From 94d24c751da0f6b1ac65a544425a849cae76812c Mon Sep 17 00:00:00 2001 From: MT Lewis Date: Thu, 13 Jan 2022 17:10:45 +0000 Subject: [PATCH 1/2] catalog-backend: fix getResources The getResources method in catalog-backend should use the unauthorizedEntitiesCatalog to load resources, otherwise we end up authorizing access to entities during application of conditions. Signed-off-by: MT Lewis --- plugins/catalog-backend/src/service/NextCatalogBuilder.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/catalog-backend/src/service/NextCatalogBuilder.ts b/plugins/catalog-backend/src/service/NextCatalogBuilder.ts index be75b4dfe7..18ee1e2042 100644 --- a/plugins/catalog-backend/src/service/NextCatalogBuilder.ts +++ b/plugins/catalog-backend/src/service/NextCatalogBuilder.ts @@ -417,7 +417,7 @@ export class NextCatalogBuilder { const permissionIntegrationRouter = createPermissionIntegrationRouter({ resourceType: RESOURCE_TYPE_CATALOG_ENTITY, getResources: async (resourceRefs: string[]) => { - const { entities } = await entitiesCatalog.entities({ + const { entities } = await unauthorizedEntitiesCatalog.entities({ filter: { anyOf: resourceRefs.map(resourceRef => { const { kind, namespace, name } = parseEntityRef(resourceRef); From 68edbbeafd7da722cbaae1660e3e1a9f3a591c53 Mon Sep 17 00:00:00 2001 From: MT Lewis Date: Thu, 13 Jan 2022 17:26:04 +0000 Subject: [PATCH 2/2] catalog-backend: add changeset Signed-off-by: MT Lewis --- .changeset/neat-rice-stare.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/neat-rice-stare.md diff --git a/.changeset/neat-rice-stare.md b/.changeset/neat-rice-stare.md new file mode 100644 index 0000000000..3f373cbf90 --- /dev/null +++ b/.changeset/neat-rice-stare.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-catalog-backend': patch +--- + +Fix bug with resource loading in permission integration