@backstage/plugin-scaffolder-backend 1.22.0-next.0 → 1.22.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +35 -0
  2. package/alpha/package.json +1 -1
  3. package/dist/alpha.cjs.js +12 -3
  4. package/dist/alpha.cjs.js.map +1 -1
  5. package/dist/cjs/{router-ae706822.cjs.js → router-1665319e.cjs.js} +84 -42
  6. package/dist/cjs/router-1665319e.cjs.js.map +1 -0
  7. package/dist/index.cjs.js +2 -2
  8. package/dist/index.d.ts +15 -4
  9. package/package.json +24 -24
  10. package/dist/cjs/router-ae706822.cjs.js.map +0 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,40 @@
1
1
  # @backstage/plugin-scaffolder-backend
2
2
 
3
+ ## 1.22.0-next.1
4
+
5
+ ### Minor Changes
6
+
7
+ - aa543c9: Migrate plugin to use the new auth services, add an optional service discovery to the router options and change the permissions type to be `PermissionsService`.
8
+
9
+ ### Patch Changes
10
+
11
+ - bbd1fe1: Made "checkpoint" on scaffolder action context non-optional
12
+ - Updated dependencies
13
+ - @backstage/config@1.2.0-next.1
14
+ - @backstage/plugin-scaffolder-node@0.4.0-next.1
15
+ - @backstage/plugin-scaffolder-backend-module-github@0.2.4-next.1
16
+ - @backstage/backend-common@0.21.4-next.1
17
+ - @backstage/backend-plugin-api@0.6.14-next.1
18
+ - @backstage/backend-tasks@0.5.19-next.1
19
+ - @backstage/integration@1.9.1-next.1
20
+ - @backstage/plugin-auth-node@0.4.9-next.1
21
+ - @backstage/plugin-permission-common@0.7.13-next.1
22
+ - @backstage/plugin-permission-node@0.7.25-next.1
23
+ - @backstage/plugin-scaffolder-backend-module-azure@0.1.6-next.1
24
+ - @backstage/plugin-scaffolder-backend-module-bitbucket@0.2.4-next.1
25
+ - @backstage/plugin-scaffolder-backend-module-bitbucket-cloud@0.1.4-next.1
26
+ - @backstage/plugin-scaffolder-backend-module-bitbucket-server@0.1.4-next.1
27
+ - @backstage/plugin-scaffolder-backend-module-gerrit@0.1.6-next.1
28
+ - @backstage/plugin-scaffolder-backend-module-gitea@0.1.4-next.1
29
+ - @backstage/plugin-scaffolder-backend-module-gitlab@0.2.17-next.1
30
+ - @backstage/catalog-client@1.6.1-next.0
31
+ - @backstage/catalog-model@1.4.5-next.0
32
+ - @backstage/errors@1.2.4-next.0
33
+ - @backstage/types@1.1.1
34
+ - @backstage/plugin-catalog-backend-module-scaffolder-entity-model@0.1.11-next.1
35
+ - @backstage/plugin-catalog-node@1.8.0-next.1
36
+ - @backstage/plugin-scaffolder-common@1.5.1-next.1
37
+
3
38
  ## 1.22.0-next.0
4
39
 
5
40
  ### Minor Changes
package/alpha/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-scaffolder-backend",
3
- "version": "1.22.0-next.0",
3
+ "version": "1.22.0-next.1",
4
4
  "main": "../dist/alpha.cjs.js",
5
5
  "types": "../dist/alpha.d.ts"
6
6
  }
package/dist/alpha.cjs.js CHANGED
@@ -4,7 +4,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
5
  var alpha = require('@backstage/plugin-scaffolder-common/alpha');
6
6
  var pluginPermissionNode = require('@backstage/plugin-permission-node');
7
- var router = require('./cjs/router-ae706822.cjs.js');
7
+ var router = require('./cjs/router-1665319e.cjs.js');
8
8
  var backendPluginApi = require('@backstage/backend-plugin-api');
9
9
  var backendCommon = require('@backstage/backend-common');
10
10
  var integration = require('@backstage/integration');
@@ -98,7 +98,10 @@ const scaffolderPlugin = backendPluginApi.createBackendPlugin({
98
98
  reader: backendPluginApi.coreServices.urlReader,
99
99
  permissions: backendPluginApi.coreServices.permissions,
100
100
  database: backendPluginApi.coreServices.database,
101
+ auth: backendPluginApi.coreServices.auth,
102
+ discovery: backendPluginApi.coreServices.discovery,
101
103
  httpRouter: backendPluginApi.coreServices.httpRouter,
104
+ httpAuth: backendPluginApi.coreServices.httpAuth,
102
105
  catalogClient: alpha$2.catalogServiceRef
103
106
  },
104
107
  async init({
@@ -107,7 +110,10 @@ const scaffolderPlugin = backendPluginApi.createBackendPlugin({
107
110
  lifecycle,
108
111
  reader,
109
112
  database,
113
+ auth,
114
+ discovery,
110
115
  httpRouter,
116
+ httpAuth,
111
117
  catalogClient,
112
118
  permissions
113
119
  }) {
@@ -134,8 +140,8 @@ const scaffolderPlugin = backendPluginApi.createBackendPlugin({
134
140
  router.createDebugLogAction(),
135
141
  router.createWaitAction(),
136
142
  // todo(blam): maybe these should be a -catalog module?
137
- router.createCatalogRegisterAction({ catalogClient, integrations }),
138
- router.createFetchCatalogEntityAction({ catalogClient }),
143
+ router.createCatalogRegisterAction({ catalogClient, integrations, auth }),
144
+ router.createFetchCatalogEntityAction({ catalogClient, auth }),
139
145
  router.createCatalogWriteAction(),
140
146
  router.createFilesystemDeleteAction(),
141
147
  router.createFilesystemRenameAction()
@@ -155,6 +161,9 @@ const scaffolderPlugin = backendPluginApi.createBackendPlugin({
155
161
  taskBroker,
156
162
  additionalTemplateFilters,
157
163
  additionalTemplateGlobals,
164
+ auth,
165
+ httpAuth,
166
+ discovery,
158
167
  permissions
159
168
  });
160
169
  httpRouter.use(router$1);
package/dist/alpha.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"alpha.cjs.js","sources":["../src/service/conditionExports.ts","../src/ScaffolderPlugin.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n RESOURCE_TYPE_SCAFFOLDER_TEMPLATE,\n RESOURCE_TYPE_SCAFFOLDER_ACTION,\n} from '@backstage/plugin-scaffolder-common/alpha';\nimport { createConditionExports } from '@backstage/plugin-permission-node';\nimport { scaffolderTemplateRules, scaffolderActionRules } from './rules';\n\nconst templateConditionExports = createConditionExports({\n pluginId: 'scaffolder',\n resourceType: RESOURCE_TYPE_SCAFFOLDER_TEMPLATE,\n rules: scaffolderTemplateRules,\n});\n\nconst actionsConditionExports = createConditionExports({\n pluginId: 'scaffolder',\n resourceType: RESOURCE_TYPE_SCAFFOLDER_ACTION,\n rules: scaffolderActionRules,\n});\n\n/**\n * `createScaffolderTemplateConditionalDecision` can be used when authoring policies to\n * create conditional decisions. It requires a permission of type\n * `ResourcePermission<'scaffolder-template'>` to be passed as the first parameter.\n * It's recommended that you use the provided `isResourcePermission` and\n * `isPermission` helper methods to narrow the type of the permission passed to\n * the handle method as shown below.\n *\n * ```\n * // MyAuthorizationPolicy.ts\n * ...\n * import { createScaffolderPolicyDecision } from '@backstage/plugin-scaffolder-backend';\n * import { RESOURCE_TYPE_SCAFFOLDER_TEMPLATE } from '@backstage/plugin-scaffolder-common';\n *\n * class MyAuthorizationPolicy implements PermissionPolicy {\n * async handle(request, user) {\n * ...\n *\n * if (isResourcePermission(request.permission, RESOURCE_TYPE_SCAFFOLDER_TEMPLATE)) {\n * return createScaffolderConditionalDecision(\n * request.permission,\n * { anyOf: [...insert conditions here...] }\n * );\n * }\n *\n * ...\n * }\n *\n * ```\n *\n * @alpha\n */\nexport const createScaffolderTemplateConditionalDecision =\n templateConditionExports.createConditionalDecision;\n\n/**\n * These conditions are used when creating conditional decisions for scaffolder\n * templates that are returned by authorization policies.\n *\n * @alpha\n */\nexport const scaffolderTemplateConditions = templateConditionExports.conditions;\n\n/**\n * @alpha\n */\nexport const createScaffolderActionConditionalDecision =\n actionsConditionExports.createConditionalDecision;\n\n/**\n *\n * These conditions are used when creating conditional decisions for scaffolder\n * actions that are returned by authorization policies.\n *\n * @alpha\n */\nexport const scaffolderActionConditions = actionsConditionExports.conditions;\n","/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n createBackendPlugin,\n coreServices,\n} from '@backstage/backend-plugin-api';\nimport { loggerToWinstonLogger } from '@backstage/backend-common';\nimport { ScmIntegrations } from '@backstage/integration';\nimport { catalogServiceRef } from '@backstage/plugin-catalog-node/alpha';\nimport {\n TaskBroker,\n TemplateAction,\n TemplateFilter,\n TemplateGlobal,\n} from '@backstage/plugin-scaffolder-node';\nimport {\n scaffolderActionsExtensionPoint,\n scaffolderTaskBrokerExtensionPoint,\n scaffolderTemplatingExtensionPoint,\n} from '@backstage/plugin-scaffolder-node/alpha';\nimport {\n createCatalogRegisterAction,\n createCatalogWriteAction,\n createDebugLogAction,\n createFetchCatalogEntityAction,\n createFetchPlainAction,\n createFetchPlainFileAction,\n createFetchTemplateAction,\n createFilesystemDeleteAction,\n createFilesystemRenameAction,\n createWaitAction,\n} from './scaffolder';\nimport { createRouter } from './service/router';\n\n/**\n * Scaffolder plugin\n *\n * @alpha\n */\nexport const scaffolderPlugin = createBackendPlugin({\n pluginId: 'scaffolder',\n register(env) {\n const addedActions = new Array<TemplateAction<any, any>>();\n env.registerExtensionPoint(scaffolderActionsExtensionPoint, {\n addActions(...newActions: TemplateAction<any>[]) {\n addedActions.push(...newActions);\n },\n });\n\n let taskBroker: TaskBroker | undefined;\n env.registerExtensionPoint(scaffolderTaskBrokerExtensionPoint, {\n setTaskBroker(newTaskBroker) {\n if (taskBroker) {\n throw new Error('Task broker may only be set once');\n }\n taskBroker = newTaskBroker;\n },\n });\n\n const additionalTemplateFilters: Record<string, TemplateFilter> = {};\n const additionalTemplateGlobals: Record<string, TemplateGlobal> = {};\n env.registerExtensionPoint(scaffolderTemplatingExtensionPoint, {\n addTemplateFilters(newFilters) {\n Object.assign(additionalTemplateFilters, newFilters);\n },\n addTemplateGlobals(newGlobals) {\n Object.assign(additionalTemplateGlobals, newGlobals);\n },\n });\n\n env.registerInit({\n deps: {\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n lifecycle: coreServices.rootLifecycle,\n reader: coreServices.urlReader,\n permissions: coreServices.permissions,\n database: coreServices.database,\n httpRouter: coreServices.httpRouter,\n catalogClient: catalogServiceRef,\n },\n async init({\n logger,\n config,\n lifecycle,\n reader,\n database,\n httpRouter,\n catalogClient,\n permissions,\n }) {\n const log = loggerToWinstonLogger(logger);\n const integrations = ScmIntegrations.fromConfig(config);\n\n const actions = [\n // actions provided from other modules\n ...addedActions,\n\n // built-in actions for the scaffolder\n createFetchPlainAction({\n reader,\n integrations,\n }),\n createFetchPlainFileAction({\n reader,\n integrations,\n }),\n createFetchTemplateAction({\n integrations,\n reader,\n additionalTemplateFilters,\n additionalTemplateGlobals,\n }),\n createDebugLogAction(),\n createWaitAction(),\n // todo(blam): maybe these should be a -catalog module?\n createCatalogRegisterAction({ catalogClient, integrations }),\n createFetchCatalogEntityAction({ catalogClient }),\n createCatalogWriteAction(),\n createFilesystemDeleteAction(),\n createFilesystemRenameAction(),\n ];\n\n const actionIds = actions.map(action => action.id).join(', ');\n\n log.info(\n `Starting scaffolder with the following actions enabled ${actionIds}`,\n );\n\n const router = await createRouter({\n logger: log,\n config,\n database,\n catalogClient,\n reader,\n lifecycle,\n actions,\n taskBroker,\n additionalTemplateFilters,\n additionalTemplateGlobals,\n permissions,\n });\n httpRouter.use(router);\n },\n });\n },\n});\n"],"names":["createConditionExports","RESOURCE_TYPE_SCAFFOLDER_TEMPLATE","scaffolderTemplateRules","RESOURCE_TYPE_SCAFFOLDER_ACTION","scaffolderActionRules","createBackendPlugin","scaffolderActionsExtensionPoint","scaffolderTaskBrokerExtensionPoint","scaffolderTemplatingExtensionPoint","coreServices","catalogServiceRef","loggerToWinstonLogger","ScmIntegrations","createFetchPlainAction","createFetchPlainFileAction","createFetchTemplateAction","createDebugLogAction","createWaitAction","createCatalogRegisterAction","createFetchCatalogEntityAction","createCatalogWriteAction","createFilesystemDeleteAction","createFilesystemRenameAction","router","createRouter"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,MAAM,2BAA2BA,2CAAuB,CAAA;AAAA,EACtD,QAAU,EAAA,YAAA;AAAA,EACV,YAAc,EAAAC,uCAAA;AAAA,EACd,KAAO,EAAAC,8BAAA;AACT,CAAC,CAAA,CAAA;AAED,MAAM,0BAA0BF,2CAAuB,CAAA;AAAA,EACrD,QAAU,EAAA,YAAA;AAAA,EACV,YAAc,EAAAG,qCAAA;AAAA,EACd,KAAO,EAAAC,4BAAA;AACT,CAAC,CAAA,CAAA;AAkCM,MAAM,8CACX,wBAAyB,CAAA,0BAAA;AAQpB,MAAM,+BAA+B,wBAAyB,CAAA,WAAA;AAK9D,MAAM,4CACX,uBAAwB,CAAA,0BAAA;AASnB,MAAM,6BAA6B,uBAAwB,CAAA;;ACtC3D,MAAM,mBAAmBC,oCAAoB,CAAA;AAAA,EAClD,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAM,MAAA,YAAA,GAAe,IAAI,KAAgC,EAAA,CAAA;AACzD,IAAA,GAAA,CAAI,uBAAuBC,uCAAiC,EAAA;AAAA,MAC1D,cAAc,UAAmC,EAAA;AAC/C,QAAa,YAAA,CAAA,IAAA,CAAK,GAAG,UAAU,CAAA,CAAA;AAAA,OACjC;AAAA,KACD,CAAA,CAAA;AAED,IAAI,IAAA,UAAA,CAAA;AACJ,IAAA,GAAA,CAAI,uBAAuBC,0CAAoC,EAAA;AAAA,MAC7D,cAAc,aAAe,EAAA;AAC3B,QAAA,IAAI,UAAY,EAAA;AACd,UAAM,MAAA,IAAI,MAAM,kCAAkC,CAAA,CAAA;AAAA,SACpD;AACA,QAAa,UAAA,GAAA,aAAA,CAAA;AAAA,OACf;AAAA,KACD,CAAA,CAAA;AAED,IAAA,MAAM,4BAA4D,EAAC,CAAA;AACnE,IAAA,MAAM,4BAA4D,EAAC,CAAA;AACnE,IAAA,GAAA,CAAI,uBAAuBC,0CAAoC,EAAA;AAAA,MAC7D,mBAAmB,UAAY,EAAA;AAC7B,QAAO,MAAA,CAAA,MAAA,CAAO,2BAA2B,UAAU,CAAA,CAAA;AAAA,OACrD;AAAA,MACA,mBAAmB,UAAY,EAAA;AAC7B,QAAO,MAAA,CAAA,MAAA,CAAO,2BAA2B,UAAU,CAAA,CAAA;AAAA,OACrD;AAAA,KACD,CAAA,CAAA;AAED,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,QAAQC,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,WAAWA,6BAAa,CAAA,aAAA;AAAA,QACxB,QAAQA,6BAAa,CAAA,SAAA;AAAA,QACrB,aAAaA,6BAAa,CAAA,WAAA;AAAA,QAC1B,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,YAAYA,6BAAa,CAAA,UAAA;AAAA,QACzB,aAAe,EAAAC,yBAAA;AAAA,OACjB;AAAA,MACA,MAAM,IAAK,CAAA;AAAA,QACT,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAA;AAAA,QACA,UAAA;AAAA,QACA,aAAA;AAAA,QACA,WAAA;AAAA,OACC,EAAA;AACD,QAAM,MAAA,GAAA,GAAMC,oCAAsB,MAAM,CAAA,CAAA;AACxC,QAAM,MAAA,YAAA,GAAeC,2BAAgB,CAAA,UAAA,CAAW,MAAM,CAAA,CAAA;AAEtD,QAAA,MAAM,OAAU,GAAA;AAAA;AAAA,UAEd,GAAG,YAAA;AAAA;AAAA,UAGHC,6BAAuB,CAAA;AAAA,YACrB,MAAA;AAAA,YACA,YAAA;AAAA,WACD,CAAA;AAAA,UACDC,iCAA2B,CAAA;AAAA,YACzB,MAAA;AAAA,YACA,YAAA;AAAA,WACD,CAAA;AAAA,UACDC,gCAA0B,CAAA;AAAA,YACxB,YAAA;AAAA,YACA,MAAA;AAAA,YACA,yBAAA;AAAA,YACA,yBAAA;AAAA,WACD,CAAA;AAAA,UACDC,2BAAqB,EAAA;AAAA,UACrBC,uBAAiB,EAAA;AAAA;AAAA,UAEjBC,kCAA4B,CAAA,EAAE,aAAe,EAAA,YAAA,EAAc,CAAA;AAAA,UAC3DC,qCAAA,CAA+B,EAAE,aAAA,EAAe,CAAA;AAAA,UAChDC,+BAAyB,EAAA;AAAA,UACzBC,mCAA6B,EAAA;AAAA,UAC7BC,mCAA6B,EAAA;AAAA,SAC/B,CAAA;AAEA,QAAM,MAAA,SAAA,GAAY,QAAQ,GAAI,CAAA,CAAA,MAAA,KAAU,OAAO,EAAE,CAAA,CAAE,KAAK,IAAI,CAAA,CAAA;AAE5D,QAAI,GAAA,CAAA,IAAA;AAAA,UACF,0DAA0D,SAAS,CAAA,CAAA;AAAA,SACrE,CAAA;AAEA,QAAM,MAAAC,QAAA,GAAS,MAAMC,mBAAa,CAAA;AAAA,UAChC,MAAQ,EAAA,GAAA;AAAA,UACR,MAAA;AAAA,UACA,QAAA;AAAA,UACA,aAAA;AAAA,UACA,MAAA;AAAA,UACA,SAAA;AAAA,UACA,OAAA;AAAA,UACA,UAAA;AAAA,UACA,yBAAA;AAAA,UACA,yBAAA;AAAA,UACA,WAAA;AAAA,SACD,CAAA,CAAA;AACD,QAAA,UAAA,CAAW,IAAID,QAAM,CAAA,CAAA;AAAA,OACvB;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;;;;"}
1
+ {"version":3,"file":"alpha.cjs.js","sources":["../src/service/conditionExports.ts","../src/ScaffolderPlugin.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n RESOURCE_TYPE_SCAFFOLDER_TEMPLATE,\n RESOURCE_TYPE_SCAFFOLDER_ACTION,\n} from '@backstage/plugin-scaffolder-common/alpha';\nimport { createConditionExports } from '@backstage/plugin-permission-node';\nimport { scaffolderTemplateRules, scaffolderActionRules } from './rules';\n\nconst templateConditionExports = createConditionExports({\n pluginId: 'scaffolder',\n resourceType: RESOURCE_TYPE_SCAFFOLDER_TEMPLATE,\n rules: scaffolderTemplateRules,\n});\n\nconst actionsConditionExports = createConditionExports({\n pluginId: 'scaffolder',\n resourceType: RESOURCE_TYPE_SCAFFOLDER_ACTION,\n rules: scaffolderActionRules,\n});\n\n/**\n * `createScaffolderTemplateConditionalDecision` can be used when authoring policies to\n * create conditional decisions. It requires a permission of type\n * `ResourcePermission<'scaffolder-template'>` to be passed as the first parameter.\n * It's recommended that you use the provided `isResourcePermission` and\n * `isPermission` helper methods to narrow the type of the permission passed to\n * the handle method as shown below.\n *\n * ```\n * // MyAuthorizationPolicy.ts\n * ...\n * import { createScaffolderPolicyDecision } from '@backstage/plugin-scaffolder-backend';\n * import { RESOURCE_TYPE_SCAFFOLDER_TEMPLATE } from '@backstage/plugin-scaffolder-common';\n *\n * class MyAuthorizationPolicy implements PermissionPolicy {\n * async handle(request, user) {\n * ...\n *\n * if (isResourcePermission(request.permission, RESOURCE_TYPE_SCAFFOLDER_TEMPLATE)) {\n * return createScaffolderConditionalDecision(\n * request.permission,\n * { anyOf: [...insert conditions here...] }\n * );\n * }\n *\n * ...\n * }\n *\n * ```\n *\n * @alpha\n */\nexport const createScaffolderTemplateConditionalDecision =\n templateConditionExports.createConditionalDecision;\n\n/**\n * These conditions are used when creating conditional decisions for scaffolder\n * templates that are returned by authorization policies.\n *\n * @alpha\n */\nexport const scaffolderTemplateConditions = templateConditionExports.conditions;\n\n/**\n * @alpha\n */\nexport const createScaffolderActionConditionalDecision =\n actionsConditionExports.createConditionalDecision;\n\n/**\n *\n * These conditions are used when creating conditional decisions for scaffolder\n * actions that are returned by authorization policies.\n *\n * @alpha\n */\nexport const scaffolderActionConditions = actionsConditionExports.conditions;\n","/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n createBackendPlugin,\n coreServices,\n} from '@backstage/backend-plugin-api';\nimport { loggerToWinstonLogger } from '@backstage/backend-common';\nimport { ScmIntegrations } from '@backstage/integration';\nimport { catalogServiceRef } from '@backstage/plugin-catalog-node/alpha';\nimport {\n TaskBroker,\n TemplateAction,\n TemplateFilter,\n TemplateGlobal,\n} from '@backstage/plugin-scaffolder-node';\nimport {\n scaffolderActionsExtensionPoint,\n scaffolderTaskBrokerExtensionPoint,\n scaffolderTemplatingExtensionPoint,\n} from '@backstage/plugin-scaffolder-node/alpha';\nimport {\n createCatalogRegisterAction,\n createCatalogWriteAction,\n createDebugLogAction,\n createFetchCatalogEntityAction,\n createFetchPlainAction,\n createFetchPlainFileAction,\n createFetchTemplateAction,\n createFilesystemDeleteAction,\n createFilesystemRenameAction,\n createWaitAction,\n} from './scaffolder';\nimport { createRouter } from './service/router';\n\n/**\n * Scaffolder plugin\n *\n * @alpha\n */\nexport const scaffolderPlugin = createBackendPlugin({\n pluginId: 'scaffolder',\n register(env) {\n const addedActions = new Array<TemplateAction<any, any>>();\n env.registerExtensionPoint(scaffolderActionsExtensionPoint, {\n addActions(...newActions: TemplateAction<any>[]) {\n addedActions.push(...newActions);\n },\n });\n\n let taskBroker: TaskBroker | undefined;\n env.registerExtensionPoint(scaffolderTaskBrokerExtensionPoint, {\n setTaskBroker(newTaskBroker) {\n if (taskBroker) {\n throw new Error('Task broker may only be set once');\n }\n taskBroker = newTaskBroker;\n },\n });\n\n const additionalTemplateFilters: Record<string, TemplateFilter> = {};\n const additionalTemplateGlobals: Record<string, TemplateGlobal> = {};\n env.registerExtensionPoint(scaffolderTemplatingExtensionPoint, {\n addTemplateFilters(newFilters) {\n Object.assign(additionalTemplateFilters, newFilters);\n },\n addTemplateGlobals(newGlobals) {\n Object.assign(additionalTemplateGlobals, newGlobals);\n },\n });\n\n env.registerInit({\n deps: {\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n lifecycle: coreServices.rootLifecycle,\n reader: coreServices.urlReader,\n permissions: coreServices.permissions,\n database: coreServices.database,\n auth: coreServices.auth,\n discovery: coreServices.discovery,\n httpRouter: coreServices.httpRouter,\n httpAuth: coreServices.httpAuth,\n catalogClient: catalogServiceRef,\n },\n async init({\n logger,\n config,\n lifecycle,\n reader,\n database,\n auth,\n discovery,\n httpRouter,\n httpAuth,\n catalogClient,\n permissions,\n }) {\n const log = loggerToWinstonLogger(logger);\n const integrations = ScmIntegrations.fromConfig(config);\n\n const actions = [\n // actions provided from other modules\n ...addedActions,\n\n // built-in actions for the scaffolder\n createFetchPlainAction({\n reader,\n integrations,\n }),\n createFetchPlainFileAction({\n reader,\n integrations,\n }),\n createFetchTemplateAction({\n integrations,\n reader,\n additionalTemplateFilters,\n additionalTemplateGlobals,\n }),\n createDebugLogAction(),\n createWaitAction(),\n // todo(blam): maybe these should be a -catalog module?\n createCatalogRegisterAction({ catalogClient, integrations, auth }),\n createFetchCatalogEntityAction({ catalogClient, auth }),\n createCatalogWriteAction(),\n createFilesystemDeleteAction(),\n createFilesystemRenameAction(),\n ];\n\n const actionIds = actions.map(action => action.id).join(', ');\n\n log.info(\n `Starting scaffolder with the following actions enabled ${actionIds}`,\n );\n\n const router = await createRouter({\n logger: log,\n config,\n database,\n catalogClient,\n reader,\n lifecycle,\n actions,\n taskBroker,\n additionalTemplateFilters,\n additionalTemplateGlobals,\n auth,\n httpAuth,\n discovery,\n permissions,\n });\n httpRouter.use(router);\n },\n });\n },\n});\n"],"names":["createConditionExports","RESOURCE_TYPE_SCAFFOLDER_TEMPLATE","scaffolderTemplateRules","RESOURCE_TYPE_SCAFFOLDER_ACTION","scaffolderActionRules","createBackendPlugin","scaffolderActionsExtensionPoint","scaffolderTaskBrokerExtensionPoint","scaffolderTemplatingExtensionPoint","coreServices","catalogServiceRef","loggerToWinstonLogger","ScmIntegrations","createFetchPlainAction","createFetchPlainFileAction","createFetchTemplateAction","createDebugLogAction","createWaitAction","createCatalogRegisterAction","createFetchCatalogEntityAction","createCatalogWriteAction","createFilesystemDeleteAction","createFilesystemRenameAction","router","createRouter"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,MAAM,2BAA2BA,2CAAuB,CAAA;AAAA,EACtD,QAAU,EAAA,YAAA;AAAA,EACV,YAAc,EAAAC,uCAAA;AAAA,EACd,KAAO,EAAAC,8BAAA;AACT,CAAC,CAAA,CAAA;AAED,MAAM,0BAA0BF,2CAAuB,CAAA;AAAA,EACrD,QAAU,EAAA,YAAA;AAAA,EACV,YAAc,EAAAG,qCAAA;AAAA,EACd,KAAO,EAAAC,4BAAA;AACT,CAAC,CAAA,CAAA;AAkCM,MAAM,8CACX,wBAAyB,CAAA,0BAAA;AAQpB,MAAM,+BAA+B,wBAAyB,CAAA,WAAA;AAK9D,MAAM,4CACX,uBAAwB,CAAA,0BAAA;AASnB,MAAM,6BAA6B,uBAAwB,CAAA;;ACtC3D,MAAM,mBAAmBC,oCAAoB,CAAA;AAAA,EAClD,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAM,MAAA,YAAA,GAAe,IAAI,KAAgC,EAAA,CAAA;AACzD,IAAA,GAAA,CAAI,uBAAuBC,uCAAiC,EAAA;AAAA,MAC1D,cAAc,UAAmC,EAAA;AAC/C,QAAa,YAAA,CAAA,IAAA,CAAK,GAAG,UAAU,CAAA,CAAA;AAAA,OACjC;AAAA,KACD,CAAA,CAAA;AAED,IAAI,IAAA,UAAA,CAAA;AACJ,IAAA,GAAA,CAAI,uBAAuBC,0CAAoC,EAAA;AAAA,MAC7D,cAAc,aAAe,EAAA;AAC3B,QAAA,IAAI,UAAY,EAAA;AACd,UAAM,MAAA,IAAI,MAAM,kCAAkC,CAAA,CAAA;AAAA,SACpD;AACA,QAAa,UAAA,GAAA,aAAA,CAAA;AAAA,OACf;AAAA,KACD,CAAA,CAAA;AAED,IAAA,MAAM,4BAA4D,EAAC,CAAA;AACnE,IAAA,MAAM,4BAA4D,EAAC,CAAA;AACnE,IAAA,GAAA,CAAI,uBAAuBC,0CAAoC,EAAA;AAAA,MAC7D,mBAAmB,UAAY,EAAA;AAC7B,QAAO,MAAA,CAAA,MAAA,CAAO,2BAA2B,UAAU,CAAA,CAAA;AAAA,OACrD;AAAA,MACA,mBAAmB,UAAY,EAAA;AAC7B,QAAO,MAAA,CAAA,MAAA,CAAO,2BAA2B,UAAU,CAAA,CAAA;AAAA,OACrD;AAAA,KACD,CAAA,CAAA;AAED,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,QAAQC,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,WAAWA,6BAAa,CAAA,aAAA;AAAA,QACxB,QAAQA,6BAAa,CAAA,SAAA;AAAA,QACrB,aAAaA,6BAAa,CAAA,WAAA;AAAA,QAC1B,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,MAAMA,6BAAa,CAAA,IAAA;AAAA,QACnB,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,YAAYA,6BAAa,CAAA,UAAA;AAAA,QACzB,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,aAAe,EAAAC,yBAAA;AAAA,OACjB;AAAA,MACA,MAAM,IAAK,CAAA;AAAA,QACT,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAA;AAAA,QACA,IAAA;AAAA,QACA,SAAA;AAAA,QACA,UAAA;AAAA,QACA,QAAA;AAAA,QACA,aAAA;AAAA,QACA,WAAA;AAAA,OACC,EAAA;AACD,QAAM,MAAA,GAAA,GAAMC,oCAAsB,MAAM,CAAA,CAAA;AACxC,QAAM,MAAA,YAAA,GAAeC,2BAAgB,CAAA,UAAA,CAAW,MAAM,CAAA,CAAA;AAEtD,QAAA,MAAM,OAAU,GAAA;AAAA;AAAA,UAEd,GAAG,YAAA;AAAA;AAAA,UAGHC,6BAAuB,CAAA;AAAA,YACrB,MAAA;AAAA,YACA,YAAA;AAAA,WACD,CAAA;AAAA,UACDC,iCAA2B,CAAA;AAAA,YACzB,MAAA;AAAA,YACA,YAAA;AAAA,WACD,CAAA;AAAA,UACDC,gCAA0B,CAAA;AAAA,YACxB,YAAA;AAAA,YACA,MAAA;AAAA,YACA,yBAAA;AAAA,YACA,yBAAA;AAAA,WACD,CAAA;AAAA,UACDC,2BAAqB,EAAA;AAAA,UACrBC,uBAAiB,EAAA;AAAA;AAAA,UAEjBC,kCAA4B,CAAA,EAAE,aAAe,EAAA,YAAA,EAAc,MAAM,CAAA;AAAA,UACjEC,qCAA+B,CAAA,EAAE,aAAe,EAAA,IAAA,EAAM,CAAA;AAAA,UACtDC,+BAAyB,EAAA;AAAA,UACzBC,mCAA6B,EAAA;AAAA,UAC7BC,mCAA6B,EAAA;AAAA,SAC/B,CAAA;AAEA,QAAM,MAAA,SAAA,GAAY,QAAQ,GAAI,CAAA,CAAA,MAAA,KAAU,OAAO,EAAE,CAAA,CAAE,KAAK,IAAI,CAAA,CAAA;AAE5D,QAAI,GAAA,CAAA,IAAA;AAAA,UACF,0DAA0D,SAAS,CAAA,CAAA;AAAA,SACrE,CAAA;AAEA,QAAM,MAAAC,QAAA,GAAS,MAAMC,mBAAa,CAAA;AAAA,UAChC,MAAQ,EAAA,GAAA;AAAA,UACR,MAAA;AAAA,UACA,QAAA;AAAA,UACA,aAAA;AAAA,UACA,MAAA;AAAA,UACA,SAAA;AAAA,UACA,OAAA;AAAA,UACA,UAAA;AAAA,UACA,yBAAA;AAAA,UACA,yBAAA;AAAA,UACA,IAAA;AAAA,UACA,QAAA;AAAA,UACA,SAAA;AAAA,UACA,WAAA;AAAA,SACD,CAAA,CAAA;AACD,QAAA,UAAA,CAAW,IAAID,QAAM,CAAA,CAAA;AAAA,OACvB;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;;;;;"}
package/dist/cjs/{router-ae706822.cjs.js → router-1665319e.cjs.js} RENAMED
@@ -1,5 +1,6 @@
1
1
  'use strict';
2
2
 
3
+ var backendCommon = require('@backstage/backend-common');
3
4
  var catalogModel = require('@backstage/catalog-model');
4
5
  var config = require('@backstage/config');
5
6
  var errors = require('@backstage/errors');
@@ -13,7 +14,6 @@ var zod = require('zod');
13
14
  var pluginScaffolderNode = require('@backstage/plugin-scaffolder-node');
14
15
  var yaml = require('yaml');
15
16
  var fs = require('fs-extra');
16
- var backendCommon = require('@backstage/backend-common');
17
17
  var path = require('path');
18
18
  var luxon = require('luxon');
19
19
  var globby = require('globby');
@@ -95,7 +95,7 @@ const examples$9 = [
95
95
 
96
96
  const id$4 = "catalog:register";
97
97
  function createCatalogRegisterAction(options) {
98
- const { catalogClient, integrations } = options;
98
+ const { catalogClient, integrations, auth } = options;
99
99
  return pluginScaffolderNode.createTemplateAction({
100
100
  id: id$4,
101
101
  description: "Registers entities from a catalog descriptor file in the workspace into the software catalog.",
@@ -175,13 +175,17 @@ function createCatalogRegisterAction(options) {
175
175
  });
176
176
  }
177
177
  ctx.logger.info(`Registering ${catalogInfoUrl} in the catalog`);
178
+ const { token } = (_b = await (auth == null ? void 0 : auth.getPluginRequestToken({
179
+ onBehalfOf: await ctx.getInitiatorCredentials(),
180
+ targetPluginId: "catalog"
181
+ }))) != null ? _b : { token: (_a = ctx.secrets) == null ? void 0 : _a.backstageToken };
178
182
  try {
179
183
  await catalogClient.addLocation(
180
184
  {
181
185
  type: "url",
182
186
  target: catalogInfoUrl
183
187
  },
184
- ((_a = ctx.secrets) == null ? void 0 : _a.backstageToken) ? { token: ctx.secrets.backstageToken } : {}
188
+ token ? { token } : {}
185
189
  );
186
190
  } catch (e) {
187
191
  if (!input.optional) {
@@ -195,7 +199,7 @@ function createCatalogRegisterAction(options) {
195
199
  type: "url",
196
200
  target: catalogInfoUrl
197
201
  },
198
- ((_b = ctx.secrets) == null ? void 0 : _b.backstageToken) ? { token: ctx.secrets.backstageToken } : {}
202
+ token ? { token } : {}
199
203
  );
200
204
  if (result.entities.length) {
201
205
  const { entities } = result;
@@ -316,7 +320,7 @@ const examples$7 = [
316
320
 
317
321
  const id$2 = "catalog:fetch";
318
322
  function createFetchCatalogEntityAction(options) {
319
- const { catalogClient } = options;
323
+ const { catalogClient, auth } = options;
320
324
  return pluginScaffolderNode.createTemplateAction({
321
325
  id: id$2,
322
326
  description: "Returns entity or entities from the catalog by entity reference(s)",
@@ -356,13 +360,17 @@ function createFetchCatalogEntityAction(options) {
356
360
  }
357
361
  throw new Error("Missing entity reference or references");
358
362
  }
363
+ const { token } = (_b = await (auth == null ? void 0 : auth.getPluginRequestToken({
364
+ onBehalfOf: await ctx.getInitiatorCredentials(),
365
+ targetPluginId: "catalog"
366
+ }))) != null ? _b : { token: (_a = ctx.secrets) == null ? void 0 : _a.backstageToken };
359
367
  if (entityRef) {
360
368
  const entity = await catalogClient.getEntityByRef(
361
369
  catalogModel.stringifyEntityRef(
362
370
  catalogModel.parseEntityRef(entityRef, { defaultKind, defaultNamespace })
363
371
  ),
364
372
  {
365
- token: (_a = ctx.secrets) == null ? void 0 : _a.backstageToken
373
+ token
366
374
  }
367
375
  );
368
376
  if (!entity && !optional) {
@@ -380,7 +388,7 @@ function createFetchCatalogEntityAction(options) {
380
388
  )
381
389
  },
382
390
  {
383
- token: (_b = ctx.secrets) == null ? void 0 : _b.backstageToken
391
+ token
384
392
  }
385
393
  );
386
394
  const finalEntities = entities.items.map((e, i) => {
@@ -1320,6 +1328,7 @@ const createBuiltinActions = (options) => {
1320
1328
  reader,
1321
1329
  integrations,
1322
1330
  catalogClient,
1331
+ auth,
1323
1332
  config,
1324
1333
  additionalTemplateFilters,
1325
1334
  additionalTemplateGlobals
@@ -1393,8 +1402,8 @@ const createBuiltinActions = (options) => {
1393
1402
  }),
1394
1403
  createDebugLogAction(),
1395
1404
  createWaitAction(),
1396
- createCatalogRegisterAction({ catalogClient, integrations }),
1397
- createFetchCatalogEntityAction({ catalogClient }),
1405
+ createCatalogRegisterAction({ catalogClient, integrations, auth }),
1406
+ createFetchCatalogEntityAction({ catalogClient, auth }),
1398
1407
  createCatalogWriteAction(),
1399
1408
  createFilesystemDeleteAction(),
1400
1409
  createFilesystemRenameAction(),
@@ -1893,16 +1902,17 @@ var __publicField$2 = (obj, key, value) => {
1893
1902
  };
1894
1903
  class TaskManager {
1895
1904
  // Runs heartbeat internally
1896
- constructor(task, storage, signal, logger) {
1905
+ constructor(task, storage, signal, logger, auth) {
1897
1906
  this.task = task;
1898
1907
  this.storage = storage;
1899
1908
  this.signal = signal;
1900
1909
  this.logger = logger;
1910
+ this.auth = auth;
1901
1911
  __publicField$2(this, "isDone", false);
1902
1912
  __publicField$2(this, "heartbeatTimeoutId");
1903
1913
  }
1904
- static create(task, storage, abortSignal, logger) {
1905
- const agent = new TaskManager(task, storage, abortSignal, logger);
1914
+ static create(task, storage, abortSignal, logger, auth) {
1915
+ const agent = new TaskManager(task, storage, abortSignal, logger, auth);
1906
1916
  agent.startTimeout();
1907
1917
  return agent;
1908
1918
  }
@@ -1975,6 +1985,17 @@ class TaskManager {
1975
1985
  }
1976
1986
  }, 1e3);
1977
1987
  }
1988
+ async getInitiatorCredentials() {
1989
+ if (this.task.secrets && "__initiatorCredentials" in this.task.secrets) {
1990
+ return JSON.parse(this.task.secrets.__initiatorCredentials);
1991
+ }
1992
+ if (!this.auth) {
1993
+ throw new Error(
1994
+ "Failed to create none credentials in scaffolder task. The TaskManager has not been initialized with an auth service implementation"
1995
+ );
1996
+ }
1997
+ return this.auth.getNoneCredentials();
1998
+ }
1978
1999
  }
1979
2000
  function defer() {
1980
2001
  let resolve = () => {
@@ -1985,10 +2006,11 @@ function defer() {
1985
2006
  return { promise, resolve };
1986
2007
  }
1987
2008
  class StorageTaskBroker {
1988
- constructor(storage, logger, config) {
2009
+ constructor(storage, logger, config, auth) {
1989
2010
  this.storage = storage;
1990
2011
  this.logger = logger;
1991
2012
  this.config = config;
2013
+ this.auth = auth;
1992
2014
  __publicField$2(this, "deferredDispatch", defer());
1993
2015
  }
1994
2016
  async list(options) {
@@ -2059,7 +2081,8 @@ class StorageTaskBroker {
2059
2081
  },
2060
2082
  this.storage,
2061
2083
  abortController.signal,
2062
- this.logger
2084
+ this.logger,
2085
+ this.auth
2063
2086
  );
2064
2087
  }
2065
2088
  await this.waitForDispatch();
@@ -2499,7 +2522,8 @@ class NunjucksWorkflowRunner {
2499
2522
  templateInfo: task.spec.templateInfo,
2500
2523
  user: task.spec.user,
2501
2524
  isDryRun: task.isDryRun,
2502
- signal: task.cancelSignal
2525
+ signal: task.cancelSignal,
2526
+ getInitiatorCredentials: task.getInitiatorCredentials
2503
2527
  });
2504
2528
  }
2505
2529
  for (const tmpDir of tmpDirs) {
@@ -2517,7 +2541,6 @@ class NunjucksWorkflowRunner {
2517
2541
  }
2518
2542
  }
2519
2543
  async execute(task) {
2520
- var _a;
2521
2544
  if (!isValidTaskSpec(task.spec)) {
2522
2545
  throw new errors.InputError(
2523
2546
  "Wrong template version executed with the workflow engine"
@@ -2545,7 +2568,7 @@ class NunjucksWorkflowRunner {
2545
2568
  };
2546
2569
  const [decision] = this.options.permissions && task.spec.steps.length ? await this.options.permissions.authorizeConditional(
2547
2570
  [{ permission: alpha.actionExecutePermission }],
2548
- { token: (_a = task.secrets) == null ? void 0 : _a.backstageToken }
2571
+ { credentials: await task.getInitiatorCredentials() }
2549
2572
  ) : [{ result: pluginPermissionCommon.AuthorizeResult.ALLOW }];
2550
2573
  for (const step of task.spec.steps) {
2551
2574
  await this.executeStep(
@@ -2868,6 +2891,7 @@ function createDryRunner(options) {
2868
2891
  }
2869
2892
  },
2870
2893
  secrets: input.secrets,
2894
+ getInitiatorCredentials: () => Promise.resolve(input.credentials),
2871
2895
  // No need to update this at the end of the run, so just hard-code it
2872
2896
  done: false,
2873
2897
  isDryRun: true,
@@ -3026,17 +3050,23 @@ async function createRouter(options) {
3026
3050
  additionalTemplateFilters,
3027
3051
  additionalTemplateGlobals,
3028
3052
  permissions,
3029
- permissionRules
3053
+ permissionRules,
3054
+ discovery = backendCommon.HostDiscovery.fromConfig(config),
3055
+ identity = buildDefaultIdentityClient(options)
3030
3056
  } = options;
3057
+ const { auth, httpAuth } = backendCommon.createLegacyAuthAdapters({
3058
+ ...options,
3059
+ identity,
3060
+ discovery
3061
+ });
3031
3062
  const concurrentTasksLimit = (_a = options.concurrentTasksLimit) != null ? _a : options.config.getOptionalNumber("scaffolder.concurrentTasksLimit");
3032
3063
  const logger = parentLogger.child({ plugin: "scaffolder" });
3033
- const identity = options.identity || buildDefaultIdentityClient(options);
3034
3064
  const workingDirectory = await getWorkingDirectory(config, logger);
3035
3065
  const integrations = integration.ScmIntegrations.fromConfig(config);
3036
3066
  let taskBroker;
3037
3067
  if (!options.taskBroker) {
3038
3068
  const databaseTaskStore = await DatabaseTaskStore.create({ database });
3039
- taskBroker = new StorageTaskBroker(databaseTaskStore, logger, config);
3069
+ taskBroker = new StorageTaskBroker(databaseTaskStore, logger, config, auth);
3040
3070
  if (scheduler && databaseTaskStore.listStaleTasks) {
3041
3071
  await scheduler.scheduleTask({
3042
3072
  id: "close_stale_tasks",
@@ -3090,7 +3120,8 @@ async function createRouter(options) {
3090
3120
  reader,
3091
3121
  config,
3092
3122
  additionalTemplateFilters,
3093
- additionalTemplateGlobals
3123
+ additionalTemplateGlobals,
3124
+ auth
3094
3125
  });
3095
3126
  actionsToRegister.forEach((action) => actionRegistry.register(action));
3096
3127
  const launchWorkers = () => workers.forEach((worker) => worker.start());
@@ -3144,11 +3175,16 @@ async function createRouter(options) {
3144
3175
  "/v2/templates/:namespace/:kind/:name/parameter-schema",
3145
3176
  async (req, res) => {
3146
3177
  var _a2, _b;
3147
- const userIdentity = await identity.getIdentity({
3148
- request: req
3178
+ const credentials = await httpAuth.credentials(req);
3179
+ const { token } = await auth.getPluginRequestToken({
3180
+ onBehalfOf: credentials,
3181
+ targetPluginId: "catalog"
3149
3182
  });
3150
- const token = userIdentity == null ? void 0 : userIdentity.token;
3151
- const template = await authorizeTemplate(req.params, token);
3183
+ const template = await authorizeTemplate(
3184
+ req.params,
3185
+ token,
3186
+ credentials
3187
+ );
3152
3188
  const parameters = [(_a2 = template.spec.parameters) != null ? _a2 : []].flat();
3153
3189
  const presentation = template.spec.presentation;
3154
3190
  res.json({
@@ -3182,11 +3218,12 @@ async function createRouter(options) {
3182
3218
  const { kind, namespace, name } = catalogModel.parseEntityRef(templateRef, {
3183
3219
  defaultKind: "template"
3184
3220
  });
3185
- const callerIdentity = await identity.getIdentity({
3186
- request: req
3221
+ const credentials = await httpAuth.credentials(req, { allow: ["user"] });
3222
+ const { token } = await auth.getPluginRequestToken({
3223
+ onBehalfOf: credentials,
3224
+ targetPluginId: "catalog"
3187
3225
  });
3188
- const token = callerIdentity == null ? void 0 : callerIdentity.token;
3189
- const userEntityRef = callerIdentity == null ? void 0 : callerIdentity.identity.userEntityRef;
3226
+ const userEntityRef = credentials.principal.userEntityRef;
3190
3227
  const userEntity = userEntityRef ? await catalogClient.getEntityByRef(userEntityRef, { token }) : void 0;
3191
3228
  let auditLog = `Scaffolding task for ${templateRef}`;
3192
3229
  if (userEntityRef) {
@@ -3196,7 +3233,8 @@ async function createRouter(options) {
3196
3233
  const values = req.body.values;
3197
3234
  const template = await authorizeTemplate(
3198
3235
  { kind, namespace, name },
3199
- token
3236
+ token,
3237
+ credentials
3200
3238
  );
3201
3239
  for (const parameters of [(_a2 = template.spec.parameters) != null ? _a2 : []].flat()) {
3202
3240
  const result2 = jsonschema.validate(values, parameters);
@@ -3236,7 +3274,8 @@ async function createRouter(options) {
3236
3274
  createdBy: userEntityRef,
3237
3275
  secrets: {
3238
3276
  ...req.body.secrets,
3239
- backstageToken: token
3277
+ backstageToken: token,
3278
+ initiatorCredentials: JSON.stringify(credentials)
3240
3279
  }
3241
3280
  });
3242
3281
  res.status(201).json({ id: result.taskId });
@@ -3331,7 +3370,7 @@ data: ${JSON.stringify(event)}
3331
3370
  clearTimeout(timeout);
3332
3371
  });
3333
3372
  }).post("/v2/dry-run", async (req, res) => {
3334
- var _a2, _b, _c, _d;
3373
+ var _a2, _b, _c;
3335
3374
  const bodySchema = zod.z.object({
3336
3375
  template: zod.z.unknown(),
3337
3376
  values: zod.z.record(zod.z.unknown()),
@@ -3347,10 +3386,12 @@ data: ${JSON.stringify(event)}
3347
3386
  if (!await pluginScaffolderCommon.templateEntityV1beta3Validator.check(template)) {
3348
3387
  throw new errors.InputError("Input template is not a template");
3349
3388
  }
3350
- const token = (_a2 = await identity.getIdentity({
3351
- request: req
3352
- })) == null ? void 0 : _a2.token;
3353
- for (const parameters of [(_b = template.spec.parameters) != null ? _b : []].flat()) {
3389
+ const credentials = await httpAuth.credentials(req);
3390
+ const { token } = await auth.getPluginRequestToken({
3391
+ onBehalfOf: credentials,
3392
+ targetPluginId: "catalog"
3393
+ });
3394
+ for (const parameters of [(_a2 = template.spec.parameters) != null ? _a2 : []].flat()) {
3354
3395
  const result2 = jsonschema.validate(body.values, parameters);
3355
3396
  if (!result2.valid) {
3356
3397
  res.status(400).json({ errors: result2.errors });
@@ -3369,17 +3410,18 @@ data: ${JSON.stringify(event)}
3369
3410
  spec: {
3370
3411
  apiVersion: template.apiVersion,
3371
3412
  steps,
3372
- output: (_c = template.spec.output) != null ? _c : {},
3413
+ output: (_b = template.spec.output) != null ? _b : {},
3373
3414
  parameters: body.values
3374
3415
  },
3375
- directoryContents: ((_d = body.directoryContents) != null ? _d : []).map((file) => ({
3416
+ directoryContents: ((_c = body.directoryContents) != null ? _c : []).map((file) => ({
3376
3417
  path: file.path,
3377
3418
  content: Buffer.from(file.base64Content, "base64")
3378
3419
  })),
3379
3420
  secrets: {
3380
3421
  ...body.secrets,
3381
3422
  ...token && { backstageToken: token }
3382
- }
3423
+ },
3424
+ credentials
3383
3425
  });
3384
3426
  res.status(200).json({
3385
3427
  ...result,
@@ -3394,7 +3436,7 @@ data: ${JSON.stringify(event)}
3394
3436
  const app = express__default["default"]();
3395
3437
  app.set("logger", logger);
3396
3438
  app.use("/", router);
3397
- async function authorizeTemplate(entityRef, token) {
3439
+ async function authorizeTemplate(entityRef, token, credentials) {
3398
3440
  const template = await findTemplate({
3399
3441
  catalogApi: catalogClient,
3400
3442
  entityRef,
@@ -3413,7 +3455,7 @@ data: ${JSON.stringify(event)}
3413
3455
  { permission: alpha.templateParameterReadPermission },
3414
3456
  { permission: alpha.templateStepReadPermission }
3415
3457
  ],
3416
- { token }
3458
+ { credentials }
3417
3459
  );
3418
3460
  if (Array.isArray(template.spec.parameters)) {
3419
3461
  template.spec.parameters = template.spec.parameters.filter(
@@ -3448,4 +3490,4 @@ exports.createRouter = createRouter;
3448
3490
  exports.createWaitAction = createWaitAction;
3449
3491
  exports.scaffolderActionRules = scaffolderActionRules;
3450
3492
  exports.scaffolderTemplateRules = scaffolderTemplateRules;
3451
- //# sourceMappingURL=router-ae706822.cjs.js.map
3493
+ //# sourceMappingURL=router-1665319e.cjs.js.map