npm - @backstage/plugin-catalog-backend-module-msgraph - Versions diffs - 0.0.0-nightly-202181722143 - Mend

@backstage/plugin-catalog-backend-module-msgraph 0.0.0-nightly-202181722143

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,77 @@
+# @backstage/plugin-catalog-backend-module-msgraph
+## 0.0.0-nightly-202181722143
+### Patch Changes
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.0.0-nightly-202181722143
+## 0.2.3
+### Patch Changes
+- 77cdc5a84: Pass along a `UserTransformer` to the read step
+- be498d22f: Pass along a `OrganizationTransformer` to the read step
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.13.3
+  - @backstage/config@0.1.7
+## 0.2.2
+### Patch Changes
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.13.0
+## 0.2.1
+### Patch Changes
+- Updated dependencies
+  - @backstage/catalog-model@0.9.0
+  - @backstage/plugin-catalog-backend@0.12.0
+## 0.2.0
+### Minor Changes
+- 115473c08: Handle error gracefully if failure occurs while loading photos using Microsoft Graph API.
+  This includes a breaking change: you now have to pass the `options` object to `readMicrosoftGraphUsers` and `readMicrosoftGraphOrg`.
+### Patch Changes
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.11.0
+## 0.1.1
+### Patch Changes
+- 127048f92: Move `MicrosoftGraphOrgReaderProcessor` from `@backstage/plugin-catalog-backend`
+  to `@backstage/plugin-catalog-backend-module-msgraph`.
+  The `MicrosoftGraphOrgReaderProcessor` isn't registered by default anymore, if
+  you want to continue using it you have to register it manually at the catalog
+  builder:
+  1. Add dependency to `@backstage/plugin-catalog-backend-module-msgraph` to the `package.json` of your backend.
+  2. Add the processor to the catalog builder:
+  ```typescript
+  // packages/backend/src/plugins/catalog.ts
+  builder.addProcessor(
+    MicrosoftGraphOrgReaderProcessor.fromConfig(config, {
+      logger,
+    }),
+  );
+  ```
+  For more configuration details, see the [README of the `@backstage/plugin-catalog-backend-module-msgraph` package](https://github.com/backstage/backstage/blob/master/plugins/catalog-backend-module-msgraph/README.md).
+- 127048f92: Allow customizations of `MicrosoftGraphOrgReaderProcessor` by passing an
+  optional `groupTransformer`, `userTransformer`, and `organizationTransformer`.
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.10.4
+  - @backstage/catalog-model@0.8.4

package/README.md ADDED Viewed

@@ -0,0 +1,118 @@
+# Catalog Backend Module for Microsoft Graph
+This is an extension module to the `plugin-catalog-backend` plugin, providing a
+`MicrosoftGraphOrgReaderProcessor` that can be used to ingest organization data
+from the Microsoft Graph API. This processor is useful if you want to import
+users and groups from Azure Active Directory or Office 365.
+## Getting Started
+1. The processor is not installed by default, therefore you have to add a
+   dependency to `@backstage/plugin-catalog-backend-module-msgraph` to your
+   backend package.
+```bash
+# From your Backstage root directory
+cd packages/backend
+yarn add @backstage/plugin-catalog-backend-module-msgraph
+```
+2. The `MicrosoftGraphOrgReaderProcessor` is not registered by default, so you
+   have to register it in the catalog plugin:
+```typescript
+// packages/backend/src/plugins/catalog.ts
+builder.addProcessor(
+  MicrosoftGraphOrgReaderProcessor.fromConfig(config, {
+    logger,
+  }),
+);
+```
+3. Create or use an existing App registration in the [Microsoft Azure Portal](https://portal.azure.com/).
+   The App registration requires at least the API permissions `Group.Read.All`,
+   `GroupMember.Read.All`, `User.Read` and `User.Read.All` for Microsoft Graph
+   (if you still run into errors about insufficient privileges, add
+   `Team.ReadBasic.All` and `TeamMember.Read.All` too).
+4. Configure the processor:
+```yaml
+# app-config.yaml
+catalog:
+  processors:
+    microsoftGraphOrg:
+      providers:
+        - target: https://graph.microsoft.com/v1.0
+          authority: https://login.microsoftonline.com
+          # If you don't know you tenantId, you can use Microsoft Graph Explorer
+          # to query it
+          tenantId: ${MICROSOFT_GRAPH_TENANT_ID}
+          # Client Id and Secret can be created under Certificates & secrets in
+          # the App registration in the Microsoft Azure Portal.
+          clientId: ${MICROSOFT_GRAPH_CLIENT_ID}
+          clientSecret: ${MICROSOFT_GRAPH_CLIENT_SECRET_TOKEN}
+          # Optional filter for user, see Microsoft Graph API for the syntax
+          # See https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties
+          # and for the syntax https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter
+          userFilter: accountEnabled eq true and userType eq 'member'
+          # Optional filter for group, see Microsoft Graph API for the syntax
+          # See https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+          groupFilter: securityEnabled eq false and mailEnabled eq true and groupTypes/any(c:c+eq+'Unified')
+```
+5. Add a location that ingests from Microsoft Graph:
+```yaml
+# app-config.yaml
+catalog:
+  locations:
+    - type: microsoft-graph-org
+      target: https://graph.microsoft.com/v1.0
+      # If you catalog doesn't allow to import Group and User entities by
+      # default, allow them here
+      rules:
+        - allow: [Group, User]
+    …
+```
+## Customize the Processor
+In case you want to customize the ingested entities, the `MicrosoftGraphOrgReaderProcessor`
+allows to pass transformers for users, groups and the organization.
+1. Create a transformer:
+```ts
+export async function myGroupTransformer(
+  group: MicrosoftGraph.Group,
+  groupPhoto?: string,
+): Promise<GroupEntity | undefined> {
+  if (
+    (
+      group as unknown as {
+        creationOptions: string[];
+      }
+    ).creationOptions.includes('ProvisionGroupHomepage')
+  ) {
+    return undefined;
+  }
+  // Transformations may change namespace, change entity naming pattern, fill
+  // profile with more or other details...
+  // Create the group entity on your own, or wrap the default transformer
+  return await defaultGroupTransformer(group, groupPhoto);
+}
+```
+2. Configure the processor with the transformer:
+```ts
+builder.addProcessor(
+  MicrosoftGraphOrgReaderProcessor.fromConfig(config, {
+    logger,
+    groupTransformer: myGroupTransformer,
+  }),
+);
+```

package/config.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/*
+ * Copyright 2020 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export interface Config {
+  /**
+   * Configuration options for the catalog plugin.
+   */
+  catalog?: {
+    /**
+     * List of processor-specific options and attributes
+     */
+    processors?: {
+      /**
+       * MicrosoftGraphOrgReaderProcessor configuration
+       */
+      microsoftGraphOrg?: {
+        /**
+         * The configuration parameters for each single Microsoft Graph provider.
+         */
+        providers: Array<{
+          /**
+           * The prefix of the target that this matches on, e.g.
+           * "https://graph.microsoft.com/v1.0", with no trailing slash.
+           */
+          target: string;
+          /**
+           * The auth authority used.
+           *
+           * Default value "https://login.microsoftonline.com"
+           */
+          authority?: string;
+          /**
+           * The tenant whose org data we are interested in.
+           */
+          tenantId: string;
+          /**
+           * The OAuth client ID to use for authenticating requests.
+           */
+          clientId: string;
+          /**
+           * The OAuth client secret to use for authenticating requests.
+           *
+           * @visibility secret
+           */
+          clientSecret: string;
+          // TODO: Consider not making these config options and pass them in the
+          // constructor instead. They are probably not environment specifc, so
+          // they could also be configured "in code".
+          /**
+           * The filter to apply to extract users.
+           *
+           * E.g. "accountEnabled eq true and userType eq 'member'"
+           */
+          userFilter?: string;
+          /**
+           * The filter to apply to extract groups.
+           *
+           * E.g. "securityEnabled eq false and mailEnabled eq true"
+           */
+          groupFilter?: string;
+        }>;
+      };
+    };
+  };
+}

package/dist/index.cjs.js ADDED Viewed

@@ -0,0 +1,552 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var pluginCatalogBackend = require('@backstage/plugin-catalog-backend');
+var msal = require('@azure/msal-node');
+var fetch = require('cross-fetch');
+var qs = require('qs');
+var catalogModel = require('@backstage/catalog-model');
+var limiterFactory = require('p-limit');
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () {
+            return e[k];
+          }
+        });
+      }
+    });
+  }
+  n['default'] = e;
+  return Object.freeze(n);
+}
+var msal__namespace = /*#__PURE__*/_interopNamespace(msal);
+var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
+var qs__default = /*#__PURE__*/_interopDefaultLegacy(qs);
+var limiterFactory__default = /*#__PURE__*/_interopDefaultLegacy(limiterFactory);
+class MicrosoftGraphClient {
+  constructor(baseUrl, pca) {
+    this.baseUrl = baseUrl;
+    this.pca = pca;
+  }
+  static create(config) {
+    const clientConfig = {
+      auth: {
+        clientId: config.clientId,
+        clientSecret: config.clientSecret,
+        authority: `${config.authority}/${config.tenantId}`
+      }
+    };
+    const pca = new msal__namespace.ConfidentialClientApplication(clientConfig);
+    return new MicrosoftGraphClient(config.target, pca);
+  }
+  async *requestCollection(path, query) {
+    let response = await this.requestApi(path, query);
+    for (; ; ) {
+      if (response.status !== 200) {
+        await this.handleError(path, response);
+      }
+      const result = await response.json();
+      const elements = result.value;
+      yield* elements;
+      if (!result["@odata.nextLink"]) {
+        return;
+      }
+      response = await this.requestRaw(result["@odata.nextLink"]);
+    }
+  }
+  async requestApi(path, query) {
+    var _a, _b;
+    const queryString = qs__default['default'].stringify({
+      $filter: query == null ? void 0 : query.filter,
+      $select: (_a = query == null ? void 0 : query.select) == null ? void 0 : _a.join(","),
+      $expand: (_b = query == null ? void 0 : query.expand) == null ? void 0 : _b.join(",")
+    }, {
+      addQueryPrefix: true,
+      encode: false
+    });
+    return await this.requestRaw(`${this.baseUrl}/${path}${queryString}`);
+  }
+  async requestRaw(url) {
+    const token = await this.pca.acquireTokenByClientCredential({
+      scopes: ["https://graph.microsoft.com/.default"]
+    });
+    if (!token) {
+      throw new Error("Error while requesting token for Microsoft Graph");
+    }
+    return await fetch__default['default'](url, {
+      headers: {
+        Authorization: `Bearer ${token.accessToken}`
+      }
+    });
+  }
+  async getUserProfile(userId) {
+    const response = await this.requestApi(`users/${userId}`);
+    if (response.status !== 200) {
+      await this.handleError("user profile", response);
+    }
+    return await response.json();
+  }
+  async getUserPhotoWithSizeLimit(userId, maxSize) {
+    return await this.getPhotoWithSizeLimit("users", userId, maxSize);
+  }
+  async getUserPhoto(userId, sizeId) {
+    return await this.getPhoto("users", userId, sizeId);
+  }
+  async *getUsers(query) {
+    yield* this.requestCollection(`users`, query);
+  }
+  async getGroupPhotoWithSizeLimit(groupId, maxSize) {
+    return await this.getPhotoWithSizeLimit("groups", groupId, maxSize);
+  }
+  async getGroupPhoto(groupId, sizeId) {
+    return await this.getPhoto("groups", groupId, sizeId);
+  }
+  async *getGroups(query) {
+    yield* this.requestCollection(`groups`, query);
+  }
+  async *getGroupMembers(groupId) {
+    yield* this.requestCollection(`groups/${groupId}/members`);
+  }
+  async getOrganization(tenantId) {
+    const response = await this.requestApi(`organization/${tenantId}`);
+    if (response.status !== 200) {
+      await this.handleError(`organization/${tenantId}`, response);
+    }
+    return await response.json();
+  }
+  async getPhotoWithSizeLimit(entityName, id, maxSize) {
+    const response = await this.requestApi(`${entityName}/${id}/photos`);
+    if (response.status === 404) {
+      return void 0;
+    } else if (response.status !== 200) {
+      await this.handleError(`${entityName} photos`, response);
+    }
+    const result = await response.json();
+    const photos = result.value;
+    let selectedPhoto = void 0;
+    for (const p of photos) {
+      if (!selectedPhoto || p.height >= selectedPhoto.height && p.height <= maxSize) {
+        selectedPhoto = p;
+      }
+    }
+    if (!selectedPhoto) {
+      return void 0;
+    }
+    return await this.getPhoto(entityName, id, selectedPhoto.id);
+  }
+  async getPhoto(entityName, id, sizeId) {
+    const path = sizeId ? `${entityName}/${id}/photos/${sizeId}/$value` : `${entityName}/${id}/photo/$value`;
+    const response = await this.requestApi(path);
+    if (response.status === 404) {
+      return void 0;
+    } else if (response.status !== 200) {
+      await this.handleError("photo", response);
+    }
+    return `data:image/jpeg;base64,${Buffer.from(await response.arrayBuffer()).toString("base64")}`;
+  }
+  async handleError(path, response) {
+    const result = await response.json();
+    const error = result.error;
+    throw new Error(`Error while reading ${path} from Microsoft Graph: ${error.code} - ${error.message}`);
+  }
+}
+function readMicrosoftGraphConfig(config) {
+  var _a, _b;
+  const providers = [];
+  const providerConfigs = (_a = config.getOptionalConfigArray("providers")) != null ? _a : [];
+  for (const providerConfig of providerConfigs) {
+    const target = providerConfig.getString("target").replace(/\/+$/, "");
+    const authority = ((_b = providerConfig.getOptionalString("authority")) == null ? void 0 : _b.replace(/\/+$/, "")) || "https://login.microsoftonline.com";
+    const tenantId = providerConfig.getString("tenantId");
+    const clientId = providerConfig.getString("clientId");
+    const clientSecret = providerConfig.getString("clientSecret");
+    const userFilter = providerConfig.getOptionalString("userFilter");
+    const groupFilter = providerConfig.getOptionalString("groupFilter");
+    providers.push({
+      target,
+      authority,
+      tenantId,
+      clientId,
+      clientSecret,
+      userFilter,
+      groupFilter
+    });
+  }
+  return providers;
+}
+const MICROSOFT_GRAPH_TENANT_ID_ANNOTATION = "graph.microsoft.com/tenant-id";
+const MICROSOFT_GRAPH_GROUP_ID_ANNOTATION = "graph.microsoft.com/group-id";
+const MICROSOFT_GRAPH_USER_ID_ANNOTATION = "graph.microsoft.com/user-id";
+function normalizeEntityName(name) {
+  return name.trim().toLocaleLowerCase().replace(/[^a-zA-Z0-9_\-\.]/g, "_");
+}
+function buildOrgHierarchy(groups) {
+  const groupsByName = new Map(groups.map((g) => [g.metadata.name, g]));
+  for (const group of groups) {
+    const selfName = group.metadata.name;
+    const parentName = group.spec.parent;
+    if (parentName) {
+      const parent = groupsByName.get(parentName);
+      if (parent && !parent.spec.children.includes(selfName)) {
+        parent.spec.children.push(selfName);
+      }
+    }
+  }
+  for (const group of groups) {
+    const selfName = group.metadata.name;
+    for (const childName of group.spec.children) {
+      const child = groupsByName.get(childName);
+      if (child && !child.spec.parent) {
+        child.spec.parent = selfName;
+      }
+    }
+  }
+}
+function buildMemberOf(groups, users) {
+  const groupsByName = new Map(groups.map((g) => [g.metadata.name, g]));
+  users.forEach((user) => {
+    const transitiveMemberOf = new Set();
+    const todo = [
+      ...user.spec.memberOf,
+      ...groups.filter((g) => {
+        var _a;
+        return (_a = g.spec.members) == null ? void 0 : _a.includes(user.metadata.name);
+      }).map((g) => g.metadata.name)
+    ];
+    for (; ; ) {
+      const current = todo.pop();
+      if (!current) {
+        break;
+      }
+      if (!transitiveMemberOf.has(current)) {
+        transitiveMemberOf.add(current);
+        const group = groupsByName.get(current);
+        if (group == null ? void 0 : group.spec.parent) {
+          todo.push(group.spec.parent);
+        }
+      }
+    }
+    user.spec.memberOf = [...transitiveMemberOf];
+  });
+}
+async function defaultUserTransformer(user, userPhoto) {
+  if (!user.id || !user.displayName || !user.mail) {
+    return void 0;
+  }
+  const name = normalizeEntityName(user.mail);
+  const entity = {
+    apiVersion: "backstage.io/v1alpha1",
+    kind: "User",
+    metadata: {
+      name,
+      annotations: {
+        [MICROSOFT_GRAPH_USER_ID_ANNOTATION]: user.id
+      }
+    },
+    spec: {
+      profile: {
+        displayName: user.displayName,
+        email: user.mail
+      },
+      memberOf: []
+    }
+  };
+  if (userPhoto) {
+    entity.spec.profile.picture = userPhoto;
+  }
+  return entity;
+}
+async function readMicrosoftGraphUsers(client, options) {
+  var _a;
+  const users = [];
+  const limiter = limiterFactory__default['default'](10);
+  const transformer = (_a = options == null ? void 0 : options.transformer) != null ? _a : defaultUserTransformer;
+  const promises = [];
+  for await (const user of client.getUsers({
+    filter: options.userFilter
+  })) {
+    promises.push(limiter(async () => {
+      let userPhoto;
+      try {
+        userPhoto = await client.getUserPhotoWithSizeLimit(user.id, 120);
+      } catch (e) {
+        options.logger.warn(`Unable to load photo for ${user.id}`);
+      }
+      const entity = await transformer(user, userPhoto);
+      if (!entity) {
+        return;
+      }
+      users.push(entity);
+    }));
+  }
+  await Promise.all(promises);
+  return {users};
+}
+async function defaultOrganizationTransformer(organization) {
+  if (!organization.id || !organization.displayName) {
+    return void 0;
+  }
+  const name = normalizeEntityName(organization.displayName);
+  return {
+    apiVersion: "backstage.io/v1alpha1",
+    kind: "Group",
+    metadata: {
+      name,
+      description: organization.displayName,
+      annotations: {
+        [MICROSOFT_GRAPH_TENANT_ID_ANNOTATION]: organization.id
+      }
+    },
+    spec: {
+      type: "root",
+      profile: {
+        displayName: organization.displayName
+      },
+      children: []
+    }
+  };
+}
+async function readMicrosoftGraphOrganization(client, tenantId, options) {
+  var _a;
+  const organization = await client.getOrganization(tenantId);
+  const transformer = (_a = options == null ? void 0 : options.transformer) != null ? _a : defaultOrganizationTransformer;
+  const rootGroup = await transformer(organization);
+  return {rootGroup};
+}
+async function defaultGroupTransformer(group, groupPhoto) {
+  if (!group.id || !group.displayName) {
+    return void 0;
+  }
+  const name = normalizeEntityName(group.mailNickname || group.displayName);
+  const entity = {
+    apiVersion: "backstage.io/v1alpha1",
+    kind: "Group",
+    metadata: {
+      name,
+      annotations: {
+        [MICROSOFT_GRAPH_GROUP_ID_ANNOTATION]: group.id
+      }
+    },
+    spec: {
+      type: "team",
+      profile: {},
+      children: []
+    }
+  };
+  if (group.description) {
+    entity.metadata.description = group.description;
+  }
+  if (group.displayName) {
+    entity.spec.profile.displayName = group.displayName;
+  }
+  if (group.mail) {
+    entity.spec.profile.email = group.mail;
+  }
+  if (groupPhoto) {
+    entity.spec.profile.picture = groupPhoto;
+  }
+  return entity;
+}
+async function readMicrosoftGraphGroups(client, tenantId, options) {
+  var _a;
+  const groups = [];
+  const groupMember = new Map();
+  const groupMemberOf = new Map();
+  const limiter = limiterFactory__default['default'](10);
+  const {rootGroup} = await readMicrosoftGraphOrganization(client, tenantId, {
+    transformer: options == null ? void 0 : options.organizationTransformer
+  });
+  if (rootGroup) {
+    groupMember.set(rootGroup.metadata.name, new Set());
+    groups.push(rootGroup);
+  }
+  const transformer = (_a = options == null ? void 0 : options.groupTransformer) != null ? _a : defaultGroupTransformer;
+  const promises = [];
+  for await (const group of client.getGroups({
+    filter: options == null ? void 0 : options.groupFilter
+  })) {
+    promises.push(limiter(async () => {
+      const entity = await transformer(group);
+      if (!entity) {
+        return;
+      }
+      for await (const member of client.getGroupMembers(group.id)) {
+        if (!member.id) {
+          continue;
+        }
+        if (member["@odata.type"] === "#microsoft.graph.user") {
+          ensureItem(groupMemberOf, member.id, group.id);
+        }
+        if (member["@odata.type"] === "#microsoft.graph.group") {
+          ensureItem(groupMember, group.id, member.id);
+        }
+      }
+      groups.push(entity);
+    }));
+  }
+  await Promise.all(promises);
+  return {
+    groups,
+    rootGroup,
+    groupMember,
+    groupMemberOf
+  };
+}
+function resolveRelations(rootGroup, groups, users, groupMember, groupMemberOf) {
+  const groupMap = new Map();
+  for (const group of groups) {
+    if (group.metadata.annotations[MICROSOFT_GRAPH_GROUP_ID_ANNOTATION]) {
+      groupMap.set(group.metadata.annotations[MICROSOFT_GRAPH_GROUP_ID_ANNOTATION], group);
+    }
+    if (group.metadata.annotations[MICROSOFT_GRAPH_TENANT_ID_ANNOTATION]) {
+      groupMap.set(group.metadata.annotations[MICROSOFT_GRAPH_TENANT_ID_ANNOTATION], group);
+    }
+  }
+  const parentGroups = new Map();
+  groupMember.forEach((members, groupId) => members.forEach((m) => ensureItem(parentGroups, m, groupId)));
+  if (rootGroup) {
+    const tenantId = rootGroup.metadata.annotations[MICROSOFT_GRAPH_TENANT_ID_ANNOTATION];
+    groups.forEach((group) => {
+      const groupId = group.metadata.annotations[MICROSOFT_GRAPH_GROUP_ID_ANNOTATION];
+      if (!groupId) {
+        return;
+      }
+      if (retrieveItems(parentGroups, groupId).size === 0) {
+        ensureItem(parentGroups, groupId, tenantId);
+        ensureItem(groupMember, tenantId, groupId);
+      }
+    });
+  }
+  groups.forEach((group) => {
+    var _a;
+    const id = (_a = group.metadata.annotations[MICROSOFT_GRAPH_GROUP_ID_ANNOTATION]) != null ? _a : group.metadata.annotations[MICROSOFT_GRAPH_TENANT_ID_ANNOTATION];
+    retrieveItems(groupMember, id).forEach((m) => {
+      const childGroup = groupMap.get(m);
+      if (childGroup) {
+        group.spec.children.push(catalogModel.stringifyEntityRef(childGroup));
+      }
+    });
+    retrieveItems(parentGroups, id).forEach((p) => {
+      const parentGroup = groupMap.get(p);
+      if (parentGroup) {
+        group.spec.parent = catalogModel.stringifyEntityRef(parentGroup);
+      }
+    });
+  });
+  buildOrgHierarchy(groups);
+  users.forEach((user) => {
+    const id = user.metadata.annotations[MICROSOFT_GRAPH_USER_ID_ANNOTATION];
+    retrieveItems(groupMemberOf, id).forEach((p) => {
+      const parentGroup = groupMap.get(p);
+      if (parentGroup) {
+        user.spec.memberOf.push(catalogModel.stringifyEntityRef(parentGroup));
+      }
+    });
+  });
+  buildMemberOf(groups, users);
+}
+async function readMicrosoftGraphOrg(client, tenantId, options) {
+  const {users} = await readMicrosoftGraphUsers(client, {
+    userFilter: options.userFilter,
+    transformer: options.userTransformer,
+    logger: options.logger
+  });
+  const {groups, rootGroup, groupMember, groupMemberOf} = await readMicrosoftGraphGroups(client, tenantId, {
+    groupFilter: options == null ? void 0 : options.groupFilter,
+    groupTransformer: options == null ? void 0 : options.groupTransformer,
+    organizationTransformer: options == null ? void 0 : options.organizationTransformer
+  });
+  resolveRelations(rootGroup, groups, users, groupMember, groupMemberOf);
+  users.sort((a, b) => a.metadata.name.localeCompare(b.metadata.name));
+  groups.sort((a, b) => a.metadata.name.localeCompare(b.metadata.name));
+  return {users, groups};
+}
+function ensureItem(target, key, value) {
+  let set = target.get(key);
+  if (!set) {
+    set = new Set();
+    target.set(key, set);
+  }
+  set.add(value);
+}
+function retrieveItems(target, key) {
+  var _a;
+  return (_a = target.get(key)) != null ? _a : new Set();
+}
+class MicrosoftGraphOrgReaderProcessor {
+  static fromConfig(config, options) {
+    const c = config.getOptionalConfig("catalog.processors.microsoftGraphOrg");
+    return new MicrosoftGraphOrgReaderProcessor({
+      ...options,
+      providers: c ? readMicrosoftGraphConfig(c) : []
+    });
+  }
+  constructor(options) {
+    this.providers = options.providers;
+    this.logger = options.logger;
+    this.userTransformer = options.userTransformer;
+    this.groupTransformer = options.groupTransformer;
+    this.organizationTransformer = options.organizationTransformer;
+  }
+  async readLocation(location, _optional, emit) {
+    if (location.type !== "microsoft-graph-org") {
+      return false;
+    }
+    const provider = this.providers.find((p) => location.target.startsWith(p.target));
+    if (!provider) {
+      throw new Error(`There is no Microsoft Graph Org provider that matches ${location.target}. Please add a configuration entry for it under catalog.processors.microsoftGraphOrg.providers.`);
+    }
+    const startTimestamp = Date.now();
+    this.logger.info("Reading Microsoft Graph users and groups");
+    const client = MicrosoftGraphClient.create(provider);
+    const {users, groups} = await readMicrosoftGraphOrg(client, provider.tenantId, {
+      userFilter: provider.userFilter,
+      groupFilter: provider.groupFilter,
+      userTransformer: this.userTransformer,
+      groupTransformer: this.groupTransformer,
+      organizationTransformer: this.organizationTransformer,
+      logger: this.logger
+    });
+    const duration = ((Date.now() - startTimestamp) / 1e3).toFixed(1);
+    this.logger.debug(`Read ${users.length} users and ${groups.length} groups from Microsoft Graph in ${duration} seconds`);
+    for (const group of groups) {
+      emit(pluginCatalogBackend.results.entity(location, group));
+    }
+    for (const user of users) {
+      emit(pluginCatalogBackend.results.entity(location, user));
+    }
+    return true;
+  }
+}
+exports.MICROSOFT_GRAPH_GROUP_ID_ANNOTATION = MICROSOFT_GRAPH_GROUP_ID_ANNOTATION;
+exports.MICROSOFT_GRAPH_TENANT_ID_ANNOTATION = MICROSOFT_GRAPH_TENANT_ID_ANNOTATION;
+exports.MICROSOFT_GRAPH_USER_ID_ANNOTATION = MICROSOFT_GRAPH_USER_ID_ANNOTATION;
+exports.MicrosoftGraphClient = MicrosoftGraphClient;
+exports.MicrosoftGraphOrgReaderProcessor = MicrosoftGraphOrgReaderProcessor;
+exports.defaultGroupTransformer = defaultGroupTransformer;
+exports.defaultOrganizationTransformer = defaultOrganizationTransformer;
+exports.defaultUserTransformer = defaultUserTransformer;
+exports.normalizeEntityName = normalizeEntityName;
+exports.readMicrosoftGraphConfig = readMicrosoftGraphConfig;
+exports.readMicrosoftGraphOrg = readMicrosoftGraphOrg;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.cjs.js","sources":["../src/microsoftGraph/client.ts","../src/microsoftGraph/config.ts","../src/microsoftGraph/constants.ts","../src/microsoftGraph/helper.ts","../src/microsoftGraph/org.ts","../src/microsoftGraph/read.ts","../src/processors/MicrosoftGraphOrgReaderProcessor.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport * as msal from '@azure/msal-node';\nimport * as MicrosoftGraph from '@microsoft/microsoft-graph-types';\nimport fetch from 'cross-fetch';\nimport qs from 'qs';\nimport { MicrosoftGraphProviderConfig } from './config';\n\nexport type ODataQuery = {\n filter?: string;\n expand?: string[];\n select?: string[];\n};\n\nexport type GroupMember =\n | (MicrosoftGraph.Group & { '@odata.type': '#microsoft.graph.user' })\n | (MicrosoftGraph.User & { '@odata.type': '#microsoft.graph.group' });\n\nexport class MicrosoftGraphClient {\n static create(config: MicrosoftGraphProviderConfig): MicrosoftGraphClient {\n const clientConfig: msal.Configuration = {\n auth: {\n clientId: config.clientId,\n clientSecret: config.clientSecret,\n authority: `${config.authority}/${config.tenantId}`,\n },\n };\n const pca = new msal.ConfidentialClientApplication(clientConfig);\n return new MicrosoftGraphClient(config.target, pca);\n }\n\n constructor(\n private readonly baseUrl: string,\n private readonly pca: msal.ConfidentialClientApplication,\n ) {}\n\n async *requestCollection<T>(\n path: string,\n query?: ODataQuery,\n ): AsyncIterable<T> {\n let response = await this.requestApi(path, query);\n\n for (;;) {\n if (response.status !== 200) {\n await this.handleError(path, response);\n }\n\n const result = await response.json();\n const elements: T[] = result.value;\n\n yield* elements;\n\n // Follow cursor to the next page if one is available\n if (!result['@odata.nextLink']) {\n return;\n }\n\n response = await this.requestRaw(result['@odata.nextLink']);\n }\n }\n\n async requestApi(path: string, query?: ODataQuery): Promise<Response> {\n const queryString = qs.stringify(\n {\n $filter: query?.filter,\n $select: query?.select?.join(','),\n $expand: query?.expand?.join(','),\n },\n {\n addQueryPrefix: true,\n // Microsoft Graph doesn't like an encoded query string\n encode: false,\n },\n );\n\n return await this.requestRaw(`${this.baseUrl}/${path}${queryString}`);\n }\n\n async requestRaw(url: string): Promise<Response> {\n // Make sure that we always have a valid access token (might be cached)\n const token = await this.pca.acquireTokenByClientCredential({\n scopes: ['https://graph.microsoft.com/.default'],\n });\n\n if (!token) {\n throw new Error('Error while requesting token for Microsoft Graph');\n }\n\n return await fetch(url, {\n headers: {\n Authorization: `Bearer ${token.accessToken}`,\n },\n });\n }\n\n async getUserProfile(userId: string): Promise<MicrosoftGraph.User> {\n const response = await this.requestApi(`users/${userId}`);\n\n if (response.status !== 200) {\n await this.handleError('user profile', response);\n }\n\n return await response.json();\n }\n\n async getUserPhotoWithSizeLimit(\n userId: string,\n maxSize: number,\n ): Promise<string | undefined> {\n return await this.getPhotoWithSizeLimit('users', userId, maxSize);\n }\n\n async getUserPhoto(\n userId: string,\n sizeId?: string,\n ): Promise<string | undefined> {\n return await this.getPhoto('users', userId, sizeId);\n }\n\n async *getUsers(query?: ODataQuery): AsyncIterable<MicrosoftGraph.User> {\n yield* this.requestCollection<MicrosoftGraph.User>(`users`, query);\n }\n\n async getGroupPhotoWithSizeLimit(\n groupId: string,\n maxSize: number,\n ): Promise<string | undefined> {\n return await this.getPhotoWithSizeLimit('groups', groupId, maxSize);\n }\n\n async getGroupPhoto(\n groupId: string,\n sizeId?: string,\n ): Promise<string | undefined> {\n return await this.getPhoto('groups', groupId, sizeId);\n }\n\n async *getGroups(query?: ODataQuery): AsyncIterable<MicrosoftGraph.Group> {\n yield* this.requestCollection<MicrosoftGraph.Group>(`groups`, query);\n }\n\n async *getGroupMembers(groupId: string): AsyncIterable<GroupMember> {\n yield* this.requestCollection<GroupMember>(`groups/${groupId}/members`);\n }\n\n async getOrganization(\n tenantId: string,\n ): Promise<MicrosoftGraph.Organization> {\n const response = await this.requestApi(`organization/${tenantId}`);\n\n if (response.status !== 200) {\n await this.handleError(`organization/${tenantId}`, response);\n }\n\n return await response.json();\n }\n\n private async getPhotoWithSizeLimit(\n entityName: string,\n id: string,\n maxSize: number,\n ): Promise<string | undefined> {\n const response = await this.requestApi(`${entityName}/${id}/photos`);\n\n if (response.status === 404) {\n return undefined;\n } else if (response.status !== 200) {\n await this.handleError(`${entityName} photos`, response);\n }\n\n const result = await response.json();\n const photos = result.value as MicrosoftGraph.ProfilePhoto[];\n let selectedPhoto: MicrosoftGraph.ProfilePhoto | undefined = undefined;\n\n // Find the biggest picture that is smaller than the max size\n for (const p of photos) {\n if (\n !selectedPhoto ||\n (p.height! >= selectedPhoto.height! && p.height! <= maxSize)\n ) {\n selectedPhoto = p;\n }\n }\n\n if (!selectedPhoto) {\n return undefined;\n }\n\n return await this.getPhoto(entityName, id, selectedPhoto.id!);\n }\n\n private async getPhoto(\n entityName: string,\n id: string,\n sizeId?: string,\n ): Promise<string | undefined> {\n const path = sizeId\n ? `${entityName}/${id}/photos/${sizeId}/$value`\n : `${entityName}/${id}/photo/$value`;\n const response = await this.requestApi(path);\n\n if (response.status === 404) {\n return undefined;\n } else if (response.status !== 200) {\n await this.handleError('photo', response);\n }\n\n return `data:image/jpeg;base64,${Buffer.from(\n await response.arrayBuffer(),\n ).toString('base64')}`;\n }\n\n private async handleError(path: string, response: Response): Promise<void> {\n const result = await response.json();\n const error = result.error as MicrosoftGraph.PublicError;\n\n throw new Error(\n `Error while reading ${path} from Microsoft Graph: ${error.code} - ${error.message}`,\n );\n }\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\n\n/**\n * The configuration parameters for a single Microsoft Graph provider.\n */\nexport type MicrosoftGraphProviderConfig = {\n /**\n * The prefix of the target that this matches on, e.g.\n * \"https://graph.microsoft.com/v1.0\", with no trailing slash.\n */\n target: string;\n /**\n * The auth authority used.\n *\n * E.g. \"https://login.microsoftonline.com\"\n */\n authority?: string;\n /**\n * The tenant whose org data we are interested in.\n */\n tenantId: string;\n /**\n * The OAuth client ID to use for authenticating requests.\n */\n clientId: string;\n /**\n * The OAuth client secret to use for authenticating requests.\n *\n * @visibility secret\n */\n clientSecret: string;\n /**\n * The filter to apply to extract users.\n *\n * E.g. \"accountEnabled eq true and userType eq 'member'\"\n */\n userFilter?: string;\n /**\n * The filter to apply to extract groups.\n *\n * E.g. \"securityEnabled eq false and mailEnabled eq true\"\n */\n groupFilter?: string;\n};\n\nexport function readMicrosoftGraphConfig(\n config: Config,\n): MicrosoftGraphProviderConfig[] {\n const providers: MicrosoftGraphProviderConfig[] = [];\n const providerConfigs = config.getOptionalConfigArray('providers') ?? [];\n\n for (const providerConfig of providerConfigs) {\n const target = providerConfig.getString('target').replace(/\\/+$/, '');\n const authority =\n providerConfig.getOptionalString('authority')?.replace(/\\/+$/, '') ||\n 'https://login.microsoftonline.com';\n const tenantId = providerConfig.getString('tenantId');\n const clientId = providerConfig.getString('clientId');\n const clientSecret = providerConfig.getString('clientSecret');\n const userFilter = providerConfig.getOptionalString('userFilter');\n const groupFilter = providerConfig.getOptionalString('groupFilter');\n\n providers.push({\n target,\n authority,\n tenantId,\n clientId,\n clientSecret,\n userFilter,\n groupFilter,\n });\n }\n\n return providers;\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * The tenant id used by the Microsoft Graph API\n */\nexport const MICROSOFT_GRAPH_TENANT_ID_ANNOTATION =\n 'graph.microsoft.com/tenant-id';\n\n/**\n * The group id used by the Microsoft Graph API\n */\nexport const MICROSOFT_GRAPH_GROUP_ID_ANNOTATION =\n 'graph.microsoft.com/group-id';\n\n/**\n * The user id used by the Microsoft Graph API\n */\nexport const MICROSOFT_GRAPH_USER_ID_ANNOTATION = 'graph.microsoft.com/user-id';\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport function normalizeEntityName(name: string): string {\n return name\n .trim()\n .toLocaleLowerCase()\n .replace(/[^a-zA-Z0-9_\\-\\.]/g, '_');\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { GroupEntity, UserEntity } from '@backstage/catalog-model';\n\n// TODO: Copied from plugin-catalog-backend, but we could also export them from\n// there. Or move them to catalog-model.\n\nexport function buildOrgHierarchy(groups: GroupEntity[]) {\n const groupsByName = new Map(groups.map(g => [g.metadata.name, g]));\n\n //\n // Make sure that g.parent.children contain g\n //\n\n for (const group of groups) {\n const selfName = group.metadata.name;\n const parentName = group.spec.parent;\n if (parentName) {\n const parent = groupsByName.get(parentName);\n if (parent && !parent.spec.children.includes(selfName)) {\n parent.spec.children.push(selfName);\n }\n }\n }\n\n //\n // Make sure that g.children.parent is g\n //\n\n for (const group of groups) {\n const selfName = group.metadata.name;\n for (const childName of group.spec.children) {\n const child = groupsByName.get(childName);\n if (child && !child.spec.parent) {\n child.spec.parent = selfName;\n }\n }\n }\n}\n\n// Ensure that users have their transitive group memberships. Requires that\n// the groups were previously processed with buildOrgHierarchy()\nexport function buildMemberOf(groups: GroupEntity[], users: UserEntity[]) {\n const groupsByName = new Map(groups.map(g => [g.metadata.name, g]));\n\n users.forEach(user => {\n const transitiveMemberOf = new Set<string>();\n\n const todo = [\n ...user.spec.memberOf,\n ...groups\n .filter(g => g.spec.members?.includes(user.metadata.name))\n .map(g => g.metadata.name),\n ];\n\n for (;;) {\n const current = todo.pop();\n if (!current) {\n break;\n }\n\n if (!transitiveMemberOf.has(current)) {\n transitiveMemberOf.add(current);\n const group = groupsByName.get(current);\n if (group?.spec.parent) {\n todo.push(group.spec.parent);\n }\n }\n }\n\n user.spec.memberOf = [...transitiveMemberOf];\n });\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n GroupEntity,\n stringifyEntityRef,\n UserEntity,\n} from '@backstage/catalog-model';\nimport * as MicrosoftGraph from '@microsoft/microsoft-graph-types';\nimport limiterFactory from 'p-limit';\nimport { Logger } from 'winston';\nimport { MicrosoftGraphClient } from './client';\nimport {\n MICROSOFT_GRAPH_GROUP_ID_ANNOTATION,\n MICROSOFT_GRAPH_TENANT_ID_ANNOTATION,\n MICROSOFT_GRAPH_USER_ID_ANNOTATION,\n} from './constants';\nimport { normalizeEntityName } from './helper';\nimport { buildMemberOf, buildOrgHierarchy } from './org';\nimport {\n GroupTransformer,\n OrganizationTransformer,\n UserTransformer,\n} from './types';\n\nexport async function defaultUserTransformer(\n user: MicrosoftGraph.User,\n userPhoto?: string,\n): Promise<UserEntity | undefined> {\n if (!user.id || !user.displayName || !user.mail) {\n return undefined;\n }\n\n const name = normalizeEntityName(user.mail);\n const entity: UserEntity = {\n apiVersion: 'backstage.io/v1alpha1',\n kind: 'User',\n metadata: {\n name,\n annotations: {\n [MICROSOFT_GRAPH_USER_ID_ANNOTATION]: user.id!,\n },\n },\n spec: {\n profile: {\n displayName: user.displayName!,\n email: user.mail!,\n\n // TODO: Additional fields?\n // jobTitle: user.jobTitle || undefined,\n // officeLocation: user.officeLocation || undefined,\n // mobilePhone: user.mobilePhone || undefined,\n },\n memberOf: [],\n },\n };\n\n if (userPhoto) {\n entity.spec.profile!.picture = userPhoto;\n }\n\n return entity;\n}\n\nexport async function readMicrosoftGraphUsers(\n client: MicrosoftGraphClient,\n options: {\n userFilter?: string;\n transformer?: UserTransformer;\n logger: Logger;\n },\n): Promise<{\n users: UserEntity[]; // With all relations empty\n}> {\n const users: UserEntity[] = [];\n const limiter = limiterFactory(10);\n\n const transformer = options?.transformer ?? defaultUserTransformer;\n const promises: Promise<void>[] = [];\n\n for await (const user of client.getUsers({\n filter: options.userFilter,\n })) {\n // Process all users in parallel, otherwise it can take quite some time\n promises.push(\n limiter(async () => {\n let userPhoto;\n try {\n userPhoto = await client.getUserPhotoWithSizeLimit(\n user.id!,\n // We are limiting the photo size, as users with full resolution photos\n // can make the Backstage API slow\n 120,\n );\n } catch (e) {\n options.logger.warn(`Unable to load photo for ${user.id}`);\n }\n\n const entity = await transformer(user, userPhoto);\n\n if (!entity) {\n return;\n }\n\n users.push(entity);\n }),\n );\n }\n\n // Wait for all users and photos to be downloaded\n await Promise.all(promises);\n\n return { users };\n}\n\nexport async function defaultOrganizationTransformer(\n organization: MicrosoftGraph.Organization,\n): Promise<GroupEntity | undefined> {\n if (!organization.id || !organization.displayName) {\n return undefined;\n }\n\n const name = normalizeEntityName(organization.displayName!);\n return {\n apiVersion: 'backstage.io/v1alpha1',\n kind: 'Group',\n metadata: {\n name: name,\n description: organization.displayName!,\n annotations: {\n [MICROSOFT_GRAPH_TENANT_ID_ANNOTATION]: organization.id!,\n },\n },\n spec: {\n type: 'root',\n profile: {\n displayName: organization.displayName!,\n },\n children: [],\n },\n };\n}\n\nexport async function readMicrosoftGraphOrganization(\n client: MicrosoftGraphClient,\n tenantId: string,\n options?: { transformer?: OrganizationTransformer },\n): Promise<{\n rootGroup?: GroupEntity; // With all relations empty\n}> {\n // For now we expect a single root organization\n const organization = await client.getOrganization(tenantId);\n const transformer = options?.transformer ?? defaultOrganizationTransformer;\n const rootGroup = await transformer(organization);\n\n return { rootGroup };\n}\n\nexport async function defaultGroupTransformer(\n group: MicrosoftGraph.Group,\n groupPhoto?: string,\n): Promise<GroupEntity | undefined> {\n if (!group.id || !group.displayName) {\n return undefined;\n }\n\n const name = normalizeEntityName(group.mailNickname || group.displayName);\n const entity: GroupEntity = {\n apiVersion: 'backstage.io/v1alpha1',\n kind: 'Group',\n metadata: {\n name: name,\n annotations: {\n [MICROSOFT_GRAPH_GROUP_ID_ANNOTATION]: group.id,\n },\n },\n spec: {\n type: 'team',\n profile: {},\n children: [],\n },\n };\n\n if (group.description) {\n entity.metadata.description = group.description;\n }\n if (group.displayName) {\n entity.spec.profile!.displayName = group.displayName;\n }\n if (group.mail) {\n entity.spec.profile!.email = group.mail;\n }\n if (groupPhoto) {\n entity.spec.profile!.picture = groupPhoto;\n }\n\n return entity;\n}\n\nexport async function readMicrosoftGraphGroups(\n client: MicrosoftGraphClient,\n tenantId: string,\n options?: {\n groupFilter?: string;\n groupTransformer?: GroupTransformer;\n organizationTransformer?: OrganizationTransformer;\n },\n): Promise<{\n groups: GroupEntity[]; // With all relations empty\n rootGroup: GroupEntity | undefined; // With all relations empty\n groupMember: Map<string, Set<string>>;\n groupMemberOf: Map<string, Set<string>>;\n}> {\n const groups: GroupEntity[] = [];\n const groupMember: Map<string, Set<string>> = new Map();\n const groupMemberOf: Map<string, Set<string>> = new Map();\n const limiter = limiterFactory(10);\n\n const { rootGroup } = await readMicrosoftGraphOrganization(client, tenantId, {\n transformer: options?.organizationTransformer,\n });\n if (rootGroup) {\n groupMember.set(rootGroup.metadata.name, new Set<string>());\n groups.push(rootGroup);\n }\n\n const transformer = options?.groupTransformer ?? defaultGroupTransformer;\n const promises: Promise<void>[] = [];\n\n for await (const group of client.getGroups({\n filter: options?.groupFilter,\n })) {\n // Process all groups in parallel, otherwise it can take quite some time\n promises.push(\n limiter(async () => {\n // TODO: Loading groups photos doesn't work right now as Microsoft Graph\n // doesn't allows this yet: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/37884922-allow-application-to-set-or-update-a-group-s-photo\n /* const groupPhoto = await client.getGroupPhotoWithSizeLimit(\n group.id!,\n // We are limiting the photo size, as groups with full resolution photos\n // can make the Backstage API slow\n 120,\n );*/\n\n const entity = await transformer(group /* , groupPhoto*/);\n\n if (!entity) {\n return;\n }\n\n for await (const member of client.getGroupMembers(group.id!)) {\n if (!member.id) {\n continue;\n }\n\n if (member['@odata.type'] === '#microsoft.graph.user') {\n ensureItem(groupMemberOf, member.id, group.id!);\n }\n\n if (member['@odata.type'] === '#microsoft.graph.group') {\n ensureItem(groupMember, group.id!, member.id);\n }\n }\n\n groups.push(entity);\n }),\n );\n }\n\n // Wait for all group members and photos to be loaded\n await Promise.all(promises);\n\n return {\n groups,\n rootGroup,\n groupMember,\n groupMemberOf,\n };\n}\n\nexport function resolveRelations(\n rootGroup: GroupEntity | undefined,\n groups: GroupEntity[],\n users: UserEntity[],\n groupMember: Map<string, Set<string>>,\n groupMemberOf: Map<string, Set<string>>,\n) {\n // Build reference lookup tables, we reference them by the id the the graph\n const groupMap: Map<string, GroupEntity> = new Map(); // by group-id or tenant-id\n\n for (const group of groups) {\n if (group.metadata.annotations![MICROSOFT_GRAPH_GROUP_ID_ANNOTATION]) {\n groupMap.set(\n group.metadata.annotations![MICROSOFT_GRAPH_GROUP_ID_ANNOTATION],\n group,\n );\n }\n if (group.metadata.annotations![MICROSOFT_GRAPH_TENANT_ID_ANNOTATION]) {\n groupMap.set(\n group.metadata.annotations![MICROSOFT_GRAPH_TENANT_ID_ANNOTATION],\n group,\n );\n }\n }\n\n // Resolve all member relationships into the reverse direction\n const parentGroups = new Map<string, Set<string>>();\n\n groupMember.forEach((members, groupId) =>\n members.forEach(m => ensureItem(parentGroups, m, groupId)),\n );\n\n // Make sure every group (except root) has at least one parent. If the parent is missing, add the root.\n if (rootGroup) {\n const tenantId =\n rootGroup.metadata.annotations![MICROSOFT_GRAPH_TENANT_ID_ANNOTATION];\n\n groups.forEach(group => {\n const groupId =\n group.metadata.annotations![MICROSOFT_GRAPH_GROUP_ID_ANNOTATION];\n\n if (!groupId) {\n return;\n }\n\n if (retrieveItems(parentGroups, groupId).size === 0) {\n ensureItem(parentGroups, groupId, tenantId);\n ensureItem(groupMember, tenantId, groupId);\n }\n });\n }\n\n groups.forEach(group => {\n const id =\n group.metadata.annotations![MICROSOFT_GRAPH_GROUP_ID_ANNOTATION] ??\n group.metadata.annotations![MICROSOFT_GRAPH_TENANT_ID_ANNOTATION];\n\n retrieveItems(groupMember, id).forEach(m => {\n const childGroup = groupMap.get(m);\n if (childGroup) {\n group.spec.children.push(stringifyEntityRef(childGroup));\n }\n });\n\n retrieveItems(parentGroups, id).forEach(p => {\n const parentGroup = groupMap.get(p);\n if (parentGroup) {\n // TODO: Only having a single parent group might not match every companies model, but fine for now.\n group.spec.parent = stringifyEntityRef(parentGroup);\n }\n });\n });\n\n // Make sure that all groups have proper parents and children\n buildOrgHierarchy(groups);\n\n // Set relations for all users\n users.forEach(user => {\n const id = user.metadata.annotations![MICROSOFT_GRAPH_USER_ID_ANNOTATION];\n\n retrieveItems(groupMemberOf, id).forEach(p => {\n const parentGroup = groupMap.get(p);\n if (parentGroup) {\n user.spec.memberOf.push(stringifyEntityRef(parentGroup));\n }\n });\n });\n\n // Make sure all transitive memberships are available\n buildMemberOf(groups, users);\n}\n\nexport async function readMicrosoftGraphOrg(\n client: MicrosoftGraphClient,\n tenantId: string,\n options: {\n userFilter?: string;\n groupFilter?: string;\n userTransformer?: UserTransformer;\n groupTransformer?: GroupTransformer;\n organizationTransformer?: OrganizationTransformer;\n logger: Logger;\n },\n): Promise<{ users: UserEntity[]; groups: GroupEntity[] }> {\n const { users } = await readMicrosoftGraphUsers(client, {\n userFilter: options.userFilter,\n transformer: options.userTransformer,\n logger: options.logger,\n });\n const { groups, rootGroup, groupMember, groupMemberOf } =\n await readMicrosoftGraphGroups(client, tenantId, {\n groupFilter: options?.groupFilter,\n groupTransformer: options?.groupTransformer,\n organizationTransformer: options?.organizationTransformer,\n });\n\n resolveRelations(rootGroup, groups, users, groupMember, groupMemberOf);\n users.sort((a, b) => a.metadata.name.localeCompare(b.metadata.name));\n groups.sort((a, b) => a.metadata.name.localeCompare(b.metadata.name));\n\n return { users, groups };\n}\n\nfunction ensureItem(\n target: Map<string, Set<string>>,\n key: string,\n value: string,\n) {\n let set = target.get(key);\n if (!set) {\n set = new Set();\n target.set(key, set);\n }\n set!.add(value);\n}\n\nfunction retrieveItems(\n target: Map<string, Set<string>>,\n key: string,\n): Set<string> {\n return target.get(key) ?? new Set();\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { LocationSpec } from '@backstage/catalog-model';\nimport { Config } from '@backstage/config';\nimport {\n CatalogProcessor,\n CatalogProcessorEmit,\n results,\n} from '@backstage/plugin-catalog-backend';\nimport { Logger } from 'winston';\nimport {\n GroupTransformer,\n MicrosoftGraphClient,\n MicrosoftGraphProviderConfig,\n OrganizationTransformer,\n readMicrosoftGraphConfig,\n readMicrosoftGraphOrg,\n UserTransformer,\n} from '../microsoftGraph';\n\n/**\n * Extracts teams and users out of a the Microsoft Graph API.\n */\nexport class MicrosoftGraphOrgReaderProcessor implements CatalogProcessor {\n private readonly providers: MicrosoftGraphProviderConfig[];\n private readonly logger: Logger;\n private readonly userTransformer?: UserTransformer;\n private readonly groupTransformer?: GroupTransformer;\n private readonly organizationTransformer?: OrganizationTransformer;\n\n static fromConfig(\n config: Config,\n options: {\n logger: Logger;\n userTransformer?: UserTransformer;\n groupTransformer?: GroupTransformer;\n organizationTransformer?: OrganizationTransformer;\n },\n ) {\n const c = config.getOptionalConfig('catalog.processors.microsoftGraphOrg');\n return new MicrosoftGraphOrgReaderProcessor({\n ...options,\n providers: c ? readMicrosoftGraphConfig(c) : [],\n });\n }\n\n constructor(options: {\n providers: MicrosoftGraphProviderConfig[];\n logger: Logger;\n userTransformer?: UserTransformer;\n groupTransformer?: GroupTransformer;\n organizationTransformer?: OrganizationTransformer;\n }) {\n this.providers = options.providers;\n this.logger = options.logger;\n this.userTransformer = options.userTransformer;\n this.groupTransformer = options.groupTransformer;\n this.organizationTransformer = options.organizationTransformer;\n }\n\n async readLocation(\n location: LocationSpec,\n _optional: boolean,\n emit: CatalogProcessorEmit,\n ): Promise<boolean> {\n if (location.type !== 'microsoft-graph-org') {\n return false;\n }\n\n const provider = this.providers.find(p =>\n location.target.startsWith(p.target),\n );\n if (!provider) {\n throw new Error(\n `There is no Microsoft Graph Org provider that matches ${location.target}. Please add a configuration entry for it under catalog.processors.microsoftGraphOrg.providers.`,\n );\n }\n\n // Read out all of the raw data\n const startTimestamp = Date.now();\n this.logger.info('Reading Microsoft Graph users and groups');\n\n // We create a client each time as we need one that matches the specific provider\n const client = MicrosoftGraphClient.create(provider);\n const { users, groups } = await readMicrosoftGraphOrg(\n client,\n provider.tenantId,\n {\n userFilter: provider.userFilter,\n groupFilter: provider.groupFilter,\n userTransformer: this.userTransformer,\n groupTransformer: this.groupTransformer,\n organizationTransformer: this.organizationTransformer,\n logger: this.logger,\n },\n );\n\n const duration = ((Date.now() - startTimestamp) / 1000).toFixed(1);\n this.logger.debug(\n `Read ${users.length} users and ${groups.length} groups from Microsoft Graph in ${duration} seconds`,\n );\n\n // Done!\n for (const group of groups) {\n emit(results.entity(location, group));\n }\n for (const user of users) {\n emit(results.entity(location, user));\n }\n\n return true;\n }\n}\n"],"names":["msal","qs","fetch","limiterFactory","stringifyEntityRef","results"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAgCkC;AAAA,EAahC,YACmB,SACA,KACjB;AAFiB;AACA;AAAA;AAAA,SAdZ,OAAO,QAA4D;AACxE,UAAM,eAAmC;AAAA,MACvC,MAAM;AAAA,QACJ,UAAU,OAAO;AAAA,QACjB,cAAc,OAAO;AAAA,QACrB,WAAW,GAAG,OAAO,aAAa,OAAO;AAAA;AAAA;AAG7C,UAAM,MAAM,IAAIA,gBAAK,8BAA8B;AACnD,WAAO,IAAI,qBAAqB,OAAO,QAAQ;AAAA;AAAA,SAQ1C,kBACL,MACA,OACkB;AAClB,QAAI,WAAW,MAAM,KAAK,WAAW,MAAM;AAE3C,eAAS;AACP,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,KAAK,YAAY,MAAM;AAAA;AAG/B,YAAM,SAAS,MAAM,SAAS;AAC9B,YAAM,WAAgB,OAAO;AAE7B,aAAO;AAGP,UAAI,CAAC,OAAO,oBAAoB;AAC9B;AAAA;AAGF,iBAAW,MAAM,KAAK,WAAW,OAAO;AAAA;AAAA;AAAA,QAItC,WAAW,MAAc,OAAuC;AA3ExE;AA4EI,UAAM,cAAcC,uBAAG,UACrB;AAAA,MACE,SAAS,+BAAO;AAAA,MAChB,SAAS,qCAAO,WAAP,mBAAe,KAAK;AAAA,MAC7B,SAAS,qCAAO,WAAP,mBAAe,KAAK;AAAA,OAE/B;AAAA,MACE,gBAAgB;AAAA,MAEhB,QAAQ;AAAA;AAIZ,WAAO,MAAM,KAAK,WAAW,GAAG,KAAK,WAAW,OAAO;AAAA;AAAA,QAGnD,WAAW,KAAgC;AAE/C,UAAM,QAAQ,MAAM,KAAK,IAAI,+BAA+B;AAAA,MAC1D,QAAQ,CAAC;AAAA;AAGX,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM;AAAA;AAGlB,WAAO,MAAMC,0BAAM,KAAK;AAAA,MACtB,SAAS;AAAA,QACP,eAAe,UAAU,MAAM;AAAA;AAAA;AAAA;AAAA,QAK/B,eAAe,QAA8C;AACjE,UAAM,WAAW,MAAM,KAAK,WAAW,SAAS;AAEhD,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,KAAK,YAAY,gBAAgB;AAAA;AAGzC,WAAO,MAAM,SAAS;AAAA;AAAA,QAGlB,0BACJ,QACA,SAC6B;AAC7B,WAAO,MAAM,KAAK,sBAAsB,SAAS,QAAQ;AAAA;AAAA,QAGrD,aACJ,QACA,QAC6B;AAC7B,WAAO,MAAM,KAAK,SAAS,SAAS,QAAQ;AAAA;AAAA,SAGvC,SAAS,OAAwD;AACtE,WAAO,KAAK,kBAAuC,SAAS;AAAA;AAAA,QAGxD,2BACJ,SACA,SAC6B;AAC7B,WAAO,MAAM,KAAK,sBAAsB,UAAU,SAAS;AAAA;AAAA,QAGvD,cACJ,SACA,QAC6B;AAC7B,WAAO,MAAM,KAAK,SAAS,UAAU,SAAS;AAAA;AAAA,SAGzC,UAAU,OAAyD;AACxE,WAAO,KAAK,kBAAwC,UAAU;AAAA;AAAA,SAGzD,gBAAgB,SAA6C;AAClE,WAAO,KAAK,kBAA+B,UAAU;AAAA;AAAA,QAGjD,gBACJ,UACsC;AACtC,UAAM,WAAW,MAAM,KAAK,WAAW,gBAAgB;AAEvD,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,KAAK,YAAY,gBAAgB,YAAY;AAAA;AAGrD,WAAO,MAAM,SAAS;AAAA;AAAA,QAGV,sBACZ,YACA,IACA,SAC6B;AAC7B,UAAM,WAAW,MAAM,KAAK,WAAW,GAAG,cAAc;AAExD,QAAI,SAAS,WAAW,KAAK;AAC3B,aAAO;AAAA,eACE,SAAS,WAAW,KAAK;AAClC,YAAM,KAAK,YAAY,GAAG,qBAAqB;AAAA;AAGjD,UAAM,SAAS,MAAM,SAAS;AAC9B,UAAM,SAAS,OAAO;AACtB,QAAI,gBAAyD;AAG7D,eAAW,KAAK,QAAQ;AACtB,UACE,CAAC,iBACA,EAAE,UAAW,cAAc,UAAW,EAAE,UAAW,SACpD;AACA,wBAAgB;AAAA;AAAA;AAIpB,QAAI,CAAC,eAAe;AAClB,aAAO;AAAA;AAGT,WAAO,MAAM,KAAK,SAAS,YAAY,IAAI,cAAc;AAAA;AAAA,QAG7C,SACZ,YACA,IACA,QAC6B;AAC7B,UAAM,OAAO,SACT,GAAG,cAAc,aAAa,kBAC9B,GAAG,cAAc;AACrB,UAAM,WAAW,MAAM,KAAK,WAAW;AAEvC,QAAI,SAAS,WAAW,KAAK;AAC3B,aAAO;AAAA,eACE,SAAS,WAAW,KAAK;AAClC,YAAM,KAAK,YAAY,SAAS;AAAA;AAGlC,WAAO,0BAA0B,OAAO,KACtC,MAAM,SAAS,eACf,SAAS;AAAA;AAAA,QAGC,YAAY,MAAc,UAAmC;AACzE,UAAM,SAAS,MAAM,SAAS;AAC9B,UAAM,QAAQ,OAAO;AAErB,UAAM,IAAI,MACR,uBAAuB,8BAA8B,MAAM,UAAU,MAAM;AAAA;AAAA;;kCCzK/E,QACgC;AA/DlC;AAgEE,QAAM,YAA4C;AAClD,QAAM,kBAAkB,aAAO,uBAAuB,iBAA9B,YAA8C;AAEtE,aAAW,kBAAkB,iBAAiB;AAC5C,UAAM,SAAS,eAAe,UAAU,UAAU,QAAQ,QAAQ;AAClE,UAAM,YACJ,sBAAe,kBAAkB,iBAAjC,mBAA+C,QAAQ,QAAQ,QAC/D;AACF,UAAM,WAAW,eAAe,UAAU;AAC1C,UAAM,WAAW,eAAe,UAAU;AAC1C,UAAM,eAAe,eAAe,UAAU;AAC9C,UAAM,aAAa,eAAe,kBAAkB;AACpD,UAAM,cAAc,eAAe,kBAAkB;AAErD,cAAU,KAAK;AAAA,MACb;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAIJ,SAAO;AAAA;;MCtEI,uCACX;MAKW,sCACX;MAKW,qCAAqC;;6BCfd,MAAsB;AACxD,SAAO,KACJ,OACA,oBACA,QAAQ,sBAAsB;AAAA;;2BCCD,QAAuB;AACvD,QAAM,eAAe,IAAI,IAAI,OAAO,IAAI,OAAK,CAAC,EAAE,SAAS,MAAM;AAM/D,aAAW,SAAS,QAAQ;AAC1B,UAAM,WAAW,MAAM,SAAS;AAChC,UAAM,aAAa,MAAM,KAAK;AAC9B,QAAI,YAAY;AACd,YAAM,SAAS,aAAa,IAAI;AAChC,UAAI,UAAU,CAAC,OAAO,KAAK,SAAS,SAAS,WAAW;AACtD,eAAO,KAAK,SAAS,KAAK;AAAA;AAAA;AAAA;AAShC,aAAW,SAAS,QAAQ;AAC1B,UAAM,WAAW,MAAM,SAAS;AAChC,eAAW,aAAa,MAAM,KAAK,UAAU;AAC3C,YAAM,QAAQ,aAAa,IAAI;AAC/B,UAAI,SAAS,CAAC,MAAM,KAAK,QAAQ;AAC/B,cAAM,KAAK,SAAS;AAAA;AAAA;AAAA;AAAA;uBAQE,QAAuB,OAAqB;AACxE,QAAM,eAAe,IAAI,IAAI,OAAO,IAAI,OAAK,CAAC,EAAE,SAAS,MAAM;AAE/D,QAAM,QAAQ,UAAQ;AACpB,UAAM,qBAAqB,IAAI;AAE/B,UAAM,OAAO;AAAA,MACX,GAAG,KAAK,KAAK;AAAA,MACb,GAAG,OACA,OAAO,OAAE;AAjElB;AAiEqB,uBAAE,KAAK,YAAP,mBAAgB,SAAS,KAAK,SAAS;AAAA,SACnD,IAAI,OAAK,EAAE,SAAS;AAAA;AAGzB,eAAS;AACP,YAAM,UAAU,KAAK;AACrB,UAAI,CAAC,SAAS;AACZ;AAAA;AAGF,UAAI,CAAC,mBAAmB,IAAI,UAAU;AACpC,2BAAmB,IAAI;AACvB,cAAM,QAAQ,aAAa,IAAI;AAC/B,YAAI,+BAAO,KAAK,QAAQ;AACtB,eAAK,KAAK,MAAM,KAAK;AAAA;AAAA;AAAA;AAK3B,SAAK,KAAK,WAAW,CAAC,GAAG;AAAA;AAAA;;sCC9C3B,MACA,WACiC;AACjC,MAAI,CAAC,KAAK,MAAM,CAAC,KAAK,eAAe,CAAC,KAAK,MAAM;AAC/C,WAAO;AAAA;AAGT,QAAM,OAAO,oBAAoB,KAAK;AACtC,QAAM,SAAqB;AAAA,IACzB,YAAY;AAAA,IACZ,MAAM;AAAA,IACN,UAAU;AAAA,MACR;AAAA,MACA,aAAa;AAAA,SACV,qCAAqC,KAAK;AAAA;AAAA;AAAA,IAG/C,MAAM;AAAA,MACJ,SAAS;AAAA,QACP,aAAa,KAAK;AAAA,QAClB,OAAO,KAAK;AAAA;AAAA,MAOd,UAAU;AAAA;AAAA;AAId,MAAI,WAAW;AACb,WAAO,KAAK,QAAS,UAAU;AAAA;AAGjC,SAAO;AAAA;uCAIP,QACA,SAOC;AArFH;AAsFE,QAAM,QAAsB;AAC5B,QAAM,UAAUC,mCAAe;AAE/B,QAAM,cAAc,yCAAS,gBAAT,YAAwB;AAC5C,QAAM,WAA4B;AAElC,mBAAiB,QAAQ,OAAO,SAAS;AAAA,IACvC,QAAQ,QAAQ;AAAA,MACd;AAEF,aAAS,KACP,QAAQ,YAAY;AAClB,UAAI;AACJ,UAAI;AACF,oBAAY,MAAM,OAAO,0BACvB,KAAK,IAGL;AAAA,eAEK,GAAP;AACA,gBAAQ,OAAO,KAAK,4BAA4B,KAAK;AAAA;AAGvD,YAAM,SAAS,MAAM,YAAY,MAAM;AAEvC,UAAI,CAAC,QAAQ;AACX;AAAA;AAGF,YAAM,KAAK;AAAA;AAAA;AAMjB,QAAM,QAAQ,IAAI;AAElB,SAAO,CAAE;AAAA;8CAIT,cACkC;AAClC,MAAI,CAAC,aAAa,MAAM,CAAC,aAAa,aAAa;AACjD,WAAO;AAAA;AAGT,QAAM,OAAO,oBAAoB,aAAa;AAC9C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,MAAM;AAAA,IACN,UAAU;AAAA,MACR;AAAA,MACA,aAAa,aAAa;AAAA,MAC1B,aAAa;AAAA,SACV,uCAAuC,aAAa;AAAA;AAAA;AAAA,IAGzD,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,SAAS;AAAA,QACP,aAAa,aAAa;AAAA;AAAA,MAE5B,UAAU;AAAA;AAAA;AAAA;8CAMd,QACA,UACA,SAGC;AAjKH;AAmKE,QAAM,eAAe,MAAM,OAAO,gBAAgB;AAClD,QAAM,cAAc,yCAAS,gBAAT,YAAwB;AAC5C,QAAM,YAAY,MAAM,YAAY;AAEpC,SAAO,CAAE;AAAA;uCAIT,OACA,YACkC;AAClC,MAAI,CAAC,MAAM,MAAM,CAAC,MAAM,aAAa;AACnC,WAAO;AAAA;AAGT,QAAM,OAAO,oBAAoB,MAAM,gBAAgB,MAAM;AAC7D,QAAM,SAAsB;AAAA,IAC1B,YAAY;AAAA,IACZ,MAAM;AAAA,IACN,UAAU;AAAA,MACR;AAAA,MACA,aAAa;AAAA,SACV,sCAAsC,MAAM;AAAA;AAAA;AAAA,IAGjD,MAAM;AAAA,MACJ,MAAM;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA;AAAA;AAId,MAAI,MAAM,aAAa;AACrB,WAAO,SAAS,cAAc,MAAM;AAAA;AAEtC,MAAI,MAAM,aAAa;AACrB,WAAO,KAAK,QAAS,cAAc,MAAM;AAAA;AAE3C,MAAI,MAAM,MAAM;AACd,WAAO,KAAK,QAAS,QAAQ,MAAM;AAAA;AAErC,MAAI,YAAY;AACd,WAAO,KAAK,QAAS,UAAU;AAAA;AAGjC,SAAO;AAAA;wCAIP,QACA,UACA,SAUC;AAhOH;AAiOE,QAAM,SAAwB;AAC9B,QAAM,cAAwC,IAAI;AAClD,QAAM,gBAA0C,IAAI;AACpD,QAAM,UAAUA,mCAAe;AAE/B,QAAM,CAAE,aAAc,MAAM,+BAA+B,QAAQ,UAAU;AAAA,IAC3E,aAAa,mCAAS;AAAA;AAExB,MAAI,WAAW;AACb,gBAAY,IAAI,UAAU,SAAS,MAAM,IAAI;AAC7C,WAAO,KAAK;AAAA;AAGd,QAAM,cAAc,yCAAS,qBAAT,YAA6B;AACjD,QAAM,WAA4B;AAElC,mBAAiB,SAAS,OAAO,UAAU;AAAA,IACzC,QAAQ,mCAAS;AAAA,MACf;AAEF,aAAS,KACP,QAAQ,YAAY;AAUlB,YAAM,SAAS,MAAM,YAAY;AAEjC,UAAI,CAAC,QAAQ;AACX;AAAA;AAGF,uBAAiB,UAAU,OAAO,gBAAgB,MAAM,KAAM;AAC5D,YAAI,CAAC,OAAO,IAAI;AACd;AAAA;AAGF,YAAI,OAAO,mBAAmB,yBAAyB;AACrD,qBAAW,eAAe,OAAO,IAAI,MAAM;AAAA;AAG7C,YAAI,OAAO,mBAAmB,0BAA0B;AACtD,qBAAW,aAAa,MAAM,IAAK,OAAO;AAAA;AAAA;AAI9C,aAAO,KAAK;AAAA;AAAA;AAMlB,QAAM,QAAQ,IAAI;AAElB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA;0BAKF,WACA,QACA,OACA,aACA,eACA;AAEA,QAAM,WAAqC,IAAI;AAE/C,aAAW,SAAS,QAAQ;AAC1B,QAAI,MAAM,SAAS,YAAa,sCAAsC;AACpE,eAAS,IACP,MAAM,SAAS,YAAa,sCAC5B;AAAA;AAGJ,QAAI,MAAM,SAAS,YAAa,uCAAuC;AACrE,eAAS,IACP,MAAM,SAAS,YAAa,uCAC5B;AAAA;AAAA;AAMN,QAAM,eAAe,IAAI;AAEzB,cAAY,QAAQ,CAAC,SAAS,YAC5B,QAAQ,QAAQ,OAAK,WAAW,cAAc,GAAG;AAInD,MAAI,WAAW;AACb,UAAM,WACJ,UAAU,SAAS,YAAa;AAElC,WAAO,QAAQ,WAAS;AACtB,YAAM,UACJ,MAAM,SAAS,YAAa;AAE9B,UAAI,CAAC,SAAS;AACZ;AAAA;AAGF,UAAI,cAAc,cAAc,SAAS,SAAS,GAAG;AACnD,mBAAW,cAAc,SAAS;AAClC,mBAAW,aAAa,UAAU;AAAA;AAAA;AAAA;AAKxC,SAAO,QAAQ,WAAS;AAxV1B;AAyVI,UAAM,KACJ,YAAM,SAAS,YAAa,yCAA5B,YACA,MAAM,SAAS,YAAa;AAE9B,kBAAc,aAAa,IAAI,QAAQ,OAAK;AAC1C,YAAM,aAAa,SAAS,IAAI;AAChC,UAAI,YAAY;AACd,cAAM,KAAK,SAAS,KAAKC,gCAAmB;AAAA;AAAA;AAIhD,kBAAc,cAAc,IAAI,QAAQ,OAAK;AAC3C,YAAM,cAAc,SAAS,IAAI;AACjC,UAAI,aAAa;AAEf,cAAM,KAAK,SAASA,gCAAmB;AAAA;AAAA;AAAA;AAM7C,oBAAkB;AAGlB,QAAM,QAAQ,UAAQ;AACpB,UAAM,KAAK,KAAK,SAAS,YAAa;AAEtC,kBAAc,eAAe,IAAI,QAAQ,OAAK;AAC5C,YAAM,cAAc,SAAS,IAAI;AACjC,UAAI,aAAa;AACf,aAAK,KAAK,SAAS,KAAKA,gCAAmB;AAAA;AAAA;AAAA;AAMjD,gBAAc,QAAQ;AAAA;qCAItB,QACA,UACA,SAQyD;AACzD,QAAM,CAAE,SAAU,MAAM,wBAAwB,QAAQ;AAAA,IACtD,YAAY,QAAQ;AAAA,IACpB,aAAa,QAAQ;AAAA,IACrB,QAAQ,QAAQ;AAAA;AAElB,QAAM,CAAE,QAAQ,WAAW,aAAa,iBACtC,MAAM,yBAAyB,QAAQ,UAAU;AAAA,IAC/C,aAAa,mCAAS;AAAA,IACtB,kBAAkB,mCAAS;AAAA,IAC3B,yBAAyB,mCAAS;AAAA;AAGtC,mBAAiB,WAAW,QAAQ,OAAO,aAAa;AACxD,QAAM,KAAK,CAAC,GAAG,MAAM,EAAE,SAAS,KAAK,cAAc,EAAE,SAAS;AAC9D,SAAO,KAAK,CAAC,GAAG,MAAM,EAAE,SAAS,KAAK,cAAc,EAAE,SAAS;AAE/D,SAAO,CAAE,OAAO;AAAA;AAGlB,oBACE,QACA,KACA,OACA;AACA,MAAI,MAAM,OAAO,IAAI;AACrB,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AACV,WAAO,IAAI,KAAK;AAAA;AAElB,MAAK,IAAI;AAAA;AAGX,uBACE,QACA,KACa;AA/af;AAgbE,SAAO,aAAO,IAAI,SAAX,YAAmB,IAAI;AAAA;;uCC3Y0C;AAAA,SAOjE,WACL,QACA,SAMA;AACA,UAAM,IAAI,OAAO,kBAAkB;AACnC,WAAO,IAAI,iCAAiC;AAAA,SACvC;AAAA,MACH,WAAW,IAAI,yBAAyB,KAAK;AAAA;AAAA;AAAA,EAIjD,YAAY,SAMT;AACD,SAAK,YAAY,QAAQ;AACzB,SAAK,SAAS,QAAQ;AACtB,SAAK,kBAAkB,QAAQ;AAC/B,SAAK,mBAAmB,QAAQ;AAChC,SAAK,0BAA0B,QAAQ;AAAA;AAAA,QAGnC,aACJ,UACA,WACA,MACkB;AAClB,QAAI,SAAS,SAAS,uBAAuB;AAC3C,aAAO;AAAA;AAGT,UAAM,WAAW,KAAK,UAAU,KAAK,OACnC,SAAS,OAAO,WAAW,EAAE;AAE/B,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MACR,yDAAyD,SAAS;AAAA;AAKtE,UAAM,iBAAiB,KAAK;AAC5B,SAAK,OAAO,KAAK;AAGjB,UAAM,SAAS,qBAAqB,OAAO;AAC3C,UAAM,CAAE,OAAO,UAAW,MAAM,sBAC9B,QACA,SAAS,UACT;AAAA,MACE,YAAY,SAAS;AAAA,MACrB,aAAa,SAAS;AAAA,MACtB,iBAAiB,KAAK;AAAA,MACtB,kBAAkB,KAAK;AAAA,MACvB,yBAAyB,KAAK;AAAA,MAC9B,QAAQ,KAAK;AAAA;AAIjB,UAAM,WAAa,OAAK,QAAQ,kBAAkB,KAAM,QAAQ;AAChE,SAAK,OAAO,MACV,QAAQ,MAAM,oBAAoB,OAAO,yCAAyC;AAIpF,eAAW,SAAS,QAAQ;AAC1B,WAAKC,6BAAQ,OAAO,UAAU;AAAA;AAEhC,eAAW,QAAQ,OAAO;AACxB,WAAKA,6BAAQ,OAAO,UAAU;AAAA;AAGhC,WAAO;AAAA;AAAA;;;;;;;;;;;;;;"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,143 @@
+import { UserEntity, GroupEntity, LocationSpec } from '@backstage/catalog-model';
+import { Config } from '@backstage/config';
+import { CatalogProcessor, CatalogProcessorEmit } from '@backstage/plugin-catalog-backend';
+import { Logger } from 'winston';
+import * as MicrosoftGraph from '@microsoft/microsoft-graph-types';
+import * as msal from '@azure/msal-node';
+/**
+ * The configuration parameters for a single Microsoft Graph provider.
+ */
+declare type MicrosoftGraphProviderConfig = {
+    /**
+     * The prefix of the target that this matches on, e.g.
+     * "https://graph.microsoft.com/v1.0", with no trailing slash.
+     */
+    target: string;
+    /**
+     * The auth authority used.
+     *
+     * E.g. "https://login.microsoftonline.com"
+     */
+    authority?: string;
+    /**
+     * The tenant whose org data we are interested in.
+     */
+    tenantId: string;
+    /**
+     * The OAuth client ID to use for authenticating requests.
+     */
+    clientId: string;
+    /**
+     * The OAuth client secret to use for authenticating requests.
+     *
+     * @visibility secret
+     */
+    clientSecret: string;
+    /**
+     * The filter to apply to extract users.
+     *
+     * E.g. "accountEnabled eq true and userType eq 'member'"
+     */
+    userFilter?: string;
+    /**
+     * The filter to apply to extract groups.
+     *
+     * E.g. "securityEnabled eq false and mailEnabled eq true"
+     */
+    groupFilter?: string;
+};
+declare function readMicrosoftGraphConfig(config: Config): MicrosoftGraphProviderConfig[];
+declare type ODataQuery = {
+    filter?: string;
+    expand?: string[];
+    select?: string[];
+};
+declare type GroupMember = (MicrosoftGraph.Group & {
+    '@odata.type': '#microsoft.graph.user';
+}) | (MicrosoftGraph.User & {
+    '@odata.type': '#microsoft.graph.group';
+});
+declare class MicrosoftGraphClient {
+    private readonly baseUrl;
+    private readonly pca;
+    static create(config: MicrosoftGraphProviderConfig): MicrosoftGraphClient;
+    constructor(baseUrl: string, pca: msal.ConfidentialClientApplication);
+    requestCollection<T>(path: string, query?: ODataQuery): AsyncIterable<T>;
+    requestApi(path: string, query?: ODataQuery): Promise<Response>;
+    requestRaw(url: string): Promise<Response>;
+    getUserProfile(userId: string): Promise<MicrosoftGraph.User>;
+    getUserPhotoWithSizeLimit(userId: string, maxSize: number): Promise<string | undefined>;
+    getUserPhoto(userId: string, sizeId?: string): Promise<string | undefined>;
+    getUsers(query?: ODataQuery): AsyncIterable<MicrosoftGraph.User>;
+    getGroupPhotoWithSizeLimit(groupId: string, maxSize: number): Promise<string | undefined>;
+    getGroupPhoto(groupId: string, sizeId?: string): Promise<string | undefined>;
+    getGroups(query?: ODataQuery): AsyncIterable<MicrosoftGraph.Group>;
+    getGroupMembers(groupId: string): AsyncIterable<GroupMember>;
+    getOrganization(tenantId: string): Promise<MicrosoftGraph.Organization>;
+    private getPhotoWithSizeLimit;
+    private getPhoto;
+    private handleError;
+}
+/**
+ * The tenant id used by the Microsoft Graph API
+ */
+declare const MICROSOFT_GRAPH_TENANT_ID_ANNOTATION = "graph.microsoft.com/tenant-id";
+/**
+ * The group id used by the Microsoft Graph API
+ */
+declare const MICROSOFT_GRAPH_GROUP_ID_ANNOTATION = "graph.microsoft.com/group-id";
+/**
+ * The user id used by the Microsoft Graph API
+ */
+declare const MICROSOFT_GRAPH_USER_ID_ANNOTATION = "graph.microsoft.com/user-id";
+declare function normalizeEntityName(name: string): string;
+declare type UserTransformer = (user: MicrosoftGraph.User, userPhoto?: string) => Promise<UserEntity | undefined>;
+declare type OrganizationTransformer = (organization: MicrosoftGraph.Organization) => Promise<GroupEntity | undefined>;
+declare type GroupTransformer = (group: MicrosoftGraph.Group, groupPhoto?: string) => Promise<GroupEntity | undefined>;
+declare function defaultUserTransformer(user: MicrosoftGraph.User, userPhoto?: string): Promise<UserEntity | undefined>;
+declare function defaultOrganizationTransformer(organization: MicrosoftGraph.Organization): Promise<GroupEntity | undefined>;
+declare function defaultGroupTransformer(group: MicrosoftGraph.Group, groupPhoto?: string): Promise<GroupEntity | undefined>;
+declare function readMicrosoftGraphOrg(client: MicrosoftGraphClient, tenantId: string, options: {
+    userFilter?: string;
+    groupFilter?: string;
+    userTransformer?: UserTransformer;
+    groupTransformer?: GroupTransformer;
+    organizationTransformer?: OrganizationTransformer;
+    logger: Logger;
+}): Promise<{
+    users: UserEntity[];
+    groups: GroupEntity[];
+}>;
+/**
+ * Extracts teams and users out of a the Microsoft Graph API.
+ */
+declare class MicrosoftGraphOrgReaderProcessor implements CatalogProcessor {
+    private readonly providers;
+    private readonly logger;
+    private readonly userTransformer?;
+    private readonly groupTransformer?;
+    private readonly organizationTransformer?;
+    static fromConfig(config: Config, options: {
+        logger: Logger;
+        userTransformer?: UserTransformer;
+        groupTransformer?: GroupTransformer;
+        organizationTransformer?: OrganizationTransformer;
+    }): MicrosoftGraphOrgReaderProcessor;
+    constructor(options: {
+        providers: MicrosoftGraphProviderConfig[];
+        logger: Logger;
+        userTransformer?: UserTransformer;
+        groupTransformer?: GroupTransformer;
+        organizationTransformer?: OrganizationTransformer;
+    });
+    readLocation(location: LocationSpec, _optional: boolean, emit: CatalogProcessorEmit): Promise<boolean>;
+}
+export { GroupTransformer, MICROSOFT_GRAPH_GROUP_ID_ANNOTATION, MICROSOFT_GRAPH_TENANT_ID_ANNOTATION, MICROSOFT_GRAPH_USER_ID_ANNOTATION, MicrosoftGraphClient, MicrosoftGraphOrgReaderProcessor, MicrosoftGraphProviderConfig, OrganizationTransformer, UserTransformer, defaultGroupTransformer, defaultOrganizationTransformer, defaultUserTransformer, normalizeEntityName, readMicrosoftGraphConfig, readMicrosoftGraphOrg };

package/package.json ADDED Viewed

@@ -0,0 +1,55 @@
+{
+  "name": "@backstage/plugin-catalog-backend-module-msgraph",
+  "description": "A Backstage catalog backend modules that helps integrate towards Microsoft Graph",
+  "version": "0.0.0-nightly-202181722143",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "license": "Apache-2.0",
+  "private": false,
+  "publishConfig": {
+    "access": "public",
+    "main": "dist/index.cjs.js",
+    "types": "dist/index.d.ts"
+  },
+  "homepage": "https://backstage.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/backstage/backstage",
+    "directory": "plugins/catalog-backend-module-msgraph"
+  },
+  "keywords": [
+    "backstage"
+  ],
+  "scripts": {
+    "build": "backstage-cli backend:build",
+    "lint": "backstage-cli lint",
+    "test": "backstage-cli test",
+    "prepack": "backstage-cli prepack",
+    "postpack": "backstage-cli postpack",
+    "clean": "backstage-cli clean"
+  },
+  "dependencies": {
+    "@azure/msal-node": "^1.1.0",
+    "@backstage/catalog-model": "^0.9.0",
+    "@backstage/config": "^0.1.8",
+    "@backstage/plugin-catalog-backend": "^0.0.0-nightly-202181722143",
+    "@microsoft/microsoft-graph-types": "^1.25.0",
+    "cross-fetch": "^3.0.6",
+    "lodash": "^4.17.15",
+    "p-limit": "^3.0.2",
+    "winston": "^3.2.1",
+    "qs": "^6.9.4"
+  },
+  "devDependencies": {
+    "@backstage/backend-common": "^0.9.0",
+    "@backstage/cli": "^0.7.9",
+    "@backstage/test-utils": "^0.1.14",
+    "@types/lodash": "^4.14.151",
+    "msw": "^0.29.0"
+  },
+  "files": [
+    "dist",
+    "config.d.ts"
+  ],
+  "configSchema": "config.d.ts"
+}