Skip to content

Latest commit

 

History

History

README.md

Marvel catalog fixtures

Curated Components, Systems, Domain / API / Resource graph pieces, Software Templates, and optional static Users under this directory. Use all-marvel.yaml (via all.yaml in this folder or your app’s Location) to register the bundle.

Identity model (Guest vs Keycloak vs static catalog users)

Mechanism What it is In this repo
Backstage Guest Auth mode where the signed-in principal is the built-in guest user; unrelated to Keycloak logins. Not a YAML file—configure in your Backstage auth setup.
Keycloak + catalog provider Real User and Group entities sync from your realm (e.g. realm marvel, parent group marvel, subgroups such as avengers, cluster-admins). Source data: keycloak/users.json, keycloak/groups.json. Provision with yarn provision:keycloak from the repo root.
Static catalog User YAML Committed User entities for environments where you want catalog users without Keycloak (or before the provider runs). users/guest.yaml, users/catalog-local-user.yaml, plus optional extras listed in users.yaml.

Avoid duplicate User entities: if Keycloak already supplies guest (or the same metadata.name as catalog-local-user), remove overlapping paths from users.yaml or disable that Location in your Backstage app.

spec.owner on components uses group names (e.g. avengers, cluster-admins) that should exist as Groups from the provider after the realm is provisioned.

Directory index

Path Role
all-marvel.yaml Location targets for Marvel systems, graph extras, templates, and components.
systems.yaml System entities; spec.domainmarvel-demo.
catalog-graph.yaml Domain marvel-demo, Resource fixtures for rhdh dependsOn, API guestbook-api.
templates/ Software Templates (full + smoke); see templates/location-templates.yaml.
components/ Plugin-oriented component fixtures.
users.yaml Location of static User YAML files.
roles/role.yaml RBAC Role example (register only if your Backstage build ingests this kind).

${MARVEL_*} placeholders in YAML

Several files use ${MARVEL_VARIABLE_NAME} (uppercase + underscores only). The repo validator expands them from your repo-root .env (if present) or from defaults in scripts/catalog-env-substitute.ts. Backstage does not expand these when reading raw YAML from Git or disk—render before ingest (same substitution in CI, envsubst, Helm, initContainer, etc.). Variables are listed in .env.example.

RBAC label / annotation probes

Some entities carry marvel-rbac.* labels and marvel-rbac.hypothesis/* annotations for conditional policy experiments. Case-variant annotation keys are split across different entities so a policy keyed on CiProfile vs ciprofile does not match the same row twice; see component descriptions on nodejs and dotnetcore.