🔌 Plugin: Not able to show custom plugin to in admin page drop down

[ravimandalasapient]

🔖 Summary

I have added permission in app-config.yaml and enable the permission framework. But still, not showing custom plugin admin page plugin dropdown.Please let me know if anything i can add to enable that. access-demo is my plugin id.

permission:
  enabled: true
  rbac:
    #policies-csv-file: ../../examples/rbac-policy.csv
    pluginsWithPermission:
        - acccess-demo

🌐 Project website (if applicable)

No response

✌️ Context

No response

👀 Have you spent some time to check if this plugin request has been raised before?

• [X] I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• [X] I have read the Contributing Guidelines

Are you willing to submit PR?

None

[invincibleJai]

@ravimandalasapient thanks for reporting the issue, i have below initial observations

• the indentation in config provided seems wrong, this should be as below

permission:
  enabled: true
  rbac:
    pluginsWithPermission:
      - kubernetes
      - jenkins
      - <plugin_id>
    admin:
      users:
        - name: user:default/<user-name>

• Can you also provide the version of rbac plugin , backstage version, or any other version which would be useful?

• What is acccess-demo ? is it a plugin ID? can you provide the GH or npm link for this?

[ravimandalasapient]

@invincibleJai Rbac plugin version is latest one.i.e 1.17.5. acccess-demo is my custom plugin id(created front end & backend)

Indentation correct only.May be copy paste problem.

permission: enabled: true rbac:

policies-csv-file: ../../examples/rbac-policy.csv

 pluginsWithPermission:
    - acccess-demo
 admin:
   users:
    - name: user:default/ravimandalasapient
    - name: group:default/admins

   policies-csv-file: C:\Users\ravmanda1\NEOM\Projects\test-rbac-feature\cie-poc-developer-portal\examples\rbac-policies.csv

[invincibleJai]

it's difficult to test/reproduce with plugin that we don't have access to. is it working for other community plugins i.e kubernetes , jenkins etc ?

https://github.com/janus-idp/backstage-plugins/blob/main/plugins/rbac/README.md#installation

[ravimandalasapient]

@invincibleJai it is not working for any plugin(Kubernetes, Jenkins as well). I created simple plugin and tried. please, you can create any simple plugin and check.

[invincibleJai]

@ravimandalasapient i'll try to create a new plugin and test

@PatAKnight / @AndrienkoAleksandr do you see any obvious missing piece here ^^

[PatAKnight]

I am not seeing any immediate issues, but I will also take a look.

[invincibleJai]

@ravimandalasapient i did create a new plugin todolist added some permission and verified it and it does work for me.

Can check the code here https://github.com/invincibleJai/todo-app-rbac

• make sure your plugin in enabled and it does define permissions
• make sure pluginID and route for backend plugins is same and it is used in config as below

permission:
  enabled: true
  rbac:
    pluginsWithPermission:
      - todolist
    policies-csv-file: /Users/jakumar/Workspaces/testBackstage/todo-app-rbac/rbac-policy.csv
    admin:
      users:
        - name: user:default/invincibleJai

Even kubernetes plugin works i needed to enable the plugin and update the config

Hope this could be helpful for you to figure out what wrong with your config or plugin.

[ravimandalasapient]

@invincibleJai thanks a lot! I will look at my config once. Can you please let me know if any documentation is there for below.

1. I want to control the custom plugin pages based on plugin permissions which is there in left pane of the layout.is it possible with this plugin?
2. users and groups are not populating as shown below.
3. what is the process for database integration.

[invincibleJai]

@invincibleJai thanks a lot! I will look at my config once. Can you please let me know if any documentation is there for below.

1. I want to control the custom plugin pages based on plugin permissions which is there in left pane of the layout.is it possible with this plugin?

RBAC only acts as an interface to enable the permission rules defined by the plugin on its own no UI will change unless the plugin handles it to see more about how plugins handle read here https://backstage.io/docs/permissions/frontend-integration

2. users and groups are not populating as shown below.

Backstage can ingest user and group data directly from GitHub, GitHub Enterprise, GitLab, or an LDAP compatible service. The data is then transformed into Backstage entities and persists to the software catalog

can refer to backstage docs for more info on this

• https://backstage.io/docs/integrations/ldap/org/
• https://backstage.io/docs/integrations/github/org/

3. what is the process for database integration.

can refer https://github.com/janus-idp/backstage-plugins/blob/main/plugins/rbac-backend/README.md#configuring-database-storage-for-policies and https://backstage.io/docs/tutorials/configuring-plugin-databases/

[ravimandalasapient]

Thanks @invincibleJai . I have done 1 & 2 steps successfully. For 3 rd one, i am not able to see any users/groups/roles data in the postgress tables.But if any invoke this end point http://localhost:7007/api/permission/roles,i am able to fetch the data. Where these data is storing?is it in the local files?Please tell me how to access them and externalize to DB.

Thanks for your responses.

[ravimandalasapient]

@invincibleJai I have one more scenario: I have added one user (ravi) to group (backstage-group) and assigned this group to one role my_role.But in this case,ravi is not able see the plugin page even if that role has permission. But if assign my_role to directly to user ravi then ravi is able to see that plugin page. Why group level access permissions are not working?

[ravimandalasapient]

@invincibleJai @PatAKnight

I am observing one issue with create a role, its permissions for the particular plugin and assigned to user with RBAC plugin UI which is using rest internally. When i try to login with that user,i will not be able to see that plugin. But if upload these details using policy plugin then that user is able to see that plugin. Is there any extra configurations are required to make rbac rest also works.