feat(Tekton): use Kubernetes plugin permissions (#2942)

* feat(Tekton): use Kubernetes plugin permissions Signed-off-by: Bryan Ramos <bramos@redhat.com> * Add a changeset Signed-off-by: Bryan Ramos <bramos@redhat.com> * Update permission alert message Signed-off-by: Bryan Ramos <bramos@redhat.com> * Update docs Signed-off-by: Bryan Ramos <bramos@redhat.com> * Remove permissions from tekton-common plugin Signed-off-by: Bryan Ramos <bramos@redhat.com> * Remove old changeset Signed-off-by: Bryan Ramos <bramos@redhat.com> * Fix mispelling Signed-off-by: Bryan Ramos <bramos@redhat.com> --------- Signed-off-by: Bryan Ramos <bramos@redhat.com>
backstage · Feb 24, 2025 · 48e0647 · 48e0647
1 parent 5770418
commit 48e0647
Show file tree

Hide file tree

Showing 8 changed files with 1,518 additions and 1,396 deletions.
diff --git a/workspaces/tekton/.changeset/major-camels-sin.md b/workspaces/tekton/.changeset/major-camels-sin.md
@@ -0,0 +1,6 @@
+---
+'@backstage-community/plugin-tekton-common': minor
+'@backstage-community/plugin-tekton': minor
+---
+
+Use Kubernetes plugin permissions for Tekton plugin, remove tekton-specific permissions from tekton-common plugin
diff --git a/workspaces/tekton/plugins/tekton-common/report.api.md b/workspaces/tekton/plugins/tekton-common/report.api.md
@@ -3,16 +3,8 @@
 > Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
 
 ```ts
-import { BasicPermission } from '@backstage/plugin-permission-common';
-
 // @public
 export enum TektonAnnotations {
   CICD = 'tekton.dev/cicd',
 }
-
-// @public
-export const tektonPermissions: BasicPermission[];
-
-// @public
-export const tektonViewPermission: BasicPermission;
 ```
diff --git a/workspaces/tekton/plugins/tekton-common/src/index.ts b/workspaces/tekton/plugins/tekton-common/src/index.ts
@@ -21,4 +21,3 @@
  */
 
 export * from './annotations';
-export * from './permissions';
diff --git a/workspaces/tekton/plugins/tekton-common/src/permissions.ts b/workspaces/tekton/plugins/tekton-common/src/permissions.ts
diff --git a/workspaces/tekton/plugins/tekton/README.md b/workspaces/tekton/plugins/tekton/README.md
@@ -140,6 +140,15 @@ The Tekton plugin enables you to visualize the `PipelineRun` resources available
    );
    ```
 
+#### Permissions
+
+If you are using permissions, please ensure that the following Kubernetes permissions are enabled:
+
+- `kubernetes.clusters.read	`
+- `kubernetes.resources.read`
+
+Read [the documentation](https://github.com/backstage/backstage/blob/master/docs/features/kubernetes/permissions.md) for more info on these permissions.
+
 ## For users
 
 ### Using the Tekton plugin in Backstage

diff --git a/workspaces/tekton/plugins/tekton/src/components/common/PermissionAlert.tsx b/workspaces/tekton/plugins/tekton/src/components/common/PermissionAlert.tsx
@@ -16,13 +16,24 @@
 import React from 'react';
 
 import { Alert, AlertTitle } from '@material-ui/lab';
+import {
+  kubernetesClustersReadPermission,
+  kubernetesResourcesReadPermission,
+} from '@backstage/plugin-kubernetes-common';
+
+const permissions = [
+  kubernetesClustersReadPermission,
+  kubernetesResourcesReadPermission,
+]
+  .map(p => p.name)
+  .join(', ');
 
 const PermissionAlert = () => {
   return (
     <Alert severity="warning" data-testid="no-permission-alert">
       <AlertTitle>Permission required</AlertTitle>
       To view Tekton Pipeline Runs, contact your administrator to give you the
-      tekton.view.read permission.
+      following permission(s): {permissions}.
     </Alert>
   );
 };

diff --git a/workspaces/tekton/plugins/tekton/src/hooks/useTektonViewPermission.ts b/workspaces/tekton/plugins/tekton/src/hooks/useTektonViewPermission.ts
@@ -15,12 +15,21 @@
  */
 import { usePermission } from '@backstage/plugin-permission-react';
 
-import { tektonViewPermission } from '@backstage-community/plugin-tekton-common';
+import {
+  kubernetesClustersReadPermission,
+  kubernetesResourcesReadPermission,
+} from '@backstage/plugin-kubernetes-common';
 
 export const useTektonViewPermission = () => {
-  const tektonViewPermissionResult = usePermission({
-    permission: tektonViewPermission,
+  const clusterReadPermission = usePermission({
+    permission: kubernetesClustersReadPermission,
   });
 
-  return tektonViewPermissionResult.allowed;
+  const clusterResourcesReadPermission = usePermission({
+    permission: kubernetesResourcesReadPermission,
+  });
+
+  return (
+    clusterReadPermission.allowed && clusterResourcesReadPermission.allowed
+  );
 };
Original file line number	Diff line number	Diff line change
Expand Up		@@ -21,4 +21,3 @@
		*/

		export * from './annotations';
		export * from './permissions';