Release notes

With this update, when deploying Red Hat Developer Hub by using the operator, you can configure the Developer Hub Deployment resource. The Developer Hub Operator Custom Resource Definition (CRD) API Version has been updated to rhdh.redhat.com/v1alpha2. This CRD exposes a generic spec.deployment.patch field, which allows you to patch the Developer Hub Deployment resource.

With this update, as a Developer Hub administrator, you can create and edit nested conditions in RBAC conditional policies by using the Developer Hub web UI.

With this update, you can persist the audit log:

With this update, you can provide transformer functions for users and groups to mutate entity parameters from Keycloak before their ingestion into the catalog. This can be done by creating a new backend module and using the added keycloakTransformerExtensionPoint.

With this update, you can provide transformer functions for user/group to mutate the entity from Keycloak before their ingestion into the catalog with the new Backstage backend.

With this update, OpenAPI Specs are available for all components, including the rbac-backend plugin.

With this update, Developer Hub can load roles and permissions into the RBAC Backend plugin through the use of extension points with the help of a plugin module.

By default, it is now required for the user entity to exist in the software catalog to allow sign in. This is required for production ready deployments since identities need to exist and originate from a trusted source (i.e. the Identity Provider) in order for security controls such as RBAC and Audit logging to be effective. To bypass this, enable the dangerouslySignInWithoutUserInCatalog configuration that allows sign in without the user being in the catalog. Enabling this option is dangerous as it might allow unauthorized users to gain access.

With this update, the RBAC UI has been improved:

With this update, Backstage was updated to version 1.29.2.

The Microsoft Azure Authentication provider is now enterprise ready. To enable this, enhancements and bug fixes were made to improve the authentication and entity ingestion process. Note, the existence of user entity in the catalog is now enforced.

Before this update, there was no automated process to deploy Developer Hub on OpenShift Dedicated (OSD) on Google Cloud Platform (GCP).

With this update, you can install Red Hat Developer Hub on OpenShift Dedicated (OSD) on Google Cloud Platform (GCP) by using either Red Hat Developer Hub Operator or Red Hat Developer Hub Helm Chart.

With this update, you can visualize the Virtual Machine nodes deployed on the cluster through the Topology plugin.

With this update, you can customize the Home page in Red Hat Developer Hub by passing the data into the app-config.yaml file as a proxy. It is now possible to add, reorganize, and remove cards, including the search bar, quick access, headline, markdown, placeholder, catalog starred entities and featured docs that appear based on the plugins you have installed and enabled.

This update introduces a configurable and customizable main navigation sidebar in Developer Hub, offering administrators greater control over the navigation structure. Previously, the sidebar was hard-coded with limited flexibility, and dynamic plugins could only contribute menu items without control over their order or structure.

With this feature, administrators can now configure the order of navigation items, create nested sub-navigation, and provide users with a more organized and intuitive interface. This enhancement improves user experience and efficiency by allowing a more tailored navigation setup.

Backward compatibility is maintained, ensuring existing dynamic plugin menu item contributions remain functional. A default configuration is provided, along with example configurations, including one with an external dynamic plugin. Documentation has been updated to guide developers on customizing the navigation.

With this update, the @backstage/plugin-catalog-backend-module-logs plugin has been made available as a dynamic plugin to help surface catalog errors into the logs. This dynamic plugin is disabled by default.

With this release, you can configure conditional policies in Developer Hub using external files. Additionally, Developer Hub supports conditional policy aliases, which are dynamically substituted with the appropriate values during policy evaluation.

For more information, see Configuring conditional policies.

Before this update, it took a long time for Developer Hub to restart because Developer Hub bootstraps all dynamic plugins from zero with every restart.

With this update, Developer Hub is using persisted volumes for the dynamic plugins. Therefore, Developer Hub restarts faster.

With this update, you can monitor active users on Developer Hub using the licensed-users-info-backend plugin. This plugin provides statistical data on logged-in users through the Web UI or REST API endpoints.

For more information, see Authorization.

With this update, you can load a custom Backstage theme from a dynamic plugin.

This update also introduced the ability to override core API service factories from a dynamic plugin, which can be helpful for more specialized use cases such as providing a custom ScmAuth configuration for the Developer Hub frontend.

Before this update, the dynamic-plugins config map name was hardcoded. Therefore, it was not possible to install two Red Hat Developer Hub helm charts in the same namespace.

With this update, the dynamic-plugins config map is named dynamically based on the deployment name similar to how all other components names are generated. When upgrading from a previous chart you might need to manually update that section of your values.yaml file to pull in the correct config map.

By default, it is now required for the user entity to exist in the software catalog to allow sign in. This is required for production ready deployments since identities need to exist and originate from a trusted source (i.e. the Identity Provider) in order for security controls such as RBAC and Audit logging to be effective. To bypass this, enable the dangerouslySignInWithoutUserInCatalog configuration that allows sign in without the user being in the catalog. Enabling this option is dangerous as it might allow unauthorized users to gain access.

Before this update, some Red Hat and Community Technology Preview (TP) plugins and actions were enabled by default:

With this update, all plugins included under the Technology Preview scope of support, whether from Red Hat or the community, are disabled by default.

With this update, three plugins previously under the @janus-idp scope have moved to @backstage-community:

As the scope of the previous plugins has been updated, the dynamic plugin configuration has also changed.

spec.application.image, spec.application.replicas and spec.application.imagePullSecrets fields are deprecated in v1alpha2 in favour of spec.deployment.

Procedure:

To update your Developer Hub Operation configuration:

With this update, you can register entities from multiple repositories simultaneously, without the need to register them individually.

For repositories without a catalog-entity.yaml file, the plugin creates a pull request. Once the pull request is merged, Developer Hub registers the entity in the software catalog.

With this update, Developer Hub includes the @backstage/plugin-catalog-backend-module-logs plugin as a dynamic plugin to help surface catalog errors into the logs. This dynamic plugin is disabled by default.

With this update, the Red Hat Developer Hub Helm Chart does not contain a pull secret that is no longer needed.

Before this update, permission checks by the permission framework would throw an error if a matching permission policy was not previously defined. Therefore, Developer Hub denied the request with an error.

With this update, Developer Hub denies the request without throwing an error.

Before this update, the RBAC administration user interface Permission Policies table did not display the plugin name.

With this update, the RBAC administration user interface Permission Policies table displays the plugin name.

Before this update, Developer Hub API became unresponsive when a user was member of a high number of groups (more than 150) with aggregated relations. Therefore, the user might have failed to authenticate. Also, Developer Hub might have shown an error when opening the user entity in the UI.

With this update, Developer Hub can handle a user member of a high number of groups (more than 150) with aggregated relations.

Before this update, when the OCM plugin is installed, navigating to non-OCM pages triggered unnecessary failed OCM API calls.

With this update, Developer Hub restricts OCM API calls to OCM-related pages.

Before this update, Developer Hub failed to resolve user entities with Azure authentication provider to entities ingested by the MsGraph catalog provider. Therefore, a user authentication with Microsoft Azure could not open a session in Developer Hub.

With this update, Developer Hub resolves user entities with Azure authentication provider to entities ingested by the MsGraph catalog provider. Therefore, a user authentication with Microsoft Azure can open a session in Developer Hub.

Before this update, in a Developer Hub deployment with the default configuration, the application logs displayed the deprecation warning.

With this update, the default upstream.backstage.appConfig configuration uses the backend.auth.externalAccess field rather than the deprecated backend.auth.keys field.

With this update, Developer Hub does not include user IP addresses in the application logs.

Before this update, Developer Hub ignored GitHub search API restrictions to list pull requests. Therefore, Developer Hub might have not displayed all pull requests.

With this update, Developer Hub limits paging to max 1000 results to respect GitHub search API restrictions. Developer Hub show users when additional results are available, suggesting in a tooltip that they can refine their query to retrieve more specific results.

Before this update, after updating a config map or a secret, when pods where restarting to apply the changes, they might have tried to simultaneous lock the database. The situation ended with a dead lock.

With this update, Developer Hub handles simultaneous pod refreshing without a dead lock.

Before this update, the Helm Chart was using an unversioned name for the dynamic-plugins-npmrc secret. Therefore subsequent Helm deployments of the RHDH Helm Chart version 1.2.1 failed after the first deployment with an error that a secret named dynamic-plugins-npmrc exists and is not owned by the current release.

With this update, the Helm Chart creates and uses a dynamic-plugins-npmrc secret that is named in line with the other resources managed by the Helm Chart: <release-name>-dynamic-plugins-npmrc. As a result, the Helm Chart does not fail on the previous error.

Before this update, Developer Hub stopped displaying some metrics such as catalog metrics in the <RHDH_URL>/metrics endpoint.

With this update, Developer Hub displays expected metrics in the /metrics endpoint.

Before this update, Developer Hub had theme issues with plugins using Material UI (MUI) 5.

With this update, Developer Hub includes additional MUI 5 related packages, added to the application shell as shared modules. Therefore, dynamic plugins that use MUI 5 components and tss-react can properly load the currently selected theme. This ensures that MUI 5 components have the correct colors and styling applied to them.

While not strictly a requirement, if a dynamic plugin relies on MUI 5 components with a class name prefix, that behavior can be added to a frontend dynamic plugin by adding the following code to the plugin’s index.ts:

import { unstable_ClassNameGenerator as ClassNameGenerator } from '@mui/material/className';

ClassNameGenerator.configure(componentName => {
  return componentName.startsWith('v5-')
    ? componentName
    : `v5-${componentName}`;
})

This update requires using a version of the @janus-idp/cli package > 1.13.1.

Before this update, creating an RBAC role with name that contains ':' or '/' through the REST API (or RBAC admin panel in the UI) created a role that did nothing and could not be deleted. Although the name of the role showed up in full as written in the POST request, when clicked on for more information about the role it showed only the part of the name written before the first ':' or '/'. Also while the list of RBAC roles did list how many policies were added to the role, when clicking on the role for more information it displayed no users or policies.

With this udpate, Developer Hub validates more strictly role and namespace names in accordance with backstage validation:

Developer Hub invalidates role names that do not conform with the format:

Developer Hub invalidates namespaces that do not conform with the format:

Before this update, conditional policies and policies loaded from files remained active after the corresponding policy files were removed from the configuration.

With this update, conditional policies and policies loaded from files are removed after the corresponding policy files are removed from the configuration.

Before this update, the timestamp in the catalog-info.yaml created by the catalog:timestamping action by the backstage-scaffolder-backend-module-annotator plugin was different from the execution time of the template.

With this update, a unique timestamp is generated on each execution of the template.

Before this update, when a user displayed the virtual machine details in the sidebar, the icon corresponding to virtual machine was not shown.

With this update, the missing icons have been added. Therefore, when a user displays the virtual machine details in the sidebar, an icon shows the virtual machine status.

Before this update, authentication with Github failed when the dangerouslyAllowSignInWithoutUserInCatalog field was set to true and the user was absent from the software catalog.

With this update, when the dangerouslyAllowSignInWithoutUserInCatalog field is set to true, you can authenticate to Developer Hub with a user absent from the software catalog.

Before this update, when the Developer Hub image was configured in both the custom resource and in the 'RELATED_IMAGE_backstage' environment variable, the image defined in the custom resource was not used.

With this update, the custom resource configuration takes precedence and is applied.

Before this update, in the RBAC administration page, the members dropdown was not able to load a large number of users or groups. Therefore, the Developer Hub administrator was not able to select required users or groups to add to the role.

With this update, the dropdown displays initially up to 100 users or groups shown and updates the display once the user starts to search. The search happens across the whole data-set and displays the first 100 results. The user must refine their search to narrow the results to a list containing the desired user or group. Therefore, even with larger numbers or users/groups, the Developer Hub administrator can add required users or groups to the role.

Before this update, the ArgoCD plugin was bundled with dynamic backend plugin assets rather than dynamic frontend plugin assets. Therefore the ArgoCD plugin failed to load.

With this update, the ArgoCD plugin is bundled with dynamic frontend plugin assets. Therefore the ArgoCD plugin can load properly.

A conditional alias that uses $ownerRefs doesn’t work.

There is no workaround.

A conditional alias that uses $ownerRefs doesn’t work.

There is no workaround.

Only the first 20 repositories (in alphabetical order) can be displayed at most on the Bulk Import Added Repositories page. Also, the count of Added Repositories displayed might be wrong. In future releases, we plan to address this with proper pagination. Meanwhile, as a workaround, searching would still work against all Added Repositories. So you can still search any Added Repository and get it listed on the table.

Repositories might be added to Developer Hub from various sources (like statically in an app-config file or dynamically when enabling GitHub discovery). By design, the bulk import plugin will only track repositories that are accessible from the configured GitHub integrations. When both the Bulk Import and the GitHub Discovery plugins are enabled, the repositories the latter discovers might be listed in the Bulk Import pages. However, attempting to delete a repository added by the discovery plugin from the Bulk Import Jobs may have no effect, as any entities registered from this repository might still be present in the Developer Hub catalog. There is unfortunately no known workaround yet.