{"id":13574468,"url":"https://github.com/Parsifal-M/backstage-opa-plugins","last_synced_at":"2025-04-04T15:31:08.377Z","repository":{"id":154781661,"uuid":"606474191","full_name":"Parsifal-M/backstage-opa-plugins","owner":"Parsifal-M","description":"Open Policy Agent (OPA) Plugins for Backstage","archived":false,"fork":false,"pushed_at":"2025-03-31T21:10:24.000Z","size":10899,"stargazers_count":52,"open_issues_count":4,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-01T17:55:10.218Z","etag":null,"topics":["backstage","backstage-opa-backend","backstage-plugin","opa","open-source","permissions","plugins","rbac"],"latest_commit_sha":null,"homepage":"https://parsifal-m.github.io/backstage-opa-plugins/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Parsifal-M.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-25T15:51:40.000Z","updated_at":"2025-03-31T21:08:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"ab0bfe41-8d55-4d03-9093-1544e668a01a","html_url":"https://github.com/Parsifal-M/backstage-opa-plugins","commit_stats":null,"previous_names":["parsifal-m/backstage-opa-plugins","parsifal-m/brewed-backstage"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Parsifal-M%2Fbackstage-opa-plugins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Parsifal-M%2Fbackstage-opa-plugins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Parsifal-M%2Fbackstage-opa-plugins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Parsifal-M%2Fbackstage-opa-plugins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Parsifal-M","download_url":"https://codeload.github.com/Parsifal-M/backstage-opa-plugins/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247202667,"owners_count":20900826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backstage","backstage-opa-backend","backstage-plugin","opa","open-source","permissions","plugins","rbac"],"created_at":"2024-08-01T15:00:51.849Z","updated_at":"2025-04-04T15:31:03.368Z","avatar_url":"https://github.com/Parsifal-M.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","open-source","Other Usecases"],"sub_categories":["Testing Blogs and Articles"],"readme":"# Welcome to the OPA Plugins Repository for Backstage\n\n[![codecov](https://codecov.io/gh/Parsifal-M/backstage-opa-plugins/graph/badge.svg?token=IHZGVSXZY7)](https://codecov.io/gh/Parsifal-M/backstage-opa-plugins)\n\nThis repository contains a collection of plugins for [Backstage](https://backstage.io) that integrate with [Open Policy Agent](https://www.openpolicyagent.org/).\n\n## Blogs\n\n- [Going Backstage with OPA](https://www.styra.com/blog/going-backstage-with-opa/)\n\n## Talks\n\n- [Can It Be Done? Building Fine-Grained Access Control for Backstage with OPA](https://www.youtube.com/watch?v=N0n_czYo_kE\u0026list=PLj6h78yzYM2P4KPyeDFexAVm6ZvfAWMU8\u0026index=15\u0026ab_channel=CNCF%5BCloudNativeComputingFoundation%5D)\n\n## Plugins\n\n- [backstage-opa-backend](./plugins/backstage-opa-backend/README.md) - A Backend Plugin that the [backstage-opa-entity-checker](./plugins/backstage-opa-entity-checker/README.md) consumes to evaluate policies.\n- [plugin-permission-backend-module-opa-wrapper](./plugins/permission-backend-module-opa-wrapper/README.md) - An isolated OPA Client and a Policy Evaluator that integrates with the Backstage permissions framework and uses OPA to evaluate policies, making it possible to use OPA for permissions (like RBAC). Does not require the `backstage-opa-backend` plugin!\n- [backstage-opa-entity-checker](./plugins/backstage-opa-entity-checker/README.md) - A frontend plugin that provides a component card that displays if an entity has the expected entity metadata according to an opa policy.\n- [backstage-opa-policies](./plugins/backstage-opa-policies/README.md) - A frontend component designed to be added to entity pages to fetch and display the OPA policy that entity uses based on a URL provided in an annotation in the `catalog-info.yaml` file.\n\n## Beta Plugins\n\n- [backstage-opa-authz-react](./plugins/opa-authz-react/README.md) - A frontend plugin that allows you to control the visibility of components based on the result of an OPA policy evaluation.\n- [backstage-opa-authz](./packages/opa-authz/README.md) - A node library that includes an OPA client and middleware to evaluate policies, allowing you to control authorization in your backstage backend plugins using OPA.\n\n## Policies\n\n- [backstage-opa-policies](https://github.com/Parsifal-M/backstage-opa-policies#hello) - A collection of policies that can be used with the plugins in this repository. (WIP)\n\n## Additional Documentation\n\nEach Plugin has its own documentation in the [Plugins](./plugins/) Folder, I am however, slowly moving things to [Github pages](https://parsifal-m.github.io/backstage-opa-plugins/#/). Feel free to help out!\n\n## Local Development\n\nStep by step guide to developing locally:\n\n1. Clone this repository\n2. Create an `app-config.local.yaml` file in the root of the repository copying the contents from `app-config.yaml`\n3. Create a PAT (Personal Access Token) for your GitHub account with these scopes: `read:org`, `read:user`, `user:email`. This token should be placed under `integrations.github.token` in the `app-config.local.yaml` file.\n4. Run `yarn install --immutable` in the root of the repository\n5. Use `docker-compose up -d` to start the OPA server and postgres database (this will also load the two policies in the `example-opa-policies` folder automatically)\n6. Update the OPA rbac policy in here [rbac_policy.rego](./example-opa-policies/rbac_policy.rego), or use your own! If you want to use the default policy, you'll have to update `is_admin if \"group:twocodersbrewing/maintainers\" in claims` to what ever your user entity claims are.\n7. Run `yarn dev` or `yarn debug` in the root of the repository to start the Backstage app (use debug if you want to see what is happening in the OPA plugin)\n\n## Ecosystem\n\n- [PlaTT Policy Template](https://github.com/ap-communications/platt-policy-template) contains policy templates that will work with the [plugin-permission-backend-module-opa-wrapper](./plugins/permission-backend-module-opa-wrapper/README.md) plugin!\n\n## Contributing\n\nContributions are welcome! However, still figuring out the best approach as this does require user and group entities to be in the system.\n\nPlease open an issue or a pull request. You can also contact me on mastodon at [@parcifal](https://hachyderm.io/@parcifal).\n\nPlease remember to sign your commits with `git commit -s` so that your commits are signed!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FParsifal-M%2Fbackstage-opa-plugins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FParsifal-M%2Fbackstage-opa-plugins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FParsifal-M%2Fbackstage-opa-plugins/lists"}