@techdocs/cli 1.8.20-next.2 → 1.8.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +11 -0
  2. package/dist/embedded-app/.config-schema.json +2442 -1186
  3. package/dist/embedded-app/index.html +1 -1
  4. package/dist/embedded-app/index.html.tmpl +1 -1
  5. package/dist/embedded-app/static/{main.4da17177.js → main.9768e58f.js} +1 -1
  6. package/dist/embedded-app/static/main.9768e58f.js.map +1 -0
  7. package/dist/embedded-app/static/{runtime.4da17177.js → runtime.9768e58f.js} +1 -1
  8. package/dist/embedded-app/static/{runtime.4da17177.js.map → runtime.9768e58f.js.map} +1 -1
  9. package/dist/embedded-app/static/{vendor.4da17177.js → vendor.9768e58f.js} +2 -2
  10. package/dist/embedded-app/static/{vendor.4da17177.js.map → vendor.9768e58f.js.map} +1 -1
  11. package/dist/package.json.cjs.js +1 -1
  12. package/package.json +7 -7
  13. package/dist/embedded-app/static/main.4da17177.js.map +0 -1
package/dist/embedded-app/.config-schema.json CHANGED
@@ -1524,43 +1524,255 @@
1524
1524
  }
1525
1525
  },
1526
1526
  {
1527
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/core-components/config.d.ts",
1527
+ "path": "../../plugins/auth-backend/config.d.ts",
1528
1528
  "value": {
1529
1529
  "type": "object",
1530
1530
  "properties": {
1531
1531
  "auth": {
1532
+ "description": "Configuration options for the auth plugin",
1532
1533
  "type": "object",
1533
1534
  "properties": {
1534
- "autologout": {
1535
- "description": "Autologout feature configuration",
1535
+ "environment": {
1536
+ "description": "The 'environment' attribute",
1537
+ "visibility": "frontend",
1538
+ "type": "string"
1539
+ },
1540
+ "session": {
1536
1541
  "type": "object",
1537
1542
  "properties": {
1538
- "enabled": {
1539
- "description": "Enable or disable the autologout feature",
1540
- "visibility": "frontend",
1541
- "type": "boolean"
1543
+ "secret": {
1544
+ "description": "The secret attribute of session object.",
1545
+ "visibility": "secret",
1546
+ "type": "string"
1547
+ }
1548
+ }
1549
+ },
1550
+ "identityTokenAlgorithm": {
1551
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match one of the algorithms defined for IdentityClient.\nWhen setting a different algorithm, check if the `key` field\nof the `signing_keys` table can fit the length of the generated keys.\nIf not, add a knex migration file in the migrations folder.\nMore info on supported algorithms: https://github.com/panva/jose",
1552
+ "type": "string"
1553
+ },
1554
+ "keyStore": {
1555
+ "description": "To control how to store JWK data in auth-backend",
1556
+ "type": "object",
1557
+ "properties": {
1558
+ "provider": {
1559
+ "enum": [
1560
+ "database",
1561
+ "firestore",
1562
+ "memory",
1563
+ "static"
1564
+ ],
1565
+ "type": "string"
1542
1566
  },
1543
- "idleTimeoutMinutes": {
1544
- "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
1545
- "visibility": "frontend",
1546
- "type": "number"
1567
+ "firestore": {
1568
+ "type": "object",
1569
+ "properties": {
1570
+ "host": {
1571
+ "description": "The host to connect to",
1572
+ "type": "string"
1573
+ },
1574
+ "port": {
1575
+ "description": "The port to connect to",
1576
+ "type": "number"
1577
+ },
1578
+ "ssl": {
1579
+ "description": "Whether to use SSL when connecting.",
1580
+ "type": "boolean"
1581
+ },
1582
+ "projectId": {
1583
+ "description": "The Google Cloud Project ID",
1584
+ "type": "string"
1585
+ },
1586
+ "keyFilename": {
1587
+ "description": "Local file containing the Service Account credentials.\nYou can omit this value to automatically read from\nGOOGLE_APPLICATION_CREDENTIALS env which is useful for local\ndevelopment.",
1588
+ "type": "string"
1589
+ },
1590
+ "path": {
1591
+ "description": "The path to use for the collection. Defaults to 'sessions'",
1592
+ "type": "string"
1593
+ },
1594
+ "timeout": {
1595
+ "description": "Timeout used for database operations. Defaults to 10000ms",
1596
+ "type": "number"
1597
+ }
1598
+ }
1547
1599
  },
1548
- "promptBeforeIdleSeconds": {
1549
- "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
1600
+ "static": {
1601
+ "type": "object",
1602
+ "properties": {
1603
+ "keys": {
1604
+ "description": "Must be declared at least once and the first one will be used for signing",
1605
+ "type": "array",
1606
+ "items": {
1607
+ "type": "object",
1608
+ "properties": {
1609
+ "publicKeyFile": {
1610
+ "description": "Path to the public key file in the SPKI format",
1611
+ "type": "string"
1612
+ },
1613
+ "privateKeyFile": {
1614
+ "description": "Path to the matching private key file in the PKCS#8 format",
1615
+ "type": "string"
1616
+ },
1617
+ "keyId": {
1618
+ "description": "id to uniquely identify this key within the JWK set",
1619
+ "type": "string"
1620
+ },
1621
+ "algorithm": {
1622
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
1623
+ "type": "string"
1624
+ }
1625
+ },
1626
+ "required": [
1627
+ "keyId",
1628
+ "privateKeyFile",
1629
+ "publicKeyFile"
1630
+ ]
1631
+ }
1632
+ }
1633
+ },
1634
+ "required": [
1635
+ "keys"
1636
+ ]
1637
+ }
1638
+ }
1639
+ },
1640
+ "providers": {
1641
+ "description": "The available auth-provider options and attributes",
1642
+ "additionalProperties": true,
1643
+ "type": "object",
1644
+ "properties": {
1645
+ "saml": {
1550
1646
  "visibility": "frontend",
1551
- "type": "number"
1647
+ "type": "object",
1648
+ "properties": {
1649
+ "entryPoint": {
1650
+ "type": "string"
1651
+ },
1652
+ "logoutUrl": {
1653
+ "type": "string"
1654
+ },
1655
+ "issuer": {
1656
+ "type": "string"
1657
+ },
1658
+ "cert": {
1659
+ "visibility": "secret",
1660
+ "type": "string"
1661
+ },
1662
+ "audience": {
1663
+ "type": "string"
1664
+ },
1665
+ "privateKey": {
1666
+ "visibility": "secret",
1667
+ "type": "string"
1668
+ },
1669
+ "authnContext": {
1670
+ "type": "array",
1671
+ "items": {
1672
+ "type": "string"
1673
+ }
1674
+ },
1675
+ "identifierFormat": {
1676
+ "type": "string"
1677
+ },
1678
+ "decryptionPvk": {
1679
+ "visibility": "secret",
1680
+ "type": "string"
1681
+ },
1682
+ "signatureAlgorithm": {
1683
+ "enum": [
1684
+ "sha256",
1685
+ "sha512"
1686
+ ],
1687
+ "type": "string"
1688
+ },
1689
+ "digestAlgorithm": {
1690
+ "type": "string"
1691
+ },
1692
+ "acceptedClockSkewMs": {
1693
+ "type": "number"
1694
+ }
1695
+ },
1696
+ "required": [
1697
+ "cert",
1698
+ "entryPoint",
1699
+ "issuer"
1700
+ ]
1552
1701
  },
1553
- "useWorkerTimers": {
1554
- "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
1702
+ "auth0": {
1555
1703
  "visibility": "frontend",
1556
- "type": "boolean"
1704
+ "type": "object",
1705
+ "additionalProperties": {
1706
+ "type": "object",
1707
+ "properties": {
1708
+ "clientId": {
1709
+ "type": "string"
1710
+ },
1711
+ "clientSecret": {
1712
+ "visibility": "secret",
1713
+ "type": "string"
1714
+ },
1715
+ "domain": {
1716
+ "type": "string"
1717
+ },
1718
+ "callbackUrl": {
1719
+ "type": "string"
1720
+ },
1721
+ "audience": {
1722
+ "type": "string"
1723
+ },
1724
+ "connection": {
1725
+ "type": "string"
1726
+ },
1727
+ "connectionScope": {
1728
+ "type": "string"
1729
+ }
1730
+ },
1731
+ "required": [
1732
+ "clientId",
1733
+ "clientSecret",
1734
+ "domain"
1735
+ ]
1736
+ }
1557
1737
  },
1558
- "logoutIfDisconnected": {
1559
- "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
1738
+ "onelogin": {
1560
1739
  "visibility": "frontend",
1561
- "type": "boolean"
1740
+ "type": "object",
1741
+ "additionalProperties": {
1742
+ "type": "object",
1743
+ "properties": {
1744
+ "clientId": {
1745
+ "type": "string"
1746
+ },
1747
+ "clientSecret": {
1748
+ "visibility": "secret",
1749
+ "type": "string"
1750
+ },
1751
+ "issuer": {
1752
+ "type": "string"
1753
+ },
1754
+ "callbackUrl": {
1755
+ "type": "string"
1756
+ }
1757
+ },
1758
+ "required": [
1759
+ "clientId",
1760
+ "clientSecret",
1761
+ "issuer"
1762
+ ]
1763
+ }
1764
+ },
1765
+ "backstageTokenExpiration": {
1766
+ "description": "The backstage token expiration."
1562
1767
  }
1563
1768
  }
1769
+ },
1770
+ "experimentalExtraAllowedOrigins": {
1771
+ "description": "Additional app origins to allow for authenticating",
1772
+ "type": "array",
1773
+ "items": {
1774
+ "type": "string"
1775
+ }
1564
1776
  }
1565
1777
  }
1566
1778
  }
@@ -1568,6 +1780,51 @@
1568
1780
  "$schema": "http://json-schema.org/draft-07/schema#"
1569
1781
  }
1570
1782
  },
1783
+ {
1784
+ "path": "../../plugins/auth-backend-module-guest-provider/config.d.ts",
1785
+ "value": {
1786
+ "type": "object",
1787
+ "properties": {
1788
+ "auth": {
1789
+ "description": "Configuration options for the auth plugin",
1790
+ "type": "object",
1791
+ "properties": {
1792
+ "providers": {
1793
+ "type": "object",
1794
+ "properties": {
1795
+ "guest": {
1796
+ "type": "object",
1797
+ "properties": {
1798
+ "userEntityRef": {
1799
+ "description": "The entity reference to use for the guest user.",
1800
+ "default": "user:development/guest",
1801
+ "type": "string"
1802
+ },
1803
+ "ownershipEntityRefs": {
1804
+ "description": "A list of entity references to user for ownership of the guest user if the user\n is not found in the catalog.",
1805
+ "default": "[userEntityRef]",
1806
+ "type": "array",
1807
+ "items": {
1808
+ "type": "string"
1809
+ }
1810
+ },
1811
+ "dangerouslyAllowOutsideDevelopment": {
1812
+ "description": "Allow users to sign in with the guest provider outside of their development environments.",
1813
+ "type": "boolean"
1814
+ }
1815
+ }
1816
+ }
1817
+ }
1818
+ }
1819
+ },
1820
+ "required": [
1821
+ "providers"
1822
+ ]
1823
+ }
1824
+ },
1825
+ "$schema": "http://json-schema.org/draft-07/schema#"
1826
+ }
1827
+ },
1571
1828
  {
1572
1829
  "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/core-components/config.d.ts",
1573
1830
  "value": {
@@ -1614,460 +1871,1142 @@
1614
1871
  }
1615
1872
  },
1616
1873
  {
1617
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/backend-plugin-api/config.d.ts",
1618
- "value": {
1619
- "type": "object",
1620
- "properties": {
1621
- "backend": {
1622
- "type": "object",
1623
- "properties": {
1624
- "workingDirectory": {
1625
- "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
1626
- "type": "string"
1627
- }
1628
- }
1629
- }
1630
- },
1631
- "$schema": "http://json-schema.org/draft-07/schema#"
1632
- }
1633
- },
1634
- {
1635
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/integration/config.d.ts",
1874
+ "path": "../integration-aws-node/config.d.ts",
1636
1875
  "value": {
1637
1876
  "type": "object",
1638
1877
  "properties": {
1639
- "integrations": {
1640
- "description": "Configuration for integrations towards various external repository provider systems",
1641
- "visibility": "frontend",
1878
+ "aws": {
1879
+ "description": "Configuration for access to AWS accounts",
1642
1880
  "type": "object",
1643
1881
  "properties": {
1644
- "azure": {
1645
- "description": "Integration configuration for Azure",
1646
- "type": "array",
1647
- "items": {
1648
- "type": "object",
1649
- "properties": {
1650
- "host": {
1651
- "description": "The hostname of the given Azure instance",
1652
- "visibility": "frontend",
1653
- "type": "string"
1654
- },
1655
- "token": {
1656
- "description": "Token used to authenticate requests.",
1657
- "visibility": "secret",
1658
- "deprecated": "Use `credentials` instead.",
1659
- "type": "string"
1660
- },
1661
- "credential": {
1662
- "description": "The credential to use for requests.\n\nIf no credential is specified anonymous access is used.",
1663
- "deepVisibility": "secret",
1664
- "deprecated": "Use `credentials` instead.",
1665
- "type": "object",
1666
- "properties": {
1667
- "clientId": {
1668
- "type": "string"
1669
- },
1670
- "clientSecret": {
1671
- "type": "string"
1672
- },
1673
- "tenantId": {
1674
- "type": "string"
1675
- },
1676
- "personalAccessToken": {
1677
- "type": "string"
1678
- }
1679
- }
1680
- },
1681
- "credentials": {
1682
- "description": "The credentials to use for requests. If multiple credentials are specified the first one that matches the organization is used.\nIf not organization matches the first credential without an organization is used.\n\nIf no credentials are specified at all, either a default credential (for Azure DevOps) or anonymous access (for Azure DevOps Server) is used.",
1683
- "deepVisibility": "secret",
1684
- "type": "array",
1685
- "items": {
1686
- "type": "object",
1687
- "properties": {
1688
- "clientId": {
1689
- "type": "string"
1690
- },
1691
- "clientSecret": {
1692
- "type": "string"
1693
- },
1694
- "tenantId": {
1695
- "type": "string"
1696
- },
1697
- "personalAccessToken": {
1698
- "type": "string"
1699
- }
1700
- }
1701
- }
1702
- }
1882
+ "accountDefaults": {
1883
+ "description": "Defaults for retrieving AWS account credentials",
1884
+ "type": "object",
1885
+ "properties": {
1886
+ "roleName": {
1887
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1888
+ "type": "string"
1703
1889
  },
1704
- "required": [
1705
- "host"
1706
- ]
1707
- }
1708
- },
1709
- "bitbucket": {
1710
- "description": "Integration configuration for Bitbucket",
1711
- "deprecated": "replaced by bitbucketCloud and bitbucketServer",
1712
- "type": "array",
1713
- "items": {
1714
- "type": "object",
1715
- "properties": {
1716
- "host": {
1717
- "description": "The hostname of the given Bitbucket instance",
1718
- "visibility": "frontend",
1719
- "type": "string"
1720
- },
1721
- "token": {
1722
- "description": "Token used to authenticate requests.",
1723
- "visibility": "secret",
1724
- "type": "string"
1725
- },
1726
- "apiBaseUrl": {
1727
- "description": "The base url for the Bitbucket API, for example https://api.bitbucket.org/2.0",
1728
- "visibility": "frontend",
1729
- "type": "string"
1730
- },
1731
- "username": {
1732
- "description": "The username to use for authenticated requests.",
1733
- "visibility": "secret",
1734
- "type": "string"
1735
- },
1736
- "appPassword": {
1737
- "description": "Bitbucket app password used to authenticate requests.",
1738
- "visibility": "secret",
1739
- "type": "string"
1740
- }
1890
+ "partition": {
1891
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1892
+ "type": "string"
1741
1893
  },
1742
- "required": [
1743
- "host"
1744
- ]
1894
+ "region": {
1895
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1896
+ "type": "string"
1897
+ },
1898
+ "externalId": {
1899
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1900
+ "visibility": "secret",
1901
+ "type": "string"
1902
+ }
1745
1903
  }
1746
1904
  },
1747
- "bitbucketCloud": {
1748
- "description": "Integration configuration for Bitbucket Cloud",
1749
- "type": "array",
1750
- "items": {
1751
- "type": "object",
1752
- "properties": {
1753
- "username": {
1754
- "description": "The username to use for authenticated requests.",
1755
- "visibility": "secret",
1756
- "type": "string"
1757
- },
1758
- "appPassword": {
1759
- "description": "Bitbucket Cloud app password used to authenticate requests.",
1760
- "visibility": "secret",
1761
- "type": "string"
1762
- }
1905
+ "mainAccount": {
1906
+ "description": "Main account to use for retrieving AWS account credentials",
1907
+ "type": "object",
1908
+ "properties": {
1909
+ "accessKeyId": {
1910
+ "description": "The access key ID for a set of static AWS credentials",
1911
+ "visibility": "secret",
1912
+ "type": "string"
1763
1913
  },
1764
- "required": [
1765
- "appPassword",
1766
- "username"
1767
- ]
1914
+ "secretAccessKey": {
1915
+ "description": "The secret access key for a set of static AWS credentials",
1916
+ "visibility": "secret",
1917
+ "type": "string"
1918
+ },
1919
+ "profile": {
1920
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1921
+ "type": "string"
1922
+ },
1923
+ "region": {
1924
+ "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
1925
+ "type": "string"
1926
+ }
1768
1927
  }
1769
1928
  },
1770
- "bitbucketServer": {
1771
- "description": "Integration configuration for Bitbucket Server",
1929
+ "accounts": {
1930
+ "description": "Configuration for retrieving AWS accounts credentials",
1772
1931
  "type": "array",
1773
1932
  "items": {
1774
1933
  "type": "object",
1775
1934
  "properties": {
1776
- "host": {
1777
- "description": "The hostname of the given Bitbucket Server instance",
1778
- "visibility": "frontend",
1779
- "type": "string"
1780
- },
1781
- "token": {
1782
- "description": "Token used to authenticate requests.",
1783
- "visibility": "secret",
1935
+ "accountId": {
1936
+ "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
1784
1937
  "type": "string"
1785
1938
  },
1786
- "username": {
1787
- "description": "Username used to authenticate requests with Basic Auth.",
1939
+ "accessKeyId": {
1940
+ "description": "The access key ID for a set of static AWS credentials",
1788
1941
  "visibility": "secret",
1789
1942
  "type": "string"
1790
1943
  },
1791
- "password": {
1792
- "description": "Password (or token as password) used to authenticate requests with Basic Auth.",
1944
+ "secretAccessKey": {
1945
+ "description": "The secret access key for a set of static AWS credentials",
1793
1946
  "visibility": "secret",
1794
1947
  "type": "string"
1795
1948
  },
1796
- "apiBaseUrl": {
1797
- "description": "The base url for the Bitbucket Server API, for example https://<host>/rest/api/1.0",
1798
- "visibility": "frontend",
1799
- "type": "string"
1800
- }
1801
- },
1802
- "required": [
1803
- "host"
1804
- ]
1805
- }
1806
- },
1807
- "gerrit": {
1808
- "description": "Integration configuration for Gerrit",
1809
- "type": "array",
1810
- "items": {
1811
- "type": "object",
1812
- "properties": {
1813
- "host": {
1814
- "description": "The hostname of the given Gerrit instance",
1815
- "visibility": "frontend",
1816
- "type": "string"
1817
- },
1818
- "baseUrl": {
1819
- "description": "The base url for the Gerrit instance.",
1820
- "visibility": "frontend",
1949
+ "profile": {
1950
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1821
1951
  "type": "string"
1822
1952
  },
1823
- "gitilesBaseUrl": {
1824
- "description": "The gitiles base url.",
1825
- "visibility": "frontend",
1953
+ "roleName": {
1954
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1826
1955
  "type": "string"
1827
1956
  },
1828
- "cloneUrl": {
1829
- "description": "The base url for cloning repos.",
1830
- "visibility": "frontend",
1957
+ "partition": {
1958
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1831
1959
  "type": "string"
1832
1960
  },
1833
- "username": {
1834
- "description": "The username to use for authenticated requests.",
1835
- "visibility": "secret",
1961
+ "region": {
1962
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1836
1963
  "type": "string"
1837
1964
  },
1838
- "password": {
1839
- "description": "Gerrit password used to authenticate requests. This can be either a password\nor a generated access token.",
1965
+ "externalId": {
1966
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1840
1967
  "visibility": "secret",
1841
1968
  "type": "string"
1842
1969
  }
1843
1970
  },
1844
1971
  "required": [
1845
- "gitilesBaseUrl",
1846
- "host"
1972
+ "accountId"
1847
1973
  ]
1848
1974
  }
1849
- },
1850
- "github": {
1851
- "description": "Integration configuration for GitHub",
1852
- "type": "array",
1853
- "items": {
1854
- "type": "object",
1855
- "properties": {
1856
- "host": {
1857
- "description": "The hostname of the given GitHub instance",
1858
- "visibility": "frontend",
1859
- "type": "string"
1860
- },
1861
- "token": {
1862
- "description": "Token used to authenticate requests.",
1863
- "visibility": "secret",
1864
- "type": "string"
1865
- },
1866
- "apiBaseUrl": {
1867
- "description": "The base url for the GitHub API, for example https://api.github.com",
1868
- "visibility": "frontend",
1869
- "type": "string"
1870
- },
1871
- "rawBaseUrl": {
1872
- "description": "The base url for GitHub raw resources, for example https://raw.githubusercontent.com",
1873
- "visibility": "frontend",
1874
- "type": "string"
1875
- },
1876
- "apps": {
1877
- "description": "GitHub Apps configuration",
1878
- "type": "array",
1879
- "items": {
1880
- "type": "object",
1881
- "properties": {
1882
- "appId": {
1883
- "description": "The numeric GitHub App ID, string for environment variables",
1884
- "type": [
1885
- "string",
1886
- "number"
1887
- ]
1888
- },
1889
- "privateKey": {
1890
- "description": "The private key to use for auth against the app",
1891
- "visibility": "secret",
1892
- "type": "string"
1893
- },
1894
- "webhookSecret": {
1895
- "description": "The secret used for webhooks",
1896
- "visibility": "secret",
1897
- "type": "string"
1898
- },
1899
- "clientId": {
1900
- "description": "The client ID to use",
1901
- "type": "string"
1902
- },
1903
- "clientSecret": {
1904
- "description": "The client secret to use",
1905
- "visibility": "secret",
1906
- "type": "string"
1907
- },
1908
- "allowedInstallationOwners": {
1909
- "description": "List of installation owners allowed to be used by this GitHub app. The GitHub UI does not provide a way to list the installations.\nHowever you can list the installations with the GitHub API. You can find the list of installations here:\nhttps://api.github.com/app/installations\nThe relevant documentation for this is here.\nhttps://docs.github.com/en/rest/reference/apps#list-installations-for-the-authenticated-app--code-samples",
1910
- "type": "array",
1911
- "items": {
1975
+ }
1976
+ }
1977
+ }
1978
+ },
1979
+ "$schema": "http://json-schema.org/draft-07/schema#"
1980
+ }
1981
+ },
1982
+ {
1983
+ "path": "../backend-app-api/config.d.ts",
1984
+ "value": {
1985
+ "type": "object",
1986
+ "properties": {
1987
+ "backend": {
1988
+ "type": "object",
1989
+ "properties": {
1990
+ "packages": {
1991
+ "description": "Used by the feature discovery service",
1992
+ "anyOf": [
1993
+ {
1994
+ "type": "object",
1995
+ "properties": {
1996
+ "include": {
1997
+ "type": "array",
1998
+ "items": {
1999
+ "type": "string"
2000
+ }
2001
+ },
2002
+ "exclude": {
2003
+ "type": "array",
2004
+ "items": {
2005
+ "type": "string"
2006
+ }
2007
+ }
2008
+ }
2009
+ },
2010
+ {
2011
+ "const": "all",
2012
+ "type": "string"
2013
+ }
2014
+ ]
2015
+ }
2016
+ }
2017
+ }
2018
+ },
2019
+ "$schema": "http://json-schema.org/draft-07/schema#"
2020
+ }
2021
+ },
2022
+ {
2023
+ "path": "../backend-defaults/config.d.ts",
2024
+ "value": {
2025
+ "type": "object",
2026
+ "properties": {
2027
+ "app": {
2028
+ "type": "object",
2029
+ "properties": {
2030
+ "baseUrl": {
2031
+ "type": "string"
2032
+ }
2033
+ },
2034
+ "required": [
2035
+ "baseUrl"
2036
+ ]
2037
+ },
2038
+ "backend": {
2039
+ "type": "object",
2040
+ "properties": {
2041
+ "baseUrl": {
2042
+ "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2043
+ "type": "string"
2044
+ },
2045
+ "listen": {
2046
+ "description": "Address that the backend should listen to.",
2047
+ "anyOf": [
2048
+ {
2049
+ "type": "object",
2050
+ "properties": {
2051
+ "host": {
2052
+ "description": "Address of the interface that the backend should bind to.",
2053
+ "type": "string"
2054
+ },
2055
+ "port": {
2056
+ "description": "Port that the backend should listen to.",
2057
+ "type": [
2058
+ "string",
2059
+ "number"
2060
+ ]
2061
+ }
2062
+ }
2063
+ },
2064
+ {
2065
+ "type": "string"
2066
+ }
2067
+ ]
2068
+ },
2069
+ "https": {
2070
+ "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2071
+ "anyOf": [
2072
+ {
2073
+ "type": "object",
2074
+ "properties": {
2075
+ "certificate": {
2076
+ "description": "Certificate configuration",
2077
+ "type": "object",
2078
+ "properties": {
2079
+ "cert": {
2080
+ "description": "PEM encoded certificate. Use $file to load in a file",
2081
+ "type": "string"
2082
+ },
2083
+ "key": {
2084
+ "description": "PEM encoded certificate key. Use $file to load in a file.",
2085
+ "visibility": "secret",
2086
+ "type": "string"
2087
+ }
2088
+ },
2089
+ "required": [
2090
+ "cert",
2091
+ "key"
2092
+ ]
2093
+ }
2094
+ }
2095
+ },
2096
+ {
2097
+ "const": true,
2098
+ "type": "boolean"
2099
+ }
2100
+ ]
2101
+ },
2102
+ "auth": {
2103
+ "description": "Options used by the default auth, httpAuth and userInfo services.",
2104
+ "type": "object",
2105
+ "properties": {
2106
+ "dangerouslyDisableDefaultAuthPolicy": {
2107
+ "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2108
+ "type": "boolean"
2109
+ },
2110
+ "pluginKeyStore": {
2111
+ "description": "Controls how to store keys for plugin-to-plugin auth",
2112
+ "anyOf": [
2113
+ {
2114
+ "type": "object",
2115
+ "properties": {
2116
+ "type": {
2117
+ "type": "string",
2118
+ "const": "database"
2119
+ }
2120
+ },
2121
+ "required": [
2122
+ "type"
2123
+ ]
2124
+ },
2125
+ {
2126
+ "type": "object",
2127
+ "properties": {
2128
+ "type": {
2129
+ "type": "string",
2130
+ "const": "static"
2131
+ },
2132
+ "static": {
2133
+ "type": "object",
2134
+ "properties": {
2135
+ "keys": {
2136
+ "description": "Must be declared at least once and the first one will be used for signing.",
2137
+ "type": "array",
2138
+ "items": {
2139
+ "type": "object",
2140
+ "properties": {
2141
+ "publicKeyFile": {
2142
+ "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2143
+ "type": "string"
2144
+ },
2145
+ "privateKeyFile": {
2146
+ "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2147
+ "type": "string"
2148
+ },
2149
+ "keyId": {
2150
+ "description": "ID to uniquely identify this key within the JWK set.",
2151
+ "type": "string"
2152
+ },
2153
+ "algorithm": {
2154
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2155
+ "type": "string"
2156
+ }
2157
+ },
2158
+ "required": [
2159
+ "keyId",
2160
+ "publicKeyFile"
2161
+ ]
2162
+ }
2163
+ }
2164
+ },
2165
+ "required": [
2166
+ "keys"
2167
+ ]
2168
+ }
2169
+ },
2170
+ "required": [
2171
+ "static",
2172
+ "type"
2173
+ ]
2174
+ }
2175
+ ]
2176
+ },
2177
+ "externalAccess": {
2178
+ "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2179
+ "type": "array",
2180
+ "items": {
2181
+ "anyOf": [
2182
+ {
2183
+ "type": "object",
2184
+ "properties": {
2185
+ "type": {
2186
+ "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2187
+ "type": "string",
2188
+ "const": "legacy"
2189
+ },
2190
+ "options": {
2191
+ "type": "object",
2192
+ "properties": {
2193
+ "secret": {
2194
+ "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2195
+ "visibility": "secret",
2196
+ "type": "string"
2197
+ },
2198
+ "subject": {
2199
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2200
+ "type": "string"
2201
+ }
2202
+ },
2203
+ "required": [
2204
+ "secret",
2205
+ "subject"
2206
+ ]
2207
+ },
2208
+ "accessRestrictions": {
2209
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2210
+ "type": "array",
2211
+ "items": {
2212
+ "type": "object",
2213
+ "properties": {
2214
+ "plugin": {
2215
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2216
+ "type": "string"
2217
+ },
2218
+ "permission": {
2219
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2220
+ "anyOf": [
2221
+ {
2222
+ "type": "array",
2223
+ "items": {
2224
+ "type": "string"
2225
+ }
2226
+ },
2227
+ {
2228
+ "type": "string"
2229
+ }
2230
+ ]
2231
+ },
2232
+ "permissionAttribute": {
2233
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2234
+ "type": "object",
2235
+ "properties": {
2236
+ "action": {
2237
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2238
+ "anyOf": [
2239
+ {
2240
+ "type": "array",
2241
+ "items": {
2242
+ "type": "string"
2243
+ }
2244
+ },
2245
+ {
2246
+ "type": "string"
2247
+ }
2248
+ ]
2249
+ }
2250
+ }
2251
+ }
2252
+ },
2253
+ "required": [
2254
+ "plugin"
2255
+ ]
2256
+ }
2257
+ }
2258
+ },
2259
+ "required": [
2260
+ "options",
2261
+ "type"
2262
+ ]
2263
+ },
2264
+ {
2265
+ "type": "object",
2266
+ "properties": {
2267
+ "type": {
2268
+ "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2269
+ "type": "string",
2270
+ "const": "static"
2271
+ },
2272
+ "options": {
2273
+ "type": "object",
2274
+ "properties": {
2275
+ "token": {
2276
+ "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2277
+ "visibility": "secret",
2278
+ "type": "string"
2279
+ },
2280
+ "subject": {
2281
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2282
+ "type": "string"
2283
+ }
2284
+ },
2285
+ "required": [
2286
+ "subject",
2287
+ "token"
2288
+ ]
2289
+ },
2290
+ "accessRestrictions": {
2291
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2292
+ "type": "array",
2293
+ "items": {
2294
+ "type": "object",
2295
+ "properties": {
2296
+ "plugin": {
2297
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2298
+ "type": "string"
2299
+ },
2300
+ "permission": {
2301
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2302
+ "anyOf": [
2303
+ {
2304
+ "type": "array",
2305
+ "items": {
2306
+ "type": "string"
2307
+ }
2308
+ },
2309
+ {
2310
+ "type": "string"
2311
+ }
2312
+ ]
2313
+ },
2314
+ "permissionAttribute": {
2315
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2316
+ "type": "object",
2317
+ "properties": {
2318
+ "action": {
2319
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2320
+ "anyOf": [
2321
+ {
2322
+ "type": "array",
2323
+ "items": {
2324
+ "type": "string"
2325
+ }
2326
+ },
2327
+ {
2328
+ "type": "string"
2329
+ }
2330
+ ]
2331
+ }
2332
+ }
2333
+ }
2334
+ },
2335
+ "required": [
2336
+ "plugin"
2337
+ ]
2338
+ }
2339
+ }
2340
+ },
2341
+ "required": [
2342
+ "options",
2343
+ "type"
2344
+ ]
2345
+ },
2346
+ {
2347
+ "type": "object",
2348
+ "properties": {
2349
+ "type": {
2350
+ "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2351
+ "type": "string",
2352
+ "const": "jwks"
2353
+ },
2354
+ "options": {
2355
+ "type": "object",
2356
+ "properties": {
2357
+ "url": {
2358
+ "description": "The full URL of the JWKS endpoint.",
2359
+ "type": "string"
2360
+ },
2361
+ "algorithm": {
2362
+ "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2363
+ "anyOf": [
2364
+ {
2365
+ "type": "array",
2366
+ "items": {
2367
+ "type": "string"
2368
+ }
2369
+ },
2370
+ {
2371
+ "type": "string"
2372
+ }
2373
+ ]
2374
+ },
2375
+ "issuer": {
2376
+ "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2377
+ "anyOf": [
2378
+ {
2379
+ "type": "array",
2380
+ "items": {
2381
+ "type": "string"
2382
+ }
2383
+ },
2384
+ {
2385
+ "type": "string"
2386
+ }
2387
+ ]
2388
+ },
2389
+ "audience": {
2390
+ "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2391
+ "anyOf": [
2392
+ {
2393
+ "type": "array",
2394
+ "items": {
2395
+ "type": "string"
2396
+ }
2397
+ },
2398
+ {
2399
+ "type": "string"
2400
+ }
2401
+ ]
2402
+ },
2403
+ "subjectPrefix": {
2404
+ "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2405
+ "type": "string"
2406
+ }
2407
+ },
2408
+ "required": [
2409
+ "url"
2410
+ ]
2411
+ },
2412
+ "accessRestrictions": {
2413
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2414
+ "type": "array",
2415
+ "items": {
2416
+ "type": "object",
2417
+ "properties": {
2418
+ "plugin": {
2419
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2420
+ "type": "string"
2421
+ },
2422
+ "permission": {
2423
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2424
+ "anyOf": [
2425
+ {
2426
+ "type": "array",
2427
+ "items": {
2428
+ "type": "string"
2429
+ }
2430
+ },
2431
+ {
2432
+ "type": "string"
2433
+ }
2434
+ ]
2435
+ },
2436
+ "permissionAttribute": {
2437
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2438
+ "type": "object",
2439
+ "properties": {
2440
+ "action": {
2441
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2442
+ "anyOf": [
2443
+ {
2444
+ "type": "array",
2445
+ "items": {
2446
+ "type": "string"
2447
+ }
2448
+ },
2449
+ {
2450
+ "type": "string"
2451
+ }
2452
+ ]
2453
+ }
2454
+ }
2455
+ }
2456
+ },
2457
+ "required": [
2458
+ "plugin"
2459
+ ]
2460
+ }
2461
+ }
2462
+ },
2463
+ "required": [
2464
+ "options",
2465
+ "type"
2466
+ ]
2467
+ }
2468
+ ]
2469
+ }
2470
+ }
2471
+ }
2472
+ },
2473
+ "database": {
2474
+ "description": "Database connection configuration, select base database type using the `client` field",
2475
+ "type": "object",
2476
+ "properties": {
2477
+ "client": {
2478
+ "description": "Default database client to use",
2479
+ "enum": [
2480
+ "better-sqlite3",
2481
+ "pg",
2482
+ "sqlite3"
2483
+ ],
2484
+ "type": "string"
2485
+ },
2486
+ "connection": {
2487
+ "description": "Base database connection string, or object with individual connection properties",
2488
+ "visibility": "secret",
2489
+ "anyOf": [
2490
+ {
2491
+ "type": "object",
2492
+ "additionalProperties": {},
2493
+ "properties": {
2494
+ "password": {
2495
+ "description": "Password that belongs to the client User",
2496
+ "visibility": "secret",
2497
+ "type": "string"
2498
+ }
2499
+ }
2500
+ },
2501
+ {
2502
+ "type": "string"
2503
+ }
2504
+ ]
2505
+ },
2506
+ "prefix": {
2507
+ "description": "Database name prefix override",
2508
+ "type": "string"
2509
+ },
2510
+ "ensureExists": {
2511
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2512
+ "type": "boolean"
2513
+ },
2514
+ "ensureSchemaExists": {
2515
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2516
+ "type": "boolean"
2517
+ },
2518
+ "pluginDivisionMode": {
2519
+ "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2520
+ "default": "database",
2521
+ "enum": [
2522
+ "database",
2523
+ "schema"
2524
+ ],
2525
+ "type": "string"
2526
+ },
2527
+ "role": {
2528
+ "description": "Configures the ownership of newly created schemas in pg databases.",
2529
+ "type": "string"
2530
+ },
2531
+ "knexConfig": {
2532
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2533
+ "type": "object",
2534
+ "properties": {},
2535
+ "additionalProperties": true
2536
+ },
2537
+ "skipMigrations": {
2538
+ "description": "Skip running database migrations.",
2539
+ "type": "boolean"
2540
+ },
2541
+ "plugin": {
2542
+ "description": "Plugin specific database configuration and client override",
2543
+ "type": "object",
2544
+ "additionalProperties": {
2545
+ "type": "object",
2546
+ "properties": {
2547
+ "client": {
2548
+ "description": "Database client override",
2549
+ "enum": [
2550
+ "better-sqlite3",
2551
+ "pg",
2552
+ "sqlite3"
2553
+ ],
2554
+ "type": "string"
2555
+ },
2556
+ "connection": {
2557
+ "description": "Database connection string or Knex object override",
2558
+ "visibility": "secret",
2559
+ "anyOf": [
2560
+ {
2561
+ "type": "object",
2562
+ "properties": {},
2563
+ "additionalProperties": true
2564
+ },
2565
+ {
1912
2566
  "type": "string"
1913
2567
  }
1914
- }
2568
+ ]
1915
2569
  },
1916
- "required": [
1917
- "appId",
1918
- "clientId",
1919
- "clientSecret",
1920
- "privateKey",
1921
- "webhookSecret"
1922
- ]
2570
+ "ensureExists": {
2571
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
2572
+ "type": "boolean"
2573
+ },
2574
+ "ensureSchemaExists": {
2575
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2576
+ "type": "boolean"
2577
+ },
2578
+ "knexConfig": {
2579
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
2580
+ "type": "object",
2581
+ "properties": {},
2582
+ "additionalProperties": true
2583
+ },
2584
+ "role": {
2585
+ "description": "Configures the ownership of newly created schemas in pg databases.",
2586
+ "type": "string"
2587
+ },
2588
+ "skipMigrations": {
2589
+ "description": "Skip running database migrations.",
2590
+ "type": "boolean"
2591
+ }
1923
2592
  }
1924
2593
  }
1925
- },
1926
- "required": [
1927
- "host"
1928
- ]
1929
- }
2594
+ }
2595
+ },
2596
+ "required": [
2597
+ "client",
2598
+ "connection"
2599
+ ]
1930
2600
  },
1931
- "gitlab": {
1932
- "description": "Integration configuration for GitLab",
1933
- "type": "array",
1934
- "items": {
1935
- "type": "object",
1936
- "properties": {
1937
- "host": {
1938
- "description": "The host of the target that this matches on, e.g. \"gitlab.com\".",
1939
- "visibility": "frontend",
1940
- "type": "string"
1941
- },
1942
- "apiBaseUrl": {
1943
- "description": "The base URL of the API of this provider, e.g.\n\"https://gitlab.com/api/v4\", with no trailing slash.\n\nMay be omitted specifically for public GitLab; then it will be deduced.",
1944
- "visibility": "frontend",
1945
- "type": "string"
2601
+ "cache": {
2602
+ "description": "Cache connection configuration, select cache type using the `store` field",
2603
+ "anyOf": [
2604
+ {
2605
+ "type": "object",
2606
+ "properties": {
2607
+ "store": {
2608
+ "type": "string",
2609
+ "const": "memory"
2610
+ },
2611
+ "defaultTtl": {
2612
+ "description": "An optional default TTL (in milliseconds)."
2613
+ }
1946
2614
  },
1947
- "token": {
1948
- "description": "The authorization token to use for requests to this provider.\n\nIf no token is specified, anonymous access is used.",
1949
- "visibility": "secret",
1950
- "type": "string"
2615
+ "required": [
2616
+ "store"
2617
+ ]
2618
+ },
2619
+ {
2620
+ "type": "object",
2621
+ "properties": {
2622
+ "store": {
2623
+ "type": "string",
2624
+ "const": "redis"
2625
+ },
2626
+ "connection": {
2627
+ "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2628
+ "visibility": "secret",
2629
+ "type": "string"
2630
+ },
2631
+ "defaultTtl": {
2632
+ "description": "An optional default TTL (in milliseconds)."
2633
+ },
2634
+ "useRedisSets": {
2635
+ "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2636
+ "type": "boolean"
2637
+ }
1951
2638
  },
1952
- "baseUrl": {
1953
- "description": "The baseUrl of this provider, e.g. \"https://gitlab.com\", which is\npassed into the GitLab client.\n\nIf no baseUrl is provided, it will default to https://${host}.",
1954
- "visibility": "frontend",
1955
- "type": "string"
1956
- }
2639
+ "required": [
2640
+ "connection",
2641
+ "store"
2642
+ ]
1957
2643
  },
1958
- "required": [
1959
- "host"
1960
- ]
1961
- }
2644
+ {
2645
+ "type": "object",
2646
+ "properties": {
2647
+ "store": {
2648
+ "type": "string",
2649
+ "const": "memcache"
2650
+ },
2651
+ "connection": {
2652
+ "description": "A memcache connection string in the form `user:pass@host:port`.",
2653
+ "visibility": "secret",
2654
+ "type": "string"
2655
+ },
2656
+ "defaultTtl": {
2657
+ "description": "An optional default TTL (in milliseconds)."
2658
+ }
2659
+ },
2660
+ "required": [
2661
+ "connection",
2662
+ "store"
2663
+ ]
2664
+ }
2665
+ ]
1962
2666
  },
1963
- "googleGcs": {
1964
- "description": "Integration configuration for Google Cloud Storage",
2667
+ "cors": {
1965
2668
  "type": "object",
1966
2669
  "properties": {
1967
- "clientEmail": {
1968
- "description": "Service account email used to authenticate requests.",
1969
- "type": "string"
2670
+ "origin": {
2671
+ "anyOf": [
2672
+ {
2673
+ "type": "array",
2674
+ "items": {
2675
+ "type": "string"
2676
+ }
2677
+ },
2678
+ {
2679
+ "type": "string"
2680
+ }
2681
+ ]
1970
2682
  },
1971
- "privateKey": {
1972
- "description": "Service account private key used to authenticate requests.",
1973
- "visibility": "secret",
1974
- "type": "string"
2683
+ "methods": {
2684
+ "anyOf": [
2685
+ {
2686
+ "type": "array",
2687
+ "items": {
2688
+ "type": "string"
2689
+ }
2690
+ },
2691
+ {
2692
+ "type": "string"
2693
+ }
2694
+ ]
2695
+ },
2696
+ "allowedHeaders": {
2697
+ "anyOf": [
2698
+ {
2699
+ "type": "array",
2700
+ "items": {
2701
+ "type": "string"
2702
+ }
2703
+ },
2704
+ {
2705
+ "type": "string"
2706
+ }
2707
+ ]
2708
+ },
2709
+ "exposedHeaders": {
2710
+ "anyOf": [
2711
+ {
2712
+ "type": "array",
2713
+ "items": {
2714
+ "type": "string"
2715
+ }
2716
+ },
2717
+ {
2718
+ "type": "string"
2719
+ }
2720
+ ]
2721
+ },
2722
+ "credentials": {
2723
+ "type": "boolean"
2724
+ },
2725
+ "maxAge": {
2726
+ "type": "number"
2727
+ },
2728
+ "preflightContinue": {
2729
+ "type": "boolean"
2730
+ },
2731
+ "optionsSuccessStatus": {
2732
+ "type": "number"
1975
2733
  }
1976
- }
1977
- },
1978
- "awsS3": {
1979
- "description": "Integration configuration for AWS S3 Service",
1980
- "type": "array",
1981
- "items": {
1982
- "type": "object",
1983
- "properties": {
1984
- "endpoint": {
1985
- "description": "AWS Endpoint.\nThe endpoint URI to send requests to. The default endpoint is built from the configured region.",
1986
- "visibility": "frontend",
1987
- "type": "string"
1988
- },
1989
- "s3ForcePathStyle": {
1990
- "description": "Whether to use path style URLs when communicating with S3.\nDefaults to false.\nThis allows providers like LocalStack, Minio and Wasabi (and possibly others) to be used.",
1991
- "visibility": "frontend",
1992
- "type": "boolean"
1993
- },
1994
- "accessKeyId": {
1995
- "description": "Account access key used to authenticate requests.",
1996
- "type": "string"
1997
- },
1998
- "secretAccessKey": {
1999
- "description": "Account secret key used to authenticate requests.",
2000
- "visibility": "secret",
2001
- "type": "string"
2002
- },
2003
- "roleArn": {
2004
- "description": "ARN of the role to be assumed",
2005
- "type": "string"
2734
+ }
2735
+ },
2736
+ "csp": {
2737
+ "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2738
+ "type": "object",
2739
+ "additionalProperties": {
2740
+ "anyOf": [
2741
+ {
2742
+ "type": "array",
2743
+ "items": {
2744
+ "type": "string"
2745
+ }
2006
2746
  },
2007
- "externalId": {
2008
- "description": "External ID to use when assuming role",
2009
- "type": "string"
2747
+ {
2748
+ "const": false,
2749
+ "type": "boolean"
2010
2750
  }
2011
- }
2751
+ ]
2012
2752
  }
2013
2753
  },
2014
- "gitea": {
2015
- "description": "Integration configuration for Gitea",
2754
+ "reading": {
2755
+ "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
2756
+ "type": "object",
2757
+ "properties": {
2758
+ "allow": {
2759
+ "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2760
+ "type": "array",
2761
+ "items": {
2762
+ "type": "object",
2763
+ "properties": {
2764
+ "host": {
2765
+ "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
2766
+ "type": "string"
2767
+ },
2768
+ "paths": {
2769
+ "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2770
+ "type": "array",
2771
+ "items": {
2772
+ "type": "string"
2773
+ }
2774
+ }
2775
+ },
2776
+ "required": [
2777
+ "host"
2778
+ ]
2779
+ }
2780
+ }
2781
+ }
2782
+ }
2783
+ },
2784
+ "required": [
2785
+ "baseUrl",
2786
+ "database"
2787
+ ]
2788
+ },
2789
+ "discovery": {
2790
+ "description": "Options used by the default discovery service.",
2791
+ "type": "object",
2792
+ "properties": {
2793
+ "endpoints": {
2794
+ "description": "A list of target baseUrls and the associated plugins.",
2016
2795
  "type": "array",
2017
2796
  "items": {
2018
2797
  "type": "object",
2019
2798
  "properties": {
2020
- "host": {
2021
- "description": "The hostname of the given Gitea instance",
2022
- "visibility": "frontend",
2023
- "type": "string"
2024
- },
2025
- "baseUrl": {
2026
- "description": "The base url for the Gitea instance.",
2027
- "visibility": "frontend",
2028
- "type": "string"
2029
- },
2030
- "username": {
2031
- "description": "The username to use for authenticated requests.",
2032
- "visibility": "secret",
2033
- "type": "string"
2799
+ "target": {
2800
+ "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
2801
+ "anyOf": [
2802
+ {
2803
+ "type": "object",
2804
+ "properties": {
2805
+ "internal": {
2806
+ "type": "string"
2807
+ },
2808
+ "external": {
2809
+ "type": "string"
2810
+ }
2811
+ },
2812
+ "required": [
2813
+ "external",
2814
+ "internal"
2815
+ ]
2816
+ },
2817
+ {
2818
+ "type": "string"
2819
+ }
2820
+ ]
2034
2821
  },
2035
- "password": {
2036
- "description": "Gitea password used to authenticate requests. This can be either a password\nor a generated access token.",
2037
- "visibility": "secret",
2038
- "type": "string"
2822
+ "plugins": {
2823
+ "description": "Array of plugins which use the target base URL.",
2824
+ "type": "array",
2825
+ "items": {
2826
+ "type": "string"
2827
+ }
2039
2828
  }
2040
2829
  },
2041
2830
  "required": [
2042
- "host"
2831
+ "plugins",
2832
+ "target"
2043
2833
  ]
2044
2834
  }
2045
- },
2046
- "harness": {
2047
- "description": "Integration configuration for Harness Code",
2048
- "type": "array",
2049
- "items": {
2050
- "type": "object",
2051
- "properties": {
2052
- "host": {
2053
- "description": "The hostname of the given Harness Code instance",
2054
- "visibility": "frontend",
2055
- "type": "string"
2056
- },
2057
- "apiKey": {
2058
- "description": "The apikey to use for authenticated requests.",
2059
- "visibility": "secret",
2060
- "type": "string"
2061
- },
2062
- "token": {
2063
- "description": "Harness Code token used to authenticate requests. This can be either a generated access token.",
2064
- "visibility": "secret",
2065
- "type": "string"
2835
+ }
2836
+ },
2837
+ "required": [
2838
+ "endpoints"
2839
+ ]
2840
+ }
2841
+ },
2842
+ "required": [
2843
+ "app"
2844
+ ],
2845
+ "$schema": "http://json-schema.org/draft-07/schema#"
2846
+ }
2847
+ },
2848
+ {
2849
+ "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
2850
+ "value": {
2851
+ "type": "object",
2852
+ "properties": {
2853
+ "auth": {
2854
+ "type": "object",
2855
+ "properties": {
2856
+ "providers": {
2857
+ "type": "object",
2858
+ "properties": {
2859
+ "atlassian": {
2860
+ "visibility": "frontend",
2861
+ "type": "object",
2862
+ "additionalProperties": {
2863
+ "type": "object",
2864
+ "properties": {
2865
+ "clientId": {
2866
+ "type": "string"
2867
+ },
2868
+ "clientSecret": {
2869
+ "visibility": "secret",
2870
+ "type": "string"
2871
+ },
2872
+ "audience": {
2873
+ "type": "string"
2874
+ },
2875
+ "callbackUrl": {
2876
+ "type": "string"
2877
+ },
2878
+ "additionalScopes": {
2879
+ "anyOf": [
2880
+ {
2881
+ "type": "array",
2882
+ "items": {
2883
+ "type": "string"
2884
+ }
2885
+ },
2886
+ {
2887
+ "type": "string"
2888
+ }
2889
+ ]
2890
+ },
2891
+ "signIn": {
2892
+ "type": "object",
2893
+ "properties": {
2894
+ "resolvers": {
2895
+ "type": "array",
2896
+ "items": {
2897
+ "anyOf": [
2898
+ {
2899
+ "type": "object",
2900
+ "properties": {
2901
+ "resolver": {
2902
+ "type": "string",
2903
+ "const": "usernameMatchingUserEntityName"
2904
+ }
2905
+ },
2906
+ "required": [
2907
+ "resolver"
2908
+ ]
2909
+ },
2910
+ {
2911
+ "type": "object",
2912
+ "properties": {
2913
+ "resolver": {
2914
+ "type": "string",
2915
+ "const": "emailLocalPartMatchingUserEntityName"
2916
+ },
2917
+ "allowedDomains": {
2918
+ "type": "array",
2919
+ "items": {
2920
+ "type": "string"
2921
+ }
2922
+ }
2923
+ },
2924
+ "required": [
2925
+ "resolver"
2926
+ ]
2927
+ },
2928
+ {
2929
+ "type": "object",
2930
+ "properties": {
2931
+ "resolver": {
2932
+ "type": "string",
2933
+ "const": "emailMatchingUserEntityProfileEmail"
2934
+ }
2935
+ },
2936
+ "required": [
2937
+ "resolver"
2938
+ ]
2939
+ }
2940
+ ]
2941
+ }
2942
+ }
2943
+ },
2944
+ "required": [
2945
+ "resolvers"
2946
+ ]
2947
+ }
2948
+ },
2949
+ "required": [
2950
+ "clientId",
2951
+ "clientSecret"
2952
+ ]
2953
+ }
2954
+ }
2955
+ }
2956
+ }
2957
+ }
2958
+ }
2959
+ },
2960
+ "$schema": "http://json-schema.org/draft-07/schema#"
2961
+ }
2962
+ },
2963
+ {
2964
+ "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
2965
+ "value": {
2966
+ "type": "object",
2967
+ "properties": {
2968
+ "auth": {
2969
+ "type": "object",
2970
+ "properties": {
2971
+ "providers": {
2972
+ "type": "object",
2973
+ "properties": {
2974
+ "auth0": {
2975
+ "visibility": "frontend",
2976
+ "type": "object",
2977
+ "additionalProperties": {
2978
+ "type": "object",
2979
+ "properties": {
2980
+ "clientId": {
2981
+ "type": "string"
2982
+ },
2983
+ "clientSecret": {
2984
+ "visibility": "secret",
2985
+ "type": "string"
2986
+ },
2987
+ "domain": {
2988
+ "type": "string"
2989
+ },
2990
+ "callbackUrl": {
2991
+ "type": "string"
2992
+ },
2993
+ "audience": {
2994
+ "type": "string"
2995
+ },
2996
+ "connection": {
2997
+ "type": "string"
2998
+ },
2999
+ "connectionScope": {
3000
+ "type": "string"
3001
+ }
3002
+ },
3003
+ "required": [
3004
+ "clientId",
3005
+ "clientSecret",
3006
+ "domain"
3007
+ ]
2066
3008
  }
2067
- },
2068
- "required": [
2069
- "host"
2070
- ]
3009
+ }
2071
3010
  }
2072
3011
  }
2073
3012
  }
@@ -2077,106 +3016,257 @@
2077
3016
  }
2078
3017
  },
2079
3018
  {
2080
- "path": "../integration-aws-node/config.d.ts",
3019
+ "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
2081
3020
  "value": {
2082
3021
  "type": "object",
2083
3022
  "properties": {
2084
- "aws": {
2085
- "description": "Configuration for access to AWS accounts",
3023
+ "auth": {
2086
3024
  "type": "object",
2087
3025
  "properties": {
2088
- "accountDefaults": {
2089
- "description": "Defaults for retrieving AWS account credentials",
3026
+ "providers": {
2090
3027
  "type": "object",
2091
3028
  "properties": {
2092
- "roleName": {
2093
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2094
- "type": "string"
2095
- },
2096
- "partition": {
2097
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2098
- "type": "string"
2099
- },
2100
- "region": {
2101
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2102
- "type": "string"
2103
- },
2104
- "externalId": {
2105
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2106
- "visibility": "secret",
2107
- "type": "string"
3029
+ "bitbucket": {
3030
+ "visibility": "frontend",
3031
+ "type": "object",
3032
+ "additionalProperties": {
3033
+ "type": "object",
3034
+ "properties": {
3035
+ "clientId": {
3036
+ "type": "string"
3037
+ },
3038
+ "clientSecret": {
3039
+ "visibility": "secret",
3040
+ "type": "string"
3041
+ },
3042
+ "additionalScopes": {
3043
+ "anyOf": [
3044
+ {
3045
+ "type": "array",
3046
+ "items": {
3047
+ "type": "string"
3048
+ }
3049
+ },
3050
+ {
3051
+ "type": "string"
3052
+ }
3053
+ ]
3054
+ },
3055
+ "signIn": {
3056
+ "type": "object",
3057
+ "properties": {
3058
+ "resolvers": {
3059
+ "type": "array",
3060
+ "items": {
3061
+ "anyOf": [
3062
+ {
3063
+ "type": "object",
3064
+ "properties": {
3065
+ "resolver": {
3066
+ "type": "string",
3067
+ "const": "userIdMatchingUserEntityAnnotation"
3068
+ }
3069
+ },
3070
+ "required": [
3071
+ "resolver"
3072
+ ]
3073
+ },
3074
+ {
3075
+ "type": "object",
3076
+ "properties": {
3077
+ "resolver": {
3078
+ "type": "string",
3079
+ "const": "emailLocalPartMatchingUserEntityName"
3080
+ },
3081
+ "allowedDomains": {
3082
+ "type": "array",
3083
+ "items": {
3084
+ "type": "string"
3085
+ }
3086
+ }
3087
+ },
3088
+ "required": [
3089
+ "resolver"
3090
+ ]
3091
+ },
3092
+ {
3093
+ "type": "object",
3094
+ "properties": {
3095
+ "resolver": {
3096
+ "type": "string",
3097
+ "const": "emailMatchingUserEntityProfileEmail"
3098
+ }
3099
+ },
3100
+ "required": [
3101
+ "resolver"
3102
+ ]
3103
+ }
3104
+ ]
3105
+ }
3106
+ }
3107
+ },
3108
+ "required": [
3109
+ "resolvers"
3110
+ ]
3111
+ }
3112
+ },
3113
+ "required": [
3114
+ "clientId",
3115
+ "clientSecret"
3116
+ ]
3117
+ }
2108
3118
  }
2109
3119
  }
2110
- },
2111
- "mainAccount": {
2112
- "description": "Main account to use for retrieving AWS account credentials",
3120
+ }
3121
+ }
3122
+ }
3123
+ },
3124
+ "$schema": "http://json-schema.org/draft-07/schema#"
3125
+ }
3126
+ },
3127
+ {
3128
+ "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
3129
+ "value": {
3130
+ "type": "object",
3131
+ "properties": {
3132
+ "auth": {
3133
+ "type": "object",
3134
+ "properties": {
3135
+ "providers": {
2113
3136
  "type": "object",
2114
3137
  "properties": {
2115
- "accessKeyId": {
2116
- "description": "The access key ID for a set of static AWS credentials",
2117
- "visibility": "secret",
2118
- "type": "string"
2119
- },
2120
- "secretAccessKey": {
2121
- "description": "The secret access key for a set of static AWS credentials",
2122
- "visibility": "secret",
2123
- "type": "string"
2124
- },
2125
- "profile": {
2126
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2127
- "type": "string"
2128
- },
2129
- "region": {
2130
- "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
2131
- "type": "string"
3138
+ "bitbucketServer": {
3139
+ "visibility": "frontend",
3140
+ "type": "object",
3141
+ "additionalProperties": {
3142
+ "type": "object",
3143
+ "properties": {
3144
+ "clientId": {
3145
+ "type": "string"
3146
+ },
3147
+ "clientSecret": {
3148
+ "visibility": "secret",
3149
+ "type": "string"
3150
+ },
3151
+ "host": {
3152
+ "type": "string"
3153
+ },
3154
+ "callbackUrl": {
3155
+ "type": "string"
3156
+ }
3157
+ },
3158
+ "required": [
3159
+ "clientId",
3160
+ "clientSecret",
3161
+ "host"
3162
+ ]
3163
+ }
2132
3164
  }
2133
3165
  }
2134
- },
2135
- "accounts": {
2136
- "description": "Configuration for retrieving AWS accounts credentials",
2137
- "type": "array",
2138
- "items": {
2139
- "type": "object",
2140
- "properties": {
2141
- "accountId": {
2142
- "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
2143
- "type": "string"
2144
- },
2145
- "accessKeyId": {
2146
- "description": "The access key ID for a set of static AWS credentials",
2147
- "visibility": "secret",
2148
- "type": "string"
2149
- },
2150
- "secretAccessKey": {
2151
- "description": "The secret access key for a set of static AWS credentials",
2152
- "visibility": "secret",
2153
- "type": "string"
2154
- },
2155
- "profile": {
2156
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2157
- "type": "string"
2158
- },
2159
- "roleName": {
2160
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2161
- "type": "string"
2162
- },
2163
- "partition": {
2164
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2165
- "type": "string"
2166
- },
2167
- "region": {
2168
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2169
- "type": "string"
3166
+ }
3167
+ }
3168
+ }
3169
+ },
3170
+ "$schema": "http://json-schema.org/draft-07/schema#"
3171
+ }
3172
+ },
3173
+ {
3174
+ "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
3175
+ "value": {
3176
+ "type": "object",
3177
+ "properties": {
3178
+ "auth": {
3179
+ "type": "object",
3180
+ "properties": {
3181
+ "providers": {
3182
+ "type": "object",
3183
+ "properties": {
3184
+ "gcpIap": {
3185
+ "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
3186
+ "type": "object",
3187
+ "properties": {
3188
+ "audience": {
3189
+ "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
3190
+ "type": "string"
3191
+ },
3192
+ "jwtHeader": {
3193
+ "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
3194
+ "type": "string"
3195
+ },
3196
+ "signIn": {
3197
+ "type": "object",
3198
+ "properties": {
3199
+ "resolvers": {
3200
+ "type": "array",
3201
+ "items": {
3202
+ "anyOf": [
3203
+ {
3204
+ "type": "object",
3205
+ "properties": {
3206
+ "resolver": {
3207
+ "type": "string",
3208
+ "const": "emailMatchingUserEntityAnnotation"
3209
+ }
3210
+ },
3211
+ "required": [
3212
+ "resolver"
3213
+ ]
3214
+ },
3215
+ {
3216
+ "type": "object",
3217
+ "properties": {
3218
+ "resolver": {
3219
+ "type": "string",
3220
+ "const": "idMatchingUserEntityAnnotation"
3221
+ }
3222
+ },
3223
+ "required": [
3224
+ "resolver"
3225
+ ]
3226
+ },
3227
+ {
3228
+ "type": "object",
3229
+ "properties": {
3230
+ "resolver": {
3231
+ "type": "string",
3232
+ "const": "emailLocalPartMatchingUserEntityName"
3233
+ },
3234
+ "allowedDomains": {
3235
+ "type": "array",
3236
+ "items": {
3237
+ "type": "string"
3238
+ }
3239
+ }
3240
+ },
3241
+ "required": [
3242
+ "resolver"
3243
+ ]
3244
+ },
3245
+ {
3246
+ "type": "object",
3247
+ "properties": {
3248
+ "resolver": {
3249
+ "type": "string",
3250
+ "const": "emailMatchingUserEntityProfileEmail"
3251
+ }
3252
+ },
3253
+ "required": [
3254
+ "resolver"
3255
+ ]
3256
+ }
3257
+ ]
3258
+ }
3259
+ }
3260
+ },
3261
+ "required": [
3262
+ "resolvers"
3263
+ ]
3264
+ }
2170
3265
  },
2171
- "externalId": {
2172
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2173
- "visibility": "secret",
2174
- "type": "string"
2175
- }
2176
- },
2177
- "required": [
2178
- "accountId"
2179
- ]
3266
+ "required": [
3267
+ "audience"
3268
+ ]
3269
+ }
2180
3270
  }
2181
3271
  }
2182
3272
  }
@@ -2186,38 +3276,102 @@
2186
3276
  }
2187
3277
  },
2188
3278
  {
2189
- "path": "../backend-app-api/config.d.ts",
3279
+ "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
2190
3280
  "value": {
2191
3281
  "type": "object",
2192
3282
  "properties": {
2193
- "backend": {
3283
+ "auth": {
2194
3284
  "type": "object",
2195
3285
  "properties": {
2196
- "packages": {
2197
- "description": "Used by the feature discovery service",
2198
- "anyOf": [
2199
- {
3286
+ "providers": {
3287
+ "type": "object",
3288
+ "properties": {
3289
+ "cfaccess": {
3290
+ "visibility": "frontend",
2200
3291
  "type": "object",
2201
3292
  "properties": {
2202
- "include": {
2203
- "type": "array",
2204
- "items": {
2205
- "type": "string"
2206
- }
3293
+ "teamName": {
3294
+ "type": "string"
2207
3295
  },
2208
- "exclude": {
3296
+ "serviceTokens": {
3297
+ "deepVisibility": "secret",
2209
3298
  "type": "array",
2210
3299
  "items": {
2211
- "type": "string"
3300
+ "type": "object",
3301
+ "properties": {
3302
+ "token": {
3303
+ "type": "string"
3304
+ },
3305
+ "subject": {
3306
+ "type": "string"
3307
+ }
3308
+ },
3309
+ "required": [
3310
+ "subject",
3311
+ "token"
3312
+ ]
2212
3313
  }
3314
+ },
3315
+ "jwtHeaderName": {
3316
+ "type": "string"
3317
+ },
3318
+ "authorizationCookieName": {
3319
+ "type": "string"
3320
+ },
3321
+ "signIn": {
3322
+ "type": "object",
3323
+ "properties": {
3324
+ "resolvers": {
3325
+ "type": "array",
3326
+ "items": {
3327
+ "anyOf": [
3328
+ {
3329
+ "type": "object",
3330
+ "properties": {
3331
+ "resolver": {
3332
+ "type": "string",
3333
+ "const": "emailLocalPartMatchingUserEntityName"
3334
+ },
3335
+ "allowedDomains": {
3336
+ "type": "array",
3337
+ "items": {
3338
+ "type": "string"
3339
+ }
3340
+ }
3341
+ },
3342
+ "required": [
3343
+ "resolver"
3344
+ ]
3345
+ },
3346
+ {
3347
+ "type": "object",
3348
+ "properties": {
3349
+ "resolver": {
3350
+ "type": "string",
3351
+ "const": "emailMatchingUserEntityProfileEmail"
3352
+ }
3353
+ },
3354
+ "required": [
3355
+ "resolver"
3356
+ ]
3357
+ }
3358
+ ]
3359
+ }
3360
+ }
3361
+ },
3362
+ "required": [
3363
+ "resolvers"
3364
+ ]
2213
3365
  }
2214
- }
3366
+ },
3367
+ "required": [
3368
+ "teamName"
3369
+ ]
2215
3370
  },
2216
- {
2217
- "const": "all",
2218
- "type": "string"
3371
+ "backstageTokenExpiration": {
3372
+ "description": "The backstage token expiration."
2219
3373
  }
2220
- ]
3374
+ }
2221
3375
  }
2222
3376
  }
2223
3377
  }
@@ -2226,828 +3380,930 @@
2226
3380
  }
2227
3381
  },
2228
3382
  {
2229
- "path": "../backend-defaults/config.d.ts",
3383
+ "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
2230
3384
  "value": {
2231
3385
  "type": "object",
2232
3386
  "properties": {
2233
- "app": {
2234
- "type": "object",
2235
- "properties": {
2236
- "baseUrl": {
2237
- "type": "string"
2238
- }
2239
- },
2240
- "required": [
2241
- "baseUrl"
2242
- ]
2243
- },
2244
- "backend": {
3387
+ "auth": {
2245
3388
  "type": "object",
2246
3389
  "properties": {
2247
- "baseUrl": {
2248
- "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2249
- "type": "string"
2250
- },
2251
- "listen": {
2252
- "description": "Address that the backend should listen to.",
2253
- "anyOf": [
2254
- {
2255
- "type": "object",
2256
- "properties": {
2257
- "host": {
2258
- "description": "Address of the interface that the backend should bind to.",
2259
- "type": "string"
2260
- },
2261
- "port": {
2262
- "description": "Port that the backend should listen to.",
2263
- "type": [
2264
- "string",
2265
- "number"
2266
- ]
2267
- }
2268
- }
2269
- },
2270
- {
2271
- "type": "string"
2272
- }
2273
- ]
2274
- },
2275
- "https": {
2276
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2277
- "anyOf": [
2278
- {
2279
- "type": "object",
2280
- "properties": {
2281
- "certificate": {
2282
- "description": "Certificate configuration",
2283
- "type": "object",
2284
- "properties": {
2285
- "cert": {
2286
- "description": "PEM encoded certificate. Use $file to load in a file",
2287
- "type": "string"
2288
- },
2289
- "key": {
2290
- "description": "PEM encoded certificate key. Use $file to load in a file.",
2291
- "visibility": "secret",
2292
- "type": "string"
2293
- }
2294
- },
2295
- "required": [
2296
- "cert",
2297
- "key"
2298
- ]
2299
- }
2300
- }
2301
- },
2302
- {
2303
- "const": true,
2304
- "type": "boolean"
2305
- }
2306
- ]
2307
- },
2308
- "auth": {
2309
- "description": "Options used by the default auth, httpAuth and userInfo services.",
3390
+ "providers": {
2310
3391
  "type": "object",
2311
3392
  "properties": {
2312
- "dangerouslyDisableDefaultAuthPolicy": {
2313
- "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2314
- "type": "boolean"
2315
- },
2316
- "pluginKeyStore": {
2317
- "description": "Controls how to store keys for plugin-to-plugin auth",
2318
- "anyOf": [
2319
- {
2320
- "type": "object",
2321
- "properties": {
2322
- "type": {
2323
- "type": "string",
2324
- "const": "database"
2325
- }
3393
+ "github": {
3394
+ "visibility": "frontend",
3395
+ "type": "object",
3396
+ "additionalProperties": {
3397
+ "type": "object",
3398
+ "properties": {
3399
+ "clientId": {
3400
+ "type": "string"
2326
3401
  },
2327
- "required": [
2328
- "type"
2329
- ]
2330
- },
2331
- {
2332
- "type": "object",
2333
- "properties": {
2334
- "type": {
2335
- "type": "string",
2336
- "const": "static"
2337
- },
2338
- "static": {
2339
- "type": "object",
2340
- "properties": {
2341
- "keys": {
2342
- "description": "Must be declared at least once and the first one will be used for signing.",
2343
- "type": "array",
2344
- "items": {
2345
- "type": "object",
2346
- "properties": {
2347
- "publicKeyFile": {
2348
- "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2349
- "type": "string"
2350
- },
2351
- "privateKeyFile": {
2352
- "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2353
- "type": "string"
2354
- },
2355
- "keyId": {
2356
- "description": "ID to uniquely identify this key within the JWK set.",
2357
- "type": "string"
2358
- },
2359
- "algorithm": {
2360
- "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2361
- "type": "string"
2362
- }
2363
- },
2364
- "required": [
2365
- "keyId",
2366
- "publicKeyFile"
2367
- ]
2368
- }
3402
+ "clientSecret": {
3403
+ "visibility": "secret",
3404
+ "type": "string"
3405
+ },
3406
+ "callbackUrl": {
3407
+ "type": "string"
3408
+ },
3409
+ "enterpriseInstanceUrl": {
3410
+ "type": "string"
3411
+ },
3412
+ "additionalScopes": {
3413
+ "anyOf": [
3414
+ {
3415
+ "type": "array",
3416
+ "items": {
3417
+ "type": "string"
2369
3418
  }
2370
3419
  },
2371
- "required": [
2372
- "keys"
2373
- ]
2374
- }
3420
+ {
3421
+ "type": "string"
3422
+ }
3423
+ ]
2375
3424
  },
2376
- "required": [
2377
- "static",
2378
- "type"
2379
- ]
2380
- }
2381
- ]
2382
- },
2383
- "externalAccess": {
2384
- "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2385
- "type": "array",
2386
- "items": {
2387
- "anyOf": [
2388
- {
3425
+ "signIn": {
2389
3426
  "type": "object",
2390
3427
  "properties": {
2391
- "type": {
2392
- "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2393
- "type": "string",
2394
- "const": "legacy"
2395
- },
2396
- "options": {
2397
- "type": "object",
2398
- "properties": {
2399
- "secret": {
2400
- "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2401
- "visibility": "secret",
2402
- "type": "string"
2403
- },
2404
- "subject": {
2405
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2406
- "type": "string"
2407
- }
2408
- },
2409
- "required": [
2410
- "secret",
2411
- "subject"
2412
- ]
2413
- },
2414
- "accessRestrictions": {
2415
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3428
+ "resolvers": {
2416
3429
  "type": "array",
2417
3430
  "items": {
2418
- "type": "object",
2419
- "properties": {
2420
- "plugin": {
2421
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2422
- "type": "string"
3431
+ "anyOf": [
3432
+ {
3433
+ "type": "object",
3434
+ "properties": {
3435
+ "resolver": {
3436
+ "type": "string",
3437
+ "const": "usernameMatchingUserEntityName"
3438
+ }
3439
+ },
3440
+ "required": [
3441
+ "resolver"
3442
+ ]
2423
3443
  },
2424
- "permission": {
2425
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2426
- "anyOf": [
2427
- {
3444
+ {
3445
+ "type": "object",
3446
+ "properties": {
3447
+ "resolver": {
3448
+ "type": "string",
3449
+ "const": "emailLocalPartMatchingUserEntityName"
3450
+ },
3451
+ "allowedDomains": {
2428
3452
  "type": "array",
2429
3453
  "items": {
2430
3454
  "type": "string"
2431
3455
  }
2432
- },
2433
- {
2434
- "type": "string"
2435
3456
  }
3457
+ },
3458
+ "required": [
3459
+ "resolver"
2436
3460
  ]
2437
3461
  },
2438
- "permissionAttribute": {
2439
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3462
+ {
2440
3463
  "type": "object",
2441
3464
  "properties": {
2442
- "action": {
2443
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2444
- "anyOf": [
2445
- {
2446
- "type": "array",
2447
- "items": {
2448
- "type": "string"
2449
- }
2450
- },
2451
- {
2452
- "type": "string"
2453
- }
2454
- ]
3465
+ "resolver": {
3466
+ "type": "string",
3467
+ "const": "emailMatchingUserEntityProfileEmail"
2455
3468
  }
2456
- }
3469
+ },
3470
+ "required": [
3471
+ "resolver"
3472
+ ]
2457
3473
  }
2458
- },
2459
- "required": [
2460
- "plugin"
2461
3474
  ]
2462
3475
  }
2463
3476
  }
2464
3477
  },
2465
3478
  "required": [
2466
- "options",
2467
- "type"
3479
+ "resolvers"
3480
+ ]
3481
+ }
3482
+ },
3483
+ "required": [
3484
+ "clientId",
3485
+ "clientSecret"
3486
+ ]
3487
+ }
3488
+ }
3489
+ }
3490
+ }
3491
+ }
3492
+ }
3493
+ },
3494
+ "$schema": "http://json-schema.org/draft-07/schema#"
3495
+ }
3496
+ },
3497
+ {
3498
+ "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
3499
+ "value": {
3500
+ "type": "object",
3501
+ "properties": {
3502
+ "auth": {
3503
+ "type": "object",
3504
+ "properties": {
3505
+ "providers": {
3506
+ "type": "object",
3507
+ "properties": {
3508
+ "gitlab": {
3509
+ "visibility": "frontend",
3510
+ "type": "object",
3511
+ "additionalProperties": {
3512
+ "type": "object",
3513
+ "properties": {
3514
+ "clientId": {
3515
+ "type": "string"
3516
+ },
3517
+ "clientSecret": {
3518
+ "visibility": "secret",
3519
+ "type": "string"
3520
+ },
3521
+ "audience": {
3522
+ "type": "string"
3523
+ },
3524
+ "callbackUrl": {
3525
+ "type": "string"
3526
+ },
3527
+ "additionalScopes": {
3528
+ "anyOf": [
3529
+ {
3530
+ "type": "array",
3531
+ "items": {
3532
+ "type": "string"
3533
+ }
3534
+ },
3535
+ {
3536
+ "type": "string"
3537
+ }
2468
3538
  ]
2469
3539
  },
2470
- {
3540
+ "signIn": {
2471
3541
  "type": "object",
2472
3542
  "properties": {
2473
- "type": {
2474
- "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2475
- "type": "string",
2476
- "const": "static"
2477
- },
2478
- "options": {
2479
- "type": "object",
2480
- "properties": {
2481
- "token": {
2482
- "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2483
- "visibility": "secret",
2484
- "type": "string"
2485
- },
2486
- "subject": {
2487
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2488
- "type": "string"
2489
- }
2490
- },
2491
- "required": [
2492
- "subject",
2493
- "token"
2494
- ]
2495
- },
2496
- "accessRestrictions": {
2497
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3543
+ "resolvers": {
2498
3544
  "type": "array",
2499
3545
  "items": {
2500
- "type": "object",
2501
- "properties": {
2502
- "plugin": {
2503
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2504
- "type": "string"
3546
+ "anyOf": [
3547
+ {
3548
+ "type": "object",
3549
+ "properties": {
3550
+ "resolver": {
3551
+ "type": "string",
3552
+ "const": "usernameMatchingUserEntityName"
3553
+ }
3554
+ },
3555
+ "required": [
3556
+ "resolver"
3557
+ ]
2505
3558
  },
2506
- "permission": {
2507
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2508
- "anyOf": [
2509
- {
3559
+ {
3560
+ "type": "object",
3561
+ "properties": {
3562
+ "resolver": {
3563
+ "type": "string",
3564
+ "const": "emailLocalPartMatchingUserEntityName"
3565
+ },
3566
+ "allowedDomains": {
2510
3567
  "type": "array",
2511
3568
  "items": {
2512
3569
  "type": "string"
2513
3570
  }
2514
- },
2515
- {
2516
- "type": "string"
2517
3571
  }
3572
+ },
3573
+ "required": [
3574
+ "resolver"
2518
3575
  ]
2519
3576
  },
2520
- "permissionAttribute": {
2521
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3577
+ {
2522
3578
  "type": "object",
2523
3579
  "properties": {
2524
- "action": {
2525
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2526
- "anyOf": [
2527
- {
2528
- "type": "array",
2529
- "items": {
2530
- "type": "string"
2531
- }
2532
- },
2533
- {
2534
- "type": "string"
2535
- }
2536
- ]
3580
+ "resolver": {
3581
+ "type": "string",
3582
+ "const": "emailMatchingUserEntityProfileEmail"
3583
+ }
3584
+ },
3585
+ "required": [
3586
+ "resolver"
3587
+ ]
3588
+ }
3589
+ ]
3590
+ }
3591
+ }
3592
+ },
3593
+ "required": [
3594
+ "resolvers"
3595
+ ]
3596
+ }
3597
+ },
3598
+ "required": [
3599
+ "clientId",
3600
+ "clientSecret"
3601
+ ]
3602
+ }
3603
+ }
3604
+ }
3605
+ }
3606
+ }
3607
+ }
3608
+ },
3609
+ "$schema": "http://json-schema.org/draft-07/schema#"
3610
+ }
3611
+ },
3612
+ {
3613
+ "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
3614
+ "value": {
3615
+ "type": "object",
3616
+ "properties": {
3617
+ "auth": {
3618
+ "description": "Configuration options for the auth plugin",
3619
+ "type": "object",
3620
+ "properties": {
3621
+ "providers": {
3622
+ "type": "object",
3623
+ "properties": {
3624
+ "google": {
3625
+ "type": "object",
3626
+ "additionalProperties": {
3627
+ "type": "object",
3628
+ "properties": {
3629
+ "clientId": {
3630
+ "type": "string"
3631
+ },
3632
+ "clientSecret": {
3633
+ "visibility": "secret",
3634
+ "type": "string"
3635
+ },
3636
+ "callbackUrl": {
3637
+ "type": "string"
3638
+ },
3639
+ "additionalScopes": {
3640
+ "anyOf": [
3641
+ {
3642
+ "type": "array",
3643
+ "items": {
3644
+ "type": "string"
3645
+ }
3646
+ },
3647
+ {
3648
+ "type": "string"
3649
+ }
3650
+ ]
3651
+ },
3652
+ "signIn": {
3653
+ "type": "object",
3654
+ "properties": {
3655
+ "resolvers": {
3656
+ "type": "array",
3657
+ "items": {
3658
+ "anyOf": [
3659
+ {
3660
+ "type": "object",
3661
+ "properties": {
3662
+ "resolver": {
3663
+ "type": "string",
3664
+ "const": "emailMatchingUserEntityAnnotation"
3665
+ }
3666
+ },
3667
+ "required": [
3668
+ "resolver"
3669
+ ]
3670
+ },
3671
+ {
3672
+ "type": "object",
3673
+ "properties": {
3674
+ "resolver": {
3675
+ "type": "string",
3676
+ "const": "emailLocalPartMatchingUserEntityName"
3677
+ },
3678
+ "allowedDomains": {
3679
+ "type": "array",
3680
+ "items": {
3681
+ "type": "string"
3682
+ }
2537
3683
  }
2538
- }
3684
+ },
3685
+ "required": [
3686
+ "resolver"
3687
+ ]
3688
+ },
3689
+ {
3690
+ "type": "object",
3691
+ "properties": {
3692
+ "resolver": {
3693
+ "type": "string",
3694
+ "const": "emailMatchingUserEntityProfileEmail"
3695
+ }
3696
+ },
3697
+ "required": [
3698
+ "resolver"
3699
+ ]
2539
3700
  }
2540
- },
2541
- "required": [
2542
- "plugin"
2543
3701
  ]
2544
3702
  }
2545
3703
  }
2546
3704
  },
2547
3705
  "required": [
2548
- "options",
2549
- "type"
3706
+ "resolvers"
2550
3707
  ]
3708
+ }
3709
+ },
3710
+ "required": [
3711
+ "clientId",
3712
+ "clientSecret"
3713
+ ]
3714
+ }
3715
+ }
3716
+ }
3717
+ }
3718
+ }
3719
+ }
3720
+ },
3721
+ "$schema": "http://json-schema.org/draft-07/schema#"
3722
+ }
3723
+ },
3724
+ {
3725
+ "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
3726
+ "value": {
3727
+ "type": "object",
3728
+ "properties": {
3729
+ "auth": {
3730
+ "type": "object",
3731
+ "properties": {
3732
+ "providers": {
3733
+ "type": "object",
3734
+ "properties": {
3735
+ "microsoft": {
3736
+ "visibility": "frontend",
3737
+ "type": "object",
3738
+ "additionalProperties": {
3739
+ "type": "object",
3740
+ "properties": {
3741
+ "clientId": {
3742
+ "type": "string"
2551
3743
  },
2552
- {
3744
+ "tenantId": {
3745
+ "type": "string"
3746
+ },
3747
+ "clientSecret": {
3748
+ "visibility": "secret",
3749
+ "type": "string"
3750
+ },
3751
+ "domainHint": {
3752
+ "type": "string"
3753
+ },
3754
+ "callbackUrl": {
3755
+ "type": "string"
3756
+ },
3757
+ "additionalScopes": {
3758
+ "anyOf": [
3759
+ {
3760
+ "type": "array",
3761
+ "items": {
3762
+ "type": "string"
3763
+ }
3764
+ },
3765
+ {
3766
+ "type": "string"
3767
+ }
3768
+ ]
3769
+ },
3770
+ "skipUserProfile": {
3771
+ "type": "boolean"
3772
+ },
3773
+ "signIn": {
2553
3774
  "type": "object",
2554
3775
  "properties": {
2555
- "type": {
2556
- "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2557
- "type": "string",
2558
- "const": "jwks"
2559
- },
2560
- "options": {
2561
- "type": "object",
2562
- "properties": {
2563
- "url": {
2564
- "description": "The full URL of the JWKS endpoint.",
2565
- "type": "string"
2566
- },
2567
- "algorithm": {
2568
- "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2569
- "anyOf": [
2570
- {
2571
- "type": "array",
2572
- "items": {
2573
- "type": "string"
2574
- }
2575
- },
2576
- {
2577
- "type": "string"
2578
- }
2579
- ]
2580
- },
2581
- "issuer": {
2582
- "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2583
- "anyOf": [
2584
- {
2585
- "type": "array",
2586
- "items": {
2587
- "type": "string"
2588
- }
2589
- },
2590
- {
2591
- "type": "string"
2592
- }
2593
- ]
2594
- },
2595
- "audience": {
2596
- "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2597
- "anyOf": [
2598
- {
2599
- "type": "array",
2600
- "items": {
2601
- "type": "string"
2602
- }
2603
- },
2604
- {
2605
- "type": "string"
2606
- }
2607
- ]
2608
- },
2609
- "subjectPrefix": {
2610
- "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2611
- "type": "string"
2612
- }
2613
- },
2614
- "required": [
2615
- "url"
2616
- ]
2617
- },
2618
- "accessRestrictions": {
2619
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3776
+ "resolvers": {
2620
3777
  "type": "array",
2621
3778
  "items": {
2622
- "type": "object",
2623
- "properties": {
2624
- "plugin": {
2625
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2626
- "type": "string"
3779
+ "anyOf": [
3780
+ {
3781
+ "type": "object",
3782
+ "properties": {
3783
+ "resolver": {
3784
+ "type": "string",
3785
+ "const": "emailMatchingUserEntityAnnotation"
3786
+ }
3787
+ },
3788
+ "required": [
3789
+ "resolver"
3790
+ ]
2627
3791
  },
2628
- "permission": {
2629
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2630
- "anyOf": [
2631
- {
3792
+ {
3793
+ "type": "object",
3794
+ "properties": {
3795
+ "resolver": {
3796
+ "type": "string",
3797
+ "const": "emailLocalPartMatchingUserEntityName"
3798
+ },
3799
+ "allowedDomains": {
2632
3800
  "type": "array",
2633
3801
  "items": {
2634
3802
  "type": "string"
2635
3803
  }
2636
- },
2637
- {
2638
- "type": "string"
2639
3804
  }
3805
+ },
3806
+ "required": [
3807
+ "resolver"
2640
3808
  ]
2641
3809
  },
2642
- "permissionAttribute": {
2643
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3810
+ {
2644
3811
  "type": "object",
2645
3812
  "properties": {
2646
- "action": {
2647
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2648
- "anyOf": [
2649
- {
2650
- "type": "array",
2651
- "items": {
2652
- "type": "string"
2653
- }
2654
- },
2655
- {
2656
- "type": "string"
2657
- }
2658
- ]
3813
+ "resolver": {
3814
+ "type": "string",
3815
+ "const": "emailMatchingUserEntityProfileEmail"
2659
3816
  }
2660
- }
3817
+ },
3818
+ "required": [
3819
+ "resolver"
3820
+ ]
2661
3821
  }
2662
- },
2663
- "required": [
2664
- "plugin"
2665
3822
  ]
2666
3823
  }
2667
3824
  }
2668
3825
  },
2669
3826
  "required": [
2670
- "options",
2671
- "type"
3827
+ "resolvers"
2672
3828
  ]
2673
3829
  }
3830
+ },
3831
+ "required": [
3832
+ "clientId",
3833
+ "clientSecret",
3834
+ "tenantId"
2674
3835
  ]
2675
3836
  }
2676
3837
  }
2677
3838
  }
2678
- },
2679
- "database": {
2680
- "description": "Database connection configuration, select base database type using the `client` field",
2681
- "type": "object",
2682
- "properties": {
2683
- "client": {
2684
- "description": "Default database client to use",
2685
- "enum": [
2686
- "better-sqlite3",
2687
- "pg",
2688
- "sqlite3"
2689
- ],
2690
- "type": "string"
2691
- },
2692
- "connection": {
2693
- "description": "Base database connection string, or object with individual connection properties",
2694
- "visibility": "secret",
2695
- "anyOf": [
2696
- {
2697
- "type": "object",
2698
- "additionalProperties": {},
2699
- "properties": {
2700
- "password": {
2701
- "description": "Password that belongs to the client User",
2702
- "visibility": "secret",
2703
- "type": "string"
2704
- }
2705
- }
2706
- },
2707
- {
2708
- "type": "string"
2709
- }
2710
- ]
2711
- },
2712
- "prefix": {
2713
- "description": "Database name prefix override",
2714
- "type": "string"
2715
- },
2716
- "ensureExists": {
2717
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2718
- "type": "boolean"
2719
- },
2720
- "ensureSchemaExists": {
2721
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2722
- "type": "boolean"
2723
- },
2724
- "pluginDivisionMode": {
2725
- "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2726
- "default": "database",
2727
- "enum": [
2728
- "database",
2729
- "schema"
2730
- ],
2731
- "type": "string"
2732
- },
2733
- "role": {
2734
- "description": "Configures the ownership of newly created schemas in pg databases.",
2735
- "type": "string"
2736
- },
2737
- "knexConfig": {
2738
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2739
- "type": "object",
2740
- "properties": {},
2741
- "additionalProperties": true
2742
- },
2743
- "skipMigrations": {
2744
- "description": "Skip running database migrations.",
2745
- "type": "boolean"
2746
- },
2747
- "plugin": {
2748
- "description": "Plugin specific database configuration and client override",
3839
+ }
3840
+ }
3841
+ }
3842
+ },
3843
+ "$schema": "http://json-schema.org/draft-07/schema#"
3844
+ }
3845
+ },
3846
+ {
3847
+ "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
3848
+ "value": {
3849
+ "type": "object",
3850
+ "properties": {
3851
+ "auth": {
3852
+ "type": "object",
3853
+ "properties": {
3854
+ "providers": {
3855
+ "type": "object",
3856
+ "properties": {
3857
+ "oauth2": {
3858
+ "visibility": "frontend",
2749
3859
  "type": "object",
2750
3860
  "additionalProperties": {
2751
3861
  "type": "object",
2752
3862
  "properties": {
2753
- "client": {
2754
- "description": "Database client override",
2755
- "enum": [
2756
- "better-sqlite3",
2757
- "pg",
2758
- "sqlite3"
2759
- ],
3863
+ "clientId": {
2760
3864
  "type": "string"
2761
3865
  },
2762
- "connection": {
2763
- "description": "Database connection string or Knex object override",
3866
+ "clientSecret": {
2764
3867
  "visibility": "secret",
3868
+ "type": "string"
3869
+ },
3870
+ "authorizationUrl": {
3871
+ "type": "string"
3872
+ },
3873
+ "tokenUrl": {
3874
+ "type": "string"
3875
+ },
3876
+ "scope": {
3877
+ "deprecated": "use `additionalScopes` instead",
3878
+ "type": "string"
3879
+ },
3880
+ "additionalScopes": {
2765
3881
  "anyOf": [
2766
3882
  {
2767
- "type": "object",
2768
- "properties": {},
2769
- "additionalProperties": true
3883
+ "type": "array",
3884
+ "items": {
3885
+ "type": "string"
3886
+ }
2770
3887
  },
2771
3888
  {
2772
3889
  "type": "string"
2773
3890
  }
2774
3891
  ]
2775
3892
  },
2776
- "ensureExists": {
2777
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
3893
+ "disableRefresh": {
2778
3894
  "type": "boolean"
2779
3895
  },
2780
- "ensureSchemaExists": {
2781
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
3896
+ "includeBasicAuth": {
2782
3897
  "type": "boolean"
2783
3898
  },
2784
- "knexConfig": {
2785
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
3899
+ "signIn": {
2786
3900
  "type": "object",
2787
- "properties": {},
2788
- "additionalProperties": true
2789
- },
2790
- "role": {
2791
- "description": "Configures the ownership of newly created schemas in pg databases.",
2792
- "type": "string"
2793
- },
2794
- "skipMigrations": {
2795
- "description": "Skip running database migrations.",
2796
- "type": "boolean"
3901
+ "properties": {
3902
+ "resolvers": {
3903
+ "type": "array",
3904
+ "items": {
3905
+ "anyOf": [
3906
+ {
3907
+ "type": "object",
3908
+ "properties": {
3909
+ "resolver": {
3910
+ "type": "string",
3911
+ "const": "usernameMatchingUserEntityName"
3912
+ }
3913
+ },
3914
+ "required": [
3915
+ "resolver"
3916
+ ]
3917
+ },
3918
+ {
3919
+ "type": "object",
3920
+ "properties": {
3921
+ "resolver": {
3922
+ "type": "string",
3923
+ "const": "emailLocalPartMatchingUserEntityName"
3924
+ },
3925
+ "allowedDomains": {
3926
+ "type": "array",
3927
+ "items": {
3928
+ "type": "string"
3929
+ }
3930
+ }
3931
+ },
3932
+ "required": [
3933
+ "resolver"
3934
+ ]
3935
+ },
3936
+ {
3937
+ "type": "object",
3938
+ "properties": {
3939
+ "resolver": {
3940
+ "type": "string",
3941
+ "const": "emailMatchingUserEntityProfileEmail"
3942
+ }
3943
+ },
3944
+ "required": [
3945
+ "resolver"
3946
+ ]
3947
+ }
3948
+ ]
3949
+ }
3950
+ }
3951
+ },
3952
+ "required": [
3953
+ "resolvers"
3954
+ ]
2797
3955
  }
2798
- }
2799
- }
2800
- }
2801
- },
2802
- "required": [
2803
- "client",
2804
- "connection"
2805
- ]
2806
- },
2807
- "cache": {
2808
- "description": "Cache connection configuration, select cache type using the `store` field",
2809
- "anyOf": [
2810
- {
2811
- "type": "object",
2812
- "properties": {
2813
- "store": {
2814
- "type": "string",
2815
- "const": "memory"
2816
- },
2817
- "defaultTtl": {
2818
- "description": "An optional default TTL (in milliseconds)."
2819
- }
2820
- },
2821
- "required": [
2822
- "store"
2823
- ]
2824
- },
2825
- {
2826
- "type": "object",
2827
- "properties": {
2828
- "store": {
2829
- "type": "string",
2830
- "const": "redis"
2831
- },
2832
- "connection": {
2833
- "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2834
- "visibility": "secret",
2835
- "type": "string"
2836
- },
2837
- "defaultTtl": {
2838
- "description": "An optional default TTL (in milliseconds)."
2839
3956
  },
2840
- "useRedisSets": {
2841
- "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2842
- "type": "boolean"
2843
- }
2844
- },
2845
- "required": [
2846
- "connection",
2847
- "store"
2848
- ]
2849
- },
2850
- {
2851
- "type": "object",
2852
- "properties": {
2853
- "store": {
2854
- "type": "string",
2855
- "const": "memcache"
2856
- },
2857
- "connection": {
2858
- "description": "A memcache connection string in the form `user:pass@host:port`.",
2859
- "visibility": "secret",
2860
- "type": "string"
2861
- },
2862
- "defaultTtl": {
2863
- "description": "An optional default TTL (in milliseconds)."
2864
- }
2865
- },
2866
- "required": [
2867
- "connection",
2868
- "store"
2869
- ]
3957
+ "required": [
3958
+ "authorizationUrl",
3959
+ "clientId",
3960
+ "clientSecret",
3961
+ "tokenUrl"
3962
+ ]
3963
+ }
2870
3964
  }
2871
- ]
2872
- },
2873
- "cors": {
3965
+ }
3966
+ }
3967
+ }
3968
+ }
3969
+ },
3970
+ "$schema": "http://json-schema.org/draft-07/schema#"
3971
+ }
3972
+ },
3973
+ {
3974
+ "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
3975
+ "value": {
3976
+ "type": "object",
3977
+ "properties": {
3978
+ "auth": {
3979
+ "type": "object",
3980
+ "properties": {
3981
+ "providers": {
2874
3982
  "type": "object",
2875
3983
  "properties": {
2876
- "origin": {
2877
- "anyOf": [
2878
- {
2879
- "type": "array",
2880
- "items": {
3984
+ "oidc": {
3985
+ "visibility": "frontend",
3986
+ "type": "object",
3987
+ "additionalProperties": {
3988
+ "type": "object",
3989
+ "properties": {
3990
+ "clientId": {
2881
3991
  "type": "string"
2882
- }
2883
- },
2884
- {
2885
- "type": "string"
2886
- }
2887
- ]
2888
- },
2889
- "methods": {
2890
- "anyOf": [
2891
- {
2892
- "type": "array",
2893
- "items": {
3992
+ },
3993
+ "clientSecret": {
3994
+ "visibility": "secret",
2894
3995
  "type": "string"
2895
- }
2896
- },
2897
- {
2898
- "type": "string"
2899
- }
2900
- ]
2901
- },
2902
- "allowedHeaders": {
2903
- "anyOf": [
2904
- {
2905
- "type": "array",
2906
- "items": {
3996
+ },
3997
+ "metadataUrl": {
2907
3998
  "type": "string"
2908
- }
2909
- },
2910
- {
2911
- "type": "string"
2912
- }
2913
- ]
2914
- },
2915
- "exposedHeaders": {
2916
- "anyOf": [
2917
- {
2918
- "type": "array",
2919
- "items": {
3999
+ },
4000
+ "callbackUrl": {
4001
+ "type": "string"
4002
+ },
4003
+ "tokenEndpointAuthMethod": {
4004
+ "type": "string"
4005
+ },
4006
+ "tokenSignedResponseAlg": {
4007
+ "type": "string"
4008
+ },
4009
+ "additionalScopes": {
4010
+ "anyOf": [
4011
+ {
4012
+ "type": "array",
4013
+ "items": {
4014
+ "type": "string"
4015
+ }
4016
+ },
4017
+ {
4018
+ "type": "string"
4019
+ }
4020
+ ]
4021
+ },
4022
+ "prompt": {
2920
4023
  "type": "string"
4024
+ },
4025
+ "signIn": {
4026
+ "type": "object",
4027
+ "properties": {
4028
+ "resolvers": {
4029
+ "type": "array",
4030
+ "items": {
4031
+ "anyOf": [
4032
+ {
4033
+ "type": "object",
4034
+ "properties": {
4035
+ "resolver": {
4036
+ "type": "string",
4037
+ "const": "emailLocalPartMatchingUserEntityName"
4038
+ },
4039
+ "allowedDomains": {
4040
+ "type": "array",
4041
+ "items": {
4042
+ "type": "string"
4043
+ }
4044
+ }
4045
+ },
4046
+ "required": [
4047
+ "resolver"
4048
+ ]
4049
+ },
4050
+ {
4051
+ "type": "object",
4052
+ "properties": {
4053
+ "resolver": {
4054
+ "type": "string",
4055
+ "const": "emailMatchingUserEntityProfileEmail"
4056
+ }
4057
+ },
4058
+ "required": [
4059
+ "resolver"
4060
+ ]
4061
+ }
4062
+ ]
4063
+ }
4064
+ }
4065
+ },
4066
+ "required": [
4067
+ "resolvers"
4068
+ ]
2921
4069
  }
2922
4070
  },
2923
- {
2924
- "type": "string"
2925
- }
2926
- ]
2927
- },
2928
- "credentials": {
2929
- "type": "boolean"
2930
- },
2931
- "maxAge": {
2932
- "type": "number"
2933
- },
2934
- "preflightContinue": {
2935
- "type": "boolean"
2936
- },
2937
- "optionsSuccessStatus": {
2938
- "type": "number"
2939
- }
2940
- }
2941
- },
2942
- "csp": {
2943
- "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2944
- "type": "object",
2945
- "additionalProperties": {
2946
- "anyOf": [
2947
- {
2948
- "type": "array",
2949
- "items": {
2950
- "type": "string"
2951
- }
2952
- },
2953
- {
2954
- "const": false,
2955
- "type": "boolean"
4071
+ "required": [
4072
+ "clientId",
4073
+ "clientSecret",
4074
+ "metadataUrl"
4075
+ ]
2956
4076
  }
2957
- ]
4077
+ }
2958
4078
  }
2959
- },
2960
- "reading": {
2961
- "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
4079
+ }
4080
+ }
4081
+ }
4082
+ },
4083
+ "$schema": "http://json-schema.org/draft-07/schema#"
4084
+ }
4085
+ },
4086
+ {
4087
+ "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
4088
+ "value": {
4089
+ "type": "object",
4090
+ "properties": {
4091
+ "auth": {
4092
+ "type": "object",
4093
+ "properties": {
4094
+ "providers": {
2962
4095
  "type": "object",
2963
4096
  "properties": {
2964
- "allow": {
2965
- "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2966
- "type": "array",
2967
- "items": {
4097
+ "okta": {
4098
+ "visibility": "frontend",
4099
+ "type": "object",
4100
+ "additionalProperties": {
2968
4101
  "type": "object",
2969
4102
  "properties": {
2970
- "host": {
2971
- "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
4103
+ "clientId": {
2972
4104
  "type": "string"
2973
4105
  },
2974
- "paths": {
2975
- "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2976
- "type": "array",
2977
- "items": {
2978
- "type": "string"
2979
- }
4106
+ "clientSecret": {
4107
+ "visibility": "secret",
4108
+ "type": "string"
4109
+ },
4110
+ "audience": {
4111
+ "type": "string"
4112
+ },
4113
+ "authServerId": {
4114
+ "type": "string"
4115
+ },
4116
+ "idp": {
4117
+ "type": "string"
4118
+ },
4119
+ "callbackUrl": {
4120
+ "type": "string"
4121
+ },
4122
+ "additionalScopes": {
4123
+ "anyOf": [
4124
+ {
4125
+ "type": "array",
4126
+ "items": {
4127
+ "type": "string"
4128
+ }
4129
+ },
4130
+ {
4131
+ "type": "string"
4132
+ }
4133
+ ]
4134
+ },
4135
+ "signIn": {
4136
+ "type": "object",
4137
+ "properties": {
4138
+ "resolvers": {
4139
+ "type": "array",
4140
+ "items": {
4141
+ "anyOf": [
4142
+ {
4143
+ "type": "object",
4144
+ "properties": {
4145
+ "resolver": {
4146
+ "type": "string",
4147
+ "const": "emailMatchingUserEntityAnnotation"
4148
+ }
4149
+ },
4150
+ "required": [
4151
+ "resolver"
4152
+ ]
4153
+ },
4154
+ {
4155
+ "type": "object",
4156
+ "properties": {
4157
+ "resolver": {
4158
+ "type": "string",
4159
+ "const": "emailLocalPartMatchingUserEntityName"
4160
+ },
4161
+ "allowedDomains": {
4162
+ "type": "array",
4163
+ "items": {
4164
+ "type": "string"
4165
+ }
4166
+ }
4167
+ },
4168
+ "required": [
4169
+ "resolver"
4170
+ ]
4171
+ },
4172
+ {
4173
+ "type": "object",
4174
+ "properties": {
4175
+ "resolver": {
4176
+ "type": "string",
4177
+ "const": "emailMatchingUserEntityProfileEmail"
4178
+ }
4179
+ },
4180
+ "required": [
4181
+ "resolver"
4182
+ ]
4183
+ }
4184
+ ]
4185
+ }
4186
+ }
4187
+ },
4188
+ "required": [
4189
+ "resolvers"
4190
+ ]
2980
4191
  }
2981
4192
  },
2982
4193
  "required": [
2983
- "host"
4194
+ "clientId",
4195
+ "clientSecret"
2984
4196
  ]
2985
4197
  }
2986
4198
  }
2987
4199
  }
2988
4200
  }
2989
- },
2990
- "required": [
2991
- "baseUrl",
2992
- "database"
2993
- ]
2994
- },
2995
- "discovery": {
2996
- "description": "Options used by the default discovery service.",
4201
+ }
4202
+ }
4203
+ },
4204
+ "$schema": "http://json-schema.org/draft-07/schema#"
4205
+ }
4206
+ },
4207
+ {
4208
+ "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
4209
+ "value": {
4210
+ "type": "object",
4211
+ "properties": {
4212
+ "auth": {
2997
4213
  "type": "object",
2998
4214
  "properties": {
2999
- "endpoints": {
3000
- "description": "A list of target baseUrls and the associated plugins.",
3001
- "type": "array",
3002
- "items": {
3003
- "type": "object",
3004
- "properties": {
3005
- "target": {
3006
- "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
3007
- "anyOf": [
3008
- {
4215
+ "providers": {
4216
+ "type": "object",
4217
+ "properties": {
4218
+ "onelogin": {
4219
+ "visibility": "frontend",
4220
+ "type": "object",
4221
+ "additionalProperties": {
4222
+ "type": "object",
4223
+ "properties": {
4224
+ "clientId": {
4225
+ "type": "string"
4226
+ },
4227
+ "clientSecret": {
4228
+ "visibility": "secret",
4229
+ "type": "string"
4230
+ },
4231
+ "issuer": {
4232
+ "type": "string"
4233
+ },
4234
+ "callbackUrl": {
4235
+ "type": "string"
4236
+ },
4237
+ "signIn": {
3009
4238
  "type": "object",
3010
4239
  "properties": {
3011
- "internal": {
3012
- "type": "string"
3013
- },
3014
- "external": {
3015
- "type": "string"
4240
+ "resolvers": {
4241
+ "type": "array",
4242
+ "items": {
4243
+ "anyOf": [
4244
+ {
4245
+ "type": "object",
4246
+ "properties": {
4247
+ "resolver": {
4248
+ "type": "string",
4249
+ "const": "usernameMatchingUserEntityName"
4250
+ }
4251
+ },
4252
+ "required": [
4253
+ "resolver"
4254
+ ]
4255
+ },
4256
+ {
4257
+ "type": "object",
4258
+ "properties": {
4259
+ "resolver": {
4260
+ "type": "string",
4261
+ "const": "emailLocalPartMatchingUserEntityName"
4262
+ },
4263
+ "allowedDomains": {
4264
+ "type": "array",
4265
+ "items": {
4266
+ "type": "string"
4267
+ }
4268
+ }
4269
+ },
4270
+ "required": [
4271
+ "resolver"
4272
+ ]
4273
+ },
4274
+ {
4275
+ "type": "object",
4276
+ "properties": {
4277
+ "resolver": {
4278
+ "type": "string",
4279
+ "const": "emailMatchingUserEntityProfileEmail"
4280
+ }
4281
+ },
4282
+ "required": [
4283
+ "resolver"
4284
+ ]
4285
+ }
4286
+ ]
4287
+ }
3016
4288
  }
3017
4289
  },
3018
4290
  "required": [
3019
- "external",
3020
- "internal"
4291
+ "resolvers"
3021
4292
  ]
3022
- },
3023
- {
3024
- "type": "string"
3025
4293
  }
4294
+ },
4295
+ "required": [
4296
+ "clientId",
4297
+ "clientSecret",
4298
+ "issuer"
3026
4299
  ]
3027
- },
3028
- "plugins": {
3029
- "description": "Array of plugins which use the target base URL.",
3030
- "type": "array",
3031
- "items": {
3032
- "type": "string"
3033
- }
3034
4300
  }
3035
- },
3036
- "required": [
3037
- "plugins",
3038
- "target"
3039
- ]
4301
+ }
3040
4302
  }
3041
4303
  }
3042
- },
3043
- "required": [
3044
- "endpoints"
3045
- ]
4304
+ }
3046
4305
  }
3047
4306
  },
3048
- "required": [
3049
- "app"
3050
- ],
3051
4307
  "$schema": "http://json-schema.org/draft-07/schema#"
3052
4308
  }
3053
4309
  }