@backstage/plugin-proxy-backend 0.5.0-next.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +58 -0
- package/alpha/package.json +1 -1
- package/dist/alpha.d.ts +1 -1
- package/package.json +8 -8
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,63 @@
|
|
|
1
1
|
# @backstage/plugin-proxy-backend
|
|
2
2
|
|
|
3
|
+
## 0.5.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 88480e4: **BREAKING**: The proxy backend plugin is now protected by Backstage auth, by
|
|
8
|
+
default. Unless specifically configured (see below), all proxy endpoints will
|
|
9
|
+
reject requests immediately unless a valid Backstage user or service token is
|
|
10
|
+
passed along with the request. This aligns the proxy with how other Backstage
|
|
11
|
+
backends behave out of the box, and serves to protect your upstreams from
|
|
12
|
+
unauthorized access.
|
|
13
|
+
|
|
14
|
+
A proxy configuration section can now look as follows:
|
|
15
|
+
|
|
16
|
+
```yaml
|
|
17
|
+
proxy:
|
|
18
|
+
endpoints:
|
|
19
|
+
'/pagerduty':
|
|
20
|
+
target: https://api.pagerduty.com
|
|
21
|
+
credentials: require # NEW!
|
|
22
|
+
headers:
|
|
23
|
+
Authorization: Token token=${PAGERDUTY_TOKEN}
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
There are three possible `credentials` settings at this point:
|
|
27
|
+
|
|
28
|
+
- `require`: Callers must provide Backstage user or service credentials with
|
|
29
|
+
each request. The credentials are not forwarded to the proxy target.
|
|
30
|
+
- `forward`: Callers must provide Backstage user or service credentials with
|
|
31
|
+
each request, and those credentials are forwarded to the proxy target.
|
|
32
|
+
- `dangerously-allow-unauthenticated`: No Backstage credentials are required to
|
|
33
|
+
access this proxy target. The target can still apply its own credentials
|
|
34
|
+
checks, but the proxy will not help block non-Backstage-blessed callers. If
|
|
35
|
+
you also add `allowedHeaders: ['Authorization']` to an endpoint configuration,
|
|
36
|
+
then the Backstage token (if provided) WILL be forwarded.
|
|
37
|
+
|
|
38
|
+
The value `dangerously-allow-unauthenticated` was the old default.
|
|
39
|
+
|
|
40
|
+
The value `require` is the new default, so requests that were previously
|
|
41
|
+
permitted may now start resulting in `401 Unauthorized` responses. If you have
|
|
42
|
+
`backend.auth.dangerouslyDisableDefaultAuthPolicy` set to `true`, this does not
|
|
43
|
+
apply; the proxy will behave as if all endpoints were set to
|
|
44
|
+
`dangerously-allow-unauthenticated`.
|
|
45
|
+
|
|
46
|
+
If you have proxy endpoints that require unauthenticated access still, please
|
|
47
|
+
add `credentials: dangerously-allow-unauthenticated` to their declarations in
|
|
48
|
+
your app-config.
|
|
49
|
+
|
|
50
|
+
### Patch Changes
|
|
51
|
+
|
|
52
|
+
- 8869b8e: Updated local development setup.
|
|
53
|
+
- 78a0b08: Internal refactor to handle `BackendFeature` contract change.
|
|
54
|
+
- d44a20a: Added additional plugin metadata to `package.json`.
|
|
55
|
+
- Updated dependencies
|
|
56
|
+
- @backstage/backend-common@0.23.0
|
|
57
|
+
- @backstage/backend-plugin-api@0.6.19
|
|
58
|
+
- @backstage/config@1.2.0
|
|
59
|
+
- @backstage/types@1.1.1
|
|
60
|
+
|
|
3
61
|
## 0.5.0-next.3
|
|
4
62
|
|
|
5
63
|
### Patch Changes
|
package/alpha/package.json
CHANGED
package/dist/alpha.d.ts
CHANGED
|
@@ -5,6 +5,6 @@ import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
|
|
|
5
5
|
*
|
|
6
6
|
* @alpha
|
|
7
7
|
*/
|
|
8
|
-
declare const _default:
|
|
8
|
+
declare const _default: _backstage_backend_plugin_api.BackendFeatureCompat;
|
|
9
9
|
|
|
10
10
|
export { _default as default };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-proxy-backend",
|
|
3
|
-
"version": "0.5.0
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "A Backstage backend plugin that helps you set up proxy endpoints in the backend",
|
|
5
5
|
"backstage": {
|
|
6
6
|
"role": "backend-plugin",
|
|
@@ -52,8 +52,8 @@
|
|
|
52
52
|
"test": "backstage-cli package test"
|
|
53
53
|
},
|
|
54
54
|
"dependencies": {
|
|
55
|
-
"@backstage/backend-common": "^0.23.0
|
|
56
|
-
"@backstage/backend-plugin-api": "^0.6.19
|
|
55
|
+
"@backstage/backend-common": "^0.23.0",
|
|
56
|
+
"@backstage/backend-plugin-api": "^0.6.19",
|
|
57
57
|
"@backstage/config": "^1.2.0",
|
|
58
58
|
"@backstage/types": "^1.1.1",
|
|
59
59
|
"@types/express": "^4.17.6",
|
|
@@ -68,11 +68,11 @@
|
|
|
68
68
|
"yup": "^1.0.0"
|
|
69
69
|
},
|
|
70
70
|
"devDependencies": {
|
|
71
|
-
"@backstage/backend-app-api": "^0.7.6
|
|
72
|
-
"@backstage/backend-defaults": "^0.3.0
|
|
73
|
-
"@backstage/backend-test-utils": "^0.4.0
|
|
74
|
-
"@backstage/cli": "^0.26.7
|
|
75
|
-
"@backstage/config-loader": "^1.8.1
|
|
71
|
+
"@backstage/backend-app-api": "^0.7.6",
|
|
72
|
+
"@backstage/backend-defaults": "^0.3.0",
|
|
73
|
+
"@backstage/backend-test-utils": "^0.4.0",
|
|
74
|
+
"@backstage/cli": "^0.26.7",
|
|
75
|
+
"@backstage/config-loader": "^1.8.1",
|
|
76
76
|
"@backstage/errors": "^1.2.4",
|
|
77
77
|
"@types/http-proxy-middleware": "^1.0.0",
|
|
78
78
|
"@types/uuid": "^9.0.0",
|