Conditional alias $ownerRefs doesnt' work

[mbmoon]

According to https://github.com/janus-idp/backstage-plugins/blob/a31020647ffcf210fc4d6434d6613aa0ecce71b7/plugins/rbac-backend/docs/conditions.md#conditional-policy-aliases I have put the following condition to conditional file:

---
result: CONDITIONAL
roleEntityRef: 'role:default/Group.Read2'
pluginId: catalog
resourceType: catalog-entity
permissionMapping:
  - read
conditions:
  rule: IS_ENTITY_OWNER
  resourceType: catalog-entity
  params:
    claims:
      - '$currentUser'

It works as expected when catalog item has

spec:
  lifecycle: experimental
  type: website
  owner: user:default/my_user_example_com

But when I use $ownerRefs for condition and for catalog Item use my group as owner - it doesn't return any catalog items.

---
result: CONDITIONAL
roleEntityRef: 'role:default/Group.Read2'
pluginId: catalog
resourceType: catalog-entity
permissionMapping:
  - read
conditions:
  rule: IS_ENTITY_OWNER
  resourceType: catalog-entity
  params:
    claims:
      - '$ownerRefs'

What is wrong? If I do something wrong - maybe you could provide more detailed documentation on how to use $ownerRefs'.

My expectation that I should see all catalog items that has the same owner as my parent group.

[mbmoon]

Can this be related to data type? I have limited experience with TS. But I can logically assume that IS_ENTITY_OWNER requires list of strings, but ownerRefs returns list of strings instead of string. So we get list[list[strings]].

[nickboldt]

Closing in favour of JIRA https://issues.redhat.com/browse/RHIDP-4069

We're not using this repo for issues anymore.

[AndrienkoAleksandr]

Fix is in the road: #2228