@backstage/plugin-permission-backend 0.1.0 → 0.2.0

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @backstage/plugin-permission-backend
 
+## 0.2.0
+
+### Minor Changes
+
+- 450ca92330: Change route used for integration between the authorization framework and other plugin backends to use the /.well-known prefix.
+
+### Patch Changes
+
+- e7851efa9e: Rename and adjust permission policy return type to reduce nesting
+- Updated dependencies
+  - @backstage/plugin-auth-backend@0.4.10
+  - @backstage/plugin-permission-node@0.2.0
+  - @backstage/backend-common@0.9.12
+
 ## 0.1.0
 
 ### Minor Changes

package/dist/index.cjs.js

@@ -29,7 +29,7 @@ class PermissionIntegrationClient {
     resourceType,
     conditions
   }, authHeader) {
-    const endpoint = `${await this.discovery.getBaseUrl(pluginId)}/permissions/apply-conditions`;
+    const endpoint = `${await this.discovery.getBaseUrl(pluginId)}/.well-known/backstage/permissions/apply-conditions`;
     const request = {
       resourceRef,
       resourceType,
@@ -69,7 +69,7 @@ const requestSchema = zod.z.array(zod.z.object({
 const handleRequest = async ({id, resourceRef, ...request}, user, policy, permissionIntegrationClient, authHeader) => {
   const response = await policy.handle(request, user);
   if (response.result === pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
-    if (request.permission.resourceType !== response.conditions.resourceType) {
+    if (request.permission.resourceType !== response.resourceType) {
       throw new Error(`Invalid resource conditions returned from permission policy for permission ${request.permission.name}`);
     }
     if (resourceRef) {
@@ -77,14 +77,16 @@ const handleRequest = async ({id, resourceRef, ...request}, user, policy, permis
         id,
         ...await permissionIntegrationClient.applyConditions({
           resourceRef,
-          ...response.conditions
+          pluginId: response.pluginId,
+          resourceType: response.resourceType,
+          conditions: response.conditions
         }, authHeader)
       };
     }
     return {
       id,
       result: pluginPermissionCommon.AuthorizeResult.CONDITIONAL,
-      conditions: response.conditions.conditions
+      conditions: response.conditions
     };
   }
   return {id, ...response};

package/dist/index.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n  AuthorizeResult,\n  PermissionCondition,\n  PermissionCriteria,\n} from '@backstage/plugin-permission-common';\nimport {\n  ApplyConditionsRequest,\n  ApplyConditionsResponse,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n  result: z.literal(AuthorizeResult.ALLOW).or(z.literal(AuthorizeResult.DENY)),\n});\n\nexport class PermissionIntegrationClient {\n  private readonly discovery: PluginEndpointDiscovery;\n\n  constructor(options: { discovery: PluginEndpointDiscovery }) {\n    this.discovery = options.discovery;\n  }\n\n  async applyConditions(\n    {\n      pluginId,\n      resourceRef,\n      resourceType,\n      conditions,\n    }: {\n      resourceRef: string;\n      pluginId: string;\n      resourceType: string;\n      conditions: PermissionCriteria<PermissionCondition>;\n    },\n    authHeader?: string,\n  ): Promise<ApplyConditionsResponse> {\n    const endpoint = `${await this.discovery.getBaseUrl(\n      pluginId,\n    )}/permissions/apply-conditions`;\n\n    const request: ApplyConditionsRequest = {\n      resourceRef,\n      resourceType,\n      conditions,\n    };\n\n    const response = await fetch(endpoint, {\n      method: 'POST',\n      body: JSON.stringify(request),\n      headers: {\n        ...(authHeader ? { authorization: authHeader } : {}),\n        'content-type': 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      throw new Error(\n        `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n      );\n    }\n\n    return responseSchema.parse(await response.json());\n  }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n  errorHandler,\n  PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport {\n  BackstageIdentity,\n  IdentityClient,\n} from '@backstage/plugin-auth-backend';\nimport {\n  AuthorizeResult,\n  AuthorizeResponse,\n  AuthorizeRequest,\n  Identified,\n} from '@backstage/plugin-permission-common';\nimport { PermissionPolicy } from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\n\nconst requestSchema: z.ZodSchema<Identified<AuthorizeRequest>[]> = z.array(\n  z.object({\n    id: z.string(),\n    resourceRef: z.string().optional(),\n    permission: z.object({\n      name: z.string(),\n      resourceType: z.string().optional(),\n      attributes: z.object({\n        action: z\n          .union([\n            z.literal('create'),\n            z.literal('read'),\n            z.literal('update'),\n            z.literal('delete'),\n          ])\n          .optional(),\n      }),\n    }),\n  }),\n);\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n  logger: Logger;\n  discovery: PluginEndpointDiscovery;\n  policy: PermissionPolicy;\n  identity: IdentityClient;\n}\n\nconst handleRequest = async (\n  { id, resourceRef, ...request }: Identified<AuthorizeRequest>,\n  user: BackstageIdentity | undefined,\n  policy: PermissionPolicy,\n  permissionIntegrationClient: PermissionIntegrationClient,\n  authHeader?: string,\n): Promise<Identified<AuthorizeResponse>> => {\n  const response = await policy.handle(request, user);\n\n  if (response.result === AuthorizeResult.CONDITIONAL) {\n    // Sanity check that any resource provided matches the one expected by the permission\n    if (request.permission.resourceType !== response.conditions.resourceType) {\n      throw new Error(\n        `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n      );\n    }\n\n    if (resourceRef) {\n      return {\n        id,\n        ...(await permissionIntegrationClient.applyConditions(\n          {\n            resourceRef,\n            ...response.conditions,\n          },\n          authHeader,\n        )),\n      };\n    }\n\n    return {\n      id,\n      result: AuthorizeResult.CONDITIONAL,\n      // TODO(mtlewis): this .conditions.conditions situation is a bit awkward. I think it's\n      // worth exploring a bit of reorganization of the ConditionalPolicyResult type so that\n      // the naming of property chains like this makes a bit more sense.\n      conditions: response.conditions.conditions,\n    };\n  }\n\n  return { id, ...response };\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const { policy, discovery, identity } = options;\n\n  const permissionIntegrationClient = new PermissionIntegrationClient({\n    discovery,\n  });\n\n  const router = Router();\n  router.use(express.json());\n\n  router.get('/health', (_, response) => {\n    response.send({ status: 'ok' });\n  });\n\n  router.post(\n    '/authorize',\n    async (\n      req: Request<Identified<AuthorizeRequest>[]>,\n      res: Response<Identified<AuthorizeResponse>[]>,\n    ) => {\n      const token = IdentityClient.getBearerToken(req.header('authorization'));\n      const user = token ? await identity.authenticate(token) : undefined;\n\n      const body = requestSchema.parse(req.body);\n\n      res.json(\n        await Promise.all(\n          body.map(request =>\n            handleRequest(\n              request,\n              user,\n              policy,\n              permissionIntegrationClient,\n              req.header('authorization'),\n            ),\n          ),\n        ),\n      );\n    },\n  );\n\n  router.use(errorHandler());\n  return router;\n}\n"],"names":["z","AuthorizeResult","fetch","Router","express","IdentityClient","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;AA6BA,MAAM,iBAAiBA,MAAE,OAAO;AAAA,EAC9B,QAAQA,MAAE,QAAQC,uCAAgB,OAAO,GAAGD,MAAE,QAAQC,uCAAgB;AAAA;kCAG/B;AAAA,EAGvC,YAAY,SAAiD;AAC3D,SAAK,YAAY,QAAQ;AAAA;AAAA,QAGrB,gBACJ;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,KAOF,YACkC;AAClC,UAAM,WAAW,GAAG,MAAM,KAAK,UAAU,WACvC;AAGF,UAAM,UAAkC;AAAA,MACtC;AAAA,MACA;AAAA,MACA;AAAA;AAGF,UAAM,WAAW,MAAMC,0BAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU;AAAA,MACrB,SAAS;AAAA,WACH,aAAa,CAAE,eAAe,cAAe;AAAA,QACjD,gBAAgB;AAAA;AAAA;AAIpB,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,MACR,2FAA2F,SAAS,YAAY,SAAS;AAAA;AAI7H,WAAO,eAAe,MAAM,MAAM,SAAS;AAAA;AAAA;;AC1C/C,MAAM,gBAA6DF,MAAE,MACnEA,MAAE,OAAO;AAAA,EACP,IAAIA,MAAE;AAAA,EACN,aAAaA,MAAE,SAAS;AAAA,EACxB,YAAYA,MAAE,OAAO;AAAA,IACnB,MAAMA,MAAE;AAAA,IACR,cAAcA,MAAE,SAAS;AAAA,IACzB,YAAYA,MAAE,OAAO;AAAA,MACnB,QAAQA,MACL,MAAM;AAAA,QACLA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,SAEX;AAAA;AAAA;AAAA;AAmBX,MAAM,gBAAgB,OACpB,CAAE,IAAI,gBAAgB,UACtB,MACA,QACA,6BACA,eAC2C;AAC3C,QAAM,WAAW,MAAM,OAAO,OAAO,SAAS;AAE9C,MAAI,SAAS,WAAWC,uCAAgB,aAAa;AAEnD,QAAI,QAAQ,WAAW,iBAAiB,SAAS,WAAW,cAAc;AACxE,YAAM,IAAI,MACR,8EAA8E,QAAQ,WAAW;AAAA;AAIrG,QAAI,aAAa;AACf,aAAO;AAAA,QACL;AAAA,WACI,MAAM,4BAA4B,gBACpC;AAAA,UACE;AAAA,aACG,SAAS;AAAA,WAEd;AAAA;AAAA;AAKN,WAAO;AAAA,MACL;AAAA,MACA,QAAQA,uCAAgB;AAAA,MAIxB,YAAY,SAAS,WAAW;AAAA;AAAA;AAIpC,SAAO,CAAE,OAAO;AAAA;4BAUhB,SACyB;AACzB,QAAM,CAAE,QAAQ,WAAW,YAAa;AAExC,QAAM,8BAA8B,IAAI,4BAA4B;AAAA,IAClE;AAAA;AAGF,QAAM,SAASE;AACf,SAAO,IAAIC,4BAAQ;AAEnB,SAAO,IAAI,WAAW,CAAC,GAAG,aAAa;AACrC,aAAS,KAAK,CAAE,QAAQ;AAAA;AAG1B,SAAO,KACL,cACA,OACE,KACA,QACG;AACH,UAAM,QAAQC,iCAAe,eAAe,IAAI,OAAO;AACvD,UAAM,OAAO,QAAQ,MAAM,SAAS,aAAa,SAAS;AAE1D,UAAM,OAAO,cAAc,MAAM,IAAI;AAErC,QAAI,KACF,MAAM,QAAQ,IACZ,KAAK,IAAI,aACP,cACE,SACA,MACA,QACA,6BACA,IAAI,OAAO;AAAA;AAQvB,SAAO,IAAIC;AACX,SAAO;AAAA;;;;"}
+{"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n  AuthorizeResult,\n  PermissionCondition,\n  PermissionCriteria,\n} from '@backstage/plugin-permission-common';\nimport {\n  ApplyConditionsRequest,\n  ApplyConditionsResponse,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n  result: z.literal(AuthorizeResult.ALLOW).or(z.literal(AuthorizeResult.DENY)),\n});\n\nexport class PermissionIntegrationClient {\n  private readonly discovery: PluginEndpointDiscovery;\n\n  constructor(options: { discovery: PluginEndpointDiscovery }) {\n    this.discovery = options.discovery;\n  }\n\n  async applyConditions(\n    {\n      pluginId,\n      resourceRef,\n      resourceType,\n      conditions,\n    }: {\n      resourceRef: string;\n      pluginId: string;\n      resourceType: string;\n      conditions: PermissionCriteria<PermissionCondition>;\n    },\n    authHeader?: string,\n  ): Promise<ApplyConditionsResponse> {\n    const endpoint = `${await this.discovery.getBaseUrl(\n      pluginId,\n    )}/.well-known/backstage/permissions/apply-conditions`;\n\n    const request: ApplyConditionsRequest = {\n      resourceRef,\n      resourceType,\n      conditions,\n    };\n\n    const response = await fetch(endpoint, {\n      method: 'POST',\n      body: JSON.stringify(request),\n      headers: {\n        ...(authHeader ? { authorization: authHeader } : {}),\n        'content-type': 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      throw new Error(\n        `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n      );\n    }\n\n    return responseSchema.parse(await response.json());\n  }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n  errorHandler,\n  PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport {\n  BackstageIdentity,\n  IdentityClient,\n} from '@backstage/plugin-auth-backend';\nimport {\n  AuthorizeResult,\n  AuthorizeResponse,\n  AuthorizeRequest,\n  Identified,\n} from '@backstage/plugin-permission-common';\nimport { PermissionPolicy } from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\n\nconst requestSchema: z.ZodSchema<Identified<AuthorizeRequest>[]> = z.array(\n  z.object({\n    id: z.string(),\n    resourceRef: z.string().optional(),\n    permission: z.object({\n      name: z.string(),\n      resourceType: z.string().optional(),\n      attributes: z.object({\n        action: z\n          .union([\n            z.literal('create'),\n            z.literal('read'),\n            z.literal('update'),\n            z.literal('delete'),\n          ])\n          .optional(),\n      }),\n    }),\n  }),\n);\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n  logger: Logger;\n  discovery: PluginEndpointDiscovery;\n  policy: PermissionPolicy;\n  identity: IdentityClient;\n}\n\nconst handleRequest = async (\n  { id, resourceRef, ...request }: Identified<AuthorizeRequest>,\n  user: BackstageIdentity | undefined,\n  policy: PermissionPolicy,\n  permissionIntegrationClient: PermissionIntegrationClient,\n  authHeader?: string,\n): Promise<Identified<AuthorizeResponse>> => {\n  const response = await policy.handle(request, user);\n\n  if (response.result === AuthorizeResult.CONDITIONAL) {\n    // Sanity check that any resource provided matches the one expected by the permission\n    if (request.permission.resourceType !== response.resourceType) {\n      throw new Error(\n        `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n      );\n    }\n\n    if (resourceRef) {\n      return {\n        id,\n        ...(await permissionIntegrationClient.applyConditions(\n          {\n            resourceRef,\n            pluginId: response.pluginId,\n            resourceType: response.resourceType,\n            conditions: response.conditions,\n          },\n          authHeader,\n        )),\n      };\n    }\n\n    return {\n      id,\n      result: AuthorizeResult.CONDITIONAL,\n      conditions: response.conditions,\n    };\n  }\n\n  return { id, ...response };\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const { policy, discovery, identity } = options;\n\n  const permissionIntegrationClient = new PermissionIntegrationClient({\n    discovery,\n  });\n\n  const router = Router();\n  router.use(express.json());\n\n  router.get('/health', (_, response) => {\n    response.send({ status: 'ok' });\n  });\n\n  router.post(\n    '/authorize',\n    async (\n      req: Request<Identified<AuthorizeRequest>[]>,\n      res: Response<Identified<AuthorizeResponse>[]>,\n    ) => {\n      const token = IdentityClient.getBearerToken(req.header('authorization'));\n      const user = token ? await identity.authenticate(token) : undefined;\n\n      const body = requestSchema.parse(req.body);\n\n      res.json(\n        await Promise.all(\n          body.map(request =>\n            handleRequest(\n              request,\n              user,\n              policy,\n              permissionIntegrationClient,\n              req.header('authorization'),\n            ),\n          ),\n        ),\n      );\n    },\n  );\n\n  router.use(errorHandler());\n  return router;\n}\n"],"names":["z","AuthorizeResult","fetch","Router","express","IdentityClient","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;AA6BA,MAAM,iBAAiBA,MAAE,OAAO;AAAA,EAC9B,QAAQA,MAAE,QAAQC,uCAAgB,OAAO,GAAGD,MAAE,QAAQC,uCAAgB;AAAA;kCAG/B;AAAA,EAGvC,YAAY,SAAiD;AAC3D,SAAK,YAAY,QAAQ;AAAA;AAAA,QAGrB,gBACJ;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,KAOF,YACkC;AAClC,UAAM,WAAW,GAAG,MAAM,KAAK,UAAU,WACvC;AAGF,UAAM,UAAkC;AAAA,MACtC;AAAA,MACA;AAAA,MACA;AAAA;AAGF,UAAM,WAAW,MAAMC,0BAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU;AAAA,MACrB,SAAS;AAAA,WACH,aAAa,CAAE,eAAe,cAAe;AAAA,QACjD,gBAAgB;AAAA;AAAA;AAIpB,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,MACR,2FAA2F,SAAS,YAAY,SAAS;AAAA;AAI7H,WAAO,eAAe,MAAM,MAAM,SAAS;AAAA;AAAA;;AC1C/C,MAAM,gBAA6DF,MAAE,MACnEA,MAAE,OAAO;AAAA,EACP,IAAIA,MAAE;AAAA,EACN,aAAaA,MAAE,SAAS;AAAA,EACxB,YAAYA,MAAE,OAAO;AAAA,IACnB,MAAMA,MAAE;AAAA,IACR,cAAcA,MAAE,SAAS;AAAA,IACzB,YAAYA,MAAE,OAAO;AAAA,MACnB,QAAQA,MACL,MAAM;AAAA,QACLA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,SAEX;AAAA;AAAA;AAAA;AAmBX,MAAM,gBAAgB,OACpB,CAAE,IAAI,gBAAgB,UACtB,MACA,QACA,6BACA,eAC2C;AAC3C,QAAM,WAAW,MAAM,OAAO,OAAO,SAAS;AAE9C,MAAI,SAAS,WAAWC,uCAAgB,aAAa;AAEnD,QAAI,QAAQ,WAAW,iBAAiB,SAAS,cAAc;AAC7D,YAAM,IAAI,MACR,8EAA8E,QAAQ,WAAW;AAAA;AAIrG,QAAI,aAAa;AACf,aAAO;AAAA,QACL;AAAA,WACI,MAAM,4BAA4B,gBACpC;AAAA,UACE;AAAA,UACA,UAAU,SAAS;AAAA,UACnB,cAAc,SAAS;AAAA,UACvB,YAAY,SAAS;AAAA,WAEvB;AAAA;AAAA;AAKN,WAAO;AAAA,MACL;AAAA,MACA,QAAQA,uCAAgB;AAAA,MACxB,YAAY,SAAS;AAAA;AAAA;AAIzB,SAAO,CAAE,OAAO;AAAA;4BAUhB,SACyB;AACzB,QAAM,CAAE,QAAQ,WAAW,YAAa;AAExC,QAAM,8BAA8B,IAAI,4BAA4B;AAAA,IAClE;AAAA;AAGF,QAAM,SAASE;AACf,SAAO,IAAIC,4BAAQ;AAEnB,SAAO,IAAI,WAAW,CAAC,GAAG,aAAa;AACrC,aAAS,KAAK,CAAE,QAAQ;AAAA;AAG1B,SAAO,KACL,cACA,OACE,KACA,QACG;AACH,UAAM,QAAQC,iCAAe,eAAe,IAAI,OAAO;AACvD,UAAM,OAAO,QAAQ,MAAM,SAAS,aAAa,SAAS;AAE1D,UAAM,OAAO,cAAc,MAAM,IAAI;AAErC,QAAI,KACF,MAAM,QAAQ,IACZ,KAAK,IAAI,aACP,cACE,SACA,MACA,QACA,6BACA,IAAI,OAAO;AAAA;AAQvB,SAAO,IAAIC;AACX,SAAO;AAAA;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-permission-backend",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -19,11 +19,11 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.9.11",
+    "@backstage/backend-common": "^0.9.12",
     "@backstage/config": "^0.1.11",
-    "@backstage/plugin-auth-backend": "^0.4.9",
+    "@backstage/plugin-auth-backend": "^0.4.10",
     "@backstage/plugin-permission-common": "^0.2.0",
-    "@backstage/plugin-permission-node": "^0.1.0",
+    "@backstage/plugin-permission-node": "^0.2.0",
     "@types/express": "*",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
@@ -33,7 +33,7 @@
     "zod": "^3.11.6"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.9.1",
+    "@backstage/cli": "^0.10.0",
     "@types/supertest": "^2.0.8",
     "msw": "^0.35.0",
     "supertest": "^4.0.2"
@@ -41,5 +41,5 @@
   "files": [
     "dist"
   ],
-  "gitHead": "85c127e436a24140bb3606f17f034f82aa9c7c0d"
+  "gitHead": "a05e7081b805006e3f0b2960a08a7753357f532f"
 }