```YAML +permission: + enabled: true + rbac: + admin: + users: + - name: user:default/alice + - name: group:default/admins + pluginsWithPermission: + - catalog + - scaffolder +``` + +For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](../rbac-backend/docs/permissions.md). From 5540c3d565fc17575fbd6d47324fc4cbfac942ea Mon Sep 17 00:00:00 2001 From: Dominika Zemanovicova Date: Thu, 19 Dec 2024 15:10:30 +0100 Subject: [PATCH 2/5] Add changeset Signed-off-by: Dominika Zemanovicova --- workspaces/rbac/.changeset/orange-kings-invite.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 workspaces/rbac/.changeset/orange-kings-invite.md diff --git a/workspaces/rbac/.changeset/orange-kings-invite.md b/workspaces/rbac/.changeset/orange-kings-invite.md new file mode 100644 index 0000000000..edade7a5c5 --- /dev/null +++ b/workspaces/rbac/.changeset/orange-kings-invite.md @@ -0,0 +1,6 @@ +--- +'@backstage-community/plugin-rbac-backend': patch +'@backstage-community/plugin-rbac': patch +--- + +Update documentation information about `pluginsWithPermission` setting. In order for the RBAC UI to display available permissions provided by installed plugins, this setting needs to be configured. From e30914a1c8f99cf36d9f11eca8d301e0aa88a0f6 Mon Sep 17 00:00:00 2001 From: Dominika Zemanovicova Date: Fri, 20 Dec 2024 10:11:46 +0100 Subject: [PATCH 3/5] Use active voice Signed-off-by: Dominika Zemanovicova --- workspaces/rbac/plugins/rbac-backend/README.md | 4 ++-- workspaces/rbac/plugins/rbac/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/workspaces/rbac/plugins/rbac-backend/README.md b/workspaces/rbac/plugins/rbac-backend/README.md index 1588a644bb..42311e5d8e 100644 --- a/workspaces/rbac/plugins/rbac-backend/README.md +++ b/workspaces/rbac/plugins/rbac-backend/README.md @@ -87,8 +87,8 @@ For more information on the available API endpoints accessible to the policy adm ### Configure plugins with permission -In order for the RBAC UI to display available permissions provided by installed plugins, the corresponding -plugin IDs must be added to the `app-config.yaml`. +In order for the RBAC UI to display available permissions provided by installed plugins, add the corresponding +plugin IDs to the `app-config.yaml`. You can specify the plugins with permission in your application configuration as follows: diff --git a/workspaces/rbac/plugins/rbac/README.md b/workspaces/rbac/plugins/rbac/README.md index f8ffd45761..ec8be4e043 100644 --- a/workspaces/rbac/plugins/rbac/README.md +++ b/workspaces/rbac/plugins/rbac/README.md @@ -107,8 +107,8 @@ permission: ### Configure plugins with permission -In order for the RBAC UI to display available permissions provided by installed plugins, the corresponding -plugin IDs must be added to the `app-config.yaml`. +In order for the RBAC UI to display available permissions provided by installed plugins, add the corresponding +plugin IDs to the `app-config.yaml`. You can specify the plugins with permission in your application configuration as follows: From 822a60374a5ca85ca8d07e106086a719aa037e91 Mon Sep 17 00:00:00 2001 From: Dominika Zemanovicova Date: Fri, 20 Dec 2024 13:30:36 +0100 Subject: [PATCH 4/5] Add plugin permission Signed-off-by: Dominika Zemanovicova --- workspaces/rbac/plugins/rbac-backend/README.md | 1 + workspaces/rbac/plugins/rbac/README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/workspaces/rbac/plugins/rbac-backend/README.md b/workspaces/rbac/plugins/rbac-backend/README.md index 42311e5d8e..fb1c72bd6e 100644 --- a/workspaces/rbac/plugins/rbac-backend/README.md +++ b/workspaces/rbac/plugins/rbac-backend/README.md @@ -99,6 +99,7 @@ permission: pluginsWithPermission: - catalog - scaffolder + - permission admin: users: - name: user:default/alice diff --git a/workspaces/rbac/plugins/rbac/README.md b/workspaces/rbac/plugins/rbac/README.md index ec8be4e043..a621096ee6 100644 --- a/workspaces/rbac/plugins/rbac/README.md +++ b/workspaces/rbac/plugins/rbac/README.md @@ -123,6 +123,7 @@ permission: pluginsWithPermission: - catalog - scaffolder + - permission ``` For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](../rbac-backend/docs/permissions.md). From 7f7c4a9499a9471574bd996085c8908ee37fddc6 Mon Sep 17 00:00:00 2001 From: Dominika Zemanovicova Date: Fri, 3 Jan 2025 09:59:42 +0100 Subject: [PATCH 5/5] Remove product mentions Co-authored-by: Signed-off-by: Dominika Zemanovicova --- workspaces/rbac/plugins/rbac-backend/README.md | 4 ++-- workspaces/rbac/plugins/rbac/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/workspaces/rbac/plugins/rbac-backend/README.md b/workspaces/rbac/plugins/rbac-backend/README.md index fb1c72bd6e..967b1c67bd 100644 --- a/workspaces/rbac/plugins/rbac-backend/README.md +++ b/workspaces/rbac/plugins/rbac-backend/README.md @@ -106,7 +106,7 @@ permission: - name: group:default/admins ``` -For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](./docs/permissions.md). +For more information on the available permissions, refer to the [RBAC permissions documentation](./docs/permissions.md). ### Configuring policies via file @@ -148,7 +148,7 @@ permission: policyFileReload: true ``` -For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](./docs/permissions.md). +For more information on the available permissions, refer to the [RBAC permissions documentation](./docs/permissions.md). We also have a fairly strict validation for permission policies and roles based on the originating role's source information, refer to the [api documentation](./docs/apis.md). diff --git a/workspaces/rbac/plugins/rbac/README.md b/workspaces/rbac/plugins/rbac/README.md index a621096ee6..a554e355dd 100644 --- a/workspaces/rbac/plugins/rbac/README.md +++ b/workspaces/rbac/plugins/rbac/README.md @@ -126,4 +126,4 @@ permission: - permission ``` -For more information on the available permissions within Showcase and RHDH, refer to the [permissions documentation](../rbac-backend/docs/permissions.md). +For more information on the available permissions, refer to the [RBAC permissions documentation](../rbac-backend/docs/permissions.md).