DEV Community: Peter

Dummy Data For Backstage

Peter — Thu, 27 Mar 2025 08:44:57 +0000

We've been using Backstage internally as our developer platform for almost 2 years now (time flies!) and one issue we always tried to "get around to fixing" but never really had the time was a nice way to bulk create dummy entities for our catalog!

So, I decided to whip up a little tool that can generate a bunch of dummy entities for your Backstage catalog which you can find here:

Github Pages: https://parsifal-m.github.io/backstage-catalog-gen/

Repo: https://github.com/Parsifal-M/backstage-catalog-gen

This saves us a bunch of time when ever we want to quickly add a bunch of entities to our catalog for testing!

Hope it saves you some time as well! ❤️

The New Way To Use OPA With Backstage

Peter — Sat, 09 Nov 2024 17:08:35 +0000

👋 Hello Again!

Last time, I spoke about how you could use the OPA Wrapper plugin to let you use the Open Policy Agent and integrate with the Backstage Permissions Framework.

I am back again to to just let you know, we've released two new awesome OPA related plugins that take this to the next level! The plugins are still in beta and I am looking forward to any and all feedback!

💭 So Why Do We Think These Plugins Will Be So Useful?

While the OPA Wrapper Plugin is fantastic for most permissions, some of our needs go beyond simple RBAC and ABAC rules. Sometimes, we need authorization based on dynamic, complex conditions that the default permissions framework doesn’t handle. For example:

Deployment Fridays: Only developers with 5+ years of experience can push the big red button.
Conditional UI Elements: Table rows are editable only by the assigned user.
Middleware on Backend Routes: Authorization rules for APIs based on request method or path.

In these cases, we need policies that are both flexible and powerful.

🥁 Introducing...

So we developed the OPA Authz and OPA Authz React plugins!

These plugins bring that extra “oomph” to permissions in Backstage by making it easy to implement complex RBAC and ABAC requirements. And best of all, they don’t interfere with the OPA Wrapper! They’re designed to work seamlessly together, even in setups that rely on community and core plugins.

🤔 So Why Would I Use It?

Use these plugins when you need that extra layer of flexibility for advanced authorization in Backstage. They let you design more expressive policies to fit nuanced scenarios.

⭐ Key Takeaways

Allows for more flexibility and expressive policies!
Contains bespoke react components you can use to control the visibility and access based on the results of an OPA policy!
Bespoke OPA Middleware you can use in your backend routes!
Fully free and open source!

💬 We’d Love Your Feedback!
Try out these plugins and let us know how they work for you. You can find both on GitHub, and we’d love to hear your thoughts or answer questions. Or you can leave some comments below!

Using the Open Policy Agent with Backstage!

Peter — Wed, 30 Oct 2024 14:21:46 +0000

Hello! 👋

I'm Peter, a software engineer who's spent the last few years working with OPA (Open Policy Agent) and Backstage in my spare time (and now at work!).

Bringing the two together felt natural, as I have a deep appreciation for OPA—it was my first open-source project contribution, and the support from the maintainers was invaluable in building my confidence to continue contributing and building in Open Source.

The Need For Authorization

While many organizations treat everything within their Backstage application as 'public'—meaning accessible to anyone internally—the reality, especially in regulated industries, is that we may need to control visibility more selectively across the organization.

Backstage comes with an in-built permissions framework for cases like the above, for rarely changing, static authorization policy the built-in permissions framework might be enough.

So Why Use OPA With Backstage?

A key motivation for developing the plugins to integrate OPA with Backstage was to avoid the need to rebuild and redeploy the application for each permission change.

For instance, if a user needed to be added or removed, or a group updated, I wanted to eliminate those urgent "drop everything and edit this permission" moments.

And so, the OPA Permissions Wrapper Plugin was born! With the recent updates to the Backstage backend, this is technically an "extension" of the permissions framework. It forwards all authorization requests to OPA, where decisions are made based on defined policies—allowing for more dynamic control!

What Does This Solve?

Instead of coding policies directly into your Backstage instance with TypeScript, create, edit and manage your policies with OPA!
Manage your policies in a more flexible way, you can use OPA's Rego language to write your policies.
No need to redeploy your Backstage instance to update your permission policies, simply update your OPA policies and you are good to go!
Enable teams to manage their own policies, without needing to know TypeScript or the Backstage codebase!

To Be Continued?

This is an introduction to spread the word. If you're interested in a deeper, technical write-up of these plugins, let me know and I’ll continue!

I’m also working on an implementation that fully uses OPA, bypassing the permissions framework for custom Backstage plugins—and I am more than happy to write about it!

Thanks for reading!

Peter