Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vippsas/backstage-azure-resources-backend

A backend plugin to pull information from Azure resource graph
https://github.com/vippsas/backstage-azure-resources-backend

azure backstage

Last synced: 2 days ago
JSON representation

A backend plugin to pull information from Azure resource graph

Host: GitHub
URL: https://github.com/vippsas/backstage-azure-resources-backend
Owner: vippsas
License: mit
Created: 2022-08-30T12:38:31.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-02T08:03:39.000Z (4 months ago)
Last Synced: 2025-01-12T21:43:19.349Z (18 days ago)
Topics: azure, backstage
Language: TypeScript
Homepage:
Size: 23.4 KB
Stars: 9
Watchers: 4
Forks: 8
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # Azure resources backend plugin

The backend API plugin used by the frontend plugin. This plugin wraps a few Azure Resource Graph queries to pull information about your Azure resource resources in relation to a backstage entity.

## Getting started

Add following to your backstage instance

```

# From the Backstage root directory

cd packages/backend

yarn add @vippsno/plugin-azure-resources-backend

```

```TypeScript

/// ./packages/backend/src/plugins/azure-resources-backend.ts

import { createRouter } from '@vippsno/plugin-azure-resources-backend';

import { Router } from 'express';

import { PluginEnvironment } from '../types';

export default async function createPlugin(

  env: PluginEnvironment,

): Promise {

  return await createRouter({

    logger: env.logger,

    config: env.config,

  });

}

```

```TypeScript

/// ./packages/backend/src/index.ts

import azureResourcesBackend from './plugins/azure-resources-backend';

const azureResourcesBackendEnv = useHotMemoize(module, () => createEnv('azure-resources-backend'));

apiRouter.use('/azure-resources', await azureResourcesBackend(azureResourcesBackendEnv));

```

## Authentication with Azure

In order for this plugin to work, you'll need an identity with `read` access at the scope you pull information from.  

Depending on where your backstage instance is running, there are a few ways to authenticate. The plugin uses `@azure/identity` which supports `managed identities` and `application registration`

### Using managed identity

In case your backstage instance runs on an Azure resource type that supports system assigned managed identity (MSI), the only thing you need to do is assign the `service principal` with read permission on the `resource group`, `subscription(s)` or `management group`, depending on your environment.

### Using app registration

Create a [new Application Registration](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app?WT.mc_id=AZ-MVP-5003437), and assign the SPN appropriate permissions. Then add the following to your `app-config.yaml` and/or `app-config.local.yaml`. If using MSI you do not add this configuration.

```yaml

azureResources:

  clientId: ab77a497-102e-4c4d-9853-3aca7e733245 # the app registrations clientId

  clientSecret: ~AcbyiAM2YUMQwUSqhzg # a secret created for the app registration

  tenantId: f02ae3d3-be5c-4b9d-9d6e-8192055d4083 # your Azure tenant id

```