@backstage/integration 0.6.10 → 0.7.2

package/CHANGELOG.md

@@ -1,5 +1,48 @@
 # @backstage/integration
 
+## 0.7.2
+
+### Patch Changes
+
+- f45e99e5da: Do not return a token rather than fail where the owner is not in the allowed installation owners
+  for a GitHub app. This allows anonymous access to public files in the organisation.
+- Updated dependencies
+  - @backstage/config@0.1.13
+
+## 0.7.2-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/config@0.1.13-next.0
+
+## 0.7.1
+
+### Patch Changes
+
+- 3b4d8caff6: Adds a new GitHub credentials provider (DefaultGithubCredentialsProvider). It handles multiple app configurations. It looks up the app configuration based on the url.
+- 5333451def: Cleaned up API exports
+- Updated dependencies
+  - @backstage/config@0.1.12
+
+## 0.7.0
+
+### Minor Changes
+
+- 7d4b4e937c: Create an interface for the GitHub credentials provider in order to support providing implementations.
+
+  We have changed the name of the `GithubCredentialsProvider` to `SingleInstanceGithubCredentialsProvider`.
+
+  `GithubCredentialsProvider` is now an interface that maybe implemented to provide a custom mechanism to retrieve GitHub credentials.
+
+  In a later release we will support configuring URL readers, scaffolder tasks, and processors with customer GitHub credentials providers.
+
+  If you want to uptake this release, you will need to replace all references to `GithubCredentialsProvider.create` with `SingleInstanceGithubCredentialsProvider.create`.
+
+### Patch Changes
+
+- cf2e20a792: Added `endpoint` and `s3ForcePathStyle` as optional configuration for AWS S3 integrations.
+
 ## 0.6.10
 
 ### Patch Changes

package/config.d.ts

@@ -167,10 +167,23 @@ export interface Config {
     /** Integration configuration for AWS S3 Service */
     awsS3?: Array<{
       /**
-       * The host of the target that this matches on, e.g. "amazonaws.com".
+       * AWS Endpoint.
+       * The endpoint URI to send requests to. The default endpoint is built from the configured region.
+       * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property
+       *
+       * Supports non-AWS providers, e.g. for LocalStack, endpoint may look like http://localhost:4566
        * @visibility frontend
        */
-      host: string;
+      endpoint?: string;
+
+      /**
+       * Whether to use path style URLs when communicating with S3.
+       * Defaults to false.
+       * This allows providers like LocalStack, Minio and Wasabi (and possibly others) to be used.
+       * @visibility frontend
+       */
+      s3ForcePathStyle?: boolean;
+
       /**
        * Account access key used to authenticate requests.
        * @visibility backend

package/dist/index.cjs.js

@@ -46,7 +46,7 @@ function basicIntegrations(integrations, getHost) {
   };
 }
 function defaultScmResolveUrl(options) {
-  const {url, base, lineNumber} = options;
+  const { url, base, lineNumber } = options;
   try {
     new URL(url);
     return url;
@@ -54,7 +54,7 @@ function defaultScmResolveUrl(options) {
   }
   let updated;
   if (url.startsWith("/")) {
-    const {filepath} = parseGitUrl__default['default'](base);
+    const { filepath } = parseGitUrl__default["default"](base);
     updated = new URL(base);
     const repoRootPath = lodash.trimEnd(updated.pathname.substring(0, updated.pathname.length - filepath.length), "/");
     updated.pathname = `${repoRootPath}${url}`;
@@ -76,6 +76,11 @@ var __privateGet = (obj, member, getter) => {
   __accessCheck(obj, member, "read from private field");
   return getter ? getter.call(obj) : member.get(obj);
 };
+var __privateAdd = (obj, member, value) => {
+  if (member.has(obj))
+    throw TypeError("Cannot add the same private member more than once");
+  member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+};
 var __privateSet = (obj, member, value, setter) => {
   __accessCheck(obj, member, "write to private field");
   setter ? setter.call(obj, value) : member.set(obj, value);
@@ -85,13 +90,13 @@ var _origin, _owner, _project, _repo, _path, _ref, _baseUrl;
 const VERSION_PREFIX_GIT_BRANCH = "GB";
 const _AzureUrl = class {
   constructor(origin, owner, project, repo, path, ref) {
-    _origin.set(this, void 0);
-    _owner.set(this, void 0);
-    _project.set(this, void 0);
-    _repo.set(this, void 0);
-    _path.set(this, void 0);
-    _ref.set(this, void 0);
-    _baseUrl.set(this, (...parts) => {
+    __privateAdd(this, _origin, void 0);
+    __privateAdd(this, _owner, void 0);
+    __privateAdd(this, _project, void 0);
+    __privateAdd(this, _repo, void 0);
+    __privateAdd(this, _path, void 0);
+    __privateAdd(this, _ref, void 0);
+    __privateAdd(this, _baseUrl, (...parts) => {
       const url = new URL(__privateGet(this, _origin));
       url.pathname = parts.map((part) => encodeURIComponent(part)).join("/");
       return url;
@@ -214,12 +219,12 @@ function readAzureIntegrationConfig(config) {
   if (!isValidHost(host)) {
     throw new Error(`Invalid Azure integration config, '${host}' is not a valid host`);
   }
-  return {host, token};
+  return { host, token };
 }
 function readAzureIntegrationConfigs(configs) {
   const result = configs.map(readAzureIntegrationConfig);
   if (!result.some((c) => c.host === AZURE_HOST)) {
-    result.push({host: AZURE_HOST});
+    result.push({ host: AZURE_HOST });
   }
   return result;
 }
@@ -239,7 +244,7 @@ const _AzureIntegration = class {
   }
   resolveUrl(options) {
     var _a;
-    const {url, base} = options;
+    const { url, base } = options;
     if (isValidUrl(url)) {
       return url;
     }
@@ -265,7 +270,7 @@ const _AzureIntegration = class {
   }
 };
 let AzureIntegration = _AzureIntegration;
-AzureIntegration.factory = ({config}) => {
+AzureIntegration.factory = ({ config }) => {
   var _a;
   const configs = readAzureIntegrationConfigs((_a = config.getOptionalConfigArray("integrations.azure")) != null ? _a : []);
   return basicIntegrations(configs.map((c) => new _AzureIntegration(c)), (i) => i.config.host);
@@ -281,12 +286,12 @@ function getAzureCommitsUrl(url) {
   return AzureUrl.fromRepoUrl(url).toCommitsUrl();
 }
 function getAzureRequestOptions(config, additionalHeaders) {
-  const headers = additionalHeaders ? {...additionalHeaders} : {};
+  const headers = additionalHeaders ? { ...additionalHeaders } : {};
   if (config.token) {
     const buffer = Buffer.from(`:${config.token}`, "utf8");
     headers.Authorization = `Basic ${buffer.toString("base64")}`;
   }
-  return {headers};
+  return { headers };
 }
 
 const BITBUCKET_HOST = "bitbucket.org";
@@ -349,7 +354,7 @@ const _BitbucketIntegration = class {
     return resolved;
   }
   resolveEditUrl(url) {
-    const urlData = parseGitUrl__default['default'](url);
+    const urlData = parseGitUrl__default["default"](url);
     const editUrl = new URL(url);
     editUrl.searchParams.set("mode", "edit");
     editUrl.searchParams.set("spa", "0");
@@ -367,13 +372,13 @@ BitbucketIntegration.factory = ({
 };
 
 async function getBitbucketDefaultBranch(url, config) {
-  const {name: repoName, owner: project, resource} = parseGitUrl__default['default'](url);
+  const { name: repoName, owner: project, resource } = parseGitUrl__default["default"](url);
   const isHosted = resource === "bitbucket.org";
   let branchUrl = isHosted ? `${config.apiBaseUrl}/repositories/${project}/${repoName}` : `${config.apiBaseUrl}/projects/${project}/repos/${repoName}/default-branch`;
-  let response = await fetch__default['default'](branchUrl, getBitbucketRequestOptions(config));
+  let response = await fetch__default["default"](branchUrl, getBitbucketRequestOptions(config));
   if (response.status === 404 && !isHosted) {
     branchUrl = `${config.apiBaseUrl}/projects/${project}/repos/${repoName}/branches/default`;
-    response = await fetch__default['default'](branchUrl, getBitbucketRequestOptions(config));
+    response = await fetch__default["default"](branchUrl, getBitbucketRequestOptions(config));
   }
   if (!response.ok) {
     const message = `Failed to retrieve default branch from ${branchUrl}, ${response.status} ${response.statusText}`;
@@ -384,7 +389,7 @@ async function getBitbucketDefaultBranch(url, config) {
     const repoInfo = await response.json();
     defaultBranch = repoInfo.mainbranch.name;
   } else {
-    const {displayId} = await response.json();
+    const { displayId } = await response.json();
     defaultBranch = displayId;
   }
   if (!defaultBranch) {
@@ -400,7 +405,7 @@ async function getBitbucketDownloadUrl(url, config) {
     protocol,
     resource,
     filepath
-  } = parseGitUrl__default['default'](url);
+  } = parseGitUrl__default["default"](url);
   const isHosted = resource === "bitbucket.org";
   let branch = ref;
   if (!branch) {
@@ -412,7 +417,7 @@ async function getBitbucketDownloadUrl(url, config) {
 }
 function getBitbucketFileFetchUrl(url, config) {
   try {
-    const {owner, name, ref, filepathtype, filepath} = parseGitUrl__default['default'](url);
+    const { owner, name, ref, filepathtype, filepath } = parseGitUrl__default["default"](url);
     if (!owner || !name || filepathtype !== "browse" && filepathtype !== "raw" && filepathtype !== "src") {
       throw new Error("Invalid Bitbucket URL or file path");
     }
@@ -471,7 +476,7 @@ function readGitHubIntegrationConfig(config) {
   } else if (host === GITHUB_HOST) {
     rawBaseUrl = GITHUB_RAW_BASE_URL;
   }
-  return {host, apiBaseUrl, rawBaseUrl, token, apps};
+  return { host, apiBaseUrl, rawBaseUrl, token, apps };
 }
 function readGitHubIntegrationConfigs(configs) {
   const result = configs.map(readGitHubIntegrationConfig);
@@ -487,7 +492,7 @@ function readGitHubIntegrationConfigs(configs) {
 
 function getGitHubFileFetchUrl(url, config, credentials) {
   try {
-    const {owner, name, ref, filepathtype, filepath} = parseGitUrl__default['default'](url);
+    const { owner, name, ref, filepathtype, filepath } = parseGitUrl__default["default"](url);
     if (!owner || !name || !ref || filepathtype !== "blob" && filepathtype !== "raw" && filepathtype !== "tree") {
       throw new Error("Invalid GitHub URL or file path");
     }
@@ -508,7 +513,7 @@ function getGitHubRequestOptions(config, credentials) {
   if (credentials.token) {
     headers.Authorization = `token ${credentials.token}`;
   }
-  return {headers};
+  return { headers };
 }
 function chooseEndpoint(config, credentials) {
   if (config.apiBaseUrl && (credentials.token || !config.rawBaseUrl)) {
@@ -519,17 +524,17 @@ function chooseEndpoint(config, credentials) {
 
 class Cache {
   constructor() {
-    this.tokenCache = new Map();
+    this.tokenCache = /* @__PURE__ */ new Map();
     this.isNotExpired = (date) => date.diff(luxon.DateTime.local(), "minutes").minutes > 50;
   }
   async getOrCreateToken(key, supplier) {
     const item = this.tokenCache.get(key);
     if (item && this.isNotExpired(item.expiresAt)) {
-      return {accessToken: item.token};
+      return { accessToken: item.token };
     }
     const result = await supplier();
     this.tokenCache.set(key, result);
-    return {accessToken: result.token};
+    return { accessToken: result.token };
   }
 }
 const HEADERS = {
@@ -553,10 +558,10 @@ class GithubAppManager {
   }
   async getInstallationCredentials(owner, repo) {
     var _a;
-    const {installationId, suspended} = await this.getInstallationData(owner);
+    const { installationId, suspended } = await this.getInstallationData(owner);
     if (this.allowedInstallationOwners) {
       if (!((_a = this.allowedInstallationOwners) == null ? void 0 : _a.includes(owner))) {
-        throw new Error(`The GitHub application for ${owner} is not included in the allowed installation list (${installationId}).`);
+        return { accessToken: void 0 };
       }
     }
     if (suspended) {
@@ -623,7 +628,7 @@ class GithubAppCredentialsMux {
     if (this.apps.length === 0) {
       return void 0;
     }
-    const results = await Promise.all(this.apps.map((app) => app.getInstallationCredentials(owner, repo).then((credentials) => ({credentials, error: void 0}), (error) => ({credentials: void 0, error}))));
+    const results = await Promise.all(this.apps.map((app) => app.getInstallationCredentials(owner, repo).then((credentials) => ({ credentials, error: void 0 }), (error) => ({ credentials: void 0, error }))));
     const result = results.find((resultItem) => resultItem.credentials);
     if (result) {
       return result.credentials.accessToken;
@@ -636,16 +641,13 @@ class GithubAppCredentialsMux {
     return void 0;
   }
 }
-class GithubCredentialsProvider {
+const _SingleInstanceGithubCredentialsProvider = class {
   constructor(githubAppCredentialsMux, token) {
     this.githubAppCredentialsMux = githubAppCredentialsMux;
     this.token = token;
   }
-  static create(config) {
-    return new GithubCredentialsProvider(new GithubAppCredentialsMux(config), config.token);
-  }
   async getCredentials(opts) {
-    const parsed = parseGitUrl__default['default'](opts.url);
+    const parsed = parseGitUrl__default["default"](opts.url);
     const owner = parsed.owner || parsed.name;
     const repo = parsed.owner ? parsed.name : void 0;
     let type = "app";
@@ -655,11 +657,37 @@ class GithubCredentialsProvider {
       token = this.token;
     }
     return {
-      headers: token ? {Authorization: `Bearer ${token}`} : void 0,
+      headers: token ? { Authorization: `Bearer ${token}` } : void 0,
       token,
       type
     };
   }
+};
+let SingleInstanceGithubCredentialsProvider = _SingleInstanceGithubCredentialsProvider;
+SingleInstanceGithubCredentialsProvider.create = (config) => {
+  return new _SingleInstanceGithubCredentialsProvider(new GithubAppCredentialsMux(config), config.token);
+};
+
+class DefaultGithubCredentialsProvider {
+  constructor(providers) {
+    this.providers = providers;
+  }
+  static fromIntegrations(integrations) {
+    const credentialsProviders = /* @__PURE__ */ new Map();
+    integrations.github.list().forEach((integration) => {
+      const credentialsProvider = SingleInstanceGithubCredentialsProvider.create(integration.config);
+      credentialsProviders.set(integration.config.host, credentialsProvider);
+    });
+    return new DefaultGithubCredentialsProvider(credentialsProviders);
+  }
+  async getCredentials(opts) {
+    const parsed = new URL(opts.url);
+    const provider = this.providers.get(parsed.host);
+    if (!provider) {
+      throw new Error(`There is no GitHub integration that matches ${opts.url}. Please add a configuration for an integration.`);
+    }
+    return provider.getCredentials(opts);
+  }
 }
 
 const _GitHubIntegration = class {
@@ -683,7 +711,7 @@ const _GitHubIntegration = class {
   }
 };
 let GitHubIntegration = _GitHubIntegration;
-GitHubIntegration.factory = ({config}) => {
+GitHubIntegration.factory = ({ config }) => {
   var _a;
   const configs = readGitHubIntegrationConfigs((_a = config.getOptionalConfigArray("integrations.github")) != null ? _a : []);
   return basicIntegrations(configs.map((c) => new _GitHubIntegration(c)), (i) => i.config.host);
@@ -720,7 +748,7 @@ function readGitLabIntegrationConfig(config) {
   } else if (!isValidUrl(baseUrl)) {
     throw new Error(`Invalid GitLab integration config, '${baseUrl}' is not a valid baseUrl`);
   }
-  return {host, token, apiBaseUrl, baseUrl};
+  return { host, token, apiBaseUrl, baseUrl };
 }
 function readGitLabIntegrationConfigs(configs) {
   const result = configs.map(readGitLabIntegrationConfig);
@@ -742,7 +770,7 @@ async function getGitLabFileFetchUrl(url, config) {
   return buildRawUrl(url).toString();
 }
 function getGitLabRequestOptions(config) {
-  const {token = ""} = config;
+  const { token = "" } = config;
   return {
     headers: {
       "PRIVATE-TOKEN": token
@@ -788,7 +816,7 @@ async function getProjectId(target, config) {
   try {
     const repo = url.pathname.split("/-/blob/")[0];
     const repoIDLookup = new URL(`${url.protocol + url.hostname}/api/v4/projects/${encodeURIComponent(repo.replace(/^\//, ""))}`);
-    const response = await fetch__default['default'](repoIDLookup.toString(), getGitLabRequestOptions(config));
+    const response = await fetch__default["default"](repoIDLookup.toString(), getGitLabRequestOptions(config));
     const data = await response.json();
     if (!response.ok) {
       throw new Error(`GitLab Error '${data.error}', ${data.error_description}`);
@@ -820,7 +848,7 @@ const _GitLabIntegration = class {
   }
 };
 let GitLabIntegration = _GitLabIntegration;
-GitLabIntegration.factory = ({config}) => {
+GitLabIntegration.factory = ({ config }) => {
   var _a;
   const configs = readGitLabIntegrationConfigs((_a = config.getOptionalConfigArray("integrations.gitlab")) != null ? _a : []);
   return basicIntegrations(configs.map((c) => new _GitLabIntegration(c)), (i) => i.config.host);
@@ -838,20 +866,41 @@ function readGoogleGcsIntegrationConfig(config) {
   }
   const privateKey = config.getString("privateKey").split("\\n").join("\n");
   const clientEmail = config.getString("clientEmail");
-  return {clientEmail, privateKey};
+  return { clientEmail, privateKey };
 }
 
 const AMAZON_AWS_HOST = "amazonaws.com";
 function readAwsS3IntegrationConfig(config) {
   var _a;
-  const host = (_a = config.getOptionalString("host")) != null ? _a : AMAZON_AWS_HOST;
+  const endpoint = config.getOptionalString("endpoint");
+  const s3ForcePathStyle = (_a = config.getOptionalBoolean("s3ForcePathStyle")) != null ? _a : false;
+  let host;
+  let pathname;
+  if (endpoint) {
+    try {
+      const url = new URL(endpoint);
+      host = url.host;
+      pathname = url.pathname;
+    } catch {
+      throw new Error(`invalid awsS3 integration config, endpoint '${endpoint}' is not a valid URL`);
+    }
+    if (pathname !== "/") {
+      throw new Error(`invalid awsS3 integration config, endpoints cannot contain path, got '${endpoint}'`);
+    }
+  } else {
+    host = AMAZON_AWS_HOST;
+  }
   const accessKeyId = config.getOptionalString("accessKeyId");
   const secretAccessKey = config.getOptionalString("secretAccessKey");
   const roleArn = config.getOptionalString("roleArn");
-  if (!isValidHost(host)) {
-    throw new Error(`Invalid awsS3 integration config, '${host}' is not a valid host`);
-  }
-  return {host, accessKeyId, secretAccessKey, roleArn};
+  return {
+    host,
+    endpoint,
+    s3ForcePathStyle,
+    accessKeyId,
+    secretAccessKey,
+    roleArn
+  };
 }
 function readAwsS3IntegrationConfigs(configs) {
   const result = configs.map(readAwsS3IntegrationConfig);
@@ -885,7 +934,7 @@ const _AwsS3Integration = class {
   }
 };
 let AwsS3Integration = _AwsS3Integration;
-AwsS3Integration.factory = ({config}) => {
+AwsS3Integration.factory = ({ config }) => {
   var _a;
   const configs = readAwsS3IntegrationConfigs((_a = config.getOptionalConfigArray("integrations.awsS3")) != null ? _a : []);
   return basicIntegrations(configs.map((c) => new _AwsS3Integration(c)), (i) => i.config.host);
@@ -894,11 +943,11 @@ AwsS3Integration.factory = ({config}) => {
 class ScmIntegrations {
   static fromConfig(config) {
     return new ScmIntegrations({
-      awsS3: AwsS3Integration.factory({config}),
-      azure: AzureIntegration.factory({config}),
-      bitbucket: BitbucketIntegration.factory({config}),
-      github: GitHubIntegration.factory({config}),
-      gitlab: GitLabIntegration.factory({config})
+      awsS3: AwsS3Integration.factory({ config }),
+      azure: AzureIntegration.factory({ config }),
+      bitbucket: BitbucketIntegration.factory({ config }),
+      github: GitHubIntegration.factory({ config }),
+      gitlab: GitLabIntegration.factory({ config })
     });
   }
   constructor(integrationsByType) {
@@ -947,11 +996,12 @@ class ScmIntegrations {
 exports.AwsS3Integration = AwsS3Integration;
 exports.AzureIntegration = AzureIntegration;
 exports.BitbucketIntegration = BitbucketIntegration;
+exports.DefaultGithubCredentialsProvider = DefaultGithubCredentialsProvider;
 exports.GitHubIntegration = GitHubIntegration;
 exports.GitLabIntegration = GitLabIntegration;
 exports.GithubAppCredentialsMux = GithubAppCredentialsMux;
-exports.GithubCredentialsProvider = GithubCredentialsProvider;
 exports.ScmIntegrations = ScmIntegrations;
+exports.SingleInstanceGithubCredentialsProvider = SingleInstanceGithubCredentialsProvider;
 exports.defaultScmResolveUrl = defaultScmResolveUrl;
 exports.getAzureCommitsUrl = getAzureCommitsUrl;
 exports.getAzureDownloadUrl = getAzureDownloadUrl;