@backstage-community/plugin-rbac-backend 7.4.2 → 7.5.0

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 ### Dependencies
 
+## 7.5.0
+
+### Minor Changes
+
+- 2d1f63f: Backstage version bump to v1.44.2
+
+### Patch Changes
+
+- Updated dependencies [2d1f63f]
+  - @backstage-community/plugin-rbac-common@1.21.0
+  - @backstage-community/plugin-rbac-node@1.15.0
+
 ## 7.4.2
 
 ### Patch Changes

package/dist/helper.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"helper.cjs.js","sources":["../src/helper.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { AuditorService, AuthService } from '@backstage/backend-plugin-api';\nimport type { MetadataResponse } from '@backstage/plugin-permission-node';\n\nimport {\n  difference,\n  fromPairs,\n  isArray,\n  isEqual,\n  isPlainObject,\n  omitBy,\n  sortBy,\n  toPairs,\n  ValueKeyIteratee,\n} from 'lodash';\n\nimport {\n  PermissionAction,\n  PermissionInfo,\n  RoleBasedPolicy,\n  RoleConditionalPolicyDecision,\n  Source,\n} from '@backstage-community/plugin-rbac-common';\n\nimport { ActionType, RoleEvents } from './auditor/auditor';\nimport { RoleMetadataDao, RoleMetadataStorage } from './database/role-metadata';\nimport { EnforcerDelegate } from './service/enforcer-delegate';\nimport { PluginPermissionMetadataCollector } from './service/plugin-endpoints';\nimport { RoleMetadata } from '@backstage-community/plugin-rbac-common';\nimport { RBACFilters } from './permissions';\n\nexport function policyToString(policy: string[]): string {\n  return `[${policy.join(', ')}]`;\n}\n\nexport function typedPolicyToString(policy: string[], type: string): string {\n  return `${type}, ${policy.join(', ')}`;\n}\n\nexport function policiesToString(policies: string[][]): string {\n  const policiesString = policies\n    .map(policy => policyToString(policy))\n    .join(',');\n  return `[${policiesString}]`;\n}\n\nexport function typedPoliciesToString(\n  policies: string[][],\n  type: string,\n): string {\n  const policiesString = policies\n    .map(policy => {\n      return policy.length !== 0 ? typedPolicyToString(policy, type) : '';\n    })\n    .join('\\n');\n  return `\n    ${policiesString}\n  `;\n}\n\nexport function metadataStringToPolicy(policy: string): string[] {\n  return policy.replace('[', '').replace(']', '').split(', ');\n}\n\nexport async function removeTheDifference(\n  originalGroup: string[],\n  addedGroup: string[],\n  source: Source,\n  roleEntityRef: string,\n  enf: EnforcerDelegate,\n  auditor: AuditorService,\n  modifiedBy: string,\n): Promise<void> {\n  originalGroup.sort((a, b) => a.localeCompare(b));\n  addedGroup.sort((a, b) => a.localeCompare(b));\n  const missing = difference(originalGroup, addedGroup);\n\n  const groupPolicies: string[][] = [];\n  for (const missingRole of missing) {\n    groupPolicies.push([missingRole, roleEntityRef]);\n  }\n\n  if (groupPolicies.length === 0) {\n    return;\n  }\n\n  const roleMetadata = { source, modifiedBy, roleEntityRef };\n  const existingMembers = await enf.getFilteredGroupingPolicy(1, roleEntityRef);\n  const actionType =\n    existingMembers.length === missing.length\n      ? ActionType.DELETE\n      : ActionType.UPDATE;\n  const auditorMeta = {\n    ...roleMetadata,\n    members: groupPolicies.map(gp => gp[0]),\n  };\n  const auditorEvent = await auditor.createEvent({\n    eventId: RoleEvents.ROLE_WRITE,\n    severityLevel: 'medium',\n    meta: { actionType, source: auditorMeta.source },\n  });\n\n  try {\n    await enf.removeGroupingPolicies(groupPolicies, roleMetadata, false);\n    await auditorEvent.success({ meta: auditorMeta });\n  } catch (error) {\n    await auditorEvent.fail({\n      error,\n      meta: auditorMeta,\n    });\n    throw error;\n  }\n}\n\nexport function transformArrayToPolicy(policyArray: string[]): RoleBasedPolicy {\n  const [entityReference, permission, policy, effect] = policyArray;\n  return { entityReference, permission, policy, effect };\n}\n\nexport function transformPolicyGroupToLowercase(policyArray: string[]) {\n  if (\n    policyArray.length > 1 &&\n    policyArray[0].startsWith('g') &&\n    (policyArray[1].startsWith('user') || policyArray[1].startsWith('group'))\n  ) {\n    policyArray[1] = policyArray[1].toLocaleLowerCase('en-US');\n  }\n}\n\nexport function transformRolesGroupToLowercase(roles: string[][]) {\n  return roles.map(role =>\n    role.length >= 1\n      ? [role[0].toLocaleLowerCase('en-US'), ...role.slice(1)]\n      : role,\n  );\n}\n\nexport function deepSortedEqual(\n  obj1: Record<string, any>,\n  obj2: Record<string, any>,\n  excludeFields?: string[],\n): boolean {\n  let copyObj1;\n  let copyObj2;\n  if (excludeFields) {\n    const excludeFieldsPredicate: ValueKeyIteratee<any> = (_value, key) => {\n      for (const field of excludeFields) {\n        if (key === field) {\n          return true;\n        }\n      }\n      return false;\n    };\n    copyObj1 = omitBy(obj1, excludeFieldsPredicate);\n    copyObj2 = omitBy(obj2, excludeFieldsPredicate);\n  }\n\n  const sortedObj1 = sortBy(toPairs(copyObj1 || obj1), ([key]) => key);\n  const sortedObj2 = sortBy(toPairs(copyObj2 || obj2), ([key]) => key);\n\n  return isEqual(sortedObj1, sortedObj2);\n}\n\nexport function isPermissionAction(action: string): action is PermissionAction {\n  return ['create', 'read', 'update', 'delete', 'use'].includes(\n    action as PermissionAction,\n  );\n}\n\nexport async function buildRoleSourceMap(\n  policies: string[][],\n  roleMetadata: RoleMetadataStorage,\n): Promise<Map<string, Source | undefined>> {\n  return await policies.reduce(\n    async (\n      acc: Promise<Map<string, Source | undefined>>,\n      policy: string[],\n    ): Promise<Map<string, Source | undefined>> => {\n      const roleEntityRef = policy[0];\n      const acummulator = await acc;\n      if (!acummulator.has(roleEntityRef)) {\n        const metadata = await roleMetadata.findRoleMetadata(roleEntityRef);\n        acummulator.set(roleEntityRef, metadata?.source);\n      }\n      return acummulator;\n    },\n    Promise.resolve(new Map<string, Source | undefined>()),\n  );\n}\n\nexport function mergeRoleMetadata(\n  currentMetadata: RoleMetadataDao,\n  newMetadata: RoleMetadataDao,\n): RoleMetadataDao {\n  const mergedMetaData: RoleMetadataDao = { ...currentMetadata };\n  mergedMetaData.lastModified =\n    newMetadata.lastModified ?? new Date().toUTCString();\n  mergedMetaData.modifiedBy = newMetadata.modifiedBy;\n  mergedMetaData.description =\n    newMetadata.description ?? currentMetadata.description;\n  mergedMetaData.roleEntityRef = newMetadata.roleEntityRef;\n  mergedMetaData.source = newMetadata.source;\n  mergedMetaData.owner = newMetadata.owner ?? currentMetadata.owner;\n  return mergedMetaData;\n}\n\nexport async function processConditionMapping(\n  roleConditionPolicy: RoleConditionalPolicyDecision<PermissionAction>,\n  pluginPermMetaData: PluginPermissionMetadataCollector,\n  auth: AuthService,\n): Promise<RoleConditionalPolicyDecision<PermissionInfo>> {\n  const { token } = await auth.getPluginRequestToken({\n    onBehalfOf: await auth.getOwnServiceCredentials(),\n    targetPluginId: roleConditionPolicy.pluginId,\n  });\n\n  const rule: MetadataResponse | undefined =\n    await pluginPermMetaData.getMetadataByPluginId(\n      roleConditionPolicy.pluginId,\n      token,\n    );\n  if (!rule?.permissions) {\n    throw new Error(\n      `Unable to get permission list for plugin ${roleConditionPolicy.pluginId}`,\n    );\n  }\n\n  const permInfo: PermissionInfo[] = [];\n  for (const action of roleConditionPolicy.permissionMapping) {\n    const perm = rule.permissions.find(permission => {\n      if (permission.type === 'resource') {\n        const isCorrectResourceType =\n          permission.resourceType === roleConditionPolicy.resourceType;\n        const isCorrectAction = action === permission.attributes.action;\n        const undefinedAction =\n          action === 'use' && permission.attributes.action === undefined;\n\n        return isCorrectResourceType && (isCorrectAction || undefinedAction);\n      }\n      return false;\n    });\n\n    if (!perm) {\n      throw new Error(\n        `Unable to find permission to get permission name for resource type '${\n          roleConditionPolicy.resourceType\n        }' and action ${JSON.stringify(action)}`,\n      );\n    }\n    permInfo.push({ name: perm.name, action });\n  }\n\n  return {\n    ...roleConditionPolicy,\n    permissionMapping: permInfo,\n  };\n}\n\nexport function deepSort(value: any): any {\n  if (isArray(value)) {\n    return sortBy(value.map(deepSort));\n  } else if (isPlainObject(value)) {\n    return fromPairs(\n      sortBy(\n        toPairs(value).map(([k, v]: [string, any]) => [k, deepSort(v)]),\n        0,\n      ),\n    );\n  }\n  return value;\n}\n\nexport function deepSortEqual(obj1: any, obj2: any): boolean {\n  return isEqual(deepSort(obj1), deepSort(obj2));\n}\n\nexport const matches = (\n  role?: RoleMetadata,\n  filters?: RBACFilters,\n): boolean => {\n  if (!filters) {\n    return true;\n  }\n\n  if (!role) {\n    return false;\n  }\n\n  if ('allOf' in filters) {\n    return filters.allOf.every(filter => matches(role, filter));\n  }\n\n  if ('anyOf' in filters) {\n    return filters.anyOf.some(filter => matches(role, filter));\n  }\n\n  if ('not' in filters) {\n    return !matches(role, filters.not);\n  }\n\n  return filters.values.includes(role.owner);\n};\n"],"names":["auditor","difference","ActionType","RoleEvents","omitBy","sortBy","toPairs","isEqual","isArray","isPlainObject","fromPairs"],"mappings":";;;;;AA6CO,SAAS,eAAe,MAA0B,EAAA;AACvD,EAAA,OAAO,CAAI,CAAA,EAAA,MAAA,CAAO,IAAK,CAAA,IAAI,CAAC,CAAA,CAAA,CAAA;AAC9B;AAEgB,SAAA,mBAAA,CAAoB,QAAkB,IAAsB,EAAA;AAC1E,EAAA,OAAO,GAAG,IAAI,CAAA,EAAA,EAAK,MAAO,CAAA,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AACtC;AAEO,SAAS,iBAAiB,QAA8B,EAAA;AAC7D,EAAM,MAAA,cAAA,GAAiB,SACpB,GAAI,CAAA,CAAA,MAAA,KAAU,eAAe,MAAM,CAAC,CACpC,CAAA,IAAA,CAAK,GAAG,CAAA;AACX,EAAA,OAAO,IAAI,cAAc,CAAA,CAAA,CAAA;AAC3B;AAEgB,SAAA,qBAAA,CACd,UACA,IACQ,EAAA;AACR,EAAM,MAAA,cAAA,GAAiB,QACpB,CAAA,GAAA,CAAI,CAAU,MAAA,KAAA;AACb,IAAA,OAAO,OAAO,MAAW,KAAA,CAAA,GAAI,mBAAoB,CAAA,MAAA,EAAQ,IAAI,CAAI,GAAA,EAAA;AAAA,GAClE,CACA,CAAA,IAAA,CAAK,IAAI,CAAA;AACZ,EAAO,OAAA;AAAA,IAAA,EACH,cAAc;AAAA,EAAA,CAAA;AAEpB;AAEO,SAAS,uBAAuB,MAA0B,EAAA;AAC/D,EAAO,OAAA,MAAA,CAAO,OAAQ,CAAA,GAAA,EAAK,EAAE,CAAA,CAAE,QAAQ,GAAK,EAAA,EAAE,CAAE,CAAA,KAAA,CAAM,IAAI,CAAA;AAC5D;AAEA,eAAsB,oBACpB,aACA,EAAA,UAAA,EACA,QACA,aACA,EAAA,GAAA,EACAA,WACA,UACe,EAAA;AACf,EAAA,aAAA,CAAc,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA;AAC/C,EAAA,UAAA,CAAW,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA;AAC5C,EAAM,MAAA,OAAA,GAAUC,iBAAW,CAAA,aAAA,EAAe,UAAU,CAAA;AAEpD,EAAA,MAAM,gBAA4B,EAAC;AACnC,EAAA,KAAA,MAAW,eAAe,OAAS,EAAA;AACjC,IAAA,aAAA,CAAc,IAAK,CAAA,CAAC,WAAa,EAAA,aAAa,CAAC,CAAA;AAAA;AAGjD,EAAI,IAAA,aAAA,CAAc,WAAW,CAAG,EAAA;AAC9B,IAAA;AAAA;AAGF,EAAA,MAAM,YAAe,GAAA,EAAE,MAAQ,EAAA,UAAA,EAAY,aAAc,EAAA;AACzD,EAAA,MAAM,eAAkB,GAAA,MAAM,GAAI,CAAA,yBAAA,CAA0B,GAAG,aAAa,CAAA;AAC5E,EAAA,MAAM,aACJ,eAAgB,CAAA,MAAA,KAAW,QAAQ,MAC/B,GAAAC,kBAAA,CAAW,SACXA,kBAAW,CAAA,MAAA;AACjB,EAAA,MAAM,WAAc,GAAA;AAAA,IAClB,GAAG,YAAA;AAAA,IACH,SAAS,aAAc,CAAA,GAAA,CAAI,CAAM,EAAA,KAAA,EAAA,CAAG,CAAC,CAAC;AAAA,GACxC;AACA,EAAM,MAAA,YAAA,GAAe,MAAMF,SAAA,CAAQ,WAAY,CAAA;AAAA,IAC7C,SAASG,kBAAW,CAAA,UAAA;AAAA,IACpB,aAAe,EAAA,QAAA;AAAA,IACf,IAAM,EAAA,EAAE,UAAY,EAAA,MAAA,EAAQ,YAAY,MAAO;AAAA,GAChD,CAAA;AAED,EAAI,IAAA;AACF,IAAA,MAAM,GAAI,CAAA,sBAAA,CAAuB,aAAe,EAAA,YAAA,EAAc,KAAK,CAAA;AACnE,IAAA,MAAM,YAAa,CAAA,OAAA,CAAQ,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,WACzC,KAAO,EAAA;AACd,IAAA,MAAM,aAAa,IAAK,CAAA;AAAA,MACtB,KAAA;AAAA,MACA,IAAM,EAAA;AAAA,KACP,CAAA;AACD,IAAM,MAAA,KAAA;AAAA;AAEV;AAEO,SAAS,uBAAuB,WAAwC,EAAA;AAC7E,EAAA,MAAM,CAAC,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAM,CAAI,GAAA,WAAA;AACtD,EAAA,OAAO,EAAE,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAO,EAAA;AACvD;AAEO,SAAS,gCAAgC,WAAuB,EAAA;AACrE,EACE,IAAA,WAAA,CAAY,SAAS,CACrB,IAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,GAAG,CAC5B,KAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,MAAM,CAAK,IAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,OAAO,CACvE,CAAA,EAAA;AACA,IAAA,WAAA,CAAY,CAAC,CAAI,GAAA,WAAA,CAAY,CAAC,CAAA,CAAE,kBAAkB,OAAO,CAAA;AAAA;AAE7D;AAEO,SAAS,+BAA+B,KAAmB,EAAA;AAChE,EAAA,OAAO,KAAM,CAAA,GAAA;AAAA,IAAI,UACf,IAAK,CAAA,MAAA,IAAU,CACX,GAAA,CAAC,KAAK,CAAC,CAAA,CAAE,iBAAkB,CAAA,OAAO,GAAG,GAAG,IAAA,CAAK,KAAM,CAAA,CAAC,CAAC,CACrD,GAAA;AAAA,GACN;AACF;AAEgB,SAAA,eAAA,CACd,IACA,EAAA,IAAA,EACA,aACS,EAAA;AACT,EAAI,IAAA,QAAA;AACJ,EAAI,IAAA,QAAA;AACJ,EAAA,IAAI,aAAe,EAAA;AACjB,IAAM,MAAA,sBAAA,GAAgD,CAAC,MAAA,EAAQ,GAAQ,KAAA;AACrE,MAAA,KAAA,MAAW,SAAS,aAAe,EAAA;AACjC,QAAA,IAAI,QAAQ,KAAO,EAAA;AACjB,UAAO,OAAA,IAAA;AAAA;AACT;AAEF,MAAO,OAAA,KAAA;AAAA,KACT;AACA,IAAW,QAAA,GAAAC,aAAA,CAAO,MAAM,sBAAsB,CAAA;AAC9C,IAAW,QAAA,GAAAA,aAAA,CAAO,MAAM,sBAAsB,CAAA;AAAA;AAGhD,EAAM,MAAA,UAAA,GAAaC,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA;AACnE,EAAM,MAAA,UAAA,GAAaD,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA;AAEnE,EAAO,OAAAC,cAAA,CAAQ,YAAY,UAAU,CAAA;AACvC;AAEO,SAAS,mBAAmB,MAA4C,EAAA;AAC7E,EAAA,OAAO,CAAC,QAAU,EAAA,MAAA,EAAQ,QAAU,EAAA,QAAA,EAAU,KAAK,CAAE,CAAA,QAAA;AAAA,IACnD;AAAA,GACF;AACF;AAEsB,eAAA,kBAAA,CACpB,UACA,YAC0C,EAAA;AAC1C,EAAA,OAAO,MAAM,QAAS,CAAA,MAAA;AAAA,IACpB,OACE,KACA,MAC6C,KAAA;AAC7C,MAAM,MAAA,aAAA,GAAgB,OAAO,CAAC,CAAA;AAC9B,MAAA,MAAM,cAAc,MAAM,GAAA;AAC1B,MAAA,IAAI,CAAC,WAAA,CAAY,GAAI,CAAA,aAAa,CAAG,EAAA;AACnC,QAAA,MAAM,QAAW,GAAA,MAAM,YAAa,CAAA,gBAAA,CAAiB,aAAa,CAAA;AAClE,QAAY,WAAA,CAAA,GAAA,CAAI,aAAe,EAAA,QAAA,EAAU,MAAM,CAAA;AAAA;AAEjD,MAAO,OAAA,WAAA;AAAA,KACT;AAAA,IACA,OAAQ,CAAA,OAAA,iBAAY,IAAA,GAAA,EAAiC;AAAA,GACvD;AACF;AAEgB,SAAA,iBAAA,CACd,iBACA,WACiB,EAAA;AACjB,EAAM,MAAA,cAAA,GAAkC,EAAE,GAAG,eAAgB,EAAA;AAC7D,EAAA,cAAA,CAAe,eACb,WAAY,CAAA,YAAA,IAAA,iBAAoB,IAAA,IAAA,IAAO,WAAY,EAAA;AACrD,EAAA,cAAA,CAAe,aAAa,WAAY,CAAA,UAAA;AACxC,EAAe,cAAA,CAAA,WAAA,GACb,WAAY,CAAA,WAAA,IAAe,eAAgB,CAAA,WAAA;AAC7C,EAAA,cAAA,CAAe,gBAAgB,WAAY,CAAA,aAAA;AAC3C,EAAA,cAAA,CAAe,SAAS,WAAY,CAAA,MAAA;AACpC,EAAe,cAAA,CAAA,KAAA,GAAQ,WAAY,CAAA,KAAA,IAAS,eAAgB,CAAA,KAAA;AAC5D,EAAO,OAAA,cAAA;AACT;AAEsB,eAAA,uBAAA,CACpB,mBACA,EAAA,kBAAA,EACA,IACwD,EAAA;AACxD,EAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,IACjD,UAAA,EAAY,MAAM,IAAA,CAAK,wBAAyB,EAAA;AAAA,IAChD,gBAAgB,mBAAoB,CAAA;AAAA,GACrC,CAAA;AAED,EAAM,MAAA,IAAA,GACJ,MAAM,kBAAmB,CAAA,qBAAA;AAAA,IACvB,mBAAoB,CAAA,QAAA;AAAA,IACpB;AAAA,GACF;AACF,EAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yCAAA,EAA4C,oBAAoB,QAAQ,CAAA;AAAA,KAC1E;AAAA;AAGF,EAAA,MAAM,WAA6B,EAAC;AACpC,EAAW,KAAA,MAAA,MAAA,IAAU,oBAAoB,iBAAmB,EAAA;AAC1D,IAAA,MAAM,IAAO,GAAA,IAAA,CAAK,WAAY,CAAA,IAAA,CAAK,CAAc,UAAA,KAAA;AAC/C,MAAI,IAAA,UAAA,CAAW,SAAS,UAAY,EAAA;AAClC,QAAM,MAAA,qBAAA,GACJ,UAAW,CAAA,YAAA,KAAiB,mBAAoB,CAAA,YAAA;AAClD,QAAM,MAAA,eAAA,GAAkB,MAAW,KAAA,UAAA,CAAW,UAAW,CAAA,MAAA;AACzD,QAAA,MAAM,eACJ,GAAA,MAAA,KAAW,KAAS,IAAA,UAAA,CAAW,WAAW,MAAW,KAAA,SAAA;AAEvD,QAAA,OAAO,0BAA0B,eAAmB,IAAA,eAAA,CAAA;AAAA;AAEtD,MAAO,OAAA,KAAA;AAAA,KACR,CAAA;AAED,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,uEACE,mBAAoB,CAAA,YACtB,gBAAgB,IAAK,CAAA,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,OACxC;AAAA;AAEF,IAAA,QAAA,CAAS,KAAK,EAAE,IAAA,EAAM,IAAK,CAAA,IAAA,EAAM,QAAQ,CAAA;AAAA;AAG3C,EAAO,OAAA;AAAA,IACL,GAAG,mBAAA;AAAA,IACH,iBAAmB,EAAA;AAAA,GACrB;AACF;AAEO,SAAS,SAAS,KAAiB,EAAA;AACxC,EAAI,IAAAC,cAAA,CAAQ,KAAK,CAAG,EAAA;AAClB,IAAA,OAAOH,aAAO,CAAA,KAAA,CAAM,GAAI,CAAA,QAAQ,CAAC,CAAA;AAAA,GACnC,MAAA,IAAWI,oBAAc,CAAA,KAAK,CAAG,EAAA;AAC/B,IAAO,OAAAC,gBAAA;AAAA,MACLL,aAAA;AAAA,QACEC,cAAQ,CAAA,KAAK,CAAE,CAAA,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAqB,CAAC,CAAA,EAAG,QAAS,CAAA,CAAC,CAAC,CAAC,CAAA;AAAA,QAC9D;AAAA;AACF,KACF;AAAA;AAEF,EAAO,OAAA,KAAA;AACT;AAEgB,SAAA,aAAA,CAAc,MAAW,IAAoB,EAAA;AAC3D,EAAA,OAAOC,eAAQ,QAAS,CAAA,IAAI,CAAG,EAAA,QAAA,CAAS,IAAI,CAAC,CAAA;AAC/C;AAEa,MAAA,OAAA,GAAU,CACrB,IAAA,EACA,OACY,KAAA;AACZ,EAAA,IAAI,CAAC,OAAS,EAAA;AACZ,IAAO,OAAA,IAAA;AAAA;AAGT,EAAA,IAAI,CAAC,IAAM,EAAA;AACT,IAAO,OAAA,KAAA;AAAA;AAGT,EAAA,IAAI,WAAW,OAAS,EAAA;AACtB,IAAA,OAAO,QAAQ,KAAM,CAAA,KAAA,CAAM,YAAU,OAAQ,CAAA,IAAA,EAAM,MAAM,CAAC,CAAA;AAAA;AAG5D,EAAA,IAAI,WAAW,OAAS,EAAA;AACtB,IAAA,OAAO,QAAQ,KAAM,CAAA,IAAA,CAAK,YAAU,OAAQ,CAAA,IAAA,EAAM,MAAM,CAAC,CAAA;AAAA;AAG3D,EAAA,IAAI,SAAS,OAAS,EAAA;AACpB,IAAA,OAAO,CAAC,OAAA,CAAQ,IAAM,EAAA,OAAA,CAAQ,GAAG,CAAA;AAAA;AAGnC,EAAA,OAAO,OAAQ,CAAA,MAAA,CAAO,QAAS,CAAA,IAAA,CAAK,KAAK,CAAA;AAC3C;;;;;;;;;;;;;;;;;;;;"}
+{"version":3,"file":"helper.cjs.js","sources":["../src/helper.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { AuditorService, AuthService } from '@backstage/backend-plugin-api';\nimport type { MetadataResponse } from '@backstage/plugin-permission-common';\n\nimport {\n  difference,\n  fromPairs,\n  isArray,\n  isEqual,\n  isPlainObject,\n  omitBy,\n  sortBy,\n  toPairs,\n  ValueKeyIteratee,\n} from 'lodash';\n\nimport {\n  PermissionAction,\n  PermissionInfo,\n  RoleBasedPolicy,\n  RoleConditionalPolicyDecision,\n  Source,\n} from '@backstage-community/plugin-rbac-common';\n\nimport { ActionType, RoleEvents } from './auditor/auditor';\nimport { RoleMetadataDao, RoleMetadataStorage } from './database/role-metadata';\nimport { EnforcerDelegate } from './service/enforcer-delegate';\nimport { PluginPermissionMetadataCollector } from './service/plugin-endpoints';\nimport { RoleMetadata } from '@backstage-community/plugin-rbac-common';\nimport { RBACFilters } from './permissions';\n\nexport function policyToString(policy: string[]): string {\n  return `[${policy.join(', ')}]`;\n}\n\nexport function typedPolicyToString(policy: string[], type: string): string {\n  return `${type}, ${policy.join(', ')}`;\n}\n\nexport function policiesToString(policies: string[][]): string {\n  const policiesString = policies\n    .map(policy => policyToString(policy))\n    .join(',');\n  return `[${policiesString}]`;\n}\n\nexport function typedPoliciesToString(\n  policies: string[][],\n  type: string,\n): string {\n  const policiesString = policies\n    .map(policy => {\n      return policy.length !== 0 ? typedPolicyToString(policy, type) : '';\n    })\n    .join('\\n');\n  return `\n    ${policiesString}\n  `;\n}\n\nexport function metadataStringToPolicy(policy: string): string[] {\n  return policy.replace('[', '').replace(']', '').split(', ');\n}\n\nexport async function removeTheDifference(\n  originalGroup: string[],\n  addedGroup: string[],\n  source: Source,\n  roleEntityRef: string,\n  enf: EnforcerDelegate,\n  auditor: AuditorService,\n  modifiedBy: string,\n): Promise<void> {\n  originalGroup.sort((a, b) => a.localeCompare(b));\n  addedGroup.sort((a, b) => a.localeCompare(b));\n  const missing = difference(originalGroup, addedGroup);\n\n  const groupPolicies: string[][] = [];\n  for (const missingRole of missing) {\n    groupPolicies.push([missingRole, roleEntityRef]);\n  }\n\n  if (groupPolicies.length === 0) {\n    return;\n  }\n\n  const roleMetadata = { source, modifiedBy, roleEntityRef };\n  const existingMembers = await enf.getFilteredGroupingPolicy(1, roleEntityRef);\n  const actionType =\n    existingMembers.length === missing.length\n      ? ActionType.DELETE\n      : ActionType.UPDATE;\n  const auditorMeta = {\n    ...roleMetadata,\n    members: groupPolicies.map(gp => gp[0]),\n  };\n  const auditorEvent = await auditor.createEvent({\n    eventId: RoleEvents.ROLE_WRITE,\n    severityLevel: 'medium',\n    meta: { actionType, source: auditorMeta.source },\n  });\n\n  try {\n    await enf.removeGroupingPolicies(groupPolicies, roleMetadata, false);\n    await auditorEvent.success({ meta: auditorMeta });\n  } catch (error) {\n    await auditorEvent.fail({\n      error,\n      meta: auditorMeta,\n    });\n    throw error;\n  }\n}\n\nexport function transformArrayToPolicy(policyArray: string[]): RoleBasedPolicy {\n  const [entityReference, permission, policy, effect] = policyArray;\n  return { entityReference, permission, policy, effect };\n}\n\nexport function transformPolicyGroupToLowercase(policyArray: string[]) {\n  if (\n    policyArray.length > 1 &&\n    policyArray[0].startsWith('g') &&\n    (policyArray[1].startsWith('user') || policyArray[1].startsWith('group'))\n  ) {\n    policyArray[1] = policyArray[1].toLocaleLowerCase('en-US');\n  }\n}\n\nexport function transformRolesGroupToLowercase(roles: string[][]) {\n  return roles.map(role =>\n    role.length >= 1\n      ? [role[0].toLocaleLowerCase('en-US'), ...role.slice(1)]\n      : role,\n  );\n}\n\nexport function deepSortedEqual(\n  obj1: Record<string, any>,\n  obj2: Record<string, any>,\n  excludeFields?: string[],\n): boolean {\n  let copyObj1;\n  let copyObj2;\n  if (excludeFields) {\n    const excludeFieldsPredicate: ValueKeyIteratee<any> = (_value, key) => {\n      for (const field of excludeFields) {\n        if (key === field) {\n          return true;\n        }\n      }\n      return false;\n    };\n    copyObj1 = omitBy(obj1, excludeFieldsPredicate);\n    copyObj2 = omitBy(obj2, excludeFieldsPredicate);\n  }\n\n  const sortedObj1 = sortBy(toPairs(copyObj1 || obj1), ([key]) => key);\n  const sortedObj2 = sortBy(toPairs(copyObj2 || obj2), ([key]) => key);\n\n  return isEqual(sortedObj1, sortedObj2);\n}\n\nexport function isPermissionAction(action: string): action is PermissionAction {\n  return ['create', 'read', 'update', 'delete', 'use'].includes(\n    action as PermissionAction,\n  );\n}\n\nexport async function buildRoleSourceMap(\n  policies: string[][],\n  roleMetadata: RoleMetadataStorage,\n): Promise<Map<string, Source | undefined>> {\n  return await policies.reduce(\n    async (\n      acc: Promise<Map<string, Source | undefined>>,\n      policy: string[],\n    ): Promise<Map<string, Source | undefined>> => {\n      const roleEntityRef = policy[0];\n      const acummulator = await acc;\n      if (!acummulator.has(roleEntityRef)) {\n        const metadata = await roleMetadata.findRoleMetadata(roleEntityRef);\n        acummulator.set(roleEntityRef, metadata?.source);\n      }\n      return acummulator;\n    },\n    Promise.resolve(new Map<string, Source | undefined>()),\n  );\n}\n\nexport function mergeRoleMetadata(\n  currentMetadata: RoleMetadataDao,\n  newMetadata: RoleMetadataDao,\n): RoleMetadataDao {\n  const mergedMetaData: RoleMetadataDao = { ...currentMetadata };\n  mergedMetaData.lastModified =\n    newMetadata.lastModified ?? new Date().toUTCString();\n  mergedMetaData.modifiedBy = newMetadata.modifiedBy;\n  mergedMetaData.description =\n    newMetadata.description ?? currentMetadata.description;\n  mergedMetaData.roleEntityRef = newMetadata.roleEntityRef;\n  mergedMetaData.source = newMetadata.source;\n  mergedMetaData.owner = newMetadata.owner ?? currentMetadata.owner;\n  return mergedMetaData;\n}\n\nexport async function processConditionMapping(\n  roleConditionPolicy: RoleConditionalPolicyDecision<PermissionAction>,\n  pluginPermMetaData: PluginPermissionMetadataCollector,\n  auth: AuthService,\n): Promise<RoleConditionalPolicyDecision<PermissionInfo>> {\n  const { token } = await auth.getPluginRequestToken({\n    onBehalfOf: await auth.getOwnServiceCredentials(),\n    targetPluginId: roleConditionPolicy.pluginId,\n  });\n\n  const rule: MetadataResponse | undefined =\n    await pluginPermMetaData.getMetadataByPluginId(\n      roleConditionPolicy.pluginId,\n      token,\n    );\n  if (!rule?.permissions) {\n    throw new Error(\n      `Unable to get permission list for plugin ${roleConditionPolicy.pluginId}`,\n    );\n  }\n\n  const permInfo: PermissionInfo[] = [];\n  for (const action of roleConditionPolicy.permissionMapping) {\n    const perm = rule.permissions.find(permission => {\n      if (permission.type === 'resource') {\n        const isCorrectResourceType =\n          permission.resourceType === roleConditionPolicy.resourceType;\n        const isCorrectAction = action === permission.attributes.action;\n        const undefinedAction =\n          action === 'use' && permission.attributes.action === undefined;\n\n        return isCorrectResourceType && (isCorrectAction || undefinedAction);\n      }\n      return false;\n    });\n\n    if (!perm) {\n      throw new Error(\n        `Unable to find permission to get permission name for resource type '${\n          roleConditionPolicy.resourceType\n        }' and action ${JSON.stringify(action)}`,\n      );\n    }\n    permInfo.push({ name: perm.name, action });\n  }\n\n  return {\n    ...roleConditionPolicy,\n    permissionMapping: permInfo,\n  };\n}\n\nexport function deepSort(value: any): any {\n  if (isArray(value)) {\n    return sortBy(value.map(deepSort));\n  } else if (isPlainObject(value)) {\n    return fromPairs(\n      sortBy(\n        toPairs(value).map(([k, v]: [string, any]) => [k, deepSort(v)]),\n        0,\n      ),\n    );\n  }\n  return value;\n}\n\nexport function deepSortEqual(obj1: any, obj2: any): boolean {\n  return isEqual(deepSort(obj1), deepSort(obj2));\n}\n\nexport const matches = (\n  role?: RoleMetadata,\n  filters?: RBACFilters,\n): boolean => {\n  if (!filters) {\n    return true;\n  }\n\n  if (!role) {\n    return false;\n  }\n\n  if ('allOf' in filters) {\n    return filters.allOf.every(filter => matches(role, filter));\n  }\n\n  if ('anyOf' in filters) {\n    return filters.anyOf.some(filter => matches(role, filter));\n  }\n\n  if ('not' in filters) {\n    return !matches(role, filters.not);\n  }\n\n  return filters.values.includes(role.owner);\n};\n"],"names":["auditor","difference","ActionType","RoleEvents","omitBy","sortBy","toPairs","isEqual","isArray","isPlainObject","fromPairs"],"mappings":";;;;;AA6CO,SAAS,eAAe,MAA0B,EAAA;AACvD,EAAA,OAAO,CAAI,CAAA,EAAA,MAAA,CAAO,IAAK,CAAA,IAAI,CAAC,CAAA,CAAA,CAAA;AAC9B;AAEgB,SAAA,mBAAA,CAAoB,QAAkB,IAAsB,EAAA;AAC1E,EAAA,OAAO,GAAG,IAAI,CAAA,EAAA,EAAK,MAAO,CAAA,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AACtC;AAEO,SAAS,iBAAiB,QAA8B,EAAA;AAC7D,EAAM,MAAA,cAAA,GAAiB,SACpB,GAAI,CAAA,CAAA,MAAA,KAAU,eAAe,MAAM,CAAC,CACpC,CAAA,IAAA,CAAK,GAAG,CAAA;AACX,EAAA,OAAO,IAAI,cAAc,CAAA,CAAA,CAAA;AAC3B;AAEgB,SAAA,qBAAA,CACd,UACA,IACQ,EAAA;AACR,EAAM,MAAA,cAAA,GAAiB,QACpB,CAAA,GAAA,CAAI,CAAU,MAAA,KAAA;AACb,IAAA,OAAO,OAAO,MAAW,KAAA,CAAA,GAAI,mBAAoB,CAAA,MAAA,EAAQ,IAAI,CAAI,GAAA,EAAA;AAAA,GAClE,CACA,CAAA,IAAA,CAAK,IAAI,CAAA;AACZ,EAAO,OAAA;AAAA,IAAA,EACH,cAAc;AAAA,EAAA,CAAA;AAEpB;AAEO,SAAS,uBAAuB,MAA0B,EAAA;AAC/D,EAAO,OAAA,MAAA,CAAO,OAAQ,CAAA,GAAA,EAAK,EAAE,CAAA,CAAE,QAAQ,GAAK,EAAA,EAAE,CAAE,CAAA,KAAA,CAAM,IAAI,CAAA;AAC5D;AAEA,eAAsB,oBACpB,aACA,EAAA,UAAA,EACA,QACA,aACA,EAAA,GAAA,EACAA,WACA,UACe,EAAA;AACf,EAAA,aAAA,CAAc,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA;AAC/C,EAAA,UAAA,CAAW,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA;AAC5C,EAAM,MAAA,OAAA,GAAUC,iBAAW,CAAA,aAAA,EAAe,UAAU,CAAA;AAEpD,EAAA,MAAM,gBAA4B,EAAC;AACnC,EAAA,KAAA,MAAW,eAAe,OAAS,EAAA;AACjC,IAAA,aAAA,CAAc,IAAK,CAAA,CAAC,WAAa,EAAA,aAAa,CAAC,CAAA;AAAA;AAGjD,EAAI,IAAA,aAAA,CAAc,WAAW,CAAG,EAAA;AAC9B,IAAA;AAAA;AAGF,EAAA,MAAM,YAAe,GAAA,EAAE,MAAQ,EAAA,UAAA,EAAY,aAAc,EAAA;AACzD,EAAA,MAAM,eAAkB,GAAA,MAAM,GAAI,CAAA,yBAAA,CAA0B,GAAG,aAAa,CAAA;AAC5E,EAAA,MAAM,aACJ,eAAgB,CAAA,MAAA,KAAW,QAAQ,MAC/B,GAAAC,kBAAA,CAAW,SACXA,kBAAW,CAAA,MAAA;AACjB,EAAA,MAAM,WAAc,GAAA;AAAA,IAClB,GAAG,YAAA;AAAA,IACH,SAAS,aAAc,CAAA,GAAA,CAAI,CAAM,EAAA,KAAA,EAAA,CAAG,CAAC,CAAC;AAAA,GACxC;AACA,EAAM,MAAA,YAAA,GAAe,MAAMF,SAAA,CAAQ,WAAY,CAAA;AAAA,IAC7C,SAASG,kBAAW,CAAA,UAAA;AAAA,IACpB,aAAe,EAAA,QAAA;AAAA,IACf,IAAM,EAAA,EAAE,UAAY,EAAA,MAAA,EAAQ,YAAY,MAAO;AAAA,GAChD,CAAA;AAED,EAAI,IAAA;AACF,IAAA,MAAM,GAAI,CAAA,sBAAA,CAAuB,aAAe,EAAA,YAAA,EAAc,KAAK,CAAA;AACnE,IAAA,MAAM,YAAa,CAAA,OAAA,CAAQ,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,WACzC,KAAO,EAAA;AACd,IAAA,MAAM,aAAa,IAAK,CAAA;AAAA,MACtB,KAAA;AAAA,MACA,IAAM,EAAA;AAAA,KACP,CAAA;AACD,IAAM,MAAA,KAAA;AAAA;AAEV;AAEO,SAAS,uBAAuB,WAAwC,EAAA;AAC7E,EAAA,MAAM,CAAC,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAM,CAAI,GAAA,WAAA;AACtD,EAAA,OAAO,EAAE,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAO,EAAA;AACvD;AAEO,SAAS,gCAAgC,WAAuB,EAAA;AACrE,EACE,IAAA,WAAA,CAAY,SAAS,CACrB,IAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,GAAG,CAC5B,KAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,MAAM,CAAK,IAAA,WAAA,CAAY,CAAC,CAAE,CAAA,UAAA,CAAW,OAAO,CACvE,CAAA,EAAA;AACA,IAAA,WAAA,CAAY,CAAC,CAAI,GAAA,WAAA,CAAY,CAAC,CAAA,CAAE,kBAAkB,OAAO,CAAA;AAAA;AAE7D;AAEO,SAAS,+BAA+B,KAAmB,EAAA;AAChE,EAAA,OAAO,KAAM,CAAA,GAAA;AAAA,IAAI,UACf,IAAK,CAAA,MAAA,IAAU,CACX,GAAA,CAAC,KAAK,CAAC,CAAA,CAAE,iBAAkB,CAAA,OAAO,GAAG,GAAG,IAAA,CAAK,KAAM,CAAA,CAAC,CAAC,CACrD,GAAA;AAAA,GACN;AACF;AAEgB,SAAA,eAAA,CACd,IACA,EAAA,IAAA,EACA,aACS,EAAA;AACT,EAAI,IAAA,QAAA;AACJ,EAAI,IAAA,QAAA;AACJ,EAAA,IAAI,aAAe,EAAA;AACjB,IAAM,MAAA,sBAAA,GAAgD,CAAC,MAAA,EAAQ,GAAQ,KAAA;AACrE,MAAA,KAAA,MAAW,SAAS,aAAe,EAAA;AACjC,QAAA,IAAI,QAAQ,KAAO,EAAA;AACjB,UAAO,OAAA,IAAA;AAAA;AACT;AAEF,MAAO,OAAA,KAAA;AAAA,KACT;AACA,IAAW,QAAA,GAAAC,aAAA,CAAO,MAAM,sBAAsB,CAAA;AAC9C,IAAW,QAAA,GAAAA,aAAA,CAAO,MAAM,sBAAsB,CAAA;AAAA;AAGhD,EAAM,MAAA,UAAA,GAAaC,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA;AACnE,EAAM,MAAA,UAAA,GAAaD,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA;AAEnE,EAAO,OAAAC,cAAA,CAAQ,YAAY,UAAU,CAAA;AACvC;AAEO,SAAS,mBAAmB,MAA4C,EAAA;AAC7E,EAAA,OAAO,CAAC,QAAU,EAAA,MAAA,EAAQ,QAAU,EAAA,QAAA,EAAU,KAAK,CAAE,CAAA,QAAA;AAAA,IACnD;AAAA,GACF;AACF;AAEsB,eAAA,kBAAA,CACpB,UACA,YAC0C,EAAA;AAC1C,EAAA,OAAO,MAAM,QAAS,CAAA,MAAA;AAAA,IACpB,OACE,KACA,MAC6C,KAAA;AAC7C,MAAM,MAAA,aAAA,GAAgB,OAAO,CAAC,CAAA;AAC9B,MAAA,MAAM,cAAc,MAAM,GAAA;AAC1B,MAAA,IAAI,CAAC,WAAA,CAAY,GAAI,CAAA,aAAa,CAAG,EAAA;AACnC,QAAA,MAAM,QAAW,GAAA,MAAM,YAAa,CAAA,gBAAA,CAAiB,aAAa,CAAA;AAClE,QAAY,WAAA,CAAA,GAAA,CAAI,aAAe,EAAA,QAAA,EAAU,MAAM,CAAA;AAAA;AAEjD,MAAO,OAAA,WAAA;AAAA,KACT;AAAA,IACA,OAAQ,CAAA,OAAA,iBAAY,IAAA,GAAA,EAAiC;AAAA,GACvD;AACF;AAEgB,SAAA,iBAAA,CACd,iBACA,WACiB,EAAA;AACjB,EAAM,MAAA,cAAA,GAAkC,EAAE,GAAG,eAAgB,EAAA;AAC7D,EAAA,cAAA,CAAe,eACb,WAAY,CAAA,YAAA,IAAA,iBAAoB,IAAA,IAAA,IAAO,WAAY,EAAA;AACrD,EAAA,cAAA,CAAe,aAAa,WAAY,CAAA,UAAA;AACxC,EAAe,cAAA,CAAA,WAAA,GACb,WAAY,CAAA,WAAA,IAAe,eAAgB,CAAA,WAAA;AAC7C,EAAA,cAAA,CAAe,gBAAgB,WAAY,CAAA,aAAA;AAC3C,EAAA,cAAA,CAAe,SAAS,WAAY,CAAA,MAAA;AACpC,EAAe,cAAA,CAAA,KAAA,GAAQ,WAAY,CAAA,KAAA,IAAS,eAAgB,CAAA,KAAA;AAC5D,EAAO,OAAA,cAAA;AACT;AAEsB,eAAA,uBAAA,CACpB,mBACA,EAAA,kBAAA,EACA,IACwD,EAAA;AACxD,EAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,IACjD,UAAA,EAAY,MAAM,IAAA,CAAK,wBAAyB,EAAA;AAAA,IAChD,gBAAgB,mBAAoB,CAAA;AAAA,GACrC,CAAA;AAED,EAAM,MAAA,IAAA,GACJ,MAAM,kBAAmB,CAAA,qBAAA;AAAA,IACvB,mBAAoB,CAAA,QAAA;AAAA,IACpB;AAAA,GACF;AACF,EAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yCAAA,EAA4C,oBAAoB,QAAQ,CAAA;AAAA,KAC1E;AAAA;AAGF,EAAA,MAAM,WAA6B,EAAC;AACpC,EAAW,KAAA,MAAA,MAAA,IAAU,oBAAoB,iBAAmB,EAAA;AAC1D,IAAA,MAAM,IAAO,GAAA,IAAA,CAAK,WAAY,CAAA,IAAA,CAAK,CAAc,UAAA,KAAA;AAC/C,MAAI,IAAA,UAAA,CAAW,SAAS,UAAY,EAAA;AAClC,QAAM,MAAA,qBAAA,GACJ,UAAW,CAAA,YAAA,KAAiB,mBAAoB,CAAA,YAAA;AAClD,QAAM,MAAA,eAAA,GAAkB,MAAW,KAAA,UAAA,CAAW,UAAW,CAAA,MAAA;AACzD,QAAA,MAAM,eACJ,GAAA,MAAA,KAAW,KAAS,IAAA,UAAA,CAAW,WAAW,MAAW,KAAA,SAAA;AAEvD,QAAA,OAAO,0BAA0B,eAAmB,IAAA,eAAA,CAAA;AAAA;AAEtD,MAAO,OAAA,KAAA;AAAA,KACR,CAAA;AAED,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,uEACE,mBAAoB,CAAA,YACtB,gBAAgB,IAAK,CAAA,SAAA,CAAU,MAAM,CAAC,CAAA;AAAA,OACxC;AAAA;AAEF,IAAA,QAAA,CAAS,KAAK,EAAE,IAAA,EAAM,IAAK,CAAA,IAAA,EAAM,QAAQ,CAAA;AAAA;AAG3C,EAAO,OAAA;AAAA,IACL,GAAG,mBAAA;AAAA,IACH,iBAAmB,EAAA;AAAA,GACrB;AACF;AAEO,SAAS,SAAS,KAAiB,EAAA;AACxC,EAAI,IAAAC,cAAA,CAAQ,KAAK,CAAG,EAAA;AAClB,IAAA,OAAOH,aAAO,CAAA,KAAA,CAAM,GAAI,CAAA,QAAQ,CAAC,CAAA;AAAA,GACnC,MAAA,IAAWI,oBAAc,CAAA,KAAK,CAAG,EAAA;AAC/B,IAAO,OAAAC,gBAAA;AAAA,MACLL,aAAA;AAAA,QACEC,cAAQ,CAAA,KAAK,CAAE,CAAA,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAqB,CAAC,CAAA,EAAG,QAAS,CAAA,CAAC,CAAC,CAAC,CAAA;AAAA,QAC9D;AAAA;AACF,KACF;AAAA;AAEF,EAAO,OAAA,KAAA;AACT;AAEgB,SAAA,aAAA,CAAc,MAAW,IAAoB,EAAA;AAC3D,EAAA,OAAOC,eAAQ,QAAS,CAAA,IAAI,CAAG,EAAA,QAAA,CAAS,IAAI,CAAC,CAAA;AAC/C;AAEa,MAAA,OAAA,GAAU,CACrB,IAAA,EACA,OACY,KAAA;AACZ,EAAA,IAAI,CAAC,OAAS,EAAA;AACZ,IAAO,OAAA,IAAA;AAAA;AAGT,EAAA,IAAI,CAAC,IAAM,EAAA;AACT,IAAO,OAAA,KAAA;AAAA;AAGT,EAAA,IAAI,WAAW,OAAS,EAAA;AACtB,IAAA,OAAO,QAAQ,KAAM,CAAA,KAAA,CAAM,YAAU,OAAQ,CAAA,IAAA,EAAM,MAAM,CAAC,CAAA;AAAA;AAG5D,EAAA,IAAI,WAAW,OAAS,EAAA;AACtB,IAAA,OAAO,QAAQ,KAAM,CAAA,IAAA,CAAK,YAAU,OAAQ,CAAA,IAAA,EAAM,MAAM,CAAC,CAAA;AAAA;AAG3D,EAAA,IAAI,SAAS,OAAS,EAAA;AACpB,IAAA,OAAO,CAAC,OAAA,CAAQ,IAAM,EAAA,OAAA,CAAQ,GAAG,CAAA;AAAA;AAGnC,EAAA,OAAO,OAAQ,CAAA,MAAA,CAAO,QAAS,CAAA,IAAA,CAAK,KAAK,CAAA;AAC3C;;;;;;;;;;;;;;;;;;;;"}

package/dist/service/plugin-endpoints.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"plugin-endpoints.cjs.js","sources":["../../src/service/plugin-endpoints.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  FetchUrlReader,\n  ReaderFactory,\n  UrlReaders,\n} from '@backstage/backend-defaults/urlReader';\nimport type {\n  AuthService,\n  DiscoveryService,\n  LoggerService,\n  UrlReaderService,\n} from '@backstage/backend-plugin-api';\nimport type { Config } from '@backstage/config';\nimport { isError } from '@backstage/errors';\nimport {\n  isResourcePermission,\n  Permission,\n} from '@backstage/plugin-permission-common';\nimport type {\n  MetadataResponse,\n  MetadataResponseSerializedRule,\n} from '@backstage/plugin-permission-node';\n\nimport {\n  policyEntityPermissions,\n  type PluginPermissionMetaData,\n  type PolicyDetails,\n} from '@backstage-community/plugin-rbac-common';\nimport { rbacRules } from '../permissions';\nimport { ExtendablePluginIdProvider } from './extendable-id-provider';\n\ntype PluginMetadataResponse = {\n  pluginId: string;\n  metaDataResponse: MetadataResponse;\n};\n\nexport type PluginMetadataResponseSerializedRule = {\n  pluginId: string;\n  rules: MetadataResponseSerializedRule[];\n};\n\nconst rbacPermissionMetadata: MetadataResponse = {\n  permissions: policyEntityPermissions,\n  rules: [rbacRules],\n};\n\nexport class PluginPermissionMetadataCollector {\n  private readonly pluginIdProvider: ExtendablePluginIdProvider;\n  private readonly discovery: DiscoveryService;\n  private readonly logger: LoggerService;\n  private readonly urlReader: UrlReaderService;\n\n  constructor({\n    deps,\n    optional,\n  }: {\n    deps: {\n      discovery: DiscoveryService;\n      pluginIdProvider: ExtendablePluginIdProvider;\n      logger: LoggerService;\n      config: Config;\n    };\n    optional?: {\n      urlReader?: UrlReaderService;\n    };\n  }) {\n    const { discovery, logger, config, pluginIdProvider } = deps;\n    this.discovery = discovery;\n    this.pluginIdProvider = pluginIdProvider;\n    this.logger = logger;\n    this.urlReader =\n      optional?.urlReader ??\n      UrlReaders.default({\n        config,\n        logger,\n        factories: [PluginPermissionMetadataCollector.permissionFactory],\n      });\n  }\n\n  async getPluginConditionRules(\n    auth: AuthService,\n  ): Promise<PluginMetadataResponseSerializedRule[]> {\n    const pluginMetadata = await this.getPluginMetaData(auth);\n\n    return pluginMetadata\n      .filter(metadata => metadata.metaDataResponse.rules.length > 0)\n      .map(metadata => {\n        return {\n          pluginId: metadata.pluginId,\n          rules: metadata.metaDataResponse.rules,\n        };\n      });\n  }\n\n  async getPluginPolicies(\n    auth: AuthService,\n  ): Promise<PluginPermissionMetaData[]> {\n    const pluginMetadata = await this.getPluginMetaData(auth);\n\n    return pluginMetadata\n      .filter(metadata => metadata.metaDataResponse.permissions !== undefined)\n      .map(metadata => {\n        return {\n          pluginId: metadata.pluginId,\n          policies: permissionsToCasbinPolicies(\n            metadata.metaDataResponse.permissions!,\n          ),\n        };\n      });\n  }\n\n  private static permissionFactory: ReaderFactory = () => {\n    return [{ reader: new FetchUrlReader(), predicate: (_url: URL) => true }];\n  };\n\n  private async getPluginMetaData(\n    auth: AuthService,\n  ): Promise<PluginMetadataResponse[]> {\n    let pluginResponses: PluginMetadataResponse[] = [];\n\n    const pluginIds = await this.pluginIdProvider.getPluginIds();\n    for (const pluginId of pluginIds) {\n      try {\n        const { token } = await auth.getPluginRequestToken({\n          onBehalfOf: await auth.getOwnServiceCredentials(),\n          targetPluginId: pluginId,\n        });\n\n        const permMetaData = await this.getMetadataByPluginId(pluginId, token);\n        if (permMetaData) {\n          pluginResponses = [\n            ...pluginResponses,\n            {\n              metaDataResponse: permMetaData,\n              pluginId,\n            },\n          ];\n        }\n      } catch (error) {\n        this.logger.error(\n          `Failed to retrieve permission metadata for ${pluginId}. ${error}`,\n        );\n      }\n    }\n\n    return pluginResponses;\n  }\n\n  async getMetadataByPluginId(\n    pluginId: string,\n    token: string | undefined,\n  ): Promise<MetadataResponse | undefined> {\n    let permMetaData: MetadataResponse | undefined;\n\n    // Work around: This is needed for start up whenever a conditional policy for the plugin permission in the yaml file\n    // will make a check to the well known endpoint\n    // However, our plugin has not completely started and as such will throw a 503 error\n    // TODO: see if we are able to remove this after we migrate to the permission registry\n    if (pluginId === 'permission') {\n      return rbacPermissionMetadata;\n    }\n\n    try {\n      const baseEndpoint = await this.discovery.getBaseUrl(pluginId);\n      const wellKnownURL = `${baseEndpoint}/.well-known/backstage/permissions/metadata`;\n\n      const permResp = await this.urlReader.readUrl(wellKnownURL, { token });\n      const permMetaDataRaw = (await permResp.buffer()).toString();\n\n      try {\n        permMetaData = JSON.parse(permMetaDataRaw);\n      } catch (err) {\n        // workaround for https://issues.redhat.com/browse/RHIDP-1456\n        return undefined;\n      }\n    } catch (err) {\n      if (isError(err) && err.name === 'NotFoundError') {\n        this.logger.warn(\n          `No permission metadata found for ${pluginId}. ${err}`,\n        );\n        return undefined;\n      }\n      this.logger.error(\n        `Failed to retrieve permission metadata for ${pluginId}. ${err}`,\n      );\n    }\n    return permMetaData;\n  }\n}\n\nfunction permissionsToCasbinPolicies(\n  permissions: Permission[],\n): PolicyDetails[] {\n  const policies: PolicyDetails[] = [];\n  for (const permission of permissions) {\n    if (isResourcePermission(permission)) {\n      policies.push({\n        resourceType: permission.resourceType,\n        name: permission.name,\n        policy: permission.attributes.action || 'use',\n      });\n    } else {\n      policies.push({\n        name: permission.name,\n        policy: permission.attributes.action || 'use',\n      });\n    }\n  }\n\n  return policies;\n}\n"],"names":["policyEntityPermissions","rbacRules","UrlReaders","FetchUrlReader","isError","isResourcePermission"],"mappings":";;;;;;;;;AAuDA,MAAM,sBAA2C,GAAA;AAAA,EAC/C,WAAa,EAAAA,wCAAA;AAAA,EACb,KAAA,EAAO,CAACC,eAAS;AACnB,CAAA;AAEO,MAAM,iCAAkC,CAAA;AAAA,EAC5B,gBAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EAEjB,WAAY,CAAA;AAAA,IACV,IAAA;AAAA,IACA;AAAA,GAWC,EAAA;AACD,IAAA,MAAM,EAAE,SAAA,EAAW,MAAQ,EAAA,MAAA,EAAQ,kBAAqB,GAAA,IAAA;AACxD,IAAA,IAAA,CAAK,SAAY,GAAA,SAAA;AACjB,IAAA,IAAA,CAAK,gBAAmB,GAAA,gBAAA;AACxB,IAAA,IAAA,CAAK,MAAS,GAAA,MAAA;AACd,IAAA,IAAA,CAAK,SACH,GAAA,QAAA,EAAU,SACV,IAAAC,oBAAA,CAAW,OAAQ,CAAA;AAAA,MACjB,MAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA,EAAW,CAAC,iCAAA,CAAkC,iBAAiB;AAAA,KAChE,CAAA;AAAA;AACL,EAEA,MAAM,wBACJ,IACiD,EAAA;AACjD,IAAA,MAAM,cAAiB,GAAA,MAAM,IAAK,CAAA,iBAAA,CAAkB,IAAI,CAAA;AAExD,IAAO,OAAA,cAAA,CACJ,MAAO,CAAA,CAAA,QAAA,KAAY,QAAS,CAAA,gBAAA,CAAiB,MAAM,MAAS,GAAA,CAAC,CAC7D,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AACf,MAAO,OAAA;AAAA,QACL,UAAU,QAAS,CAAA,QAAA;AAAA,QACnB,KAAA,EAAO,SAAS,gBAAiB,CAAA;AAAA,OACnC;AAAA,KACD,CAAA;AAAA;AACL,EAEA,MAAM,kBACJ,IACqC,EAAA;AACrC,IAAA,MAAM,cAAiB,GAAA,MAAM,IAAK,CAAA,iBAAA,CAAkB,IAAI,CAAA;AAExD,IAAO,OAAA,cAAA,CACJ,OAAO,CAAY,QAAA,KAAA,QAAA,CAAS,iBAAiB,WAAgB,KAAA,SAAS,CACtE,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AACf,MAAO,OAAA;AAAA,QACL,UAAU,QAAS,CAAA,QAAA;AAAA,QACnB,QAAU,EAAA,2BAAA;AAAA,UACR,SAAS,gBAAiB,CAAA;AAAA;AAC5B,OACF;AAAA,KACD,CAAA;AAAA;AACL,EAEA,OAAe,oBAAmC,MAAM;AACtD,IAAO,OAAA,CAAC,EAAE,MAAA,EAAQ,IAAIC,wBAAA,IAAkB,SAAW,EAAA,CAAC,IAAc,KAAA,IAAA,EAAM,CAAA;AAAA,GAC1E;AAAA,EAEA,MAAc,kBACZ,IACmC,EAAA;AACnC,IAAA,IAAI,kBAA4C,EAAC;AAEjD,IAAA,MAAM,SAAY,GAAA,MAAM,IAAK,CAAA,gBAAA,CAAiB,YAAa,EAAA;AAC3D,IAAA,KAAA,MAAW,YAAY,SAAW,EAAA;AAChC,MAAI,IAAA;AACF,QAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,UACjD,UAAA,EAAY,MAAM,IAAA,CAAK,wBAAyB,EAAA;AAAA,UAChD,cAAgB,EAAA;AAAA,SACjB,CAAA;AAED,QAAA,MAAM,YAAe,GAAA,MAAM,IAAK,CAAA,qBAAA,CAAsB,UAAU,KAAK,CAAA;AACrE,QAAA,IAAI,YAAc,EAAA;AAChB,UAAkB,eAAA,GAAA;AAAA,YAChB,GAAG,eAAA;AAAA,YACH;AAAA,cACE,gBAAkB,EAAA,YAAA;AAAA,cAClB;AAAA;AACF,WACF;AAAA;AACF,eACO,KAAO,EAAA;AACd,QAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,UACV,CAAA,2CAAA,EAA8C,QAAQ,CAAA,EAAA,EAAK,KAAK,CAAA;AAAA,SAClE;AAAA;AACF;AAGF,IAAO,OAAA,eAAA;AAAA;AACT,EAEA,MAAM,qBACJ,CAAA,QAAA,EACA,KACuC,EAAA;AACvC,IAAI,IAAA,YAAA;AAMJ,IAAA,IAAI,aAAa,YAAc,EAAA;AAC7B,MAAO,OAAA,sBAAA;AAAA;AAGT,IAAI,IAAA;AACF,MAAA,MAAM,YAAe,GAAA,MAAM,IAAK,CAAA,SAAA,CAAU,WAAW,QAAQ,CAAA;AAC7D,MAAM,MAAA,YAAA,GAAe,GAAG,YAAY,CAAA,2CAAA,CAAA;AAEpC,MAAM,MAAA,QAAA,GAAW,MAAM,IAAK,CAAA,SAAA,CAAU,QAAQ,YAAc,EAAA,EAAE,OAAO,CAAA;AACrE,MAAA,MAAM,eAAmB,GAAA,CAAA,MAAM,QAAS,CAAA,MAAA,IAAU,QAAS,EAAA;AAE3D,MAAI,IAAA;AACF,QAAe,YAAA,GAAA,IAAA,CAAK,MAAM,eAAe,CAAA;AAAA,eAClC,GAAK,EAAA;AAEZ,QAAO,OAAA,KAAA,CAAA;AAAA;AACT,aACO,GAAK,EAAA;AACZ,MAAA,IAAIC,cAAQ,CAAA,GAAG,CAAK,IAAA,GAAA,CAAI,SAAS,eAAiB,EAAA;AAChD,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,CAAA,iCAAA,EAAoC,QAAQ,CAAA,EAAA,EAAK,GAAG,CAAA;AAAA,SACtD;AACA,QAAO,OAAA,SAAA;AAAA;AAET,MAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,QACV,CAAA,2CAAA,EAA8C,QAAQ,CAAA,EAAA,EAAK,GAAG,CAAA;AAAA,OAChE;AAAA;AAEF,IAAO,OAAA,YAAA;AAAA;AAEX;AAEA,SAAS,4BACP,WACiB,EAAA;AACjB,EAAA,MAAM,WAA4B,EAAC;AACnC,EAAA,KAAA,MAAW,cAAc,WAAa,EAAA;AACpC,IAAI,IAAAC,2CAAA,CAAqB,UAAU,CAAG,EAAA;AACpC,MAAA,QAAA,CAAS,IAAK,CAAA;AAAA,QACZ,cAAc,UAAW,CAAA,YAAA;AAAA,QACzB,MAAM,UAAW,CAAA,IAAA;AAAA,QACjB,MAAA,EAAQ,UAAW,CAAA,UAAA,CAAW,MAAU,IAAA;AAAA,OACzC,CAAA;AAAA,KACI,MAAA;AACL,MAAA,QAAA,CAAS,IAAK,CAAA;AAAA,QACZ,MAAM,UAAW,CAAA,IAAA;AAAA,QACjB,MAAA,EAAQ,UAAW,CAAA,UAAA,CAAW,MAAU,IAAA;AAAA,OACzC,CAAA;AAAA;AACH;AAGF,EAAO,OAAA,QAAA;AACT;;;;"}
+{"version":3,"file":"plugin-endpoints.cjs.js","sources":["../../src/service/plugin-endpoints.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  FetchUrlReader,\n  ReaderFactory,\n  UrlReaders,\n} from '@backstage/backend-defaults/urlReader';\nimport type {\n  AuthService,\n  DiscoveryService,\n  LoggerService,\n  UrlReaderService,\n} from '@backstage/backend-plugin-api';\nimport type { Config } from '@backstage/config';\nimport { isError } from '@backstage/errors';\nimport {\n  isResourcePermission,\n  Permission,\n  type MetadataResponse,\n  type MetadataResponseSerializedRule,\n} from '@backstage/plugin-permission-common';\n\nimport {\n  policyEntityPermissions,\n  type PluginPermissionMetaData,\n  type PolicyDetails,\n} from '@backstage-community/plugin-rbac-common';\nimport { rbacRules } from '../permissions';\nimport { ExtendablePluginIdProvider } from './extendable-id-provider';\n\ntype PluginMetadataResponse = {\n  pluginId: string;\n  metaDataResponse: MetadataResponse;\n};\n\nexport type PluginMetadataResponseSerializedRule = {\n  pluginId: string;\n  rules: MetadataResponseSerializedRule[];\n};\n\nconst rbacPermissionMetadata: MetadataResponse = {\n  permissions: policyEntityPermissions,\n  rules: [rbacRules],\n};\n\nexport class PluginPermissionMetadataCollector {\n  private readonly pluginIdProvider: ExtendablePluginIdProvider;\n  private readonly discovery: DiscoveryService;\n  private readonly logger: LoggerService;\n  private readonly urlReader: UrlReaderService;\n\n  constructor({\n    deps,\n    optional,\n  }: {\n    deps: {\n      discovery: DiscoveryService;\n      pluginIdProvider: ExtendablePluginIdProvider;\n      logger: LoggerService;\n      config: Config;\n    };\n    optional?: {\n      urlReader?: UrlReaderService;\n    };\n  }) {\n    const { discovery, logger, config, pluginIdProvider } = deps;\n    this.discovery = discovery;\n    this.pluginIdProvider = pluginIdProvider;\n    this.logger = logger;\n    this.urlReader =\n      optional?.urlReader ??\n      UrlReaders.default({\n        config,\n        logger,\n        factories: [PluginPermissionMetadataCollector.permissionFactory],\n      });\n  }\n\n  async getPluginConditionRules(\n    auth: AuthService,\n  ): Promise<PluginMetadataResponseSerializedRule[]> {\n    const pluginMetadata = await this.getPluginMetaData(auth);\n\n    return pluginMetadata\n      .filter(metadata => metadata.metaDataResponse.rules.length > 0)\n      .map(metadata => {\n        return {\n          pluginId: metadata.pluginId,\n          rules: metadata.metaDataResponse.rules,\n        };\n      });\n  }\n\n  async getPluginPolicies(\n    auth: AuthService,\n  ): Promise<PluginPermissionMetaData[]> {\n    const pluginMetadata = await this.getPluginMetaData(auth);\n\n    return pluginMetadata\n      .filter(metadata => metadata.metaDataResponse.permissions !== undefined)\n      .map(metadata => {\n        return {\n          pluginId: metadata.pluginId,\n          policies: permissionsToCasbinPolicies(\n            metadata.metaDataResponse.permissions!,\n          ),\n        };\n      });\n  }\n\n  private static permissionFactory: ReaderFactory = () => {\n    return [{ reader: new FetchUrlReader(), predicate: (_url: URL) => true }];\n  };\n\n  private async getPluginMetaData(\n    auth: AuthService,\n  ): Promise<PluginMetadataResponse[]> {\n    let pluginResponses: PluginMetadataResponse[] = [];\n\n    const pluginIds = await this.pluginIdProvider.getPluginIds();\n    for (const pluginId of pluginIds) {\n      try {\n        const { token } = await auth.getPluginRequestToken({\n          onBehalfOf: await auth.getOwnServiceCredentials(),\n          targetPluginId: pluginId,\n        });\n\n        const permMetaData = await this.getMetadataByPluginId(pluginId, token);\n        if (permMetaData) {\n          pluginResponses = [\n            ...pluginResponses,\n            {\n              metaDataResponse: permMetaData,\n              pluginId,\n            },\n          ];\n        }\n      } catch (error) {\n        this.logger.error(\n          `Failed to retrieve permission metadata for ${pluginId}. ${error}`,\n        );\n      }\n    }\n\n    return pluginResponses;\n  }\n\n  async getMetadataByPluginId(\n    pluginId: string,\n    token: string | undefined,\n  ): Promise<MetadataResponse | undefined> {\n    let permMetaData: MetadataResponse | undefined;\n\n    // Work around: This is needed for start up whenever a conditional policy for the plugin permission in the yaml file\n    // will make a check to the well known endpoint\n    // However, our plugin has not completely started and as such will throw a 503 error\n    // TODO: see if we are able to remove this after we migrate to the permission registry\n    if (pluginId === 'permission') {\n      return rbacPermissionMetadata;\n    }\n\n    try {\n      const baseEndpoint = await this.discovery.getBaseUrl(pluginId);\n      const wellKnownURL = `${baseEndpoint}/.well-known/backstage/permissions/metadata`;\n\n      const permResp = await this.urlReader.readUrl(wellKnownURL, { token });\n      const permMetaDataRaw = (await permResp.buffer()).toString();\n\n      try {\n        permMetaData = JSON.parse(permMetaDataRaw);\n      } catch (err) {\n        // workaround for https://issues.redhat.com/browse/RHIDP-1456\n        return undefined;\n      }\n    } catch (err) {\n      if (isError(err) && err.name === 'NotFoundError') {\n        this.logger.warn(\n          `No permission metadata found for ${pluginId}. ${err}`,\n        );\n        return undefined;\n      }\n      this.logger.error(\n        `Failed to retrieve permission metadata for ${pluginId}. ${err}`,\n      );\n    }\n    return permMetaData;\n  }\n}\n\nfunction permissionsToCasbinPolicies(\n  permissions: Permission[],\n): PolicyDetails[] {\n  const policies: PolicyDetails[] = [];\n  for (const permission of permissions) {\n    if (isResourcePermission(permission)) {\n      policies.push({\n        resourceType: permission.resourceType,\n        name: permission.name,\n        policy: permission.attributes.action || 'use',\n      });\n    } else {\n      policies.push({\n        name: permission.name,\n        policy: permission.attributes.action || 'use',\n      });\n    }\n  }\n\n  return policies;\n}\n"],"names":["policyEntityPermissions","rbacRules","UrlReaders","FetchUrlReader","isError","isResourcePermission"],"mappings":";;;;;;;;;AAqDA,MAAM,sBAA2C,GAAA;AAAA,EAC/C,WAAa,EAAAA,wCAAA;AAAA,EACb,KAAA,EAAO,CAACC,eAAS;AACnB,CAAA;AAEO,MAAM,iCAAkC,CAAA;AAAA,EAC5B,gBAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EAEjB,WAAY,CAAA;AAAA,IACV,IAAA;AAAA,IACA;AAAA,GAWC,EAAA;AACD,IAAA,MAAM,EAAE,SAAA,EAAW,MAAQ,EAAA,MAAA,EAAQ,kBAAqB,GAAA,IAAA;AACxD,IAAA,IAAA,CAAK,SAAY,GAAA,SAAA;AACjB,IAAA,IAAA,CAAK,gBAAmB,GAAA,gBAAA;AACxB,IAAA,IAAA,CAAK,MAAS,GAAA,MAAA;AACd,IAAA,IAAA,CAAK,SACH,GAAA,QAAA,EAAU,SACV,IAAAC,oBAAA,CAAW,OAAQ,CAAA;AAAA,MACjB,MAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA,EAAW,CAAC,iCAAA,CAAkC,iBAAiB;AAAA,KAChE,CAAA;AAAA;AACL,EAEA,MAAM,wBACJ,IACiD,EAAA;AACjD,IAAA,MAAM,cAAiB,GAAA,MAAM,IAAK,CAAA,iBAAA,CAAkB,IAAI,CAAA;AAExD,IAAO,OAAA,cAAA,CACJ,MAAO,CAAA,CAAA,QAAA,KAAY,QAAS,CAAA,gBAAA,CAAiB,MAAM,MAAS,GAAA,CAAC,CAC7D,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AACf,MAAO,OAAA;AAAA,QACL,UAAU,QAAS,CAAA,QAAA;AAAA,QACnB,KAAA,EAAO,SAAS,gBAAiB,CAAA;AAAA,OACnC;AAAA,KACD,CAAA;AAAA;AACL,EAEA,MAAM,kBACJ,IACqC,EAAA;AACrC,IAAA,MAAM,cAAiB,GAAA,MAAM,IAAK,CAAA,iBAAA,CAAkB,IAAI,CAAA;AAExD,IAAO,OAAA,cAAA,CACJ,OAAO,CAAY,QAAA,KAAA,QAAA,CAAS,iBAAiB,WAAgB,KAAA,SAAS,CACtE,CAAA,GAAA,CAAI,CAAY,QAAA,KAAA;AACf,MAAO,OAAA;AAAA,QACL,UAAU,QAAS,CAAA,QAAA;AAAA,QACnB,QAAU,EAAA,2BAAA;AAAA,UACR,SAAS,gBAAiB,CAAA;AAAA;AAC5B,OACF;AAAA,KACD,CAAA;AAAA;AACL,EAEA,OAAe,oBAAmC,MAAM;AACtD,IAAO,OAAA,CAAC,EAAE,MAAA,EAAQ,IAAIC,wBAAA,IAAkB,SAAW,EAAA,CAAC,IAAc,KAAA,IAAA,EAAM,CAAA;AAAA,GAC1E;AAAA,EAEA,MAAc,kBACZ,IACmC,EAAA;AACnC,IAAA,IAAI,kBAA4C,EAAC;AAEjD,IAAA,MAAM,SAAY,GAAA,MAAM,IAAK,CAAA,gBAAA,CAAiB,YAAa,EAAA;AAC3D,IAAA,KAAA,MAAW,YAAY,SAAW,EAAA;AAChC,MAAI,IAAA;AACF,QAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,UACjD,UAAA,EAAY,MAAM,IAAA,CAAK,wBAAyB,EAAA;AAAA,UAChD,cAAgB,EAAA;AAAA,SACjB,CAAA;AAED,QAAA,MAAM,YAAe,GAAA,MAAM,IAAK,CAAA,qBAAA,CAAsB,UAAU,KAAK,CAAA;AACrE,QAAA,IAAI,YAAc,EAAA;AAChB,UAAkB,eAAA,GAAA;AAAA,YAChB,GAAG,eAAA;AAAA,YACH;AAAA,cACE,gBAAkB,EAAA,YAAA;AAAA,cAClB;AAAA;AACF,WACF;AAAA;AACF,eACO,KAAO,EAAA;AACd,QAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,UACV,CAAA,2CAAA,EAA8C,QAAQ,CAAA,EAAA,EAAK,KAAK,CAAA;AAAA,SAClE;AAAA;AACF;AAGF,IAAO,OAAA,eAAA;AAAA;AACT,EAEA,MAAM,qBACJ,CAAA,QAAA,EACA,KACuC,EAAA;AACvC,IAAI,IAAA,YAAA;AAMJ,IAAA,IAAI,aAAa,YAAc,EAAA;AAC7B,MAAO,OAAA,sBAAA;AAAA;AAGT,IAAI,IAAA;AACF,MAAA,MAAM,YAAe,GAAA,MAAM,IAAK,CAAA,SAAA,CAAU,WAAW,QAAQ,CAAA;AAC7D,MAAM,MAAA,YAAA,GAAe,GAAG,YAAY,CAAA,2CAAA,CAAA;AAEpC,MAAM,MAAA,QAAA,GAAW,MAAM,IAAK,CAAA,SAAA,CAAU,QAAQ,YAAc,EAAA,EAAE,OAAO,CAAA;AACrE,MAAA,MAAM,eAAmB,GAAA,CAAA,MAAM,QAAS,CAAA,MAAA,IAAU,QAAS,EAAA;AAE3D,MAAI,IAAA;AACF,QAAe,YAAA,GAAA,IAAA,CAAK,MAAM,eAAe,CAAA;AAAA,eAClC,GAAK,EAAA;AAEZ,QAAO,OAAA,KAAA,CAAA;AAAA;AACT,aACO,GAAK,EAAA;AACZ,MAAA,IAAIC,cAAQ,CAAA,GAAG,CAAK,IAAA,GAAA,CAAI,SAAS,eAAiB,EAAA;AAChD,QAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,UACV,CAAA,iCAAA,EAAoC,QAAQ,CAAA,EAAA,EAAK,GAAG,CAAA;AAAA,SACtD;AACA,QAAO,OAAA,SAAA;AAAA;AAET,MAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,QACV,CAAA,2CAAA,EAA8C,QAAQ,CAAA,EAAA,EAAK,GAAG,CAAA;AAAA,OAChE;AAAA;AAEF,IAAO,OAAA,YAAA;AAAA;AAEX;AAEA,SAAS,4BACP,WACiB,EAAA;AACjB,EAAA,MAAM,WAA4B,EAAC;AACnC,EAAA,KAAA,MAAW,cAAc,WAAa,EAAA;AACpC,IAAI,IAAAC,2CAAA,CAAqB,UAAU,CAAG,EAAA;AACpC,MAAA,QAAA,CAAS,IAAK,CAAA;AAAA,QACZ,cAAc,UAAW,CAAA,YAAA;AAAA,QACzB,MAAM,UAAW,CAAA,IAAA;AAAA,QACjB,MAAA,EAAQ,UAAW,CAAA,UAAA,CAAW,MAAU,IAAA;AAAA,OACzC,CAAA;AAAA,KACI,MAAA;AACL,MAAA,QAAA,CAAS,IAAK,CAAA;AAAA,QACZ,MAAM,UAAW,CAAA,IAAA;AAAA,QACjB,MAAA,EAAQ,UAAW,CAAA,UAAA,CAAW,MAAU,IAAA;AAAA,OACzC,CAAA;AAAA;AACH;AAGF,EAAO,OAAA,QAAA;AACT;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage-community/plugin-rbac-backend",
-  "version": "7.4.2",
+  "version": "7.5.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -36,17 +36,17 @@
     "postpack": "backstage-cli package postpack"
   },
   "dependencies": {
-    "@backstage-community/plugin-rbac-common": "^1.20.0",
-    "@backstage-community/plugin-rbac-node": "^1.14.0",
-    "@backstage/backend-defaults": "^0.12.0",
-    "@backstage/backend-plugin-api": "^1.4.2",
-    "@backstage/catalog-client": "^1.11.0",
+    "@backstage-community/plugin-rbac-common": "^1.21.0",
+    "@backstage-community/plugin-rbac-node": "^1.15.0",
+    "@backstage/backend-defaults": "^0.13.0",
+    "@backstage/backend-plugin-api": "^1.4.4",
+    "@backstage/catalog-client": "^1.12.0",
     "@backstage/catalog-model": "^1.7.5",
     "@backstage/errors": "^1.2.7",
-    "@backstage/plugin-auth-node": "^0.6.6",
-    "@backstage/plugin-permission-backend": "^0.7.3",
-    "@backstage/plugin-permission-common": "^0.9.1",
-    "@backstage/plugin-permission-node": "^0.10.3",
+    "@backstage/plugin-auth-node": "^0.6.8",
+    "@backstage/plugin-permission-backend": "^0.7.5",
+    "@backstage/plugin-permission-common": "^0.9.2",
+    "@backstage/plugin-permission-node": "^0.10.5",
     "@dagrejs/graphlib": "^2.1.13",
     "casbin": "^5.27.1",
     "chokidar": "^3.6.0",
@@ -61,12 +61,12 @@
     "zod-to-json-schema": "^3.24.5"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "^1.8.0",
-    "@backstage/cli": "^0.34.1",
-    "@backstage/config": "^1.3.3",
-    "@backstage/core-plugin-api": "^1.10.9",
-    "@backstage/plugin-catalog-node": "^1.18.0",
-    "@backstage/types": "^1.2.1",
+    "@backstage/backend-test-utils": "^1.9.1",
+    "@backstage/cli": "^0.34.4",
+    "@backstage/config": "^1.3.5",
+    "@backstage/core-plugin-api": "^1.11.1",
+    "@backstage/plugin-catalog-node": "^1.19.1",
+    "@backstage/types": "^1.2.2",
     "@types/express": "4.17.23",
     "@types/js-yaml": "^4.0.9",
     "@types/knex": "^0.16.1",