Curated Components, Systems, Domain / API / Resource graph pieces, Software Templates, and optional static Users under this directory. Use all-marvel.yaml (via all.yaml in this folder or your app’s Location) to register the bundle.
| Mechanism | What it is | In this repo |
|---|---|---|
| Backstage Guest | Auth mode where the signed-in principal is the built-in guest user; unrelated to Keycloak logins. | Not a YAML file—configure in your Backstage auth setup. |
| Keycloak + catalog provider | Real User and Group entities sync from your realm (e.g. realm marvel, parent group marvel, subgroups such as avengers, cluster-admins). |
Source data: keycloak/users.json, keycloak/groups.json. Provision with yarn provision:keycloak from the repo root. |
Static catalog User YAML |
Committed User entities for environments where you want catalog users without Keycloak (or before the provider runs). | users/guest.yaml, users/catalog-local-user.yaml, plus optional extras listed in users.yaml. |
Avoid duplicate User entities: if Keycloak already supplies guest (or the same metadata.name as catalog-local-user), remove overlapping paths from users.yaml or disable that Location in your Backstage app.
spec.owner on components uses group names (e.g. avengers, cluster-admins) that should exist as Groups from the provider after the realm is provisioned.
| Path | Role |
|---|---|
all-marvel.yaml |
Location targets for Marvel systems, graph extras, templates, and components. |
systems.yaml |
System entities; spec.domain → marvel-demo. |
catalog-graph.yaml |
Domain marvel-demo, Resource fixtures for rhdh dependsOn, API guestbook-api. |
templates/ |
Software Templates (full + smoke); see templates/location-templates.yaml. |
components/ |
Plugin-oriented component fixtures. |
users.yaml |
Location of static User YAML files. |
roles/role.yaml |
RBAC Role example (register only if your Backstage build ingests this kind). |
Several files use ${MARVEL_VARIABLE_NAME} (uppercase + underscores only). The repo validator expands them from your repo-root .env (if present) or from defaults in scripts/catalog-env-substitute.ts. Backstage does not expand these when reading raw YAML from Git or disk—render before ingest (same substitution in CI, envsubst, Helm, initContainer, etc.). Variables are listed in .env.example.
Some entities carry marvel-rbac.* labels and marvel-rbac.hypothesis/* annotations for conditional policy experiments. Case-variant annotation keys are split across different entities so a policy keyed on CiProfile vs ciprofile does not match the same row twice; see component descriptions on nodejs and dotnetcore.