@backstage/plugin-permission-node 0.7.7-next.1 → 0.7.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -0
- package/alpha/package.json +6 -0
- package/dist/alpha.cjs.js +12 -0
- package/dist/alpha.cjs.js.map +1 -0
- package/dist/alpha.d.ts +19 -0
- package/dist/index.d.ts +17 -18
- package/package.json +22 -7
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,33 @@
|
|
|
1
1
|
# @backstage/plugin-permission-node
|
|
2
2
|
|
|
3
|
+
## 0.7.7
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 788f0f5a152: Introduced alpha export of the `policyExtensionPoint` for use in the new backend system.
|
|
8
|
+
- 71fd0966d10: Added createConditionAuthorizer utility function, which takes some permission conditions and returns a function that returns a definitive authorization result given a decision and a resource.
|
|
9
|
+
- 1e4f5e91b8e: Bump `zod` and `zod-to-json-schema` dependencies.
|
|
10
|
+
- Updated dependencies
|
|
11
|
+
- @backstage/backend-common@0.18.4
|
|
12
|
+
- @backstage/plugin-permission-common@0.7.5
|
|
13
|
+
- @backstage/plugin-auth-node@0.2.13
|
|
14
|
+
- @backstage/backend-plugin-api@0.5.1
|
|
15
|
+
- @backstage/config@1.0.7
|
|
16
|
+
- @backstage/errors@1.1.5
|
|
17
|
+
|
|
18
|
+
## 0.7.7-next.2
|
|
19
|
+
|
|
20
|
+
### Patch Changes
|
|
21
|
+
|
|
22
|
+
- 788f0f5a152: Introduced alpha export of the `policyExtensionPoint` for use in the new backend system.
|
|
23
|
+
- Updated dependencies
|
|
24
|
+
- @backstage/backend-common@0.18.4-next.2
|
|
25
|
+
- @backstage/backend-plugin-api@0.5.1-next.2
|
|
26
|
+
- @backstage/config@1.0.7
|
|
27
|
+
- @backstage/errors@1.1.5
|
|
28
|
+
- @backstage/plugin-auth-node@0.2.13-next.2
|
|
29
|
+
- @backstage/plugin-permission-common@0.7.5-next.0
|
|
30
|
+
|
|
3
31
|
## 0.7.7-next.1
|
|
4
32
|
|
|
5
33
|
### Patch Changes
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
|
+
|
|
5
|
+
var backendPluginApi = require('@backstage/backend-plugin-api');
|
|
6
|
+
|
|
7
|
+
const policyExtensionPoint = backendPluginApi.createExtensionPoint({
|
|
8
|
+
id: "permission.policy"
|
|
9
|
+
});
|
|
10
|
+
|
|
11
|
+
exports.policyExtensionPoint = policyExtensionPoint;
|
|
12
|
+
//# sourceMappingURL=alpha.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alpha.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { createExtensionPoint } from '@backstage/backend-plugin-api';\nimport { PermissionPolicy } from '@backstage/plugin-permission-node';\n\n/**\n * Allows supplying policies to the permissions backend\n *\n * @alpha\n */\nexport type PolicyExtensionPoint = {\n setPolicy(policy: PermissionPolicy): void;\n};\n\n/**\n * Allows supplying policies to the permissions backend\n *\n * @alpha\n */\nexport const policyExtensionPoint = createExtensionPoint<PolicyExtensionPoint>({\n id: 'permission.policy',\n});\n"],"names":["createExtensionPoint"],"mappings":";;;;;;AAiCO,MAAM,uBAAuBA,qCAA2C,CAAA;AAAA,EAC7E,EAAI,EAAA,mBAAA;AACN,CAAC;;;;"}
|
package/dist/alpha.d.ts
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
|
|
2
|
+
import { PermissionPolicy } from '@backstage/plugin-permission-node';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Allows supplying policies to the permissions backend
|
|
6
|
+
*
|
|
7
|
+
* @alpha
|
|
8
|
+
*/
|
|
9
|
+
type PolicyExtensionPoint = {
|
|
10
|
+
setPolicy(policy: PermissionPolicy): void;
|
|
11
|
+
};
|
|
12
|
+
/**
|
|
13
|
+
* Allows supplying policies to the permissions backend
|
|
14
|
+
*
|
|
15
|
+
* @alpha
|
|
16
|
+
*/
|
|
17
|
+
declare const policyExtensionPoint: _backstage_backend_plugin_api.ExtensionPoint<PolicyExtensionPoint>;
|
|
18
|
+
|
|
19
|
+
export { PolicyExtensionPoint, policyExtensionPoint };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
|
|
2
1
|
import { PermissionCriteria, AllOfCriteria, AnyOfCriteria, NotCriteria, PermissionRuleParams, PermissionCondition, ResourcePermission, ConditionalPolicyDecision, IdentifiedPermissionMessage, DefinitivePolicyDecision, Permission, PolicyDecision, PermissionEvaluator, QueryPermissionRequest, EvaluatorRequestOptions, AuthorizePermissionRequest, AuthorizePermissionResponse } from '@backstage/plugin-permission-common';
|
|
3
2
|
import { z } from 'zod';
|
|
4
3
|
import express from 'express';
|
|
@@ -13,7 +12,7 @@ import { Config } from '@backstage/config';
|
|
|
13
12
|
* https://github.com/Microsoft/TypeScript/issues/14829#issuecomment-980401795
|
|
14
13
|
* @ignore
|
|
15
14
|
*/
|
|
16
|
-
|
|
15
|
+
type NoInfer<T> = T extends infer S ? S : never;
|
|
17
16
|
/**
|
|
18
17
|
* Utility function used to parse a PermissionCriteria
|
|
19
18
|
* @param criteria - a PermissionCriteria
|
|
@@ -58,7 +57,7 @@ declare const isNotCriteria: <T>(criteria: PermissionCriteria<T>) => criteria is
|
|
|
58
57
|
*
|
|
59
58
|
* @public
|
|
60
59
|
*/
|
|
61
|
-
|
|
60
|
+
type PermissionRule<TResource, TQuery, TResourceType extends string, TParams extends PermissionRuleParams = PermissionRuleParams> = {
|
|
62
61
|
name: string;
|
|
63
62
|
description: string;
|
|
64
63
|
resourceType: TResourceType;
|
|
@@ -104,14 +103,14 @@ declare const createConditionFactory: <TResourceType extends string, TParams ext
|
|
|
104
103
|
*
|
|
105
104
|
* @public
|
|
106
105
|
*/
|
|
107
|
-
|
|
106
|
+
type Condition<TRule> = TRule extends PermissionRule<any, any, infer TResourceType, infer TParams> ? undefined extends TParams ? () => PermissionCondition<TResourceType, TParams> : (params: TParams) => PermissionCondition<TResourceType, TParams> : never;
|
|
108
107
|
/**
|
|
109
108
|
* A utility type for mapping {@link PermissionRule}s to their corresponding
|
|
110
109
|
* {@link @backstage/plugin-permission-common#PermissionCondition}s.
|
|
111
110
|
*
|
|
112
111
|
* @public
|
|
113
112
|
*/
|
|
114
|
-
|
|
113
|
+
type Conditions<TRules extends Record<string, PermissionRule<any, any, any>>> = {
|
|
115
114
|
[Name in keyof TRules]: Condition<TRules[Name]>;
|
|
116
115
|
};
|
|
117
116
|
/**
|
|
@@ -134,13 +133,13 @@ declare type Conditions<TRules extends Record<string, PermissionRule<any, any, a
|
|
|
134
133
|
*
|
|
135
134
|
* @public
|
|
136
135
|
*/
|
|
137
|
-
declare const createConditionExports: <TResourceType extends string, TResource, TRules extends Record<string, PermissionRule<TResource, any, TResourceType
|
|
136
|
+
declare const createConditionExports: <TResourceType extends string, TResource, TRules extends Record<string, PermissionRule<TResource, any, TResourceType>>>(options: {
|
|
138
137
|
pluginId: string;
|
|
139
138
|
resourceType: TResourceType;
|
|
140
139
|
rules: TRules;
|
|
141
140
|
}) => {
|
|
142
141
|
conditions: Conditions<TRules>;
|
|
143
|
-
createConditionalDecision: (permission: ResourcePermission<TResourceType>, conditions: PermissionCriteria<PermissionCondition<TResourceType
|
|
142
|
+
createConditionalDecision: (permission: ResourcePermission<TResourceType>, conditions: PermissionCriteria<PermissionCondition<TResourceType>>) => ConditionalPolicyDecision;
|
|
144
143
|
};
|
|
145
144
|
|
|
146
145
|
/**
|
|
@@ -151,7 +150,7 @@ declare const createConditionExports: <TResourceType extends string, TResource,
|
|
|
151
150
|
*
|
|
152
151
|
* @public
|
|
153
152
|
*/
|
|
154
|
-
|
|
153
|
+
type ConditionTransformer<TQuery> = (conditions: PermissionCriteria<PermissionCondition>) => PermissionCriteria<TQuery>;
|
|
155
154
|
/**
|
|
156
155
|
* A higher-order helper function which accepts an array of
|
|
157
156
|
* {@link PermissionRule}s, and returns a {@link ConditionTransformer}
|
|
@@ -160,7 +159,7 @@ declare type ConditionTransformer<TQuery> = (conditions: PermissionCriteria<Perm
|
|
|
160
159
|
*
|
|
161
160
|
* @public
|
|
162
161
|
*/
|
|
163
|
-
declare const createConditionTransformer: <TQuery, TRules extends PermissionRule<any, TQuery, string
|
|
162
|
+
declare const createConditionTransformer: <TQuery, TRules extends PermissionRule<any, TQuery, string>[]>(permissionRules: [...TRules]) => ConditionTransformer<TQuery>;
|
|
164
163
|
|
|
165
164
|
/**
|
|
166
165
|
* A request to load the referenced resource and apply conditions in order to
|
|
@@ -168,7 +167,7 @@ declare const createConditionTransformer: <TQuery, TRules extends PermissionRule
|
|
|
168
167
|
*
|
|
169
168
|
* @public
|
|
170
169
|
*/
|
|
171
|
-
|
|
170
|
+
type ApplyConditionsRequestEntry = IdentifiedPermissionMessage<{
|
|
172
171
|
resourceRef: string;
|
|
173
172
|
resourceType: string;
|
|
174
173
|
conditions: PermissionCriteria<PermissionCondition>;
|
|
@@ -178,7 +177,7 @@ declare type ApplyConditionsRequestEntry = IdentifiedPermissionMessage<{
|
|
|
178
177
|
*
|
|
179
178
|
* @public
|
|
180
179
|
*/
|
|
181
|
-
|
|
180
|
+
type ApplyConditionsRequest = {
|
|
182
181
|
items: ApplyConditionsRequestEntry[];
|
|
183
182
|
};
|
|
184
183
|
/**
|
|
@@ -187,13 +186,13 @@ declare type ApplyConditionsRequest = {
|
|
|
187
186
|
*
|
|
188
187
|
* @public
|
|
189
188
|
*/
|
|
190
|
-
|
|
189
|
+
type ApplyConditionsResponseEntry = IdentifiedPermissionMessage<DefinitivePolicyDecision>;
|
|
191
190
|
/**
|
|
192
191
|
* A batch of {@link ApplyConditionsResponseEntry} objects.
|
|
193
192
|
*
|
|
194
193
|
* @public
|
|
195
194
|
*/
|
|
196
|
-
|
|
195
|
+
type ApplyConditionsResponse = {
|
|
197
196
|
items: ApplyConditionsResponseEntry[];
|
|
198
197
|
};
|
|
199
198
|
/**
|
|
@@ -202,7 +201,7 @@ declare type ApplyConditionsResponse = {
|
|
|
202
201
|
*
|
|
203
202
|
* @public
|
|
204
203
|
*/
|
|
205
|
-
|
|
204
|
+
type MetadataResponseSerializedRule = {
|
|
206
205
|
name: string;
|
|
207
206
|
description: string;
|
|
208
207
|
resourceType: string;
|
|
@@ -213,7 +212,7 @@ declare type MetadataResponseSerializedRule = {
|
|
|
213
212
|
*
|
|
214
213
|
* @public
|
|
215
214
|
*/
|
|
216
|
-
|
|
215
|
+
type MetadataResponse = {
|
|
217
216
|
permissions?: Permission[];
|
|
218
217
|
rules: MetadataResponseSerializedRule[];
|
|
219
218
|
};
|
|
@@ -224,14 +223,14 @@ declare type MetadataResponse = {
|
|
|
224
223
|
*
|
|
225
224
|
* @public
|
|
226
225
|
*/
|
|
227
|
-
declare const createConditionAuthorizer: <TResource, TQuery>(rules: PermissionRule<TResource, TQuery, string
|
|
226
|
+
declare const createConditionAuthorizer: <TResource, TQuery>(rules: PermissionRule<TResource, TQuery, string>[]) => (decision: PolicyDecision, resource: TResource | undefined) => boolean;
|
|
228
227
|
/**
|
|
229
228
|
* Options for creating a permission integration router specific
|
|
230
229
|
* for a particular resource type.
|
|
231
230
|
*
|
|
232
231
|
* @public
|
|
233
232
|
*/
|
|
234
|
-
|
|
233
|
+
type CreatePermissionIntegrationRouterResourceOptions<TResourceType extends string, TResource> = {
|
|
235
234
|
resourceType: TResourceType;
|
|
236
235
|
permissions?: Array<Permission>;
|
|
237
236
|
rules: PermissionRule<TResource, any, NoInfer<TResourceType>>[];
|
|
@@ -312,7 +311,7 @@ declare const makeCreatePermissionRule: <TResource, TQuery, TResourceType extend
|
|
|
312
311
|
*
|
|
313
312
|
* @public
|
|
314
313
|
*/
|
|
315
|
-
|
|
314
|
+
type PolicyQuery = {
|
|
316
315
|
permission: Permission;
|
|
317
316
|
};
|
|
318
317
|
/**
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-permission-node",
|
|
3
3
|
"description": "Common permission and authorization utilities for backend plugins",
|
|
4
|
-
"version": "0.7.7
|
|
4
|
+
"version": "0.7.7",
|
|
5
5
|
"main": "dist/index.cjs.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"license": "Apache-2.0",
|
|
@@ -10,6 +10,19 @@
|
|
|
10
10
|
"main": "dist/index.cjs.js",
|
|
11
11
|
"types": "dist/index.d.ts"
|
|
12
12
|
},
|
|
13
|
+
"exports": {
|
|
14
|
+
".": {
|
|
15
|
+
"require": "./dist/index.cjs.js",
|
|
16
|
+
"types": "./dist/index.d.ts",
|
|
17
|
+
"default": "./dist/index.cjs.js"
|
|
18
|
+
},
|
|
19
|
+
"./alpha": {
|
|
20
|
+
"require": "./dist/alpha.cjs.js",
|
|
21
|
+
"types": "./dist/alpha.d.ts",
|
|
22
|
+
"default": "./dist/alpha.cjs.js"
|
|
23
|
+
},
|
|
24
|
+
"./package.json": "./package.json"
|
|
25
|
+
},
|
|
13
26
|
"backstage": {
|
|
14
27
|
"role": "node-library"
|
|
15
28
|
},
|
|
@@ -33,11 +46,12 @@
|
|
|
33
46
|
"start": "backstage-cli package start"
|
|
34
47
|
},
|
|
35
48
|
"dependencies": {
|
|
36
|
-
"@backstage/backend-common": "^0.18.4
|
|
49
|
+
"@backstage/backend-common": "^0.18.4",
|
|
50
|
+
"@backstage/backend-plugin-api": "^0.5.1",
|
|
37
51
|
"@backstage/config": "^1.0.7",
|
|
38
52
|
"@backstage/errors": "^1.1.5",
|
|
39
|
-
"@backstage/plugin-auth-node": "^0.2.13
|
|
40
|
-
"@backstage/plugin-permission-common": "^0.7.5
|
|
53
|
+
"@backstage/plugin-auth-node": "^0.2.13",
|
|
54
|
+
"@backstage/plugin-permission-common": "^0.7.5",
|
|
41
55
|
"@types/express": "^4.17.6",
|
|
42
56
|
"express": "^4.17.1",
|
|
43
57
|
"express-promise-router": "^4.1.0",
|
|
@@ -45,13 +59,14 @@
|
|
|
45
59
|
"zod-to-json-schema": "^3.20.4"
|
|
46
60
|
},
|
|
47
61
|
"devDependencies": {
|
|
48
|
-
"@backstage/backend-test-utils": "^0.1.36
|
|
49
|
-
"@backstage/cli": "^0.22.6
|
|
62
|
+
"@backstage/backend-test-utils": "^0.1.36",
|
|
63
|
+
"@backstage/cli": "^0.22.6",
|
|
50
64
|
"@types/supertest": "^2.0.8",
|
|
51
65
|
"msw": "^1.0.0",
|
|
52
66
|
"supertest": "^6.1.3"
|
|
53
67
|
},
|
|
54
68
|
"files": [
|
|
55
|
-
"dist"
|
|
69
|
+
"dist",
|
|
70
|
+
"alpha"
|
|
56
71
|
]
|
|
57
72
|
}
|