@backstage/plugin-kubernetes-backend 0.21.4-next.0 → 0.21.4-next.1

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @backstage/plugin-kubernetes-backend
 
+## 0.21.4-next.1
+
+### Patch Changes
+
+- 1ecc3ca: Fixed spelling mistakes in internal code
+- Updated dependencies
+  - @backstage/integration-aws-node@0.2.0-next.1
+  - @backstage/backend-plugin-api@1.9.1-next.1
+
 ## 0.21.4-next.0
 
 ### Patch Changes

package/dist/package.json.cjs.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var version = "0.21.4-next.0";
+var version = "0.21.4-next.1";
 var packageinfo = {
 	version: version};
 

package/dist/plugin.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  coreServices,\n  createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { catalogServiceRef } from '@backstage/plugin-catalog-node';\n\nimport {\n  type AuthenticationStrategy,\n  kubernetesAuthStrategyExtensionPoint,\n  type KubernetesAuthStrategyExtensionPoint,\n  type KubernetesClustersSupplier,\n  kubernetesClusterSupplierExtensionPoint,\n  type KubernetesClusterSupplierExtensionPoint,\n  KubernetesClusterSupplierFactory,\n  type KubernetesFetcher,\n  kubernetesFetcherExtensionPoint,\n  type KubernetesFetcherExtensionPoint,\n  KubernetesFetcherFactory,\n  type KubernetesObjectsProvider,\n  kubernetesObjectsProviderExtensionPoint,\n  type KubernetesObjectsProviderExtensionPoint,\n  KubernetesObjectsProviderFactory,\n  KubernetesRouterExtensionPoint,\n  kubernetesRouterExtensionPoint,\n  KubernetesRouterFactory,\n  type KubernetesServiceLocator,\n  kubernetesServiceLocatorExtensionPoint,\n  type KubernetesServiceLocatorExtensionPoint,\n  KubernetesServiceLocatorFactory,\n} from '@backstage/plugin-kubernetes-node';\nimport { KubernetesRouter } from './service/KubernetesRouter';\nimport { KubernetesInitializer } from './service/KubernetesInitializer';\n\nclass ObjectsProvider implements KubernetesObjectsProviderExtensionPoint {\n  private objectsProvider: KubernetesObjectsProviderFactory | undefined;\n\n  getObjectsProvider() {\n    return this.objectsProvider;\n  }\n\n  addObjectsProvider(\n    provider: KubernetesObjectsProvider | KubernetesObjectsProviderFactory,\n  ) {\n    if (this.objectsProvider) {\n      throw new Error(\n        'Multiple Kubernetes objects provider is not supported at this time',\n      );\n    }\n    if (typeof provider !== 'function') {\n      this.objectsProvider = async () => provider;\n    } else {\n      this.objectsProvider = provider;\n    }\n  }\n}\n\nclass ClusterSuplier implements KubernetesClusterSupplierExtensionPoint {\n  private clusterSupplier: KubernetesClusterSupplierFactory | undefined;\n\n  getClusterSupplier() {\n    return this.clusterSupplier;\n  }\n\n  addClusterSupplier(\n    clusterSupplier:\n      | KubernetesClustersSupplier\n      | KubernetesClusterSupplierFactory,\n  ) {\n    if (this.clusterSupplier) {\n      throw new Error(\n        'Multiple Kubernetes Cluster Suppliers is not supported at this time',\n      );\n    }\n    if (typeof clusterSupplier !== 'function') {\n      this.clusterSupplier = async () => clusterSupplier;\n    } else {\n      this.clusterSupplier = clusterSupplier;\n    }\n  }\n}\n\nclass Fetcher implements KubernetesFetcherExtensionPoint {\n  private fetcher: KubernetesFetcherFactory | undefined;\n\n  getFetcher() {\n    return this.fetcher;\n  }\n\n  addFetcher(fetcher: KubernetesFetcher | KubernetesFetcherFactory) {\n    if (this.fetcher) {\n      throw new Error(\n        'Multiple Kubernetes Fetchers is not supported at this time',\n      );\n    }\n    if (typeof fetcher !== 'function') {\n      this.fetcher = async () => fetcher;\n    } else {\n      this.fetcher = fetcher;\n    }\n  }\n}\n\nclass ServiceLocator implements KubernetesServiceLocatorExtensionPoint {\n  private serviceLocator: KubernetesServiceLocatorFactory | undefined;\n\n  getServiceLocator() {\n    return this.serviceLocator;\n  }\n\n  addServiceLocator(\n    serviceLocator: KubernetesServiceLocator | KubernetesServiceLocatorFactory,\n  ) {\n    if (this.serviceLocator) {\n      throw new Error(\n        'Multiple Kubernetes Service Locators is not supported at this time',\n      );\n    }\n\n    if (typeof serviceLocator !== 'function') {\n      this.serviceLocator = async () => serviceLocator;\n    } else {\n      this.serviceLocator = serviceLocator;\n    }\n  }\n}\n\nclass AuthStrategy implements KubernetesAuthStrategyExtensionPoint {\n  private authStrategies: Map<string, AuthenticationStrategy> | undefined;\n\n  getAuthenticationStrategies() {\n    return this.authStrategies;\n  }\n\n  addAuthStrategy(key: string, authStrategy: AuthenticationStrategy) {\n    if (!this.authStrategies) {\n      this.authStrategies = new Map<string, AuthenticationStrategy>();\n    }\n\n    if (key.includes('-')) {\n      throw new Error('Strategy name can not include dashes');\n    }\n\n    this.authStrategies.set(key, authStrategy);\n  }\n}\n\nclass CustomRouter implements KubernetesRouterExtensionPoint {\n  private router: KubernetesRouterFactory | undefined;\n\n  getRouter() {\n    return this.router;\n  }\n\n  addRouter(router: KubernetesRouterFactory) {\n    if (this.router) {\n      throw new Error(\n        'Multiple Kubernetes routers is not supported at this time',\n      );\n    }\n\n    this.router = router;\n  }\n}\n\n/**\n * This is the backend plugin that provides the Kubernetes integration.\n * @public\n */\nexport const kubernetesPlugin = createBackendPlugin({\n  pluginId: 'kubernetes',\n  register(env) {\n    const extPointObjectsProvider = new ObjectsProvider();\n    const extPointClusterSuplier = new ClusterSuplier();\n    const extPointAuthStrategy = new AuthStrategy();\n    const extPointFetcher = new Fetcher();\n    const extPointServiceLocator = new ServiceLocator();\n    const extPointRouter = new CustomRouter();\n\n    env.registerExtensionPoint(\n      kubernetesObjectsProviderExtensionPoint,\n      extPointObjectsProvider,\n    );\n    env.registerExtensionPoint(\n      kubernetesClusterSupplierExtensionPoint,\n      extPointClusterSuplier,\n    );\n    env.registerExtensionPoint(\n      kubernetesAuthStrategyExtensionPoint,\n      extPointAuthStrategy,\n    );\n    env.registerExtensionPoint(\n      kubernetesFetcherExtensionPoint,\n      extPointFetcher,\n    );\n    env.registerExtensionPoint(\n      kubernetesServiceLocatorExtensionPoint,\n      extPointServiceLocator,\n    );\n    env.registerExtensionPoint(kubernetesRouterExtensionPoint, extPointRouter);\n\n    env.registerInit({\n      deps: {\n        http: coreServices.httpRouter,\n        logger: coreServices.logger,\n        config: coreServices.rootConfig,\n        discovery: coreServices.discovery,\n        catalog: catalogServiceRef,\n        permissions: coreServices.permissions,\n        auth: coreServices.auth,\n        httpAuth: coreServices.httpAuth,\n      },\n      async init({\n        http,\n        logger,\n        config,\n        discovery,\n        catalog,\n        permissions,\n        auth,\n        httpAuth,\n      }) {\n        // TODO: this could do with a cleanup and push some of this initalization somewhere else\n        if (config.has('kubernetes')) {\n          const initializer = KubernetesInitializer.create({\n            logger,\n            config,\n            catalog,\n            auth,\n            fetcher: extPointFetcher.getFetcher(),\n            clusterSupplier: extPointClusterSuplier.getClusterSupplier(),\n            serviceLocator: extPointServiceLocator.getServiceLocator(),\n            objectsProvider: extPointObjectsProvider.getObjectsProvider(),\n            authStrategyMap: extPointAuthStrategy.getAuthenticationStrategies(),\n          });\n\n          const {\n            fetcher,\n            authStrategyMap,\n            clusterSupplier,\n            serviceLocator,\n            objectsProvider,\n          } = await initializer.init();\n\n          const router = KubernetesRouter.create({\n            logger,\n            config,\n            catalog,\n            permissions,\n            discovery,\n            auth,\n            httpAuth,\n            authStrategyMap: Object.fromEntries(authStrategyMap.entries()),\n            fetcher,\n            clusterSupplier,\n            serviceLocator,\n            objectsProvider,\n            customRouter: extPointRouter.getRouter(),\n          });\n\n          http.use(await router.getRouter());\n        } else {\n          logger.warn(\n            'Failed to initialize kubernetes backend: valid kubernetes config is missing',\n          );\n        }\n      },\n    });\n  },\n});\n"],"names":["createBackendPlugin","kubernetesObjectsProviderExtensionPoint","kubernetesClusterSupplierExtensionPoint","kubernetesAuthStrategyExtensionPoint","kubernetesFetcherExtensionPoint","kubernetesServiceLocatorExtensionPoint","kubernetesRouterExtensionPoint","coreServices","catalogServiceRef","KubernetesInitializer","KubernetesRouter"],"mappings":";;;;;;;;AAiDA,MAAM,eAAA,CAAmE;AAAA,EAC/D,eAAA;AAAA,EAER,kBAAA,GAAqB;AACnB,IAAA,OAAO,IAAA,CAAK,eAAA;AAAA,EACd;AAAA,EAEA,mBACE,QAAA,EACA;AACA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,aAAa,UAAA,EAAY;AAClC,MAAA,IAAA,CAAK,kBAAkB,YAAY,QAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,eAAA,GAAkB,QAAA;AAAA,IACzB;AAAA,EACF;AACF;AAEA,MAAM,cAAA,CAAkE;AAAA,EAC9D,eAAA;AAAA,EAER,kBAAA,GAAqB;AACnB,IAAA,OAAO,IAAA,CAAK,eAAA;AAAA,EACd;AAAA,EAEA,mBACE,eAAA,EAGA;AACA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,oBAAoB,UAAA,EAAY;AACzC,MAAA,IAAA,CAAK,kBAAkB,YAAY,eAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AAAA,IACzB;AAAA,EACF;AACF;AAEA,MAAM,OAAA,CAAmD;AAAA,EAC/C,OAAA;AAAA,EAER,UAAA,GAAa;AACX,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,WAAW,OAAA,EAAuD;AAChE,IAAA,IAAI,KAAK,OAAA,EAAS;AAChB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,IAAA,CAAK,UAAU,YAAY,OAAA;AAAA,IAC7B,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,IACjB;AAAA,EACF;AACF;AAEA,MAAM,cAAA,CAAiE;AAAA,EAC7D,cAAA;AAAA,EAER,iBAAA,GAAoB;AAClB,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,kBACE,cAAA,EACA;AACA,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAmB,UAAA,EAAY;AACxC,MAAA,IAAA,CAAK,iBAAiB,YAAY,cAAA;AAAA,IACpC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,cAAA,GAAiB,cAAA;AAAA,IACxB;AAAA,EACF;AACF;AAEA,MAAM,YAAA,CAA6D;AAAA,EACzD,cAAA;AAAA,EAER,2BAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,eAAA,CAAgB,KAAa,YAAA,EAAsC;AACjE,IAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,MAAA,IAAA,CAAK,cAAA,uBAAqB,GAAA,EAAoC;AAAA,IAChE;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,GAAG,CAAA,EAAG;AACrB,MAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,IACxD;AAEA,IAAA,IAAA,CAAK,cAAA,CAAe,GAAA,CAAI,GAAA,EAAK,YAAY,CAAA;AAAA,EAC3C;AACF;AAEA,MAAM,YAAA,CAAuD;AAAA,EACnD,MAAA;AAAA,EAER,SAAA,GAAY;AACV,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,UAAU,MAAA,EAAiC;AACzC,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAMO,MAAM,mBAAmBA,oCAAA,CAAoB;AAAA,EAClD,QAAA,EAAU,YAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,uBAAA,GAA0B,IAAI,eAAA,EAAgB;AACpD,IAAA,MAAM,sBAAA,GAAyB,IAAI,cAAA,EAAe;AAClD,IAAA,MAAM,oBAAA,GAAuB,IAAI,YAAA,EAAa;AAC9C,IAAA,MAAM,eAAA,GAAkB,IAAI,OAAA,EAAQ;AACpC,IAAA,MAAM,sBAAA,GAAyB,IAAI,cAAA,EAAe;AAClD,IAAA,MAAM,cAAA,GAAiB,IAAI,YAAA,EAAa;AAExC,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,yDAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,oDAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,2DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA,CAAuBC,qDAAgC,cAAc,CAAA;AAEzE,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,MAAMC,6BAAA,CAAa,UAAA;AAAA,QACnB,QAAQA,6BAAA,CAAa,MAAA;AAAA,QACrB,QAAQA,6BAAA,CAAa,UAAA;AAAA,QACrB,WAAWA,6BAAA,CAAa,SAAA;AAAA,QACxB,OAAA,EAASC,mCAAA;AAAA,QACT,aAAaD,6BAAA,CAAa,WAAA;AAAA,QAC1B,MAAMA,6BAAA,CAAa,IAAA;AAAA,QACnB,UAAUA,6BAAA,CAAa;AAAA,OACzB;AAAA,MACA,MAAM,IAAA,CAAK;AAAA,QACT,IAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,OAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF,EAAG;AAED,QAAA,IAAI,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA,EAAG;AAC5B,UAAA,MAAM,WAAA,GAAcE,4CAAsB,MAAA,CAAO;AAAA,YAC/C,MAAA;AAAA,YACA,MAAA;AAAA,YACA,OAAA;AAAA,YACA,IAAA;AAAA,YACA,OAAA,EAAS,gBAAgB,UAAA,EAAW;AAAA,YACpC,eAAA,EAAiB,uBAAuB,kBAAA,EAAmB;AAAA,YAC3D,cAAA,EAAgB,uBAAuB,iBAAA,EAAkB;AAAA,YACzD,eAAA,EAAiB,wBAAwB,kBAAA,EAAmB;AAAA,YAC5D,eAAA,EAAiB,qBAAqB,2BAAA;AAA4B,WACnE,CAAA;AAED,UAAA,MAAM;AAAA,YACJ,OAAA;AAAA,YACA,eAAA;AAAA,YACA,eAAA;AAAA,YACA,cAAA;AAAA,YACA;AAAA,WACF,GAAI,MAAM,WAAA,CAAY,IAAA,EAAK;AAE3B,UAAA,MAAM,MAAA,GAASC,kCAAiB,MAAA,CAAO;AAAA,YACrC,MAAA;AAAA,YACA,MAAA;AAAA,YACA,OAAA;AAAA,YACA,WAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,YACA,eAAA,EAAiB,MAAA,CAAO,WAAA,CAAY,eAAA,CAAgB,SAAS,CAAA;AAAA,YAC7D,OAAA;AAAA,YACA,eAAA;AAAA,YACA,cAAA;AAAA,YACA,eAAA;AAAA,YACA,YAAA,EAAc,eAAe,SAAA;AAAU,WACxC,CAAA;AAED,UAAA,IAAA,CAAK,GAAA,CAAI,MAAM,MAAA,CAAO,SAAA,EAAW,CAAA;AAAA,QACnC,CAAA,MAAO;AACL,UAAA,MAAA,CAAO,IAAA;AAAA,YACL;AAAA,WACF;AAAA,QACF;AAAA,MACF;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC;;;;"}
+{"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  coreServices,\n  createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { catalogServiceRef } from '@backstage/plugin-catalog-node';\n\nimport {\n  type AuthenticationStrategy,\n  kubernetesAuthStrategyExtensionPoint,\n  type KubernetesAuthStrategyExtensionPoint,\n  type KubernetesClustersSupplier,\n  kubernetesClusterSupplierExtensionPoint,\n  type KubernetesClusterSupplierExtensionPoint,\n  KubernetesClusterSupplierFactory,\n  type KubernetesFetcher,\n  kubernetesFetcherExtensionPoint,\n  type KubernetesFetcherExtensionPoint,\n  KubernetesFetcherFactory,\n  type KubernetesObjectsProvider,\n  kubernetesObjectsProviderExtensionPoint,\n  type KubernetesObjectsProviderExtensionPoint,\n  KubernetesObjectsProviderFactory,\n  KubernetesRouterExtensionPoint,\n  kubernetesRouterExtensionPoint,\n  KubernetesRouterFactory,\n  type KubernetesServiceLocator,\n  kubernetesServiceLocatorExtensionPoint,\n  type KubernetesServiceLocatorExtensionPoint,\n  KubernetesServiceLocatorFactory,\n} from '@backstage/plugin-kubernetes-node';\nimport { KubernetesRouter } from './service/KubernetesRouter';\nimport { KubernetesInitializer } from './service/KubernetesInitializer';\n\nclass ObjectsProvider implements KubernetesObjectsProviderExtensionPoint {\n  private objectsProvider: KubernetesObjectsProviderFactory | undefined;\n\n  getObjectsProvider() {\n    return this.objectsProvider;\n  }\n\n  addObjectsProvider(\n    provider: KubernetesObjectsProvider | KubernetesObjectsProviderFactory,\n  ) {\n    if (this.objectsProvider) {\n      throw new Error(\n        'Multiple Kubernetes objects provider is not supported at this time',\n      );\n    }\n    if (typeof provider !== 'function') {\n      this.objectsProvider = async () => provider;\n    } else {\n      this.objectsProvider = provider;\n    }\n  }\n}\n\nclass ClusterSuplier implements KubernetesClusterSupplierExtensionPoint {\n  private clusterSupplier: KubernetesClusterSupplierFactory | undefined;\n\n  getClusterSupplier() {\n    return this.clusterSupplier;\n  }\n\n  addClusterSupplier(\n    clusterSupplier:\n      | KubernetesClustersSupplier\n      | KubernetesClusterSupplierFactory,\n  ) {\n    if (this.clusterSupplier) {\n      throw new Error(\n        'Multiple Kubernetes Cluster Suppliers is not supported at this time',\n      );\n    }\n    if (typeof clusterSupplier !== 'function') {\n      this.clusterSupplier = async () => clusterSupplier;\n    } else {\n      this.clusterSupplier = clusterSupplier;\n    }\n  }\n}\n\nclass Fetcher implements KubernetesFetcherExtensionPoint {\n  private fetcher: KubernetesFetcherFactory | undefined;\n\n  getFetcher() {\n    return this.fetcher;\n  }\n\n  addFetcher(fetcher: KubernetesFetcher | KubernetesFetcherFactory) {\n    if (this.fetcher) {\n      throw new Error(\n        'Multiple Kubernetes Fetchers is not supported at this time',\n      );\n    }\n    if (typeof fetcher !== 'function') {\n      this.fetcher = async () => fetcher;\n    } else {\n      this.fetcher = fetcher;\n    }\n  }\n}\n\nclass ServiceLocator implements KubernetesServiceLocatorExtensionPoint {\n  private serviceLocator: KubernetesServiceLocatorFactory | undefined;\n\n  getServiceLocator() {\n    return this.serviceLocator;\n  }\n\n  addServiceLocator(\n    serviceLocator: KubernetesServiceLocator | KubernetesServiceLocatorFactory,\n  ) {\n    if (this.serviceLocator) {\n      throw new Error(\n        'Multiple Kubernetes Service Locators is not supported at this time',\n      );\n    }\n\n    if (typeof serviceLocator !== 'function') {\n      this.serviceLocator = async () => serviceLocator;\n    } else {\n      this.serviceLocator = serviceLocator;\n    }\n  }\n}\n\nclass AuthStrategy implements KubernetesAuthStrategyExtensionPoint {\n  private authStrategies: Map<string, AuthenticationStrategy> | undefined;\n\n  getAuthenticationStrategies() {\n    return this.authStrategies;\n  }\n\n  addAuthStrategy(key: string, authStrategy: AuthenticationStrategy) {\n    if (!this.authStrategies) {\n      this.authStrategies = new Map<string, AuthenticationStrategy>();\n    }\n\n    if (key.includes('-')) {\n      throw new Error('Strategy name can not include dashes');\n    }\n\n    this.authStrategies.set(key, authStrategy);\n  }\n}\n\nclass CustomRouter implements KubernetesRouterExtensionPoint {\n  private router: KubernetesRouterFactory | undefined;\n\n  getRouter() {\n    return this.router;\n  }\n\n  addRouter(router: KubernetesRouterFactory) {\n    if (this.router) {\n      throw new Error(\n        'Multiple Kubernetes routers is not supported at this time',\n      );\n    }\n\n    this.router = router;\n  }\n}\n\n/**\n * This is the backend plugin that provides the Kubernetes integration.\n * @public\n */\nexport const kubernetesPlugin = createBackendPlugin({\n  pluginId: 'kubernetes',\n  register(env) {\n    const extPointObjectsProvider = new ObjectsProvider();\n    const extPointClusterSuplier = new ClusterSuplier();\n    const extPointAuthStrategy = new AuthStrategy();\n    const extPointFetcher = new Fetcher();\n    const extPointServiceLocator = new ServiceLocator();\n    const extPointRouter = new CustomRouter();\n\n    env.registerExtensionPoint(\n      kubernetesObjectsProviderExtensionPoint,\n      extPointObjectsProvider,\n    );\n    env.registerExtensionPoint(\n      kubernetesClusterSupplierExtensionPoint,\n      extPointClusterSuplier,\n    );\n    env.registerExtensionPoint(\n      kubernetesAuthStrategyExtensionPoint,\n      extPointAuthStrategy,\n    );\n    env.registerExtensionPoint(\n      kubernetesFetcherExtensionPoint,\n      extPointFetcher,\n    );\n    env.registerExtensionPoint(\n      kubernetesServiceLocatorExtensionPoint,\n      extPointServiceLocator,\n    );\n    env.registerExtensionPoint(kubernetesRouterExtensionPoint, extPointRouter);\n\n    env.registerInit({\n      deps: {\n        http: coreServices.httpRouter,\n        logger: coreServices.logger,\n        config: coreServices.rootConfig,\n        discovery: coreServices.discovery,\n        catalog: catalogServiceRef,\n        permissions: coreServices.permissions,\n        auth: coreServices.auth,\n        httpAuth: coreServices.httpAuth,\n      },\n      async init({\n        http,\n        logger,\n        config,\n        discovery,\n        catalog,\n        permissions,\n        auth,\n        httpAuth,\n      }) {\n        // TODO: this could do with a cleanup and push some of this initialization somewhere else\n        if (config.has('kubernetes')) {\n          const initializer = KubernetesInitializer.create({\n            logger,\n            config,\n            catalog,\n            auth,\n            fetcher: extPointFetcher.getFetcher(),\n            clusterSupplier: extPointClusterSuplier.getClusterSupplier(),\n            serviceLocator: extPointServiceLocator.getServiceLocator(),\n            objectsProvider: extPointObjectsProvider.getObjectsProvider(),\n            authStrategyMap: extPointAuthStrategy.getAuthenticationStrategies(),\n          });\n\n          const {\n            fetcher,\n            authStrategyMap,\n            clusterSupplier,\n            serviceLocator,\n            objectsProvider,\n          } = await initializer.init();\n\n          const router = KubernetesRouter.create({\n            logger,\n            config,\n            catalog,\n            permissions,\n            discovery,\n            auth,\n            httpAuth,\n            authStrategyMap: Object.fromEntries(authStrategyMap.entries()),\n            fetcher,\n            clusterSupplier,\n            serviceLocator,\n            objectsProvider,\n            customRouter: extPointRouter.getRouter(),\n          });\n\n          http.use(await router.getRouter());\n        } else {\n          logger.warn(\n            'Failed to initialize kubernetes backend: valid kubernetes config is missing',\n          );\n        }\n      },\n    });\n  },\n});\n"],"names":["createBackendPlugin","kubernetesObjectsProviderExtensionPoint","kubernetesClusterSupplierExtensionPoint","kubernetesAuthStrategyExtensionPoint","kubernetesFetcherExtensionPoint","kubernetesServiceLocatorExtensionPoint","kubernetesRouterExtensionPoint","coreServices","catalogServiceRef","KubernetesInitializer","KubernetesRouter"],"mappings":";;;;;;;;AAiDA,MAAM,eAAA,CAAmE;AAAA,EAC/D,eAAA;AAAA,EAER,kBAAA,GAAqB;AACnB,IAAA,OAAO,IAAA,CAAK,eAAA;AAAA,EACd;AAAA,EAEA,mBACE,QAAA,EACA;AACA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,aAAa,UAAA,EAAY;AAClC,MAAA,IAAA,CAAK,kBAAkB,YAAY,QAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,eAAA,GAAkB,QAAA;AAAA,IACzB;AAAA,EACF;AACF;AAEA,MAAM,cAAA,CAAkE;AAAA,EAC9D,eAAA;AAAA,EAER,kBAAA,GAAqB;AACnB,IAAA,OAAO,IAAA,CAAK,eAAA;AAAA,EACd;AAAA,EAEA,mBACE,eAAA,EAGA;AACA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,oBAAoB,UAAA,EAAY;AACzC,MAAA,IAAA,CAAK,kBAAkB,YAAY,eAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AAAA,IACzB;AAAA,EACF;AACF;AAEA,MAAM,OAAA,CAAmD;AAAA,EAC/C,OAAA;AAAA,EAER,UAAA,GAAa;AACX,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,WAAW,OAAA,EAAuD;AAChE,IAAA,IAAI,KAAK,OAAA,EAAS;AAChB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,IAAA,CAAK,UAAU,YAAY,OAAA;AAAA,IAC7B,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,IACjB;AAAA,EACF;AACF;AAEA,MAAM,cAAA,CAAiE;AAAA,EAC7D,cAAA;AAAA,EAER,iBAAA,GAAoB;AAClB,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,kBACE,cAAA,EACA;AACA,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,mBAAmB,UAAA,EAAY;AACxC,MAAA,IAAA,CAAK,iBAAiB,YAAY,cAAA;AAAA,IACpC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,cAAA,GAAiB,cAAA;AAAA,IACxB;AAAA,EACF;AACF;AAEA,MAAM,YAAA,CAA6D;AAAA,EACzD,cAAA;AAAA,EAER,2BAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,eAAA,CAAgB,KAAa,YAAA,EAAsC;AACjE,IAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,MAAA,IAAA,CAAK,cAAA,uBAAqB,GAAA,EAAoC;AAAA,IAChE;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,GAAG,CAAA,EAAG;AACrB,MAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,IACxD;AAEA,IAAA,IAAA,CAAK,cAAA,CAAe,GAAA,CAAI,GAAA,EAAK,YAAY,CAAA;AAAA,EAC3C;AACF;AAEA,MAAM,YAAA,CAAuD;AAAA,EACnD,MAAA;AAAA,EAER,SAAA,GAAY;AACV,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,UAAU,MAAA,EAAiC;AACzC,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAMO,MAAM,mBAAmBA,oCAAA,CAAoB;AAAA,EAClD,QAAA,EAAU,YAAA;AAAA,EACV,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,uBAAA,GAA0B,IAAI,eAAA,EAAgB;AACpD,IAAA,MAAM,sBAAA,GAAyB,IAAI,cAAA,EAAe;AAClD,IAAA,MAAM,oBAAA,GAAuB,IAAI,YAAA,EAAa;AAC9C,IAAA,MAAM,eAAA,GAAkB,IAAI,OAAA,EAAQ;AACpC,IAAA,MAAM,sBAAA,GAAyB,IAAI,cAAA,EAAe;AAClD,IAAA,MAAM,cAAA,GAAiB,IAAI,YAAA,EAAa;AAExC,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,4DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,yDAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,oDAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA;AAAA,MACFC,2DAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,GAAA,CAAI,sBAAA,CAAuBC,qDAAgC,cAAc,CAAA;AAEzE,IAAA,GAAA,CAAI,YAAA,CAAa;AAAA,MACf,IAAA,EAAM;AAAA,QACJ,MAAMC,6BAAA,CAAa,UAAA;AAAA,QACnB,QAAQA,6BAAA,CAAa,MAAA;AAAA,QACrB,QAAQA,6BAAA,CAAa,UAAA;AAAA,QACrB,WAAWA,6BAAA,CAAa,SAAA;AAAA,QACxB,OAAA,EAASC,mCAAA;AAAA,QACT,aAAaD,6BAAA,CAAa,WAAA;AAAA,QAC1B,MAAMA,6BAAA,CAAa,IAAA;AAAA,QACnB,UAAUA,6BAAA,CAAa;AAAA,OACzB;AAAA,MACA,MAAM,IAAA,CAAK;AAAA,QACT,IAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,OAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF,EAAG;AAED,QAAA,IAAI,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA,EAAG;AAC5B,UAAA,MAAM,WAAA,GAAcE,4CAAsB,MAAA,CAAO;AAAA,YAC/C,MAAA;AAAA,YACA,MAAA;AAAA,YACA,OAAA;AAAA,YACA,IAAA;AAAA,YACA,OAAA,EAAS,gBAAgB,UAAA,EAAW;AAAA,YACpC,eAAA,EAAiB,uBAAuB,kBAAA,EAAmB;AAAA,YAC3D,cAAA,EAAgB,uBAAuB,iBAAA,EAAkB;AAAA,YACzD,eAAA,EAAiB,wBAAwB,kBAAA,EAAmB;AAAA,YAC5D,eAAA,EAAiB,qBAAqB,2BAAA;AAA4B,WACnE,CAAA;AAED,UAAA,MAAM;AAAA,YACJ,OAAA;AAAA,YACA,eAAA;AAAA,YACA,eAAA;AAAA,YACA,cAAA;AAAA,YACA;AAAA,WACF,GAAI,MAAM,WAAA,CAAY,IAAA,EAAK;AAE3B,UAAA,MAAM,MAAA,GAASC,kCAAiB,MAAA,CAAO;AAAA,YACrC,MAAA;AAAA,YACA,MAAA;AAAA,YACA,OAAA;AAAA,YACA,WAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA;AAAA,YACA,QAAA;AAAA,YACA,eAAA,EAAiB,MAAA,CAAO,WAAA,CAAY,eAAA,CAAgB,SAAS,CAAA;AAAA,YAC7D,OAAA;AAAA,YACA,eAAA;AAAA,YACA,cAAA;AAAA,YACA,eAAA;AAAA,YACA,YAAA,EAAc,eAAe,SAAA;AAAU,WACxC,CAAA;AAED,UAAA,IAAA,CAAK,GAAA,CAAI,MAAM,MAAA,CAAO,SAAA,EAAW,CAAA;AAAA,QACnC,CAAA,MAAO;AACL,UAAA,MAAA,CAAO,IAAA;AAAA,YACL;AAAA,WACF;AAAA,QACF;AAAA,MACF;AAAA,KACD,CAAA;AAAA,EACH;AACF,CAAC;;;;"}

package/dist/service/KubernetesProxy.cjs.js

@@ -164,11 +164,11 @@ class KubernetesProxy {
   }
   static headerToDictionary(header, originalHeaders) {
     const obj = {};
-    const headerSplitted = header.split("-");
-    if (headerSplitted.length >= 4) {
-      const framework = headerSplitted[3].toLowerCase();
-      if (headerSplitted.length >= 5) {
-        const provider = headerSplitted.slice(4).join("-").toLowerCase();
+    const headerSplit = header.split("-");
+    if (headerSplit.length >= 4) {
+      const framework = headerSplit[3].toLowerCase();
+      if (headerSplit.length >= 5) {
+        const provider = headerSplit.slice(4).join("-").toLowerCase();
         obj[framework] = { [provider]: originalHeaders[header] };
       } else {
         obj[framework] = originalHeaders[header];

package/dist/service/KubernetesProxy.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"KubernetesProxy.cjs.js","sources":["../../src/service/KubernetesProxy.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  ErrorResponseBody,\n  ForwardedError,\n  NotAllowedError,\n  NotFoundError,\n  serializeError,\n} from '@backstage/errors';\nimport {\n  ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n  SERVICEACCOUNT_CA_PATH,\n  kubernetesProxyPermission,\n  KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport type { Cluster } from '@kubernetes/client-node';\nimport { createProxyMiddleware, RequestHandler } from 'http-proxy-middleware';\nimport fs from 'fs-extra';\n\nimport {\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\n\nimport type { Request } from 'express';\nimport { IncomingHttpHeaders } from 'node:http';\nimport {\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n  PermissionsService,\n} from '@backstage/backend-plugin-api';\n\n/**\n * The header that is used to specify the cluster name.\n *\n * @public\n */\nexport const HEADER_KUBERNETES_CLUSTER: string = 'Backstage-Kubernetes-Cluster';\n\n/**\n * The header that is used to specify the Authentication Authorities token.\n * e.x if using the google auth provider as your authentication authority then this field would be the google provided bearer token.\n * @public\n */\nexport const HEADER_KUBERNETES_AUTH: string =\n  'Backstage-Kubernetes-Authorization';\n\n/**\n * The options object expected to be passed as a parameter to KubernetesProxy.createRequestHandler().\n *\n * @public\n */\nexport type KubernetesProxyCreateRequestHandlerOptions = {\n  permissionApi: PermissionsService;\n};\n\n/**\n * Options accepted as a parameter by the KubernetesProxy\n *\n * @public\n */\nexport type KubernetesProxyOptions = {\n  logger: LoggerService;\n  clusterSupplier: KubernetesClustersSupplier;\n  authStrategy: AuthenticationStrategy;\n  discovery: DiscoveryService;\n  httpAuth: HttpAuthService;\n};\n\n/**\n * A proxy that routes requests to the Kubernetes API.\n *\n * @public\n */\nexport class KubernetesProxy {\n  private readonly middlewareForClusterName = new Map<string, RequestHandler>();\n  private readonly logger: LoggerService;\n  private readonly clusterSupplier: KubernetesClustersSupplier;\n  private readonly authStrategy: AuthenticationStrategy;\n  private readonly httpAuth: HttpAuthService;\n\n  constructor(options: KubernetesProxyOptions) {\n    this.logger = options.logger;\n    this.clusterSupplier = options.clusterSupplier;\n    this.authStrategy = options.authStrategy;\n    this.httpAuth = options.httpAuth;\n  }\n\n  public createRequestHandler(\n    options: KubernetesProxyCreateRequestHandlerOptions,\n  ): RequestHandler {\n    const { permissionApi } = options;\n    return async (req, res, next) => {\n      const authorizeResponse = await permissionApi.authorize(\n        [{ permission: kubernetesProxyPermission }],\n        {\n          credentials: await this.httpAuth.credentials(req),\n        },\n      );\n      const auth = authorizeResponse[0];\n\n      if (auth.result === AuthorizeResult.DENY) {\n        res.status(403).json({ error: new NotAllowedError('Unauthorized') });\n        return;\n      }\n\n      const middleware = await this.getMiddleware(req);\n\n      // If req is an upgrade handshake, use middleware upgrade instead of http request handler https://github.com/chimurai/http-proxy-middleware#external-websocket-upgrade\n      if (\n        req.header('connection')?.toLowerCase() === 'upgrade' &&\n        req.header('upgrade')?.toLowerCase() === 'websocket'\n      ) {\n        // Missing the `head`, since it's optional we pass undefined to avoid type issues\n        middleware.upgrade!(req, req.socket, undefined);\n      } else {\n        middleware(req, res, next);\n      }\n    };\n  }\n\n  // We create one middleware per remote cluster and hold on to them, because\n  // the secure property isn't possible to decide on a per-request basis with a\n  // single middleware instance - and we don't expect it to change over time.\n  private async getMiddleware(originalReq: Request): Promise<RequestHandler> {\n    const originalCluster = await this.getClusterForRequest(originalReq);\n    let middleware = this.middlewareForClusterName.get(originalCluster.name);\n    if (!middleware) {\n      const logger = this.logger.child({ cluster: originalCluster.name });\n      middleware = createProxyMiddleware({\n        logProvider: () => ({\n          log: logger.info.bind(logger),\n          debug: logger.debug.bind(logger),\n          info: logger.info.bind(logger),\n          warn: logger.warn.bind(logger),\n          error: logger.error.bind(logger),\n        }),\n        ws: true,\n        secure: !originalCluster.skipTLSVerify,\n        changeOrigin: true,\n        pathRewrite: async (path, req) => {\n          // Re-evaluate the cluster on each request, in case it has changed\n          const cluster = await this.getClusterForRequest(req);\n          const url = new URL(cluster.url);\n          return path.replace(\n            new RegExp(`^${originalReq.baseUrl}`),\n            url.pathname || '',\n          );\n        },\n        router: async req => {\n          // Re-evaluate the cluster on each request, in case it has changed\n          const cluster = await this.getClusterForRequest(req);\n          const url = new URL(cluster.url);\n\n          const { bufferFromFileOrString } = await import(\n            '@kubernetes/client-node'\n          );\n\n          const target: any = {\n            protocol: url.protocol,\n            host: url.hostname,\n            port: url.port,\n            ca: bufferFromFileOrString(\n              cluster.caFile,\n              cluster.caData,\n            )?.toString(),\n          };\n\n          const authHeader =\n            req.headers[HEADER_KUBERNETES_AUTH.toLocaleLowerCase('en-US')];\n          if (typeof authHeader === 'string') {\n            req.headers.authorization = authHeader;\n          } else {\n            // Map Backstage-Kubernetes-Authorization-X-X headers to a KubernetesRequestAuth object\n            const authObj = KubernetesProxy.authHeadersToKubernetesRequestAuth(\n              req.headers,\n            );\n\n            const credential = await this.getClusterForRequest(req).then(cd => {\n              return this.authStrategy.getCredential(cd, authObj);\n            });\n\n            if (credential.type === 'bearer token') {\n              req.headers.authorization = `Bearer ${credential.token}`;\n            } else if (credential.type === 'x509 client certificate') {\n              target.key = credential.key;\n              target.cert = credential.cert;\n            }\n          }\n\n          return target;\n        },\n        onError: (error, req, res) => {\n          const wrappedError = new ForwardedError(\n            `Cluster '${originalCluster.name}' request error`,\n            error,\n          );\n\n          logger.error('Kubernetes proxy error', wrappedError);\n\n          const body: ErrorResponseBody = {\n            error: serializeError(wrappedError, {\n              includeStack: process.env.NODE_ENV === 'development',\n            }),\n            request: { method: req.method, url: req.originalUrl },\n            response: { statusCode: 500 },\n          };\n          res.status(500).json(body);\n        },\n      });\n      this.middlewareForClusterName.set(originalCluster.name, middleware);\n    }\n    return middleware;\n  }\n\n  private async getClusterForRequest(req: Request): Promise<ClusterDetails> {\n    const { KubeConfig } = await import('@kubernetes/client-node');\n\n    const clusterName = req.headers[HEADER_KUBERNETES_CLUSTER.toLowerCase()];\n    const clusters = await this.clusterSupplier.getClusters({\n      credentials: await this.httpAuth.credentials(req),\n    });\n\n    if (!clusters || clusters.length <= 0) {\n      throw new NotFoundError(`No Clusters configured`);\n    }\n\n    const hasClusterNameHeader =\n      typeof clusterName === 'string' && clusterName.length > 0;\n\n    let cluster: ClusterDetails | undefined;\n\n    if (hasClusterNameHeader) {\n      cluster = clusters.find(c => c.name === clusterName);\n    } else if (clusters.length === 1) {\n      cluster = clusters.at(0);\n    }\n\n    if (!cluster) {\n      throw new NotFoundError(`Cluster '${clusterName}' not found`);\n    }\n\n    const authProvider =\n      cluster.authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n\n    if (\n      authProvider === 'serviceAccount' &&\n      fs.pathExistsSync(SERVICEACCOUNT_CA_PATH) &&\n      !cluster.authMetadata.serviceAccountToken\n    ) {\n      const kc = new KubeConfig();\n      kc.loadFromCluster();\n      const clusterFromKubeConfig = kc.getCurrentCluster() as Cluster;\n\n      const url = new URL(clusterFromKubeConfig.server);\n      cluster.url = clusterFromKubeConfig.server;\n      if (url.protocol === 'https:') {\n        cluster.caFile = clusterFromKubeConfig.caFile;\n      }\n    }\n\n    return cluster;\n  }\n\n  private static authHeadersToKubernetesRequestAuth(\n    originalHeaders: IncomingHttpHeaders,\n  ): KubernetesRequestAuth {\n    return Object.keys(originalHeaders)\n      .filter(header => header.startsWith('backstage-kubernetes-authorization'))\n      .map(header =>\n        KubernetesProxy.headerToDictionary(header, originalHeaders),\n      )\n      .filter(headerAsDic => Object.keys(headerAsDic).length !== 0)\n      .reduce(KubernetesProxy.combineHeaders, {});\n  }\n\n  private static headerToDictionary(\n    header: string,\n    originalHeaders: IncomingHttpHeaders,\n  ): KubernetesRequestAuth {\n    const obj: KubernetesRequestAuth = {};\n    const headerSplitted = header.split('-');\n    if (headerSplitted.length >= 4) {\n      const framework = headerSplitted[3].toLowerCase();\n      if (headerSplitted.length >= 5) {\n        const provider = headerSplitted.slice(4).join('-').toLowerCase();\n        obj[framework] = { [provider]: originalHeaders[header] };\n      } else {\n        obj[framework] = originalHeaders[header];\n      }\n    }\n    return obj;\n  }\n\n  private static combineHeaders(\n    authObj: any,\n    header: any,\n  ): KubernetesRequestAuth {\n    const framework = Object.keys(header)[0];\n\n    if (authObj[framework]) {\n      authObj[framework] = {\n        ...authObj[framework],\n        ...header[framework],\n      };\n    } else {\n      authObj[framework] = header[framework];\n    }\n\n    return authObj;\n  }\n}\n"],"names":["kubernetesProxyPermission","AuthorizeResult","NotAllowedError","createProxyMiddleware","ForwardedError","serializeError","NotFoundError","ANNOTATION_KUBERNETES_AUTH_PROVIDER","fs","SERVICEACCOUNT_CA_PATH"],"mappings":";;;;;;;;;;;;AAqDO,MAAM,yBAAA,GAAoC;AAO1C,MAAM,sBAAA,GACX;AA6BK,MAAM,eAAA,CAAgB;AAAA,EACV,wBAAA,uBAA+B,GAAA,EAA4B;AAAA,EAC3D,MAAA;AAAA,EACA,eAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EAEjB,YAAY,OAAA,EAAiC;AAC3C,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,kBAAkB,OAAA,CAAQ,eAAA;AAC/B,IAAA,IAAA,CAAK,eAAe,OAAA,CAAQ,YAAA;AAC5B,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAAA,EAC1B;AAAA,EAEO,qBACL,OAAA,EACgB;AAChB,IAAA,MAAM,EAAE,eAAc,GAAI,OAAA;AAC1B,IAAA,OAAO,OAAO,GAAA,EAAK,GAAA,EAAK,IAAA,KAAS;AAC/B,MAAA,MAAM,iBAAA,GAAoB,MAAM,aAAA,CAAc,SAAA;AAAA,QAC5C,CAAC,EAAE,UAAA,EAAYA,gDAAA,EAA2B,CAAA;AAAA,QAC1C;AAAA,UACE,WAAA,EAAa,MAAM,IAAA,CAAK,QAAA,CAAS,YAAY,GAAG;AAAA;AAClD,OACF;AACA,MAAA,MAAM,IAAA,GAAO,kBAAkB,CAAC,CAAA;AAEhC,MAAA,IAAI,IAAA,CAAK,MAAA,KAAWC,sCAAA,CAAgB,IAAA,EAAM;AACxC,QAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK,EAAE,OAAO,IAAIC,sBAAA,CAAgB,cAAc,CAAA,EAAG,CAAA;AACnE,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AAG/C,MAAA,IACE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA,EAAG,WAAA,EAAY,KAAM,SAAA,IAC5C,GAAA,CAAI,MAAA,CAAO,SAAS,CAAA,EAAG,WAAA,OAAkB,WAAA,EACzC;AAEA,QAAA,UAAA,CAAW,OAAA,CAAS,GAAA,EAAK,GAAA,CAAI,MAAA,EAAQ,MAAS,CAAA;AAAA,MAChD,CAAA,MAAO;AACL,QAAA,UAAA,CAAW,GAAA,EAAK,KAAK,IAAI,CAAA;AAAA,MAC3B;AAAA,IACF,CAAA;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,cAAc,WAAA,EAA+C;AACzE,IAAA,MAAM,eAAA,GAAkB,MAAM,IAAA,CAAK,oBAAA,CAAqB,WAAW,CAAA;AACnE,IAAA,IAAI,UAAA,GAAa,IAAA,CAAK,wBAAA,CAAyB,GAAA,CAAI,gBAAgB,IAAI,CAAA;AACvE,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,MAAA,GAAS,KAAK,MAAA,CAAO,KAAA,CAAM,EAAE,OAAA,EAAS,eAAA,CAAgB,MAAM,CAAA;AAClE,MAAA,UAAA,GAAaC,yCAAA,CAAsB;AAAA,QACjC,aAAa,OAAO;AAAA,UAClB,GAAA,EAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC5B,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA;AAAA,UAC/B,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC7B,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC7B,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,MAAM;AAAA,SACjC,CAAA;AAAA,QACA,EAAA,EAAI,IAAA;AAAA,QACJ,MAAA,EAAQ,CAAC,eAAA,CAAgB,aAAA;AAAA,QACzB,YAAA,EAAc,IAAA;AAAA,QACd,WAAA,EAAa,OAAO,IAAA,EAAM,GAAA,KAAQ;AAEhC,UAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,oBAAA,CAAqB,GAAG,CAAA;AACnD,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,UAAA,OAAO,IAAA,CAAK,OAAA;AAAA,YACV,IAAI,MAAA,CAAO,CAAA,CAAA,EAAI,WAAA,CAAY,OAAO,CAAA,CAAE,CAAA;AAAA,YACpC,IAAI,QAAA,IAAY;AAAA,WAClB;AAAA,QACF,CAAA;AAAA,QACA,MAAA,EAAQ,OAAM,GAAA,KAAO;AAEnB,UAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,oBAAA,CAAqB,GAAG,CAAA;AACnD,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAE/B,UAAA,MAAM,EAAE,sBAAA,EAAuB,GAAI,MAAM,OACvC,yBACF,CAAA;AAEA,UAAA,MAAM,MAAA,GAAc;AAAA,YAClB,UAAU,GAAA,CAAI,QAAA;AAAA,YACd,MAAM,GAAA,CAAI,QAAA;AAAA,YACV,MAAM,GAAA,CAAI,IAAA;AAAA,YACV,EAAA,EAAI,sBAAA;AAAA,cACF,OAAA,CAAQ,MAAA;AAAA,cACR,OAAA,CAAQ;AAAA,eACP,QAAA;AAAS,WACd;AAEA,UAAA,MAAM,aACJ,GAAA,CAAI,OAAA,CAAQ,sBAAA,CAAuB,iBAAA,CAAkB,OAAO,CAAC,CAAA;AAC/D,UAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAClC,YAAA,GAAA,CAAI,QAAQ,aAAA,GAAgB,UAAA;AAAA,UAC9B,CAAA,MAAO;AAEL,YAAA,MAAM,UAAU,eAAA,CAAgB,kCAAA;AAAA,cAC9B,GAAA,CAAI;AAAA,aACN;AAEA,YAAA,MAAM,aAAa,MAAM,IAAA,CAAK,qBAAqB,GAAG,CAAA,CAAE,KAAK,CAAA,EAAA,KAAM;AACjE,cAAA,OAAO,IAAA,CAAK,YAAA,CAAa,aAAA,CAAc,EAAA,EAAI,OAAO,CAAA;AAAA,YACpD,CAAC,CAAA;AAED,YAAA,IAAI,UAAA,CAAW,SAAS,cAAA,EAAgB;AACtC,cAAA,GAAA,CAAI,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,UAAA,CAAW,KAAK,CAAA,CAAA;AAAA,YACxD,CAAA,MAAA,IAAW,UAAA,CAAW,IAAA,KAAS,yBAAA,EAA2B;AACxD,cAAA,MAAA,CAAO,MAAM,UAAA,CAAW,GAAA;AACxB,cAAA,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA;AAAA,YAC3B;AAAA,UACF;AAEA,UAAA,OAAO,MAAA;AAAA,QACT,CAAA;AAAA,QACA,OAAA,EAAS,CAAC,KAAA,EAAO,GAAA,EAAK,GAAA,KAAQ;AAC5B,UAAA,MAAM,eAAe,IAAIC,qBAAA;AAAA,YACvB,CAAA,SAAA,EAAY,gBAAgB,IAAI,CAAA,eAAA,CAAA;AAAA,YAChC;AAAA,WACF;AAEA,UAAA,MAAA,CAAO,KAAA,CAAM,0BAA0B,YAAY,CAAA;AAEnD,UAAA,MAAM,IAAA,GAA0B;AAAA,YAC9B,KAAA,EAAOC,sBAAe,YAAA,EAAc;AAAA,cAClC,YAAA,EAAc,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa;AAAA,aACxC,CAAA;AAAA,YACD,SAAS,EAAE,MAAA,EAAQ,IAAI,MAAA,EAAQ,GAAA,EAAK,IAAI,WAAA,EAAY;AAAA,YACpD,QAAA,EAAU,EAAE,UAAA,EAAY,GAAA;AAAI,WAC9B;AACA,UAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAAA,QAC3B;AAAA,OACD,CAAA;AACD,MAAA,IAAA,CAAK,wBAAA,CAAyB,GAAA,CAAI,eAAA,CAAgB,IAAA,EAAM,UAAU,CAAA;AAAA,IACpE;AACA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEA,MAAc,qBAAqB,GAAA,EAAuC;AACxE,IAAA,MAAM,EAAE,UAAA,EAAW,GAAI,MAAM,OAAO,yBAAyB,CAAA;AAE7D,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,yBAAA,CAA0B,aAAa,CAAA;AACvE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY;AAAA,MACtD,WAAA,EAAa,MAAM,IAAA,CAAK,QAAA,CAAS,YAAY,GAAG;AAAA,KACjD,CAAA;AAED,IAAA,IAAI,CAAC,QAAA,IAAY,QAAA,CAAS,MAAA,IAAU,CAAA,EAAG;AACrC,MAAA,MAAM,IAAIC,qBAAc,CAAA,sBAAA,CAAwB,CAAA;AAAA,IAClD;AAEA,IAAA,MAAM,oBAAA,GACJ,OAAO,WAAA,KAAgB,QAAA,IAAY,YAAY,MAAA,GAAS,CAAA;AAE1D,IAAA,IAAI,OAAA;AAEJ,IAAA,IAAI,oBAAA,EAAsB;AACxB,MAAA,OAAA,GAAU,QAAA,CAAS,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,WAAW,CAAA;AAAA,IACrD,CAAA,MAAA,IAAW,QAAA,CAAS,MAAA,KAAW,CAAA,EAAG;AAChC,MAAA,OAAA,GAAU,QAAA,CAAS,GAAG,CAAC,CAAA;AAAA,IACzB;AAEA,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAIA,oBAAA,CAAc,CAAA,SAAA,EAAY,WAAW,CAAA,WAAA,CAAa,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,YAAA,GACJ,OAAA,CAAQ,YAAA,CAAaC,0DAAmC,CAAA;AAE1D,IAAA,IACE,YAAA,KAAiB,oBACjBC,mBAAA,CAAG,cAAA,CAAeC,6CAAsB,CAAA,IACxC,CAAC,OAAA,CAAQ,YAAA,CAAa,mBAAA,EACtB;AACA,MAAA,MAAM,EAAA,GAAK,IAAI,UAAA,EAAW;AAC1B,MAAA,EAAA,CAAG,eAAA,EAAgB;AACnB,MAAA,MAAM,qBAAA,GAAwB,GAAG,iBAAA,EAAkB;AAEnD,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,qBAAA,CAAsB,MAAM,CAAA;AAChD,MAAA,OAAA,CAAQ,MAAM,qBAAA,CAAsB,MAAA;AACpC,MAAA,IAAI,GAAA,CAAI,aAAa,QAAA,EAAU;AAC7B,QAAA,OAAA,CAAQ,SAAS,qBAAA,CAAsB,MAAA;AAAA,MACzC;AAAA,IACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,OAAe,mCACb,eAAA,EACuB;AACvB,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,eAAe,CAAA,CAC/B,MAAA,CAAO,YAAU,MAAA,CAAO,UAAA,CAAW,oCAAoC,CAAC,CAAA,CACxE,GAAA;AAAA,MAAI,CAAA,MAAA,KACH,eAAA,CAAgB,kBAAA,CAAmB,MAAA,EAAQ,eAAe;AAAA,KAC5D,CACC,MAAA,CAAO,CAAA,WAAA,KAAe,MAAA,CAAO,KAAK,WAAW,CAAA,CAAE,MAAA,KAAW,CAAC,CAAA,CAC3D,MAAA,CAAO,eAAA,CAAgB,cAAA,EAAgB,EAAE,CAAA;AAAA,EAC9C;AAAA,EAEA,OAAe,kBAAA,CACb,MAAA,EACA,eAAA,EACuB;AACvB,IAAA,MAAM,MAA6B,EAAC;AACpC,IAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,IAAI,cAAA,CAAe,UAAU,CAAA,EAAG;AAC9B,MAAA,MAAM,SAAA,GAAY,cAAA,CAAe,CAAC,CAAA,CAAE,WAAA,EAAY;AAChD,MAAA,IAAI,cAAA,CAAe,UAAU,CAAA,EAAG;AAC9B,QAAA,MAAM,QAAA,GAAW,eAAe,KAAA,CAAM,CAAC,EAAE,IAAA,CAAK,GAAG,EAAE,WAAA,EAAY;AAC/D,QAAA,GAAA,CAAI,SAAS,IAAI,EAAE,CAAC,QAAQ,GAAG,eAAA,CAAgB,MAAM,CAAA,EAAE;AAAA,MACzD,CAAA,MAAO;AACL,QAAA,GAAA,CAAI,SAAS,CAAA,GAAI,eAAA,CAAgB,MAAM,CAAA;AAAA,MACzC;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA,EAEA,OAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AACvB,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,MAAM,EAAE,CAAC,CAAA;AAEvC,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,OAAA,CAAQ,SAAS,CAAA,GAAI;AAAA,QACnB,GAAG,QAAQ,SAAS,CAAA;AAAA,QACpB,GAAG,OAAO,SAAS;AAAA,OACrB;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,SAAS,CAAA,GAAI,MAAA,CAAO,SAAS,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AACF;;;;;;"}
+{"version":3,"file":"KubernetesProxy.cjs.js","sources":["../../src/service/KubernetesProxy.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n  ErrorResponseBody,\n  ForwardedError,\n  NotAllowedError,\n  NotFoundError,\n  serializeError,\n} from '@backstage/errors';\nimport {\n  ANNOTATION_KUBERNETES_AUTH_PROVIDER,\n  SERVICEACCOUNT_CA_PATH,\n  kubernetesProxyPermission,\n  KubernetesRequestAuth,\n} from '@backstage/plugin-kubernetes-common';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport type { Cluster } from '@kubernetes/client-node';\nimport { createProxyMiddleware, RequestHandler } from 'http-proxy-middleware';\nimport fs from 'fs-extra';\n\nimport {\n  AuthenticationStrategy,\n  ClusterDetails,\n  KubernetesClustersSupplier,\n} from '@backstage/plugin-kubernetes-node';\n\nimport type { Request } from 'express';\nimport { IncomingHttpHeaders } from 'node:http';\nimport {\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n  PermissionsService,\n} from '@backstage/backend-plugin-api';\n\n/**\n * The header that is used to specify the cluster name.\n *\n * @public\n */\nexport const HEADER_KUBERNETES_CLUSTER: string = 'Backstage-Kubernetes-Cluster';\n\n/**\n * The header that is used to specify the Authentication Authorities token.\n * e.x if using the google auth provider as your authentication authority then this field would be the google provided bearer token.\n * @public\n */\nexport const HEADER_KUBERNETES_AUTH: string =\n  'Backstage-Kubernetes-Authorization';\n\n/**\n * The options object expected to be passed as a parameter to KubernetesProxy.createRequestHandler().\n *\n * @public\n */\nexport type KubernetesProxyCreateRequestHandlerOptions = {\n  permissionApi: PermissionsService;\n};\n\n/**\n * Options accepted as a parameter by the KubernetesProxy\n *\n * @public\n */\nexport type KubernetesProxyOptions = {\n  logger: LoggerService;\n  clusterSupplier: KubernetesClustersSupplier;\n  authStrategy: AuthenticationStrategy;\n  discovery: DiscoveryService;\n  httpAuth: HttpAuthService;\n};\n\n/**\n * A proxy that routes requests to the Kubernetes API.\n *\n * @public\n */\nexport class KubernetesProxy {\n  private readonly middlewareForClusterName = new Map<string, RequestHandler>();\n  private readonly logger: LoggerService;\n  private readonly clusterSupplier: KubernetesClustersSupplier;\n  private readonly authStrategy: AuthenticationStrategy;\n  private readonly httpAuth: HttpAuthService;\n\n  constructor(options: KubernetesProxyOptions) {\n    this.logger = options.logger;\n    this.clusterSupplier = options.clusterSupplier;\n    this.authStrategy = options.authStrategy;\n    this.httpAuth = options.httpAuth;\n  }\n\n  public createRequestHandler(\n    options: KubernetesProxyCreateRequestHandlerOptions,\n  ): RequestHandler {\n    const { permissionApi } = options;\n    return async (req, res, next) => {\n      const authorizeResponse = await permissionApi.authorize(\n        [{ permission: kubernetesProxyPermission }],\n        {\n          credentials: await this.httpAuth.credentials(req),\n        },\n      );\n      const auth = authorizeResponse[0];\n\n      if (auth.result === AuthorizeResult.DENY) {\n        res.status(403).json({ error: new NotAllowedError('Unauthorized') });\n        return;\n      }\n\n      const middleware = await this.getMiddleware(req);\n\n      // If req is an upgrade handshake, use middleware upgrade instead of http request handler https://github.com/chimurai/http-proxy-middleware#external-websocket-upgrade\n      if (\n        req.header('connection')?.toLowerCase() === 'upgrade' &&\n        req.header('upgrade')?.toLowerCase() === 'websocket'\n      ) {\n        // Missing the `head`, since it's optional we pass undefined to avoid type issues\n        middleware.upgrade!(req, req.socket, undefined);\n      } else {\n        middleware(req, res, next);\n      }\n    };\n  }\n\n  // We create one middleware per remote cluster and hold on to them, because\n  // the secure property isn't possible to decide on a per-request basis with a\n  // single middleware instance - and we don't expect it to change over time.\n  private async getMiddleware(originalReq: Request): Promise<RequestHandler> {\n    const originalCluster = await this.getClusterForRequest(originalReq);\n    let middleware = this.middlewareForClusterName.get(originalCluster.name);\n    if (!middleware) {\n      const logger = this.logger.child({ cluster: originalCluster.name });\n      middleware = createProxyMiddleware({\n        logProvider: () => ({\n          log: logger.info.bind(logger),\n          debug: logger.debug.bind(logger),\n          info: logger.info.bind(logger),\n          warn: logger.warn.bind(logger),\n          error: logger.error.bind(logger),\n        }),\n        ws: true,\n        secure: !originalCluster.skipTLSVerify,\n        changeOrigin: true,\n        pathRewrite: async (path, req) => {\n          // Re-evaluate the cluster on each request, in case it has changed\n          const cluster = await this.getClusterForRequest(req);\n          const url = new URL(cluster.url);\n          return path.replace(\n            new RegExp(`^${originalReq.baseUrl}`),\n            url.pathname || '',\n          );\n        },\n        router: async req => {\n          // Re-evaluate the cluster on each request, in case it has changed\n          const cluster = await this.getClusterForRequest(req);\n          const url = new URL(cluster.url);\n\n          const { bufferFromFileOrString } = await import(\n            '@kubernetes/client-node'\n          );\n\n          const target: any = {\n            protocol: url.protocol,\n            host: url.hostname,\n            port: url.port,\n            ca: bufferFromFileOrString(\n              cluster.caFile,\n              cluster.caData,\n            )?.toString(),\n          };\n\n          const authHeader =\n            req.headers[HEADER_KUBERNETES_AUTH.toLocaleLowerCase('en-US')];\n          if (typeof authHeader === 'string') {\n            req.headers.authorization = authHeader;\n          } else {\n            // Map Backstage-Kubernetes-Authorization-X-X headers to a KubernetesRequestAuth object\n            const authObj = KubernetesProxy.authHeadersToKubernetesRequestAuth(\n              req.headers,\n            );\n\n            const credential = await this.getClusterForRequest(req).then(cd => {\n              return this.authStrategy.getCredential(cd, authObj);\n            });\n\n            if (credential.type === 'bearer token') {\n              req.headers.authorization = `Bearer ${credential.token}`;\n            } else if (credential.type === 'x509 client certificate') {\n              target.key = credential.key;\n              target.cert = credential.cert;\n            }\n          }\n\n          return target;\n        },\n        onError: (error, req, res) => {\n          const wrappedError = new ForwardedError(\n            `Cluster '${originalCluster.name}' request error`,\n            error,\n          );\n\n          logger.error('Kubernetes proxy error', wrappedError);\n\n          const body: ErrorResponseBody = {\n            error: serializeError(wrappedError, {\n              includeStack: process.env.NODE_ENV === 'development',\n            }),\n            request: { method: req.method, url: req.originalUrl },\n            response: { statusCode: 500 },\n          };\n          res.status(500).json(body);\n        },\n      });\n      this.middlewareForClusterName.set(originalCluster.name, middleware);\n    }\n    return middleware;\n  }\n\n  private async getClusterForRequest(req: Request): Promise<ClusterDetails> {\n    const { KubeConfig } = await import('@kubernetes/client-node');\n\n    const clusterName = req.headers[HEADER_KUBERNETES_CLUSTER.toLowerCase()];\n    const clusters = await this.clusterSupplier.getClusters({\n      credentials: await this.httpAuth.credentials(req),\n    });\n\n    if (!clusters || clusters.length <= 0) {\n      throw new NotFoundError(`No Clusters configured`);\n    }\n\n    const hasClusterNameHeader =\n      typeof clusterName === 'string' && clusterName.length > 0;\n\n    let cluster: ClusterDetails | undefined;\n\n    if (hasClusterNameHeader) {\n      cluster = clusters.find(c => c.name === clusterName);\n    } else if (clusters.length === 1) {\n      cluster = clusters.at(0);\n    }\n\n    if (!cluster) {\n      throw new NotFoundError(`Cluster '${clusterName}' not found`);\n    }\n\n    const authProvider =\n      cluster.authMetadata[ANNOTATION_KUBERNETES_AUTH_PROVIDER];\n\n    if (\n      authProvider === 'serviceAccount' &&\n      fs.pathExistsSync(SERVICEACCOUNT_CA_PATH) &&\n      !cluster.authMetadata.serviceAccountToken\n    ) {\n      const kc = new KubeConfig();\n      kc.loadFromCluster();\n      const clusterFromKubeConfig = kc.getCurrentCluster() as Cluster;\n\n      const url = new URL(clusterFromKubeConfig.server);\n      cluster.url = clusterFromKubeConfig.server;\n      if (url.protocol === 'https:') {\n        cluster.caFile = clusterFromKubeConfig.caFile;\n      }\n    }\n\n    return cluster;\n  }\n\n  private static authHeadersToKubernetesRequestAuth(\n    originalHeaders: IncomingHttpHeaders,\n  ): KubernetesRequestAuth {\n    return Object.keys(originalHeaders)\n      .filter(header => header.startsWith('backstage-kubernetes-authorization'))\n      .map(header =>\n        KubernetesProxy.headerToDictionary(header, originalHeaders),\n      )\n      .filter(headerAsDic => Object.keys(headerAsDic).length !== 0)\n      .reduce(KubernetesProxy.combineHeaders, {});\n  }\n\n  private static headerToDictionary(\n    header: string,\n    originalHeaders: IncomingHttpHeaders,\n  ): KubernetesRequestAuth {\n    const obj: KubernetesRequestAuth = {};\n    const headerSplit = header.split('-');\n    if (headerSplit.length >= 4) {\n      const framework = headerSplit[3].toLowerCase();\n      if (headerSplit.length >= 5) {\n        const provider = headerSplit.slice(4).join('-').toLowerCase();\n        obj[framework] = { [provider]: originalHeaders[header] };\n      } else {\n        obj[framework] = originalHeaders[header];\n      }\n    }\n    return obj;\n  }\n\n  private static combineHeaders(\n    authObj: any,\n    header: any,\n  ): KubernetesRequestAuth {\n    const framework = Object.keys(header)[0];\n\n    if (authObj[framework]) {\n      authObj[framework] = {\n        ...authObj[framework],\n        ...header[framework],\n      };\n    } else {\n      authObj[framework] = header[framework];\n    }\n\n    return authObj;\n  }\n}\n"],"names":["kubernetesProxyPermission","AuthorizeResult","NotAllowedError","createProxyMiddleware","ForwardedError","serializeError","NotFoundError","ANNOTATION_KUBERNETES_AUTH_PROVIDER","fs","SERVICEACCOUNT_CA_PATH"],"mappings":";;;;;;;;;;;;AAqDO,MAAM,yBAAA,GAAoC;AAO1C,MAAM,sBAAA,GACX;AA6BK,MAAM,eAAA,CAAgB;AAAA,EACV,wBAAA,uBAA+B,GAAA,EAA4B;AAAA,EAC3D,MAAA;AAAA,EACA,eAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EAEjB,YAAY,OAAA,EAAiC;AAC3C,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,MAAA;AACtB,IAAA,IAAA,CAAK,kBAAkB,OAAA,CAAQ,eAAA;AAC/B,IAAA,IAAA,CAAK,eAAe,OAAA,CAAQ,YAAA;AAC5B,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAAA,EAC1B;AAAA,EAEO,qBACL,OAAA,EACgB;AAChB,IAAA,MAAM,EAAE,eAAc,GAAI,OAAA;AAC1B,IAAA,OAAO,OAAO,GAAA,EAAK,GAAA,EAAK,IAAA,KAAS;AAC/B,MAAA,MAAM,iBAAA,GAAoB,MAAM,aAAA,CAAc,SAAA;AAAA,QAC5C,CAAC,EAAE,UAAA,EAAYA,gDAAA,EAA2B,CAAA;AAAA,QAC1C;AAAA,UACE,WAAA,EAAa,MAAM,IAAA,CAAK,QAAA,CAAS,YAAY,GAAG;AAAA;AAClD,OACF;AACA,MAAA,MAAM,IAAA,GAAO,kBAAkB,CAAC,CAAA;AAEhC,MAAA,IAAI,IAAA,CAAK,MAAA,KAAWC,sCAAA,CAAgB,IAAA,EAAM;AACxC,QAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK,EAAE,OAAO,IAAIC,sBAAA,CAAgB,cAAc,CAAA,EAAG,CAAA;AACnE,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AAG/C,MAAA,IACE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA,EAAG,WAAA,EAAY,KAAM,SAAA,IAC5C,GAAA,CAAI,MAAA,CAAO,SAAS,CAAA,EAAG,WAAA,OAAkB,WAAA,EACzC;AAEA,QAAA,UAAA,CAAW,OAAA,CAAS,GAAA,EAAK,GAAA,CAAI,MAAA,EAAQ,MAAS,CAAA;AAAA,MAChD,CAAA,MAAO;AACL,QAAA,UAAA,CAAW,GAAA,EAAK,KAAK,IAAI,CAAA;AAAA,MAC3B;AAAA,IACF,CAAA;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,cAAc,WAAA,EAA+C;AACzE,IAAA,MAAM,eAAA,GAAkB,MAAM,IAAA,CAAK,oBAAA,CAAqB,WAAW,CAAA;AACnE,IAAA,IAAI,UAAA,GAAa,IAAA,CAAK,wBAAA,CAAyB,GAAA,CAAI,gBAAgB,IAAI,CAAA;AACvE,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,MAAA,GAAS,KAAK,MAAA,CAAO,KAAA,CAAM,EAAE,OAAA,EAAS,eAAA,CAAgB,MAAM,CAAA;AAClE,MAAA,UAAA,GAAaC,yCAAA,CAAsB;AAAA,QACjC,aAAa,OAAO;AAAA,UAClB,GAAA,EAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC5B,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA;AAAA,UAC/B,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC7B,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA;AAAA,UAC7B,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,MAAM;AAAA,SACjC,CAAA;AAAA,QACA,EAAA,EAAI,IAAA;AAAA,QACJ,MAAA,EAAQ,CAAC,eAAA,CAAgB,aAAA;AAAA,QACzB,YAAA,EAAc,IAAA;AAAA,QACd,WAAA,EAAa,OAAO,IAAA,EAAM,GAAA,KAAQ;AAEhC,UAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,oBAAA,CAAqB,GAAG,CAAA;AACnD,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,UAAA,OAAO,IAAA,CAAK,OAAA;AAAA,YACV,IAAI,MAAA,CAAO,CAAA,CAAA,EAAI,WAAA,CAAY,OAAO,CAAA,CAAE,CAAA;AAAA,YACpC,IAAI,QAAA,IAAY;AAAA,WAClB;AAAA,QACF,CAAA;AAAA,QACA,MAAA,EAAQ,OAAM,GAAA,KAAO;AAEnB,UAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,oBAAA,CAAqB,GAAG,CAAA;AACnD,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAE/B,UAAA,MAAM,EAAE,sBAAA,EAAuB,GAAI,MAAM,OACvC,yBACF,CAAA;AAEA,UAAA,MAAM,MAAA,GAAc;AAAA,YAClB,UAAU,GAAA,CAAI,QAAA;AAAA,YACd,MAAM,GAAA,CAAI,QAAA;AAAA,YACV,MAAM,GAAA,CAAI,IAAA;AAAA,YACV,EAAA,EAAI,sBAAA;AAAA,cACF,OAAA,CAAQ,MAAA;AAAA,cACR,OAAA,CAAQ;AAAA,eACP,QAAA;AAAS,WACd;AAEA,UAAA,MAAM,aACJ,GAAA,CAAI,OAAA,CAAQ,sBAAA,CAAuB,iBAAA,CAAkB,OAAO,CAAC,CAAA;AAC/D,UAAA,IAAI,OAAO,eAAe,QAAA,EAAU;AAClC,YAAA,GAAA,CAAI,QAAQ,aAAA,GAAgB,UAAA;AAAA,UAC9B,CAAA,MAAO;AAEL,YAAA,MAAM,UAAU,eAAA,CAAgB,kCAAA;AAAA,cAC9B,GAAA,CAAI;AAAA,aACN;AAEA,YAAA,MAAM,aAAa,MAAM,IAAA,CAAK,qBAAqB,GAAG,CAAA,CAAE,KAAK,CAAA,EAAA,KAAM;AACjE,cAAA,OAAO,IAAA,CAAK,YAAA,CAAa,aAAA,CAAc,EAAA,EAAI,OAAO,CAAA;AAAA,YACpD,CAAC,CAAA;AAED,YAAA,IAAI,UAAA,CAAW,SAAS,cAAA,EAAgB;AACtC,cAAA,GAAA,CAAI,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,UAAA,CAAW,KAAK,CAAA,CAAA;AAAA,YACxD,CAAA,MAAA,IAAW,UAAA,CAAW,IAAA,KAAS,yBAAA,EAA2B;AACxD,cAAA,MAAA,CAAO,MAAM,UAAA,CAAW,GAAA;AACxB,cAAA,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA;AAAA,YAC3B;AAAA,UACF;AAEA,UAAA,OAAO,MAAA;AAAA,QACT,CAAA;AAAA,QACA,OAAA,EAAS,CAAC,KAAA,EAAO,GAAA,EAAK,GAAA,KAAQ;AAC5B,UAAA,MAAM,eAAe,IAAIC,qBAAA;AAAA,YACvB,CAAA,SAAA,EAAY,gBAAgB,IAAI,CAAA,eAAA,CAAA;AAAA,YAChC;AAAA,WACF;AAEA,UAAA,MAAA,CAAO,KAAA,CAAM,0BAA0B,YAAY,CAAA;AAEnD,UAAA,MAAM,IAAA,GAA0B;AAAA,YAC9B,KAAA,EAAOC,sBAAe,YAAA,EAAc;AAAA,cAClC,YAAA,EAAc,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa;AAAA,aACxC,CAAA;AAAA,YACD,SAAS,EAAE,MAAA,EAAQ,IAAI,MAAA,EAAQ,GAAA,EAAK,IAAI,WAAA,EAAY;AAAA,YACpD,QAAA,EAAU,EAAE,UAAA,EAAY,GAAA;AAAI,WAC9B;AACA,UAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAAA,QAC3B;AAAA,OACD,CAAA;AACD,MAAA,IAAA,CAAK,wBAAA,CAAyB,GAAA,CAAI,eAAA,CAAgB,IAAA,EAAM,UAAU,CAAA;AAAA,IACpE;AACA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEA,MAAc,qBAAqB,GAAA,EAAuC;AACxE,IAAA,MAAM,EAAE,UAAA,EAAW,GAAI,MAAM,OAAO,yBAAyB,CAAA;AAE7D,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,yBAAA,CAA0B,aAAa,CAAA;AACvE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY;AAAA,MACtD,WAAA,EAAa,MAAM,IAAA,CAAK,QAAA,CAAS,YAAY,GAAG;AAAA,KACjD,CAAA;AAED,IAAA,IAAI,CAAC,QAAA,IAAY,QAAA,CAAS,MAAA,IAAU,CAAA,EAAG;AACrC,MAAA,MAAM,IAAIC,qBAAc,CAAA,sBAAA,CAAwB,CAAA;AAAA,IAClD;AAEA,IAAA,MAAM,oBAAA,GACJ,OAAO,WAAA,KAAgB,QAAA,IAAY,YAAY,MAAA,GAAS,CAAA;AAE1D,IAAA,IAAI,OAAA;AAEJ,IAAA,IAAI,oBAAA,EAAsB;AACxB,MAAA,OAAA,GAAU,QAAA,CAAS,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,WAAW,CAAA;AAAA,IACrD,CAAA,MAAA,IAAW,QAAA,CAAS,MAAA,KAAW,CAAA,EAAG;AAChC,MAAA,OAAA,GAAU,QAAA,CAAS,GAAG,CAAC,CAAA;AAAA,IACzB;AAEA,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAIA,oBAAA,CAAc,CAAA,SAAA,EAAY,WAAW,CAAA,WAAA,CAAa,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,YAAA,GACJ,OAAA,CAAQ,YAAA,CAAaC,0DAAmC,CAAA;AAE1D,IAAA,IACE,YAAA,KAAiB,oBACjBC,mBAAA,CAAG,cAAA,CAAeC,6CAAsB,CAAA,IACxC,CAAC,OAAA,CAAQ,YAAA,CAAa,mBAAA,EACtB;AACA,MAAA,MAAM,EAAA,GAAK,IAAI,UAAA,EAAW;AAC1B,MAAA,EAAA,CAAG,eAAA,EAAgB;AACnB,MAAA,MAAM,qBAAA,GAAwB,GAAG,iBAAA,EAAkB;AAEnD,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,qBAAA,CAAsB,MAAM,CAAA;AAChD,MAAA,OAAA,CAAQ,MAAM,qBAAA,CAAsB,MAAA;AACpC,MAAA,IAAI,GAAA,CAAI,aAAa,QAAA,EAAU;AAC7B,QAAA,OAAA,CAAQ,SAAS,qBAAA,CAAsB,MAAA;AAAA,MACzC;AAAA,IACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,OAAe,mCACb,eAAA,EACuB;AACvB,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,eAAe,CAAA,CAC/B,MAAA,CAAO,YAAU,MAAA,CAAO,UAAA,CAAW,oCAAoC,CAAC,CAAA,CACxE,GAAA;AAAA,MAAI,CAAA,MAAA,KACH,eAAA,CAAgB,kBAAA,CAAmB,MAAA,EAAQ,eAAe;AAAA,KAC5D,CACC,MAAA,CAAO,CAAA,WAAA,KAAe,MAAA,CAAO,KAAK,WAAW,CAAA,CAAE,MAAA,KAAW,CAAC,CAAA,CAC3D,MAAA,CAAO,eAAA,CAAgB,cAAA,EAAgB,EAAE,CAAA;AAAA,EAC9C;AAAA,EAEA,OAAe,kBAAA,CACb,MAAA,EACA,eAAA,EACuB;AACvB,IAAA,MAAM,MAA6B,EAAC;AACpC,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,MAAA,MAAM,SAAA,GAAY,WAAA,CAAY,CAAC,CAAA,CAAE,WAAA,EAAY;AAC7C,MAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,QAAA,MAAM,QAAA,GAAW,YAAY,KAAA,CAAM,CAAC,EAAE,IAAA,CAAK,GAAG,EAAE,WAAA,EAAY;AAC5D,QAAA,GAAA,CAAI,SAAS,IAAI,EAAE,CAAC,QAAQ,GAAG,eAAA,CAAgB,MAAM,CAAA,EAAE;AAAA,MACzD,CAAA,MAAO;AACL,QAAA,GAAA,CAAI,SAAS,CAAA,GAAI,eAAA,CAAgB,MAAM,CAAA;AAAA,MACzC;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA,EAEA,OAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AACvB,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,MAAM,EAAE,CAAC,CAAA;AAEvC,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,OAAA,CAAQ,SAAS,CAAA,GAAI;AAAA,QACnB,GAAG,QAAQ,SAAS,CAAA;AAAA,QACpB,GAAG,OAAO,SAAS;AAAA,OACrB;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,SAAS,CAAA,GAAI,MAAA,CAAO,SAAS,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AACF;;;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-kubernetes-backend",
-  "version": "0.21.4-next.0",
+  "version": "0.21.4-next.1",
   "description": "A Backstage backend plugin that integrates towards Kubernetes",
   "backstage": {
     "role": "backend-plugin",
@@ -49,16 +49,16 @@
     "@aws-crypto/sha256-js": "^5.0.0",
     "@aws-sdk/credential-providers": "^3.350.0",
     "@azure/identity": "^4.0.0",
-    "@backstage/backend-plugin-api": "1.9.1-next.0",
+    "@backstage/backend-plugin-api": "1.9.1-next.1",
     "@backstage/catalog-client": "1.15.1-next.0",
-    "@backstage/catalog-model": "1.8.1-next.0",
+    "@backstage/catalog-model": "1.8.1-next.1",
     "@backstage/config": "1.3.8-next.0",
     "@backstage/errors": "1.3.1-next.0",
-    "@backstage/integration-aws-node": "0.1.22-next.0",
-    "@backstage/plugin-catalog-node": "2.2.1-next.0",
-    "@backstage/plugin-kubernetes-common": "0.9.12-next.0",
-    "@backstage/plugin-kubernetes-node": "0.4.4-next.0",
-    "@backstage/plugin-permission-common": "0.9.9-next.0",
+    "@backstage/integration-aws-node": "0.2.0-next.1",
+    "@backstage/plugin-catalog-node": "2.2.1-next.1",
+    "@backstage/plugin-kubernetes-common": "0.9.12-next.1",
+    "@backstage/plugin-kubernetes-node": "0.4.4-next.1",
+    "@backstage/plugin-permission-common": "0.9.9-next.1",
     "@backstage/plugin-permission-node": "0.10.13-next.0",
     "@backstage/types": "1.2.2",
     "@google-cloud/container": "^5.0.0",
@@ -75,9 +75,9 @@
     "node-fetch": "^2.7.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "0.17.1-next.0",
-    "@backstage/backend-test-utils": "1.11.3-next.0",
-    "@backstage/cli": "0.36.2-next.0",
+    "@backstage/backend-defaults": "0.17.1-next.2",
+    "@backstage/backend-test-utils": "1.11.3-next.2",
+    "@backstage/cli": "0.36.2-next.1",
     "@backstage/plugin-permission-backend": "0.7.12-next.0",
     "@backstage/plugin-permission-backend-module-allow-all-policy": "0.2.19-next.0",
     "@types/express": "^4.17.6",