@backstage-community/plugin-vault 0.1.30

package/README.md

@@ -0,0 +1,112 @@
+# @backstage-community/plugin-vault
+
+A frontend for [Vault](https://www.vaultproject.io/), this plugin allows you to display a list of secrets in a certain path inside your vault instance. There are also some useful links to edit and/or view them using the official UI.
+
+![Screenshot of the vault plugin table](images/vault-table.png)
+
+## Introduction
+
+Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, or certificates. Vault provides encryption services that are gated by authentication and authorization methods.
+
+This plugins allows you to view all the available secrets at a certain location, and redirect you to the official UI so backstage can rely on LIST permissions, which is safer.
+
+## Getting started
+
+To get started, first you need a running instance of Vault. You can follow [this tutorial](https://learn.hashicorp.com/tutorials/vault/getting-started-intro?in=vault/getting-started) to install vault and start your server locally.
+
+1. When your Vault instance is up and running, then you will need to install the plugin into your app:
+
+   ```bash
+     # From your Backstage root directory
+     yarn --cwd packages/app add @backstage-community/plugin-vault
+   ```
+
+2. Add the Vault card to the overview tab on the EntityPage:
+
+   ```typescript
+     // In packages/app/src/components/catalog/EntityPage.tsx
+     import { EntityVaultCard } from '@backstage-community/plugin-vault';
+
+     const overviewContent = (
+       <Grid container spacing={3} alignItems="stretch">
+         {/* ...other content */}
+         <Grid item md={6} xs={12}>
+           <EntityVaultCard />
+         </Grid>
+     );
+   ```
+
+3. Add some extra configurations in your [`app-config.yaml`](https://github.com/backstage/backstage/blob/master/app-config.yaml).
+
+   ```yaml
+   vault:
+     baseUrl: http://your-vault-url
+     token: <VAULT_TOKEN>
+     secretEngine: 'customSecretEngine' # Optional. By default it uses 'secrets'. Can be overwritten by the annotation of the entity
+     kvVersion: <kv-version> # Optional. The K/V version that your instance is using. The available options are '1' or '2'
+   ```
+
+4. Get a `VAULT_TOKEN` with **LIST** permissions, as it's enough for the plugin. You can check [this tutorial](https://learn.hashicorp.com/tutorials/vault/tokens) for more info.
+
+5. If you also want to use the `renew` functionality, you need to attach the following block to your custom policy, so that Backstage can perform a token-renew:
+   ```
+     # Allow tokens to renew themselves
+     path "auth/token/renew-self" {
+       capabilities = ["update"]
+     }
+   ```
+
+## Integration with the Catalog
+
+The plugin can be integrated into each Component in the catalog. To allow listing the available secrets a new annotation must be added to the `catalog-info.yaml`:
+
+```yaml
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  # ...
+  annotations:
+    vault.io/secrets-path: path/to/secrets
+    vault.io/secrets-engine: customSecretEngine # Optional. By default it uses the 'secretEngine' value from your app-config.
+```
+
+The path is relative to your secrets engine folder. So if you want to get the secrets for backstage and you have the following directory structure:
+
+    .
+    ├── ...
+    ├── secrets                 # Your secret engine name (usually it is `secrets`)
+    │   ├── test                # Folder with test secrets
+    │   │   ├── backstage       # In this folder there are secrets for Backstage
+    │   ├── other               # Other folder with more secrets inside
+    │   └── folder              # And another folder
+    └── ...
+
+You will set the `vault.io/secret-path` to `test/backstage`. If the folder `backstage` contains other sub-folders, the plugin will fetch the secrets inside them and adapt the **View** and **Edit** URLs to point to the correct place.
+
+If the annotation is missing for a certain component, then the card will show some information to the user:
+
+![Screenshot of the vault plugin with missing annotation](images/annotation-missing.png)
+
+In case you need to support different secret engines for entities of the catalog you can provide optional annotation to the entity in `catalog-info.yaml`:
+
+```diff
+ apiVersion: backstage.io/v1alpha1
+ kind: Component
+ metadata:
+   # ...
+   annotations:
+     vault.io/secrets-path: path/to/secrets
++    vault.io/secrets-engine: customSecretEngine # Optional. By default it uses 'secertEngine' value from configuration.
+```
+
+That will overwrite the default secret engine from the configuration.
+
+## Features
+
+- List the secrets present in a certain path
+- Use different secret engines for different components
+- Open a link to view the secret
+- Open a link to edit the secret
+- Renew the token automatically with a defined periodicity
+
+The secrets cannot be edited/viewed from within Backstage to make it more secure. Backstage will only have permissions to LIST data from Vault. And the user who wants to edit/view a certain secret needs the correct permissions to do so.

package/dist/esm/index-C3tCbIvC.esm.js

@@ -0,0 +1,90 @@
+import { createApiRef, createPlugin, createApiFactory, discoveryApiRef, fetchApiRef, createComponentExtension } from '@backstage/core-plugin-api';
+import { NotFoundError, ResponseError } from '@backstage/errors';
+
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+const vaultApiRef = createApiRef({
+  id: "plugin.vault.service"
+});
+class VaultClient {
+  constructor({
+    discoveryApi,
+    fetchApi
+  }) {
+    __publicField(this, "discoveryApi");
+    __publicField(this, "fetchApi");
+    this.discoveryApi = discoveryApi;
+    this.fetchApi = fetchApi;
+  }
+  async callApi(path, query) {
+    const apiUrl = `${await this.discoveryApi.getBaseUrl("vault")}`;
+    const response = await this.fetchApi.fetch(
+      `${apiUrl}/${path}?${new URLSearchParams(query).toString()}`,
+      {
+        headers: {
+          Accept: "application/json"
+        }
+      }
+    );
+    if (response.ok) {
+      return await response.json();
+    } else if (response.status === 404) {
+      throw new NotFoundError(`No secrets found in path '${path}'`);
+    }
+    throw await ResponseError.fromResponse(response);
+  }
+  async listSecrets(secretPath, options) {
+    const query = {};
+    const { secretEngine } = options || {};
+    if (secretEngine) {
+      query.engine = secretEngine;
+    }
+    const result = await this.callApi(
+      `v1/secrets/${encodeURIComponent(secretPath)}`,
+      query
+    );
+    return result.items;
+  }
+}
+
+const vaultPlugin = createPlugin({
+  id: "vault",
+  apis: [
+    createApiFactory({
+      api: vaultApiRef,
+      deps: { discoveryApi: discoveryApiRef, fetchApi: fetchApiRef },
+      factory: ({
+        discoveryApi,
+        fetchApi
+      }) => new VaultClient({
+        discoveryApi,
+        fetchApi
+      })
+    })
+  ]
+});
+const EntityVaultCard = vaultPlugin.provide(
+  createComponentExtension({
+    name: "EntityVaultCard",
+    component: {
+      lazy: () => import('./index-_ZTGu21U.esm.js').then((m) => m.EntityVaultCard)
+    }
+  })
+);
+
+const VAULT_SECRET_ENGINE_ANNOTATION = "vault.io/secrets-engine";
+const VAULT_SECRET_PATH_ANNOTATION = "vault.io/secrets-path";
+
+function isVaultAvailable(entity) {
+  var _a;
+  return Boolean(
+    (_a = entity.metadata.annotations) == null ? void 0 : _a.hasOwnProperty(VAULT_SECRET_PATH_ANNOTATION)
+  );
+}
+
+export { EntityVaultCard as E, VAULT_SECRET_PATH_ANNOTATION as V, VAULT_SECRET_ENGINE_ANNOTATION as a, vaultPlugin as b, isVaultAvailable as i, vaultApiRef as v };
+//# sourceMappingURL=index-C3tCbIvC.esm.js.map

package/dist/esm/index-C3tCbIvC.esm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-C3tCbIvC.esm.js","sources":["../../src/api.ts","../../src/plugin.ts","../../src/constants.ts","../../src/conditions.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  DiscoveryApi,\n  createApiRef,\n  FetchApi,\n} from '@backstage/core-plugin-api';\nimport { NotFoundError, ResponseError } from '@backstage/errors';\n\n/**\n * @public\n */\nexport const vaultApiRef = createApiRef<VaultApi>({\n  id: 'plugin.vault.service',\n});\n\n/**\n * Object containing the secret name and some links.\n * @public\n */\nexport type VaultSecret = {\n  name: string;\n  path: string;\n  showUrl: string;\n  editUrl: string;\n};\n\n/**\n * Interface for the VaultApi.\n * @public\n */\nexport interface VaultApi {\n  /**\n   * Returns a list of secrets used to show in a table.\n   * @param secretPath - The path where the secrets are stored in Vault\n   * @param options - Additional options to be passed to the Vault API, allows to override vault default settings in app config file\n   */\n  listSecrets(\n    secretPath: string,\n    options?: {\n      secretEngine?: string;\n    },\n  ): Promise<VaultSecret[]>;\n}\n\n/**\n * Default implementation of the VaultApi.\n * @public\n */\nexport class VaultClient implements VaultApi {\n  private readonly discoveryApi: DiscoveryApi;\n  private readonly fetchApi: FetchApi;\n\n  constructor({\n    discoveryApi,\n    fetchApi,\n  }: {\n    discoveryApi: DiscoveryApi;\n    fetchApi: FetchApi;\n  }) {\n    this.discoveryApi = discoveryApi;\n    this.fetchApi = fetchApi;\n  }\n\n  private async callApi<T>(\n    path: string,\n    query: { [key in string]: any },\n  ): Promise<T> {\n    const apiUrl = `${await this.discoveryApi.getBaseUrl('vault')}`;\n    const response = await this.fetchApi.fetch(\n      `${apiUrl}/${path}?${new URLSearchParams(query).toString()}`,\n      {\n        headers: {\n          Accept: 'application/json',\n        },\n      },\n    );\n    if (response.ok) {\n      return (await response.json()) as T;\n    } else if (response.status === 404) {\n      throw new NotFoundError(`No secrets found in path '${path}'`);\n    }\n    throw await ResponseError.fromResponse(response);\n  }\n\n  async listSecrets(\n    secretPath: string,\n    options?: {\n      secretEngine?: string;\n    },\n  ): Promise<VaultSecret[]> {\n    const query: { [key in string]: any } = {};\n    const { secretEngine } = options || {};\n    if (secretEngine) {\n      query.engine = secretEngine;\n    }\n\n    const result = await this.callApi<{ items: VaultSecret[] }>(\n      `v1/secrets/${encodeURIComponent(secretPath)}`,\n      query,\n    );\n    return result.items;\n  }\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  createApiFactory,\n  createComponentExtension,\n  createPlugin,\n  DiscoveryApi,\n  discoveryApiRef,\n  FetchApi,\n  fetchApiRef,\n} from '@backstage/core-plugin-api';\n\nimport { vaultApiRef, VaultClient } from './api';\n\n/**\n * The vault plugin.\n * @public\n */\nexport const vaultPlugin = createPlugin({\n  id: 'vault',\n  apis: [\n    createApiFactory({\n      api: vaultApiRef,\n      deps: { discoveryApi: discoveryApiRef, fetchApi: fetchApiRef },\n      factory: ({\n        discoveryApi,\n        fetchApi,\n      }: {\n        discoveryApi: DiscoveryApi;\n        fetchApi: FetchApi;\n      }) =>\n        new VaultClient({\n          discoveryApi,\n          fetchApi,\n        }),\n    }),\n  ],\n});\n\n/**\n * Card used to show the list of Vault secrets.\n * @public\n */\nexport const EntityVaultCard = vaultPlugin.provide(\n  createComponentExtension({\n    name: 'EntityVaultCard',\n    component: {\n      lazy: () =>\n        import('./components/EntityVaultCard').then(m => m.EntityVaultCard),\n    },\n  }),\n);\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @public\n */\nexport const VAULT_SECRET_ENGINE_ANNOTATION = 'vault.io/secrets-engine';\n/**\n * @public\n */\nexport const VAULT_SECRET_PATH_ANNOTATION = 'vault.io/secrets-path';\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Entity } from '@backstage/catalog-model';\nimport { VAULT_SECRET_PATH_ANNOTATION } from './constants';\n\n/**\n * Checks if an entity contains the annotation for Vault.\n * @param entity - The entity to check if the annotation exists\n * @returns If the annotation exists or not\n * @public\n */\nexport function isVaultAvailable(entity: Entity): boolean {\n  return Boolean(\n    entity.metadata.annotations?.hasOwnProperty(VAULT_SECRET_PATH_ANNOTATION),\n  );\n}\n"],"names":[],"mappings":";;;;;;;;;AAyBO,MAAM,cAAc,YAAuB,CAAA;AAAA,EAChD,EAAI,EAAA,sBAAA;AACN,CAAC,EAAA;AAmCM,MAAM,WAAgC,CAAA;AAAA,EAI3C,WAAY,CAAA;AAAA,IACV,YAAA;AAAA,IACA,QAAA;AAAA,GAIC,EAAA;AATH,IAAiB,aAAA,CAAA,IAAA,EAAA,cAAA,CAAA,CAAA;AACjB,IAAiB,aAAA,CAAA,IAAA,EAAA,UAAA,CAAA,CAAA;AASf,IAAA,IAAA,CAAK,YAAe,GAAA,YAAA,CAAA;AACpB,IAAA,IAAA,CAAK,QAAW,GAAA,QAAA,CAAA;AAAA,GAClB;AAAA,EAEA,MAAc,OACZ,CAAA,IAAA,EACA,KACY,EAAA;AACZ,IAAA,MAAM,SAAS,CAAG,EAAA,MAAM,KAAK,YAAa,CAAA,UAAA,CAAW,OAAO,CAAC,CAAA,CAAA,CAAA;AAC7D,IAAM,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,QAAS,CAAA,KAAA;AAAA,MACnC,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA,EAAI,IAAI,eAAgB,CAAA,KAAK,CAAE,CAAA,QAAA,EAAU,CAAA,CAAA;AAAA,MAC1D;AAAA,QACE,OAAS,EAAA;AAAA,UACP,MAAQ,EAAA,kBAAA;AAAA,SACV;AAAA,OACF;AAAA,KACF,CAAA;AACA,IAAA,IAAI,SAAS,EAAI,EAAA;AACf,MAAQ,OAAA,MAAM,SAAS,IAAK,EAAA,CAAA;AAAA,KAC9B,MAAA,IAAW,QAAS,CAAA,MAAA,KAAW,GAAK,EAAA;AAClC,MAAA,MAAM,IAAI,aAAA,CAAc,CAA6B,0BAAA,EAAA,IAAI,CAAG,CAAA,CAAA,CAAA,CAAA;AAAA,KAC9D;AACA,IAAM,MAAA,MAAM,aAAc,CAAA,YAAA,CAAa,QAAQ,CAAA,CAAA;AAAA,GACjD;AAAA,EAEA,MAAM,WACJ,CAAA,UAAA,EACA,OAGwB,EAAA;AACxB,IAAA,MAAM,QAAkC,EAAC,CAAA;AACzC,IAAA,MAAM,EAAE,YAAA,EAAiB,GAAA,OAAA,IAAW,EAAC,CAAA;AACrC,IAAA,IAAI,YAAc,EAAA;AAChB,MAAA,KAAA,CAAM,MAAS,GAAA,YAAA,CAAA;AAAA,KACjB;AAEA,IAAM,MAAA,MAAA,GAAS,MAAM,IAAK,CAAA,OAAA;AAAA,MACxB,CAAA,WAAA,EAAc,kBAAmB,CAAA,UAAU,CAAC,CAAA,CAAA;AAAA,MAC5C,KAAA;AAAA,KACF,CAAA;AACA,IAAA,OAAO,MAAO,CAAA,KAAA,CAAA;AAAA,GAChB;AACF;;ACrFO,MAAM,cAAc,YAAa,CAAA;AAAA,EACtC,EAAI,EAAA,OAAA;AAAA,EACJ,IAAM,EAAA;AAAA,IACJ,gBAAiB,CAAA;AAAA,MACf,GAAK,EAAA,WAAA;AAAA,MACL,IAAM,EAAA,EAAE,YAAc,EAAA,eAAA,EAAiB,UAAU,WAAY,EAAA;AAAA,MAC7D,SAAS,CAAC;AAAA,QACR,YAAA;AAAA,QACA,QAAA;AAAA,OACF,KAIE,IAAI,WAAY,CAAA;AAAA,QACd,YAAA;AAAA,QACA,QAAA;AAAA,OACD,CAAA;AAAA,KACJ,CAAA;AAAA,GACH;AACF,CAAC,EAAA;AAMM,MAAM,kBAAkB,WAAY,CAAA,OAAA;AAAA,EACzC,wBAAyB,CAAA;AAAA,IACvB,IAAM,EAAA,iBAAA;AAAA,IACN,SAAW,EAAA;AAAA,MACT,IAAA,EAAM,MACJ,OAAO,yBAA8B,EAAE,IAAK,CAAA,CAAA,CAAA,KAAK,EAAE,eAAe,CAAA;AAAA,KACtE;AAAA,GACD,CAAA;AACH;;AC7CO,MAAM,8BAAiC,GAAA,0BAAA;AAIvC,MAAM,4BAA+B,GAAA;;ACCrC,SAAS,iBAAiB,MAAyB,EAAA;AAxB1D,EAAA,IAAA,EAAA,CAAA;AAyBE,EAAO,OAAA,OAAA;AAAA,IAAA,CACL,EAAO,GAAA,MAAA,CAAA,QAAA,CAAS,WAAhB,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAA6B,cAAe,CAAA,4BAAA,CAAA;AAAA,GAC9C,CAAA;AACF;;;;"}

package/dist/esm/index-_ZTGu21U.esm.js

@@ -0,0 +1,91 @@
+import React from 'react';
+import { useEntity, MissingAnnotationEmptyState } from '@backstage/plugin-catalog-react';
+import { v as vaultApiRef, V as VAULT_SECRET_PATH_ANNOTATION, a as VAULT_SECRET_ENGINE_ANNOTATION, i as isVaultAvailable } from './index-C3tCbIvC.esm.js';
+import { Link, Table } from '@backstage/core-components';
+import { useApi } from '@backstage/core-plugin-api';
+import Box from '@material-ui/core/Box';
+import Typography from '@material-ui/core/Typography';
+import Edit from '@material-ui/icons/Edit';
+import Visibility from '@material-ui/icons/Visibility';
+import Alert from '@material-ui/lab/Alert';
+import useAsync from 'react-use/esm/useAsync';
+import '@backstage/errors';
+
+const vaultSecretConfig = (entity) => {
+  var _a, _b;
+  const secretPath = (_a = entity.metadata.annotations) == null ? void 0 : _a[VAULT_SECRET_PATH_ANNOTATION];
+  const secretEngine = (_b = entity.metadata.annotations) == null ? void 0 : _b[VAULT_SECRET_ENGINE_ANNOTATION];
+  return { secretPath, secretEngine };
+};
+const EntityVaultTable = ({ entity }) => {
+  const vaultApi = useApi(vaultApiRef);
+  const { secretPath, secretEngine } = vaultSecretConfig(entity);
+  if (!secretPath) {
+    throw Error(
+      `The secret path is undefined. Please, define the annotation ${VAULT_SECRET_PATH_ANNOTATION}`
+    );
+  }
+  const { value, loading, error } = useAsync(async () => {
+    return vaultApi.listSecrets(secretPath, { secretEngine });
+  }, []);
+  const columns = [
+    { title: "Secret", field: "secret", highlight: true },
+    { title: "View URL", field: "view", width: "10%" },
+    { title: "Edit URL", field: "edit", width: "10%" }
+  ];
+  const data = (value || []).map((secret) => {
+    const secretName = `${secret.path.replace(`${secretPath}/`, "")}/${secret.name}`;
+    return {
+      secret: secretName,
+      view: /* @__PURE__ */ React.createElement(
+        Link,
+        {
+          "aria-label": "View",
+          title: `View ${secretName}`,
+          to: secret.showUrl
+        },
+        /* @__PURE__ */ React.createElement(Visibility, { style: { fontSize: 16 } })
+      ),
+      edit: /* @__PURE__ */ React.createElement(
+        Link,
+        {
+          "aria-label": "Edit",
+          title: `Edit ${secretName}`,
+          to: secret.editUrl
+        },
+        /* @__PURE__ */ React.createElement(Edit, { style: { fontSize: 16 } })
+      )
+    };
+  });
+  if (error) {
+    return /* @__PURE__ */ React.createElement(Alert, { severity: "error" }, "Unexpected error while fetching secrets from path '", secretPath, "':", " ", error.message);
+  }
+  return /* @__PURE__ */ React.createElement(
+    Table,
+    {
+      title: "Vault",
+      subtitle: `Secrets for ${entity.metadata.name} in ${secretPath}`,
+      columns,
+      data,
+      isLoading: loading,
+      options: {
+        padding: "dense",
+        pageSize: 10,
+        emptyRowsWhenPaging: false,
+        search: false
+      },
+      emptyContent: /* @__PURE__ */ React.createElement(Box, { style: { textAlign: "center", padding: "15px" } }, /* @__PURE__ */ React.createElement(Typography, { variant: "body1" }, "No secrets found for ", entity.metadata.name, " in ", secretPath))
+    }
+  );
+};
+
+const EntityVaultCard = () => {
+  const { entity } = useEntity();
+  if (isVaultAvailable(entity)) {
+    return /* @__PURE__ */ React.createElement(EntityVaultTable, { entity });
+  }
+  return /* @__PURE__ */ React.createElement(MissingAnnotationEmptyState, { annotation: VAULT_SECRET_PATH_ANNOTATION });
+};
+
+export { EntityVaultCard };
+//# sourceMappingURL=index-_ZTGu21U.esm.js.map

package/dist/esm/index-_ZTGu21U.esm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-_ZTGu21U.esm.js","sources":["../../src/components/EntityVaultTable/EntityVaultTable.tsx","../../src/components/EntityVaultCard/EntityVaultCard.tsx"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport React from 'react';\nimport { Entity } from '@backstage/catalog-model';\nimport { Link, Table, TableColumn } from '@backstage/core-components';\nimport { useApi } from '@backstage/core-plugin-api';\nimport Box from '@material-ui/core/Box';\nimport Typography from '@material-ui/core/Typography';\nimport Edit from '@material-ui/icons/Edit';\nimport Visibility from '@material-ui/icons/Visibility';\nimport Alert from '@material-ui/lab/Alert';\nimport useAsync from 'react-use/esm/useAsync';\nimport { VaultSecret, vaultApiRef } from '../../api';\nimport {\n  VAULT_SECRET_ENGINE_ANNOTATION,\n  VAULT_SECRET_PATH_ANNOTATION,\n} from '../../constants';\n\nexport const vaultSecretConfig = (entity: Entity) => {\n  const secretPath =\n    entity.metadata.annotations?.[VAULT_SECRET_PATH_ANNOTATION];\n  const secretEngine =\n    entity.metadata.annotations?.[VAULT_SECRET_ENGINE_ANNOTATION];\n\n  return { secretPath, secretEngine };\n};\n\nexport const EntityVaultTable = ({ entity }: { entity: Entity }) => {\n  const vaultApi = useApi(vaultApiRef);\n  const { secretPath, secretEngine } = vaultSecretConfig(entity);\n  if (!secretPath) {\n    throw Error(\n      `The secret path is undefined. Please, define the annotation ${VAULT_SECRET_PATH_ANNOTATION}`,\n    );\n  }\n\n  const { value, loading, error } = useAsync(async (): Promise<\n    VaultSecret[]\n  > => {\n    return vaultApi.listSecrets(secretPath, { secretEngine });\n  }, []);\n\n  const columns: TableColumn[] = [\n    { title: 'Secret', field: 'secret', highlight: true },\n    { title: 'View URL', field: 'view', width: '10%' },\n    { title: 'Edit URL', field: 'edit', width: '10%' },\n  ];\n\n  const data = (value || []).map(secret => {\n    const secretName = `${secret.path.replace(`${secretPath}/`, '')}/${\n      secret.name\n    }`;\n\n    return {\n      secret: secretName,\n      view: (\n        <Link\n          aria-label=\"View\"\n          title={`View ${secretName}`}\n          to={secret.showUrl}\n        >\n          <Visibility style={{ fontSize: 16 }} />\n        </Link>\n      ),\n      edit: (\n        <Link\n          aria-label=\"Edit\"\n          title={`Edit ${secretName}`}\n          to={secret.editUrl}\n        >\n          <Edit style={{ fontSize: 16 }} />\n        </Link>\n      ),\n    };\n  });\n\n  if (error) {\n    return (\n      <Alert severity=\"error\">\n        Unexpected error while fetching secrets from path '{secretPath}':{' '}\n        {error.message}\n      </Alert>\n    );\n  }\n\n  return (\n    <Table\n      title=\"Vault\"\n      subtitle={`Secrets for ${entity.metadata.name} in ${secretPath}`}\n      columns={columns}\n      data={data}\n      isLoading={loading}\n      options={{\n        padding: 'dense',\n        pageSize: 10,\n        emptyRowsWhenPaging: false,\n        search: false,\n      }}\n      emptyContent={\n        <Box style={{ textAlign: 'center', padding: '15px' }}>\n          <Typography variant=\"body1\">\n            No secrets found for {entity.metadata.name} in {secretPath}\n          </Typography>\n        </Box>\n      }\n    />\n  );\n};\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport React from 'react';\nimport {\n  useEntity,\n  MissingAnnotationEmptyState,\n} from '@backstage/plugin-catalog-react';\nimport { isVaultAvailable } from '../../conditions';\nimport { VAULT_SECRET_PATH_ANNOTATION } from '../../constants';\nimport { EntityVaultTable } from '../EntityVaultTable';\n\nexport const EntityVaultCard = () => {\n  const { entity } = useEntity();\n\n  if (isVaultAvailable(entity)) {\n    return <EntityVaultTable entity={entity} />;\n  }\n  return (\n    <MissingAnnotationEmptyState annotation={VAULT_SECRET_PATH_ANNOTATION} />\n  );\n};\n"],"names":[],"mappings":";;;;;;;;;;;;;AA+Ba,MAAA,iBAAA,GAAoB,CAAC,MAAmB,KAAA;AA/BrD,EAAA,IAAA,EAAA,EAAA,EAAA,CAAA;AAgCE,EAAA,MAAM,UACJ,GAAA,CAAA,EAAA,GAAA,MAAA,CAAO,QAAS,CAAA,WAAA,KAAhB,IAA8B,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,4BAAA,CAAA,CAAA;AAChC,EAAA,MAAM,YACJ,GAAA,CAAA,EAAA,GAAA,MAAA,CAAO,QAAS,CAAA,WAAA,KAAhB,IAA8B,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,8BAAA,CAAA,CAAA;AAEhC,EAAO,OAAA,EAAE,YAAY,YAAa,EAAA,CAAA;AACpC,CAAA,CAAA;AAEO,MAAM,gBAAmB,GAAA,CAAC,EAAE,MAAA,EAAiC,KAAA;AAClE,EAAM,MAAA,QAAA,GAAW,OAAO,WAAW,CAAA,CAAA;AACnC,EAAA,MAAM,EAAE,UAAA,EAAY,YAAa,EAAA,GAAI,kBAAkB,MAAM,CAAA,CAAA;AAC7D,EAAA,IAAI,CAAC,UAAY,EAAA;AACf,IAAM,MAAA,KAAA;AAAA,MACJ,+DAA+D,4BAA4B,CAAA,CAAA;AAAA,KAC7F,CAAA;AAAA,GACF;AAEA,EAAA,MAAM,EAAE,KAAO,EAAA,OAAA,EAAS,KAAM,EAAA,GAAI,SAAS,YAEtC;AACH,IAAA,OAAO,QAAS,CAAA,WAAA,CAAY,UAAY,EAAA,EAAE,cAAc,CAAA,CAAA;AAAA,GAC1D,EAAG,EAAE,CAAA,CAAA;AAEL,EAAA,MAAM,OAAyB,GAAA;AAAA,IAC7B,EAAE,KAAO,EAAA,QAAA,EAAU,KAAO,EAAA,QAAA,EAAU,WAAW,IAAK,EAAA;AAAA,IACpD,EAAE,KAAO,EAAA,UAAA,EAAY,KAAO,EAAA,MAAA,EAAQ,OAAO,KAAM,EAAA;AAAA,IACjD,EAAE,KAAO,EAAA,UAAA,EAAY,KAAO,EAAA,MAAA,EAAQ,OAAO,KAAM,EAAA;AAAA,GACnD,CAAA;AAEA,EAAA,MAAM,IAAQ,GAAA,CAAA,KAAA,IAAS,EAAC,EAAG,IAAI,CAAU,MAAA,KAAA;AACvC,IAAA,MAAM,UAAa,GAAA,CAAA,EAAG,MAAO,CAAA,IAAA,CAAK,OAAQ,CAAA,CAAA,EAAG,UAAU,CAAA,CAAA,CAAA,EAAK,EAAE,CAAC,CAC7D,CAAA,EAAA,MAAA,CAAO,IACT,CAAA,CAAA,CAAA;AAEA,IAAO,OAAA;AAAA,MACL,MAAQ,EAAA,UAAA;AAAA,MACR,IACE,kBAAA,KAAA,CAAA,aAAA;AAAA,QAAC,IAAA;AAAA,QAAA;AAAA,UACC,YAAW,EAAA,MAAA;AAAA,UACX,KAAA,EAAO,QAAQ,UAAU,CAAA,CAAA;AAAA,UACzB,IAAI,MAAO,CAAA,OAAA;AAAA,SAAA;AAAA,4CAEV,UAAW,EAAA,EAAA,KAAA,EAAO,EAAE,QAAA,EAAU,IAAM,EAAA,CAAA;AAAA,OACvC;AAAA,MAEF,IACE,kBAAA,KAAA,CAAA,aAAA;AAAA,QAAC,IAAA;AAAA,QAAA;AAAA,UACC,YAAW,EAAA,MAAA;AAAA,UACX,KAAA,EAAO,QAAQ,UAAU,CAAA,CAAA;AAAA,UACzB,IAAI,MAAO,CAAA,OAAA;AAAA,SAAA;AAAA,4CAEV,IAAK,EAAA,EAAA,KAAA,EAAO,EAAE,QAAA,EAAU,IAAM,EAAA,CAAA;AAAA,OACjC;AAAA,KAEJ,CAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,IAAI,KAAO,EAAA;AACT,IACE,uBAAA,KAAA,CAAA,aAAA,CAAC,SAAM,QAAS,EAAA,OAAA,EAAA,EAAQ,uDAC8B,UAAW,EAAA,IAAA,EAAG,GACjE,EAAA,KAAA,CAAM,OACT,CAAA,CAAA;AAAA,GAEJ;AAEA,EACE,uBAAA,KAAA,CAAA,aAAA;AAAA,IAAC,KAAA;AAAA,IAAA;AAAA,MACC,KAAM,EAAA,OAAA;AAAA,MACN,UAAU,CAAe,YAAA,EAAA,MAAA,CAAO,QAAS,CAAA,IAAI,OAAO,UAAU,CAAA,CAAA;AAAA,MAC9D,OAAA;AAAA,MACA,IAAA;AAAA,MACA,SAAW,EAAA,OAAA;AAAA,MACX,OAAS,EAAA;AAAA,QACP,OAAS,EAAA,OAAA;AAAA,QACT,QAAU,EAAA,EAAA;AAAA,QACV,mBAAqB,EAAA,KAAA;AAAA,QACrB,MAAQ,EAAA,KAAA;AAAA,OACV;AAAA,MACA,YAAA,sCACG,GAAI,EAAA,EAAA,KAAA,EAAO,EAAE,SAAW,EAAA,QAAA,EAAU,SAAS,MAAO,EAAA,EAAA,sCAChD,UAAW,EAAA,EAAA,OAAA,EAAQ,WAAQ,uBACJ,EAAA,MAAA,CAAO,SAAS,IAAK,EAAA,MAAA,EAAK,UAClD,CACF,CAAA;AAAA,KAAA;AAAA,GAEJ,CAAA;AAEJ,CAAA;;AC/FO,MAAM,kBAAkB,MAAM;AACnC,EAAM,MAAA,EAAE,MAAO,EAAA,GAAI,SAAU,EAAA,CAAA;AAE7B,EAAI,IAAA,gBAAA,CAAiB,MAAM,CAAG,EAAA;AAC5B,IAAO,uBAAA,KAAA,CAAA,aAAA,CAAC,oBAAiB,MAAgB,EAAA,CAAA,CAAA;AAAA,GAC3C;AACA,EACE,uBAAA,KAAA,CAAA,aAAA,CAAC,2BAA4B,EAAA,EAAA,UAAA,EAAY,4BAA8B,EAAA,CAAA,CAAA;AAE3E;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,59 @@
+/// <reference types="react" />
+import * as react from 'react';
+import * as _backstage_core_plugin_api from '@backstage/core-plugin-api';
+import { Entity } from '@backstage/catalog-model';
+
+/**
+ * The vault plugin.
+ * @public
+ */
+declare const vaultPlugin: _backstage_core_plugin_api.BackstagePlugin<{}, {}, {}>;
+/**
+ * Card used to show the list of Vault secrets.
+ * @public
+ */
+declare const EntityVaultCard: () => react.JSX.Element;
+
+/**
+ * Checks if an entity contains the annotation for Vault.
+ * @param entity - The entity to check if the annotation exists
+ * @returns If the annotation exists or not
+ * @public
+ */
+declare function isVaultAvailable(entity: Entity): boolean;
+
+/**
+ * @public
+ */
+declare const VAULT_SECRET_PATH_ANNOTATION = "vault.io/secrets-path";
+
+/**
+ * @public
+ */
+declare const vaultApiRef: _backstage_core_plugin_api.ApiRef<VaultApi>;
+/**
+ * Object containing the secret name and some links.
+ * @public
+ */
+type VaultSecret = {
+    name: string;
+    path: string;
+    showUrl: string;
+    editUrl: string;
+};
+/**
+ * Interface for the VaultApi.
+ * @public
+ */
+interface VaultApi {
+    /**
+     * Returns a list of secrets used to show in a table.
+     * @param secretPath - The path where the secrets are stored in Vault
+     * @param options - Additional options to be passed to the Vault API, allows to override vault default settings in app config file
+     */
+    listSecrets(secretPath: string, options?: {
+        secretEngine?: string;
+    }): Promise<VaultSecret[]>;
+}
+
+export { EntityVaultCard, VAULT_SECRET_PATH_ANNOTATION, type VaultApi, type VaultSecret, isVaultAvailable, vaultApiRef, vaultPlugin };

package/dist/index.esm.js

@@ -0,0 +1,4 @@
+export { E as EntityVaultCard, V as VAULT_SECRET_PATH_ANNOTATION, i as isVaultAvailable, v as vaultApiRef, b as vaultPlugin } from './esm/index-C3tCbIvC.esm.js';
+import '@backstage/core-plugin-api';
+import '@backstage/errors';
+//# sourceMappingURL=index.esm.js.map

package/dist/index.esm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.esm.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;"}

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@backstage-community/plugin-vault",
+  "version": "0.1.30",
+  "description": "A Backstage plugin that integrates towards Vault",
+  "backstage": {
+    "role": "frontend-plugin"
+  },
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.esm.js",
+    "types": "dist/index.d.ts"
+  },
+  "keywords": [
+    "backstage",
+    "vault"
+  ],
+  "homepage": "https://backstage.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/community-plugins",
+    "directory": "workspaces/vault/plugins/vault"
+  },
+  "license": "Apache-2.0",
+  "sideEffects": false,
+  "main": "dist/index.esm.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "backstage-cli package build",
+    "clean": "backstage-cli package clean",
+    "lint": "backstage-cli package lint",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack",
+    "start": "backstage-cli package start",
+    "test": "backstage-cli package test"
+  },
+  "dependencies": {
+    "@backstage/catalog-model": "^1.4.5",
+    "@backstage/core-components": "^0.14.4",
+    "@backstage/core-plugin-api": "^1.9.2",
+    "@backstage/errors": "^1.2.4",
+    "@backstage/plugin-catalog-react": "^1.11.3",
+    "@material-ui/core": "^4.12.2",
+    "@material-ui/icons": "^4.9.1",
+    "@material-ui/lab": "4.0.0-alpha.61",
+    "@types/react": "^16.13.1 || ^17.0.0 || ^18.0.0",
+    "react-use": "^17.2.4"
+  },
+  "devDependencies": {
+    "@backstage/cli": "^0.26.3",
+    "@backstage/core-app-api": "^1.12.4",
+    "@backstage/dev-utils": "^1.0.31",
+    "@backstage/test-utils": "^1.5.4",
+    "@testing-library/dom": "^10.0.0",
+    "@testing-library/jest-dom": "^6.0.0",
+    "@testing-library/react": "^15.0.0",
+    "@types/react-dom": "^18.2.19",
+    "canvas": "^2.11.2",
+    "msw": "^1.0.0",
+    "react": "^16.13.1 || ^17.0.0 || ^18.0.0",
+    "react-dom": "^16.13.1 || ^17.0.0 || ^18.0.0",
+    "react-router-dom": "6.0.0-beta.0 || ^6.3.0"
+  },
+  "peerDependencies": {
+    "react": "^16.13.1 || ^17.0.0 || ^18.0.0",
+    "react-dom": "^16.13.1 || ^17.0.0 || ^18.0.0",
+    "react-router-dom": "6.0.0-beta.0 || ^6.3.0"
+  },
+  "module": "./dist/index.esm.js"
+}