@backstage/plugin-kubernetes-backend 0.18.6 → 0.18.7-next.1

package/CHANGELOG.md

@@ -1,5 +1,44 @@
 # @backstage/plugin-kubernetes-backend
 
+## 0.18.7-next.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.5.3-next.1
+  - @backstage/plugin-catalog-node@1.13.1-next.1
+  - @backstage/catalog-client@1.7.1-next.0
+  - @backstage/backend-plugin-api@1.0.1-next.1
+  - @backstage/catalog-model@1.7.0
+  - @backstage/config@1.2.0
+  - @backstage/errors@1.2.4
+  - @backstage/integration-aws-node@0.1.12
+  - @backstage/types@1.1.1
+  - @backstage/plugin-kubernetes-common@0.8.3
+  - @backstage/plugin-kubernetes-node@0.1.20-next.1
+  - @backstage/plugin-permission-common@0.8.1
+  - @backstage/plugin-permission-node@0.8.4-next.1
+
+## 0.18.7-next.0
+
+### Patch Changes
+
+- 094eaa3: Remove references to in-repo backend-common
+- Updated dependencies
+  - @backstage/plugin-kubernetes-node@0.1.20-next.0
+  - @backstage/plugin-permission-node@0.8.4-next.0
+  - @backstage/plugin-auth-node@0.5.3-next.0
+  - @backstage/backend-plugin-api@1.0.1-next.0
+  - @backstage/catalog-client@1.7.0
+  - @backstage/catalog-model@1.7.0
+  - @backstage/config@1.2.0
+  - @backstage/errors@1.2.4
+  - @backstage/integration-aws-node@0.1.12
+  - @backstage/types@1.1.1
+  - @backstage/plugin-catalog-node@1.13.1-next.0
+  - @backstage/plugin-kubernetes-common@0.8.3
+  - @backstage/plugin-permission-common@0.8.1
+
 ## 0.18.6
 
 ### Patch Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-kubernetes-backend__alpha",
-  "version": "0.18.6",
+  "version": "0.18.7-next.1",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/alpha.cjs.js

@@ -2,156 +2,9 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var backendPluginApi = require('@backstage/backend-plugin-api');
-var alpha = require('@backstage/plugin-catalog-node/alpha');
-var pluginKubernetesBackend = require('@backstage/plugin-kubernetes-backend');
-var pluginKubernetesNode = require('@backstage/plugin-kubernetes-node');
+var plugin = require('./plugin.cjs.js');
 
-class ObjectsProvider {
-  objectsProvider;
-  getObjectsProvider() {
-    return this.objectsProvider;
-  }
-  addObjectsProvider(provider) {
-    if (this.objectsProvider) {
-      throw new Error(
-        "Multiple Kubernetes objects provider is not supported at this time"
-      );
-    }
-    this.objectsProvider = provider;
-  }
-}
-class ClusterSuplier {
-  clusterSupplier;
-  getClusterSupplier() {
-    return this.clusterSupplier;
-  }
-  addClusterSupplier(clusterSupplier) {
-    if (this.clusterSupplier) {
-      throw new Error(
-        "Multiple Kubernetes Cluster Suppliers is not supported at this time"
-      );
-    }
-    this.clusterSupplier = clusterSupplier;
-  }
-}
-class Fetcher {
-  fetcher;
-  getFetcher() {
-    return this.fetcher;
-  }
-  addFetcher(fetcher) {
-    if (this.fetcher) {
-      throw new Error(
-        "Multiple Kubernetes Fetchers is not supported at this time"
-      );
-    }
-    this.fetcher = fetcher;
-  }
-}
-class ServiceLocator {
-  serviceLocator;
-  getServiceLocator() {
-    return this.serviceLocator;
-  }
-  addServiceLocator(serviceLocator) {
-    if (this.serviceLocator) {
-      throw new Error(
-        "Multiple Kubernetes Service Locators is not supported at this time"
-      );
-    }
-    this.serviceLocator = serviceLocator;
-  }
-}
-class AuthStrategy {
-  authStrategies;
-  constructor() {
-    this.authStrategies = new Array();
-  }
-  static addAuthStrategiesFromArray(authStrategies, builder) {
-    authStrategies.forEach((st) => builder.addAuthStrategy(st.key, st.strategy));
-  }
-  getAuthenticationStrategies() {
-    return this.authStrategies;
-  }
-  addAuthStrategy(key, authStrategy) {
-    this.authStrategies.push({ key, strategy: authStrategy });
-  }
-}
-const kubernetesPlugin = backendPluginApi.createBackendPlugin({
-  pluginId: "kubernetes",
-  register(env) {
-    const extPointObjectsProvider = new ObjectsProvider();
-    const extPointClusterSuplier = new ClusterSuplier();
-    const extPointAuthStrategy = new AuthStrategy();
-    const extPointFetcher = new Fetcher();
-    const extPointServiceLocator = new ServiceLocator();
-    env.registerExtensionPoint(
-      pluginKubernetesNode.kubernetesObjectsProviderExtensionPoint,
-      extPointObjectsProvider
-    );
-    env.registerExtensionPoint(
-      pluginKubernetesNode.kubernetesClusterSupplierExtensionPoint,
-      extPointClusterSuplier
-    );
-    env.registerExtensionPoint(
-      pluginKubernetesNode.kubernetesAuthStrategyExtensionPoint,
-      extPointAuthStrategy
-    );
-    env.registerExtensionPoint(
-      pluginKubernetesNode.kubernetesFetcherExtensionPoint,
-      extPointFetcher
-    );
-    env.registerExtensionPoint(
-      pluginKubernetesNode.kubernetesServiceLocatorExtensionPoint,
-      extPointServiceLocator
-    );
-    env.registerInit({
-      deps: {
-        http: backendPluginApi.coreServices.httpRouter,
-        logger: backendPluginApi.coreServices.logger,
-        config: backendPluginApi.coreServices.rootConfig,
-        discovery: backendPluginApi.coreServices.discovery,
-        catalogApi: alpha.catalogServiceRef,
-        permissions: backendPluginApi.coreServices.permissions,
-        auth: backendPluginApi.coreServices.auth,
-        httpAuth: backendPluginApi.coreServices.httpAuth
-      },
-      async init({
-        http,
-        logger,
-        config,
-        discovery,
-        catalogApi,
-        permissions,
-        auth,
-        httpAuth
-      }) {
-        if (config.has("kubernetes")) {
-          const builder = pluginKubernetesBackend.KubernetesBuilder.createBuilder({
-            logger,
-            config,
-            catalogApi,
-            permissions,
-            discovery,
-            auth,
-            httpAuth
-          }).setObjectsProvider(extPointObjectsProvider.getObjectsProvider()).setClusterSupplier(extPointClusterSuplier.getClusterSupplier()).setFetcher(extPointFetcher.getFetcher()).setServiceLocator(extPointServiceLocator.getServiceLocator());
-          AuthStrategy.addAuthStrategiesFromArray(
-            extPointAuthStrategy.getAuthenticationStrategies(),
-            builder
-          );
-          const { router } = await builder.build();
-          http.use(router);
-        } else {
-          logger.warn(
-            "Failed to initialize kubernetes backend: valid kubernetes config is missing"
-          );
-        }
-      }
-    });
-  }
-});
 
-exports.default = kubernetesPlugin;
+
+exports.default = plugin.kubernetesPlugin;
 //# sourceMappingURL=alpha.cjs.js.map

package/dist/alpha.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"alpha.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  coreServices,\n  createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { catalogServiceRef } from '@backstage/plugin-catalog-node/alpha';\n\nimport { KubernetesBuilder } from '@backstage/plugin-kubernetes-backend';\n\nimport {\n  type AuthenticationStrategy,\n  kubernetesAuthStrategyExtensionPoint,\n  type KubernetesAuthStrategyExtensionPoint,\n  type KubernetesClustersSupplier,\n  kubernetesClusterSupplierExtensionPoint,\n  type KubernetesClusterSupplierExtensionPoint,\n  type KubernetesFetcher,\n  kubernetesFetcherExtensionPoint,\n  type KubernetesFetcherExtensionPoint,\n  type KubernetesObjectsProvider,\n  kubernetesObjectsProviderExtensionPoint,\n  type KubernetesObjectsProviderExtensionPoint,\n  type KubernetesServiceLocator,\n  kubernetesServiceLocatorExtensionPoint,\n  type KubernetesServiceLocatorExtensionPoint,\n} from '@backstage/plugin-kubernetes-node';\n\nclass ObjectsProvider implements KubernetesObjectsProviderExtensionPoint {\n  private objectsProvider: KubernetesObjectsProvider | undefined;\n\n  getObjectsProvider() {\n    return this.objectsProvider;\n  }\n\n  addObjectsProvider(provider: KubernetesObjectsProvider) {\n    if (this.objectsProvider) {\n      throw new Error(\n        'Multiple Kubernetes objects provider is not supported at this time',\n      );\n    }\n    this.objectsProvider = provider;\n  }\n}\n\nclass ClusterSuplier implements KubernetesClusterSupplierExtensionPoint {\n  private clusterSupplier: KubernetesClustersSupplier | undefined;\n\n  getClusterSupplier() {\n    return this.clusterSupplier;\n  }\n\n  addClusterSupplier(clusterSupplier: KubernetesClustersSupplier) {\n    if (this.clusterSupplier) {\n      throw new Error(\n        'Multiple Kubernetes Cluster Suppliers is not supported at this time',\n      );\n    }\n    this.clusterSupplier = clusterSupplier;\n  }\n}\n\nclass Fetcher implements KubernetesFetcherExtensionPoint {\n  private fetcher: KubernetesFetcher | undefined;\n\n  getFetcher() {\n    return this.fetcher;\n  }\n\n  addFetcher(fetcher: KubernetesFetcher) {\n    if (this.fetcher) {\n      throw new Error(\n        'Multiple Kubernetes Fetchers is not supported at this time',\n      );\n    }\n    this.fetcher = fetcher;\n  }\n}\n\nclass ServiceLocator implements KubernetesServiceLocatorExtensionPoint {\n  private serviceLocator: KubernetesServiceLocator | undefined;\n\n  getServiceLocator() {\n    return this.serviceLocator;\n  }\n\n  addServiceLocator(serviceLocator: KubernetesServiceLocator) {\n    if (this.serviceLocator) {\n      throw new Error(\n        'Multiple Kubernetes Service Locators is not supported at this time',\n      );\n    }\n    this.serviceLocator = serviceLocator;\n  }\n}\n\nclass AuthStrategy implements KubernetesAuthStrategyExtensionPoint {\n  private authStrategies: Array<{\n    key: string;\n    strategy: AuthenticationStrategy;\n  }>;\n\n  constructor() {\n    this.authStrategies = new Array<{\n      key: string;\n      strategy: AuthenticationStrategy;\n    }>();\n  }\n\n  static addAuthStrategiesFromArray(\n    authStrategies: Array<{ key: string; strategy: AuthenticationStrategy }>,\n    builder: KubernetesBuilder,\n  ) {\n    authStrategies.forEach(st => builder.addAuthStrategy(st.key, st.strategy));\n  }\n\n  getAuthenticationStrategies() {\n    return this.authStrategies;\n  }\n\n  addAuthStrategy(key: string, authStrategy: AuthenticationStrategy) {\n    this.authStrategies.push({ key, strategy: authStrategy });\n  }\n}\n\n/**\n * This is the backend plugin that provides the Kubernetes integration.\n * @alpha\n */\n\nexport const kubernetesPlugin = createBackendPlugin({\n  pluginId: 'kubernetes',\n  register(env) {\n    const extPointObjectsProvider = new ObjectsProvider();\n    const extPointClusterSuplier = new ClusterSuplier();\n    const extPointAuthStrategy = new AuthStrategy();\n    const extPointFetcher = new Fetcher();\n    const extPointServiceLocator = new ServiceLocator();\n\n    env.registerExtensionPoint(\n      kubernetesObjectsProviderExtensionPoint,\n      extPointObjectsProvider,\n    );\n    env.registerExtensionPoint(\n      kubernetesClusterSupplierExtensionPoint,\n      extPointClusterSuplier,\n    );\n    env.registerExtensionPoint(\n      kubernetesAuthStrategyExtensionPoint,\n      extPointAuthStrategy,\n    );\n    env.registerExtensionPoint(\n      kubernetesFetcherExtensionPoint,\n      extPointFetcher,\n    );\n    env.registerExtensionPoint(\n      kubernetesServiceLocatorExtensionPoint,\n      extPointServiceLocator,\n    );\n\n    env.registerInit({\n      deps: {\n        http: coreServices.httpRouter,\n        logger: coreServices.logger,\n        config: coreServices.rootConfig,\n        discovery: coreServices.discovery,\n        catalogApi: catalogServiceRef,\n        permissions: coreServices.permissions,\n        auth: coreServices.auth,\n        httpAuth: coreServices.httpAuth,\n      },\n      async init({\n        http,\n        logger,\n        config,\n        discovery,\n        catalogApi,\n        permissions,\n        auth,\n        httpAuth,\n      }) {\n        if (config.has('kubernetes')) {\n          // TODO: expose all of the customization & extension points of the builder here\n          const builder: KubernetesBuilder = KubernetesBuilder.createBuilder({\n            logger,\n            config,\n            catalogApi,\n            permissions,\n            discovery,\n            auth,\n            httpAuth,\n          })\n            .setObjectsProvider(extPointObjectsProvider.getObjectsProvider())\n            .setClusterSupplier(extPointClusterSuplier.getClusterSupplier())\n            .setFetcher(extPointFetcher.getFetcher())\n            .setServiceLocator(extPointServiceLocator.getServiceLocator());\n\n          AuthStrategy.addAuthStrategiesFromArray(\n            extPointAuthStrategy.getAuthenticationStrategies(),\n            builder,\n          );\n          const { router } = await builder.build();\n          http.use(router);\n        } else {\n          logger.warn(\n            'Failed to initialize kubernetes backend: valid kubernetes config is missing',\n          );\n        }\n      },\n    });\n  },\n});\n"],"names":["createBackendPlugin","kubernetesObjectsProviderExtensionPoint","kubernetesClusterSupplierExtensionPoint","kubernetesAuthStrategyExtensionPoint","kubernetesFetcherExtensionPoint","kubernetesServiceLocatorExtensionPoint","coreServices","catalogServiceRef","KubernetesBuilder"],"mappings":";;;;;;;;;AA0CA,MAAM,eAAmE,CAAA;AAAA,EAC/D,eAAA,CAAA;AAAA,EAER,kBAAqB,GAAA;AACnB,IAAA,OAAO,IAAK,CAAA,eAAA,CAAA;AAAA,GACd;AAAA,EAEA,mBAAmB,QAAqC,EAAA;AACtD,IAAA,IAAI,KAAK,eAAiB,EAAA;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,oEAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAA,IAAA,CAAK,eAAkB,GAAA,QAAA,CAAA;AAAA,GACzB;AACF,CAAA;AAEA,MAAM,cAAkE,CAAA;AAAA,EAC9D,eAAA,CAAA;AAAA,EAER,kBAAqB,GAAA;AACnB,IAAA,OAAO,IAAK,CAAA,eAAA,CAAA;AAAA,GACd;AAAA,EAEA,mBAAmB,eAA6C,EAAA;AAC9D,IAAA,IAAI,KAAK,eAAiB,EAAA;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,qEAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAA,IAAA,CAAK,eAAkB,GAAA,eAAA,CAAA;AAAA,GACzB;AACF,CAAA;AAEA,MAAM,OAAmD,CAAA;AAAA,EAC/C,OAAA,CAAA;AAAA,EAER,UAAa,GAAA;AACX,IAAA,OAAO,IAAK,CAAA,OAAA,CAAA;AAAA,GACd;AAAA,EAEA,WAAW,OAA4B,EAAA;AACrC,IAAA,IAAI,KAAK,OAAS,EAAA;AAChB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,4DAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAA,IAAA,CAAK,OAAU,GAAA,OAAA,CAAA;AAAA,GACjB;AACF,CAAA;AAEA,MAAM,cAAiE,CAAA;AAAA,EAC7D,cAAA,CAAA;AAAA,EAER,iBAAoB,GAAA;AAClB,IAAA,OAAO,IAAK,CAAA,cAAA,CAAA;AAAA,GACd;AAAA,EAEA,kBAAkB,cAA0C,EAAA;AAC1D,IAAA,IAAI,KAAK,cAAgB,EAAA;AACvB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,oEAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAA,IAAA,CAAK,cAAiB,GAAA,cAAA,CAAA;AAAA,GACxB;AACF,CAAA;AAEA,MAAM,YAA6D,CAAA;AAAA,EACzD,cAAA,CAAA;AAAA,EAKR,WAAc,GAAA;AACZ,IAAK,IAAA,CAAA,cAAA,GAAiB,IAAI,KAGvB,EAAA,CAAA;AAAA,GACL;AAAA,EAEA,OAAO,0BACL,CAAA,cAAA,EACA,OACA,EAAA;AACA,IAAe,cAAA,CAAA,OAAA,CAAQ,QAAM,OAAQ,CAAA,eAAA,CAAgB,GAAG,GAAK,EAAA,EAAA,CAAG,QAAQ,CAAC,CAAA,CAAA;AAAA,GAC3E;AAAA,EAEA,2BAA8B,GAAA;AAC5B,IAAA,OAAO,IAAK,CAAA,cAAA,CAAA;AAAA,GACd;AAAA,EAEA,eAAA,CAAgB,KAAa,YAAsC,EAAA;AACjE,IAAA,IAAA,CAAK,eAAe,IAAK,CAAA,EAAE,GAAK,EAAA,QAAA,EAAU,cAAc,CAAA,CAAA;AAAA,GAC1D;AACF,CAAA;AAOO,MAAM,mBAAmBA,oCAAoB,CAAA;AAAA,EAClD,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAM,MAAA,uBAAA,GAA0B,IAAI,eAAgB,EAAA,CAAA;AACpD,IAAM,MAAA,sBAAA,GAAyB,IAAI,cAAe,EAAA,CAAA;AAClD,IAAM,MAAA,oBAAA,GAAuB,IAAI,YAAa,EAAA,CAAA;AAC9C,IAAM,MAAA,eAAA,GAAkB,IAAI,OAAQ,EAAA,CAAA;AACpC,IAAM,MAAA,sBAAA,GAAyB,IAAI,cAAe,EAAA,CAAA;AAElD,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA,uBAAA;AAAA,KACF,CAAA;AACA,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA,sBAAA;AAAA,KACF,CAAA;AACA,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,yDAAA;AAAA,MACA,oBAAA;AAAA,KACF,CAAA;AACA,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,oDAAA;AAAA,MACA,eAAA;AAAA,KACF,CAAA;AACA,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,2DAAA;AAAA,MACA,sBAAA;AAAA,KACF,CAAA;AAEA,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,MAAMC,6BAAa,CAAA,UAAA;AAAA,QACnB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,UAAY,EAAAC,uBAAA;AAAA,QACZ,aAAaD,6BAAa,CAAA,WAAA;AAAA,QAC1B,MAAMA,6BAAa,CAAA,IAAA;AAAA,QACnB,UAAUA,6BAAa,CAAA,QAAA;AAAA,OACzB;AAAA,MACA,MAAM,IAAK,CAAA;AAAA,QACT,IAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA,QAAA;AAAA,OACC,EAAA;AACD,QAAI,IAAA,MAAA,CAAO,GAAI,CAAA,YAAY,CAAG,EAAA;AAE5B,UAAM,MAAA,OAAA,GAA6BE,0CAAkB,aAAc,CAAA;AAAA,YACjE,MAAA;AAAA,YACA,MAAA;AAAA,YACA,UAAA;AAAA,YACA,WAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,WACD,EACE,kBAAmB,CAAA,uBAAA,CAAwB,oBAAoB,CAAA,CAC/D,mBAAmB,sBAAuB,CAAA,kBAAA,EAAoB,CAC9D,CAAA,UAAA,CAAW,gBAAgB,UAAW,EAAC,EACvC,iBAAkB,CAAA,sBAAA,CAAuB,mBAAmB,CAAA,CAAA;AAE/D,UAAa,YAAA,CAAA,0BAAA;AAAA,YACX,qBAAqB,2BAA4B,EAAA;AAAA,YACjD,OAAA;AAAA,WACF,CAAA;AACA,UAAA,MAAM,EAAE,MAAA,EAAW,GAAA,MAAM,QAAQ,KAAM,EAAA,CAAA;AACvC,UAAA,IAAA,CAAK,IAAI,MAAM,CAAA,CAAA;AAAA,SACV,MAAA;AACL,UAAO,MAAA,CAAA,IAAA;AAAA,YACL,6EAAA;AAAA,WACF,CAAA;AAAA,SACF;AAAA,OACF;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}
+{"version":3,"file":"alpha.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}

package/dist/auth/AksStrategy.cjs.js

@@ -0,0 +1,17 @@
+'use strict';
+
+class AksStrategy {
+  async getCredential(_, requestAuth) {
+    const token = requestAuth.aks;
+    return token ? { type: "bearer token", token } : { type: "anonymous" };
+  }
+  validateCluster() {
+    return [];
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.AksStrategy = AksStrategy;
+//# sourceMappingURL=AksStrategy.cjs.js.map

package/dist/auth/AksStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AksStrategy.cjs.js","sources":["../../src/auth/AksStrategy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\n\n/**\n *\n * @public\n */\nexport class AksStrategy implements AuthenticationStrategy {\n  public async getCredential(\n    _: ClusterDetails,\n    requestAuth: KubernetesRequestAuth,\n  ): Promise<KubernetesCredential> {\n    const token = requestAuth.aks;\n    return token\n      ? { type: 'bearer token', token: token as string }\n      : { type: 'anonymous' };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":[],"mappings":";;AA2BO,MAAM,WAA8C,CAAA;AAAA,EACzD,MAAa,aACX,CAAA,CAAA,EACA,WAC+B,EAAA;AAC/B,IAAA,MAAM,QAAQ,WAAY,CAAA,GAAA,CAAA;AAC1B,IAAO,OAAA,KAAA,GACH,EAAE,IAAM,EAAA,cAAA,EAAgB,OACxB,GAAA,EAAE,MAAM,WAAY,EAAA,CAAA;AAAA,GAC1B;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/AnonymousStrategy.cjs.js

@@ -0,0 +1,16 @@
+'use strict';
+
+class AnonymousStrategy {
+  async getCredential() {
+    return { type: "anonymous" };
+  }
+  validateCluster() {
+    return [];
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.AnonymousStrategy = AnonymousStrategy;
+//# sourceMappingURL=AnonymousStrategy.cjs.js.map

package/dist/auth/AnonymousStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnonymousStrategy.cjs.js","sources":["../../src/auth/AnonymousStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class AnonymousStrategy implements AuthenticationStrategy {\n  public async getCredential(): Promise<KubernetesCredential> {\n    return { type: 'anonymous' };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":[],"mappings":";;AA0BO,MAAM,iBAAoD,CAAA;AAAA,EAC/D,MAAa,aAA+C,GAAA;AAC1D,IAAO,OAAA,EAAE,MAAM,WAAY,EAAA,CAAA;AAAA,GAC7B;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/AwsIamStrategy.cjs.js

@@ -0,0 +1,80 @@
+'use strict';
+
+var credentialProviders = require('@aws-sdk/credential-providers');
+var signatureV4 = require('@aws-sdk/signature-v4');
+var sha256Js = require('@aws-crypto/sha256-js');
+var integrationAwsNode = require('@backstage/integration-aws-node');
+var pluginKubernetesCommon = require('@backstage/plugin-kubernetes-common');
+
+const defaultRegion = "us-east-1";
+class AwsIamStrategy {
+  credsManager;
+  constructor(opts) {
+    this.credsManager = integrationAwsNode.DefaultAwsCredentialsManager.fromConfig(opts.config);
+  }
+  async getCredential(clusterDetails) {
+    return {
+      type: "bearer token",
+      token: await this.getBearerToken(
+        clusterDetails.authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_AWS_CLUSTER_ID] ?? clusterDetails.name,
+        clusterDetails.authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE],
+        clusterDetails.authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID]
+      )
+    };
+  }
+  validateCluster() {
+    return [];
+  }
+  async getBearerToken(clusterId, assumeRole, externalId) {
+    const region = process.env.AWS_REGION ?? defaultRegion;
+    let credentials = (await this.credsManager.getCredentialProvider()).sdkCredentialProvider;
+    if (assumeRole) {
+      credentials = credentialProviders.fromTemporaryCredentials({
+        masterCredentials: credentials,
+        clientConfig: {
+          region
+        },
+        params: {
+          RoleArn: assumeRole,
+          ExternalId: externalId
+        }
+      });
+    }
+    const signer = new signatureV4.SignatureV4({
+      credentials,
+      region,
+      service: "sts",
+      sha256: sha256Js.Sha256
+    });
+    const request = await signer.presign(
+      {
+        headers: {
+          host: `sts.${region}.amazonaws.com`,
+          "x-k8s-aws-id": clusterId
+        },
+        hostname: `sts.${region}.amazonaws.com`,
+        method: "GET",
+        path: "/",
+        protocol: "https:",
+        query: {
+          Action: "GetCallerIdentity",
+          Version: "2011-06-15"
+        }
+      },
+      { expiresIn: 0 }
+    );
+    const query = Object.keys(request?.query ?? {}).map(
+      (q) => `${encodeURIComponent(q)}=${encodeURIComponent(
+        request.query?.[q]
+      )}`
+    ).join("&");
+    const url = `https://${request.hostname}${request.path}?${query}`;
+    return `k8s-aws-v1.${Buffer.from(url).toString("base64url")}`;
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.AwsIamStrategy = AwsIamStrategy;
+//# sourceMappingURL=AwsIamStrategy.cjs.js.map

package/dist/auth/AwsIamStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AwsIamStrategy.cjs.js","sources":["../../src/auth/AwsIamStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { fromTemporaryCredentials } from '@aws-sdk/credential-providers';\nimport { SignatureV4 } from '@aws-sdk/signature-v4';\nimport { Sha256 } from '@aws-crypto/sha256-js';\nimport {\n  AwsCredentialsManager,\n  DefaultAwsCredentialsManager,\n} from '@backstage/integration-aws-node';\nimport { Config } from '@backstage/config';\nimport {\n  ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE,\n  ANNOTATION_KUBERNETES_AWS_CLUSTER_ID,\n  ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type SigningCreds = {\n  accessKeyId: string | undefined;\n  secretAccessKey: string | undefined;\n  sessionToken: string | undefined;\n};\n\nconst defaultRegion = 'us-east-1';\n\n/**\n *\n * @public\n */\nexport class AwsIamStrategy implements AuthenticationStrategy {\n  private readonly credsManager: AwsCredentialsManager;\n\n  constructor(opts: { config: Config }) {\n    this.credsManager = DefaultAwsCredentialsManager.fromConfig(opts.config);\n  }\n\n  public async getCredential(\n    clusterDetails: ClusterDetails,\n  ): Promise<KubernetesCredential> {\n    return {\n      type: 'bearer token',\n      token: await this.getBearerToken(\n        clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_CLUSTER_ID] ??\n          clusterDetails.name,\n        clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE],\n        clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID],\n      ),\n    };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  private async getBearerToken(\n    clusterId: string,\n    assumeRole?: string,\n    externalId?: string,\n  ): Promise<string> {\n    const region = process.env.AWS_REGION ?? defaultRegion;\n\n    let credentials = (await this.credsManager.getCredentialProvider())\n      .sdkCredentialProvider;\n    if (assumeRole) {\n      credentials = fromTemporaryCredentials({\n        masterCredentials: credentials,\n        clientConfig: {\n          region,\n        },\n        params: {\n          RoleArn: assumeRole,\n          ExternalId: externalId,\n        },\n      });\n    }\n\n    const signer = new SignatureV4({\n      credentials,\n      region,\n      service: 'sts',\n      sha256: Sha256,\n    });\n\n    const request = await signer.presign(\n      {\n        headers: {\n          host: `sts.${region}.amazonaws.com`,\n          'x-k8s-aws-id': clusterId,\n        },\n        hostname: `sts.${region}.amazonaws.com`,\n        method: 'GET',\n        path: '/',\n        protocol: 'https:',\n        query: {\n          Action: 'GetCallerIdentity',\n          Version: '2011-06-15',\n        },\n      },\n      { expiresIn: 0 },\n    );\n\n    const query = Object.keys(request?.query ?? {})\n      .map(\n        q =>\n          `${encodeURIComponent(q)}=${encodeURIComponent(\n            request.query?.[q] as string,\n          )}`,\n      )\n      .join('&');\n\n    const url = `https://${request.hostname}${request.path}?${query}`;\n\n    return `k8s-aws-v1.${Buffer.from(url).toString('base64url')}`;\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":["DefaultAwsCredentialsManager","ANNOTATION_KUBERNETES_AWS_CLUSTER_ID","ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE","ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID","fromTemporaryCredentials","SignatureV4","Sha256"],"mappings":";;;;;;;;AA6CA,MAAM,aAAgB,GAAA,WAAA,CAAA;AAMf,MAAM,cAAiD,CAAA;AAAA,EAC3C,YAAA,CAAA;AAAA,EAEjB,YAAY,IAA0B,EAAA;AACpC,IAAA,IAAA,CAAK,YAAe,GAAAA,+CAAA,CAA6B,UAAW,CAAA,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,GACzE;AAAA,EAEA,MAAa,cACX,cAC+B,EAAA;AAC/B,IAAO,OAAA;AAAA,MACL,IAAM,EAAA,cAAA;AAAA,MACN,KAAA,EAAO,MAAM,IAAK,CAAA,cAAA;AAAA,QAChB,cAAe,CAAA,YAAA,CAAaC,2DAAoC,CAAA,IAC9D,cAAe,CAAA,IAAA;AAAA,QACjB,cAAA,CAAe,aAAaC,4DAAqC,CAAA;AAAA,QACjE,cAAA,CAAe,aAAaC,4DAAqC,CAAA;AAAA,OACnE;AAAA,KACF,CAAA;AAAA,GACF;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEA,MAAc,cAAA,CACZ,SACA,EAAA,UAAA,EACA,UACiB,EAAA;AACjB,IAAM,MAAA,MAAA,GAAS,OAAQ,CAAA,GAAA,CAAI,UAAc,IAAA,aAAA,CAAA;AAEzC,IAAA,IAAI,WAAe,GAAA,CAAA,MAAM,IAAK,CAAA,YAAA,CAAa,uBACxC,EAAA,qBAAA,CAAA;AACH,IAAA,IAAI,UAAY,EAAA;AACd,MAAA,WAAA,GAAcC,4CAAyB,CAAA;AAAA,QACrC,iBAAmB,EAAA,WAAA;AAAA,QACnB,YAAc,EAAA;AAAA,UACZ,MAAA;AAAA,SACF;AAAA,QACA,MAAQ,EAAA;AAAA,UACN,OAAS,EAAA,UAAA;AAAA,UACT,UAAY,EAAA,UAAA;AAAA,SACd;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAEA,IAAM,MAAA,MAAA,GAAS,IAAIC,uBAAY,CAAA;AAAA,MAC7B,WAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAS,EAAA,KAAA;AAAA,MACT,MAAQ,EAAAC,eAAA;AAAA,KACT,CAAA,CAAA;AAED,IAAM,MAAA,OAAA,GAAU,MAAM,MAAO,CAAA,OAAA;AAAA,MAC3B;AAAA,QACE,OAAS,EAAA;AAAA,UACP,IAAA,EAAM,OAAO,MAAM,CAAA,cAAA,CAAA;AAAA,UACnB,cAAgB,EAAA,SAAA;AAAA,SAClB;AAAA,QACA,QAAA,EAAU,OAAO,MAAM,CAAA,cAAA,CAAA;AAAA,QACvB,MAAQ,EAAA,KAAA;AAAA,QACR,IAAM,EAAA,GAAA;AAAA,QACN,QAAU,EAAA,QAAA;AAAA,QACV,KAAO,EAAA;AAAA,UACL,MAAQ,EAAA,mBAAA;AAAA,UACR,OAAS,EAAA,YAAA;AAAA,SACX;AAAA,OACF;AAAA,MACA,EAAE,WAAW,CAAE,EAAA;AAAA,KACjB,CAAA;AAEA,IAAA,MAAM,QAAQ,MAAO,CAAA,IAAA,CAAK,SAAS,KAAS,IAAA,EAAE,CAC3C,CAAA,GAAA;AAAA,MACC,CACE,CAAA,KAAA,CAAA,EAAG,kBAAmB,CAAA,CAAC,CAAC,CAAI,CAAA,EAAA,kBAAA;AAAA,QAC1B,OAAA,CAAQ,QAAQ,CAAC,CAAA;AAAA,OAClB,CAAA,CAAA;AAAA,KACL,CACC,KAAK,GAAG,CAAA,CAAA;AAEX,IAAM,MAAA,GAAA,GAAM,WAAW,OAAQ,CAAA,QAAQ,GAAG,OAAQ,CAAA,IAAI,IAAI,KAAK,CAAA,CAAA,CAAA;AAE/D,IAAA,OAAO,cAAc,MAAO,CAAA,IAAA,CAAK,GAAG,CAAE,CAAA,QAAA,CAAS,WAAW,CAAC,CAAA,CAAA,CAAA;AAAA,GAC7D;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/AzureIdentityStrategy.cjs.js

@@ -0,0 +1,58 @@
+'use strict';
+
+var identity = require('@azure/identity');
+
+const aksScope = "6dae42f8-4368-4678-94ff-3960e28e3630/.default";
+class AzureIdentityStrategy {
+  constructor(logger, tokenCredential = new identity.DefaultAzureCredential()) {
+    this.logger = logger;
+    this.tokenCredential = tokenCredential;
+  }
+  accessToken = { token: "", expiresOnTimestamp: 0 };
+  newTokenPromise;
+  async getCredential() {
+    if (!this.tokenRequiresRefresh()) {
+      return { type: "bearer token", token: this.accessToken.token };
+    }
+    if (!this.newTokenPromise) {
+      this.newTokenPromise = this.fetchNewToken();
+    }
+    return this.newTokenPromise ? { type: "bearer token", token: await this.newTokenPromise } : { type: "anonymous" };
+  }
+  validateCluster() {
+    return [];
+  }
+  async fetchNewToken() {
+    try {
+      this.logger.info("Fetching new Azure token for AKS");
+      const newAccessToken = await this.tokenCredential.getToken(aksScope, {
+        requestOptions: { timeout: 1e4 }
+        // 10 seconds
+      });
+      if (!newAccessToken) {
+        throw new Error("AccessToken is null");
+      }
+      this.accessToken = newAccessToken;
+    } catch (err) {
+      this.logger.error("Unable to fetch Azure token", err);
+      if (this.tokenExpired()) {
+        throw err;
+      }
+    }
+    this.newTokenPromise = void 0;
+    return this.accessToken.token;
+  }
+  tokenRequiresRefresh() {
+    const expiresOn = this.accessToken.expiresOnTimestamp - 15 * 60 * 1e3;
+    return Date.now() >= expiresOn;
+  }
+  tokenExpired() {
+    return Date.now() >= this.accessToken.expiresOnTimestamp;
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.AzureIdentityStrategy = AzureIdentityStrategy;
+//# sourceMappingURL=AzureIdentityStrategy.cjs.js.map

package/dist/auth/AzureIdentityStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AzureIdentityStrategy.cjs.js","sources":["../../src/auth/AzureIdentityStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AccessToken,\n  DefaultAzureCredential,\n  TokenCredential,\n} from '@azure/identity';\nimport {\n  AuthenticationStrategy,\n  AuthMetadata,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst aksScope = '6dae42f8-4368-4678-94ff-3960e28e3630/.default'; // This scope is the same for all Azure Managed Kubernetes\n\n/**\n *\n * @public\n */\nexport class AzureIdentityStrategy implements AuthenticationStrategy {\n  private accessToken: AccessToken = { token: '', expiresOnTimestamp: 0 };\n  private newTokenPromise: Promise<string> | undefined;\n\n  constructor(\n    private readonly logger: LoggerService,\n    private readonly tokenCredential: TokenCredential = new DefaultAzureCredential(),\n  ) {}\n\n  public async getCredential(): Promise<KubernetesCredential> {\n    if (!this.tokenRequiresRefresh()) {\n      return { type: 'bearer token', token: this.accessToken.token };\n    }\n\n    if (!this.newTokenPromise) {\n      this.newTokenPromise = this.fetchNewToken();\n    }\n\n    return this.newTokenPromise\n      ? { type: 'bearer token', token: await this.newTokenPromise }\n      : { type: 'anonymous' };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  private async fetchNewToken(): Promise<string> {\n    try {\n      this.logger.info('Fetching new Azure token for AKS');\n\n      const newAccessToken = await this.tokenCredential.getToken(aksScope, {\n        requestOptions: { timeout: 10_000 }, // 10 seconds\n      });\n      if (!newAccessToken) {\n        throw new Error('AccessToken is null');\n      }\n\n      this.accessToken = newAccessToken;\n    } catch (err) {\n      this.logger.error('Unable to fetch Azure token', err);\n\n      // only throw the error if the token has already expired, otherwise re-use existing until we're able to fetch a new token\n      if (this.tokenExpired()) {\n        throw err;\n      }\n    }\n\n    this.newTokenPromise = undefined;\n    return this.accessToken.token;\n  }\n\n  private tokenRequiresRefresh(): boolean {\n    // Set tokens to expire 15 minutes before its actual expiry time\n    const expiresOn = this.accessToken.expiresOnTimestamp - 15 * 60 * 1000;\n    return Date.now() >= expiresOn;\n  }\n\n  private tokenExpired(): boolean {\n    return Date.now() >= this.accessToken.expiresOnTimestamp;\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":["DefaultAzureCredential"],"mappings":";;;;AA4BA,MAAM,QAAW,GAAA,+CAAA,CAAA;AAMV,MAAM,qBAAwD,CAAA;AAAA,EAInE,WACmB,CAAA,MAAA,EACA,eAAmC,GAAA,IAAIA,iCACxD,EAAA;AAFiB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA,CAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA,CAAA;AAAA,GAChB;AAAA,EANK,WAA2B,GAAA,EAAE,KAAO,EAAA,EAAA,EAAI,oBAAoB,CAAE,EAAA,CAAA;AAAA,EAC9D,eAAA,CAAA;AAAA,EAOR,MAAa,aAA+C,GAAA;AAC1D,IAAI,IAAA,CAAC,IAAK,CAAA,oBAAA,EAAwB,EAAA;AAChC,MAAA,OAAO,EAAE,IAAM,EAAA,cAAA,EAAgB,KAAO,EAAA,IAAA,CAAK,YAAY,KAAM,EAAA,CAAA;AAAA,KAC/D;AAEA,IAAI,IAAA,CAAC,KAAK,eAAiB,EAAA;AACzB,MAAK,IAAA,CAAA,eAAA,GAAkB,KAAK,aAAc,EAAA,CAAA;AAAA,KAC5C;AAEA,IAAA,OAAO,IAAK,CAAA,eAAA,GACR,EAAE,IAAA,EAAM,cAAgB,EAAA,KAAA,EAAO,MAAM,IAAA,CAAK,eAAgB,EAAA,GAC1D,EAAE,IAAA,EAAM,WAAY,EAAA,CAAA;AAAA,GAC1B;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEA,MAAc,aAAiC,GAAA;AAC7C,IAAI,IAAA;AACF,MAAK,IAAA,CAAA,MAAA,CAAO,KAAK,kCAAkC,CAAA,CAAA;AAEnD,MAAA,MAAM,cAAiB,GAAA,MAAM,IAAK,CAAA,eAAA,CAAgB,SAAS,QAAU,EAAA;AAAA,QACnE,cAAA,EAAgB,EAAE,OAAA,EAAS,GAAO,EAAA;AAAA;AAAA,OACnC,CAAA,CAAA;AACD,MAAA,IAAI,CAAC,cAAgB,EAAA;AACnB,QAAM,MAAA,IAAI,MAAM,qBAAqB,CAAA,CAAA;AAAA,OACvC;AAEA,MAAA,IAAA,CAAK,WAAc,GAAA,cAAA,CAAA;AAAA,aACZ,GAAK,EAAA;AACZ,MAAK,IAAA,CAAA,MAAA,CAAO,KAAM,CAAA,6BAAA,EAA+B,GAAG,CAAA,CAAA;AAGpD,MAAI,IAAA,IAAA,CAAK,cAAgB,EAAA;AACvB,QAAM,MAAA,GAAA,CAAA;AAAA,OACR;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,eAAkB,GAAA,KAAA,CAAA,CAAA;AACvB,IAAA,OAAO,KAAK,WAAY,CAAA,KAAA,CAAA;AAAA,GAC1B;AAAA,EAEQ,oBAAgC,GAAA;AAEtC,IAAA,MAAM,SAAY,GAAA,IAAA,CAAK,WAAY,CAAA,kBAAA,GAAqB,KAAK,EAAK,GAAA,GAAA,CAAA;AAClE,IAAO,OAAA,IAAA,CAAK,KAAS,IAAA,SAAA,CAAA;AAAA,GACvB;AAAA,EAEQ,YAAwB,GAAA;AAC9B,IAAA,OAAO,IAAK,CAAA,GAAA,EAAS,IAAA,IAAA,CAAK,WAAY,CAAA,kBAAA,CAAA;AAAA,GACxC;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/DispatchStrategy.cjs.js

@@ -0,0 +1,37 @@
+'use strict';
+
+var pluginKubernetesCommon = require('@backstage/plugin-kubernetes-common');
+
+class DispatchStrategy {
+  strategyMap;
+  constructor(options) {
+    this.strategyMap = options.authStrategyMap;
+  }
+  getCredential(clusterDetails, auth) {
+    const authProvider = clusterDetails.authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_AUTH_PROVIDER];
+    if (this.strategyMap[authProvider]) {
+      return this.strategyMap[authProvider].getCredential(clusterDetails, auth);
+    }
+    throw new Error(
+      `authProvider "${authProvider}" has no AuthenticationStrategy associated with it`
+    );
+  }
+  validateCluster(authMetadata) {
+    const authProvider = authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_AUTH_PROVIDER];
+    const strategy = this.strategyMap[authProvider];
+    if (!strategy) {
+      return [
+        new Error(
+          `authProvider "${authProvider}" has no config associated with it`
+        )
+      ];
+    }
+    return strategy.validateCluster(authMetadata);
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.DispatchStrategy = DispatchStrategy;
+//# sourceMappingURL=DispatchStrategy.cjs.js.map

package/dist/auth/DispatchStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DispatchStrategy.cjs.js","sources":["../../src/auth/DispatchStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n  KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type DispatchStrategyOptions = {\n  authStrategyMap: {\n    [key: string]: AuthenticationStrategy;\n  };\n};\n/**\n * used to direct a KubernetesAuthProvider to its corresponding AuthenticationStrategy\n * @public\n */\nexport class DispatchStrategy implements AuthenticationStrategy {\n  private readonly strategyMap: { [key: string]: AuthenticationStrategy };\n\n  constructor(options: DispatchStrategyOptions) {\n    this.strategyMap = options.authStrategyMap;\n  }\n\n  public getCredential(\n    clusterDetails: ClusterDetails,\n    auth: KubernetesRequestAuth,\n  ): Promise<KubernetesCredential> {\n    const authProvider =\n      clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n    if (this.strategyMap[authProvider]) {\n      return this.strategyMap[authProvider].getCredential(clusterDetails, auth);\n    }\n    throw new Error(\n      `authProvider \"${authProvider}\" has no AuthenticationStrategy associated with it`,\n    );\n  }\n\n  public validateCluster(authMetadata: AuthMetadata): Error[] {\n    const authProvider = authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n    const strategy = this.strategyMap[authProvider];\n    if (!strategy) {\n      return [\n        new Error(\n          `authProvider \"${authProvider}\" has no config associated with it`,\n        ),\n      ];\n    }\n    return strategy.validateCluster(authMetadata);\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":["ANNOTATION_KUBERNETES_AUTH_PROVIDER"],"mappings":";;;;AAwCO,MAAM,gBAAmD,CAAA;AAAA,EAC7C,WAAA,CAAA;AAAA,EAEjB,YAAY,OAAkC,EAAA;AAC5C,IAAA,IAAA,CAAK,cAAc,OAAQ,CAAA,eAAA,CAAA;AAAA,GAC7B;AAAA,EAEO,aAAA,CACL,gBACA,IAC+B,EAAA;AAC/B,IAAM,MAAA,YAAA,GACJ,cAAe,CAAA,YAAA,CAAaA,0DAAmC,CAAA,CAAA;AACjE,IAAI,IAAA,IAAA,CAAK,WAAY,CAAA,YAAY,CAAG,EAAA;AAClC,MAAA,OAAO,KAAK,WAAY,CAAA,YAAY,CAAE,CAAA,aAAA,CAAc,gBAAgB,IAAI,CAAA,CAAA;AAAA,KAC1E;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,iBAAiB,YAAY,CAAA,kDAAA,CAAA;AAAA,KAC/B,CAAA;AAAA,GACF;AAAA,EAEO,gBAAgB,YAAqC,EAAA;AAC1D,IAAM,MAAA,YAAA,GAAe,aAAaA,0DAAmC,CAAA,CAAA;AACrE,IAAM,MAAA,QAAA,GAAW,IAAK,CAAA,WAAA,CAAY,YAAY,CAAA,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAU,EAAA;AACb,MAAO,OAAA;AAAA,QACL,IAAI,KAAA;AAAA,UACF,iBAAiB,YAAY,CAAA,kCAAA,CAAA;AAAA,SAC/B;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAO,OAAA,QAAA,CAAS,gBAAgB,YAAY,CAAA,CAAA;AAAA,GAC9C;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/GoogleServiceAccountStrategy.cjs.js

@@ -0,0 +1,45 @@
+'use strict';
+
+var container = require('@google-cloud/container');
+
+function _interopNamespaceCompat(e) {
+  if (e && typeof e === 'object' && 'default' in e) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+
+var container__namespace = /*#__PURE__*/_interopNamespaceCompat(container);
+
+class GoogleServiceAccountStrategy {
+  async getCredential() {
+    const client = new container__namespace.v1.ClusterManagerClient();
+    const token = await client.auth.getAccessToken();
+    if (!token) {
+      throw new Error(
+        "Unable to obtain access token for the current Google Application Default Credentials"
+      );
+    }
+    return { type: "bearer token", token };
+  }
+  validateCluster() {
+    return [];
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.GoogleServiceAccountStrategy = GoogleServiceAccountStrategy;
+//# sourceMappingURL=GoogleServiceAccountStrategy.cjs.js.map

package/dist/auth/GoogleServiceAccountStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GoogleServiceAccountStrategy.cjs.js","sources":["../../src/auth/GoogleServiceAccountStrategy.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport * as container from '@google-cloud/container';\n\n/**\n *\n * @public\n */\nexport class GoogleServiceAccountStrategy implements AuthenticationStrategy {\n  public async getCredential(): Promise<KubernetesCredential> {\n    const client = new container.v1.ClusterManagerClient();\n    const token = await client.auth.getAccessToken();\n\n    if (!token) {\n      throw new Error(\n        'Unable to obtain access token for the current Google Application Default Credentials',\n      );\n    }\n    return { type: 'bearer token', token };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":["container"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA2BO,MAAM,4BAA+D,CAAA;AAAA,EAC1E,MAAa,aAA+C,GAAA;AAC1D,IAAA,MAAM,MAAS,GAAA,IAAIA,oBAAU,CAAA,EAAA,CAAG,oBAAqB,EAAA,CAAA;AACrD,IAAA,MAAM,KAAQ,GAAA,MAAM,MAAO,CAAA,IAAA,CAAK,cAAe,EAAA,CAAA;AAE/C,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,sFAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAO,OAAA,EAAE,IAAM,EAAA,cAAA,EAAgB,KAAM,EAAA,CAAA;AAAA,GACvC;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/GoogleStrategy.cjs.js

@@ -0,0 +1,22 @@
+'use strict';
+
+class GoogleStrategy {
+  async getCredential(_, requestAuth) {
+    const token = requestAuth.google;
+    if (!token) {
+      throw new Error(
+        "Google token not found under auth.google in request body"
+      );
+    }
+    return { type: "bearer token", token };
+  }
+  validateCluster() {
+    return [];
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.GoogleStrategy = GoogleStrategy;
+//# sourceMappingURL=GoogleStrategy.cjs.js.map

package/dist/auth/GoogleStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GoogleStrategy.cjs.js","sources":["../../src/auth/GoogleStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class GoogleStrategy implements AuthenticationStrategy {\n  public async getCredential(\n    _: ClusterDetails,\n    requestAuth: KubernetesRequestAuth,\n  ): Promise<KubernetesCredential> {\n    const token = requestAuth.google;\n    if (!token) {\n      throw new Error(\n        'Google token not found under auth.google in request body',\n      );\n    }\n    return { type: 'bearer token', token: token as string };\n  }\n\n  public validateCluster(): Error[] {\n    return [];\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":[],"mappings":";;AA4BO,MAAM,cAAiD,CAAA;AAAA,EAC5D,MAAa,aACX,CAAA,CAAA,EACA,WAC+B,EAAA;AAC/B,IAAA,MAAM,QAAQ,WAAY,CAAA,MAAA,CAAA;AAC1B,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,0DAAA;AAAA,OACF,CAAA;AAAA,KACF;AACA,IAAO,OAAA,EAAE,IAAM,EAAA,cAAA,EAAgB,KAAuB,EAAA,CAAA;AAAA,GACxD;AAAA,EAEO,eAA2B,GAAA;AAChC,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}

package/dist/auth/OidcStrategy.cjs.js

@@ -0,0 +1,34 @@
+'use strict';
+
+var pluginKubernetesCommon = require('@backstage/plugin-kubernetes-common');
+
+class OidcStrategy {
+  async getCredential(clusterDetails, authConfig) {
+    const oidcTokenProvider = clusterDetails.authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];
+    if (!oidcTokenProvider || oidcTokenProvider === "") {
+      throw new Error(
+        `oidc authProvider requires a configured oidcTokenProvider`
+      );
+    }
+    const token = authConfig.oidc?.[oidcTokenProvider];
+    if (!token) {
+      throw new Error(
+        `Auth token not found under oidc.${oidcTokenProvider} in request body`
+      );
+    }
+    return { type: "bearer token", token };
+  }
+  validateCluster(authMetadata) {
+    const oidcTokenProvider = authMetadata[pluginKubernetesCommon.ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];
+    if (!oidcTokenProvider || oidcTokenProvider === "") {
+      return [new Error(`Must specify a token provider for 'oidc' strategy`)];
+    }
+    return [];
+  }
+  presentAuthMetadata(_authMetadata) {
+    return {};
+  }
+}
+
+exports.OidcStrategy = OidcStrategy;
+//# sourceMappingURL=OidcStrategy.cjs.js.map

package/dist/auth/OidcStrategy.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OidcStrategy.cjs.js","sources":["../../src/auth/OidcStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { JsonObject } from '@backstage/types';\nimport {\n  ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER,\n  KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n  AuthMetadata,\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class OidcStrategy implements AuthenticationStrategy {\n  public async getCredential(\n    clusterDetails: ClusterDetails,\n    authConfig: KubernetesRequestAuth,\n  ): Promise<KubernetesCredential> {\n    const oidcTokenProvider =\n      clusterDetails.authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n\n    if (!oidcTokenProvider || oidcTokenProvider === '') {\n      throw new Error(\n        `oidc authProvider requires a configured oidcTokenProvider`,\n      );\n    }\n\n    const token = (authConfig.oidc as JsonObject | null)?.[oidcTokenProvider];\n\n    if (!token) {\n      throw new Error(\n        `Auth token not found under oidc.${oidcTokenProvider} in request body`,\n      );\n    }\n    return { type: 'bearer token', token: token as string };\n  }\n\n  public validateCluster(authMetadata: AuthMetadata): Error[] {\n    const oidcTokenProvider =\n      authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n    if (!oidcTokenProvider || oidcTokenProvider === '') {\n      return [new Error(`Must specify a token provider for 'oidc' strategy`)];\n    }\n    return [];\n  }\n\n  public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n    return {};\n  }\n}\n"],"names":["ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER"],"mappings":";;;;AA+BO,MAAM,YAA+C,CAAA;AAAA,EAC1D,MAAa,aACX,CAAA,cAAA,EACA,UAC+B,EAAA;AAC/B,IAAM,MAAA,iBAAA,GACJ,cAAe,CAAA,YAAA,CAAaA,gEAAyC,CAAA,CAAA;AAEvE,IAAI,IAAA,CAAC,iBAAqB,IAAA,iBAAA,KAAsB,EAAI,EAAA;AAClD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,yDAAA,CAAA;AAAA,OACF,CAAA;AAAA,KACF;AAEA,IAAM,MAAA,KAAA,GAAS,UAAW,CAAA,IAAA,GAA6B,iBAAiB,CAAA,CAAA;AAExE,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,mCAAmC,iBAAiB,CAAA,gBAAA,CAAA;AAAA,OACtD,CAAA;AAAA,KACF;AACA,IAAO,OAAA,EAAE,IAAM,EAAA,cAAA,EAAgB,KAAuB,EAAA,CAAA;AAAA,GACxD;AAAA,EAEO,gBAAgB,YAAqC,EAAA;AAC1D,IAAM,MAAA,iBAAA,GACJ,aAAaA,gEAAyC,CAAA,CAAA;AACxD,IAAI,IAAA,CAAC,iBAAqB,IAAA,iBAAA,KAAsB,EAAI,EAAA;AAClD,MAAA,OAAO,CAAC,IAAI,KAAM,CAAA,CAAA,iDAAA,CAAmD,CAAC,CAAA,CAAA;AAAA,KACxE;AACA,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AAAA,EAEO,oBAAoB,aAA2C,EAAA;AACpE,IAAA,OAAO,EAAC,CAAA;AAAA,GACV;AACF;;;;"}