Merge branch 'main' into RHIDP-5489

Author: themr0c

.github/workflows/generate-supported-plugins-pr.yml

@@ -0,0 +1,45 @@
+name: Generate update PR for the Dynamic Plugins tables
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch to run the script from"
+        required: true
+        default: "main"
+
+jobs:
+  run-script:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.branch }}
+          fetch-depth: 0
+
+      - name: Install PIP `yq`
+        run: |
+          python3 -m pip install --upgrade pip
+          pip install yq
+          echo "Installed `yq` version: $(yq --version)"
+
+      - name: Set up Git user
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Generate timestamp
+        run: echo "TIMESTAMP=$(date +'%Y%m%d-%H%M%S' -u)" >> $GITHUB_ENV
+
+      - name: Run the script on branch
+        run: bash modules/dynamic-plugins/rhdh-supported-plugins.sh -b ${{ github.event.inputs.branch }}
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "chore: automated update of supported plugins list"
+          title: "Automated update of supported plugins list for ${{ github.event.inputs.branch }}"
+          body: "This PR was automatically generated by running rhdh-supported-plugins.sh."
+          branch: "update-${{ github.event.inputs.branch }}-${{ env.TIMESTAMP }}"
+          base: ${{ github.event.inputs.branch }}

artifacts/rhdh-plugins-reference/argocd/argocd-plugin-admin.adoc

@@ -70,6 +70,159 @@ global:
         disabled: false
 ----
 
+== Enabling Argo CD Rollouts
+
+The optional Argo CD Rollouts feature enhances Kubernetes by providing advanced deployment strategies, such as blue-green and canary deployments, for your applications. When integrated into the backstage Kubernetes plugin, it allows developers and operations teams to visualize and manage Argo CD Rollouts seamlessly within the Backstage interface.
+
+.Prerequisites
+
+* The Backstage Kubernetes plugin (`@backstage/plugin-kubernetes`) is installed and configured. 
+
+** To install and configure Kubernetes plugin in Backstage, see link:https://backstage.io/docs/features/kubernetes/installation/[Installaltion] and link:https://backstage.io/docs/features/kubernetes/configuration/[Configuration] guide.
+
+* You have access to the Kubernetes cluster with the necessary permissions to create and manage custom resources and `ClusterRoles`.
+
+* The Kubernetes cluster has the `argoproj.io` group resources (for example, Rollouts and AnalysisRuns) installed.
+
+.Procedure
+
+. In the `app-config.yaml` file in your Backstage instance, add the following `customResources` component under the `kubernetes` configuration to enable Argo Rollouts and AnalysisRuns:
+
++
+[source,yaml]
+----
+kubernetes:
+  ...
+  customResources:
+    - group: 'argoproj.io'
+      apiVersion: 'v1alpha1'
+      plural: 'Rollouts'
+    - group: 'argoproj.io'
+      apiVersion: 'v1alpha1'
+      plural: 'analysisruns'
+----
+
+. Grant `ClusterRole` permissions for custom resources.
+
++
+[NOTE]
+====
+
+* If the Backstage Kubernetes plugin is already configured, the `ClusterRole` permissions for Rollouts and AnalysisRuns might already be granted.
+
+* Use the link:https://raw.githubusercontent.com/backstage/community-plugins/main/workspaces/redhat-argocd/plugins/argocd/manifests/clusterrole.yaml[prepared manifest] to provide read-only `ClusterRole` access to both the Kubernetes and ArgoCD plugins.
+====
+
+.. If the `ClusterRole` permission is not granted, use the following YAML manifest to create the `ClusterRole`:
+
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: backstage-read-only
+rules:
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - rollouts
+      - analysisruns
+    verbs:
+      - get
+      - list
+----
+
+.. Apply the manifest to the cluster using `kubectl`:
++
+[source,bash]
+----
+kubectl apply -f <your-clusterrole-file>.yaml
+----
+
+.. Ensure the `ServiceAccount` accessing the cluster has this `ClusterRole` assigned.
+
+. Add annotations to `catalog-info.yaml` to identify Kubernetes resources for Backstage.
+
+.. For identifying resources by entity ID:
++
+[source,yaml]
+----
+annotations:
+  ...
+  backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>
+----
+
+.. (Optional) For identifying resources by namespace:
++
+[source,yaml]
+----
+annotations:
+  ...
+  backstage.io/kubernetes-namespace: <RESOURCE_NAMESPACE>
+----
+
+.. For using custom label selectors, which override resource identification by entity ID or namespace:
++
+[source,yaml]
+----
+annotations:
+  ...
+  backstage.io/kubernetes-label-selector: 'app=my-app,component=front-end'
+----
++
+[NOTE]
+====
+Ensure you specify the labels declared in `backstage.io/kubernetes-label-selector` on your Kubernetes resources. This annotation overrides entity-based or namespace-based identification annotations, such as `backstage.io/kubernetes-id` and `backstage.io/kubernetes-namespace`.
+====
+
+. Add label to Kubernetes resources to enable Backstage to find the appropriate Kubernetes resources.
+
+.. Backstage Kubernetes plugin label: Add this label to map resources to specific Backstage entities.
++
+[source,yaml]
+----
+labels:
+  ...
+  backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>
+----
+
+.. GitOps application mapping: Add this label to map Argo CD Rollouts to a specific GitOps application
++
+[source,yaml]
+----
+labels:
+  ...
+  app.kubernetes.io/instance: <GITOPS_APPLICATION_NAME>
+----
+
++
+[NOTE]
+====
+If using the label selector annotation (backstage.io/kubernetes-label-selector), ensure the specified labels are present on the resources. The label selector will override other annotations like kubernetes-id or kubernetes-namespace.
+====
+
+.Verification
+
+. Push the updated configuration to your GitOps repository to trigger a rollout.
+
+. Open {Product} interface and navigate to the entity you configured.
+
+. Select the *CD* tab and then select the *GitOps application*. The side panel opens. 
+
+. In the *Resources* table of the side panel, verify that the following resources are displayed:
+
+* Rollouts
+
+* AnalysisRuns (optional)
+
+. Expand a rollout resource and review the following details:
+
+* The Revisions row displays traffic distribution details for different rollout versions.
+
+* The Analysis Runs row displays the status of analysis tasks that evaluate rollout success.
+
+
 [role="_additional-resources"]
 .Additional resources
 

artifacts/rhdh-plugins-reference/keycloak/keycloak-plugin-admin.adoc

@@ -1,5 +1,5 @@
 [id="rhdh-keycloak_{context}"]
-= Installing and configuring Keycloak 
+= Installing and configuring Keycloak
 
 The Keycloak backend plugin, which integrates Keycloak into {product-short}, has the following capabilities:
 
@@ -8,7 +8,7 @@ The Keycloak backend plugin, which integrates Keycloak into {product-short}, has
 
 [NOTE]
 ====
-The supported Keycloak version is `{keycloak-version}`.
+The supported {rhbk-brand-name} ({rhbk}) version is `{keycloak-version}`.
 ====
 
 == Installation

assemblies/assembly-configuring-authorization-in-rhdh.adoc

@@ -41,6 +41,9 @@ include::assembly-managing-authorizations-by-using-the-rest-api.adoc[leveloffset
 include::assembly-managing-authorizations-by-using-external-files.adoc[leveloffset=+1]
 
 
+include::assembly-configuring-guest-access-with-rbac-ui.adoc[leveloffset=+1]
+
+
 include::modules/authorization/ref-rbac-permission-policies.adoc[leveloffset=+1]
 
 

assemblies/assembly-configuring-guest-access-with-rbac-ui.adoc

@@ -0,0 +1,13 @@
+[id="configuring-guest-access-with-rbac-ui_{context}"]
+= Configuring guest access with RBAC UI
+
+Use guest access with the role-based access control (RBAC) front-end plugin to allow a user to test role and policy creation without the need to set up and configure an authentication provider.
+
+[NOTE]
+====
+Guest access is not recommended for production.
+====
+
+include::modules/authorization/proc-configuring-the-RBAC-backend-plugin.adoc[leveloffset=+1]
+
+include::modules/authorization/proc-setting-up-the-guest-authentication-provider.adoc[leveloffset=+1]

assemblies/assembly-configuring-readonlyrootfilesystem.adoc

@@ -0,0 +1,13 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: readonlyrootfilesystem
+[id="{context}"]
+= Configuring readOnlyRootFilesystem in {product}
+
+The {product} deployment consists of two containers: an `initContainer` that installs the Dynamic Plugins, and a backend container that runs the application. The `initContainer` has the `readOnlyRootFilesystem` option enabled by default. To enable this option on the backend container, you must either have permission to deploy resources through Helm or to create or update a CR for Operator-backed deployments. You can manually configure the `readOnlyRootFilesystem` option on the backend container by using the following methods:
+
+* The {product} Operator
+* The {product} Helm chart
+
+ include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-operator-deployment.adoc[leveloffset=+1]
+
+ include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]

assemblies/assembly-configuring-techdocs.adoc

@@ -3,24 +3,7 @@
 [id="{context}"]
 = Configuring TechDocs
 
-Configure the {product} TechDocs plugin to create, find, and use documentation in a central location and in a standardized way. For example:
-
-Docs-like-code approach::
-Write your technical documentation in Markdown files that are stored inside your project repository along with your code.
-
-Documentation site generation::
-Use MkDocs to create a full-featured, Markdown-based, static HTML site for your documentation that is rendered centrally in {product-short}.
-
-Documentation site metadata and integrations::
-See additional metadata about the documentation site alongside the static documentation, such as the date of the last update, the site owner, top contributors, open GitHub issues, Slack support channels, and Stack Overflow Enterprise tags.
-
-Built-in navigation and search::
-Find the information that you want from a document more quickly and easily.
-
-Add-ons::
-Customize your TechDocs experience with Add-ons to address higher-order documentation needs.
-
-The TechDocs plugin is preinstalled and enabled on a {product-short} instance by default. You can disable or enable the TechDocs plugin, and change other parameters, by configuring the {product} Helm chart or the {product} Operator config map.
+The TechDocs plugin is preinstalled and enabled on a {product-short} instance by default. You can disable or enable the TechDocs plugin, and change other parameters, by configuring the {product} Helm chart or the {product} Operator ConfigMap.
 
 [IMPORTANT]
 ====
@@ -38,30 +21,20 @@ After you configure {odf-name} to store the files that TechDocs generates, you c
 
 include::modules/customizing-techdocs/con-techdocs-configure-storage.adoc[leveloffset=+1]
 
-
 include::modules/customizing-techdocs/proc-techdocs-using-odf-storage.adoc[leveloffset=+2]
 
-
 include::modules/customizing-techdocs/proc-techdocs-configure-odf-helm.adoc[leveloffset=+2]
 
-
 include::modules/customizing-techdocs/ref-techdocs-example-config-plugin-helm.adoc[leveloffset=+3]
 
-
 include::modules/customizing-techdocs/proc-techdocs-configure-odf-operator.adoc[leveloffset=+2]
 
-
 include::modules/customizing-techdocs/ref-techdocs-example-config-plugin-operator.adoc[leveloffset=+3]
 
-
 include::modules/customizing-techdocs/con-techdocs-config-cicd.adoc[leveloffset=+1]
 
-
 include::modules/customizing-techdocs/proc-techdocs-config-cicd-prep-repo.adoc[leveloffset=+2]
 
-
 include::modules/customizing-techdocs/proc-techdocs-generate-site.adoc[leveloffset=+2]
 
-
 include::modules/customizing-techdocs/proc-techdocs-publish-site.adoc[leveloffset=+2]
-

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,7 +6,7 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
-include::modules/release-notes/snip-fixed-security-issues-in-product-1.3.0.adoc[leveloffset=+2]
+include::modules/release-notes/snip-fixed-security-issues-in-product-1.5.0.adoc[leveloffset=+2]
 
-include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.0.adoc[leveloffset=+2]
+include::modules/release-notes/snip-fixed-security-issues-in-rpm-1.5.0.adoc[leveloffset=+2]
 

modules/authentication/proc-enabling-authentication-with-github.adoc

@@ -55,7 +55,7 @@ TIP: If you plan to make changes using the GitHub API, ensure that `Read and wri
 +
 `AUTH_GITHUB_APP_ID`:: Enter the saved **App ID**.
 `AUTH_GITHUB_CLIENT_ID`:: Enter the saved **Client ID**.
-`GITHUB_HOST_DOMAIN`:: Enter your GitHub host domain: `github.com` unless you are using GitHub Enterprise.
+//`GITHUB_HOST_DOMAIN`:: Enter your GitHub host domain: `github.com` unless you are using GitHub Enterprise.
 `GITHUB_ORGANIZATION`:: Enter your GitHub organization name, such as `__<your_github_organization_name>__'.
 `GITHUB_ORG_URL`:: Enter `$GITHUB_HOST_DOMAIN/$GITHUB_ORGANIZATION`.
 `GITHUB_CLIENT_SECRET`:: Enter the saved **Client Secret**.
@@ -145,6 +145,7 @@ auth:
         callbackUrl: __<your_intermediate_service_url/handler>__
 ----
 
+////
 `enterpriseInstanceUrl`::
 Your GitHub Enterprise URL.
 Requires you defined the `GITHUB_HOST_DOMAIN` secret in the previous step.
@@ -158,6 +159,7 @@ auth:
       production:
         enterpriseInstanceUrl: ${GITHUB_HOST_DOMAIN}
 ----
+////
 
 [TIP]
 ====

modules/authorization/proc-configuring-the-RBAC-backend-plugin.adoc

@@ -0,0 +1,29 @@
+[id="configuring-the-rbac-backend-plugin_{context}"]
+= Configuring the RBAC backend plugin
+
+You can configure the RBAC backend plugin by updating the `app-config.yaml` file to enable the permission framework.
+
+.Prerequisites
+* You have installed the `@janus-idp/backstage-plugin-rbac` plugin in {product-short}. For more information, see link:{plugins-configure-book-url}[{plugins-configure-book-title}].
+
+.Procedure
+* Update the `app-config.yaml` file to enable the permission framework as shown:
+
+[source,yaml,subs=+quotes]
+----
+permission
+  enabled: true
+  rbac:
+    admin:
+      users:
+        - name: user:default/guest
+    pluginsWithPermission:
+      - catalog
+      - permission
+      - scaffolder
+----
+
+[NOTE]
+====
+The `pluginsWithPermission` section of the `app-config.yaml` section includes only three plugins by default. Update the section as needed to include any additional plugins that also incorporate permissions.
+====