@techdocs/cli 1.8.20-next.1 → 1.8.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/dist/{cjs/generate-CHbYjdPP.cjs.js → commands/generate/generate.cjs.js} +4 -5
  3. package/dist/commands/generate/generate.cjs.js.map +1 -0
  4. package/dist/commands/index.cjs.js +231 -0
  5. package/dist/commands/index.cjs.js.map +1 -0
  6. package/dist/{cjs/migrate-Ddd_MQkE.cjs.js → commands/migrate/migrate.cjs.js} +5 -7
  7. package/dist/commands/migrate/migrate.cjs.js.map +1 -0
  8. package/dist/{cjs/publish-DH7Mbt7b.cjs.js → commands/publish/publish.cjs.js} +5 -7
  9. package/dist/commands/publish/publish.cjs.js.map +1 -0
  10. package/dist/{cjs/mkdocs-HM8xNBvh.cjs.js → commands/serve/mkdocs.cjs.js} +9 -10
  11. package/dist/commands/serve/mkdocs.cjs.js.map +1 -0
  12. package/dist/{cjs/serve-QoNUyZPw.cjs.js → commands/serve/serve.cjs.js} +12 -94
  13. package/dist/commands/serve/serve.cjs.js.map +1 -0
  14. package/dist/commands/serve/utils.cjs.js +24 -0
  15. package/dist/commands/serve/utils.cjs.js.map +1 -0
  16. package/dist/embedded-app/.config-schema.json +2480 -1224
  17. package/dist/embedded-app/index.html +1 -1
  18. package/dist/embedded-app/index.html.tmpl +1 -1
  19. package/dist/embedded-app/static/{4036.a109c6eb.chunk.js → 4036.c70fd6f0.chunk.js} +2 -2
  20. package/dist/embedded-app/static/{4036.a109c6eb.chunk.js.map → 4036.c70fd6f0.chunk.js.map} +1 -1
  21. package/dist/embedded-app/static/{9605.7441e12c.chunk.js → 9605.6d4a0d4f.chunk.js} +3 -3
  22. package/dist/embedded-app/static/{9605.7441e12c.chunk.js.map → 9605.6d4a0d4f.chunk.js.map} +1 -1
  23. package/dist/embedded-app/static/{main.abfbd79f.js → main.9768e58f.js} +39 -19
  24. package/dist/embedded-app/static/main.9768e58f.js.map +1 -0
  25. package/dist/embedded-app/static/{module-material-ui.116dde6e.js → module-material-ui.05c1a36a.js} +4 -4
  26. package/dist/embedded-app/static/{module-material-ui.116dde6e.js.map → module-material-ui.05c1a36a.js.map} +1 -1
  27. package/dist/embedded-app/static/{runtime.abfbd79f.js → runtime.9768e58f.js} +2 -2
  28. package/dist/embedded-app/static/{runtime.abfbd79f.js.map → runtime.9768e58f.js.map} +1 -1
  29. package/dist/embedded-app/static/vendor.9768e58f.js +169 -0
  30. package/dist/embedded-app/static/vendor.9768e58f.js.map +1 -0
  31. package/dist/index.cjs.js +4 -230
  32. package/dist/index.cjs.js.map +1 -1
  33. package/dist/{cjs/PublisherConfig-Cn5i8vF5.cjs.js → lib/PublisherConfig.cjs.js} +1 -1
  34. package/dist/lib/PublisherConfig.cjs.js.map +1 -0
  35. package/dist/lib/httpServer.cjs.js +93 -0
  36. package/dist/lib/httpServer.cjs.js.map +1 -0
  37. package/dist/lib/mkdocsServer.cjs.js +58 -0
  38. package/dist/lib/mkdocsServer.cjs.js.map +1 -0
  39. package/dist/lib/run.cjs.js +58 -0
  40. package/dist/lib/run.cjs.js.map +1 -0
  41. package/dist/{cjs/utility-CsspJYjU.cjs.js → lib/utility.cjs.js} +1 -1
  42. package/dist/lib/utility.cjs.js.map +1 -0
  43. package/dist/package.json.cjs.js +6 -0
  44. package/dist/package.json.cjs.js.map +1 -0
  45. package/package.json +7 -7
  46. package/dist/cjs/PublisherConfig-Cn5i8vF5.cjs.js.map +0 -1
  47. package/dist/cjs/generate-CHbYjdPP.cjs.js.map +0 -1
  48. package/dist/cjs/migrate-Ddd_MQkE.cjs.js.map +0 -1
  49. package/dist/cjs/mkdocs-HM8xNBvh.cjs.js.map +0 -1
  50. package/dist/cjs/publish-DH7Mbt7b.cjs.js.map +0 -1
  51. package/dist/cjs/serve-QoNUyZPw.cjs.js.map +0 -1
  52. package/dist/cjs/utility-CsspJYjU.cjs.js.map +0 -1
  53. package/dist/cjs/utils-FcpnJ4zG.cjs.js +0 -129
  54. package/dist/cjs/utils-FcpnJ4zG.cjs.js.map +0 -1
  55. package/dist/embedded-app/static/main.abfbd79f.js.map +0 -1
  56. package/dist/embedded-app/static/vendor.abfbd79f.js +0 -169
  57. package/dist/embedded-app/static/vendor.abfbd79f.js.map +0 -1
package/dist/embedded-app/.config-schema.json CHANGED
@@ -889,36 +889,6 @@
889
889
  "$schema": "http://json-schema.org/draft-07/schema#"
890
890
  }
891
891
  },
892
- {
893
- "path": "../../plugins/catalog/config.d.ts",
894
- "value": {
895
- "type": "object",
896
- "properties": {
897
- "catalog": {
898
- "type": "object",
899
- "properties": {
900
- "experimentalPagination": {
901
- "deepVisibility": "frontend",
902
- "anyOf": [
903
- {
904
- "type": "object",
905
- "properties": {
906
- "limit": {
907
- "type": "number"
908
- }
909
- }
910
- },
911
- {
912
- "type": "boolean"
913
- }
914
- ]
915
- }
916
- }
917
- }
918
- },
919
- "$schema": "http://json-schema.org/draft-07/schema#"
920
- }
921
- },
922
892
  {
923
893
  "path": "../frontend-app-api/config.d.ts",
924
894
  "value": {
@@ -1031,6 +1001,36 @@
1031
1001
  "$schema": "http://json-schema.org/draft-07/schema#"
1032
1002
  }
1033
1003
  },
1004
+ {
1005
+ "path": "../../plugins/catalog/config.d.ts",
1006
+ "value": {
1007
+ "type": "object",
1008
+ "properties": {
1009
+ "catalog": {
1010
+ "type": "object",
1011
+ "properties": {
1012
+ "experimentalPagination": {
1013
+ "deepVisibility": "frontend",
1014
+ "anyOf": [
1015
+ {
1016
+ "type": "object",
1017
+ "properties": {
1018
+ "limit": {
1019
+ "type": "number"
1020
+ }
1021
+ }
1022
+ },
1023
+ {
1024
+ "type": "boolean"
1025
+ }
1026
+ ]
1027
+ }
1028
+ }
1029
+ }
1030
+ },
1031
+ "$schema": "http://json-schema.org/draft-07/schema#"
1032
+ }
1033
+ },
1034
1034
  {
1035
1035
  "path": "../../node_modules/@backstage-community/plugin-stackstorm/config.d.ts",
1036
1036
  "value": {
@@ -1524,43 +1524,255 @@
1524
1524
  }
1525
1525
  },
1526
1526
  {
1527
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/core-components/config.d.ts",
1527
+ "path": "../../plugins/auth-backend/config.d.ts",
1528
1528
  "value": {
1529
1529
  "type": "object",
1530
1530
  "properties": {
1531
1531
  "auth": {
1532
+ "description": "Configuration options for the auth plugin",
1532
1533
  "type": "object",
1533
1534
  "properties": {
1534
- "autologout": {
1535
- "description": "Autologout feature configuration",
1535
+ "environment": {
1536
+ "description": "The 'environment' attribute",
1537
+ "visibility": "frontend",
1538
+ "type": "string"
1539
+ },
1540
+ "session": {
1536
1541
  "type": "object",
1537
1542
  "properties": {
1538
- "enabled": {
1539
- "description": "Enable or disable the autologout feature",
1540
- "visibility": "frontend",
1541
- "type": "boolean"
1543
+ "secret": {
1544
+ "description": "The secret attribute of session object.",
1545
+ "visibility": "secret",
1546
+ "type": "string"
1547
+ }
1548
+ }
1549
+ },
1550
+ "identityTokenAlgorithm": {
1551
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match one of the algorithms defined for IdentityClient.\nWhen setting a different algorithm, check if the `key` field\nof the `signing_keys` table can fit the length of the generated keys.\nIf not, add a knex migration file in the migrations folder.\nMore info on supported algorithms: https://github.com/panva/jose",
1552
+ "type": "string"
1553
+ },
1554
+ "keyStore": {
1555
+ "description": "To control how to store JWK data in auth-backend",
1556
+ "type": "object",
1557
+ "properties": {
1558
+ "provider": {
1559
+ "enum": [
1560
+ "database",
1561
+ "firestore",
1562
+ "memory",
1563
+ "static"
1564
+ ],
1565
+ "type": "string"
1542
1566
  },
1543
- "idleTimeoutMinutes": {
1544
- "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
1545
- "visibility": "frontend",
1546
- "type": "number"
1567
+ "firestore": {
1568
+ "type": "object",
1569
+ "properties": {
1570
+ "host": {
1571
+ "description": "The host to connect to",
1572
+ "type": "string"
1573
+ },
1574
+ "port": {
1575
+ "description": "The port to connect to",
1576
+ "type": "number"
1577
+ },
1578
+ "ssl": {
1579
+ "description": "Whether to use SSL when connecting.",
1580
+ "type": "boolean"
1581
+ },
1582
+ "projectId": {
1583
+ "description": "The Google Cloud Project ID",
1584
+ "type": "string"
1585
+ },
1586
+ "keyFilename": {
1587
+ "description": "Local file containing the Service Account credentials.\nYou can omit this value to automatically read from\nGOOGLE_APPLICATION_CREDENTIALS env which is useful for local\ndevelopment.",
1588
+ "type": "string"
1589
+ },
1590
+ "path": {
1591
+ "description": "The path to use for the collection. Defaults to 'sessions'",
1592
+ "type": "string"
1593
+ },
1594
+ "timeout": {
1595
+ "description": "Timeout used for database operations. Defaults to 10000ms",
1596
+ "type": "number"
1597
+ }
1598
+ }
1547
1599
  },
1548
- "promptBeforeIdleSeconds": {
1549
- "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
1600
+ "static": {
1601
+ "type": "object",
1602
+ "properties": {
1603
+ "keys": {
1604
+ "description": "Must be declared at least once and the first one will be used for signing",
1605
+ "type": "array",
1606
+ "items": {
1607
+ "type": "object",
1608
+ "properties": {
1609
+ "publicKeyFile": {
1610
+ "description": "Path to the public key file in the SPKI format",
1611
+ "type": "string"
1612
+ },
1613
+ "privateKeyFile": {
1614
+ "description": "Path to the matching private key file in the PKCS#8 format",
1615
+ "type": "string"
1616
+ },
1617
+ "keyId": {
1618
+ "description": "id to uniquely identify this key within the JWK set",
1619
+ "type": "string"
1620
+ },
1621
+ "algorithm": {
1622
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
1623
+ "type": "string"
1624
+ }
1625
+ },
1626
+ "required": [
1627
+ "keyId",
1628
+ "privateKeyFile",
1629
+ "publicKeyFile"
1630
+ ]
1631
+ }
1632
+ }
1633
+ },
1634
+ "required": [
1635
+ "keys"
1636
+ ]
1637
+ }
1638
+ }
1639
+ },
1640
+ "providers": {
1641
+ "description": "The available auth-provider options and attributes",
1642
+ "additionalProperties": true,
1643
+ "type": "object",
1644
+ "properties": {
1645
+ "saml": {
1550
1646
  "visibility": "frontend",
1551
- "type": "number"
1647
+ "type": "object",
1648
+ "properties": {
1649
+ "entryPoint": {
1650
+ "type": "string"
1651
+ },
1652
+ "logoutUrl": {
1653
+ "type": "string"
1654
+ },
1655
+ "issuer": {
1656
+ "type": "string"
1657
+ },
1658
+ "cert": {
1659
+ "visibility": "secret",
1660
+ "type": "string"
1661
+ },
1662
+ "audience": {
1663
+ "type": "string"
1664
+ },
1665
+ "privateKey": {
1666
+ "visibility": "secret",
1667
+ "type": "string"
1668
+ },
1669
+ "authnContext": {
1670
+ "type": "array",
1671
+ "items": {
1672
+ "type": "string"
1673
+ }
1674
+ },
1675
+ "identifierFormat": {
1676
+ "type": "string"
1677
+ },
1678
+ "decryptionPvk": {
1679
+ "visibility": "secret",
1680
+ "type": "string"
1681
+ },
1682
+ "signatureAlgorithm": {
1683
+ "enum": [
1684
+ "sha256",
1685
+ "sha512"
1686
+ ],
1687
+ "type": "string"
1688
+ },
1689
+ "digestAlgorithm": {
1690
+ "type": "string"
1691
+ },
1692
+ "acceptedClockSkewMs": {
1693
+ "type": "number"
1694
+ }
1695
+ },
1696
+ "required": [
1697
+ "cert",
1698
+ "entryPoint",
1699
+ "issuer"
1700
+ ]
1552
1701
  },
1553
- "useWorkerTimers": {
1554
- "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
1702
+ "auth0": {
1555
1703
  "visibility": "frontend",
1556
- "type": "boolean"
1704
+ "type": "object",
1705
+ "additionalProperties": {
1706
+ "type": "object",
1707
+ "properties": {
1708
+ "clientId": {
1709
+ "type": "string"
1710
+ },
1711
+ "clientSecret": {
1712
+ "visibility": "secret",
1713
+ "type": "string"
1714
+ },
1715
+ "domain": {
1716
+ "type": "string"
1717
+ },
1718
+ "callbackUrl": {
1719
+ "type": "string"
1720
+ },
1721
+ "audience": {
1722
+ "type": "string"
1723
+ },
1724
+ "connection": {
1725
+ "type": "string"
1726
+ },
1727
+ "connectionScope": {
1728
+ "type": "string"
1729
+ }
1730
+ },
1731
+ "required": [
1732
+ "clientId",
1733
+ "clientSecret",
1734
+ "domain"
1735
+ ]
1736
+ }
1557
1737
  },
1558
- "logoutIfDisconnected": {
1559
- "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
1738
+ "onelogin": {
1560
1739
  "visibility": "frontend",
1561
- "type": "boolean"
1740
+ "type": "object",
1741
+ "additionalProperties": {
1742
+ "type": "object",
1743
+ "properties": {
1744
+ "clientId": {
1745
+ "type": "string"
1746
+ },
1747
+ "clientSecret": {
1748
+ "visibility": "secret",
1749
+ "type": "string"
1750
+ },
1751
+ "issuer": {
1752
+ "type": "string"
1753
+ },
1754
+ "callbackUrl": {
1755
+ "type": "string"
1756
+ }
1757
+ },
1758
+ "required": [
1759
+ "clientId",
1760
+ "clientSecret",
1761
+ "issuer"
1762
+ ]
1763
+ }
1764
+ },
1765
+ "backstageTokenExpiration": {
1766
+ "description": "The backstage token expiration."
1562
1767
  }
1563
1768
  }
1769
+ },
1770
+ "experimentalExtraAllowedOrigins": {
1771
+ "description": "Additional app origins to allow for authenticating",
1772
+ "type": "array",
1773
+ "items": {
1774
+ "type": "string"
1775
+ }
1564
1776
  }
1565
1777
  }
1566
1778
  }
@@ -1569,61 +1781,88 @@
1569
1781
  }
1570
1782
  },
1571
1783
  {
1572
- "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/core-components/config.d.ts",
1784
+ "path": "../../plugins/auth-backend-module-guest-provider/config.d.ts",
1573
1785
  "value": {
1574
1786
  "type": "object",
1575
1787
  "properties": {
1576
1788
  "auth": {
1789
+ "description": "Configuration options for the auth plugin",
1577
1790
  "type": "object",
1578
1791
  "properties": {
1579
- "autologout": {
1580
- "description": "Autologout feature configuration",
1792
+ "providers": {
1581
1793
  "type": "object",
1582
1794
  "properties": {
1583
- "enabled": {
1584
- "description": "Enable or disable the autologout feature",
1585
- "visibility": "frontend",
1586
- "type": "boolean"
1587
- },
1588
- "idleTimeoutMinutes": {
1589
- "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
1590
- "visibility": "frontend",
1591
- "type": "number"
1592
- },
1593
- "promptBeforeIdleSeconds": {
1594
- "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
1595
- "visibility": "frontend",
1596
- "type": "number"
1597
- },
1598
- "useWorkerTimers": {
1599
- "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
1600
- "visibility": "frontend",
1601
- "type": "boolean"
1602
- },
1603
- "logoutIfDisconnected": {
1604
- "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
1605
- "visibility": "frontend",
1606
- "type": "boolean"
1607
- }
1795
+ "guest": {
1796
+ "type": "object",
1797
+ "properties": {
1798
+ "userEntityRef": {
1799
+ "description": "The entity reference to use for the guest user.",
1800
+ "default": "user:development/guest",
1801
+ "type": "string"
1802
+ },
1803
+ "ownershipEntityRefs": {
1804
+ "description": "A list of entity references to user for ownership of the guest user if the user\n is not found in the catalog.",
1805
+ "default": "[userEntityRef]",
1806
+ "type": "array",
1807
+ "items": {
1808
+ "type": "string"
1809
+ }
1810
+ },
1811
+ "dangerouslyAllowOutsideDevelopment": {
1812
+ "description": "Allow users to sign in with the guest provider outside of their development environments.",
1813
+ "type": "boolean"
1814
+ }
1815
+ }
1816
+ }
1608
1817
  }
1609
1818
  }
1610
- }
1819
+ },
1820
+ "required": [
1821
+ "providers"
1822
+ ]
1611
1823
  }
1612
1824
  },
1613
1825
  "$schema": "http://json-schema.org/draft-07/schema#"
1614
1826
  }
1615
1827
  },
1616
1828
  {
1617
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/backend-plugin-api/config.d.ts",
1829
+ "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/core-components/config.d.ts",
1618
1830
  "value": {
1619
1831
  "type": "object",
1620
1832
  "properties": {
1621
- "backend": {
1833
+ "auth": {
1622
1834
  "type": "object",
1623
1835
  "properties": {
1624
- "workingDirectory": {
1625
- "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
1626
- "type": "string"
1836
+ "autologout": {
1837
+ "description": "Autologout feature configuration",
1838
+ "type": "object",
1839
+ "properties": {
1840
+ "enabled": {
1841
+ "description": "Enable or disable the autologout feature",
1842
+ "visibility": "frontend",
1843
+ "type": "boolean"
1844
+ },
1845
+ "idleTimeoutMinutes": {
1846
+ "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
1847
+ "visibility": "frontend",
1848
+ "type": "number"
1849
+ },
1850
+ "promptBeforeIdleSeconds": {
1851
+ "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
1852
+ "visibility": "frontend",
1853
+ "type": "number"
1854
+ },
1855
+ "useWorkerTimers": {
1856
+ "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
1857
+ "visibility": "frontend",
1858
+ "type": "boolean"
1859
+ },
1860
+ "logoutIfDisconnected": {
1861
+ "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
1862
+ "visibility": "frontend",
1863
+ "type": "boolean"
1864
+ }
1865
+ }
1627
1866
  }
1628
1867
  }
1629
1868
  }
@@ -1632,442 +1871,1142 @@
1632
1871
  }
1633
1872
  },
1634
1873
  {
1635
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/integration/config.d.ts",
1874
+ "path": "../integration-aws-node/config.d.ts",
1636
1875
  "value": {
1637
1876
  "type": "object",
1638
1877
  "properties": {
1639
- "integrations": {
1640
- "description": "Configuration for integrations towards various external repository provider systems",
1641
- "visibility": "frontend",
1878
+ "aws": {
1879
+ "description": "Configuration for access to AWS accounts",
1642
1880
  "type": "object",
1643
1881
  "properties": {
1644
- "azure": {
1645
- "description": "Integration configuration for Azure",
1646
- "type": "array",
1647
- "items": {
1648
- "type": "object",
1649
- "properties": {
1650
- "host": {
1651
- "description": "The hostname of the given Azure instance",
1652
- "visibility": "frontend",
1653
- "type": "string"
1654
- },
1655
- "token": {
1656
- "description": "Token used to authenticate requests.",
1657
- "visibility": "secret",
1658
- "deprecated": "Use `credentials` instead.",
1659
- "type": "string"
1660
- },
1661
- "credential": {
1662
- "description": "The credential to use for requests.\n\nIf no credential is specified anonymous access is used.",
1663
- "deepVisibility": "secret",
1664
- "deprecated": "Use `credentials` instead.",
1665
- "type": "object",
1666
- "properties": {
1667
- "clientId": {
1668
- "type": "string"
1669
- },
1670
- "clientSecret": {
1671
- "type": "string"
1672
- },
1673
- "tenantId": {
1674
- "type": "string"
1675
- },
1676
- "personalAccessToken": {
1677
- "type": "string"
1678
- }
1679
- }
1680
- },
1681
- "credentials": {
1682
- "description": "The credentials to use for requests. If multiple credentials are specified the first one that matches the organization is used.\nIf not organization matches the first credential without an organization is used.\n\nIf no credentials are specified at all, either a default credential (for Azure DevOps) or anonymous access (for Azure DevOps Server) is used.",
1683
- "deepVisibility": "secret",
1684
- "type": "array",
1685
- "items": {
1686
- "type": "object",
1687
- "properties": {
1688
- "clientId": {
1689
- "type": "string"
1690
- },
1691
- "clientSecret": {
1692
- "type": "string"
1693
- },
1694
- "tenantId": {
1695
- "type": "string"
1696
- },
1697
- "personalAccessToken": {
1698
- "type": "string"
1699
- }
1700
- }
1701
- }
1702
- }
1882
+ "accountDefaults": {
1883
+ "description": "Defaults for retrieving AWS account credentials",
1884
+ "type": "object",
1885
+ "properties": {
1886
+ "roleName": {
1887
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1888
+ "type": "string"
1703
1889
  },
1704
- "required": [
1705
- "host"
1706
- ]
1890
+ "partition": {
1891
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1892
+ "type": "string"
1893
+ },
1894
+ "region": {
1895
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1896
+ "type": "string"
1897
+ },
1898
+ "externalId": {
1899
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1900
+ "visibility": "secret",
1901
+ "type": "string"
1902
+ }
1707
1903
  }
1708
1904
  },
1709
- "bitbucket": {
1710
- "description": "Integration configuration for Bitbucket",
1711
- "deprecated": "replaced by bitbucketCloud and bitbucketServer",
1905
+ "mainAccount": {
1906
+ "description": "Main account to use for retrieving AWS account credentials",
1907
+ "type": "object",
1908
+ "properties": {
1909
+ "accessKeyId": {
1910
+ "description": "The access key ID for a set of static AWS credentials",
1911
+ "visibility": "secret",
1912
+ "type": "string"
1913
+ },
1914
+ "secretAccessKey": {
1915
+ "description": "The secret access key for a set of static AWS credentials",
1916
+ "visibility": "secret",
1917
+ "type": "string"
1918
+ },
1919
+ "profile": {
1920
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1921
+ "type": "string"
1922
+ },
1923
+ "region": {
1924
+ "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
1925
+ "type": "string"
1926
+ }
1927
+ }
1928
+ },
1929
+ "accounts": {
1930
+ "description": "Configuration for retrieving AWS accounts credentials",
1712
1931
  "type": "array",
1713
1932
  "items": {
1714
1933
  "type": "object",
1715
1934
  "properties": {
1716
- "host": {
1717
- "description": "The hostname of the given Bitbucket instance",
1718
- "visibility": "frontend",
1935
+ "accountId": {
1936
+ "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
1719
1937
  "type": "string"
1720
1938
  },
1721
- "token": {
1722
- "description": "Token used to authenticate requests.",
1939
+ "accessKeyId": {
1940
+ "description": "The access key ID for a set of static AWS credentials",
1723
1941
  "visibility": "secret",
1724
1942
  "type": "string"
1725
1943
  },
1726
- "apiBaseUrl": {
1727
- "description": "The base url for the Bitbucket API, for example https://api.bitbucket.org/2.0",
1728
- "visibility": "frontend",
1729
- "type": "string"
1730
- },
1731
- "username": {
1732
- "description": "The username to use for authenticated requests.",
1944
+ "secretAccessKey": {
1945
+ "description": "The secret access key for a set of static AWS credentials",
1733
1946
  "visibility": "secret",
1734
1947
  "type": "string"
1735
1948
  },
1736
- "appPassword": {
1737
- "description": "Bitbucket app password used to authenticate requests.",
1738
- "visibility": "secret",
1739
- "type": "string"
1740
- }
1741
- },
1742
- "required": [
1743
- "host"
1744
- ]
1745
- }
1746
- },
1747
- "bitbucketCloud": {
1748
- "description": "Integration configuration for Bitbucket Cloud",
1749
- "type": "array",
1750
- "items": {
1751
- "type": "object",
1752
- "properties": {
1753
- "username": {
1754
- "description": "The username to use for authenticated requests.",
1755
- "visibility": "secret",
1949
+ "profile": {
1950
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1756
1951
  "type": "string"
1757
1952
  },
1758
- "appPassword": {
1759
- "description": "Bitbucket Cloud app password used to authenticate requests.",
1760
- "visibility": "secret",
1761
- "type": "string"
1762
- }
1763
- },
1764
- "required": [
1765
- "appPassword",
1766
- "username"
1767
- ]
1768
- }
1769
- },
1770
- "bitbucketServer": {
1771
- "description": "Integration configuration for Bitbucket Server",
1772
- "type": "array",
1773
- "items": {
1774
- "type": "object",
1775
- "properties": {
1776
- "host": {
1777
- "description": "The hostname of the given Bitbucket Server instance",
1778
- "visibility": "frontend",
1953
+ "roleName": {
1954
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1779
1955
  "type": "string"
1780
1956
  },
1781
- "token": {
1782
- "description": "Token used to authenticate requests.",
1783
- "visibility": "secret",
1957
+ "partition": {
1958
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1784
1959
  "type": "string"
1785
1960
  },
1786
- "username": {
1787
- "description": "Username used to authenticate requests with Basic Auth.",
1788
- "visibility": "secret",
1961
+ "region": {
1962
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1789
1963
  "type": "string"
1790
1964
  },
1791
- "password": {
1792
- "description": "Password (or token as password) used to authenticate requests with Basic Auth.",
1965
+ "externalId": {
1966
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1793
1967
  "visibility": "secret",
1794
1968
  "type": "string"
1795
- },
1796
- "apiBaseUrl": {
1797
- "description": "The base url for the Bitbucket Server API, for example https://<host>/rest/api/1.0",
1798
- "visibility": "frontend",
1799
- "type": "string"
1800
1969
  }
1801
1970
  },
1802
1971
  "required": [
1803
- "host"
1972
+ "accountId"
1804
1973
  ]
1805
1974
  }
1806
- },
1807
- "gerrit": {
1808
- "description": "Integration configuration for Gerrit",
1809
- "type": "array",
1810
- "items": {
1811
- "type": "object",
1812
- "properties": {
1813
- "host": {
1814
- "description": "The hostname of the given Gerrit instance",
1815
- "visibility": "frontend",
1816
- "type": "string"
1817
- },
1818
- "baseUrl": {
1819
- "description": "The base url for the Gerrit instance.",
1820
- "visibility": "frontend",
1821
- "type": "string"
1822
- },
1823
- "gitilesBaseUrl": {
1824
- "description": "The gitiles base url.",
1825
- "visibility": "frontend",
1826
- "type": "string"
1827
- },
1828
- "cloneUrl": {
1829
- "description": "The base url for cloning repos.",
1830
- "visibility": "frontend",
1831
- "type": "string"
1832
- },
1833
- "username": {
1834
- "description": "The username to use for authenticated requests.",
1835
- "visibility": "secret",
1836
- "type": "string"
1837
- },
1838
- "password": {
1839
- "description": "Gerrit password used to authenticate requests. This can be either a password\nor a generated access token.",
1840
- "visibility": "secret",
1841
- "type": "string"
1975
+ }
1976
+ }
1977
+ }
1978
+ },
1979
+ "$schema": "http://json-schema.org/draft-07/schema#"
1980
+ }
1981
+ },
1982
+ {
1983
+ "path": "../backend-app-api/config.d.ts",
1984
+ "value": {
1985
+ "type": "object",
1986
+ "properties": {
1987
+ "backend": {
1988
+ "type": "object",
1989
+ "properties": {
1990
+ "packages": {
1991
+ "description": "Used by the feature discovery service",
1992
+ "anyOf": [
1993
+ {
1994
+ "type": "object",
1995
+ "properties": {
1996
+ "include": {
1997
+ "type": "array",
1998
+ "items": {
1999
+ "type": "string"
2000
+ }
2001
+ },
2002
+ "exclude": {
2003
+ "type": "array",
2004
+ "items": {
2005
+ "type": "string"
2006
+ }
2007
+ }
1842
2008
  }
1843
2009
  },
1844
- "required": [
1845
- "gitilesBaseUrl",
1846
- "host"
1847
- ]
1848
- }
2010
+ {
2011
+ "const": "all",
2012
+ "type": "string"
2013
+ }
2014
+ ]
2015
+ }
2016
+ }
2017
+ }
2018
+ },
2019
+ "$schema": "http://json-schema.org/draft-07/schema#"
2020
+ }
2021
+ },
2022
+ {
2023
+ "path": "../backend-defaults/config.d.ts",
2024
+ "value": {
2025
+ "type": "object",
2026
+ "properties": {
2027
+ "app": {
2028
+ "type": "object",
2029
+ "properties": {
2030
+ "baseUrl": {
2031
+ "type": "string"
2032
+ }
2033
+ },
2034
+ "required": [
2035
+ "baseUrl"
2036
+ ]
2037
+ },
2038
+ "backend": {
2039
+ "type": "object",
2040
+ "properties": {
2041
+ "baseUrl": {
2042
+ "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2043
+ "type": "string"
1849
2044
  },
1850
- "github": {
1851
- "description": "Integration configuration for GitHub",
1852
- "type": "array",
1853
- "items": {
1854
- "type": "object",
1855
- "properties": {
1856
- "host": {
1857
- "description": "The hostname of the given GitHub instance",
1858
- "visibility": "frontend",
1859
- "type": "string"
1860
- },
1861
- "token": {
1862
- "description": "Token used to authenticate requests.",
1863
- "visibility": "secret",
1864
- "type": "string"
1865
- },
1866
- "apiBaseUrl": {
1867
- "description": "The base url for the GitHub API, for example https://api.github.com",
1868
- "visibility": "frontend",
1869
- "type": "string"
1870
- },
1871
- "rawBaseUrl": {
1872
- "description": "The base url for GitHub raw resources, for example https://raw.githubusercontent.com",
1873
- "visibility": "frontend",
1874
- "type": "string"
1875
- },
1876
- "apps": {
1877
- "description": "GitHub Apps configuration",
1878
- "type": "array",
1879
- "items": {
2045
+ "listen": {
2046
+ "description": "Address that the backend should listen to.",
2047
+ "anyOf": [
2048
+ {
2049
+ "type": "object",
2050
+ "properties": {
2051
+ "host": {
2052
+ "description": "Address of the interface that the backend should bind to.",
2053
+ "type": "string"
2054
+ },
2055
+ "port": {
2056
+ "description": "Port that the backend should listen to.",
2057
+ "type": [
2058
+ "string",
2059
+ "number"
2060
+ ]
2061
+ }
2062
+ }
2063
+ },
2064
+ {
2065
+ "type": "string"
2066
+ }
2067
+ ]
2068
+ },
2069
+ "https": {
2070
+ "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2071
+ "anyOf": [
2072
+ {
2073
+ "type": "object",
2074
+ "properties": {
2075
+ "certificate": {
2076
+ "description": "Certificate configuration",
1880
2077
  "type": "object",
1881
2078
  "properties": {
1882
- "appId": {
1883
- "description": "The numeric GitHub App ID, string for environment variables",
1884
- "type": [
1885
- "string",
1886
- "number"
1887
- ]
1888
- },
1889
- "privateKey": {
1890
- "description": "The private key to use for auth against the app",
1891
- "visibility": "secret",
1892
- "type": "string"
1893
- },
1894
- "webhookSecret": {
1895
- "description": "The secret used for webhooks",
1896
- "visibility": "secret",
1897
- "type": "string"
1898
- },
1899
- "clientId": {
1900
- "description": "The client ID to use",
2079
+ "cert": {
2080
+ "description": "PEM encoded certificate. Use $file to load in a file",
1901
2081
  "type": "string"
1902
2082
  },
1903
- "clientSecret": {
1904
- "description": "The client secret to use",
2083
+ "key": {
2084
+ "description": "PEM encoded certificate key. Use $file to load in a file.",
1905
2085
  "visibility": "secret",
1906
2086
  "type": "string"
1907
- },
1908
- "allowedInstallationOwners": {
1909
- "description": "List of installation owners allowed to be used by this GitHub app. The GitHub UI does not provide a way to list the installations.\nHowever you can list the installations with the GitHub API. You can find the list of installations here:\nhttps://api.github.com/app/installations\nThe relevant documentation for this is here.\nhttps://docs.github.com/en/rest/reference/apps#list-installations-for-the-authenticated-app--code-samples",
1910
- "type": "array",
1911
- "items": {
1912
- "type": "string"
1913
- }
1914
2087
  }
1915
2088
  },
1916
2089
  "required": [
1917
- "appId",
1918
- "clientId",
1919
- "clientSecret",
1920
- "privateKey",
1921
- "webhookSecret"
2090
+ "cert",
2091
+ "key"
1922
2092
  ]
1923
2093
  }
1924
2094
  }
1925
2095
  },
1926
- "required": [
1927
- "host"
1928
- ]
1929
- }
1930
- },
1931
- "gitlab": {
1932
- "description": "Integration configuration for GitLab",
1933
- "type": "array",
1934
- "items": {
1935
- "type": "object",
1936
- "properties": {
1937
- "host": {
1938
- "description": "The host of the target that this matches on, e.g. \"gitlab.com\".",
1939
- "visibility": "frontend",
1940
- "type": "string"
1941
- },
1942
- "apiBaseUrl": {
1943
- "description": "The base URL of the API of this provider, e.g.\n\"https://gitlab.com/api/v4\", with no trailing slash.\n\nMay be omitted specifically for public GitLab; then it will be deduced.",
1944
- "visibility": "frontend",
1945
- "type": "string"
1946
- },
1947
- "token": {
1948
- "description": "The authorization token to use for requests to this provider.\n\nIf no token is specified, anonymous access is used.",
1949
- "visibility": "secret",
1950
- "type": "string"
1951
- },
1952
- "baseUrl": {
1953
- "description": "The baseUrl of this provider, e.g. \"https://gitlab.com\", which is\npassed into the GitLab client.\n\nIf no baseUrl is provided, it will default to https://${host}.",
1954
- "visibility": "frontend",
1955
- "type": "string"
1956
- }
1957
- },
1958
- "required": [
1959
- "host"
1960
- ]
1961
- }
2096
+ {
2097
+ "const": true,
2098
+ "type": "boolean"
2099
+ }
2100
+ ]
1962
2101
  },
1963
- "googleGcs": {
1964
- "description": "Integration configuration for Google Cloud Storage",
2102
+ "auth": {
2103
+ "description": "Options used by the default auth, httpAuth and userInfo services.",
1965
2104
  "type": "object",
1966
2105
  "properties": {
1967
- "clientEmail": {
1968
- "description": "Service account email used to authenticate requests.",
1969
- "type": "string"
1970
- },
1971
- "privateKey": {
1972
- "description": "Service account private key used to authenticate requests.",
2106
+ "dangerouslyDisableDefaultAuthPolicy": {
2107
+ "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2108
+ "type": "boolean"
2109
+ },
2110
+ "pluginKeyStore": {
2111
+ "description": "Controls how to store keys for plugin-to-plugin auth",
2112
+ "anyOf": [
2113
+ {
2114
+ "type": "object",
2115
+ "properties": {
2116
+ "type": {
2117
+ "type": "string",
2118
+ "const": "database"
2119
+ }
2120
+ },
2121
+ "required": [
2122
+ "type"
2123
+ ]
2124
+ },
2125
+ {
2126
+ "type": "object",
2127
+ "properties": {
2128
+ "type": {
2129
+ "type": "string",
2130
+ "const": "static"
2131
+ },
2132
+ "static": {
2133
+ "type": "object",
2134
+ "properties": {
2135
+ "keys": {
2136
+ "description": "Must be declared at least once and the first one will be used for signing.",
2137
+ "type": "array",
2138
+ "items": {
2139
+ "type": "object",
2140
+ "properties": {
2141
+ "publicKeyFile": {
2142
+ "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2143
+ "type": "string"
2144
+ },
2145
+ "privateKeyFile": {
2146
+ "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2147
+ "type": "string"
2148
+ },
2149
+ "keyId": {
2150
+ "description": "ID to uniquely identify this key within the JWK set.",
2151
+ "type": "string"
2152
+ },
2153
+ "algorithm": {
2154
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2155
+ "type": "string"
2156
+ }
2157
+ },
2158
+ "required": [
2159
+ "keyId",
2160
+ "publicKeyFile"
2161
+ ]
2162
+ }
2163
+ }
2164
+ },
2165
+ "required": [
2166
+ "keys"
2167
+ ]
2168
+ }
2169
+ },
2170
+ "required": [
2171
+ "static",
2172
+ "type"
2173
+ ]
2174
+ }
2175
+ ]
2176
+ },
2177
+ "externalAccess": {
2178
+ "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2179
+ "type": "array",
2180
+ "items": {
2181
+ "anyOf": [
2182
+ {
2183
+ "type": "object",
2184
+ "properties": {
2185
+ "type": {
2186
+ "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2187
+ "type": "string",
2188
+ "const": "legacy"
2189
+ },
2190
+ "options": {
2191
+ "type": "object",
2192
+ "properties": {
2193
+ "secret": {
2194
+ "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2195
+ "visibility": "secret",
2196
+ "type": "string"
2197
+ },
2198
+ "subject": {
2199
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2200
+ "type": "string"
2201
+ }
2202
+ },
2203
+ "required": [
2204
+ "secret",
2205
+ "subject"
2206
+ ]
2207
+ },
2208
+ "accessRestrictions": {
2209
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2210
+ "type": "array",
2211
+ "items": {
2212
+ "type": "object",
2213
+ "properties": {
2214
+ "plugin": {
2215
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2216
+ "type": "string"
2217
+ },
2218
+ "permission": {
2219
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2220
+ "anyOf": [
2221
+ {
2222
+ "type": "array",
2223
+ "items": {
2224
+ "type": "string"
2225
+ }
2226
+ },
2227
+ {
2228
+ "type": "string"
2229
+ }
2230
+ ]
2231
+ },
2232
+ "permissionAttribute": {
2233
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2234
+ "type": "object",
2235
+ "properties": {
2236
+ "action": {
2237
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2238
+ "anyOf": [
2239
+ {
2240
+ "type": "array",
2241
+ "items": {
2242
+ "type": "string"
2243
+ }
2244
+ },
2245
+ {
2246
+ "type": "string"
2247
+ }
2248
+ ]
2249
+ }
2250
+ }
2251
+ }
2252
+ },
2253
+ "required": [
2254
+ "plugin"
2255
+ ]
2256
+ }
2257
+ }
2258
+ },
2259
+ "required": [
2260
+ "options",
2261
+ "type"
2262
+ ]
2263
+ },
2264
+ {
2265
+ "type": "object",
2266
+ "properties": {
2267
+ "type": {
2268
+ "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2269
+ "type": "string",
2270
+ "const": "static"
2271
+ },
2272
+ "options": {
2273
+ "type": "object",
2274
+ "properties": {
2275
+ "token": {
2276
+ "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2277
+ "visibility": "secret",
2278
+ "type": "string"
2279
+ },
2280
+ "subject": {
2281
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2282
+ "type": "string"
2283
+ }
2284
+ },
2285
+ "required": [
2286
+ "subject",
2287
+ "token"
2288
+ ]
2289
+ },
2290
+ "accessRestrictions": {
2291
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2292
+ "type": "array",
2293
+ "items": {
2294
+ "type": "object",
2295
+ "properties": {
2296
+ "plugin": {
2297
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2298
+ "type": "string"
2299
+ },
2300
+ "permission": {
2301
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2302
+ "anyOf": [
2303
+ {
2304
+ "type": "array",
2305
+ "items": {
2306
+ "type": "string"
2307
+ }
2308
+ },
2309
+ {
2310
+ "type": "string"
2311
+ }
2312
+ ]
2313
+ },
2314
+ "permissionAttribute": {
2315
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2316
+ "type": "object",
2317
+ "properties": {
2318
+ "action": {
2319
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2320
+ "anyOf": [
2321
+ {
2322
+ "type": "array",
2323
+ "items": {
2324
+ "type": "string"
2325
+ }
2326
+ },
2327
+ {
2328
+ "type": "string"
2329
+ }
2330
+ ]
2331
+ }
2332
+ }
2333
+ }
2334
+ },
2335
+ "required": [
2336
+ "plugin"
2337
+ ]
2338
+ }
2339
+ }
2340
+ },
2341
+ "required": [
2342
+ "options",
2343
+ "type"
2344
+ ]
2345
+ },
2346
+ {
2347
+ "type": "object",
2348
+ "properties": {
2349
+ "type": {
2350
+ "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2351
+ "type": "string",
2352
+ "const": "jwks"
2353
+ },
2354
+ "options": {
2355
+ "type": "object",
2356
+ "properties": {
2357
+ "url": {
2358
+ "description": "The full URL of the JWKS endpoint.",
2359
+ "type": "string"
2360
+ },
2361
+ "algorithm": {
2362
+ "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2363
+ "anyOf": [
2364
+ {
2365
+ "type": "array",
2366
+ "items": {
2367
+ "type": "string"
2368
+ }
2369
+ },
2370
+ {
2371
+ "type": "string"
2372
+ }
2373
+ ]
2374
+ },
2375
+ "issuer": {
2376
+ "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2377
+ "anyOf": [
2378
+ {
2379
+ "type": "array",
2380
+ "items": {
2381
+ "type": "string"
2382
+ }
2383
+ },
2384
+ {
2385
+ "type": "string"
2386
+ }
2387
+ ]
2388
+ },
2389
+ "audience": {
2390
+ "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2391
+ "anyOf": [
2392
+ {
2393
+ "type": "array",
2394
+ "items": {
2395
+ "type": "string"
2396
+ }
2397
+ },
2398
+ {
2399
+ "type": "string"
2400
+ }
2401
+ ]
2402
+ },
2403
+ "subjectPrefix": {
2404
+ "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2405
+ "type": "string"
2406
+ }
2407
+ },
2408
+ "required": [
2409
+ "url"
2410
+ ]
2411
+ },
2412
+ "accessRestrictions": {
2413
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2414
+ "type": "array",
2415
+ "items": {
2416
+ "type": "object",
2417
+ "properties": {
2418
+ "plugin": {
2419
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2420
+ "type": "string"
2421
+ },
2422
+ "permission": {
2423
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2424
+ "anyOf": [
2425
+ {
2426
+ "type": "array",
2427
+ "items": {
2428
+ "type": "string"
2429
+ }
2430
+ },
2431
+ {
2432
+ "type": "string"
2433
+ }
2434
+ ]
2435
+ },
2436
+ "permissionAttribute": {
2437
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2438
+ "type": "object",
2439
+ "properties": {
2440
+ "action": {
2441
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2442
+ "anyOf": [
2443
+ {
2444
+ "type": "array",
2445
+ "items": {
2446
+ "type": "string"
2447
+ }
2448
+ },
2449
+ {
2450
+ "type": "string"
2451
+ }
2452
+ ]
2453
+ }
2454
+ }
2455
+ }
2456
+ },
2457
+ "required": [
2458
+ "plugin"
2459
+ ]
2460
+ }
2461
+ }
2462
+ },
2463
+ "required": [
2464
+ "options",
2465
+ "type"
2466
+ ]
2467
+ }
2468
+ ]
2469
+ }
2470
+ }
2471
+ }
2472
+ },
2473
+ "database": {
2474
+ "description": "Database connection configuration, select base database type using the `client` field",
2475
+ "type": "object",
2476
+ "properties": {
2477
+ "client": {
2478
+ "description": "Default database client to use",
2479
+ "enum": [
2480
+ "better-sqlite3",
2481
+ "pg",
2482
+ "sqlite3"
2483
+ ],
2484
+ "type": "string"
2485
+ },
2486
+ "connection": {
2487
+ "description": "Base database connection string, or object with individual connection properties",
1973
2488
  "visibility": "secret",
2489
+ "anyOf": [
2490
+ {
2491
+ "type": "object",
2492
+ "additionalProperties": {},
2493
+ "properties": {
2494
+ "password": {
2495
+ "description": "Password that belongs to the client User",
2496
+ "visibility": "secret",
2497
+ "type": "string"
2498
+ }
2499
+ }
2500
+ },
2501
+ {
2502
+ "type": "string"
2503
+ }
2504
+ ]
2505
+ },
2506
+ "prefix": {
2507
+ "description": "Database name prefix override",
2508
+ "type": "string"
2509
+ },
2510
+ "ensureExists": {
2511
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2512
+ "type": "boolean"
2513
+ },
2514
+ "ensureSchemaExists": {
2515
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2516
+ "type": "boolean"
2517
+ },
2518
+ "pluginDivisionMode": {
2519
+ "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2520
+ "default": "database",
2521
+ "enum": [
2522
+ "database",
2523
+ "schema"
2524
+ ],
2525
+ "type": "string"
2526
+ },
2527
+ "role": {
2528
+ "description": "Configures the ownership of newly created schemas in pg databases.",
1974
2529
  "type": "string"
2530
+ },
2531
+ "knexConfig": {
2532
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2533
+ "type": "object",
2534
+ "properties": {},
2535
+ "additionalProperties": true
2536
+ },
2537
+ "skipMigrations": {
2538
+ "description": "Skip running database migrations.",
2539
+ "type": "boolean"
2540
+ },
2541
+ "plugin": {
2542
+ "description": "Plugin specific database configuration and client override",
2543
+ "type": "object",
2544
+ "additionalProperties": {
2545
+ "type": "object",
2546
+ "properties": {
2547
+ "client": {
2548
+ "description": "Database client override",
2549
+ "enum": [
2550
+ "better-sqlite3",
2551
+ "pg",
2552
+ "sqlite3"
2553
+ ],
2554
+ "type": "string"
2555
+ },
2556
+ "connection": {
2557
+ "description": "Database connection string or Knex object override",
2558
+ "visibility": "secret",
2559
+ "anyOf": [
2560
+ {
2561
+ "type": "object",
2562
+ "properties": {},
2563
+ "additionalProperties": true
2564
+ },
2565
+ {
2566
+ "type": "string"
2567
+ }
2568
+ ]
2569
+ },
2570
+ "ensureExists": {
2571
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
2572
+ "type": "boolean"
2573
+ },
2574
+ "ensureSchemaExists": {
2575
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2576
+ "type": "boolean"
2577
+ },
2578
+ "knexConfig": {
2579
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
2580
+ "type": "object",
2581
+ "properties": {},
2582
+ "additionalProperties": true
2583
+ },
2584
+ "role": {
2585
+ "description": "Configures the ownership of newly created schemas in pg databases.",
2586
+ "type": "string"
2587
+ },
2588
+ "skipMigrations": {
2589
+ "description": "Skip running database migrations.",
2590
+ "type": "boolean"
2591
+ }
2592
+ }
2593
+ }
1975
2594
  }
1976
- }
2595
+ },
2596
+ "required": [
2597
+ "client",
2598
+ "connection"
2599
+ ]
1977
2600
  },
1978
- "awsS3": {
1979
- "description": "Integration configuration for AWS S3 Service",
1980
- "type": "array",
1981
- "items": {
1982
- "type": "object",
1983
- "properties": {
1984
- "endpoint": {
1985
- "description": "AWS Endpoint.\nThe endpoint URI to send requests to. The default endpoint is built from the configured region.",
1986
- "visibility": "frontend",
1987
- "type": "string"
1988
- },
1989
- "s3ForcePathStyle": {
1990
- "description": "Whether to use path style URLs when communicating with S3.\nDefaults to false.\nThis allows providers like LocalStack, Minio and Wasabi (and possibly others) to be used.",
1991
- "visibility": "frontend",
1992
- "type": "boolean"
2601
+ "cache": {
2602
+ "description": "Cache connection configuration, select cache type using the `store` field",
2603
+ "anyOf": [
2604
+ {
2605
+ "type": "object",
2606
+ "properties": {
2607
+ "store": {
2608
+ "type": "string",
2609
+ "const": "memory"
2610
+ },
2611
+ "defaultTtl": {
2612
+ "description": "An optional default TTL (in milliseconds)."
2613
+ }
1993
2614
  },
1994
- "accessKeyId": {
1995
- "description": "Account access key used to authenticate requests.",
1996
- "type": "string"
2615
+ "required": [
2616
+ "store"
2617
+ ]
2618
+ },
2619
+ {
2620
+ "type": "object",
2621
+ "properties": {
2622
+ "store": {
2623
+ "type": "string",
2624
+ "const": "redis"
2625
+ },
2626
+ "connection": {
2627
+ "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2628
+ "visibility": "secret",
2629
+ "type": "string"
2630
+ },
2631
+ "defaultTtl": {
2632
+ "description": "An optional default TTL (in milliseconds)."
2633
+ },
2634
+ "useRedisSets": {
2635
+ "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2636
+ "type": "boolean"
2637
+ }
1997
2638
  },
1998
- "secretAccessKey": {
1999
- "description": "Account secret key used to authenticate requests.",
2000
- "visibility": "secret",
2001
- "type": "string"
2639
+ "required": [
2640
+ "connection",
2641
+ "store"
2642
+ ]
2643
+ },
2644
+ {
2645
+ "type": "object",
2646
+ "properties": {
2647
+ "store": {
2648
+ "type": "string",
2649
+ "const": "memcache"
2650
+ },
2651
+ "connection": {
2652
+ "description": "A memcache connection string in the form `user:pass@host:port`.",
2653
+ "visibility": "secret",
2654
+ "type": "string"
2655
+ },
2656
+ "defaultTtl": {
2657
+ "description": "An optional default TTL (in milliseconds)."
2658
+ }
2002
2659
  },
2003
- "roleArn": {
2004
- "description": "ARN of the role to be assumed",
2005
- "type": "string"
2660
+ "required": [
2661
+ "connection",
2662
+ "store"
2663
+ ]
2664
+ }
2665
+ ]
2666
+ },
2667
+ "cors": {
2668
+ "type": "object",
2669
+ "properties": {
2670
+ "origin": {
2671
+ "anyOf": [
2672
+ {
2673
+ "type": "array",
2674
+ "items": {
2675
+ "type": "string"
2676
+ }
2677
+ },
2678
+ {
2679
+ "type": "string"
2680
+ }
2681
+ ]
2682
+ },
2683
+ "methods": {
2684
+ "anyOf": [
2685
+ {
2686
+ "type": "array",
2687
+ "items": {
2688
+ "type": "string"
2689
+ }
2690
+ },
2691
+ {
2692
+ "type": "string"
2693
+ }
2694
+ ]
2695
+ },
2696
+ "allowedHeaders": {
2697
+ "anyOf": [
2698
+ {
2699
+ "type": "array",
2700
+ "items": {
2701
+ "type": "string"
2702
+ }
2703
+ },
2704
+ {
2705
+ "type": "string"
2706
+ }
2707
+ ]
2708
+ },
2709
+ "exposedHeaders": {
2710
+ "anyOf": [
2711
+ {
2712
+ "type": "array",
2713
+ "items": {
2714
+ "type": "string"
2715
+ }
2716
+ },
2717
+ {
2718
+ "type": "string"
2719
+ }
2720
+ ]
2721
+ },
2722
+ "credentials": {
2723
+ "type": "boolean"
2724
+ },
2725
+ "maxAge": {
2726
+ "type": "number"
2727
+ },
2728
+ "preflightContinue": {
2729
+ "type": "boolean"
2730
+ },
2731
+ "optionsSuccessStatus": {
2732
+ "type": "number"
2733
+ }
2734
+ }
2735
+ },
2736
+ "csp": {
2737
+ "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2738
+ "type": "object",
2739
+ "additionalProperties": {
2740
+ "anyOf": [
2741
+ {
2742
+ "type": "array",
2743
+ "items": {
2744
+ "type": "string"
2745
+ }
2006
2746
  },
2007
- "externalId": {
2008
- "description": "External ID to use when assuming role",
2009
- "type": "string"
2747
+ {
2748
+ "const": false,
2749
+ "type": "boolean"
2010
2750
  }
2011
- }
2751
+ ]
2012
2752
  }
2013
2753
  },
2014
- "gitea": {
2015
- "description": "Integration configuration for Gitea",
2754
+ "reading": {
2755
+ "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
2756
+ "type": "object",
2757
+ "properties": {
2758
+ "allow": {
2759
+ "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2760
+ "type": "array",
2761
+ "items": {
2762
+ "type": "object",
2763
+ "properties": {
2764
+ "host": {
2765
+ "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
2766
+ "type": "string"
2767
+ },
2768
+ "paths": {
2769
+ "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2770
+ "type": "array",
2771
+ "items": {
2772
+ "type": "string"
2773
+ }
2774
+ }
2775
+ },
2776
+ "required": [
2777
+ "host"
2778
+ ]
2779
+ }
2780
+ }
2781
+ }
2782
+ }
2783
+ },
2784
+ "required": [
2785
+ "baseUrl",
2786
+ "database"
2787
+ ]
2788
+ },
2789
+ "discovery": {
2790
+ "description": "Options used by the default discovery service.",
2791
+ "type": "object",
2792
+ "properties": {
2793
+ "endpoints": {
2794
+ "description": "A list of target baseUrls and the associated plugins.",
2016
2795
  "type": "array",
2017
2796
  "items": {
2018
2797
  "type": "object",
2019
2798
  "properties": {
2020
- "host": {
2021
- "description": "The hostname of the given Gitea instance",
2022
- "visibility": "frontend",
2023
- "type": "string"
2024
- },
2025
- "baseUrl": {
2026
- "description": "The base url for the Gitea instance.",
2027
- "visibility": "frontend",
2028
- "type": "string"
2029
- },
2030
- "username": {
2031
- "description": "The username to use for authenticated requests.",
2032
- "visibility": "secret",
2033
- "type": "string"
2799
+ "target": {
2800
+ "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
2801
+ "anyOf": [
2802
+ {
2803
+ "type": "object",
2804
+ "properties": {
2805
+ "internal": {
2806
+ "type": "string"
2807
+ },
2808
+ "external": {
2809
+ "type": "string"
2810
+ }
2811
+ },
2812
+ "required": [
2813
+ "external",
2814
+ "internal"
2815
+ ]
2816
+ },
2817
+ {
2818
+ "type": "string"
2819
+ }
2820
+ ]
2034
2821
  },
2035
- "password": {
2036
- "description": "Gitea password used to authenticate requests. This can be either a password\nor a generated access token.",
2037
- "visibility": "secret",
2038
- "type": "string"
2822
+ "plugins": {
2823
+ "description": "Array of plugins which use the target base URL.",
2824
+ "type": "array",
2825
+ "items": {
2826
+ "type": "string"
2827
+ }
2039
2828
  }
2040
2829
  },
2041
2830
  "required": [
2042
- "host"
2831
+ "plugins",
2832
+ "target"
2043
2833
  ]
2044
2834
  }
2045
- },
2046
- "harness": {
2047
- "description": "Integration configuration for Harness Code",
2048
- "type": "array",
2049
- "items": {
2050
- "type": "object",
2051
- "properties": {
2052
- "host": {
2053
- "description": "The hostname of the given Harness Code instance",
2054
- "visibility": "frontend",
2055
- "type": "string"
2056
- },
2057
- "apiKey": {
2058
- "description": "The apikey to use for authenticated requests.",
2059
- "visibility": "secret",
2060
- "type": "string"
2061
- },
2062
- "token": {
2063
- "description": "Harness Code token used to authenticate requests. This can be either a generated access token.",
2064
- "visibility": "secret",
2065
- "type": "string"
2835
+ }
2836
+ },
2837
+ "required": [
2838
+ "endpoints"
2839
+ ]
2840
+ }
2841
+ },
2842
+ "required": [
2843
+ "app"
2844
+ ],
2845
+ "$schema": "http://json-schema.org/draft-07/schema#"
2846
+ }
2847
+ },
2848
+ {
2849
+ "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
2850
+ "value": {
2851
+ "type": "object",
2852
+ "properties": {
2853
+ "auth": {
2854
+ "type": "object",
2855
+ "properties": {
2856
+ "providers": {
2857
+ "type": "object",
2858
+ "properties": {
2859
+ "atlassian": {
2860
+ "visibility": "frontend",
2861
+ "type": "object",
2862
+ "additionalProperties": {
2863
+ "type": "object",
2864
+ "properties": {
2865
+ "clientId": {
2866
+ "type": "string"
2867
+ },
2868
+ "clientSecret": {
2869
+ "visibility": "secret",
2870
+ "type": "string"
2871
+ },
2872
+ "audience": {
2873
+ "type": "string"
2874
+ },
2875
+ "callbackUrl": {
2876
+ "type": "string"
2877
+ },
2878
+ "additionalScopes": {
2879
+ "anyOf": [
2880
+ {
2881
+ "type": "array",
2882
+ "items": {
2883
+ "type": "string"
2884
+ }
2885
+ },
2886
+ {
2887
+ "type": "string"
2888
+ }
2889
+ ]
2890
+ },
2891
+ "signIn": {
2892
+ "type": "object",
2893
+ "properties": {
2894
+ "resolvers": {
2895
+ "type": "array",
2896
+ "items": {
2897
+ "anyOf": [
2898
+ {
2899
+ "type": "object",
2900
+ "properties": {
2901
+ "resolver": {
2902
+ "type": "string",
2903
+ "const": "usernameMatchingUserEntityName"
2904
+ }
2905
+ },
2906
+ "required": [
2907
+ "resolver"
2908
+ ]
2909
+ },
2910
+ {
2911
+ "type": "object",
2912
+ "properties": {
2913
+ "resolver": {
2914
+ "type": "string",
2915
+ "const": "emailLocalPartMatchingUserEntityName"
2916
+ },
2917
+ "allowedDomains": {
2918
+ "type": "array",
2919
+ "items": {
2920
+ "type": "string"
2921
+ }
2922
+ }
2923
+ },
2924
+ "required": [
2925
+ "resolver"
2926
+ ]
2927
+ },
2928
+ {
2929
+ "type": "object",
2930
+ "properties": {
2931
+ "resolver": {
2932
+ "type": "string",
2933
+ "const": "emailMatchingUserEntityProfileEmail"
2934
+ }
2935
+ },
2936
+ "required": [
2937
+ "resolver"
2938
+ ]
2939
+ }
2940
+ ]
2941
+ }
2942
+ }
2943
+ },
2944
+ "required": [
2945
+ "resolvers"
2946
+ ]
2947
+ }
2948
+ },
2949
+ "required": [
2950
+ "clientId",
2951
+ "clientSecret"
2952
+ ]
2953
+ }
2954
+ }
2955
+ }
2956
+ }
2957
+ }
2958
+ }
2959
+ },
2960
+ "$schema": "http://json-schema.org/draft-07/schema#"
2961
+ }
2962
+ },
2963
+ {
2964
+ "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
2965
+ "value": {
2966
+ "type": "object",
2967
+ "properties": {
2968
+ "auth": {
2969
+ "type": "object",
2970
+ "properties": {
2971
+ "providers": {
2972
+ "type": "object",
2973
+ "properties": {
2974
+ "auth0": {
2975
+ "visibility": "frontend",
2976
+ "type": "object",
2977
+ "additionalProperties": {
2978
+ "type": "object",
2979
+ "properties": {
2980
+ "clientId": {
2981
+ "type": "string"
2982
+ },
2983
+ "clientSecret": {
2984
+ "visibility": "secret",
2985
+ "type": "string"
2986
+ },
2987
+ "domain": {
2988
+ "type": "string"
2989
+ },
2990
+ "callbackUrl": {
2991
+ "type": "string"
2992
+ },
2993
+ "audience": {
2994
+ "type": "string"
2995
+ },
2996
+ "connection": {
2997
+ "type": "string"
2998
+ },
2999
+ "connectionScope": {
3000
+ "type": "string"
3001
+ }
3002
+ },
3003
+ "required": [
3004
+ "clientId",
3005
+ "clientSecret",
3006
+ "domain"
3007
+ ]
2066
3008
  }
2067
- },
2068
- "required": [
2069
- "host"
2070
- ]
3009
+ }
2071
3010
  }
2072
3011
  }
2073
3012
  }
@@ -2077,106 +3016,257 @@
2077
3016
  }
2078
3017
  },
2079
3018
  {
2080
- "path": "../integration-aws-node/config.d.ts",
3019
+ "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
2081
3020
  "value": {
2082
3021
  "type": "object",
2083
3022
  "properties": {
2084
- "aws": {
2085
- "description": "Configuration for access to AWS accounts",
3023
+ "auth": {
2086
3024
  "type": "object",
2087
3025
  "properties": {
2088
- "accountDefaults": {
2089
- "description": "Defaults for retrieving AWS account credentials",
3026
+ "providers": {
2090
3027
  "type": "object",
2091
3028
  "properties": {
2092
- "roleName": {
2093
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2094
- "type": "string"
2095
- },
2096
- "partition": {
2097
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2098
- "type": "string"
2099
- },
2100
- "region": {
2101
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2102
- "type": "string"
2103
- },
2104
- "externalId": {
2105
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2106
- "visibility": "secret",
2107
- "type": "string"
3029
+ "bitbucket": {
3030
+ "visibility": "frontend",
3031
+ "type": "object",
3032
+ "additionalProperties": {
3033
+ "type": "object",
3034
+ "properties": {
3035
+ "clientId": {
3036
+ "type": "string"
3037
+ },
3038
+ "clientSecret": {
3039
+ "visibility": "secret",
3040
+ "type": "string"
3041
+ },
3042
+ "additionalScopes": {
3043
+ "anyOf": [
3044
+ {
3045
+ "type": "array",
3046
+ "items": {
3047
+ "type": "string"
3048
+ }
3049
+ },
3050
+ {
3051
+ "type": "string"
3052
+ }
3053
+ ]
3054
+ },
3055
+ "signIn": {
3056
+ "type": "object",
3057
+ "properties": {
3058
+ "resolvers": {
3059
+ "type": "array",
3060
+ "items": {
3061
+ "anyOf": [
3062
+ {
3063
+ "type": "object",
3064
+ "properties": {
3065
+ "resolver": {
3066
+ "type": "string",
3067
+ "const": "userIdMatchingUserEntityAnnotation"
3068
+ }
3069
+ },
3070
+ "required": [
3071
+ "resolver"
3072
+ ]
3073
+ },
3074
+ {
3075
+ "type": "object",
3076
+ "properties": {
3077
+ "resolver": {
3078
+ "type": "string",
3079
+ "const": "emailLocalPartMatchingUserEntityName"
3080
+ },
3081
+ "allowedDomains": {
3082
+ "type": "array",
3083
+ "items": {
3084
+ "type": "string"
3085
+ }
3086
+ }
3087
+ },
3088
+ "required": [
3089
+ "resolver"
3090
+ ]
3091
+ },
3092
+ {
3093
+ "type": "object",
3094
+ "properties": {
3095
+ "resolver": {
3096
+ "type": "string",
3097
+ "const": "emailMatchingUserEntityProfileEmail"
3098
+ }
3099
+ },
3100
+ "required": [
3101
+ "resolver"
3102
+ ]
3103
+ }
3104
+ ]
3105
+ }
3106
+ }
3107
+ },
3108
+ "required": [
3109
+ "resolvers"
3110
+ ]
3111
+ }
3112
+ },
3113
+ "required": [
3114
+ "clientId",
3115
+ "clientSecret"
3116
+ ]
3117
+ }
2108
3118
  }
2109
3119
  }
2110
- },
2111
- "mainAccount": {
2112
- "description": "Main account to use for retrieving AWS account credentials",
3120
+ }
3121
+ }
3122
+ }
3123
+ },
3124
+ "$schema": "http://json-schema.org/draft-07/schema#"
3125
+ }
3126
+ },
3127
+ {
3128
+ "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
3129
+ "value": {
3130
+ "type": "object",
3131
+ "properties": {
3132
+ "auth": {
3133
+ "type": "object",
3134
+ "properties": {
3135
+ "providers": {
2113
3136
  "type": "object",
2114
3137
  "properties": {
2115
- "accessKeyId": {
2116
- "description": "The access key ID for a set of static AWS credentials",
2117
- "visibility": "secret",
2118
- "type": "string"
2119
- },
2120
- "secretAccessKey": {
2121
- "description": "The secret access key for a set of static AWS credentials",
2122
- "visibility": "secret",
2123
- "type": "string"
2124
- },
2125
- "profile": {
2126
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2127
- "type": "string"
2128
- },
2129
- "region": {
2130
- "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
2131
- "type": "string"
3138
+ "bitbucketServer": {
3139
+ "visibility": "frontend",
3140
+ "type": "object",
3141
+ "additionalProperties": {
3142
+ "type": "object",
3143
+ "properties": {
3144
+ "clientId": {
3145
+ "type": "string"
3146
+ },
3147
+ "clientSecret": {
3148
+ "visibility": "secret",
3149
+ "type": "string"
3150
+ },
3151
+ "host": {
3152
+ "type": "string"
3153
+ },
3154
+ "callbackUrl": {
3155
+ "type": "string"
3156
+ }
3157
+ },
3158
+ "required": [
3159
+ "clientId",
3160
+ "clientSecret",
3161
+ "host"
3162
+ ]
3163
+ }
2132
3164
  }
2133
3165
  }
2134
- },
2135
- "accounts": {
2136
- "description": "Configuration for retrieving AWS accounts credentials",
2137
- "type": "array",
2138
- "items": {
2139
- "type": "object",
2140
- "properties": {
2141
- "accountId": {
2142
- "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
2143
- "type": "string"
2144
- },
2145
- "accessKeyId": {
2146
- "description": "The access key ID for a set of static AWS credentials",
2147
- "visibility": "secret",
2148
- "type": "string"
2149
- },
2150
- "secretAccessKey": {
2151
- "description": "The secret access key for a set of static AWS credentials",
2152
- "visibility": "secret",
2153
- "type": "string"
2154
- },
2155
- "profile": {
2156
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2157
- "type": "string"
2158
- },
2159
- "roleName": {
2160
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2161
- "type": "string"
2162
- },
2163
- "partition": {
2164
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2165
- "type": "string"
2166
- },
2167
- "region": {
2168
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2169
- "type": "string"
3166
+ }
3167
+ }
3168
+ }
3169
+ },
3170
+ "$schema": "http://json-schema.org/draft-07/schema#"
3171
+ }
3172
+ },
3173
+ {
3174
+ "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
3175
+ "value": {
3176
+ "type": "object",
3177
+ "properties": {
3178
+ "auth": {
3179
+ "type": "object",
3180
+ "properties": {
3181
+ "providers": {
3182
+ "type": "object",
3183
+ "properties": {
3184
+ "gcpIap": {
3185
+ "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
3186
+ "type": "object",
3187
+ "properties": {
3188
+ "audience": {
3189
+ "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
3190
+ "type": "string"
3191
+ },
3192
+ "jwtHeader": {
3193
+ "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
3194
+ "type": "string"
3195
+ },
3196
+ "signIn": {
3197
+ "type": "object",
3198
+ "properties": {
3199
+ "resolvers": {
3200
+ "type": "array",
3201
+ "items": {
3202
+ "anyOf": [
3203
+ {
3204
+ "type": "object",
3205
+ "properties": {
3206
+ "resolver": {
3207
+ "type": "string",
3208
+ "const": "emailMatchingUserEntityAnnotation"
3209
+ }
3210
+ },
3211
+ "required": [
3212
+ "resolver"
3213
+ ]
3214
+ },
3215
+ {
3216
+ "type": "object",
3217
+ "properties": {
3218
+ "resolver": {
3219
+ "type": "string",
3220
+ "const": "idMatchingUserEntityAnnotation"
3221
+ }
3222
+ },
3223
+ "required": [
3224
+ "resolver"
3225
+ ]
3226
+ },
3227
+ {
3228
+ "type": "object",
3229
+ "properties": {
3230
+ "resolver": {
3231
+ "type": "string",
3232
+ "const": "emailLocalPartMatchingUserEntityName"
3233
+ },
3234
+ "allowedDomains": {
3235
+ "type": "array",
3236
+ "items": {
3237
+ "type": "string"
3238
+ }
3239
+ }
3240
+ },
3241
+ "required": [
3242
+ "resolver"
3243
+ ]
3244
+ },
3245
+ {
3246
+ "type": "object",
3247
+ "properties": {
3248
+ "resolver": {
3249
+ "type": "string",
3250
+ "const": "emailMatchingUserEntityProfileEmail"
3251
+ }
3252
+ },
3253
+ "required": [
3254
+ "resolver"
3255
+ ]
3256
+ }
3257
+ ]
3258
+ }
3259
+ }
3260
+ },
3261
+ "required": [
3262
+ "resolvers"
3263
+ ]
3264
+ }
2170
3265
  },
2171
- "externalId": {
2172
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2173
- "visibility": "secret",
2174
- "type": "string"
2175
- }
2176
- },
2177
- "required": [
2178
- "accountId"
2179
- ]
3266
+ "required": [
3267
+ "audience"
3268
+ ]
3269
+ }
2180
3270
  }
2181
3271
  }
2182
3272
  }
@@ -2186,38 +3276,102 @@
2186
3276
  }
2187
3277
  },
2188
3278
  {
2189
- "path": "../backend-app-api/config.d.ts",
3279
+ "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
2190
3280
  "value": {
2191
3281
  "type": "object",
2192
3282
  "properties": {
2193
- "backend": {
3283
+ "auth": {
2194
3284
  "type": "object",
2195
3285
  "properties": {
2196
- "packages": {
2197
- "description": "Used by the feature discovery service",
2198
- "anyOf": [
2199
- {
3286
+ "providers": {
3287
+ "type": "object",
3288
+ "properties": {
3289
+ "cfaccess": {
3290
+ "visibility": "frontend",
2200
3291
  "type": "object",
2201
3292
  "properties": {
2202
- "include": {
2203
- "type": "array",
2204
- "items": {
2205
- "type": "string"
2206
- }
3293
+ "teamName": {
3294
+ "type": "string"
2207
3295
  },
2208
- "exclude": {
3296
+ "serviceTokens": {
3297
+ "deepVisibility": "secret",
2209
3298
  "type": "array",
2210
3299
  "items": {
2211
- "type": "string"
3300
+ "type": "object",
3301
+ "properties": {
3302
+ "token": {
3303
+ "type": "string"
3304
+ },
3305
+ "subject": {
3306
+ "type": "string"
3307
+ }
3308
+ },
3309
+ "required": [
3310
+ "subject",
3311
+ "token"
3312
+ ]
2212
3313
  }
3314
+ },
3315
+ "jwtHeaderName": {
3316
+ "type": "string"
3317
+ },
3318
+ "authorizationCookieName": {
3319
+ "type": "string"
3320
+ },
3321
+ "signIn": {
3322
+ "type": "object",
3323
+ "properties": {
3324
+ "resolvers": {
3325
+ "type": "array",
3326
+ "items": {
3327
+ "anyOf": [
3328
+ {
3329
+ "type": "object",
3330
+ "properties": {
3331
+ "resolver": {
3332
+ "type": "string",
3333
+ "const": "emailLocalPartMatchingUserEntityName"
3334
+ },
3335
+ "allowedDomains": {
3336
+ "type": "array",
3337
+ "items": {
3338
+ "type": "string"
3339
+ }
3340
+ }
3341
+ },
3342
+ "required": [
3343
+ "resolver"
3344
+ ]
3345
+ },
3346
+ {
3347
+ "type": "object",
3348
+ "properties": {
3349
+ "resolver": {
3350
+ "type": "string",
3351
+ "const": "emailMatchingUserEntityProfileEmail"
3352
+ }
3353
+ },
3354
+ "required": [
3355
+ "resolver"
3356
+ ]
3357
+ }
3358
+ ]
3359
+ }
3360
+ }
3361
+ },
3362
+ "required": [
3363
+ "resolvers"
3364
+ ]
2213
3365
  }
2214
- }
3366
+ },
3367
+ "required": [
3368
+ "teamName"
3369
+ ]
2215
3370
  },
2216
- {
2217
- "const": "all",
2218
- "type": "string"
3371
+ "backstageTokenExpiration": {
3372
+ "description": "The backstage token expiration."
2219
3373
  }
2220
- ]
3374
+ }
2221
3375
  }
2222
3376
  }
2223
3377
  }
@@ -2226,828 +3380,930 @@
2226
3380
  }
2227
3381
  },
2228
3382
  {
2229
- "path": "../backend-defaults/config.d.ts",
3383
+ "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
2230
3384
  "value": {
2231
3385
  "type": "object",
2232
3386
  "properties": {
2233
- "app": {
2234
- "type": "object",
2235
- "properties": {
2236
- "baseUrl": {
2237
- "type": "string"
2238
- }
2239
- },
2240
- "required": [
2241
- "baseUrl"
2242
- ]
2243
- },
2244
- "backend": {
3387
+ "auth": {
2245
3388
  "type": "object",
2246
3389
  "properties": {
2247
- "baseUrl": {
2248
- "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2249
- "type": "string"
2250
- },
2251
- "listen": {
2252
- "description": "Address that the backend should listen to.",
2253
- "anyOf": [
2254
- {
2255
- "type": "object",
2256
- "properties": {
2257
- "host": {
2258
- "description": "Address of the interface that the backend should bind to.",
2259
- "type": "string"
2260
- },
2261
- "port": {
2262
- "description": "Port that the backend should listen to.",
2263
- "type": [
2264
- "string",
2265
- "number"
2266
- ]
2267
- }
2268
- }
2269
- },
2270
- {
2271
- "type": "string"
2272
- }
2273
- ]
2274
- },
2275
- "https": {
2276
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2277
- "anyOf": [
2278
- {
2279
- "type": "object",
2280
- "properties": {
2281
- "certificate": {
2282
- "description": "Certificate configuration",
2283
- "type": "object",
2284
- "properties": {
2285
- "cert": {
2286
- "description": "PEM encoded certificate. Use $file to load in a file",
2287
- "type": "string"
2288
- },
2289
- "key": {
2290
- "description": "PEM encoded certificate key. Use $file to load in a file.",
2291
- "visibility": "secret",
2292
- "type": "string"
2293
- }
2294
- },
2295
- "required": [
2296
- "cert",
2297
- "key"
2298
- ]
2299
- }
2300
- }
2301
- },
2302
- {
2303
- "const": true,
2304
- "type": "boolean"
2305
- }
2306
- ]
2307
- },
2308
- "auth": {
2309
- "description": "Options used by the default auth, httpAuth and userInfo services.",
3390
+ "providers": {
2310
3391
  "type": "object",
2311
3392
  "properties": {
2312
- "dangerouslyDisableDefaultAuthPolicy": {
2313
- "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2314
- "type": "boolean"
2315
- },
2316
- "pluginKeyStore": {
2317
- "description": "Controls how to store keys for plugin-to-plugin auth",
2318
- "anyOf": [
2319
- {
2320
- "type": "object",
2321
- "properties": {
2322
- "type": {
2323
- "type": "string",
2324
- "const": "database"
2325
- }
3393
+ "github": {
3394
+ "visibility": "frontend",
3395
+ "type": "object",
3396
+ "additionalProperties": {
3397
+ "type": "object",
3398
+ "properties": {
3399
+ "clientId": {
3400
+ "type": "string"
2326
3401
  },
2327
- "required": [
2328
- "type"
2329
- ]
2330
- },
2331
- {
2332
- "type": "object",
2333
- "properties": {
2334
- "type": {
2335
- "type": "string",
2336
- "const": "static"
2337
- },
2338
- "static": {
2339
- "type": "object",
2340
- "properties": {
2341
- "keys": {
2342
- "description": "Must be declared at least once and the first one will be used for signing.",
2343
- "type": "array",
2344
- "items": {
2345
- "type": "object",
2346
- "properties": {
2347
- "publicKeyFile": {
2348
- "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2349
- "type": "string"
2350
- },
2351
- "privateKeyFile": {
2352
- "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2353
- "type": "string"
2354
- },
2355
- "keyId": {
2356
- "description": "ID to uniquely identify this key within the JWK set.",
2357
- "type": "string"
2358
- },
2359
- "algorithm": {
2360
- "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2361
- "type": "string"
2362
- }
2363
- },
2364
- "required": [
2365
- "keyId",
2366
- "publicKeyFile"
2367
- ]
2368
- }
3402
+ "clientSecret": {
3403
+ "visibility": "secret",
3404
+ "type": "string"
3405
+ },
3406
+ "callbackUrl": {
3407
+ "type": "string"
3408
+ },
3409
+ "enterpriseInstanceUrl": {
3410
+ "type": "string"
3411
+ },
3412
+ "additionalScopes": {
3413
+ "anyOf": [
3414
+ {
3415
+ "type": "array",
3416
+ "items": {
3417
+ "type": "string"
2369
3418
  }
2370
3419
  },
2371
- "required": [
2372
- "keys"
2373
- ]
2374
- }
3420
+ {
3421
+ "type": "string"
3422
+ }
3423
+ ]
2375
3424
  },
2376
- "required": [
2377
- "static",
2378
- "type"
2379
- ]
2380
- }
2381
- ]
2382
- },
2383
- "externalAccess": {
2384
- "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2385
- "type": "array",
2386
- "items": {
2387
- "anyOf": [
2388
- {
3425
+ "signIn": {
2389
3426
  "type": "object",
2390
3427
  "properties": {
2391
- "type": {
2392
- "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2393
- "type": "string",
2394
- "const": "legacy"
2395
- },
2396
- "options": {
2397
- "type": "object",
2398
- "properties": {
2399
- "secret": {
2400
- "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2401
- "visibility": "secret",
2402
- "type": "string"
2403
- },
2404
- "subject": {
2405
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2406
- "type": "string"
2407
- }
2408
- },
2409
- "required": [
2410
- "secret",
2411
- "subject"
2412
- ]
2413
- },
2414
- "accessRestrictions": {
2415
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3428
+ "resolvers": {
2416
3429
  "type": "array",
2417
3430
  "items": {
2418
- "type": "object",
2419
- "properties": {
2420
- "plugin": {
2421
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2422
- "type": "string"
3431
+ "anyOf": [
3432
+ {
3433
+ "type": "object",
3434
+ "properties": {
3435
+ "resolver": {
3436
+ "type": "string",
3437
+ "const": "usernameMatchingUserEntityName"
3438
+ }
3439
+ },
3440
+ "required": [
3441
+ "resolver"
3442
+ ]
2423
3443
  },
2424
- "permission": {
2425
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2426
- "anyOf": [
2427
- {
3444
+ {
3445
+ "type": "object",
3446
+ "properties": {
3447
+ "resolver": {
3448
+ "type": "string",
3449
+ "const": "emailLocalPartMatchingUserEntityName"
3450
+ },
3451
+ "allowedDomains": {
2428
3452
  "type": "array",
2429
3453
  "items": {
2430
3454
  "type": "string"
2431
3455
  }
2432
- },
2433
- {
2434
- "type": "string"
2435
3456
  }
3457
+ },
3458
+ "required": [
3459
+ "resolver"
2436
3460
  ]
2437
3461
  },
2438
- "permissionAttribute": {
2439
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3462
+ {
2440
3463
  "type": "object",
2441
3464
  "properties": {
2442
- "action": {
2443
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2444
- "anyOf": [
2445
- {
2446
- "type": "array",
2447
- "items": {
2448
- "type": "string"
2449
- }
2450
- },
2451
- {
2452
- "type": "string"
2453
- }
2454
- ]
3465
+ "resolver": {
3466
+ "type": "string",
3467
+ "const": "emailMatchingUserEntityProfileEmail"
2455
3468
  }
2456
- }
3469
+ },
3470
+ "required": [
3471
+ "resolver"
3472
+ ]
2457
3473
  }
2458
- },
2459
- "required": [
2460
- "plugin"
2461
3474
  ]
2462
3475
  }
2463
3476
  }
2464
3477
  },
2465
3478
  "required": [
2466
- "options",
2467
- "type"
3479
+ "resolvers"
3480
+ ]
3481
+ }
3482
+ },
3483
+ "required": [
3484
+ "clientId",
3485
+ "clientSecret"
3486
+ ]
3487
+ }
3488
+ }
3489
+ }
3490
+ }
3491
+ }
3492
+ }
3493
+ },
3494
+ "$schema": "http://json-schema.org/draft-07/schema#"
3495
+ }
3496
+ },
3497
+ {
3498
+ "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
3499
+ "value": {
3500
+ "type": "object",
3501
+ "properties": {
3502
+ "auth": {
3503
+ "type": "object",
3504
+ "properties": {
3505
+ "providers": {
3506
+ "type": "object",
3507
+ "properties": {
3508
+ "gitlab": {
3509
+ "visibility": "frontend",
3510
+ "type": "object",
3511
+ "additionalProperties": {
3512
+ "type": "object",
3513
+ "properties": {
3514
+ "clientId": {
3515
+ "type": "string"
3516
+ },
3517
+ "clientSecret": {
3518
+ "visibility": "secret",
3519
+ "type": "string"
3520
+ },
3521
+ "audience": {
3522
+ "type": "string"
3523
+ },
3524
+ "callbackUrl": {
3525
+ "type": "string"
3526
+ },
3527
+ "additionalScopes": {
3528
+ "anyOf": [
3529
+ {
3530
+ "type": "array",
3531
+ "items": {
3532
+ "type": "string"
3533
+ }
3534
+ },
3535
+ {
3536
+ "type": "string"
3537
+ }
2468
3538
  ]
2469
3539
  },
2470
- {
3540
+ "signIn": {
2471
3541
  "type": "object",
2472
3542
  "properties": {
2473
- "type": {
2474
- "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2475
- "type": "string",
2476
- "const": "static"
2477
- },
2478
- "options": {
2479
- "type": "object",
2480
- "properties": {
2481
- "token": {
2482
- "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2483
- "visibility": "secret",
2484
- "type": "string"
2485
- },
2486
- "subject": {
2487
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2488
- "type": "string"
2489
- }
2490
- },
2491
- "required": [
2492
- "subject",
2493
- "token"
2494
- ]
2495
- },
2496
- "accessRestrictions": {
2497
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3543
+ "resolvers": {
2498
3544
  "type": "array",
2499
3545
  "items": {
2500
- "type": "object",
2501
- "properties": {
2502
- "plugin": {
2503
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2504
- "type": "string"
3546
+ "anyOf": [
3547
+ {
3548
+ "type": "object",
3549
+ "properties": {
3550
+ "resolver": {
3551
+ "type": "string",
3552
+ "const": "usernameMatchingUserEntityName"
3553
+ }
3554
+ },
3555
+ "required": [
3556
+ "resolver"
3557
+ ]
2505
3558
  },
2506
- "permission": {
2507
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2508
- "anyOf": [
2509
- {
3559
+ {
3560
+ "type": "object",
3561
+ "properties": {
3562
+ "resolver": {
3563
+ "type": "string",
3564
+ "const": "emailLocalPartMatchingUserEntityName"
3565
+ },
3566
+ "allowedDomains": {
2510
3567
  "type": "array",
2511
3568
  "items": {
2512
3569
  "type": "string"
2513
3570
  }
2514
- },
2515
- {
2516
- "type": "string"
2517
3571
  }
3572
+ },
3573
+ "required": [
3574
+ "resolver"
2518
3575
  ]
2519
3576
  },
2520
- "permissionAttribute": {
2521
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3577
+ {
2522
3578
  "type": "object",
2523
3579
  "properties": {
2524
- "action": {
2525
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2526
- "anyOf": [
2527
- {
2528
- "type": "array",
2529
- "items": {
2530
- "type": "string"
2531
- }
2532
- },
2533
- {
2534
- "type": "string"
2535
- }
2536
- ]
3580
+ "resolver": {
3581
+ "type": "string",
3582
+ "const": "emailMatchingUserEntityProfileEmail"
3583
+ }
3584
+ },
3585
+ "required": [
3586
+ "resolver"
3587
+ ]
3588
+ }
3589
+ ]
3590
+ }
3591
+ }
3592
+ },
3593
+ "required": [
3594
+ "resolvers"
3595
+ ]
3596
+ }
3597
+ },
3598
+ "required": [
3599
+ "clientId",
3600
+ "clientSecret"
3601
+ ]
3602
+ }
3603
+ }
3604
+ }
3605
+ }
3606
+ }
3607
+ }
3608
+ },
3609
+ "$schema": "http://json-schema.org/draft-07/schema#"
3610
+ }
3611
+ },
3612
+ {
3613
+ "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
3614
+ "value": {
3615
+ "type": "object",
3616
+ "properties": {
3617
+ "auth": {
3618
+ "description": "Configuration options for the auth plugin",
3619
+ "type": "object",
3620
+ "properties": {
3621
+ "providers": {
3622
+ "type": "object",
3623
+ "properties": {
3624
+ "google": {
3625
+ "type": "object",
3626
+ "additionalProperties": {
3627
+ "type": "object",
3628
+ "properties": {
3629
+ "clientId": {
3630
+ "type": "string"
3631
+ },
3632
+ "clientSecret": {
3633
+ "visibility": "secret",
3634
+ "type": "string"
3635
+ },
3636
+ "callbackUrl": {
3637
+ "type": "string"
3638
+ },
3639
+ "additionalScopes": {
3640
+ "anyOf": [
3641
+ {
3642
+ "type": "array",
3643
+ "items": {
3644
+ "type": "string"
3645
+ }
3646
+ },
3647
+ {
3648
+ "type": "string"
3649
+ }
3650
+ ]
3651
+ },
3652
+ "signIn": {
3653
+ "type": "object",
3654
+ "properties": {
3655
+ "resolvers": {
3656
+ "type": "array",
3657
+ "items": {
3658
+ "anyOf": [
3659
+ {
3660
+ "type": "object",
3661
+ "properties": {
3662
+ "resolver": {
3663
+ "type": "string",
3664
+ "const": "emailMatchingUserEntityAnnotation"
3665
+ }
3666
+ },
3667
+ "required": [
3668
+ "resolver"
3669
+ ]
3670
+ },
3671
+ {
3672
+ "type": "object",
3673
+ "properties": {
3674
+ "resolver": {
3675
+ "type": "string",
3676
+ "const": "emailLocalPartMatchingUserEntityName"
3677
+ },
3678
+ "allowedDomains": {
3679
+ "type": "array",
3680
+ "items": {
3681
+ "type": "string"
3682
+ }
2537
3683
  }
2538
- }
3684
+ },
3685
+ "required": [
3686
+ "resolver"
3687
+ ]
3688
+ },
3689
+ {
3690
+ "type": "object",
3691
+ "properties": {
3692
+ "resolver": {
3693
+ "type": "string",
3694
+ "const": "emailMatchingUserEntityProfileEmail"
3695
+ }
3696
+ },
3697
+ "required": [
3698
+ "resolver"
3699
+ ]
2539
3700
  }
2540
- },
2541
- "required": [
2542
- "plugin"
2543
3701
  ]
2544
3702
  }
2545
3703
  }
2546
3704
  },
2547
3705
  "required": [
2548
- "options",
2549
- "type"
3706
+ "resolvers"
2550
3707
  ]
3708
+ }
3709
+ },
3710
+ "required": [
3711
+ "clientId",
3712
+ "clientSecret"
3713
+ ]
3714
+ }
3715
+ }
3716
+ }
3717
+ }
3718
+ }
3719
+ }
3720
+ },
3721
+ "$schema": "http://json-schema.org/draft-07/schema#"
3722
+ }
3723
+ },
3724
+ {
3725
+ "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
3726
+ "value": {
3727
+ "type": "object",
3728
+ "properties": {
3729
+ "auth": {
3730
+ "type": "object",
3731
+ "properties": {
3732
+ "providers": {
3733
+ "type": "object",
3734
+ "properties": {
3735
+ "microsoft": {
3736
+ "visibility": "frontend",
3737
+ "type": "object",
3738
+ "additionalProperties": {
3739
+ "type": "object",
3740
+ "properties": {
3741
+ "clientId": {
3742
+ "type": "string"
2551
3743
  },
2552
- {
3744
+ "tenantId": {
3745
+ "type": "string"
3746
+ },
3747
+ "clientSecret": {
3748
+ "visibility": "secret",
3749
+ "type": "string"
3750
+ },
3751
+ "domainHint": {
3752
+ "type": "string"
3753
+ },
3754
+ "callbackUrl": {
3755
+ "type": "string"
3756
+ },
3757
+ "additionalScopes": {
3758
+ "anyOf": [
3759
+ {
3760
+ "type": "array",
3761
+ "items": {
3762
+ "type": "string"
3763
+ }
3764
+ },
3765
+ {
3766
+ "type": "string"
3767
+ }
3768
+ ]
3769
+ },
3770
+ "skipUserProfile": {
3771
+ "type": "boolean"
3772
+ },
3773
+ "signIn": {
2553
3774
  "type": "object",
2554
3775
  "properties": {
2555
- "type": {
2556
- "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2557
- "type": "string",
2558
- "const": "jwks"
2559
- },
2560
- "options": {
2561
- "type": "object",
2562
- "properties": {
2563
- "url": {
2564
- "description": "The full URL of the JWKS endpoint.",
2565
- "type": "string"
2566
- },
2567
- "algorithm": {
2568
- "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2569
- "anyOf": [
2570
- {
2571
- "type": "array",
2572
- "items": {
2573
- "type": "string"
2574
- }
2575
- },
2576
- {
2577
- "type": "string"
2578
- }
2579
- ]
2580
- },
2581
- "issuer": {
2582
- "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2583
- "anyOf": [
2584
- {
2585
- "type": "array",
2586
- "items": {
2587
- "type": "string"
2588
- }
2589
- },
2590
- {
2591
- "type": "string"
2592
- }
2593
- ]
2594
- },
2595
- "audience": {
2596
- "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2597
- "anyOf": [
2598
- {
2599
- "type": "array",
2600
- "items": {
2601
- "type": "string"
2602
- }
2603
- },
2604
- {
2605
- "type": "string"
2606
- }
2607
- ]
2608
- },
2609
- "subjectPrefix": {
2610
- "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2611
- "type": "string"
2612
- }
2613
- },
2614
- "required": [
2615
- "url"
2616
- ]
2617
- },
2618
- "accessRestrictions": {
2619
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3776
+ "resolvers": {
2620
3777
  "type": "array",
2621
3778
  "items": {
2622
- "type": "object",
2623
- "properties": {
2624
- "plugin": {
2625
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2626
- "type": "string"
3779
+ "anyOf": [
3780
+ {
3781
+ "type": "object",
3782
+ "properties": {
3783
+ "resolver": {
3784
+ "type": "string",
3785
+ "const": "emailMatchingUserEntityAnnotation"
3786
+ }
3787
+ },
3788
+ "required": [
3789
+ "resolver"
3790
+ ]
2627
3791
  },
2628
- "permission": {
2629
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2630
- "anyOf": [
2631
- {
3792
+ {
3793
+ "type": "object",
3794
+ "properties": {
3795
+ "resolver": {
3796
+ "type": "string",
3797
+ "const": "emailLocalPartMatchingUserEntityName"
3798
+ },
3799
+ "allowedDomains": {
2632
3800
  "type": "array",
2633
3801
  "items": {
2634
3802
  "type": "string"
2635
3803
  }
2636
- },
2637
- {
2638
- "type": "string"
2639
3804
  }
3805
+ },
3806
+ "required": [
3807
+ "resolver"
2640
3808
  ]
2641
3809
  },
2642
- "permissionAttribute": {
2643
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3810
+ {
2644
3811
  "type": "object",
2645
3812
  "properties": {
2646
- "action": {
2647
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2648
- "anyOf": [
2649
- {
2650
- "type": "array",
2651
- "items": {
2652
- "type": "string"
2653
- }
2654
- },
2655
- {
2656
- "type": "string"
2657
- }
2658
- ]
3813
+ "resolver": {
3814
+ "type": "string",
3815
+ "const": "emailMatchingUserEntityProfileEmail"
2659
3816
  }
2660
- }
3817
+ },
3818
+ "required": [
3819
+ "resolver"
3820
+ ]
2661
3821
  }
2662
- },
2663
- "required": [
2664
- "plugin"
2665
3822
  ]
2666
3823
  }
2667
3824
  }
2668
3825
  },
2669
3826
  "required": [
2670
- "options",
2671
- "type"
3827
+ "resolvers"
2672
3828
  ]
2673
3829
  }
3830
+ },
3831
+ "required": [
3832
+ "clientId",
3833
+ "clientSecret",
3834
+ "tenantId"
2674
3835
  ]
2675
3836
  }
2676
3837
  }
2677
3838
  }
2678
- },
2679
- "database": {
2680
- "description": "Database connection configuration, select base database type using the `client` field",
2681
- "type": "object",
2682
- "properties": {
2683
- "client": {
2684
- "description": "Default database client to use",
2685
- "enum": [
2686
- "better-sqlite3",
2687
- "pg",
2688
- "sqlite3"
2689
- ],
2690
- "type": "string"
2691
- },
2692
- "connection": {
2693
- "description": "Base database connection string, or object with individual connection properties",
2694
- "visibility": "secret",
2695
- "anyOf": [
2696
- {
2697
- "type": "object",
2698
- "additionalProperties": {},
2699
- "properties": {
2700
- "password": {
2701
- "description": "Password that belongs to the client User",
2702
- "visibility": "secret",
2703
- "type": "string"
2704
- }
2705
- }
2706
- },
2707
- {
2708
- "type": "string"
2709
- }
2710
- ]
2711
- },
2712
- "prefix": {
2713
- "description": "Database name prefix override",
2714
- "type": "string"
2715
- },
2716
- "ensureExists": {
2717
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2718
- "type": "boolean"
2719
- },
2720
- "ensureSchemaExists": {
2721
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2722
- "type": "boolean"
2723
- },
2724
- "pluginDivisionMode": {
2725
- "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2726
- "default": "database",
2727
- "enum": [
2728
- "database",
2729
- "schema"
2730
- ],
2731
- "type": "string"
2732
- },
2733
- "role": {
2734
- "description": "Configures the ownership of newly created schemas in pg databases.",
2735
- "type": "string"
2736
- },
2737
- "knexConfig": {
2738
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2739
- "type": "object",
2740
- "properties": {},
2741
- "additionalProperties": true
2742
- },
2743
- "skipMigrations": {
2744
- "description": "Skip running database migrations.",
2745
- "type": "boolean"
2746
- },
2747
- "plugin": {
2748
- "description": "Plugin specific database configuration and client override",
3839
+ }
3840
+ }
3841
+ }
3842
+ },
3843
+ "$schema": "http://json-schema.org/draft-07/schema#"
3844
+ }
3845
+ },
3846
+ {
3847
+ "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
3848
+ "value": {
3849
+ "type": "object",
3850
+ "properties": {
3851
+ "auth": {
3852
+ "type": "object",
3853
+ "properties": {
3854
+ "providers": {
3855
+ "type": "object",
3856
+ "properties": {
3857
+ "oauth2": {
3858
+ "visibility": "frontend",
2749
3859
  "type": "object",
2750
3860
  "additionalProperties": {
2751
3861
  "type": "object",
2752
3862
  "properties": {
2753
- "client": {
2754
- "description": "Database client override",
2755
- "enum": [
2756
- "better-sqlite3",
2757
- "pg",
2758
- "sqlite3"
2759
- ],
3863
+ "clientId": {
2760
3864
  "type": "string"
2761
3865
  },
2762
- "connection": {
2763
- "description": "Database connection string or Knex object override",
3866
+ "clientSecret": {
2764
3867
  "visibility": "secret",
3868
+ "type": "string"
3869
+ },
3870
+ "authorizationUrl": {
3871
+ "type": "string"
3872
+ },
3873
+ "tokenUrl": {
3874
+ "type": "string"
3875
+ },
3876
+ "scope": {
3877
+ "deprecated": "use `additionalScopes` instead",
3878
+ "type": "string"
3879
+ },
3880
+ "additionalScopes": {
2765
3881
  "anyOf": [
2766
3882
  {
2767
- "type": "object",
2768
- "properties": {},
2769
- "additionalProperties": true
3883
+ "type": "array",
3884
+ "items": {
3885
+ "type": "string"
3886
+ }
2770
3887
  },
2771
3888
  {
2772
3889
  "type": "string"
2773
3890
  }
2774
3891
  ]
2775
3892
  },
2776
- "ensureExists": {
2777
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
3893
+ "disableRefresh": {
2778
3894
  "type": "boolean"
2779
3895
  },
2780
- "ensureSchemaExists": {
2781
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
3896
+ "includeBasicAuth": {
2782
3897
  "type": "boolean"
2783
3898
  },
2784
- "knexConfig": {
2785
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
3899
+ "signIn": {
2786
3900
  "type": "object",
2787
- "properties": {},
2788
- "additionalProperties": true
2789
- },
2790
- "role": {
2791
- "description": "Configures the ownership of newly created schemas in pg databases.",
2792
- "type": "string"
2793
- },
2794
- "skipMigrations": {
2795
- "description": "Skip running database migrations.",
2796
- "type": "boolean"
3901
+ "properties": {
3902
+ "resolvers": {
3903
+ "type": "array",
3904
+ "items": {
3905
+ "anyOf": [
3906
+ {
3907
+ "type": "object",
3908
+ "properties": {
3909
+ "resolver": {
3910
+ "type": "string",
3911
+ "const": "usernameMatchingUserEntityName"
3912
+ }
3913
+ },
3914
+ "required": [
3915
+ "resolver"
3916
+ ]
3917
+ },
3918
+ {
3919
+ "type": "object",
3920
+ "properties": {
3921
+ "resolver": {
3922
+ "type": "string",
3923
+ "const": "emailLocalPartMatchingUserEntityName"
3924
+ },
3925
+ "allowedDomains": {
3926
+ "type": "array",
3927
+ "items": {
3928
+ "type": "string"
3929
+ }
3930
+ }
3931
+ },
3932
+ "required": [
3933
+ "resolver"
3934
+ ]
3935
+ },
3936
+ {
3937
+ "type": "object",
3938
+ "properties": {
3939
+ "resolver": {
3940
+ "type": "string",
3941
+ "const": "emailMatchingUserEntityProfileEmail"
3942
+ }
3943
+ },
3944
+ "required": [
3945
+ "resolver"
3946
+ ]
3947
+ }
3948
+ ]
3949
+ }
3950
+ }
3951
+ },
3952
+ "required": [
3953
+ "resolvers"
3954
+ ]
2797
3955
  }
2798
- }
2799
- }
2800
- }
2801
- },
2802
- "required": [
2803
- "client",
2804
- "connection"
2805
- ]
2806
- },
2807
- "cache": {
2808
- "description": "Cache connection configuration, select cache type using the `store` field",
2809
- "anyOf": [
2810
- {
2811
- "type": "object",
2812
- "properties": {
2813
- "store": {
2814
- "type": "string",
2815
- "const": "memory"
2816
- },
2817
- "defaultTtl": {
2818
- "description": "An optional default TTL (in milliseconds)."
2819
- }
2820
- },
2821
- "required": [
2822
- "store"
2823
- ]
2824
- },
2825
- {
2826
- "type": "object",
2827
- "properties": {
2828
- "store": {
2829
- "type": "string",
2830
- "const": "redis"
2831
- },
2832
- "connection": {
2833
- "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2834
- "visibility": "secret",
2835
- "type": "string"
2836
- },
2837
- "defaultTtl": {
2838
- "description": "An optional default TTL (in milliseconds)."
2839
3956
  },
2840
- "useRedisSets": {
2841
- "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2842
- "type": "boolean"
2843
- }
2844
- },
2845
- "required": [
2846
- "connection",
2847
- "store"
2848
- ]
2849
- },
2850
- {
2851
- "type": "object",
2852
- "properties": {
2853
- "store": {
2854
- "type": "string",
2855
- "const": "memcache"
2856
- },
2857
- "connection": {
2858
- "description": "A memcache connection string in the form `user:pass@host:port`.",
2859
- "visibility": "secret",
2860
- "type": "string"
2861
- },
2862
- "defaultTtl": {
2863
- "description": "An optional default TTL (in milliseconds)."
2864
- }
2865
- },
2866
- "required": [
2867
- "connection",
2868
- "store"
2869
- ]
3957
+ "required": [
3958
+ "authorizationUrl",
3959
+ "clientId",
3960
+ "clientSecret",
3961
+ "tokenUrl"
3962
+ ]
3963
+ }
2870
3964
  }
2871
- ]
2872
- },
2873
- "cors": {
3965
+ }
3966
+ }
3967
+ }
3968
+ }
3969
+ },
3970
+ "$schema": "http://json-schema.org/draft-07/schema#"
3971
+ }
3972
+ },
3973
+ {
3974
+ "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
3975
+ "value": {
3976
+ "type": "object",
3977
+ "properties": {
3978
+ "auth": {
3979
+ "type": "object",
3980
+ "properties": {
3981
+ "providers": {
2874
3982
  "type": "object",
2875
3983
  "properties": {
2876
- "origin": {
2877
- "anyOf": [
2878
- {
2879
- "type": "array",
2880
- "items": {
3984
+ "oidc": {
3985
+ "visibility": "frontend",
3986
+ "type": "object",
3987
+ "additionalProperties": {
3988
+ "type": "object",
3989
+ "properties": {
3990
+ "clientId": {
2881
3991
  "type": "string"
2882
- }
2883
- },
2884
- {
2885
- "type": "string"
2886
- }
2887
- ]
2888
- },
2889
- "methods": {
2890
- "anyOf": [
2891
- {
2892
- "type": "array",
2893
- "items": {
3992
+ },
3993
+ "clientSecret": {
3994
+ "visibility": "secret",
2894
3995
  "type": "string"
2895
- }
2896
- },
2897
- {
2898
- "type": "string"
2899
- }
2900
- ]
2901
- },
2902
- "allowedHeaders": {
2903
- "anyOf": [
2904
- {
2905
- "type": "array",
2906
- "items": {
3996
+ },
3997
+ "metadataUrl": {
2907
3998
  "type": "string"
2908
- }
2909
- },
2910
- {
2911
- "type": "string"
2912
- }
2913
- ]
2914
- },
2915
- "exposedHeaders": {
2916
- "anyOf": [
2917
- {
2918
- "type": "array",
2919
- "items": {
3999
+ },
4000
+ "callbackUrl": {
4001
+ "type": "string"
4002
+ },
4003
+ "tokenEndpointAuthMethod": {
4004
+ "type": "string"
4005
+ },
4006
+ "tokenSignedResponseAlg": {
4007
+ "type": "string"
4008
+ },
4009
+ "additionalScopes": {
4010
+ "anyOf": [
4011
+ {
4012
+ "type": "array",
4013
+ "items": {
4014
+ "type": "string"
4015
+ }
4016
+ },
4017
+ {
4018
+ "type": "string"
4019
+ }
4020
+ ]
4021
+ },
4022
+ "prompt": {
2920
4023
  "type": "string"
4024
+ },
4025
+ "signIn": {
4026
+ "type": "object",
4027
+ "properties": {
4028
+ "resolvers": {
4029
+ "type": "array",
4030
+ "items": {
4031
+ "anyOf": [
4032
+ {
4033
+ "type": "object",
4034
+ "properties": {
4035
+ "resolver": {
4036
+ "type": "string",
4037
+ "const": "emailLocalPartMatchingUserEntityName"
4038
+ },
4039
+ "allowedDomains": {
4040
+ "type": "array",
4041
+ "items": {
4042
+ "type": "string"
4043
+ }
4044
+ }
4045
+ },
4046
+ "required": [
4047
+ "resolver"
4048
+ ]
4049
+ },
4050
+ {
4051
+ "type": "object",
4052
+ "properties": {
4053
+ "resolver": {
4054
+ "type": "string",
4055
+ "const": "emailMatchingUserEntityProfileEmail"
4056
+ }
4057
+ },
4058
+ "required": [
4059
+ "resolver"
4060
+ ]
4061
+ }
4062
+ ]
4063
+ }
4064
+ }
4065
+ },
4066
+ "required": [
4067
+ "resolvers"
4068
+ ]
2921
4069
  }
2922
4070
  },
2923
- {
2924
- "type": "string"
2925
- }
2926
- ]
2927
- },
2928
- "credentials": {
2929
- "type": "boolean"
2930
- },
2931
- "maxAge": {
2932
- "type": "number"
2933
- },
2934
- "preflightContinue": {
2935
- "type": "boolean"
2936
- },
2937
- "optionsSuccessStatus": {
2938
- "type": "number"
2939
- }
2940
- }
2941
- },
2942
- "csp": {
2943
- "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2944
- "type": "object",
2945
- "additionalProperties": {
2946
- "anyOf": [
2947
- {
2948
- "type": "array",
2949
- "items": {
2950
- "type": "string"
2951
- }
2952
- },
2953
- {
2954
- "const": false,
2955
- "type": "boolean"
4071
+ "required": [
4072
+ "clientId",
4073
+ "clientSecret",
4074
+ "metadataUrl"
4075
+ ]
2956
4076
  }
2957
- ]
4077
+ }
2958
4078
  }
2959
- },
2960
- "reading": {
2961
- "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
4079
+ }
4080
+ }
4081
+ }
4082
+ },
4083
+ "$schema": "http://json-schema.org/draft-07/schema#"
4084
+ }
4085
+ },
4086
+ {
4087
+ "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
4088
+ "value": {
4089
+ "type": "object",
4090
+ "properties": {
4091
+ "auth": {
4092
+ "type": "object",
4093
+ "properties": {
4094
+ "providers": {
2962
4095
  "type": "object",
2963
4096
  "properties": {
2964
- "allow": {
2965
- "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2966
- "type": "array",
2967
- "items": {
4097
+ "okta": {
4098
+ "visibility": "frontend",
4099
+ "type": "object",
4100
+ "additionalProperties": {
2968
4101
  "type": "object",
2969
4102
  "properties": {
2970
- "host": {
2971
- "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
4103
+ "clientId": {
2972
4104
  "type": "string"
2973
4105
  },
2974
- "paths": {
2975
- "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2976
- "type": "array",
2977
- "items": {
2978
- "type": "string"
2979
- }
4106
+ "clientSecret": {
4107
+ "visibility": "secret",
4108
+ "type": "string"
4109
+ },
4110
+ "audience": {
4111
+ "type": "string"
4112
+ },
4113
+ "authServerId": {
4114
+ "type": "string"
4115
+ },
4116
+ "idp": {
4117
+ "type": "string"
4118
+ },
4119
+ "callbackUrl": {
4120
+ "type": "string"
4121
+ },
4122
+ "additionalScopes": {
4123
+ "anyOf": [
4124
+ {
4125
+ "type": "array",
4126
+ "items": {
4127
+ "type": "string"
4128
+ }
4129
+ },
4130
+ {
4131
+ "type": "string"
4132
+ }
4133
+ ]
4134
+ },
4135
+ "signIn": {
4136
+ "type": "object",
4137
+ "properties": {
4138
+ "resolvers": {
4139
+ "type": "array",
4140
+ "items": {
4141
+ "anyOf": [
4142
+ {
4143
+ "type": "object",
4144
+ "properties": {
4145
+ "resolver": {
4146
+ "type": "string",
4147
+ "const": "emailMatchingUserEntityAnnotation"
4148
+ }
4149
+ },
4150
+ "required": [
4151
+ "resolver"
4152
+ ]
4153
+ },
4154
+ {
4155
+ "type": "object",
4156
+ "properties": {
4157
+ "resolver": {
4158
+ "type": "string",
4159
+ "const": "emailLocalPartMatchingUserEntityName"
4160
+ },
4161
+ "allowedDomains": {
4162
+ "type": "array",
4163
+ "items": {
4164
+ "type": "string"
4165
+ }
4166
+ }
4167
+ },
4168
+ "required": [
4169
+ "resolver"
4170
+ ]
4171
+ },
4172
+ {
4173
+ "type": "object",
4174
+ "properties": {
4175
+ "resolver": {
4176
+ "type": "string",
4177
+ "const": "emailMatchingUserEntityProfileEmail"
4178
+ }
4179
+ },
4180
+ "required": [
4181
+ "resolver"
4182
+ ]
4183
+ }
4184
+ ]
4185
+ }
4186
+ }
4187
+ },
4188
+ "required": [
4189
+ "resolvers"
4190
+ ]
2980
4191
  }
2981
4192
  },
2982
4193
  "required": [
2983
- "host"
4194
+ "clientId",
4195
+ "clientSecret"
2984
4196
  ]
2985
4197
  }
2986
4198
  }
2987
4199
  }
2988
4200
  }
2989
- },
2990
- "required": [
2991
- "baseUrl",
2992
- "database"
2993
- ]
2994
- },
2995
- "discovery": {
2996
- "description": "Options used by the default discovery service.",
4201
+ }
4202
+ }
4203
+ },
4204
+ "$schema": "http://json-schema.org/draft-07/schema#"
4205
+ }
4206
+ },
4207
+ {
4208
+ "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
4209
+ "value": {
4210
+ "type": "object",
4211
+ "properties": {
4212
+ "auth": {
2997
4213
  "type": "object",
2998
4214
  "properties": {
2999
- "endpoints": {
3000
- "description": "A list of target baseUrls and the associated plugins.",
3001
- "type": "array",
3002
- "items": {
3003
- "type": "object",
3004
- "properties": {
3005
- "target": {
3006
- "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
3007
- "anyOf": [
3008
- {
4215
+ "providers": {
4216
+ "type": "object",
4217
+ "properties": {
4218
+ "onelogin": {
4219
+ "visibility": "frontend",
4220
+ "type": "object",
4221
+ "additionalProperties": {
4222
+ "type": "object",
4223
+ "properties": {
4224
+ "clientId": {
4225
+ "type": "string"
4226
+ },
4227
+ "clientSecret": {
4228
+ "visibility": "secret",
4229
+ "type": "string"
4230
+ },
4231
+ "issuer": {
4232
+ "type": "string"
4233
+ },
4234
+ "callbackUrl": {
4235
+ "type": "string"
4236
+ },
4237
+ "signIn": {
3009
4238
  "type": "object",
3010
4239
  "properties": {
3011
- "internal": {
3012
- "type": "string"
3013
- },
3014
- "external": {
3015
- "type": "string"
4240
+ "resolvers": {
4241
+ "type": "array",
4242
+ "items": {
4243
+ "anyOf": [
4244
+ {
4245
+ "type": "object",
4246
+ "properties": {
4247
+ "resolver": {
4248
+ "type": "string",
4249
+ "const": "usernameMatchingUserEntityName"
4250
+ }
4251
+ },
4252
+ "required": [
4253
+ "resolver"
4254
+ ]
4255
+ },
4256
+ {
4257
+ "type": "object",
4258
+ "properties": {
4259
+ "resolver": {
4260
+ "type": "string",
4261
+ "const": "emailLocalPartMatchingUserEntityName"
4262
+ },
4263
+ "allowedDomains": {
4264
+ "type": "array",
4265
+ "items": {
4266
+ "type": "string"
4267
+ }
4268
+ }
4269
+ },
4270
+ "required": [
4271
+ "resolver"
4272
+ ]
4273
+ },
4274
+ {
4275
+ "type": "object",
4276
+ "properties": {
4277
+ "resolver": {
4278
+ "type": "string",
4279
+ "const": "emailMatchingUserEntityProfileEmail"
4280
+ }
4281
+ },
4282
+ "required": [
4283
+ "resolver"
4284
+ ]
4285
+ }
4286
+ ]
4287
+ }
3016
4288
  }
3017
4289
  },
3018
4290
  "required": [
3019
- "external",
3020
- "internal"
4291
+ "resolvers"
3021
4292
  ]
3022
- },
3023
- {
3024
- "type": "string"
3025
4293
  }
4294
+ },
4295
+ "required": [
4296
+ "clientId",
4297
+ "clientSecret",
4298
+ "issuer"
3026
4299
  ]
3027
- },
3028
- "plugins": {
3029
- "description": "Array of plugins which use the target base URL.",
3030
- "type": "array",
3031
- "items": {
3032
- "type": "string"
3033
- }
3034
4300
  }
3035
- },
3036
- "required": [
3037
- "plugins",
3038
- "target"
3039
- ]
4301
+ }
3040
4302
  }
3041
4303
  }
3042
- },
3043
- "required": [
3044
- "endpoints"
3045
- ]
4304
+ }
3046
4305
  }
3047
4306
  },
3048
- "required": [
3049
- "app"
3050
- ],
3051
4307
  "$schema": "http://json-schema.org/draft-07/schema#"
3052
4308
  }
3053
4309
  }