@backstage/plugin-kubernetes 0.6.5-next.2 → 0.6.5-next.3

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @backstage/plugin-kubernetes
 
+## 0.6.5-next.3
+
+### Patch Changes
+
+- 447e060872: Add support for 'oidc' as authProvider for kubernetes authentication
+  and adds optional 'oidcTokenProvider' config value. This will allow
+  users to authenticate to kubernetes cluster using id tokens obtained
+  from the configured auth provider in their backstage instance.
+- Updated dependencies
+  - @backstage/plugin-kubernetes-common@0.2.10-next.1
+  - @backstage/core-components@0.9.4-next.2
+
 ## 0.6.5-next.2
 
 ### Patch Changes

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="react" />
 import * as _backstage_core_plugin_api from '@backstage/core-plugin-api';
-import { DiscoveryApi, IdentityApi, OAuthApi } from '@backstage/core-plugin-api';
+import { DiscoveryApi, IdentityApi, OAuthApi, OpenIdConnectApi } from '@backstage/core-plugin-api';
 import { Entity } from '@backstage/catalog-model';
 import { KubernetesRequestBody, ObjectsByEntityResponse, ClusterObjects, ClientPodStatus, ClusterAttributes } from '@backstage/plugin-kubernetes-common';
 import { JsonObject } from '@backstage/types';
@@ -22,6 +22,7 @@ interface KubernetesApi {
     getClusters(): Promise<{
         name: string;
         authProvider: string;
+        oidcTokenProvider?: string | undefined;
     }[]>;
 }
 
@@ -53,6 +54,9 @@ declare class KubernetesAuthProviders implements KubernetesAuthProvidersApi {
     private readonly kubernetesAuthProviderMap;
     constructor(options: {
         googleAuthApi: OAuthApi;
+        oidcProviders?: {
+            [key: string]: OpenIdConnectApi;
+        };
     });
     decorateRequestBodyForAuth(authProvider: string, requestBody: KubernetesRequestBody): Promise<KubernetesRequestBody>;
 }

package/dist/index.esm.js

@@ -1,4 +1,4 @@
-import { createApiRef, createRouteRef, createPlugin, createApiFactory, discoveryApiRef, identityApiRef, googleAuthApiRef, createRoutableExtension, useApi } from '@backstage/core-plugin-api';
+import { createApiRef, createRouteRef, createPlugin, createApiFactory, discoveryApiRef, identityApiRef, googleAuthApiRef, microsoftAuthApiRef, oktaAuthApiRef, oneloginAuthApiRef, createRoutableExtension, useApi } from '@backstage/core-plugin-api';
 import * as React from 'react';
 import React__default, { Fragment, useState, useEffect, useContext } from 'react';
 import { useEntity } from '@backstage/plugin-catalog-react';
@@ -114,6 +114,24 @@ class AzureKubernetesAuthProvider {
   }
 }
 
+class OidcKubernetesAuthProvider {
+  constructor(providerName, authProvider) {
+    this.providerName = providerName;
+    this.authProvider = authProvider;
+  }
+  async decorateRequestBodyForAuth(requestBody) {
+    const authToken = await this.authProvider.getIdToken();
+    const auth = { ...requestBody.auth };
+    if (auth.oidc) {
+      auth.oidc[this.providerName] = authToken;
+    } else {
+      auth.oidc = { [this.providerName]: authToken };
+    }
+    requestBody.auth = auth;
+    return requestBody;
+  }
+}
+
 class KubernetesAuthProviders {
   constructor(options) {
     this.kubernetesAuthProviderMap = /* @__PURE__ */ new Map();
@@ -122,12 +140,20 @@ class KubernetesAuthProviders {
     this.kubernetesAuthProviderMap.set("googleServiceAccount", new GoogleServiceAccountAuthProvider());
     this.kubernetesAuthProviderMap.set("aws", new AwsKubernetesAuthProvider());
     this.kubernetesAuthProviderMap.set("azure", new AzureKubernetesAuthProvider());
+    if (options.oidcProviders) {
+      Object.keys(options.oidcProviders).forEach((provider) => {
+        this.kubernetesAuthProviderMap.set(`oidc.${provider}`, new OidcKubernetesAuthProvider(provider, options.oidcProviders[provider]));
+      });
+    }
   }
   async decorateRequestBodyForAuth(authProvider, requestBody) {
     const kubernetesAuthProvider = this.kubernetesAuthProviderMap.get(authProvider);
     if (kubernetesAuthProvider) {
       return await kubernetesAuthProvider.decorateRequestBodyForAuth(requestBody);
     }
+    if (authProvider.startsWith("oidc.")) {
+      throw new Error(`KubernetesAuthProviders has no oidcProvider configured for ${authProvider}`);
+    }
     throw new Error(`authProvider "${authProvider}" has no KubernetesAuthProvider defined for it`);
   }
 }
@@ -148,9 +174,25 @@ const kubernetesPlugin = createPlugin({
     }),
     createApiFactory({
       api: kubernetesAuthProvidersApiRef,
-      deps: { googleAuthApi: googleAuthApiRef },
-      factory: ({ googleAuthApi }) => {
-        return new KubernetesAuthProviders({ googleAuthApi });
+      deps: {
+        googleAuthApi: googleAuthApiRef,
+        microsoftAuthApi: microsoftAuthApiRef,
+        oktaAuthApi: oktaAuthApiRef,
+        oneloginAuthApi: oneloginAuthApiRef
+      },
+      factory: ({
+        googleAuthApi,
+        microsoftAuthApi,
+        oktaAuthApi,
+        oneloginAuthApi
+      }) => {
+        const oidcProviders = {
+          google: googleAuthApi,
+          microsoft: microsoftAuthApi,
+          okta: oktaAuthApi,
+          onelogin: oneloginAuthApi
+        };
+        return new KubernetesAuthProviders({ googleAuthApi, oidcProviders });
       }
     })
   ],
@@ -589,7 +631,7 @@ const useKubernetesObjects = (entity, intervalMs = 1e4) => {
       return;
     }
     const authProviders = [
-      ...new Set(clusters.map((c) => c.authProvider))
+      ...new Set(clusters.map((c) => `${c.authProvider}${c.oidcTokenProvider ? `.${c.oidcTokenProvider}` : ""}`))
     ];
     let requestBody = {
       entity