Chapter 6. Fixed issues

Resolved an issue where the Profile drop-down in the global header displayed Guest instead of the logged-in user’s name when using OpenID Connect (OIDC) authentication. The drop-down now correctly shows the user’s display name by checking spec.profile.displayName, then metadata.title, and falling back to the name shown on the Profile card in the Settings page if neither is available.

In versions 1.5.0 and 1.5.1, the app.branding.iconLogo value in the app-config was not applied as the browser favicon. This issue has been resolved in 1.5.2, and the configured branding icon now correctly appears as the favicon.

You can now reorder entity tabs by specifying a priority value in the configuration. Tabs with higher priority values appear first, while default tabs can be hidden by assigning a negative priority value.

Previously, the Report a documentation issue feature in TechDocs was not functional. Additionally, selecting text in a TechDoc displayed an oversized icon instead of the intended tooltip button.

This issue has been fixed, ensuring that users can now select content and report issues correctly using the tooltip button.

When using RHBK as an OIDC provider, the default access token lifespan was set to five minutes, causing frequent refresh token requests as the token neared expiration. This resulted in performance issues due to the frequent token refreshes.

To resolve this, you can increase the access token lifespan on the Keycloak server by adjusting the Access Token Lifespan setting under Configure Realm Settings to a value greater than five minutes. This adjustment prevents unnecessary refresh token calls and improves performance.

This update introduces a new pullPolicy configuration to enhance support for floating tags in OCI artifacts. The pullPolicy setting provides more consistent behavior across platforms handling image containers and offers two options:

The pullPolicy setting is also applied to the NPM downloading method, though Always will download the remote artifact without a digest check. While the existing forceDownload option remains functional, pullPolicy takes precedence, and forceDownload might be deprecated in a future release.

Additionally, this update fixes an issue where OCI artifacts were unintentionally deleted during the clean up phase if only the URL was modified.

Previously, plugins installed from external sources were incorrectly displayed with a No in the Enabled column on the Plugins page. This update fixes the UI logic to ensure that externally installed plugins now correctly appear with a Yes in the Enabled column as expected.

In Developer Hub Helm Chart version 1.4.2+, it was possible to configure the storage class and access mode for the dynamic plugins persistent volume claim (PVC) using the dynamicPlugins.cache.volumeClaimSpec field in the Helm values file.

In version 1.5, this behavior has been reverted, making the dynamic plugins root PVC ephemeral by default. This change addresses issues encountered when upgrading the Helm Chart or running multiple replicas of Developer Hub.

You can still customize the ephemeral volume claim’s storage class and access mode using the upstream.backstage.extraVolumes field, as shown in the following example:

upstream:
  backstage:
    extraVolumes:
      - name: dynamic-plugins-root
        ephemeral:
          volumeClaimTemplate:
            spec:
              accessModes:
                # TODO: Change the access mode below
                - ReadWriteOnce
              resources:
                requests:
                  storage: 5Gi
              # TODO: Add your storage class below
              storageClassName: "<my-custom-storage-class>"

      - name: dynamic-plugins
        configMap:
          defaultMode: 420
          name: '{{ printf "%s-dynamic-plugins" .Release.Name }}'
          optional: true

      - name: dynamic-plugins-npmrc
        secret:
          defaultMode: 420
          optional: true
          secretName: '{{ printf "%s-dynamic-plugins-npmrc" .Release.Name }}'

      - name: dynamic-plugins-registry-auth
        secret:
          defaultMode: 416
          optional: true
          secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'

      - name: npmcacache
        emptyDir: {}

      - name: temp
        emptyDir: {}

upstream:
  backstage:
    extraVolumes:
      - name: dynamic-plugins-root
        ephemeral:
          volumeClaimTemplate:
            spec:
              accessModes:
                # TODO: Change the access mode below
                - ReadWriteOnce
              resources:
                requests:
                  storage: 5Gi
              # TODO: Add your storage class below
              storageClassName: "<my-custom-storage-class>"

      - name: dynamic-plugins
        configMap:
          defaultMode: 420
          name: '{{ printf "%s-dynamic-plugins" .Release.Name }}'
          optional: true

      - name: dynamic-plugins-npmrc
        secret:
          defaultMode: 420
          optional: true
          secretName: '{{ printf "%s-dynamic-plugins-npmrc" .Release.Name }}'

      - name: dynamic-plugins-registry-auth
        secret:
          defaultMode: 416
          optional: true
          secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'

      - name: npmcacache
        emptyDir: {}

      - name: temp
        emptyDir: {}

However, ensure that all other volumes declared in the default Helm Chart are also included.

Previously, the Developer Hub Helm Chart did not support running multiple replicas on different cluster nodes due to the automatic creation of a dynamic plugins root persistent volume claim (PVC). This issue has been resolved by reverting the PVC creation and switching to an ephemeral volume by default, allowing multiple replicas to function properly.

In previous versions of the Developer Hub Helm Chart, the image for the test-connection pod could not be configured, which posed challenges for air-gapped environments. The test-connection pod is created when running helm test to validate a deployed release.

This issue has been resolved by introducing configuration options to specify the image and allowing the test-connection pod to be disabled entirely. The following fields are now available in the Helm Chart:

# -- Test pod parameters
test:
  # -- Whether to enable the test-connection pod used for testing the Release using `helm test`.
  enabled: true

  image:
    # -- Test connection pod image registry
    registry: quay.io

    # -- Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it.
    repository: curl/curl

    # -- Test connection pod image tag. Note that the image needs to have both the `sh` and `curl` binaries in it.
    tag: latest

# -- Test pod parameters
test:
  # -- Whether to enable the test-connection pod used for testing the Release using `helm test`.
  enabled: true

  image:
    # -- Test connection pod image registry
    registry: quay.io

    # -- Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it.
    repository: curl/curl

    # -- Test connection pod image tag. Note that the image needs to have both the `sh` and `curl` binaries in it.
    tag: latest

Previously, the GitLab org catalog backend plugin and Notification backend plugin failed to load when configured, displaying a MODULE_NOT_FOUND error. This issue has been fixed by embedding the missing dependencies within the GitLab org catalog backend dynamic plugin, ensuring proper functionality.

The janus-idp CLI command package-dynamic-plugins is designed to work with both monorepos and single plugin projects. This update resolves a bug in the tool’s monorepo detection, which previously caused the tool to fail with the error TypeError: Cannot read properties of undefined (reading 'packages') when run in a single plugin project.

Previously, the CLI examined the dependencies of embedded packages during the export process by calling require from the monorepo root. This could lead to incorrect dependency resolution, especially when wrapping an existing plugin.

With this update, the CLI now calls require from the embedded package’s parent directory, ensuring that the most relevant dependencies are correctly identified and used.

Previously, the CLI required each dynamic plugin project to define an export-dynamic script for the package-dynamic-plugin command to successfully export the plugin.

With this update, defining an export-dynamic script is no longer necessary. The package-dynamic-plugin command now automatically attempts to run the export-dynamic-plugin command with default arguments, simplifying the export process.

Previously, the startup process would slow down when handling a large number of CSV entries due to roles and permission policies being added individually. In this release, roles and policies are now added in bulk, improving the startup speed of the RBAC backend plugin.

Previously, organizations with a large number of users and groups experienced slower response times due to RBAC permission evaluations. This update includes performance improvements to help mitigate those slowdowns.

Previously, conditional aliases were only functional for the catalog conditional rule of IS_ENTITY_OWNER. With this update, aliases now apply to all rules, improving flexibility and functionality.

Previously, upgrading an existing Developer Hub Helm release using rolling updates was blocked due to the automatic creation of a dynamic plugins root persistent volume claim (PVC) with a hardcoded ReadWriteOnce access mode. This prevented new replicas from being scheduled on different nodes.

This issue is now resolved by reverting the PVC creation and using an ephemeral volume by default, enabling rolling updates and allowing multiple replicas to function as expected.

Previously, the installation script for the Operator failed to run on Red Hat OpenShift Service on AWS (ROSA) clusters in air-gapped environments. This issue has now been resolved, ensuring the script functions correctly on ROSA.