-
Story
-
Resolution: Duplicate
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
-
[2533219619] Upstream Reporter: mbmoon
Upstream issue status: Closed
Upstream description:
According to https://github.com/janus-idp/backstage-plugins/blob/a31020647ffcf210fc4d6434d6613aa0ecce71b7/plugins/rbac-backend/docs/conditions.md#conditional-policy-aliases I have put the following condition to conditional file:
--- result: CONDITIONAL roleEntityRef: 'role:default/Group.Read2' pluginId: catalog resourceType: catalog-entity permissionMapping: - read conditions: rule: IS_ENTITY_OWNER resourceType: catalog-entity params: claims: - '$currentUser'It works as expected when catalog item has
spec: lifecycle: experimental type: website owner: user:default/my_user_example_comBut when I use $ownerRefs for condition and for catalog Item use my group as owner - it doesn't return any catalog items.
--- result: CONDITIONAL roleEntityRef: 'role:default/Group.Read2' pluginId: catalog resourceType: catalog-entity permissionMapping: - read conditions: rule: IS_ENTITY_OWNER resourceType: catalog-entity params: claims: - '$ownerRefs'What is wrong? If I do something wrong - maybe you could provide more detailed documentation on how to use $ownerRefs'.
My expectation that I should see all catalog items that has the same owner as my parent group.
Upstream URL: https://github.com/janus-idp/backstage-plugins/issues/2197
- duplicates
-
RHIDP-4069 Conditional alias `$ownerRefs` does not work
- Closed
- links to