@backstage/plugin-kubernetes-backend 0.19.9-next.0 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +34 -0
- package/config.d.ts +7 -0
- package/dist/auth/AksStrategy.cjs.js.map +1 -1
- package/dist/auth/AnonymousStrategy.cjs.js.map +1 -1
- package/dist/auth/AwsIamStrategy.cjs.js.map +1 -1
- package/dist/auth/AzureIdentityStrategy.cjs.js.map +1 -1
- package/dist/auth/DispatchStrategy.cjs.js.map +1 -1
- package/dist/auth/GoogleServiceAccountStrategy.cjs.js +22 -2
- package/dist/auth/GoogleServiceAccountStrategy.cjs.js.map +1 -1
- package/dist/auth/GoogleStrategy.cjs.js.map +1 -1
- package/dist/auth/OidcStrategy.cjs.js.map +1 -1
- package/dist/auth/ServiceAccountStrategy.cjs.js.map +1 -1
- package/dist/auth/buildDefaultAuthStrategyMap.cjs.js +27 -0
- package/dist/auth/buildDefaultAuthStrategyMap.cjs.js.map +1 -0
- package/dist/auth/requirePermission.cjs.js.map +1 -1
- package/dist/cluster-locator/CatalogClusterLocator.cjs.js +7 -10
- package/dist/cluster-locator/CatalogClusterLocator.cjs.js.map +1 -1
- package/dist/cluster-locator/ConfigClusterLocator.cjs.js.map +1 -1
- package/dist/cluster-locator/GkeClusterLocator.cjs.js.map +1 -1
- package/dist/cluster-locator/LocalKubectlProxyLocator.cjs.js.map +1 -1
- package/dist/cluster-locator/index.cjs.js +2 -2
- package/dist/cluster-locator/index.cjs.js.map +1 -1
- package/dist/index.cjs.js +0 -4
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +62 -220
- package/dist/package.json.cjs.js +2 -147
- package/dist/package.json.cjs.js.map +1 -1
- package/dist/plugin.cjs.js +60 -32
- package/dist/plugin.cjs.js.map +1 -1
- package/dist/routes/resourcesRoutes.cjs.js +3 -5
- package/dist/routes/resourcesRoutes.cjs.js.map +1 -1
- package/dist/service/KubernetesFanOutHandler.cjs.js.map +1 -1
- package/dist/service/KubernetesFetcher.cjs.js.map +1 -1
- package/dist/service/KubernetesInitializer.cjs.js +143 -0
- package/dist/service/KubernetesInitializer.cjs.js.map +1 -0
- package/dist/service/KubernetesProxy.cjs.js +1 -6
- package/dist/service/KubernetesProxy.cjs.js.map +1 -1
- package/dist/service/KubernetesRouter.cjs.js +167 -0
- package/dist/service/KubernetesRouter.cjs.js.map +1 -0
- package/dist/service/runPeriodically.cjs.js.map +1 -1
- package/dist/service-locator/CatalogRelationServiceLocator.cjs.js.map +1 -1
- package/dist/service-locator/MultiTenantServiceLocator.cjs.js.map +1 -1
- package/dist/service-locator/SingleTenantServiceLocator.cjs.js.map +1 -1
- package/dist/service-locator/buildDefaultServiceLocator.cjs.js +31 -0
- package/dist/service-locator/buildDefaultServiceLocator.cjs.js.map +1 -0
- package/package.json +31 -51
- package/dist/alpha.cjs.js +0 -10
- package/dist/alpha.cjs.js.map +0 -1
- package/dist/alpha.d.ts +0 -6
- package/dist/service/KubernetesBuilder.cjs.js +0 -381
- package/dist/service/KubernetesBuilder.cjs.js.map +0 -1
- package/dist/service/router.cjs.js +0 -11
- package/dist/service/router.cjs.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,39 @@
|
|
|
1
1
|
# @backstage/plugin-kubernetes-backend
|
|
2
2
|
|
|
3
|
+
## 0.20.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 759568d: **BREAKING CHANGE**: Removed support for the legacy backend system. This means that the deprecated `createRouter` and `KubernetesBuilder` and related types have been removed. Please refer to the [relevant documentation](https://backstage.io/docs/features/kubernetes/installation/#adding-kubernetes-backend-plugin) to configure the Kubernetes plugin.
|
|
8
|
+
|
|
9
|
+
**BREAKING CHANGE**: The deprecated types `AuthenticationStrategy`, `AuthMetadata`, `ClusterDetails`, `CustomResource`, `CustomResourcesByEntity`, `FetchResponseWrapper`, `KubernetesBuilder`, `KubernetesBuilderReturn`, `KubernetesClustersSupplier`, `KubernetesCredential`, `KubernetesEnvironment`, `KubernetesFetcher`, `KubernetesObjectsProvider`, `KubernetesObjectTypes`, `KubernetesServiceLocator`,`ObjectFetchParams`, `ObjectToFetch`,`RouterOptions` and `ServiceLocatorRequestContext` should all now be imported from `@backstage/plugin-kubernetes-node`.
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- 00ebaeb: Remove usage of the deprecated `loggerToWinstonLogger` from `@backstage/backend-common`.
|
|
14
|
+
- 79e342e: Added support for providing a factory to the extension points
|
|
15
|
+
- 5f424c6: Added support for Google Service account credentials config to use in GoogleServiceAccountStrategy
|
|
16
|
+
- Updated dependencies
|
|
17
|
+
- @backstage/catalog-client@1.11.0
|
|
18
|
+
- @backstage/plugin-catalog-node@1.18.0
|
|
19
|
+
- @backstage/plugin-kubernetes-node@0.3.3
|
|
20
|
+
- @backstage/plugin-auth-node@0.6.6
|
|
21
|
+
- @backstage/plugin-permission-node@0.10.3
|
|
22
|
+
- @backstage/backend-plugin-api@1.4.2
|
|
23
|
+
|
|
24
|
+
## 0.20.0-next.1
|
|
25
|
+
|
|
26
|
+
### Minor Changes
|
|
27
|
+
|
|
28
|
+
- 759568d: **BREAKING CHANGE**: Removed support for the legacy backend system. This means that the deprecated `createRouter` and `KubernetesBuilder` and related types have been removed. Please refer to the [relevant documentation](https://backstage.io/docs/features/kubernetes/installation/#adding-kubernetes-backend-plugin) to configure the Kubernetes plugin.
|
|
29
|
+
|
|
30
|
+
**BREAKING CHANGE**: The deprecated types `AuthenticationStrategy`, `AuthMetadata`, `ClusterDetails`, `CustomResource`, `CustomResourcesByEntity`, `FetchResponseWrapper`, `KubernetesBuilder`, `KubernetesBuilderReturn`, `KubernetesClustersSupplier`, `KubernetesCredential`, `KubernetesEnvironment`, `KubernetesFetcher`, `KubernetesObjectsProvider`, `KubernetesObjectTypes`, `KubernetesServiceLocator`,`ObjectFetchParams`, `ObjectToFetch`,`RouterOptions` and `ServiceLocatorRequestContext` should all now be imported from `@backstage/plugin-kubernetes-node`.
|
|
31
|
+
|
|
32
|
+
### Patch Changes
|
|
33
|
+
|
|
34
|
+
- Updated dependencies
|
|
35
|
+
- @backstage/plugin-kubernetes-node@0.3.3-next.0
|
|
36
|
+
|
|
3
37
|
## 0.19.9-next.0
|
|
4
38
|
|
|
5
39
|
### Patch Changes
|
package/config.d.ts
CHANGED
|
@@ -98,6 +98,13 @@ export interface Config {
|
|
|
98
98
|
plural: string;
|
|
99
99
|
}>;
|
|
100
100
|
|
|
101
|
+
/**
|
|
102
|
+
* (Optional) Google Service Account credentials for authentication
|
|
103
|
+
* JSON string containing the service account key
|
|
104
|
+
* @visibility secret
|
|
105
|
+
*/
|
|
106
|
+
googleServiceAccountCredentials?: string;
|
|
107
|
+
|
|
101
108
|
/**
|
|
102
109
|
* (Optional) API Version Overrides
|
|
103
110
|
* If set, the specified api version will be used to make requests for the corresponding object.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AksStrategy.cjs.js","sources":["../../src/auth/AksStrategy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\n\n/**\n *\n * @public\n */\nexport class AksStrategy implements AuthenticationStrategy {\n public async getCredential(\n _: ClusterDetails,\n requestAuth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const token = requestAuth.aks;\n return token\n ? { type: 'bearer token', token: token as string }\n : { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA2BO,MAAM,
|
|
1
|
+
{"version":3,"file":"AksStrategy.cjs.js","sources":["../../src/auth/AksStrategy.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\n\n/**\n *\n * @public\n */\nexport class AksStrategy implements AuthenticationStrategy {\n public async getCredential(\n _: ClusterDetails,\n requestAuth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const token = requestAuth.aks;\n return token\n ? { type: 'bearer token', token: token as string }\n : { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA2BO,MAAM,WAAA,CAA8C;AAAA,EACzD,MAAa,aAAA,CACX,CAAA,EACA,WAAA,EAC+B;AAC/B,IAAA,MAAM,QAAQ,WAAA,CAAY,GAAA;AAC1B,IAAA,OAAO,KAAA,GACH,EAAE,IAAA,EAAM,cAAA,EAAgB,OAAuB,GAC/C,EAAE,MAAM,WAAA,EAAY;AAAA,EAC1B;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AnonymousStrategy.cjs.js","sources":["../../src/auth/AnonymousStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class AnonymousStrategy implements AuthenticationStrategy {\n public async getCredential(): Promise<KubernetesCredential> {\n return { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA0BO,MAAM,
|
|
1
|
+
{"version":3,"file":"AnonymousStrategy.cjs.js","sources":["../../src/auth/AnonymousStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class AnonymousStrategy implements AuthenticationStrategy {\n public async getCredential(): Promise<KubernetesCredential> {\n return { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA0BO,MAAM,iBAAA,CAAoD;AAAA,EAC/D,MAAa,aAAA,GAA+C;AAC1D,IAAA,OAAO,EAAE,MAAM,WAAA,EAAY;AAAA,EAC7B;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AwsIamStrategy.cjs.js","sources":["../../src/auth/AwsIamStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { fromTemporaryCredentials } from '@aws-sdk/credential-providers';\nimport { SignatureV4 } from '@aws-sdk/signature-v4';\nimport { Sha256 } from '@aws-crypto/sha256-js';\nimport {\n AwsCredentialsManager,\n DefaultAwsCredentialsManager,\n} from '@backstage/integration-aws-node';\nimport { Config } from '@backstage/config';\nimport {\n ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE,\n ANNOTATION_KUBERNETES_AWS_CLUSTER_ID,\n ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type SigningCreds = {\n accessKeyId: string | undefined;\n secretAccessKey: string | undefined;\n sessionToken: string | undefined;\n};\n\nconst defaultRegion = 'us-east-1';\n\n/**\n *\n * @public\n */\nexport class AwsIamStrategy implements AuthenticationStrategy {\n private readonly credsManager: AwsCredentialsManager;\n\n constructor(opts: { config: Config }) {\n this.credsManager = DefaultAwsCredentialsManager.fromConfig(opts.config);\n }\n\n public async getCredential(\n clusterDetails: ClusterDetails,\n ): Promise<KubernetesCredential> {\n return {\n type: 'bearer token',\n token: await this.getBearerToken(\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_CLUSTER_ID] ??\n clusterDetails.name,\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE],\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID],\n ),\n };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n private async getBearerToken(\n clusterId: string,\n assumeRole?: string,\n externalId?: string,\n ): Promise<string> {\n const region = process.env.AWS_REGION ?? defaultRegion;\n\n let credentials = (await this.credsManager.getCredentialProvider())\n .sdkCredentialProvider;\n if (assumeRole) {\n credentials = fromTemporaryCredentials({\n masterCredentials: credentials,\n clientConfig: {\n region,\n },\n params: {\n RoleArn: assumeRole,\n ExternalId: externalId,\n },\n });\n }\n\n const signer = new SignatureV4({\n credentials,\n region,\n service: 'sts',\n sha256: Sha256,\n });\n\n const request = await signer.presign(\n {\n headers: {\n host: `sts.${region}.amazonaws.com`,\n 'x-k8s-aws-id': clusterId,\n },\n hostname: `sts.${region}.amazonaws.com`,\n method: 'GET',\n path: '/',\n protocol: 'https:',\n query: {\n Action: 'GetCallerIdentity',\n Version: '2011-06-15',\n },\n },\n { expiresIn: 0 },\n );\n\n const query = Object.keys(request?.query ?? {})\n .map(\n q =>\n `${encodeURIComponent(q)}=${encodeURIComponent(\n request.query?.[q] as string,\n )}`,\n )\n .join('&');\n\n const url = `https://${request.hostname}${request.path}?${query}`;\n\n return `k8s-aws-v1.${Buffer.from(url).toString('base64url')}`;\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["DefaultAwsCredentialsManager","ANNOTATION_KUBERNETES_AWS_CLUSTER_ID","ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE","ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID","fromTemporaryCredentials","SignatureV4","Sha256"],"mappings":";;;;;;;;AA6CA,MAAM,
|
|
1
|
+
{"version":3,"file":"AwsIamStrategy.cjs.js","sources":["../../src/auth/AwsIamStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { fromTemporaryCredentials } from '@aws-sdk/credential-providers';\nimport { SignatureV4 } from '@aws-sdk/signature-v4';\nimport { Sha256 } from '@aws-crypto/sha256-js';\nimport {\n AwsCredentialsManager,\n DefaultAwsCredentialsManager,\n} from '@backstage/integration-aws-node';\nimport { Config } from '@backstage/config';\nimport {\n ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE,\n ANNOTATION_KUBERNETES_AWS_CLUSTER_ID,\n ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type SigningCreds = {\n accessKeyId: string | undefined;\n secretAccessKey: string | undefined;\n sessionToken: string | undefined;\n};\n\nconst defaultRegion = 'us-east-1';\n\n/**\n *\n * @public\n */\nexport class AwsIamStrategy implements AuthenticationStrategy {\n private readonly credsManager: AwsCredentialsManager;\n\n constructor(opts: { config: Config }) {\n this.credsManager = DefaultAwsCredentialsManager.fromConfig(opts.config);\n }\n\n public async getCredential(\n clusterDetails: ClusterDetails,\n ): Promise<KubernetesCredential> {\n return {\n type: 'bearer token',\n token: await this.getBearerToken(\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_CLUSTER_ID] ??\n clusterDetails.name,\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE],\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID],\n ),\n };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n private async getBearerToken(\n clusterId: string,\n assumeRole?: string,\n externalId?: string,\n ): Promise<string> {\n const region = process.env.AWS_REGION ?? defaultRegion;\n\n let credentials = (await this.credsManager.getCredentialProvider())\n .sdkCredentialProvider;\n if (assumeRole) {\n credentials = fromTemporaryCredentials({\n masterCredentials: credentials,\n clientConfig: {\n region,\n },\n params: {\n RoleArn: assumeRole,\n ExternalId: externalId,\n },\n });\n }\n\n const signer = new SignatureV4({\n credentials,\n region,\n service: 'sts',\n sha256: Sha256,\n });\n\n const request = await signer.presign(\n {\n headers: {\n host: `sts.${region}.amazonaws.com`,\n 'x-k8s-aws-id': clusterId,\n },\n hostname: `sts.${region}.amazonaws.com`,\n method: 'GET',\n path: '/',\n protocol: 'https:',\n query: {\n Action: 'GetCallerIdentity',\n Version: '2011-06-15',\n },\n },\n { expiresIn: 0 },\n );\n\n const query = Object.keys(request?.query ?? {})\n .map(\n q =>\n `${encodeURIComponent(q)}=${encodeURIComponent(\n request.query?.[q] as string,\n )}`,\n )\n .join('&');\n\n const url = `https://${request.hostname}${request.path}?${query}`;\n\n return `k8s-aws-v1.${Buffer.from(url).toString('base64url')}`;\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["DefaultAwsCredentialsManager","ANNOTATION_KUBERNETES_AWS_CLUSTER_ID","ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE","ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID","fromTemporaryCredentials","SignatureV4","Sha256"],"mappings":";;;;;;;;AA6CA,MAAM,aAAA,GAAgB,WAAA;AAMf,MAAM,cAAA,CAAiD;AAAA,EAC3C,YAAA;AAAA,EAEjB,YAAY,IAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,YAAA,GAAeA,+CAAA,CAA6B,UAAA,CAAW,IAAA,CAAK,MAAM,CAAA;AAAA,EACzE;AAAA,EAEA,MAAa,cACX,cAAA,EAC+B;AAC/B,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,MAAM,IAAA,CAAK,cAAA;AAAA,QAChB,cAAA,CAAe,YAAA,CAAaC,2DAAoC,CAAA,IAC9D,cAAA,CAAe,IAAA;AAAA,QACjB,cAAA,CAAe,aAAaC,4DAAqC,CAAA;AAAA,QACjE,cAAA,CAAe,aAAaC,4DAAqC;AAAA;AACnE,KACF;AAAA,EACF;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEA,MAAc,cAAA,CACZ,SAAA,EACA,UAAA,EACA,UAAA,EACiB;AACjB,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,GAAA,CAAI,UAAA,IAAc,aAAA;AAEzC,IAAA,IAAI,WAAA,GAAA,CAAe,MAAM,IAAA,CAAK,YAAA,CAAa,uBAAsB,EAC9D,qBAAA;AACH,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,WAAA,GAAcC,4CAAA,CAAyB;AAAA,QACrC,iBAAA,EAAmB,WAAA;AAAA,QACnB,YAAA,EAAc;AAAA,UACZ;AAAA,SACF;AAAA,QACA,MAAA,EAAQ;AAAA,UACN,OAAA,EAAS,UAAA;AAAA,UACT,UAAA,EAAY;AAAA;AACd,OACD,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,IAAIC,uBAAA,CAAY;AAAA,MAC7B,WAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQC;AAAA,KACT,CAAA;AAED,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA;AAAA,MAC3B;AAAA,QACE,OAAA,EAAS;AAAA,UACP,IAAA,EAAM,OAAO,MAAM,CAAA,cAAA,CAAA;AAAA,UACnB,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,QAAA,EAAU,OAAO,MAAM,CAAA,cAAA,CAAA;AAAA,QACvB,MAAA,EAAQ,KAAA;AAAA,QACR,IAAA,EAAM,GAAA;AAAA,QACN,QAAA,EAAU,QAAA;AAAA,QACV,KAAA,EAAO;AAAA,UACL,MAAA,EAAQ,mBAAA;AAAA,UACR,OAAA,EAAS;AAAA;AACX,OACF;AAAA,MACA,EAAE,WAAW,CAAA;AAAE,KACjB;AAEA,IAAA,MAAM,QAAQ,MAAA,CAAO,IAAA,CAAK,SAAS,KAAA,IAAS,EAAE,CAAA,CAC3C,GAAA;AAAA,MACC,CAAA,CAAA,KACE,CAAA,EAAG,kBAAA,CAAmB,CAAC,CAAC,CAAA,CAAA,EAAI,kBAAA;AAAA,QAC1B,OAAA,CAAQ,QAAQ,CAAC;AAAA,OAClB,CAAA;AAAA,KACL,CACC,KAAK,GAAG,CAAA;AAEX,IAAA,MAAM,GAAA,GAAM,WAAW,OAAA,CAAQ,QAAQ,GAAG,OAAA,CAAQ,IAAI,IAAI,KAAK,CAAA,CAAA;AAE/D,IAAA,OAAO,cAAc,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAC,CAAA,CAAA;AAAA,EAC7D;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AzureIdentityStrategy.cjs.js","sources":["../../src/auth/AzureIdentityStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AccessToken,\n DefaultAzureCredential,\n TokenCredential,\n} from '@azure/identity';\nimport {\n AuthenticationStrategy,\n AuthMetadata,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst aksScope = '6dae42f8-4368-4678-94ff-3960e28e3630/.default'; // This scope is the same for all Azure Managed Kubernetes\n\n/**\n *\n * @public\n */\nexport class AzureIdentityStrategy implements AuthenticationStrategy {\n private accessToken: AccessToken = { token: '', expiresOnTimestamp: 0 };\n private newTokenPromise: Promise<string> | undefined;\n\n constructor(\n private readonly logger: LoggerService,\n private readonly tokenCredential: TokenCredential = new DefaultAzureCredential(),\n ) {}\n\n public async getCredential(): Promise<KubernetesCredential> {\n if (!this.tokenRequiresRefresh()) {\n return { type: 'bearer token', token: this.accessToken.token };\n }\n\n if (!this.newTokenPromise) {\n this.newTokenPromise = this.fetchNewToken();\n }\n\n return this.newTokenPromise\n ? { type: 'bearer token', token: await this.newTokenPromise }\n : { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n private async fetchNewToken(): Promise<string> {\n try {\n this.logger.info('Fetching new Azure token for AKS');\n\n const newAccessToken = await this.tokenCredential.getToken(aksScope, {\n requestOptions: { timeout: 10_000 }, // 10 seconds\n });\n if (!newAccessToken) {\n throw new Error('AccessToken is null');\n }\n\n this.accessToken = newAccessToken;\n } catch (err) {\n this.logger.error('Unable to fetch Azure token', err);\n\n // only throw the error if the token has already expired, otherwise re-use existing until we're able to fetch a new token\n if (this.tokenExpired()) {\n throw err;\n }\n }\n\n this.newTokenPromise = undefined;\n return this.accessToken.token;\n }\n\n private tokenRequiresRefresh(): boolean {\n // Set tokens to expire 15 minutes before its actual expiry time\n const expiresOn = this.accessToken.expiresOnTimestamp - 15 * 60 * 1000;\n return Date.now() >= expiresOn;\n }\n\n private tokenExpired(): boolean {\n return Date.now() >= this.accessToken.expiresOnTimestamp;\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["DefaultAzureCredential"],"mappings":";;;;AA4BA,MAAM,
|
|
1
|
+
{"version":3,"file":"AzureIdentityStrategy.cjs.js","sources":["../../src/auth/AzureIdentityStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AccessToken,\n DefaultAzureCredential,\n TokenCredential,\n} from '@azure/identity';\nimport {\n AuthenticationStrategy,\n AuthMetadata,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst aksScope = '6dae42f8-4368-4678-94ff-3960e28e3630/.default'; // This scope is the same for all Azure Managed Kubernetes\n\n/**\n *\n * @public\n */\nexport class AzureIdentityStrategy implements AuthenticationStrategy {\n private accessToken: AccessToken = { token: '', expiresOnTimestamp: 0 };\n private newTokenPromise: Promise<string> | undefined;\n\n constructor(\n private readonly logger: LoggerService,\n private readonly tokenCredential: TokenCredential = new DefaultAzureCredential(),\n ) {}\n\n public async getCredential(): Promise<KubernetesCredential> {\n if (!this.tokenRequiresRefresh()) {\n return { type: 'bearer token', token: this.accessToken.token };\n }\n\n if (!this.newTokenPromise) {\n this.newTokenPromise = this.fetchNewToken();\n }\n\n return this.newTokenPromise\n ? { type: 'bearer token', token: await this.newTokenPromise }\n : { type: 'anonymous' };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n private async fetchNewToken(): Promise<string> {\n try {\n this.logger.info('Fetching new Azure token for AKS');\n\n const newAccessToken = await this.tokenCredential.getToken(aksScope, {\n requestOptions: { timeout: 10_000 }, // 10 seconds\n });\n if (!newAccessToken) {\n throw new Error('AccessToken is null');\n }\n\n this.accessToken = newAccessToken;\n } catch (err) {\n this.logger.error('Unable to fetch Azure token', err);\n\n // only throw the error if the token has already expired, otherwise re-use existing until we're able to fetch a new token\n if (this.tokenExpired()) {\n throw err;\n }\n }\n\n this.newTokenPromise = undefined;\n return this.accessToken.token;\n }\n\n private tokenRequiresRefresh(): boolean {\n // Set tokens to expire 15 minutes before its actual expiry time\n const expiresOn = this.accessToken.expiresOnTimestamp - 15 * 60 * 1000;\n return Date.now() >= expiresOn;\n }\n\n private tokenExpired(): boolean {\n return Date.now() >= this.accessToken.expiresOnTimestamp;\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["DefaultAzureCredential"],"mappings":";;;;AA4BA,MAAM,QAAA,GAAW,+CAAA;AAMV,MAAM,qBAAA,CAAwD;AAAA,EAInE,WAAA,CACmB,MAAA,EACA,eAAA,GAAmC,IAAIA,iCAAuB,EAC/E;AAFiB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AAAA,EAChB;AAAA,EANK,WAAA,GAA2B,EAAE,KAAA,EAAO,EAAA,EAAI,oBAAoB,CAAA,EAAE;AAAA,EAC9D,eAAA;AAAA,EAOR,MAAa,aAAA,GAA+C;AAC1D,IAAA,IAAI,CAAC,IAAA,CAAK,oBAAA,EAAqB,EAAG;AAChC,MAAA,OAAO,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAO,IAAA,CAAK,YAAY,KAAA,EAAM;AAAA,IAC/D;AAEA,IAAA,IAAI,CAAC,KAAK,eAAA,EAAiB;AACzB,MAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,aAAA,EAAc;AAAA,IAC5C;AAEA,IAAA,OAAO,IAAA,CAAK,eAAA,GACR,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAO,MAAM,IAAA,CAAK,eAAA,EAAgB,GAC1D,EAAE,IAAA,EAAM,WAAA,EAAY;AAAA,EAC1B;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEA,MAAc,aAAA,GAAiC;AAC7C,IAAA,IAAI;AACF,MAAA,IAAA,CAAK,MAAA,CAAO,KAAK,kCAAkC,CAAA;AAEnD,MAAA,MAAM,cAAA,GAAiB,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,QAAA,EAAU;AAAA,QACnE,cAAA,EAAgB,EAAE,OAAA,EAAS,GAAA;AAAO;AAAA,OACnC,CAAA;AACD,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,MACvC;AAEA,MAAA,IAAA,CAAK,WAAA,GAAc,cAAA;AAAA,IACrB,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,MAAA,CAAO,KAAA,CAAM,6BAAA,EAA+B,GAAG,CAAA;AAGpD,MAAA,IAAI,IAAA,CAAK,cAAa,EAAG;AACvB,QAAA,MAAM,GAAA;AAAA,MACR;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,eAAA,GAAkB,MAAA;AACvB,IAAA,OAAO,KAAK,WAAA,CAAY,KAAA;AAAA,EAC1B;AAAA,EAEQ,oBAAA,GAAgC;AAEtC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,WAAA,CAAY,kBAAA,GAAqB,KAAK,EAAA,GAAK,GAAA;AAClE,IAAA,OAAO,IAAA,CAAK,KAAI,IAAK,SAAA;AAAA,EACvB;AAAA,EAEQ,YAAA,GAAwB;AAC9B,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,IAAK,IAAA,CAAK,WAAA,CAAY,kBAAA;AAAA,EACxC;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DispatchStrategy.cjs.js","sources":["../../src/auth/DispatchStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type DispatchStrategyOptions = {\n authStrategyMap: {\n [key: string]: AuthenticationStrategy;\n };\n};\n/**\n * used to direct a KubernetesAuthProvider to its corresponding AuthenticationStrategy\n * @public\n */\nexport class DispatchStrategy implements AuthenticationStrategy {\n private readonly strategyMap: { [key: string]: AuthenticationStrategy };\n\n constructor(options: DispatchStrategyOptions) {\n this.strategyMap = options.authStrategyMap;\n }\n\n public getCredential(\n clusterDetails: ClusterDetails,\n auth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const authProvider =\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n if (this.strategyMap[authProvider]) {\n return this.strategyMap[authProvider].getCredential(clusterDetails, auth);\n }\n throw new Error(\n `authProvider \"${authProvider}\" has no AuthenticationStrategy associated with it`,\n );\n }\n\n public validateCluster(authMetadata: AuthMetadata): Error[] {\n const authProvider = authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n const strategy = this.strategyMap[authProvider];\n if (!strategy) {\n return [\n new Error(\n `authProvider \"${authProvider}\" has no config associated with it`,\n ),\n ];\n }\n return strategy.validateCluster(authMetadata);\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_AUTH_PROVIDER"],"mappings":";;;;AAwCO,MAAM,
|
|
1
|
+
{"version":3,"file":"DispatchStrategy.cjs.js","sources":["../../src/auth/DispatchStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport type DispatchStrategyOptions = {\n authStrategyMap: {\n [key: string]: AuthenticationStrategy;\n };\n};\n/**\n * used to direct a KubernetesAuthProvider to its corresponding AuthenticationStrategy\n * @public\n */\nexport class DispatchStrategy implements AuthenticationStrategy {\n private readonly strategyMap: { [key: string]: AuthenticationStrategy };\n\n constructor(options: DispatchStrategyOptions) {\n this.strategyMap = options.authStrategyMap;\n }\n\n public getCredential(\n clusterDetails: ClusterDetails,\n auth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const authProvider =\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n\n if (this.strategyMap[authProvider]) {\n return this.strategyMap[authProvider].getCredential(clusterDetails, auth);\n }\n throw new Error(\n `authProvider \"${authProvider}\" has no AuthenticationStrategy associated with it`,\n );\n }\n\n public validateCluster(authMetadata: AuthMetadata): Error[] {\n const authProvider = authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n const strategy = this.strategyMap[authProvider];\n if (!strategy) {\n return [\n new Error(\n `authProvider \"${authProvider}\" has no config associated with it`,\n ),\n ];\n }\n return strategy.validateCluster(authMetadata);\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_AUTH_PROVIDER"],"mappings":";;;;AAwCO,MAAM,gBAAA,CAAmD;AAAA,EAC7C,WAAA;AAAA,EAEjB,YAAY,OAAA,EAAkC;AAC5C,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,eAAA;AAAA,EAC7B;AAAA,EAEO,aAAA,CACL,gBACA,IAAA,EAC+B;AAC/B,IAAA,MAAM,YAAA,GACJ,cAAA,CAAe,YAAA,CAAaA,0DAAmC,CAAA;AAEjE,IAAA,IAAI,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA,EAAG;AAClC,MAAA,OAAO,KAAK,WAAA,CAAY,YAAY,CAAA,CAAE,aAAA,CAAc,gBAAgB,IAAI,CAAA;AAAA,IAC1E;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,iBAAiB,YAAY,CAAA,kDAAA;AAAA,KAC/B;AAAA,EACF;AAAA,EAEO,gBAAgB,YAAA,EAAqC;AAC1D,IAAA,MAAM,YAAA,GAAe,aAAaA,0DAAmC,CAAA;AACrE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO;AAAA,QACL,IAAI,KAAA;AAAA,UACF,iBAAiB,YAAY,CAAA,kCAAA;AAAA;AAC/B,OACF;AAAA,IACF;AACA,IAAA,OAAO,QAAA,CAAS,gBAAgB,YAAY,CAAA;AAAA,EAC9C;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -23,12 +23,32 @@ function _interopNamespaceCompat(e) {
|
|
|
23
23
|
var container__namespace = /*#__PURE__*/_interopNamespaceCompat(container);
|
|
24
24
|
|
|
25
25
|
class GoogleServiceAccountStrategy {
|
|
26
|
+
credentials;
|
|
27
|
+
constructor(opts) {
|
|
28
|
+
this.credentials = opts.config.getOptionalString(
|
|
29
|
+
"kubernetes.googleServiceAccountCredentials"
|
|
30
|
+
);
|
|
31
|
+
}
|
|
26
32
|
async getCredential() {
|
|
27
|
-
|
|
33
|
+
let client;
|
|
34
|
+
if (this.credentials) {
|
|
35
|
+
try {
|
|
36
|
+
const credentialsObject = JSON.parse(this.credentials);
|
|
37
|
+
client = new container__namespace.v1.ClusterManagerClient({
|
|
38
|
+
credentials: credentialsObject
|
|
39
|
+
});
|
|
40
|
+
} catch (error) {
|
|
41
|
+
throw new Error(
|
|
42
|
+
`Failed to parse Google Service Account credentials from config: ${error instanceof Error ? error.message : "Invalid JSON"}`
|
|
43
|
+
);
|
|
44
|
+
}
|
|
45
|
+
} else {
|
|
46
|
+
client = new container__namespace.v1.ClusterManagerClient();
|
|
47
|
+
}
|
|
28
48
|
const token = await client.auth.getAccessToken();
|
|
29
49
|
if (!token) {
|
|
30
50
|
throw new Error(
|
|
31
|
-
"Unable to obtain access token for
|
|
51
|
+
"Unable to obtain access token for Google Cloud authentication. Check your credentials configuration."
|
|
32
52
|
);
|
|
33
53
|
}
|
|
34
54
|
return { type: "bearer token", token };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GoogleServiceAccountStrategy.cjs.js","sources":["../../src/auth/GoogleServiceAccountStrategy.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport * as container from '@google-cloud/container';\n\n/**\n *\n * @public\n */\nexport class GoogleServiceAccountStrategy implements AuthenticationStrategy {\n public async getCredential(): Promise<KubernetesCredential> {\n const client = new container.v1.ClusterManagerClient();\n const token = await client.auth.getAccessToken();\n\n if (!token) {\n throw new Error(\n 'Unable to obtain access token for
|
|
1
|
+
{"version":3,"file":"GoogleServiceAccountStrategy.cjs.js","sources":["../../src/auth/GoogleServiceAccountStrategy.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport * as container from '@google-cloud/container';\nimport { Config } from '@backstage/config';\n\n/**\n * GoogleServiceAccountStrategy provides authentication using Google Service Account credentials.\n *\n * Credentials can be provided via configuration:\n * ```yaml\n * kubernetes:\n * googleServiceAccountCredentials: |\n * {\n * \"type\": \"service_account\",\n * \"project_id\": \"your-project-id\",\n * \"private_key_id\": \"key-id\",\n * \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\",\n * \"client_email\": \"your-service-account@your-project.iam.gserviceaccount.com\",\n * \"client_id\": \"client-id\",\n * \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n * \"token_uri\": \"https://oauth2.googleapis.com/token\",\n * \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n * \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/...\"\n * }\n * ```\n *\n * If no credentials are provided in config, falls back to GOOGLE_APPLICATION_CREDENTIALS or ADC.\n *\n * @public\n */\nexport class GoogleServiceAccountStrategy implements AuthenticationStrategy {\n private readonly credentials?: string;\n\n constructor(opts: { config: Config }) {\n this.credentials = opts.config.getOptionalString(\n 'kubernetes.googleServiceAccountCredentials',\n );\n }\n public async getCredential(): Promise<KubernetesCredential> {\n let client: container.v1.ClusterManagerClient;\n\n if (this.credentials) {\n // Use credentials from config\n try {\n const credentialsObject = JSON.parse(this.credentials);\n\n client = new container.v1.ClusterManagerClient({\n credentials: credentialsObject,\n });\n } catch (error) {\n throw new Error(\n `Failed to parse Google Service Account credentials from config: ${\n error instanceof Error ? error.message : 'Invalid JSON'\n }`,\n );\n }\n } else {\n // Fall back to Application Default Credentials or GOOGLE_APPLICATION_CREDENTIALS\n client = new container.v1.ClusterManagerClient();\n }\n\n const token = await client.auth.getAccessToken();\n\n if (!token) {\n throw new Error(\n 'Unable to obtain access token for Google Cloud authentication. Check your credentials configuration.',\n );\n }\n return { type: 'bearer token', token };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["container"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAiDO,MAAM,4BAAA,CAA+D;AAAA,EACzD,WAAA;AAAA,EAEjB,YAAY,IAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,WAAA,GAAc,KAAK,MAAA,CAAO,iBAAA;AAAA,MAC7B;AAAA,KACF;AAAA,EACF;AAAA,EACA,MAAa,aAAA,GAA+C;AAC1D,IAAA,IAAI,MAAA;AAEJ,IAAA,IAAI,KAAK,WAAA,EAAa;AAEpB,MAAA,IAAI;AACF,QAAA,MAAM,iBAAA,GAAoB,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,WAAW,CAAA;AAErD,QAAA,MAAA,GAAS,IAAIA,oBAAA,CAAU,EAAA,CAAG,oBAAA,CAAqB;AAAA,UAC7C,WAAA,EAAa;AAAA,SACd,CAAA;AAAA,MACH,SAAS,KAAA,EAAO;AACd,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,gEAAA,EACE,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,cAC3C,CAAA;AAAA,SACF;AAAA,MACF;AAAA,IACF,CAAA,MAAO;AAEL,MAAA,MAAA,GAAS,IAAIA,oBAAA,CAAU,EAAA,CAAG,oBAAA,EAAqB;AAAA,IACjD;AAEA,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,IAAA,CAAK,cAAA,EAAe;AAE/C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAM;AAAA,EACvC;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GoogleStrategy.cjs.js","sources":["../../src/auth/GoogleStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class GoogleStrategy implements AuthenticationStrategy {\n public async getCredential(\n _: ClusterDetails,\n requestAuth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const token = requestAuth.google;\n if (!token) {\n throw new Error(\n 'Google token not found under auth.google in request body',\n );\n }\n return { type: 'bearer token', token: token as string };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA4BO,MAAM,
|
|
1
|
+
{"version":3,"file":"GoogleStrategy.cjs.js","sources":["../../src/auth/GoogleStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { KubernetesRequestAuth } from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class GoogleStrategy implements AuthenticationStrategy {\n public async getCredential(\n _: ClusterDetails,\n requestAuth: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const token = requestAuth.google;\n if (!token) {\n throw new Error(\n 'Google token not found under auth.google in request body',\n );\n }\n return { type: 'bearer token', token: token as string };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":[],"mappings":";;AA4BO,MAAM,cAAA,CAAiD;AAAA,EAC5D,MAAa,aAAA,CACX,CAAA,EACA,WAAA,EAC+B;AAC/B,IAAA,MAAM,QAAQ,WAAA,CAAY,MAAA;AAC1B,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAuB;AAAA,EACxD;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OidcStrategy.cjs.js","sources":["../../src/auth/OidcStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { JsonObject } from '@backstage/types';\nimport {\n ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER,\n KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class OidcStrategy implements AuthenticationStrategy {\n public async getCredential(\n clusterDetails: ClusterDetails,\n authConfig: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const oidcTokenProvider =\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n\n if (!oidcTokenProvider || oidcTokenProvider === '') {\n throw new Error(\n `oidc authProvider requires a configured oidcTokenProvider`,\n );\n }\n\n const token = (authConfig.oidc as JsonObject | null)?.[oidcTokenProvider];\n\n if (!token) {\n throw new Error(\n `Auth token not found under oidc.${oidcTokenProvider} in request body`,\n );\n }\n return { type: 'bearer token', token: token as string };\n }\n\n public validateCluster(authMetadata: AuthMetadata): Error[] {\n const oidcTokenProvider =\n authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n if (!oidcTokenProvider || oidcTokenProvider === '') {\n return [new Error(`Must specify a token provider for 'oidc' strategy`)];\n }\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER"],"mappings":";;;;AA+BO,MAAM,
|
|
1
|
+
{"version":3,"file":"OidcStrategy.cjs.js","sources":["../../src/auth/OidcStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { JsonObject } from '@backstage/types';\nimport {\n ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER,\n KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\n\n/**\n *\n * @public\n */\nexport class OidcStrategy implements AuthenticationStrategy {\n public async getCredential(\n clusterDetails: ClusterDetails,\n authConfig: KubernetesRequestAuth,\n ): Promise<KubernetesCredential> {\n const oidcTokenProvider =\n clusterDetails.authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n\n if (!oidcTokenProvider || oidcTokenProvider === '') {\n throw new Error(\n `oidc authProvider requires a configured oidcTokenProvider`,\n );\n }\n\n const token = (authConfig.oidc as JsonObject | null)?.[oidcTokenProvider];\n\n if (!token) {\n throw new Error(\n `Auth token not found under oidc.${oidcTokenProvider} in request body`,\n );\n }\n return { type: 'bearer token', token: token as string };\n }\n\n public validateCluster(authMetadata: AuthMetadata): Error[] {\n const oidcTokenProvider =\n authMetadata[ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER];\n if (!oidcTokenProvider || oidcTokenProvider === '') {\n return [new Error(`Must specify a token provider for 'oidc' strategy`)];\n }\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER"],"mappings":";;;;AA+BO,MAAM,YAAA,CAA+C;AAAA,EAC1D,MAAa,aAAA,CACX,cAAA,EACA,UAAA,EAC+B;AAC/B,IAAA,MAAM,iBAAA,GACJ,cAAA,CAAe,YAAA,CAAaA,gEAAyC,CAAA;AAEvE,IAAA,IAAI,CAAC,iBAAA,IAAqB,iBAAA,KAAsB,EAAA,EAAI;AAClD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,yDAAA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAS,UAAA,CAAW,IAAA,GAA6B,iBAAiB,CAAA;AAExE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,mCAAmC,iBAAiB,CAAA,gBAAA;AAAA,OACtD;AAAA,IACF;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAuB;AAAA,EACxD;AAAA,EAEO,gBAAgB,YAAA,EAAqC;AAC1D,IAAA,MAAM,iBAAA,GACJ,aAAaA,gEAAyC,CAAA;AACxD,IAAA,IAAI,CAAC,iBAAA,IAAqB,iBAAA,KAAsB,EAAA,EAAI;AAClD,MAAA,OAAO,CAAC,IAAI,KAAA,CAAM,CAAA,iDAAA,CAAmD,CAAC,CAAA;AAAA,IACxE;AACA,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServiceAccountStrategy.cjs.js","sources":["../../src/auth/ServiceAccountStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport type { User } from '@kubernetes/client-node';\nimport fs from 'fs-extra';\n\n/**\n *\n * @public\n */\nexport class ServiceAccountStrategy implements AuthenticationStrategy {\n // Only used in tests\n private injectedKubernetesClient?: typeof import('@kubernetes/client-node');\n\n public async getCredential(\n clusterDetails: ClusterDetails,\n ): Promise<KubernetesCredential> {\n const { KubeConfig } =\n this.injectedKubernetesClient ??\n (await import('@kubernetes/client-node'));\n\n const token = clusterDetails.authMetadata.serviceAccountToken;\n if (token) {\n return { type: 'bearer token', token };\n }\n const kc = new KubeConfig();\n kc.loadFromCluster();\n // loadFromCluster is guaranteed to populate the user\n const user = kc.getCurrentUser() as User;\n\n return {\n type: 'bearer token',\n token: fs.readFileSync(user.authProvider.config.tokenFile).toString(),\n };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["fs"],"mappings":";;;;;;;;AA6BO,MAAM,
|
|
1
|
+
{"version":3,"file":"ServiceAccountStrategy.cjs.js","sources":["../../src/auth/ServiceAccountStrategy.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthMetadata,\n AuthenticationStrategy,\n ClusterDetails,\n KubernetesCredential,\n} from '@backstage/plugin-kubernetes-node';\nimport type { User } from '@kubernetes/client-node';\nimport fs from 'fs-extra';\n\n/**\n *\n * @public\n */\nexport class ServiceAccountStrategy implements AuthenticationStrategy {\n // Only used in tests\n private injectedKubernetesClient?: typeof import('@kubernetes/client-node');\n\n public async getCredential(\n clusterDetails: ClusterDetails,\n ): Promise<KubernetesCredential> {\n const { KubeConfig } =\n this.injectedKubernetesClient ??\n (await import('@kubernetes/client-node'));\n\n const token = clusterDetails.authMetadata.serviceAccountToken;\n if (token) {\n return { type: 'bearer token', token };\n }\n const kc = new KubeConfig();\n kc.loadFromCluster();\n // loadFromCluster is guaranteed to populate the user\n const user = kc.getCurrentUser() as User;\n\n return {\n type: 'bearer token',\n token: fs.readFileSync(user.authProvider.config.tokenFile).toString(),\n };\n }\n\n public validateCluster(): Error[] {\n return [];\n }\n\n public presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata {\n return {};\n }\n}\n"],"names":["fs"],"mappings":";;;;;;;;AA6BO,MAAM,sBAAA,CAAyD;AAAA;AAAA,EAE5D,wBAAA;AAAA,EAER,MAAa,cACX,cAAA,EAC+B;AAC/B,IAAA,MAAM,EAAE,UAAA,EAAW,GACjB,KAAK,wBAAA,IACJ,MAAM,OAAO,yBAAyB,CAAA;AAEzC,IAAA,MAAM,KAAA,GAAQ,eAAe,YAAA,CAAa,mBAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,OAAO,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAM;AAAA,IACvC;AACA,IAAA,MAAM,EAAA,GAAK,IAAI,UAAA,EAAW;AAC1B,IAAA,EAAA,CAAG,eAAA,EAAgB;AAEnB,IAAA,MAAM,IAAA,GAAO,GAAG,cAAA,EAAe;AAE/B,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAOA,oBAAG,YAAA,CAAa,IAAA,CAAK,aAAa,MAAA,CAAO,SAAS,EAAE,QAAA;AAAS,KACtE;AAAA,EACF;AAAA,EAEO,eAAA,GAA2B;AAChC,IAAA,OAAO,EAAC;AAAA,EACV;AAAA,EAEO,oBAAoB,aAAA,EAA2C;AACpE,IAAA,OAAO,EAAC;AAAA,EACV;AACF;;;;"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var AksStrategy = require('./AksStrategy.cjs.js');
|
|
4
|
+
var AwsIamStrategy = require('./AwsIamStrategy.cjs.js');
|
|
5
|
+
var AzureIdentityStrategy = require('./AzureIdentityStrategy.cjs.js');
|
|
6
|
+
var GoogleStrategy = require('./GoogleStrategy.cjs.js');
|
|
7
|
+
var GoogleServiceAccountStrategy = require('./GoogleServiceAccountStrategy.cjs.js');
|
|
8
|
+
var AnonymousStrategy = require('./AnonymousStrategy.cjs.js');
|
|
9
|
+
var OidcStrategy = require('./OidcStrategy.cjs.js');
|
|
10
|
+
var ServiceAccountStrategy = require('./ServiceAccountStrategy.cjs.js');
|
|
11
|
+
|
|
12
|
+
const buildDefaultAuthStrategyMap = ({
|
|
13
|
+
logger,
|
|
14
|
+
config
|
|
15
|
+
}) => /* @__PURE__ */ new Map([
|
|
16
|
+
["aks", new AksStrategy.AksStrategy()],
|
|
17
|
+
["aws", new AwsIamStrategy.AwsIamStrategy({ config })],
|
|
18
|
+
["azure", new AzureIdentityStrategy.AzureIdentityStrategy(logger)],
|
|
19
|
+
["google", new GoogleStrategy.GoogleStrategy()],
|
|
20
|
+
["googleServiceAccount", new GoogleServiceAccountStrategy.GoogleServiceAccountStrategy({ config })],
|
|
21
|
+
["localKubectlProxy", new AnonymousStrategy.AnonymousStrategy()],
|
|
22
|
+
["oidc", new OidcStrategy.OidcStrategy()],
|
|
23
|
+
["serviceAccount", new ServiceAccountStrategy.ServiceAccountStrategy()]
|
|
24
|
+
]);
|
|
25
|
+
|
|
26
|
+
exports.buildDefaultAuthStrategyMap = buildDefaultAuthStrategyMap;
|
|
27
|
+
//# sourceMappingURL=buildDefaultAuthStrategyMap.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"buildDefaultAuthStrategyMap.cjs.js","sources":["../../src/auth/buildDefaultAuthStrategyMap.ts"],"sourcesContent":["/*\n * Copyright 2025 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n LoggerService,\n RootConfigService,\n} from '@backstage/backend-plugin-api';\nimport { AuthenticationStrategy } from '@backstage/plugin-kubernetes-node';\nimport { AksStrategy } from './AksStrategy';\nimport { AwsIamStrategy } from './AwsIamStrategy';\nimport { AzureIdentityStrategy } from './AzureIdentityStrategy';\nimport { GoogleStrategy } from './GoogleStrategy';\nimport { GoogleServiceAccountStrategy } from './GoogleServiceAccountStrategy';\nimport { AnonymousStrategy } from './AnonymousStrategy';\nimport { OidcStrategy } from './OidcStrategy';\nimport { ServiceAccountStrategy } from './ServiceAccountStrategy';\n\nexport const buildDefaultAuthStrategyMap = ({\n logger,\n config,\n}: {\n logger: LoggerService;\n config: RootConfigService;\n}): Map<string, AuthenticationStrategy> =>\n new Map([\n ['aks', new AksStrategy()],\n ['aws', new AwsIamStrategy({ config })],\n ['azure', new AzureIdentityStrategy(logger)],\n ['google', new GoogleStrategy()],\n ['googleServiceAccount', new GoogleServiceAccountStrategy({ config })],\n ['localKubectlProxy', new AnonymousStrategy()],\n ['oidc', new OidcStrategy()],\n ['serviceAccount', new ServiceAccountStrategy()],\n ]);\n"],"names":["AksStrategy","AwsIamStrategy","AzureIdentityStrategy","GoogleStrategy","GoogleServiceAccountStrategy","AnonymousStrategy","OidcStrategy","ServiceAccountStrategy"],"mappings":";;;;;;;;;;;AA6BO,MAAM,8BAA8B,CAAC;AAAA,EAC1C,MAAA;AAAA,EACA;AACF,CAAA,yBAIM,GAAA,CAAI;AAAA,EACN,CAAC,KAAA,EAAO,IAAIA,uBAAA,EAAa,CAAA;AAAA,EACzB,CAAC,KAAA,EAAO,IAAIC,8BAAe,EAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EACtC,CAAC,OAAA,EAAS,IAAIC,2CAAA,CAAsB,MAAM,CAAC,CAAA;AAAA,EAC3C,CAAC,QAAA,EAAU,IAAIC,6BAAA,EAAgB,CAAA;AAAA,EAC/B,CAAC,sBAAA,EAAwB,IAAIC,0DAA6B,EAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EACrE,CAAC,mBAAA,EAAqB,IAAIC,mCAAA,EAAmB,CAAA;AAAA,EAC7C,CAAC,MAAA,EAAQ,IAAIC,yBAAA,EAAc,CAAA;AAAA,EAC3B,CAAC,gBAAA,EAAkB,IAAIC,6CAAA,EAAwB;AACjD,CAAC;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"requirePermission.cjs.js","sources":["../../src/auth/requirePermission.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport type {\n HttpAuthService,\n PermissionsService,\n} from '@backstage/backend-plugin-api';\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n AuthorizeResult,\n type BasicPermission,\n} from '@backstage/plugin-permission-common';\n\nimport express from 'express';\n\nexport async function requirePermission(\n permissionApi: PermissionsService,\n permissionRequired: BasicPermission,\n httpAuth: HttpAuthService,\n req: express.Request,\n) {\n const decision = (\n await permissionApi.authorize(\n [\n {\n permission: permissionRequired,\n },\n ],\n {\n credentials: await httpAuth.credentials(req),\n },\n )\n )[0];\n\n if (decision.result === AuthorizeResult.ALLOW) {\n return;\n }\n throw new NotAllowedError('Unauthorized');\n}\n"],"names":["AuthorizeResult","NotAllowedError"],"mappings":";;;;;AA4BA,eAAsB,
|
|
1
|
+
{"version":3,"file":"requirePermission.cjs.js","sources":["../../src/auth/requirePermission.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport type {\n HttpAuthService,\n PermissionsService,\n} from '@backstage/backend-plugin-api';\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n AuthorizeResult,\n type BasicPermission,\n} from '@backstage/plugin-permission-common';\n\nimport express from 'express';\n\nexport async function requirePermission(\n permissionApi: PermissionsService,\n permissionRequired: BasicPermission,\n httpAuth: HttpAuthService,\n req: express.Request,\n) {\n const decision = (\n await permissionApi.authorize(\n [\n {\n permission: permissionRequired,\n },\n ],\n {\n credentials: await httpAuth.credentials(req),\n },\n )\n )[0];\n\n if (decision.result === AuthorizeResult.ALLOW) {\n return;\n }\n throw new NotAllowedError('Unauthorized');\n}\n"],"names":["AuthorizeResult","NotAllowedError"],"mappings":";;;;;AA4BA,eAAsB,iBAAA,CACpB,aAAA,EACA,kBAAA,EACA,QAAA,EACA,GAAA,EACA;AACA,EAAA,MAAM,QAAA,GAAA,CACJ,MAAM,aAAA,CAAc,SAAA;AAAA,IAClB;AAAA,MACE;AAAA,QACE,UAAA,EAAY;AAAA;AACd,KACF;AAAA,IACA;AAAA,MACE,WAAA,EAAa,MAAM,QAAA,CAAS,WAAA,CAAY,GAAG;AAAA;AAC7C,KAEF,CAAC,CAAA;AAEH,EAAA,IAAI,QAAA,CAAS,MAAA,KAAWA,sCAAA,CAAgB,KAAA,EAAO;AAC7C,IAAA;AAAA,EACF;AACA,EAAA,MAAM,IAAIC,uBAAgB,cAAc,CAAA;AAC1C;;;;"}
|
|
@@ -7,10 +7,10 @@ function isObject(obj) {
|
|
|
7
7
|
return typeof obj === "object" && obj !== null && !Array.isArray(obj);
|
|
8
8
|
}
|
|
9
9
|
class CatalogClusterLocator {
|
|
10
|
-
|
|
10
|
+
catalogService;
|
|
11
11
|
auth;
|
|
12
|
-
constructor(
|
|
13
|
-
this.
|
|
12
|
+
constructor(catalogService, auth) {
|
|
13
|
+
this.catalogService = catalogService;
|
|
14
14
|
this.auth = auth;
|
|
15
15
|
}
|
|
16
16
|
static fromConfig(catalogApi, auth) {
|
|
@@ -27,16 +27,13 @@ class CatalogClusterLocator {
|
|
|
27
27
|
[apiServerCaKey]: catalogClient.CATALOG_FILTER_EXISTS,
|
|
28
28
|
[authProviderKey]: catalogClient.CATALOG_FILTER_EXISTS
|
|
29
29
|
};
|
|
30
|
-
const clusters = await this.
|
|
30
|
+
const clusters = await this.catalogService.getEntities(
|
|
31
31
|
{
|
|
32
32
|
filter: [filter]
|
|
33
33
|
},
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
targetPluginId: "catalog"
|
|
38
|
-
})).token
|
|
39
|
-
} : void 0
|
|
34
|
+
{
|
|
35
|
+
credentials: options?.credentials ?? await this.auth.getNoneCredentials()
|
|
36
|
+
}
|
|
40
37
|
);
|
|
41
38
|
return clusters.items.map((entity) => {
|
|
42
39
|
const annotations = entity.metadata.annotations;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CatalogClusterLocator.cjs.js","sources":["../../src/cluster-locator/CatalogClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthService,\n BackstageCredentials,\n} from '@backstage/backend-plugin-api';\nimport {
|
|
1
|
+
{"version":3,"file":"CatalogClusterLocator.cjs.js","sources":["../../src/cluster-locator/CatalogClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n AuthService,\n BackstageCredentials,\n} from '@backstage/backend-plugin-api';\nimport {\n ClusterDetails,\n KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\nimport { CATALOG_FILTER_EXISTS } from '@backstage/catalog-client';\nimport {\n ANNOTATION_KUBERNETES_API_SERVER,\n ANNOTATION_KUBERNETES_API_SERVER_CA,\n ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n ANNOTATION_KUBERNETES_SKIP_METRICS_LOOKUP,\n ANNOTATION_KUBERNETES_SKIP_TLS_VERIFY,\n ANNOTATION_KUBERNETES_DASHBOARD_URL,\n ANNOTATION_KUBERNETES_DASHBOARD_APP,\n ANNOTATION_KUBERNETES_DASHBOARD_PARAMETERS,\n} from '@backstage/plugin-kubernetes-common';\nimport { JsonObject } from '@backstage/types';\nimport { CatalogService } from '@backstage/plugin-catalog-node';\n\nfunction isObject(obj: unknown): obj is JsonObject {\n return typeof obj === 'object' && obj !== null && !Array.isArray(obj);\n}\n\nexport class CatalogClusterLocator implements KubernetesClustersSupplier {\n private catalogService: CatalogService;\n private auth: AuthService;\n\n constructor(catalogService: CatalogService, auth: AuthService) {\n this.catalogService = catalogService;\n this.auth = auth;\n }\n\n static fromConfig(\n catalogApi: CatalogService,\n auth: AuthService,\n ): CatalogClusterLocator {\n return new CatalogClusterLocator(catalogApi, auth);\n }\n\n async getClusters(options?: {\n credentials: BackstageCredentials;\n }): Promise<ClusterDetails[]> {\n const apiServerKey = `metadata.annotations.${ANNOTATION_KUBERNETES_API_SERVER}`;\n const apiServerCaKey = `metadata.annotations.${ANNOTATION_KUBERNETES_API_SERVER_CA}`;\n const authProviderKey = `metadata.annotations.${ANNOTATION_KUBERNETES_AUTH_PROVIDER}`;\n\n const filter: Record<string, symbol | string> = {\n kind: 'Resource',\n 'spec.type': 'kubernetes-cluster',\n [apiServerKey]: CATALOG_FILTER_EXISTS,\n [apiServerCaKey]: CATALOG_FILTER_EXISTS,\n [authProviderKey]: CATALOG_FILTER_EXISTS,\n };\n\n const clusters = await this.catalogService.getEntities(\n {\n filter: [filter],\n },\n {\n credentials:\n options?.credentials ?? (await this.auth.getNoneCredentials()),\n },\n );\n return clusters.items.map(entity => {\n const annotations = entity.metadata.annotations!;\n const clusterDetails: ClusterDetails = {\n name: entity.metadata.name,\n title: entity.metadata.title,\n url: annotations[ANNOTATION_KUBERNETES_API_SERVER],\n authMetadata: annotations,\n caData: annotations[ANNOTATION_KUBERNETES_API_SERVER_CA],\n skipMetricsLookup:\n annotations[ANNOTATION_KUBERNETES_SKIP_METRICS_LOOKUP] === 'true',\n skipTLSVerify:\n annotations[ANNOTATION_KUBERNETES_SKIP_TLS_VERIFY] === 'true',\n dashboardUrl: annotations[ANNOTATION_KUBERNETES_DASHBOARD_URL],\n dashboardApp: annotations[ANNOTATION_KUBERNETES_DASHBOARD_APP],\n dashboardParameters: this.getDashboardParameters(annotations),\n };\n\n return clusterDetails;\n });\n }\n\n private getDashboardParameters(\n annotations: Record<string, string>,\n ): JsonObject | undefined {\n const dashboardParamsString =\n annotations[ANNOTATION_KUBERNETES_DASHBOARD_PARAMETERS];\n if (dashboardParamsString) {\n try {\n const dashboardParams = JSON.parse(dashboardParamsString);\n return isObject(dashboardParams) ? dashboardParams : undefined;\n } catch {\n return undefined;\n }\n }\n return undefined;\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_API_SERVER","ANNOTATION_KUBERNETES_API_SERVER_CA","ANNOTATION_KUBERNETES_AUTH_PROVIDER","CATALOG_FILTER_EXISTS","ANNOTATION_KUBERNETES_SKIP_METRICS_LOOKUP","ANNOTATION_KUBERNETES_SKIP_TLS_VERIFY","ANNOTATION_KUBERNETES_DASHBOARD_URL","ANNOTATION_KUBERNETES_DASHBOARD_APP","ANNOTATION_KUBERNETES_DASHBOARD_PARAMETERS"],"mappings":";;;;;AAsCA,SAAS,SAAS,GAAA,EAAiC;AACjD,EAAA,OAAO,OAAO,QAAQ,QAAA,IAAY,GAAA,KAAQ,QAAQ,CAAC,KAAA,CAAM,QAAQ,GAAG,CAAA;AACtE;AAEO,MAAM,qBAAA,CAA4D;AAAA,EAC/D,cAAA;AAAA,EACA,IAAA;AAAA,EAER,WAAA,CAAY,gBAAgC,IAAA,EAAmB;AAC7D,IAAA,IAAA,CAAK,cAAA,GAAiB,cAAA;AACtB,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EACd;AAAA,EAEA,OAAO,UAAA,CACL,UAAA,EACA,IAAA,EACuB;AACvB,IAAA,OAAO,IAAI,qBAAA,CAAsB,UAAA,EAAY,IAAI,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,YAAY,OAAA,EAEY;AAC5B,IAAA,MAAM,YAAA,GAAe,wBAAwBA,uDAAgC,CAAA,CAAA;AAC7E,IAAA,MAAM,cAAA,GAAiB,wBAAwBC,0DAAmC,CAAA,CAAA;AAClF,IAAA,MAAM,eAAA,GAAkB,wBAAwBC,0DAAmC,CAAA,CAAA;AAEnF,IAAA,MAAM,MAAA,GAA0C;AAAA,MAC9C,IAAA,EAAM,UAAA;AAAA,MACN,WAAA,EAAa,oBAAA;AAAA,MACb,CAAC,YAAY,GAAGC,mCAAA;AAAA,MAChB,CAAC,cAAc,GAAGA,mCAAA;AAAA,MAClB,CAAC,eAAe,GAAGA;AAAA,KACrB;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,cAAA,CAAe,WAAA;AAAA,MACzC;AAAA,QACE,MAAA,EAAQ,CAAC,MAAM;AAAA,OACjB;AAAA,MACA;AAAA,QACE,aACE,OAAA,EAAS,WAAA,IAAgB,MAAM,IAAA,CAAK,KAAK,kBAAA;AAAmB;AAChE,KACF;AACA,IAAA,OAAO,QAAA,CAAS,KAAA,CAAM,GAAA,CAAI,CAAA,MAAA,KAAU;AAClC,MAAA,MAAM,WAAA,GAAc,OAAO,QAAA,CAAS,WAAA;AACpC,MAAA,MAAM,cAAA,GAAiC;AAAA,QACrC,IAAA,EAAM,OAAO,QAAA,CAAS,IAAA;AAAA,QACtB,KAAA,EAAO,OAAO,QAAA,CAAS,KAAA;AAAA,QACvB,GAAA,EAAK,YAAYH,uDAAgC,CAAA;AAAA,QACjD,YAAA,EAAc,WAAA;AAAA,QACd,MAAA,EAAQ,YAAYC,0DAAmC,CAAA;AAAA,QACvD,iBAAA,EACE,WAAA,CAAYG,gEAAyC,CAAA,KAAM,MAAA;AAAA,QAC7D,aAAA,EACE,WAAA,CAAYC,4DAAqC,CAAA,KAAM,MAAA;AAAA,QACzD,YAAA,EAAc,YAAYC,0DAAmC,CAAA;AAAA,QAC7D,YAAA,EAAc,YAAYC,0DAAmC,CAAA;AAAA,QAC7D,mBAAA,EAAqB,IAAA,CAAK,sBAAA,CAAuB,WAAW;AAAA,OAC9D;AAEA,MAAA,OAAO,cAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,uBACN,WAAA,EACwB;AACxB,IAAA,MAAM,qBAAA,GACJ,YAAYC,iEAA0C,CAAA;AACxD,IAAA,IAAI,qBAAA,EAAuB;AACzB,MAAA,IAAI;AACF,QAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,KAAA,CAAM,qBAAqB,CAAA;AACxD,QAAA,OAAO,QAAA,CAAS,eAAe,CAAA,GAAI,eAAA,GAAkB,KAAA,CAAA;AAAA,MACvD,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ConfigClusterLocator.cjs.js","sources":["../../src/cluster-locator/ConfigClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\nimport {\n ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE,\n ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID,\n ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER,\n} from '@backstage/plugin-kubernetes-common';\nimport {
|
|
1
|
+
{"version":3,"file":"ConfigClusterLocator.cjs.js","sources":["../../src/cluster-locator/ConfigClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { Config } from '@backstage/config';\nimport {\n ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE,\n ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID,\n ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER,\n} from '@backstage/plugin-kubernetes-common';\nimport {\n ClusterDetails,\n KubernetesClustersSupplier,\n AuthenticationStrategy,\n} from '@backstage/plugin-kubernetes-node';\n\nexport class ConfigClusterLocator implements KubernetesClustersSupplier {\n private readonly clusterDetails: ClusterDetails[];\n\n constructor(clusterDetails: ClusterDetails[]) {\n this.clusterDetails = clusterDetails;\n }\n\n static fromConfig(\n config: Config,\n authStrategy: AuthenticationStrategy,\n ): ConfigClusterLocator {\n const clusterNames = new Set();\n return new ConfigClusterLocator(\n config.getConfigArray('clusters').map(c => {\n const authMetadataBlock = c.getOptional<{\n [ANNOTATION_KUBERNETES_AUTH_PROVIDER]?: string;\n }>('authMetadata');\n const name = c.getString('name');\n if (clusterNames.has(name)) {\n throw new Error(`Duplicate cluster name '${name}'`);\n }\n clusterNames.add(name);\n const authProvider =\n authMetadataBlock?.[ANNOTATION_KUBERNETES_AUTH_PROVIDER] ??\n c.getOptionalString('authProvider');\n if (!authProvider) {\n throw new Error(\n `cluster '${name}' has no auth provider configured; this must be ` +\n `specified via the 'authProvider' or ` +\n `'authMetadata.${ANNOTATION_KUBERNETES_AUTH_PROVIDER}' parameter`,\n );\n }\n const title = c.getOptionalString('title');\n const clusterDetails: ClusterDetails = {\n name,\n ...(title && { title }),\n url: c.getString('url'),\n skipTLSVerify: c.getOptionalBoolean('skipTLSVerify') ?? false,\n skipMetricsLookup: c.getOptionalBoolean('skipMetricsLookup') ?? false,\n caData: c.getOptionalString('caData'),\n caFile: c.getOptionalString('caFile'),\n authMetadata: {\n [ANNOTATION_KUBERNETES_AUTH_PROVIDER]: authProvider,\n ...ConfigClusterLocator.parseAuthMetadata(c),\n ...authMetadataBlock,\n },\n };\n\n const customResources = c.getOptionalConfigArray('customResources');\n if (customResources) {\n clusterDetails.customResources = customResources.map(cr => {\n return {\n group: cr.getString('group'),\n apiVersion: cr.getString('apiVersion'),\n plural: cr.getString('plural'),\n };\n });\n }\n\n const dashboardUrl = c.getOptionalString('dashboardUrl');\n if (dashboardUrl) {\n clusterDetails.dashboardUrl = dashboardUrl;\n }\n const dashboardApp = c.getOptionalString('dashboardApp');\n if (dashboardApp) {\n clusterDetails.dashboardApp = dashboardApp;\n }\n if (c.has('dashboardParameters')) {\n clusterDetails.dashboardParameters = c.get('dashboardParameters');\n }\n\n const validationErrors = authStrategy.validateCluster(\n clusterDetails.authMetadata,\n );\n if (validationErrors.length !== 0) {\n throw new Error(\n `Invalid cluster '${clusterDetails.name}': ${validationErrors\n .map(e => e.message)\n .join(', ')}`,\n );\n }\n return clusterDetails;\n }),\n );\n }\n\n private static parseAuthMetadata(\n clusterConfig: Config,\n ): Record<string, string> | undefined {\n const serviceAccountToken = clusterConfig.getOptionalString(\n 'serviceAccountToken',\n );\n const assumeRole = clusterConfig.getOptionalString('assumeRole');\n const externalId = clusterConfig.getOptionalString('externalId');\n const oidcTokenProvider =\n clusterConfig.getOptionalString('oidcTokenProvider');\n\n return serviceAccountToken || assumeRole || externalId || oidcTokenProvider\n ? {\n ...(serviceAccountToken && { serviceAccountToken }),\n ...(assumeRole && {\n [ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE]: assumeRole,\n }),\n ...(externalId && {\n [ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID]: externalId,\n }),\n ...(oidcTokenProvider && {\n [ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER]: oidcTokenProvider,\n }),\n }\n : undefined;\n }\n\n async getClusters(): Promise<ClusterDetails[]> {\n return this.clusterDetails;\n }\n}\n"],"names":["ANNOTATION_KUBERNETES_AUTH_PROVIDER","ANNOTATION_KUBERNETES_AWS_ASSUME_ROLE","ANNOTATION_KUBERNETES_AWS_EXTERNAL_ID","ANNOTATION_KUBERNETES_OIDC_TOKEN_PROVIDER"],"mappings":";;;;AA6BO,MAAM,oBAAA,CAA2D;AAAA,EACrD,cAAA;AAAA,EAEjB,YAAY,cAAA,EAAkC;AAC5C,IAAA,IAAA,CAAK,cAAA,GAAiB,cAAA;AAAA,EACxB;AAAA,EAEA,OAAO,UAAA,CACL,MAAA,EACA,YAAA,EACsB;AACtB,IAAA,MAAM,YAAA,uBAAmB,GAAA,EAAI;AAC7B,IAAA,OAAO,IAAI,oBAAA;AAAA,MACT,MAAA,CAAO,cAAA,CAAe,UAAU,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK;AACzC,QAAA,MAAM,iBAAA,GAAoB,CAAA,CAAE,WAAA,CAEzB,cAAc,CAAA;AACjB,QAAA,MAAM,IAAA,GAAO,CAAA,CAAE,SAAA,CAAU,MAAM,CAAA;AAC/B,QAAA,IAAI,YAAA,CAAa,GAAA,CAAI,IAAI,CAAA,EAAG;AAC1B,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,QACpD;AACA,QAAA,YAAA,CAAa,IAAI,IAAI,CAAA;AACrB,QAAA,MAAM,eACJ,iBAAA,GAAoBA,0DAAmC,CAAA,IACvD,CAAA,CAAE,kBAAkB,cAAc,CAAA;AACpC,QAAA,IAAI,CAAC,YAAA,EAAc;AACjB,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,SAAA,EAAY,IAAI,CAAA,kGAAA,EAEGA,0DAAmC,CAAA,WAAA;AAAA,WACxD;AAAA,QACF;AACA,QAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,iBAAA,CAAkB,OAAO,CAAA;AACzC,QAAA,MAAM,cAAA,GAAiC;AAAA,UACrC,IAAA;AAAA,UACA,GAAI,KAAA,IAAS,EAAE,KAAA,EAAM;AAAA,UACrB,GAAA,EAAK,CAAA,CAAE,SAAA,CAAU,KAAK,CAAA;AAAA,UACtB,aAAA,EAAe,CAAA,CAAE,kBAAA,CAAmB,eAAe,CAAA,IAAK,KAAA;AAAA,UACxD,iBAAA,EAAmB,CAAA,CAAE,kBAAA,CAAmB,mBAAmB,CAAA,IAAK,KAAA;AAAA,UAChE,MAAA,EAAQ,CAAA,CAAE,iBAAA,CAAkB,QAAQ,CAAA;AAAA,UACpC,MAAA,EAAQ,CAAA,CAAE,iBAAA,CAAkB,QAAQ,CAAA;AAAA,UACpC,YAAA,EAAc;AAAA,YACZ,CAACA,0DAAmC,GAAG,YAAA;AAAA,YACvC,GAAG,oBAAA,CAAqB,iBAAA,CAAkB,CAAC,CAAA;AAAA,YAC3C,GAAG;AAAA;AACL,SACF;AAEA,QAAA,MAAM,eAAA,GAAkB,CAAA,CAAE,sBAAA,CAAuB,iBAAiB,CAAA;AAClE,QAAA,IAAI,eAAA,EAAiB;AACnB,UAAA,cAAA,CAAe,eAAA,GAAkB,eAAA,CAAgB,GAAA,CAAI,CAAA,EAAA,KAAM;AACzD,YAAA,OAAO;AAAA,cACL,KAAA,EAAO,EAAA,CAAG,SAAA,CAAU,OAAO,CAAA;AAAA,cAC3B,UAAA,EAAY,EAAA,CAAG,SAAA,CAAU,YAAY,CAAA;AAAA,cACrC,MAAA,EAAQ,EAAA,CAAG,SAAA,CAAU,QAAQ;AAAA,aAC/B;AAAA,UACF,CAAC,CAAA;AAAA,QACH;AAEA,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,iBAAA,CAAkB,cAAc,CAAA;AACvD,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,cAAA,CAAe,YAAA,GAAe,YAAA;AAAA,QAChC;AACA,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,iBAAA,CAAkB,cAAc,CAAA;AACvD,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,cAAA,CAAe,YAAA,GAAe,YAAA;AAAA,QAChC;AACA,QAAA,IAAI,CAAA,CAAE,GAAA,CAAI,qBAAqB,CAAA,EAAG;AAChC,UAAA,cAAA,CAAe,mBAAA,GAAsB,CAAA,CAAE,GAAA,CAAI,qBAAqB,CAAA;AAAA,QAClE;AAEA,QAAA,MAAM,mBAAmB,YAAA,CAAa,eAAA;AAAA,UACpC,cAAA,CAAe;AAAA,SACjB;AACA,QAAA,IAAI,gBAAA,CAAiB,WAAW,CAAA,EAAG;AACjC,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,iBAAA,EAAoB,cAAA,CAAe,IAAI,CAAA,GAAA,EAAM,gBAAA,CAC1C,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,OAAO,CAAA,CAClB,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,WACf;AAAA,QACF;AACA,QAAA,OAAO,cAAA;AAAA,MACT,CAAC;AAAA,KACH;AAAA,EACF;AAAA,EAEA,OAAe,kBACb,aAAA,EACoC;AACpC,IAAA,MAAM,sBAAsB,aAAA,CAAc,iBAAA;AAAA,MACxC;AAAA,KACF;AACA,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,iBAAA,CAAkB,YAAY,CAAA;AAC/D,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,iBAAA,CAAkB,YAAY,CAAA;AAC/D,IAAA,MAAM,iBAAA,GACJ,aAAA,CAAc,iBAAA,CAAkB,mBAAmB,CAAA;AAErD,IAAA,OAAO,mBAAA,IAAuB,UAAA,IAAc,UAAA,IAAc,iBAAA,GACtD;AAAA,MACE,GAAI,mBAAA,IAAuB,EAAE,mBAAA,EAAoB;AAAA,MACjD,GAAI,UAAA,IAAc;AAAA,QAChB,CAACC,4DAAqC,GAAG;AAAA,OAC3C;AAAA,MACA,GAAI,UAAA,IAAc;AAAA,QAChB,CAACC,4DAAqC,GAAG;AAAA,OAC3C;AAAA,MACA,GAAI,iBAAA,IAAqB;AAAA,QACvB,CAACC,gEAAyC,GAAG;AAAA;AAC/C,KACF,GACA,MAAA;AAAA,EACN;AAAA,EAEA,MAAM,WAAA,GAAyC;AAC7C,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GkeClusterLocator.cjs.js","sources":["../../src/cluster-locator/GkeClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ANNOTATION_KUBERNETES_AUTH_PROVIDER } from '@backstage/plugin-kubernetes-common';\nimport { Config } from '@backstage/config';\nimport { ForwardedError } from '@backstage/errors';\nimport * as container from '@google-cloud/container';\nimport { Duration } from 'luxon';\nimport { runPeriodically } from '../service/runPeriodically';\nimport {
|
|
1
|
+
{"version":3,"file":"GkeClusterLocator.cjs.js","sources":["../../src/cluster-locator/GkeClusterLocator.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ANNOTATION_KUBERNETES_AUTH_PROVIDER } from '@backstage/plugin-kubernetes-common';\nimport { Config } from '@backstage/config';\nimport { ForwardedError } from '@backstage/errors';\nimport * as container from '@google-cloud/container';\nimport { Duration } from 'luxon';\nimport { runPeriodically } from '../service/runPeriodically';\nimport {\n ClusterDetails,\n KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\nimport packageinfo from '../../package.json';\n\ninterface MatchResourceLabelEntry {\n key: string;\n value: string;\n}\n\ntype GkeClusterLocatorOptions = {\n projectId: string;\n authProvider: string;\n region?: string;\n skipTLSVerify?: boolean;\n skipMetricsLookup?: boolean;\n exposeDashboard?: boolean;\n matchingResourceLabels?: MatchResourceLabelEntry[];\n};\n\nexport class GkeClusterLocator implements KubernetesClustersSupplier {\n constructor(\n private readonly options: GkeClusterLocatorOptions,\n private readonly client: container.v1.ClusterManagerClient,\n private clusterDetails: ClusterDetails[] | undefined = undefined,\n private hasClusterDetails: boolean = false,\n ) {}\n\n static fromConfigWithClient(\n config: Config,\n client: container.v1.ClusterManagerClient,\n refreshInterval?: Duration,\n ): GkeClusterLocator {\n const matchingResourceLabels: MatchResourceLabelEntry[] =\n config.getOptionalConfigArray('matchingResourceLabels')?.map(mrl => {\n return { key: mrl.getString('key'), value: mrl.getString('value') };\n }) ?? [];\n\n const storeAuthProviderString =\n config.getOptionalString('authProvider') === 'googleServiceAccount'\n ? 'googleServiceAccount'\n : 'google';\n\n const options = {\n projectId: config.getString('projectId'),\n authProvider: storeAuthProviderString,\n region: config.getOptionalString('region') ?? '-',\n skipTLSVerify: config.getOptionalBoolean('skipTLSVerify') ?? false,\n skipMetricsLookup:\n config.getOptionalBoolean('skipMetricsLookup') ?? false,\n exposeDashboard: config.getOptionalBoolean('exposeDashboard') ?? false,\n matchingResourceLabels,\n };\n const gkeClusterLocator = new GkeClusterLocator(options, client);\n if (refreshInterval) {\n runPeriodically(\n () => gkeClusterLocator.refreshClusters(),\n refreshInterval.toMillis(),\n );\n }\n return gkeClusterLocator;\n }\n\n // Added an `x-goog-api-client` header to API requests made by the GKE cluster locator to clearly identify API requests from this plugin.\n static fromConfig(\n config: Config,\n refreshInterval: Duration | undefined = undefined,\n ): GkeClusterLocator {\n return GkeClusterLocator.fromConfigWithClient(\n config,\n new container.v1.ClusterManagerClient({\n libName: `backstage/kubernetes-backend.GkeClusterLocator`,\n libVersion: packageinfo.version,\n }),\n refreshInterval,\n );\n }\n\n async getClusters(): Promise<ClusterDetails[]> {\n if (!this.hasClusterDetails) {\n // refresh at least once when first called, when retries are disabled and in tests\n await this.refreshClusters();\n }\n return this.clusterDetails ?? [];\n }\n\n // TODO pass caData into the object\n async refreshClusters(): Promise<void> {\n const {\n projectId,\n region,\n authProvider,\n skipTLSVerify,\n skipMetricsLookup,\n exposeDashboard,\n matchingResourceLabels,\n } = this.options;\n const request = {\n parent: `projects/${projectId}/locations/${region}`,\n };\n\n try {\n const [response] = await this.client.listClusters(request);\n this.clusterDetails = (response.clusters ?? [])\n .filter(r => {\n return matchingResourceLabels?.every(mrl => {\n if (!r.resourceLabels) {\n return false;\n }\n return r.resourceLabels[mrl.key] === mrl.value;\n });\n })\n .map(r => ({\n // TODO filter out clusters which don't have name or endpoint\n name: r.name ?? 'unknown',\n url: `https://${r.endpoint ?? ''}`,\n authMetadata: { [ANNOTATION_KUBERNETES_AUTH_PROVIDER]: authProvider },\n skipTLSVerify,\n skipMetricsLookup,\n ...(exposeDashboard\n ? {\n dashboardApp: 'gke',\n dashboardParameters: {\n projectId,\n region,\n clusterName: r.name,\n },\n }\n : {}),\n }));\n this.hasClusterDetails = true;\n } catch (e) {\n throw new ForwardedError(\n `There was an error retrieving clusters from GKE for projectId=${projectId} region=${region}`,\n e,\n );\n }\n }\n}\n"],"names":["runPeriodically","container","packageinfo","ANNOTATION_KUBERNETES_AUTH_PROVIDER","ForwardedError"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CO,MAAM,iBAAA,CAAwD;AAAA,EACnE,YACmB,OAAA,EACA,MAAA,EACT,cAAA,GAA+C,MAAA,EAC/C,oBAA6B,KAAA,EACrC;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACT,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AACA,IAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA;AAAA,EACP;AAAA,EAEH,OAAO,oBAAA,CACL,MAAA,EACA,MAAA,EACA,eAAA,EACmB;AACnB,IAAA,MAAM,yBACJ,MAAA,CAAO,sBAAA,CAAuB,wBAAwB,CAAA,EAAG,IAAI,CAAA,GAAA,KAAO;AAClE,MAAA,OAAO,EAAE,GAAA,EAAK,GAAA,CAAI,SAAA,CAAU,KAAK,GAAG,KAAA,EAAO,GAAA,CAAI,SAAA,CAAU,OAAO,CAAA,EAAE;AAAA,IACpE,CAAC,KAAK,EAAC;AAET,IAAA,MAAM,0BACJ,MAAA,CAAO,iBAAA,CAAkB,cAAc,CAAA,KAAM,yBACzC,sBAAA,GACA,QAAA;AAEN,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,SAAA,EAAW,MAAA,CAAO,SAAA,CAAU,WAAW,CAAA;AAAA,MACvC,YAAA,EAAc,uBAAA;AAAA,MACd,MAAA,EAAQ,MAAA,CAAO,iBAAA,CAAkB,QAAQ,CAAA,IAAK,GAAA;AAAA,MAC9C,aAAA,EAAe,MAAA,CAAO,kBAAA,CAAmB,eAAe,CAAA,IAAK,KAAA;AAAA,MAC7D,iBAAA,EACE,MAAA,CAAO,kBAAA,CAAmB,mBAAmB,CAAA,IAAK,KAAA;AAAA,MACpD,eAAA,EAAiB,MAAA,CAAO,kBAAA,CAAmB,iBAAiB,CAAA,IAAK,KAAA;AAAA,MACjE;AAAA,KACF;AACA,IAAA,MAAM,iBAAA,GAAoB,IAAI,iBAAA,CAAkB,OAAA,EAAS,MAAM,CAAA;AAC/D,IAAA,IAAI,eAAA,EAAiB;AACnB,MAAAA,+BAAA;AAAA,QACE,MAAM,kBAAkB,eAAA,EAAgB;AAAA,QACxC,gBAAgB,QAAA;AAAS,OAC3B;AAAA,IACF;AACA,IAAA,OAAO,iBAAA;AAAA,EACT;AAAA;AAAA,EAGA,OAAO,UAAA,CACL,MAAA,EACA,eAAA,GAAwC,MAAA,EACrB;AACnB,IAAA,OAAO,iBAAA,CAAkB,oBAAA;AAAA,MACvB,MAAA;AAAA,MACA,IAAIC,oBAAA,CAAU,EAAA,CAAG,oBAAA,CAAqB;AAAA,QACpC,OAAA,EAAS,CAAA,8CAAA,CAAA;AAAA,QACT,YAAYC,gBAAA,CAAY;AAAA,OACzB,CAAA;AAAA,MACD;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,GAAyC;AAC7C,IAAA,IAAI,CAAC,KAAK,iBAAA,EAAmB;AAE3B,MAAA,MAAM,KAAK,eAAA,EAAgB;AAAA,IAC7B;AACA,IAAA,OAAO,IAAA,CAAK,kBAAkB,EAAC;AAAA,EACjC;AAAA;AAAA,EAGA,MAAM,eAAA,GAAiC;AACrC,IAAA,MAAM;AAAA,MACJ,SAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,aAAA;AAAA,MACA,iBAAA;AAAA,MACA,eAAA;AAAA,MACA;AAAA,QACE,IAAA,CAAK,OAAA;AACT,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,MAAA,EAAQ,CAAA,SAAA,EAAY,SAAS,CAAA,WAAA,EAAc,MAAM,CAAA;AAAA,KACnD;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,CAAC,QAAQ,CAAA,GAAI,MAAM,IAAA,CAAK,MAAA,CAAO,aAAa,OAAO,CAAA;AACzD,MAAA,IAAA,CAAK,kBAAkB,QAAA,CAAS,QAAA,IAAY,EAAC,EAC1C,OAAO,CAAA,CAAA,KAAK;AACX,QAAA,OAAO,sBAAA,EAAwB,MAAM,CAAA,GAAA,KAAO;AAC1C,UAAA,IAAI,CAAC,EAAE,cAAA,EAAgB;AACrB,YAAA,OAAO,KAAA;AAAA,UACT;AACA,UAAA,OAAO,CAAA,CAAE,cAAA,CAAe,GAAA,CAAI,GAAG,MAAM,GAAA,CAAI,KAAA;AAAA,QAC3C,CAAC,CAAA;AAAA,MACH,CAAC,CAAA,CACA,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA;AAAA,QAET,IAAA,EAAM,EAAE,IAAA,IAAQ,SAAA;AAAA,QAChB,GAAA,EAAK,CAAA,QAAA,EAAW,CAAA,CAAE,QAAA,IAAY,EAAE,CAAA,CAAA;AAAA,QAChC,YAAA,EAAc,EAAE,CAACC,0DAAmC,GAAG,YAAA,EAAa;AAAA,QACpE,aAAA;AAAA,QACA,iBAAA;AAAA,QACA,GAAI,eAAA,GACA;AAAA,UACE,YAAA,EAAc,KAAA;AAAA,UACd,mBAAA,EAAqB;AAAA,YACnB,SAAA;AAAA,YACA,MAAA;AAAA,YACA,aAAa,CAAA,CAAE;AAAA;AACjB,YAEF;AAAC,OACP,CAAE,CAAA;AACJ,MAAA,IAAA,CAAK,iBAAA,GAAoB,IAAA;AAAA,IAC3B,SAAS,CAAA,EAAG;AACV,MAAA,MAAM,IAAIC,qBAAA;AAAA,QACR,CAAA,8DAAA,EAAiE,SAAS,CAAA,QAAA,EAAW,MAAM,CAAA,CAAA;AAAA,QAC3F;AAAA,OACF;AAAA,IACF;AAAA,EACF;AACF;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LocalKubectlProxyLocator.cjs.js","sources":["../../src/cluster-locator/LocalKubectlProxyLocator.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ANNOTATION_KUBERNETES_AUTH_PROVIDER } from '@backstage/plugin-kubernetes-common';\nimport {\n ClusterDetails,\n KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\nimport dns from 'node:dns';\n\nexport class LocalKubectlProxyClusterLocator\n implements KubernetesClustersSupplier\n{\n private readonly clusterDetails: ClusterDetails[];\n // verbatim: when false, IPv4 addresses are placed before IPv6 addresses, ignoring the order from the DNS resolver\n // By default kubectl proxy listens on 127.0.0.1 instead of [::1]\n private lookupPromise = dns.promises.lookup('localhost', { verbatim: false });\n\n public constructor() {\n this.clusterDetails = [\n {\n name: 'local',\n url: 'http://localhost:8001',\n authMetadata: {\n [ANNOTATION_KUBERNETES_AUTH_PROVIDER]: 'localKubectlProxy',\n },\n skipMetricsLookup: true,\n },\n ];\n }\n\n async getClusters(): Promise<ClusterDetails[]> {\n const lookupResolution = await this.lookupPromise;\n this.clusterDetails[0].url = `http://${lookupResolution.address}:8001`;\n return this.clusterDetails;\n }\n}\n"],"names":["dns","ANNOTATION_KUBERNETES_AUTH_PROVIDER"],"mappings":";;;;;;;;;AAuBO,MAAM,+
|
|
1
|
+
{"version":3,"file":"LocalKubectlProxyLocator.cjs.js","sources":["../../src/cluster-locator/LocalKubectlProxyLocator.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { ANNOTATION_KUBERNETES_AUTH_PROVIDER } from '@backstage/plugin-kubernetes-common';\nimport {\n ClusterDetails,\n KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\nimport dns from 'node:dns';\n\nexport class LocalKubectlProxyClusterLocator\n implements KubernetesClustersSupplier\n{\n private readonly clusterDetails: ClusterDetails[];\n // verbatim: when false, IPv4 addresses are placed before IPv6 addresses, ignoring the order from the DNS resolver\n // By default kubectl proxy listens on 127.0.0.1 instead of [::1]\n private lookupPromise = dns.promises.lookup('localhost', { verbatim: false });\n\n public constructor() {\n this.clusterDetails = [\n {\n name: 'local',\n url: 'http://localhost:8001',\n authMetadata: {\n [ANNOTATION_KUBERNETES_AUTH_PROVIDER]: 'localKubectlProxy',\n },\n skipMetricsLookup: true,\n },\n ];\n }\n\n async getClusters(): Promise<ClusterDetails[]> {\n const lookupResolution = await this.lookupPromise;\n this.clusterDetails[0].url = `http://${lookupResolution.address}:8001`;\n return this.clusterDetails;\n }\n}\n"],"names":["dns","ANNOTATION_KUBERNETES_AUTH_PROVIDER"],"mappings":";;;;;;;;;AAuBO,MAAM,+BAAA,CAEb;AAAA,EACmB,cAAA;AAAA;AAAA;AAAA,EAGT,aAAA,GAAgBA,qBAAI,QAAA,CAAS,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,OAAO,CAAA;AAAA,EAErE,WAAA,GAAc;AACnB,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB;AAAA,QACE,IAAA,EAAM,OAAA;AAAA,QACN,GAAA,EAAK,uBAAA;AAAA,QACL,YAAA,EAAc;AAAA,UACZ,CAACC,0DAAmC,GAAG;AAAA,SACzC;AAAA,QACA,iBAAA,EAAmB;AAAA;AACrB,KACF;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,GAAyC;AAC7C,IAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,aAAA;AACpC,IAAA,IAAA,CAAK,eAAe,CAAC,CAAA,CAAE,GAAA,GAAM,CAAA,OAAA,EAAU,iBAAiB,OAAO,CAAA,KAAA,CAAA;AAC/D,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AACF;;;;"}
|
|
@@ -36,12 +36,12 @@ class CombinedClustersSupplier {
|
|
|
36
36
|
return clusters;
|
|
37
37
|
}
|
|
38
38
|
}
|
|
39
|
-
const getCombinedClusterSupplier = (rootConfig,
|
|
39
|
+
const getCombinedClusterSupplier = (rootConfig, catalogService, authStrategy, logger, refreshInterval = void 0, auth) => {
|
|
40
40
|
const clusterSuppliers = rootConfig.getConfigArray("kubernetes.clusterLocatorMethods").map((clusterLocatorMethod) => {
|
|
41
41
|
const type = clusterLocatorMethod.getString("type");
|
|
42
42
|
switch (type) {
|
|
43
43
|
case "catalog":
|
|
44
|
-
return CatalogClusterLocator.CatalogClusterLocator.fromConfig(
|
|
44
|
+
return CatalogClusterLocator.CatalogClusterLocator.fromConfig(catalogService, auth);
|
|
45
45
|
case "localKubectlProxy":
|
|
46
46
|
return new LocalKubectlProxyLocator.LocalKubectlProxyClusterLocator();
|
|
47
47
|
case "config":
|