New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Bug Report: Catalog Docs - Undefined User in Permission #19356
Comments
@vinzscam anything stand out to you here? |
Hi @Nereis, |
Yes we do, similar to the documentation you provided. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I've gone and reproduced the policy that you provided and in my setup it seems to work as intended, so I think it's safe to say it's not the policy itself. I'm guessing it's probably whatever is upstream that is providing the user to the policy. Is there anything notable with your identity provider setup? |
I am experiencing the exact same situation here. When I try to access techdocs for an entity, I see in the logs:
@Joonpark13 - Nothing special about our provider setup. We're using the default Microsoft resolver/provider. @Nereis - Did you resolve your issue? If so, do you remember what you did? |
No, I don't. i remove the faulty permission for now. |
So I will also add that after migrating to the new backend architecture/configuration, the permissions are working for me. I don't know if I had something misconfigured in the API authentication that I didn't duplicate when I set it up for the new architecture, but it works. |
Looks like neither of you are facing this issue anymore, closing |
@Rugvip Removing all the permissions is not really a solution... |
@Nereis alright, reopened! |
@Nereis can you verify that the cookie is present in the requests to techdocs? It looks like there's some issue with your cookie authentication and it's not being applied or sent through which is possibly why this only fails in techdocs. |
@benjdlambert We are starting the migrate to the new backends. I propose we wait and see it fixes the issue as raised by zjpersc |
I still have both legacy and new backends in parallel. I was doing some testing and I'm seeing that there is notable difference in token size for the new backend (Techdocs works) and the legacy backend (Techdocs spins - undefined error in backend). I'm 99.9% positive that it has to do with some difference between the authMiddlewareFactory (used in new backend) and authMiddleware (used on legacy) and how the cookie is being set. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is this still an issue in the latest 1.26 release? We've shipped a lot fixes for auth and techdocs + permissions. |
We started migrating, we'll reactivate the permissions and check |
I'm a colleague of @Nereis and we are running Backstage v1.27.2. We migrated all our plugins to the new backend system and removed the workaround. It fixed the issue, so far, we haven't noticed any issues with the policy or undefined user token error. |
Closing the issue, thank you for confirming @gaelgoth 🙏 |
📜 Description
When trying to access the documentation after setting up the alpha catalog permission as below, the page load for ever and we can see in the permissions that the user, for this specific request only (coming from techdoc?), is not defined in the request context. This lead to a permissions rejection which is also not properly handled in the frontend (load for ever).
👍 Expected behavior
When opening the documentation from the catalog context view, the user should be pass to the permission layer or it should query another permission than "catalog.entity.read" in order to setup a specific exception rule.
Screenshot below with an hardcoded ALLOW permission
👎 Actual Behavior with Screenshots
The user is undefined most likely from the techdoc request leading the permission evaluation to a deny on the catalog.read request. Full log below when clicking on "DOCS" tab from the catalog page of the resource.
👟 Reproduction steps
Add the permission to limit the access to catalog.entity.read. Our codde snippet based on documentation below
📃 Provide the context for the Bug.
We are trying to add the permission on the catalog using the alpha permission from the official documentation
🖥️ Your Environment
Backstage 1.16.0
Mermaid 9.4.3
@backstage/plugin-techdocs-react@npm:1.1.8
backstage-plugin-techdocs-addon-mermaid@npm:0.8.0
👀 Have you spent some time to check if this bug has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
No, I don't have time to work on this right now
The text was updated successfully, but these errors were encountered: