test(rbac): add module wiring, contract tests, and contributor guide#9697
Open
AndrienkoAleksandr wants to merge 3 commits into
Open
test(rbac): add module wiring, contract tests, and contributor guide#9697AndrienkoAleksandr wants to merge 3 commits into
AndrienkoAleksandr wants to merge 3 commits into
Conversation
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
AndrienkoAleksandr
requested review from
a team,
HusneShabbir,
PatAKnight,
christoph-jerolimov,
debsmita1,
divyanshiGupta,
djanickova,
dzemanov,
jrichter1,
karthikjeeyar and
rohitkrai03
as code owners
Contributor
Changed Packages
|
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves the RBAC workspace developer experience and stability by adding self-contained backend wiring/config, introducing “public contract” tests for shared RBAC exports, and documenting development + manual verification flows for contributors.
Changes:
- Add RBAC backend dev harness config (including a manual-tests overlay with Keycloak/OIDC) and a backend plugin smoke test using
startTestBackend. - Add RBAC common “public contract” tests to lock exported permission constants/types and related helpers.
- Add contributor documentation across the RBAC workspace/plugins and introduce a backend-only manual permission test harness (scripts + catalog entities + Keycloak realm export).
Reviewed changes
Copilot reviewed 24 out of 30 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| workspaces/rbac/yarn.lock | Adds lockfile entries for the OIDC auth backend module and transitive deps. |
| workspaces/rbac/README.md | Updates workspace-level setup/dev commands and links to per-plugin contributor docs. |
| workspaces/rbac/plugins/rbac/README.md | Links to the new frontend plugin contributor guide. |
| workspaces/rbac/plugins/rbac/CONTRIBUTING.md | Documents frontend dev harness + validation commands. |
| workspaces/rbac/plugins/rbac-common/src/contract.test.ts | Adds “public contract” test coverage for exported constants/helpers. |
| workspaces/rbac/plugins/rbac-common/CONTRIBUTING.md | Documents how to develop/validate the shared RBAC common package. |
| workspaces/rbac/plugins/rbac-backend/src/policies/permission-policy.test.ts | Adds a regression/contract test for super-user group matching behavior. |
| workspaces/rbac/plugins/rbac-backend/src/policies/permission-policy.hierarchy.test.ts | Updates comments to point readers at the new manual-tests data. |
| workspaces/rbac/plugins/rbac-backend/src/plugin.test.ts | Adds startTestBackend smoke test to verify RBAC routes are registered. |
| workspaces/rbac/plugins/rbac-backend/README.md | Links to contributor guide and related docs. |
| workspaces/rbac/plugins/rbac-backend/package.json | Updates start scripts to use self-contained config; adds OIDC module dependency. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/scripts/test-permissions.sh | Adds script to POST /api/permission/authorize for all manual-test users. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/scripts/start-keycloak.sh | Adds helper to run Keycloak (Docker/Podman) with realm import. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/scripts/login.py | Adds browserless OIDC login flow to mint Backstage bearer tokens. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/scripts/generate-userinfo.py | Generates the manual-tests user/token expectation matrix CSV. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/README.md | Documents the backend-only manual test flow end-to-end. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/rbac/users.yaml | Adds catalog User entities for manual test coverage. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/rbac/rbac-policy.csv | Adds Casbin CSV policies for the manual-tests harness. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/rbac/rbac-group-charts.txt | Adds a visualization aid for hierarchy scenarios. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/rbac/groups.yaml | Adds catalog Group entities for manual test coverage. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/rbac/all.yaml | Adds a catalog Location that pulls in the manual-tests users/groups. |
| workspaces/rbac/plugins/rbac-backend/manual-tests/keycloak/backstage-realm.json | Adds Keycloak realm export aligned to the manual-tests dataset. |
| workspaces/rbac/plugins/rbac-backend/dev/index.ts | Wires in the OIDC auth backend module for the backend dev harness. |
| workspaces/rbac/plugins/rbac-backend/CONTRIBUTING.md | Documents backend harness workflows, validation commands, and test coverage. |
| workspaces/rbac/plugins/rbac-backend/app-config.yaml | Introduces self-contained backend dev harness config for RBAC backend. |
| workspaces/rbac/plugins/rbac-backend/app-config.manual-tests.yaml | Adds manual-tests overlay config (OIDC, catalog entities, CSV policies). |
| workspaces/rbac/package.json | Removes non-functional root start scripts that paired multiple dev servers. |
| workspaces/rbac/.vscode/launch.json | Updates debugging config to run the backend harness with package start + config. |
| workspaces/rbac/.gitignore | Ignores generated manual-tests/userinfo.csv. |
| workspaces/rbac/.changeset/tall-lizards-pay.md | Adds a changeset describing the workspace and package changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "enabled": true, | ||
| "alwaysDisplayInConsole": false, | ||
| "clientAuthenticatorType": "client-secret", | ||
| "secret": "5Mpv83xSyJkBVnP1Oi28u9RrbGAMRps3", |
Comment on lines
+24
to
+28
| oidc: | ||
| development: | ||
| metadataUrl: http://localhost:8080/realms/backstage | ||
| clientId: backstage | ||
| clientSecret: 5Mpv83xSyJkBVnP1Oi28u9RrbGAMRps3 |
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Comment on lines
+42
to
+52
| def _follow_redirects(session: requests.Session, resp: requests.Response) -> requests.Response: | ||
| while resp.is_redirect or resp.status_code in (301, 302, 303, 307, 308): | ||
| location = resp.headers.get("Location", "") | ||
| if not location: | ||
| break | ||
| location = _rewrite_url(location) | ||
| if resp.status_code in (301, 302, 303): | ||
| resp = session.get(location, allow_redirects=False) | ||
| else: | ||
| resp = session.request(resp.request.method, location, allow_redirects=False) | ||
| return resp |
| development: | ||
| metadataUrl: http://localhost:8080/realms/backstage | ||
| clientId: backstage | ||
| clientSecret: 5Mpv83xSyJkBVnP1Oi28u9RrbGAMRps3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey, I just made a Pull Request!
This PR aims to increase the test coverage for
@backstage-community/plugin-rbac-backendwith a focus on Backstage integration. Mainly module wiring, config/scheduler contracts, and the Admin API client (mocked in tests).It also adds a contributor guide with steps for running the plugin
dev/harness, running the usual package/workspace validation commands, and a short manual smoke checklist.✔️ Checklist
Signed-off-byline in the message. (more info)