chore - RHINENG-22573 added cost.plugin RBAC permission to view Openshift page (#1981)

Author: PreetiW

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-backend/src/plugin.ts

@@ -70,6 +70,10 @@ export const resourceOptimizationPlugin = createBackendPlugin({
           path: '/access',
           allow: 'user-cookie',
         });
+        httpRouter.addAuthPolicy({
+          path: '/access/cost-management',
+          allow: 'user-cookie',
+        });
       },
     });
   },

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-backend/src/routes/costManagementAccess.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import type { RequestHandler } from 'express';
+import type { RouterOptions } from '../models/RouterOptions';
+import { authorize } from '../util/checkPermissions';
+import { costPluginPermissions } from '@red-hat-developer-hub/plugin-redhat-resource-optimization-common/permissions';
+import { AuthorizeResult } from '@backstage/plugin-permission-common';
+
+export const getCostManagementAccess: (
+  options: RouterOptions,
+) => RequestHandler = options => async (_, response) => {
+  const { logger, permissions, httpAuth } = options;
+  let finalDecision = AuthorizeResult.DENY;
+
+  // Check for cost.plugin permisssion
+  // if user has ros.plugin permission, allow access to all the data
+  const costPluginDecision = await authorize(
+    _,
+    costPluginPermissions,
+    permissions,
+    httpAuth,
+  );
+
+  logger.info(`Checking decision:`, costPluginDecision);
+
+  if (costPluginDecision.result === AuthorizeResult.ALLOW) {
+    finalDecision = AuthorizeResult.ALLOW;
+
+    const body = {
+      decision: finalDecision,
+      authorizeClusterIds: [],
+      authorizeProjects: [],
+    };
+    return response.json(body);
+  }
+
+  const body = {
+    decision: finalDecision,
+    authorizeClusterIds: [],
+    authorizeProjects: [],
+  };
+
+  return response.json(body);
+};

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-backend/src/service/router.ts

@@ -21,6 +21,7 @@ import { getToken } from '../routes/token';
 import { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';
 import { rosPluginPermissions } from '@red-hat-developer-hub/plugin-redhat-resource-optimization-common/permissions';
 import { getAccess } from '../routes/access';
+import { getCostManagementAccess } from '../routes/costManagementAccess';
 
 /** @public */
 export async function createRouter(
@@ -41,5 +42,7 @@ export async function createRouter(
 
   router.get('/access', getAccess(options));
 
+  router.get('/access/cost-management', getCostManagementAccess(options));
+
   return router;
 }

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-common/report-permissions.api.md

@@ -5,6 +5,12 @@
 ```ts
 import { BasicPermission } from '@backstage/plugin-permission-common';
 
+// @public (undocumented)
+export const costPluginPermissions: BasicPermission[];
+
+// @public (undocumented)
+export const costPluginReadPermission: BasicPermission;
+
 // @public (undocumented)
 export const rosClusterProjectPermission: (
   clusterName: string,

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-common/src/clients/cost-management/CostManagementSlimClient.ts

@@ -577,7 +577,9 @@ export class CostManagementSlimClient implements CostManagementSlimApi {
 
   private async getAccess(): Promise<GetAccessResponse> {
     const baseUrl = await this.discoveryApi.getBaseUrl(`${pluginId}`);
-    const response = await this.fetchApi.fetch(`${baseUrl}/access`);
+    const response = await this.fetchApi.fetch(
+      `${baseUrl}/access/cost-management`,
+    );
     const data = (await response.json()) as GetAccessResponse;
     return data;
   }

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization-common/src/permissions.ts

@@ -39,5 +39,14 @@ export const rosClusterProjectPermission = (
     attributes: { action: 'read' },
   });
 
+/** @public */
+export const costPluginReadPermission = createPermission({
+  name: 'cost.plugin',
+  attributes: { action: 'read' },
+});
+
+/** @public */
+export const costPluginPermissions = [costPluginReadPermission];
+
 /** @public */
 export const rosPluginPermissions = [rosPluginReadPermission];

workspaces/redhat-resource-optimization/plugins/redhat-resource-optimization/src/pages/openshift/OpenShiftPage.tsx

@@ -296,20 +296,16 @@ export function OpenShiftPage() {
       return null;
     }
 
-    try {
-      const offset = currentPage * pageSize;
-      const queryParams = buildCostManagementQueryParams(queryParamsConfig, {
-        limit: pageSize,
-        offset,
-      });
+    const offset = currentPage * pageSize;
+    const queryParams = buildCostManagementQueryParams(queryParamsConfig, {
+      limit: pageSize,
+      offset,
+    });
 
-      const response = await api.getCostManagementReport({
-        query: queryParams,
-      });
-      return response.json();
-    } catch {
-      return null;
-    }
+    const response = await api.getCostManagementReport({
+      query: queryParams,
+    });
+    return response.json();
   }, [
     currency,
     overheadDistribution,