@backstage/plugin-scaffolder-backend 1.22.8-next.0 → 1.22.8-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -0
- package/alpha/package.json +1 -1
- package/dist/alpha.cjs.js +1 -1
- package/dist/cjs/{router-CTk9mOV8.cjs.js → router-Czj3wQrV.cjs.js} +62 -3
- package/dist/cjs/router-Czj3wQrV.cjs.js.map +1 -0
- package/dist/index.cjs.js +1 -1
- package/package.json +15 -15
- package/dist/cjs/router-CTk9mOV8.cjs.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,33 @@
|
|
|
1
1
|
# @backstage/plugin-scaffolder-backend
|
|
2
2
|
|
|
3
|
+
## 1.22.8-next.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- bcec60f: added the following new permissions to the scaffolder backend endpoints:
|
|
8
|
+
|
|
9
|
+
- `scaffolder.task.create`
|
|
10
|
+
- `scaffolder.task.cancel`
|
|
11
|
+
- `scaffolder.task.read`
|
|
12
|
+
|
|
13
|
+
- Updated dependencies
|
|
14
|
+
- @backstage/backend-tasks@0.5.24-next.1
|
|
15
|
+
- @backstage/backend-plugin-api@0.6.19-next.1
|
|
16
|
+
- @backstage/plugin-permission-node@0.7.30-next.1
|
|
17
|
+
- @backstage/plugin-scaffolder-backend-module-gitea@0.1.9-next.1
|
|
18
|
+
- @backstage/backend-common@0.23.0-next.1
|
|
19
|
+
- @backstage/plugin-scaffolder-backend-module-gitlab@0.4.1-next.1
|
|
20
|
+
- @backstage/plugin-scaffolder-common@1.5.3-next.0
|
|
21
|
+
- @backstage/plugin-auth-node@0.4.14-next.1
|
|
22
|
+
- @backstage/plugin-catalog-backend-module-scaffolder-entity-model@0.1.17-next.1
|
|
23
|
+
- @backstage/plugin-catalog-node@1.12.1-next.0
|
|
24
|
+
- @backstage/plugin-scaffolder-backend-module-bitbucket@0.2.9-next.0
|
|
25
|
+
- @backstage/plugin-scaffolder-backend-module-bitbucket-cloud@0.1.9-next.0
|
|
26
|
+
- @backstage/plugin-scaffolder-backend-module-bitbucket-server@0.1.9-next.0
|
|
27
|
+
- @backstage/plugin-scaffolder-backend-module-gerrit@0.1.11-next.0
|
|
28
|
+
- @backstage/plugin-scaffolder-backend-module-github@0.2.9-next.1
|
|
29
|
+
- @backstage/plugin-scaffolder-node@0.4.5-next.1
|
|
30
|
+
|
|
3
31
|
## 1.22.8-next.0
|
|
4
32
|
|
|
5
33
|
### Patch Changes
|
package/alpha/package.json
CHANGED
package/dist/alpha.cjs.js
CHANGED
|
@@ -4,7 +4,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
|
4
4
|
|
|
5
5
|
var alpha = require('@backstage/plugin-scaffolder-common/alpha');
|
|
6
6
|
var pluginPermissionNode = require('@backstage/plugin-permission-node');
|
|
7
|
-
var router = require('./cjs/router-
|
|
7
|
+
var router = require('./cjs/router-Czj3wQrV.cjs.js');
|
|
8
8
|
var backendPluginApi = require('@backstage/backend-plugin-api');
|
|
9
9
|
var backendCommon = require('@backstage/backend-common');
|
|
10
10
|
var integration = require('@backstage/integration');
|
|
@@ -3158,6 +3158,24 @@ async function findTemplate(options) {
|
|
|
3158
3158
|
return template;
|
|
3159
3159
|
}
|
|
3160
3160
|
|
|
3161
|
+
async function checkPermission(options) {
|
|
3162
|
+
const { permissions, permissionService, credentials } = options;
|
|
3163
|
+
if (permissionService) {
|
|
3164
|
+
const permissionRequest = permissions.map((permission) => ({
|
|
3165
|
+
permission
|
|
3166
|
+
}));
|
|
3167
|
+
const authorizationResponses = await permissionService.authorize(
|
|
3168
|
+
permissionRequest,
|
|
3169
|
+
{ credentials }
|
|
3170
|
+
);
|
|
3171
|
+
for (const response of authorizationResponses) {
|
|
3172
|
+
if (response.result === pluginPermissionCommon.AuthorizeResult.DENY) {
|
|
3173
|
+
throw new errors.NotAllowedError();
|
|
3174
|
+
}
|
|
3175
|
+
}
|
|
3176
|
+
}
|
|
3177
|
+
}
|
|
3178
|
+
|
|
3161
3179
|
function isTemplatePermissionRuleInput(permissionRule) {
|
|
3162
3180
|
return permissionRule.resourceType === alpha.RESOURCE_TYPE_SCAFFOLDER_TEMPLATE;
|
|
3163
3181
|
}
|
|
@@ -3349,7 +3367,8 @@ async function createRouter(options) {
|
|
|
3349
3367
|
permissions: alpha.scaffolderActionPermissions,
|
|
3350
3368
|
rules: actionRules
|
|
3351
3369
|
}
|
|
3352
|
-
]
|
|
3370
|
+
],
|
|
3371
|
+
permissions: alpha.scaffolderTaskPermissions
|
|
3353
3372
|
});
|
|
3354
3373
|
router.use(permissionIntegrationRouter);
|
|
3355
3374
|
router.get(
|
|
@@ -3395,6 +3414,11 @@ async function createRouter(options) {
|
|
|
3395
3414
|
defaultKind: "template"
|
|
3396
3415
|
});
|
|
3397
3416
|
const credentials = await httpAuth.credentials(req);
|
|
3417
|
+
await checkPermission({
|
|
3418
|
+
credentials,
|
|
3419
|
+
permissions: [alpha.taskCreatePermission],
|
|
3420
|
+
permissionService: permissions
|
|
3421
|
+
});
|
|
3398
3422
|
const { token } = await auth.getPluginRequestToken({
|
|
3399
3423
|
onBehalfOf: credentials,
|
|
3400
3424
|
targetPluginId: "catalog"
|
|
@@ -3454,6 +3478,12 @@ async function createRouter(options) {
|
|
|
3454
3478
|
});
|
|
3455
3479
|
res.status(201).json({ id: result.taskId });
|
|
3456
3480
|
}).get("/v2/tasks", async (req, res) => {
|
|
3481
|
+
const credentials = await httpAuth.credentials(req);
|
|
3482
|
+
await checkPermission({
|
|
3483
|
+
credentials,
|
|
3484
|
+
permissions: [alpha.taskReadPermission],
|
|
3485
|
+
permissionService: permissions
|
|
3486
|
+
});
|
|
3457
3487
|
const [userEntityRef] = [req.query.createdBy].flat();
|
|
3458
3488
|
if (typeof userEntityRef !== "string" && typeof userEntityRef !== "undefined") {
|
|
3459
3489
|
throw new errors.InputError("createdBy query parameter must be a string");
|
|
@@ -3468,6 +3498,12 @@ async function createRouter(options) {
|
|
|
3468
3498
|
});
|
|
3469
3499
|
res.status(200).json(tasks);
|
|
3470
3500
|
}).get("/v2/tasks/:taskId", async (req, res) => {
|
|
3501
|
+
const credentials = await httpAuth.credentials(req);
|
|
3502
|
+
await checkPermission({
|
|
3503
|
+
credentials,
|
|
3504
|
+
permissions: [alpha.taskReadPermission],
|
|
3505
|
+
permissionService: permissions
|
|
3506
|
+
});
|
|
3471
3507
|
const { taskId } = req.params;
|
|
3472
3508
|
const task = await taskBroker.get(taskId);
|
|
3473
3509
|
if (!task) {
|
|
@@ -3476,10 +3512,22 @@ async function createRouter(options) {
|
|
|
3476
3512
|
delete task.secrets;
|
|
3477
3513
|
res.status(200).json(task);
|
|
3478
3514
|
}).post("/v2/tasks/:taskId/cancel", async (req, res) => {
|
|
3515
|
+
const credentials = await httpAuth.credentials(req);
|
|
3516
|
+
await checkPermission({
|
|
3517
|
+
credentials,
|
|
3518
|
+
permissions: [alpha.taskCancelPermission, alpha.taskReadPermission],
|
|
3519
|
+
permissionService: permissions
|
|
3520
|
+
});
|
|
3479
3521
|
const { taskId } = req.params;
|
|
3480
3522
|
await taskBroker.cancel?.(taskId);
|
|
3481
3523
|
res.status(200).json({ status: "cancelled" });
|
|
3482
3524
|
}).get("/v2/tasks/:taskId/eventstream", async (req, res) => {
|
|
3525
|
+
const credentials = await httpAuth.credentials(req);
|
|
3526
|
+
await checkPermission({
|
|
3527
|
+
credentials,
|
|
3528
|
+
permissions: [alpha.taskReadPermission],
|
|
3529
|
+
permissionService: permissions
|
|
3530
|
+
});
|
|
3483
3531
|
const { taskId } = req.params;
|
|
3484
3532
|
const after = req.query.after !== void 0 ? Number(req.query.after) : void 0;
|
|
3485
3533
|
logger.debug(`Event stream observing taskId '${taskId}' opened`);
|
|
@@ -3520,6 +3568,12 @@ data: ${JSON.stringify(event)}
|
|
|
3520
3568
|
logger.debug(`Event stream observing taskId '${taskId}' closed`);
|
|
3521
3569
|
});
|
|
3522
3570
|
}).get("/v2/tasks/:taskId/events", async (req, res) => {
|
|
3571
|
+
const credentials = await httpAuth.credentials(req);
|
|
3572
|
+
await checkPermission({
|
|
3573
|
+
credentials,
|
|
3574
|
+
permissions: [alpha.taskReadPermission],
|
|
3575
|
+
permissionService: permissions
|
|
3576
|
+
});
|
|
3523
3577
|
const { taskId } = req.params;
|
|
3524
3578
|
const after = Number(req.query.after) || void 0;
|
|
3525
3579
|
const timeout = setTimeout(() => {
|
|
@@ -3542,6 +3596,12 @@ data: ${JSON.stringify(event)}
|
|
|
3542
3596
|
clearTimeout(timeout);
|
|
3543
3597
|
});
|
|
3544
3598
|
}).post("/v2/dry-run", async (req, res) => {
|
|
3599
|
+
const credentials = await httpAuth.credentials(req);
|
|
3600
|
+
await checkPermission({
|
|
3601
|
+
credentials,
|
|
3602
|
+
permissions: [alpha.taskCreatePermission],
|
|
3603
|
+
permissionService: permissions
|
|
3604
|
+
});
|
|
3545
3605
|
const bodySchema = zod.z.object({
|
|
3546
3606
|
template: zod.z.unknown(),
|
|
3547
3607
|
values: zod.z.record(zod.z.unknown()),
|
|
@@ -3557,7 +3617,6 @@ data: ${JSON.stringify(event)}
|
|
|
3557
3617
|
if (!await pluginScaffolderCommon.templateEntityV1beta3Validator.check(template)) {
|
|
3558
3618
|
throw new errors.InputError("Input template is not a template");
|
|
3559
3619
|
}
|
|
3560
|
-
const credentials = await httpAuth.credentials(req);
|
|
3561
3620
|
const { token } = await auth.getPluginRequestToken({
|
|
3562
3621
|
onBehalfOf: credentials,
|
|
3563
3622
|
targetPluginId: "catalog"
|
|
@@ -3658,4 +3717,4 @@ exports.createRouter = createRouter;
|
|
|
3658
3717
|
exports.createWaitAction = createWaitAction;
|
|
3659
3718
|
exports.scaffolderActionRules = scaffolderActionRules;
|
|
3660
3719
|
exports.scaffolderTemplateRules = scaffolderTemplateRules;
|
|
3661
|
-
//# sourceMappingURL=router-
|
|
3720
|
+
//# sourceMappingURL=router-Czj3wQrV.cjs.js.map
|