jrtaylorJH
commented
6 months ago @ivangonzalezacuna Just wanted to bring you in on this as the plugin author to see if you have any thoughts!
Closed jrtaylorJH closed 1 month ago
jrtaylorJH
commented
6 months ago @ivangonzalezacuna Just wanted to bring you in on this as the plugin author to see if you have any thoughts!
ivangonzalezacuna
commented
5 months ago Hey @jrtaylorJH. Yes, the permissions topic was something we have thought about when designing this plugin, but we decided not to do it at that time because because it would make it much complicated, and honestly, my experience with the permissions was a bit limited by then :smile: Having, at least, a tiny conditional permission to allow getting the data whether you're the owner or not sounds like a nice thing to have, honestly. Feel free to give it a try if you like, I'm not sure if I'll have the time to work on it at the moment, but I'm happy to review it afterwards. If it helps as inspiration, we've also implemented a more complex permission framework in another plugin we own in the company: https://github.com/spreadshirt/backstage-plugin-s3, might be helpful to see a real example apart from the docs
jrtaylorJH
commented
5 months ago @ivangonzalezacuna I'll definitely see what I can do about contributing to it in the coming weeks. I'm a complete novice to the permissions framework, so based on it sounding like it may have been a complex implementation when designing the plugin I'll be curious to see if I can make it work. Thank you for the response!
vinzscam
commented
5 months ago It isn't that hard @jrtaylorJH if you want to try and we are happy to support you. There is also a possibility to reuse all the conditional rules exposed by catalog, so that you don't have to re-implement them. Essentially this is all you have to do π
jrtaylorJH
commented
5 months ago @vinzscam Started taking a look, not having a lot of luck given the permission system docs are out of date for the new backend system, but I'm trying to grok your code there all the way bottom to top and see if I can get it in there
github-actions[bot]
commented
2 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Plugin Name
Vault
π Feature description
I would like to be able to control who is able to view the Vault entity card associated with relevant components in the service catalog by adding support for the permissions framework to the Vault plugin.
π€ Context
As a Backstage administrator, I would like to be able to show Vault secrets for items in the Service Catalog only to the owners of the component. It is generally considered best practice that this potentially sensitive information would be shown on a need-to-know basis and in line with security recommendations.
βοΈ Possible Implementation
https://backstage.io/docs/permissions/plugin-authors/02-adding-a-basic-permission-check
I believe this is a relatively well-trodden path with a clear implementation guide courtesy of Backstage.
I hope to find time to explore adding the framework integration myself, but in the meantime I hope for this issue to serve as a spot to track and discuss.
π Have you spent some time to check if this feature request has been raised before?
π’ Have you read the Code of Conduct?
Are you willing to submit PR?
Yes I am willing to submit a PR!