search

janus-idp / backstage-plugins

Plugins for Backstage
https://janus-idp.io
Apache License 2.0
143 stars 146 forks source link

Permissions (RBAC plugin) break techdocs generation #1819

Closed pac0rro closed 3 weeks ago

pac0rro commented 3 months ago

Describe the bug

(this is a clone of my issue for Backstage: see here )

I noticed that, when permissions enabled, the techdocs for components don't generate properly and the page turns blank with the progress indicator showing at top.

[1] 2024-05-27T17:22:45.301Z techdocs info Unable to get metadata for 'component:default/user-local-docs-test2' with error Error: Unable to read techdocs_metadata.json at /home/user/backstage/backstage-source-workspace/backstage-source/node_modules/@backstage/plugin-techdocs-backend/static/docs/default/component/user-local-docs-test2/techdocs_metadata.json. Error: Error: ENOENT: no such file or directory, open '/home/user/backstage/backstage-source-workspace/backstage-source/node_modules/@backstage/plugin-techdocs-backend/static/docs/default/component/user-local-docs-test2/techdocs_metadata.json'; caused by Error: ENOENT: no such file or directory, open '/home/user/backstage/backstage-source-workspace/backstage-source/node_modules/@backstage/plugin-techdocs-backend/static/docs/default/component/user-local-docs-test2/techdocs_metadata.json' type=plugin

I found that backstage tries to open that file a few seconds before the file is created:

$ stat /home/user/backstage/backstage-source-workspace/backstage-source/node_modules/@backstage/plugin-techdocs-backend/static/docs/default/component/user-local-docs-test2/techdocs_metadata.json
  File: /home/user/backstage/backstage-source-workspace/backstage-source/node_modules/@backstage/plugin-techdocs-backend/static/docs/default/component/user-local-docs-test2/techdocs_metadata.json
   Size: 2260            Blocks: 8          IO Block: 4096   regular file
Device: 820h/2080d      Inode: 1175341     Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/    user)   Gid: ( 1000/    user)
Access: 2024-05-27 19:22:48.299626310 +0200
Modify: 2024-05-27 19:22:48.059626390 +0200
Change: 2024-05-27 19:22:48.059626390 +0200
Birth: 2024-05-27 19:22:48.059626390 +0200

In app-config.yaml, techdocs are configured as "local":

techdocs:
  builder: 'local' # Alternatives - 'external'
  generator:
    runIn: 'local' # Alternatives - 'docker'
  publisher:
    type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
  cache:
    readTimeout: 5000

. . .

permission:
  enabled: true
  rbac:
    policies-csv-file: ../../rbac-policy.csv
    policyFileReload: true

Enabling LOG_LEVEL=debug I only see ALLOW permission checks like this:

Line 282: [1] 2024-05-27T17:22:42.091Z permission info user:default/userX is ALLOW for permission 'docs.read' and action read type=plugin

Expected Behavior

Documentation should be generated and rendered.

What are the steps to reproduce this bug?

  1. Enable permissions
  2. Go to component page
  3. Go to docs
  4. Generation starts for two seconds and the related white page shows

Versions of software used and environment

Plugin RBAC:

packages\app\package.json
  "@janus-idp/backstage-plugin-rbac": "^1.12.0",
packages\backend\package.json
  "@janus-idp/backstage-plugin-rbac-backend": "^2.5.1",
OS:   Linux 5.15.146.1-microsoft-standard-WSL2 - linux/x64
node: v18.20.3
yarn: 1.22.22
cli:  0.26.5 (installed)
backstage:  1.25.0

Dependencies:
  @backstage/app-defaults                                          1.5.5
  @backstage/backend-app-api                                       0.7.5
  @backstage/backend-common                                        0.22.0
  @backstage/backend-defaults                                      0.2.18
  @backstage/backend-dev-utils                                     0.1.4
  @backstage/backend-openapi-utils                                 0.1.11
  @backstage/backend-plugin-api                                    0.6.18
  @backstage/backend-tasks                                         0.5.23
  @backstage/backend-test-utils                                    0.3.8
  @backstage/catalog-client                                        1.6.5
  @backstage/catalog-model                                         1.5.0
  @backstage/cli-common                                            0.1.13
  @backstage/cli-node                                              0.2.5
  @backstage/cli                                                   0.26.5
  @backstage/config-loader                                         1.8.0
  @backstage/config                                                1.2.0
  @backstage/core-app-api                                          1.12.5
  @backstage/core-compat-api                                       0.2.5
  @backstage/core-components                                       0.14.7
  @backstage/core-plugin-api                                       1.9.2
  @backstage/e2e-test-utils                                        0.1.1
  @backstage/errors                                                1.2.4
  @backstage/eslint-plugin                                         0.1.8
  @backstage/frontend-plugin-api                                   0.6.5
  @backstage/integration-aws-node                                  0.1.12
  @backstage/integration-react                                     1.1.27
  @backstage/integration                                           1.11.0
  @backstage/plugin-api-docs                                       0.11.5
  @backstage/plugin-app-backend                                    0.3.67
  @backstage/plugin-app-node                                       0.1.18
  @backstage/plugin-auth-backend-module-atlassian-provider         0.1.10
  @backstage/plugin-auth-backend-module-aws-alb-provider           0.1.10
  @backstage/plugin-auth-backend-module-azure-easyauth-provider    0.1.1
  @backstage/plugin-auth-backend-module-bitbucket-provider         0.1.1
  @backstage/plugin-auth-backend-module-cloudflare-access-provider 0.1.1
  @backstage/plugin-auth-backend-module-gcp-iap-provider           0.2.13
  @backstage/plugin-auth-backend-module-github-provider            0.1.15
  @backstage/plugin-auth-backend-module-gitlab-provider            0.1.15
  @backstage/plugin-auth-backend-module-google-provider            0.1.15
  @backstage/plugin-auth-backend-module-guest-provider             0.1.4
  @backstage/plugin-auth-backend-module-microsoft-provider         0.1.13
  @backstage/plugin-auth-backend-module-oauth2-provider            0.1.15
  @backstage/plugin-auth-backend-module-oauth2-proxy-provider      0.1.11
  @backstage/plugin-auth-backend-module-oidc-provider              0.1.9
  @backstage/plugin-auth-backend-module-okta-provider              0.0.11
  @backstage/plugin-auth-backend                                   0.22.5
  @backstage/plugin-auth-node                                      0.4.13
  @backstage/plugin-auth-react                                     0.1.2
  @backstage/plugin-catalog-backend-module-github                  0.5.7
  @backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.1.16
  @backstage/plugin-catalog-backend                                1.22.0
  @backstage/plugin-catalog-common                                 1.0.23
  @backstage/plugin-catalog-graph                                  0.4.5
  @backstage/plugin-catalog-import                                 0.10.10
  @backstage/plugin-catalog-node                                   1.12.0
  @backstage/plugin-catalog-react                                  1.12.0
  @backstage/plugin-catalog                                        1.20.0
  @backstage/plugin-events-backend                                 0.3.5
  @backstage/plugin-events-node                                    0.3.4
  @backstage/plugin-github-actions                                 0.6.16
  @backstage/plugin-jenkins-backend                                0.4.5
  @backstage/plugin-jenkins-common                                 0.1.26
  @backstage/plugin-jenkins                                        0.9.10
  @backstage/plugin-org                                            0.6.25
  @backstage/plugin-permission-backend-module-allow-all-policy     0.1.15
  @backstage/plugin-permission-backend                             0.5.42
  @backstage/plugin-permission-common                              0.7.13
  @backstage/plugin-permission-node                                0.7.29
  @backstage/plugin-permission-react                               0.4.22
  @backstage/plugin-proxy-backend                                  0.4.16
  @backstage/plugin-scaffolder-backend-module-azure                0.1.10
  @backstage/plugin-scaffolder-backend-module-bitbucket-cloud      0.1.8
  @backstage/plugin-scaffolder-backend-module-bitbucket-server     0.1.8
  @backstage/plugin-scaffolder-backend-module-bitbucket            0.2.8
  @backstage/plugin-scaffolder-backend-module-gerrit               0.1.10
  @backstage/plugin-scaffolder-backend-module-gitea                0.1.8
  @backstage/plugin-scaffolder-backend-module-github               0.2.8
  @backstage/plugin-scaffolder-backend-module-gitlab               0.4.0
  @backstage/plugin-scaffolder-backend                             1.22.7
  @backstage/plugin-scaffolder-common                              1.5.2
  @backstage/plugin-scaffolder-node                                0.4.4
  @backstage/plugin-scaffolder-react                               1.8.5
  @backstage/plugin-scaffolder                                     1.20.0
  @backstage/plugin-search-backend-module-catalog                  0.1.24
  @backstage/plugin-search-backend-module-pg                       0.5.27
  @backstage/plugin-search-backend-module-techdocs                 0.1.23
  @backstage/plugin-search-backend-node                            1.2.23
  @backstage/plugin-search-backend                                 1.5.9
  @backstage/plugin-search-common                                  1.2.11
  @backstage/plugin-search-react                                   1.7.11
  @backstage/plugin-search                                         1.4.11
  @backstage/plugin-sonarqube-backend                              0.2.20
  @backstage/plugin-sonarqube-react                                0.1.16
  @backstage/plugin-sonarqube                                      0.7.17
  @backstage/plugin-tech-radar                                     0.7.4
  @backstage/plugin-techdocs-backend                               1.10.5
  @backstage/plugin-techdocs-module-addons-contrib                 1.1.10
  @backstage/plugin-techdocs-node                                  1.12.4
  @backstage/plugin-techdocs-react                                 1.2.4
  @backstage/plugin-techdocs                                       1.10.5
  @backstage/plugin-user-settings                                  0.8.6
  @backstage/release-manifests                                     0.0.11
  @backstage/repo-tools                                            0.9.0
  @backstage/test-utils                                            1.5.5
  @backstage/theme                                                 0.5.5
  @backstage/types                                                 1.1.1
  @backstage/version-bridge                                        1.0.8
Done in 1.39s.
PatAKnight commented 3 months ago

Thank you for posting this bug report!

The changes to the service to service auth that was made during 1.25 and 1.26 ended up breaking our plugin. This should be fixed as of RBAC backend plugin 3.0.0 now that this PR and this PR has been merged.

PatAKnight commented 2 months ago

Hello @pac0rro, just wanted to reach out to make sure that the changes were satisfactory to you and if so could we close this bug report out?

PatAKnight commented 3 weeks ago

@pac0rro I am going to go ahead and close this issue out. If you find this in error, please don't hesitate to reopen this issue or open a new issue. Thanks!