@techdocs/cli 1.8.20-next.2 → 1.8.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/dist/embedded-app/.config-schema.json +2466 -1187
  3. package/dist/embedded-app/index.html +1 -1
  4. package/dist/embedded-app/index.html.tmpl +1 -1
  5. package/dist/embedded-app/static/{main.4da17177.js → main.9768e58f.js} +1 -1
  6. package/dist/embedded-app/static/main.9768e58f.js.map +1 -0
  7. package/dist/embedded-app/static/{runtime.4da17177.js → runtime.9768e58f.js} +1 -1
  8. package/dist/embedded-app/static/{runtime.4da17177.js.map → runtime.9768e58f.js.map} +1 -1
  9. package/dist/embedded-app/static/{vendor.4da17177.js → vendor.9768e58f.js} +2 -2
  10. package/dist/embedded-app/static/{vendor.4da17177.js.map → vendor.9768e58f.js.map} +1 -1
  11. package/dist/package.json.cjs.js +1 -1
  12. package/package.json +7 -7
  13. package/dist/embedded-app/static/main.4da17177.js.map +0 -1
package/dist/embedded-app/.config-schema.json CHANGED
@@ -1524,43 +1524,255 @@
1524
1524
  }
1525
1525
  },
1526
1526
  {
1527
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/core-components/config.d.ts",
1527
+ "path": "../../plugins/auth-backend/config.d.ts",
1528
1528
  "value": {
1529
1529
  "type": "object",
1530
1530
  "properties": {
1531
1531
  "auth": {
1532
+ "description": "Configuration options for the auth plugin",
1532
1533
  "type": "object",
1533
1534
  "properties": {
1534
- "autologout": {
1535
- "description": "Autologout feature configuration",
1535
+ "environment": {
1536
+ "description": "The 'environment' attribute",
1537
+ "visibility": "frontend",
1538
+ "type": "string"
1539
+ },
1540
+ "session": {
1536
1541
  "type": "object",
1537
1542
  "properties": {
1538
- "enabled": {
1539
- "description": "Enable or disable the autologout feature",
1540
- "visibility": "frontend",
1541
- "type": "boolean"
1543
+ "secret": {
1544
+ "description": "The secret attribute of session object.",
1545
+ "visibility": "secret",
1546
+ "type": "string"
1547
+ }
1548
+ }
1549
+ },
1550
+ "identityTokenAlgorithm": {
1551
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match one of the algorithms defined for IdentityClient.\nWhen setting a different algorithm, check if the `key` field\nof the `signing_keys` table can fit the length of the generated keys.\nIf not, add a knex migration file in the migrations folder.\nMore info on supported algorithms: https://github.com/panva/jose",
1552
+ "type": "string"
1553
+ },
1554
+ "keyStore": {
1555
+ "description": "To control how to store JWK data in auth-backend",
1556
+ "type": "object",
1557
+ "properties": {
1558
+ "provider": {
1559
+ "enum": [
1560
+ "database",
1561
+ "firestore",
1562
+ "memory",
1563
+ "static"
1564
+ ],
1565
+ "type": "string"
1542
1566
  },
1543
- "idleTimeoutMinutes": {
1544
- "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
1545
- "visibility": "frontend",
1546
- "type": "number"
1567
+ "firestore": {
1568
+ "type": "object",
1569
+ "properties": {
1570
+ "host": {
1571
+ "description": "The host to connect to",
1572
+ "type": "string"
1573
+ },
1574
+ "port": {
1575
+ "description": "The port to connect to",
1576
+ "type": "number"
1577
+ },
1578
+ "ssl": {
1579
+ "description": "Whether to use SSL when connecting.",
1580
+ "type": "boolean"
1581
+ },
1582
+ "projectId": {
1583
+ "description": "The Google Cloud Project ID",
1584
+ "type": "string"
1585
+ },
1586
+ "keyFilename": {
1587
+ "description": "Local file containing the Service Account credentials.\nYou can omit this value to automatically read from\nGOOGLE_APPLICATION_CREDENTIALS env which is useful for local\ndevelopment.",
1588
+ "type": "string"
1589
+ },
1590
+ "path": {
1591
+ "description": "The path to use for the collection. Defaults to 'sessions'",
1592
+ "type": "string"
1593
+ },
1594
+ "timeout": {
1595
+ "description": "Timeout used for database operations. Defaults to 10000ms",
1596
+ "type": "number"
1597
+ }
1598
+ }
1547
1599
  },
1548
- "promptBeforeIdleSeconds": {
1549
- "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
1600
+ "static": {
1601
+ "type": "object",
1602
+ "properties": {
1603
+ "keys": {
1604
+ "description": "Must be declared at least once and the first one will be used for signing",
1605
+ "type": "array",
1606
+ "items": {
1607
+ "type": "object",
1608
+ "properties": {
1609
+ "publicKeyFile": {
1610
+ "description": "Path to the public key file in the SPKI format",
1611
+ "type": "string"
1612
+ },
1613
+ "privateKeyFile": {
1614
+ "description": "Path to the matching private key file in the PKCS#8 format",
1615
+ "type": "string"
1616
+ },
1617
+ "keyId": {
1618
+ "description": "id to uniquely identify this key within the JWK set",
1619
+ "type": "string"
1620
+ },
1621
+ "algorithm": {
1622
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
1623
+ "type": "string"
1624
+ }
1625
+ },
1626
+ "required": [
1627
+ "keyId",
1628
+ "privateKeyFile",
1629
+ "publicKeyFile"
1630
+ ]
1631
+ }
1632
+ }
1633
+ },
1634
+ "required": [
1635
+ "keys"
1636
+ ]
1637
+ }
1638
+ }
1639
+ },
1640
+ "providers": {
1641
+ "description": "The available auth-provider options and attributes",
1642
+ "additionalProperties": true,
1643
+ "type": "object",
1644
+ "properties": {
1645
+ "saml": {
1550
1646
  "visibility": "frontend",
1551
- "type": "number"
1647
+ "type": "object",
1648
+ "properties": {
1649
+ "entryPoint": {
1650
+ "type": "string"
1651
+ },
1652
+ "logoutUrl": {
1653
+ "type": "string"
1654
+ },
1655
+ "issuer": {
1656
+ "type": "string"
1657
+ },
1658
+ "cert": {
1659
+ "visibility": "secret",
1660
+ "type": "string"
1661
+ },
1662
+ "audience": {
1663
+ "type": "string"
1664
+ },
1665
+ "privateKey": {
1666
+ "visibility": "secret",
1667
+ "type": "string"
1668
+ },
1669
+ "authnContext": {
1670
+ "type": "array",
1671
+ "items": {
1672
+ "type": "string"
1673
+ }
1674
+ },
1675
+ "identifierFormat": {
1676
+ "type": "string"
1677
+ },
1678
+ "decryptionPvk": {
1679
+ "visibility": "secret",
1680
+ "type": "string"
1681
+ },
1682
+ "signatureAlgorithm": {
1683
+ "enum": [
1684
+ "sha256",
1685
+ "sha512"
1686
+ ],
1687
+ "type": "string"
1688
+ },
1689
+ "digestAlgorithm": {
1690
+ "type": "string"
1691
+ },
1692
+ "acceptedClockSkewMs": {
1693
+ "type": "number"
1694
+ }
1695
+ },
1696
+ "required": [
1697
+ "cert",
1698
+ "entryPoint",
1699
+ "issuer"
1700
+ ]
1552
1701
  },
1553
- "useWorkerTimers": {
1554
- "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
1702
+ "auth0": {
1555
1703
  "visibility": "frontend",
1556
- "type": "boolean"
1704
+ "type": "object",
1705
+ "additionalProperties": {
1706
+ "type": "object",
1707
+ "properties": {
1708
+ "clientId": {
1709
+ "type": "string"
1710
+ },
1711
+ "clientSecret": {
1712
+ "visibility": "secret",
1713
+ "type": "string"
1714
+ },
1715
+ "domain": {
1716
+ "type": "string"
1717
+ },
1718
+ "callbackUrl": {
1719
+ "type": "string"
1720
+ },
1721
+ "audience": {
1722
+ "type": "string"
1723
+ },
1724
+ "connection": {
1725
+ "type": "string"
1726
+ },
1727
+ "connectionScope": {
1728
+ "type": "string"
1729
+ }
1730
+ },
1731
+ "required": [
1732
+ "clientId",
1733
+ "clientSecret",
1734
+ "domain"
1735
+ ]
1736
+ }
1557
1737
  },
1558
- "logoutIfDisconnected": {
1559
- "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
1738
+ "onelogin": {
1560
1739
  "visibility": "frontend",
1561
- "type": "boolean"
1740
+ "type": "object",
1741
+ "additionalProperties": {
1742
+ "type": "object",
1743
+ "properties": {
1744
+ "clientId": {
1745
+ "type": "string"
1746
+ },
1747
+ "clientSecret": {
1748
+ "visibility": "secret",
1749
+ "type": "string"
1750
+ },
1751
+ "issuer": {
1752
+ "type": "string"
1753
+ },
1754
+ "callbackUrl": {
1755
+ "type": "string"
1756
+ }
1757
+ },
1758
+ "required": [
1759
+ "clientId",
1760
+ "clientSecret",
1761
+ "issuer"
1762
+ ]
1763
+ }
1764
+ },
1765
+ "backstageTokenExpiration": {
1766
+ "description": "The backstage token expiration."
1562
1767
  }
1563
1768
  }
1769
+ },
1770
+ "experimentalExtraAllowedOrigins": {
1771
+ "description": "Additional app origins to allow for authenticating",
1772
+ "type": "array",
1773
+ "items": {
1774
+ "type": "string"
1775
+ }
1564
1776
  }
1565
1777
  }
1566
1778
  }
@@ -1568,6 +1780,51 @@
1568
1780
  "$schema": "http://json-schema.org/draft-07/schema#"
1569
1781
  }
1570
1782
  },
1783
+ {
1784
+ "path": "../../plugins/auth-backend-module-guest-provider/config.d.ts",
1785
+ "value": {
1786
+ "type": "object",
1787
+ "properties": {
1788
+ "auth": {
1789
+ "description": "Configuration options for the auth plugin",
1790
+ "type": "object",
1791
+ "properties": {
1792
+ "providers": {
1793
+ "type": "object",
1794
+ "properties": {
1795
+ "guest": {
1796
+ "type": "object",
1797
+ "properties": {
1798
+ "userEntityRef": {
1799
+ "description": "The entity reference to use for the guest user.",
1800
+ "default": "user:development/guest",
1801
+ "type": "string"
1802
+ },
1803
+ "ownershipEntityRefs": {
1804
+ "description": "A list of entity references to user for ownership of the guest user if the user\n is not found in the catalog.",
1805
+ "default": "[userEntityRef]",
1806
+ "type": "array",
1807
+ "items": {
1808
+ "type": "string"
1809
+ }
1810
+ },
1811
+ "dangerouslyAllowOutsideDevelopment": {
1812
+ "description": "Allow users to sign in with the guest provider outside of their development environments.",
1813
+ "type": "boolean"
1814
+ }
1815
+ }
1816
+ }
1817
+ }
1818
+ }
1819
+ },
1820
+ "required": [
1821
+ "providers"
1822
+ ]
1823
+ }
1824
+ },
1825
+ "$schema": "http://json-schema.org/draft-07/schema#"
1826
+ }
1827
+ },
1571
1828
  {
1572
1829
  "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/core-components/config.d.ts",
1573
1830
  "value": {
@@ -1614,460 +1871,1165 @@
1614
1871
  }
1615
1872
  },
1616
1873
  {
1617
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/backend-plugin-api/config.d.ts",
1618
- "value": {
1619
- "type": "object",
1620
- "properties": {
1621
- "backend": {
1622
- "type": "object",
1623
- "properties": {
1624
- "workingDirectory": {
1625
- "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
1626
- "type": "string"
1627
- }
1628
- }
1629
- }
1630
- },
1631
- "$schema": "http://json-schema.org/draft-07/schema#"
1632
- }
1633
- },
1634
- {
1635
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/integration/config.d.ts",
1874
+ "path": "../integration-aws-node/config.d.ts",
1636
1875
  "value": {
1637
1876
  "type": "object",
1638
1877
  "properties": {
1639
- "integrations": {
1640
- "description": "Configuration for integrations towards various external repository provider systems",
1641
- "visibility": "frontend",
1878
+ "aws": {
1879
+ "description": "Configuration for access to AWS accounts",
1642
1880
  "type": "object",
1643
1881
  "properties": {
1644
- "azure": {
1645
- "description": "Integration configuration for Azure",
1646
- "type": "array",
1647
- "items": {
1648
- "type": "object",
1649
- "properties": {
1650
- "host": {
1651
- "description": "The hostname of the given Azure instance",
1652
- "visibility": "frontend",
1653
- "type": "string"
1654
- },
1655
- "token": {
1656
- "description": "Token used to authenticate requests.",
1657
- "visibility": "secret",
1658
- "deprecated": "Use `credentials` instead.",
1659
- "type": "string"
1660
- },
1661
- "credential": {
1662
- "description": "The credential to use for requests.\n\nIf no credential is specified anonymous access is used.",
1663
- "deepVisibility": "secret",
1664
- "deprecated": "Use `credentials` instead.",
1665
- "type": "object",
1666
- "properties": {
1667
- "clientId": {
1668
- "type": "string"
1669
- },
1670
- "clientSecret": {
1671
- "type": "string"
1672
- },
1673
- "tenantId": {
1674
- "type": "string"
1675
- },
1676
- "personalAccessToken": {
1677
- "type": "string"
1678
- }
1679
- }
1680
- },
1681
- "credentials": {
1682
- "description": "The credentials to use for requests. If multiple credentials are specified the first one that matches the organization is used.\nIf not organization matches the first credential without an organization is used.\n\nIf no credentials are specified at all, either a default credential (for Azure DevOps) or anonymous access (for Azure DevOps Server) is used.",
1683
- "deepVisibility": "secret",
1684
- "type": "array",
1685
- "items": {
1686
- "type": "object",
1687
- "properties": {
1688
- "clientId": {
1689
- "type": "string"
1690
- },
1691
- "clientSecret": {
1692
- "type": "string"
1693
- },
1694
- "tenantId": {
1695
- "type": "string"
1696
- },
1697
- "personalAccessToken": {
1698
- "type": "string"
1699
- }
1700
- }
1701
- }
1702
- }
1882
+ "accountDefaults": {
1883
+ "description": "Defaults for retrieving AWS account credentials",
1884
+ "type": "object",
1885
+ "properties": {
1886
+ "roleName": {
1887
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1888
+ "type": "string"
1703
1889
  },
1704
- "required": [
1705
- "host"
1706
- ]
1707
- }
1708
- },
1709
- "bitbucket": {
1710
- "description": "Integration configuration for Bitbucket",
1711
- "deprecated": "replaced by bitbucketCloud and bitbucketServer",
1712
- "type": "array",
1713
- "items": {
1714
- "type": "object",
1715
- "properties": {
1716
- "host": {
1717
- "description": "The hostname of the given Bitbucket instance",
1718
- "visibility": "frontend",
1719
- "type": "string"
1720
- },
1721
- "token": {
1722
- "description": "Token used to authenticate requests.",
1723
- "visibility": "secret",
1724
- "type": "string"
1725
- },
1726
- "apiBaseUrl": {
1727
- "description": "The base url for the Bitbucket API, for example https://api.bitbucket.org/2.0",
1728
- "visibility": "frontend",
1729
- "type": "string"
1730
- },
1731
- "username": {
1732
- "description": "The username to use for authenticated requests.",
1733
- "visibility": "secret",
1734
- "type": "string"
1735
- },
1736
- "appPassword": {
1737
- "description": "Bitbucket app password used to authenticate requests.",
1738
- "visibility": "secret",
1739
- "type": "string"
1740
- }
1890
+ "partition": {
1891
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1892
+ "type": "string"
1741
1893
  },
1742
- "required": [
1743
- "host"
1744
- ]
1894
+ "region": {
1895
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1896
+ "type": "string"
1897
+ },
1898
+ "externalId": {
1899
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1900
+ "visibility": "secret",
1901
+ "type": "string"
1902
+ }
1745
1903
  }
1746
1904
  },
1747
- "bitbucketCloud": {
1748
- "description": "Integration configuration for Bitbucket Cloud",
1749
- "type": "array",
1750
- "items": {
1751
- "type": "object",
1752
- "properties": {
1753
- "username": {
1754
- "description": "The username to use for authenticated requests.",
1755
- "visibility": "secret",
1756
- "type": "string"
1757
- },
1758
- "appPassword": {
1759
- "description": "Bitbucket Cloud app password used to authenticate requests.",
1760
- "visibility": "secret",
1761
- "type": "string"
1762
- }
1905
+ "mainAccount": {
1906
+ "description": "Main account to use for retrieving AWS account credentials",
1907
+ "type": "object",
1908
+ "properties": {
1909
+ "accessKeyId": {
1910
+ "description": "The access key ID for a set of static AWS credentials",
1911
+ "visibility": "secret",
1912
+ "type": "string"
1763
1913
  },
1764
- "required": [
1765
- "appPassword",
1766
- "username"
1767
- ]
1914
+ "secretAccessKey": {
1915
+ "description": "The secret access key for a set of static AWS credentials",
1916
+ "visibility": "secret",
1917
+ "type": "string"
1918
+ },
1919
+ "profile": {
1920
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1921
+ "type": "string"
1922
+ },
1923
+ "region": {
1924
+ "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
1925
+ "type": "string"
1926
+ }
1768
1927
  }
1769
1928
  },
1770
- "bitbucketServer": {
1771
- "description": "Integration configuration for Bitbucket Server",
1929
+ "accounts": {
1930
+ "description": "Configuration for retrieving AWS accounts credentials",
1772
1931
  "type": "array",
1773
1932
  "items": {
1774
1933
  "type": "object",
1775
1934
  "properties": {
1776
- "host": {
1777
- "description": "The hostname of the given Bitbucket Server instance",
1778
- "visibility": "frontend",
1779
- "type": "string"
1780
- },
1781
- "token": {
1782
- "description": "Token used to authenticate requests.",
1783
- "visibility": "secret",
1935
+ "accountId": {
1936
+ "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
1784
1937
  "type": "string"
1785
1938
  },
1786
- "username": {
1787
- "description": "Username used to authenticate requests with Basic Auth.",
1939
+ "accessKeyId": {
1940
+ "description": "The access key ID for a set of static AWS credentials",
1788
1941
  "visibility": "secret",
1789
1942
  "type": "string"
1790
1943
  },
1791
- "password": {
1792
- "description": "Password (or token as password) used to authenticate requests with Basic Auth.",
1944
+ "secretAccessKey": {
1945
+ "description": "The secret access key for a set of static AWS credentials",
1793
1946
  "visibility": "secret",
1794
1947
  "type": "string"
1795
1948
  },
1796
- "apiBaseUrl": {
1797
- "description": "The base url for the Bitbucket Server API, for example https://<host>/rest/api/1.0",
1798
- "visibility": "frontend",
1799
- "type": "string"
1800
- }
1801
- },
1802
- "required": [
1803
- "host"
1804
- ]
1805
- }
1806
- },
1807
- "gerrit": {
1808
- "description": "Integration configuration for Gerrit",
1809
- "type": "array",
1810
- "items": {
1811
- "type": "object",
1812
- "properties": {
1813
- "host": {
1814
- "description": "The hostname of the given Gerrit instance",
1815
- "visibility": "frontend",
1816
- "type": "string"
1817
- },
1818
- "baseUrl": {
1819
- "description": "The base url for the Gerrit instance.",
1820
- "visibility": "frontend",
1949
+ "profile": {
1950
+ "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
1821
1951
  "type": "string"
1822
1952
  },
1823
- "gitilesBaseUrl": {
1824
- "description": "The gitiles base url.",
1825
- "visibility": "frontend",
1953
+ "roleName": {
1954
+ "description": "The IAM role to assume to retrieve temporary AWS credentials",
1826
1955
  "type": "string"
1827
1956
  },
1828
- "cloneUrl": {
1829
- "description": "The base url for cloning repos.",
1830
- "visibility": "frontend",
1957
+ "partition": {
1958
+ "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
1831
1959
  "type": "string"
1832
1960
  },
1833
- "username": {
1834
- "description": "The username to use for authenticated requests.",
1835
- "visibility": "secret",
1961
+ "region": {
1962
+ "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
1836
1963
  "type": "string"
1837
1964
  },
1838
- "password": {
1839
- "description": "Gerrit password used to authenticate requests. This can be either a password\nor a generated access token.",
1965
+ "externalId": {
1966
+ "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
1840
1967
  "visibility": "secret",
1841
1968
  "type": "string"
1842
1969
  }
1843
1970
  },
1844
1971
  "required": [
1845
- "gitilesBaseUrl",
1846
- "host"
1972
+ "accountId"
1847
1973
  ]
1848
1974
  }
1849
- },
1850
- "github": {
1851
- "description": "Integration configuration for GitHub",
1852
- "type": "array",
1853
- "items": {
1854
- "type": "object",
1855
- "properties": {
1856
- "host": {
1857
- "description": "The hostname of the given GitHub instance",
1858
- "visibility": "frontend",
1859
- "type": "string"
1860
- },
1861
- "token": {
1862
- "description": "Token used to authenticate requests.",
1863
- "visibility": "secret",
1864
- "type": "string"
1865
- },
1866
- "apiBaseUrl": {
1867
- "description": "The base url for the GitHub API, for example https://api.github.com",
1868
- "visibility": "frontend",
1869
- "type": "string"
1870
- },
1871
- "rawBaseUrl": {
1872
- "description": "The base url for GitHub raw resources, for example https://raw.githubusercontent.com",
1873
- "visibility": "frontend",
1874
- "type": "string"
1875
- },
1876
- "apps": {
1877
- "description": "GitHub Apps configuration",
1878
- "type": "array",
1879
- "items": {
1880
- "type": "object",
1881
- "properties": {
1882
- "appId": {
1883
- "description": "The numeric GitHub App ID, string for environment variables",
1884
- "type": [
1885
- "string",
1886
- "number"
1887
- ]
1888
- },
1889
- "privateKey": {
1890
- "description": "The private key to use for auth against the app",
1891
- "visibility": "secret",
1892
- "type": "string"
1893
- },
1894
- "webhookSecret": {
1895
- "description": "The secret used for webhooks",
1896
- "visibility": "secret",
1897
- "type": "string"
1898
- },
1899
- "clientId": {
1900
- "description": "The client ID to use",
1901
- "type": "string"
1902
- },
1903
- "clientSecret": {
1904
- "description": "The client secret to use",
1905
- "visibility": "secret",
1906
- "type": "string"
1907
- },
1908
- "allowedInstallationOwners": {
1909
- "description": "List of installation owners allowed to be used by this GitHub app. The GitHub UI does not provide a way to list the installations.\nHowever you can list the installations with the GitHub API. You can find the list of installations here:\nhttps://api.github.com/app/installations\nThe relevant documentation for this is here.\nhttps://docs.github.com/en/rest/reference/apps#list-installations-for-the-authenticated-app--code-samples",
1910
- "type": "array",
1911
- "items": {
1975
+ }
1976
+ }
1977
+ }
1978
+ },
1979
+ "$schema": "http://json-schema.org/draft-07/schema#"
1980
+ }
1981
+ },
1982
+ {
1983
+ "path": "../backend-app-api/config.d.ts",
1984
+ "value": {
1985
+ "type": "object",
1986
+ "properties": {
1987
+ "backend": {
1988
+ "type": "object",
1989
+ "properties": {
1990
+ "packages": {
1991
+ "description": "Used by the feature discovery service",
1992
+ "anyOf": [
1993
+ {
1994
+ "type": "object",
1995
+ "properties": {
1996
+ "include": {
1997
+ "type": "array",
1998
+ "items": {
1999
+ "type": "string"
2000
+ }
2001
+ },
2002
+ "exclude": {
2003
+ "type": "array",
2004
+ "items": {
2005
+ "type": "string"
2006
+ }
2007
+ }
2008
+ }
2009
+ },
2010
+ {
2011
+ "const": "all",
2012
+ "type": "string"
2013
+ }
2014
+ ]
2015
+ }
2016
+ }
2017
+ }
2018
+ },
2019
+ "$schema": "http://json-schema.org/draft-07/schema#"
2020
+ }
2021
+ },
2022
+ {
2023
+ "path": "../backend-defaults/config.d.ts",
2024
+ "value": {
2025
+ "type": "object",
2026
+ "properties": {
2027
+ "app": {
2028
+ "type": "object",
2029
+ "properties": {
2030
+ "baseUrl": {
2031
+ "type": "string"
2032
+ }
2033
+ },
2034
+ "required": [
2035
+ "baseUrl"
2036
+ ]
2037
+ },
2038
+ "backend": {
2039
+ "type": "object",
2040
+ "properties": {
2041
+ "baseUrl": {
2042
+ "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2043
+ "type": "string"
2044
+ },
2045
+ "listen": {
2046
+ "description": "Address that the backend should listen to.",
2047
+ "anyOf": [
2048
+ {
2049
+ "type": "object",
2050
+ "properties": {
2051
+ "host": {
2052
+ "description": "Address of the interface that the backend should bind to.",
2053
+ "type": "string"
2054
+ },
2055
+ "port": {
2056
+ "description": "Port that the backend should listen to.",
2057
+ "type": [
2058
+ "string",
2059
+ "number"
2060
+ ]
2061
+ }
2062
+ }
2063
+ },
2064
+ {
2065
+ "type": "string"
2066
+ }
2067
+ ]
2068
+ },
2069
+ "https": {
2070
+ "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2071
+ "anyOf": [
2072
+ {
2073
+ "type": "object",
2074
+ "properties": {
2075
+ "certificate": {
2076
+ "description": "Certificate configuration",
2077
+ "type": "object",
2078
+ "properties": {
2079
+ "cert": {
2080
+ "description": "PEM encoded certificate. Use $file to load in a file",
2081
+ "type": "string"
2082
+ },
2083
+ "key": {
2084
+ "description": "PEM encoded certificate key. Use $file to load in a file.",
2085
+ "visibility": "secret",
2086
+ "type": "string"
2087
+ }
2088
+ },
2089
+ "required": [
2090
+ "cert",
2091
+ "key"
2092
+ ]
2093
+ }
2094
+ }
2095
+ },
2096
+ {
2097
+ "const": true,
2098
+ "type": "boolean"
2099
+ }
2100
+ ]
2101
+ },
2102
+ "auth": {
2103
+ "description": "Options used by the default auth, httpAuth and userInfo services.",
2104
+ "type": "object",
2105
+ "properties": {
2106
+ "dangerouslyDisableDefaultAuthPolicy": {
2107
+ "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2108
+ "type": "boolean"
2109
+ },
2110
+ "pluginKeyStore": {
2111
+ "description": "Controls how to store keys for plugin-to-plugin auth",
2112
+ "anyOf": [
2113
+ {
2114
+ "type": "object",
2115
+ "properties": {
2116
+ "type": {
2117
+ "type": "string",
2118
+ "const": "database"
2119
+ }
2120
+ },
2121
+ "required": [
2122
+ "type"
2123
+ ]
2124
+ },
2125
+ {
2126
+ "type": "object",
2127
+ "properties": {
2128
+ "type": {
2129
+ "type": "string",
2130
+ "const": "static"
2131
+ },
2132
+ "static": {
2133
+ "type": "object",
2134
+ "properties": {
2135
+ "keys": {
2136
+ "description": "Must be declared at least once and the first one will be used for signing.",
2137
+ "type": "array",
2138
+ "items": {
2139
+ "type": "object",
2140
+ "properties": {
2141
+ "publicKeyFile": {
2142
+ "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2143
+ "type": "string"
2144
+ },
2145
+ "privateKeyFile": {
2146
+ "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2147
+ "type": "string"
2148
+ },
2149
+ "keyId": {
2150
+ "description": "ID to uniquely identify this key within the JWK set.",
2151
+ "type": "string"
2152
+ },
2153
+ "algorithm": {
2154
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2155
+ "type": "string"
2156
+ }
2157
+ },
2158
+ "required": [
2159
+ "keyId",
2160
+ "publicKeyFile"
2161
+ ]
2162
+ }
2163
+ }
2164
+ },
2165
+ "required": [
2166
+ "keys"
2167
+ ]
2168
+ }
2169
+ },
2170
+ "required": [
2171
+ "static",
2172
+ "type"
2173
+ ]
2174
+ }
2175
+ ]
2176
+ },
2177
+ "externalAccess": {
2178
+ "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2179
+ "type": "array",
2180
+ "items": {
2181
+ "anyOf": [
2182
+ {
2183
+ "type": "object",
2184
+ "properties": {
2185
+ "type": {
2186
+ "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2187
+ "type": "string",
2188
+ "const": "legacy"
2189
+ },
2190
+ "options": {
2191
+ "type": "object",
2192
+ "properties": {
2193
+ "secret": {
2194
+ "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2195
+ "visibility": "secret",
2196
+ "type": "string"
2197
+ },
2198
+ "subject": {
2199
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2200
+ "type": "string"
2201
+ }
2202
+ },
2203
+ "required": [
2204
+ "secret",
2205
+ "subject"
2206
+ ]
2207
+ },
2208
+ "accessRestrictions": {
2209
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2210
+ "type": "array",
2211
+ "items": {
2212
+ "type": "object",
2213
+ "properties": {
2214
+ "plugin": {
2215
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2216
+ "type": "string"
2217
+ },
2218
+ "permission": {
2219
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2220
+ "anyOf": [
2221
+ {
2222
+ "type": "array",
2223
+ "items": {
2224
+ "type": "string"
2225
+ }
2226
+ },
2227
+ {
2228
+ "type": "string"
2229
+ }
2230
+ ]
2231
+ },
2232
+ "permissionAttribute": {
2233
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2234
+ "type": "object",
2235
+ "properties": {
2236
+ "action": {
2237
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2238
+ "anyOf": [
2239
+ {
2240
+ "type": "array",
2241
+ "items": {
2242
+ "type": "string"
2243
+ }
2244
+ },
2245
+ {
2246
+ "type": "string"
2247
+ }
2248
+ ]
2249
+ }
2250
+ }
2251
+ }
2252
+ },
2253
+ "required": [
2254
+ "plugin"
2255
+ ]
2256
+ }
2257
+ }
2258
+ },
2259
+ "required": [
2260
+ "options",
2261
+ "type"
2262
+ ]
2263
+ },
2264
+ {
2265
+ "type": "object",
2266
+ "properties": {
2267
+ "type": {
2268
+ "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2269
+ "type": "string",
2270
+ "const": "static"
2271
+ },
2272
+ "options": {
2273
+ "type": "object",
2274
+ "properties": {
2275
+ "token": {
2276
+ "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2277
+ "visibility": "secret",
2278
+ "type": "string"
2279
+ },
2280
+ "subject": {
2281
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2282
+ "type": "string"
2283
+ }
2284
+ },
2285
+ "required": [
2286
+ "subject",
2287
+ "token"
2288
+ ]
2289
+ },
2290
+ "accessRestrictions": {
2291
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2292
+ "type": "array",
2293
+ "items": {
2294
+ "type": "object",
2295
+ "properties": {
2296
+ "plugin": {
2297
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2298
+ "type": "string"
2299
+ },
2300
+ "permission": {
2301
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2302
+ "anyOf": [
2303
+ {
2304
+ "type": "array",
2305
+ "items": {
2306
+ "type": "string"
2307
+ }
2308
+ },
2309
+ {
2310
+ "type": "string"
2311
+ }
2312
+ ]
2313
+ },
2314
+ "permissionAttribute": {
2315
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2316
+ "type": "object",
2317
+ "properties": {
2318
+ "action": {
2319
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2320
+ "anyOf": [
2321
+ {
2322
+ "type": "array",
2323
+ "items": {
2324
+ "type": "string"
2325
+ }
2326
+ },
2327
+ {
2328
+ "type": "string"
2329
+ }
2330
+ ]
2331
+ }
2332
+ }
2333
+ }
2334
+ },
2335
+ "required": [
2336
+ "plugin"
2337
+ ]
2338
+ }
2339
+ }
2340
+ },
2341
+ "required": [
2342
+ "options",
2343
+ "type"
2344
+ ]
2345
+ },
2346
+ {
2347
+ "type": "object",
2348
+ "properties": {
2349
+ "type": {
2350
+ "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2351
+ "type": "string",
2352
+ "const": "jwks"
2353
+ },
2354
+ "options": {
2355
+ "type": "object",
2356
+ "properties": {
2357
+ "url": {
2358
+ "description": "The full URL of the JWKS endpoint.",
2359
+ "type": "string"
2360
+ },
2361
+ "algorithm": {
2362
+ "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2363
+ "anyOf": [
2364
+ {
2365
+ "type": "array",
2366
+ "items": {
2367
+ "type": "string"
2368
+ }
2369
+ },
2370
+ {
2371
+ "type": "string"
2372
+ }
2373
+ ]
2374
+ },
2375
+ "issuer": {
2376
+ "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2377
+ "anyOf": [
2378
+ {
2379
+ "type": "array",
2380
+ "items": {
2381
+ "type": "string"
2382
+ }
2383
+ },
2384
+ {
2385
+ "type": "string"
2386
+ }
2387
+ ]
2388
+ },
2389
+ "audience": {
2390
+ "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2391
+ "anyOf": [
2392
+ {
2393
+ "type": "array",
2394
+ "items": {
2395
+ "type": "string"
2396
+ }
2397
+ },
2398
+ {
2399
+ "type": "string"
2400
+ }
2401
+ ]
2402
+ },
2403
+ "subjectPrefix": {
2404
+ "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2405
+ "type": "string"
2406
+ }
2407
+ },
2408
+ "required": [
2409
+ "url"
2410
+ ]
2411
+ },
2412
+ "accessRestrictions": {
2413
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2414
+ "type": "array",
2415
+ "items": {
2416
+ "type": "object",
2417
+ "properties": {
2418
+ "plugin": {
2419
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2420
+ "type": "string"
2421
+ },
2422
+ "permission": {
2423
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2424
+ "anyOf": [
2425
+ {
2426
+ "type": "array",
2427
+ "items": {
2428
+ "type": "string"
2429
+ }
2430
+ },
2431
+ {
2432
+ "type": "string"
2433
+ }
2434
+ ]
2435
+ },
2436
+ "permissionAttribute": {
2437
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2438
+ "type": "object",
2439
+ "properties": {
2440
+ "action": {
2441
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2442
+ "anyOf": [
2443
+ {
2444
+ "type": "array",
2445
+ "items": {
2446
+ "type": "string"
2447
+ }
2448
+ },
2449
+ {
2450
+ "type": "string"
2451
+ }
2452
+ ]
2453
+ }
2454
+ }
2455
+ }
2456
+ },
2457
+ "required": [
2458
+ "plugin"
2459
+ ]
2460
+ }
2461
+ }
2462
+ },
2463
+ "required": [
2464
+ "options",
2465
+ "type"
2466
+ ]
2467
+ }
2468
+ ]
2469
+ }
2470
+ }
2471
+ }
2472
+ },
2473
+ "database": {
2474
+ "description": "Database connection configuration, select base database type using the `client` field",
2475
+ "type": "object",
2476
+ "properties": {
2477
+ "client": {
2478
+ "description": "Default database client to use",
2479
+ "enum": [
2480
+ "better-sqlite3",
2481
+ "pg",
2482
+ "sqlite3"
2483
+ ],
2484
+ "type": "string"
2485
+ },
2486
+ "connection": {
2487
+ "description": "Base database connection string, or object with individual connection properties",
2488
+ "visibility": "secret",
2489
+ "anyOf": [
2490
+ {
2491
+ "type": "object",
2492
+ "additionalProperties": {},
2493
+ "properties": {
2494
+ "password": {
2495
+ "description": "Password that belongs to the client User",
2496
+ "visibility": "secret",
2497
+ "type": "string"
2498
+ }
2499
+ }
2500
+ },
2501
+ {
2502
+ "type": "string"
2503
+ }
2504
+ ]
2505
+ },
2506
+ "prefix": {
2507
+ "description": "Database name prefix override",
2508
+ "type": "string"
2509
+ },
2510
+ "ensureExists": {
2511
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2512
+ "type": "boolean"
2513
+ },
2514
+ "ensureSchemaExists": {
2515
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2516
+ "type": "boolean"
2517
+ },
2518
+ "pluginDivisionMode": {
2519
+ "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2520
+ "default": "database",
2521
+ "enum": [
2522
+ "database",
2523
+ "schema"
2524
+ ],
2525
+ "type": "string"
2526
+ },
2527
+ "role": {
2528
+ "description": "Configures the ownership of newly created schemas in pg databases.",
2529
+ "type": "string"
2530
+ },
2531
+ "knexConfig": {
2532
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2533
+ "type": "object",
2534
+ "properties": {},
2535
+ "additionalProperties": true
2536
+ },
2537
+ "skipMigrations": {
2538
+ "description": "Skip running database migrations.",
2539
+ "type": "boolean"
2540
+ },
2541
+ "plugin": {
2542
+ "description": "Plugin specific database configuration and client override",
2543
+ "type": "object",
2544
+ "additionalProperties": {
2545
+ "type": "object",
2546
+ "properties": {
2547
+ "client": {
2548
+ "description": "Database client override",
2549
+ "enum": [
2550
+ "better-sqlite3",
2551
+ "pg",
2552
+ "sqlite3"
2553
+ ],
2554
+ "type": "string"
2555
+ },
2556
+ "connection": {
2557
+ "description": "Database connection string or Knex object override",
2558
+ "visibility": "secret",
2559
+ "anyOf": [
2560
+ {
2561
+ "type": "object",
2562
+ "properties": {},
2563
+ "additionalProperties": true
2564
+ },
2565
+ {
1912
2566
  "type": "string"
1913
2567
  }
1914
- }
2568
+ ]
1915
2569
  },
1916
- "required": [
1917
- "appId",
1918
- "clientId",
1919
- "clientSecret",
1920
- "privateKey",
1921
- "webhookSecret"
1922
- ]
2570
+ "ensureExists": {
2571
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
2572
+ "type": "boolean"
2573
+ },
2574
+ "ensureSchemaExists": {
2575
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2576
+ "type": "boolean"
2577
+ },
2578
+ "knexConfig": {
2579
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
2580
+ "type": "object",
2581
+ "properties": {},
2582
+ "additionalProperties": true
2583
+ },
2584
+ "role": {
2585
+ "description": "Configures the ownership of newly created schemas in pg databases.",
2586
+ "type": "string"
2587
+ },
2588
+ "skipMigrations": {
2589
+ "description": "Skip running database migrations.",
2590
+ "type": "boolean"
2591
+ }
1923
2592
  }
1924
2593
  }
1925
- },
1926
- "required": [
1927
- "host"
1928
- ]
1929
- }
2594
+ }
2595
+ },
2596
+ "required": [
2597
+ "client",
2598
+ "connection"
2599
+ ]
1930
2600
  },
1931
- "gitlab": {
1932
- "description": "Integration configuration for GitLab",
1933
- "type": "array",
1934
- "items": {
1935
- "type": "object",
1936
- "properties": {
1937
- "host": {
1938
- "description": "The host of the target that this matches on, e.g. \"gitlab.com\".",
1939
- "visibility": "frontend",
1940
- "type": "string"
1941
- },
1942
- "apiBaseUrl": {
1943
- "description": "The base URL of the API of this provider, e.g.\n\"https://gitlab.com/api/v4\", with no trailing slash.\n\nMay be omitted specifically for public GitLab; then it will be deduced.",
1944
- "visibility": "frontend",
1945
- "type": "string"
2601
+ "cache": {
2602
+ "description": "Cache connection configuration, select cache type using the `store` field",
2603
+ "anyOf": [
2604
+ {
2605
+ "type": "object",
2606
+ "properties": {
2607
+ "store": {
2608
+ "type": "string",
2609
+ "const": "memory"
2610
+ },
2611
+ "defaultTtl": {
2612
+ "description": "An optional default TTL (in milliseconds)."
2613
+ }
1946
2614
  },
1947
- "token": {
1948
- "description": "The authorization token to use for requests to this provider.\n\nIf no token is specified, anonymous access is used.",
1949
- "visibility": "secret",
1950
- "type": "string"
2615
+ "required": [
2616
+ "store"
2617
+ ]
2618
+ },
2619
+ {
2620
+ "type": "object",
2621
+ "properties": {
2622
+ "store": {
2623
+ "type": "string",
2624
+ "const": "redis"
2625
+ },
2626
+ "connection": {
2627
+ "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2628
+ "visibility": "secret",
2629
+ "type": "string"
2630
+ },
2631
+ "defaultTtl": {
2632
+ "description": "An optional default TTL (in milliseconds)."
2633
+ },
2634
+ "useRedisSets": {
2635
+ "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2636
+ "type": "boolean"
2637
+ }
1951
2638
  },
1952
- "baseUrl": {
1953
- "description": "The baseUrl of this provider, e.g. \"https://gitlab.com\", which is\npassed into the GitLab client.\n\nIf no baseUrl is provided, it will default to https://${host}.",
1954
- "visibility": "frontend",
1955
- "type": "string"
1956
- }
2639
+ "required": [
2640
+ "connection",
2641
+ "store"
2642
+ ]
1957
2643
  },
1958
- "required": [
1959
- "host"
1960
- ]
1961
- }
2644
+ {
2645
+ "type": "object",
2646
+ "properties": {
2647
+ "store": {
2648
+ "type": "string",
2649
+ "const": "memcache"
2650
+ },
2651
+ "connection": {
2652
+ "description": "A memcache connection string in the form `user:pass@host:port`.",
2653
+ "visibility": "secret",
2654
+ "type": "string"
2655
+ },
2656
+ "defaultTtl": {
2657
+ "description": "An optional default TTL (in milliseconds)."
2658
+ }
2659
+ },
2660
+ "required": [
2661
+ "connection",
2662
+ "store"
2663
+ ]
2664
+ }
2665
+ ]
1962
2666
  },
1963
- "googleGcs": {
1964
- "description": "Integration configuration for Google Cloud Storage",
2667
+ "cors": {
1965
2668
  "type": "object",
1966
2669
  "properties": {
1967
- "clientEmail": {
1968
- "description": "Service account email used to authenticate requests.",
1969
- "type": "string"
2670
+ "origin": {
2671
+ "anyOf": [
2672
+ {
2673
+ "type": "array",
2674
+ "items": {
2675
+ "type": "string"
2676
+ }
2677
+ },
2678
+ {
2679
+ "type": "string"
2680
+ }
2681
+ ]
1970
2682
  },
1971
- "privateKey": {
1972
- "description": "Service account private key used to authenticate requests.",
1973
- "visibility": "secret",
1974
- "type": "string"
2683
+ "methods": {
2684
+ "anyOf": [
2685
+ {
2686
+ "type": "array",
2687
+ "items": {
2688
+ "type": "string"
2689
+ }
2690
+ },
2691
+ {
2692
+ "type": "string"
2693
+ }
2694
+ ]
2695
+ },
2696
+ "allowedHeaders": {
2697
+ "anyOf": [
2698
+ {
2699
+ "type": "array",
2700
+ "items": {
2701
+ "type": "string"
2702
+ }
2703
+ },
2704
+ {
2705
+ "type": "string"
2706
+ }
2707
+ ]
2708
+ },
2709
+ "exposedHeaders": {
2710
+ "anyOf": [
2711
+ {
2712
+ "type": "array",
2713
+ "items": {
2714
+ "type": "string"
2715
+ }
2716
+ },
2717
+ {
2718
+ "type": "string"
2719
+ }
2720
+ ]
2721
+ },
2722
+ "credentials": {
2723
+ "type": "boolean"
2724
+ },
2725
+ "maxAge": {
2726
+ "type": "number"
2727
+ },
2728
+ "preflightContinue": {
2729
+ "type": "boolean"
2730
+ },
2731
+ "optionsSuccessStatus": {
2732
+ "type": "number"
1975
2733
  }
1976
2734
  }
1977
2735
  },
1978
- "awsS3": {
1979
- "description": "Integration configuration for AWS S3 Service",
1980
- "type": "array",
1981
- "items": {
1982
- "type": "object",
1983
- "properties": {
1984
- "endpoint": {
1985
- "description": "AWS Endpoint.\nThe endpoint URI to send requests to. The default endpoint is built from the configured region.",
1986
- "visibility": "frontend",
1987
- "type": "string"
2736
+ "csp": {
2737
+ "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2738
+ "type": "object",
2739
+ "additionalProperties": {
2740
+ "anyOf": [
2741
+ {
2742
+ "type": "array",
2743
+ "items": {
2744
+ "type": "string"
2745
+ }
1988
2746
  },
1989
- "s3ForcePathStyle": {
1990
- "description": "Whether to use path style URLs when communicating with S3.\nDefaults to false.\nThis allows providers like LocalStack, Minio and Wasabi (and possibly others) to be used.",
1991
- "visibility": "frontend",
2747
+ {
2748
+ "const": false,
1992
2749
  "type": "boolean"
1993
- },
1994
- "accessKeyId": {
1995
- "description": "Account access key used to authenticate requests.",
1996
- "type": "string"
1997
- },
1998
- "secretAccessKey": {
1999
- "description": "Account secret key used to authenticate requests.",
2000
- "visibility": "secret",
2001
- "type": "string"
2002
- },
2003
- "roleArn": {
2004
- "description": "ARN of the role to be assumed",
2005
- "type": "string"
2006
- },
2007
- "externalId": {
2008
- "description": "External ID to use when assuming role",
2009
- "type": "string"
2750
+ }
2751
+ ]
2752
+ }
2753
+ },
2754
+ "reading": {
2755
+ "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
2756
+ "type": "object",
2757
+ "properties": {
2758
+ "allow": {
2759
+ "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2760
+ "type": "array",
2761
+ "items": {
2762
+ "type": "object",
2763
+ "properties": {
2764
+ "host": {
2765
+ "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
2766
+ "type": "string"
2767
+ },
2768
+ "paths": {
2769
+ "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2770
+ "type": "array",
2771
+ "items": {
2772
+ "type": "string"
2773
+ }
2774
+ }
2775
+ },
2776
+ "required": [
2777
+ "host"
2778
+ ]
2010
2779
  }
2011
2780
  }
2012
2781
  }
2013
- },
2014
- "gitea": {
2015
- "description": "Integration configuration for Gitea",
2782
+ }
2783
+ },
2784
+ "required": [
2785
+ "baseUrl",
2786
+ "database"
2787
+ ]
2788
+ },
2789
+ "discovery": {
2790
+ "description": "Options used by the default discovery service.",
2791
+ "type": "object",
2792
+ "properties": {
2793
+ "endpoints": {
2794
+ "description": "A list of target baseUrls and the associated plugins.",
2016
2795
  "type": "array",
2017
2796
  "items": {
2018
2797
  "type": "object",
2019
2798
  "properties": {
2020
- "host": {
2021
- "description": "The hostname of the given Gitea instance",
2022
- "visibility": "frontend",
2023
- "type": "string"
2024
- },
2025
- "baseUrl": {
2026
- "description": "The base url for the Gitea instance.",
2027
- "visibility": "frontend",
2028
- "type": "string"
2029
- },
2030
- "username": {
2031
- "description": "The username to use for authenticated requests.",
2032
- "visibility": "secret",
2033
- "type": "string"
2799
+ "target": {
2800
+ "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
2801
+ "anyOf": [
2802
+ {
2803
+ "type": "object",
2804
+ "properties": {
2805
+ "internal": {
2806
+ "type": "string"
2807
+ },
2808
+ "external": {
2809
+ "type": "string"
2810
+ }
2811
+ },
2812
+ "required": [
2813
+ "external",
2814
+ "internal"
2815
+ ]
2816
+ },
2817
+ {
2818
+ "type": "string"
2819
+ }
2820
+ ]
2034
2821
  },
2035
- "password": {
2036
- "description": "Gitea password used to authenticate requests. This can be either a password\nor a generated access token.",
2037
- "visibility": "secret",
2038
- "type": "string"
2822
+ "plugins": {
2823
+ "description": "Array of plugins which use the target base URL.",
2824
+ "type": "array",
2825
+ "items": {
2826
+ "type": "string"
2827
+ }
2039
2828
  }
2040
2829
  },
2041
2830
  "required": [
2042
- "host"
2831
+ "plugins",
2832
+ "target"
2043
2833
  ]
2044
2834
  }
2045
- },
2046
- "harness": {
2047
- "description": "Integration configuration for Harness Code",
2048
- "type": "array",
2049
- "items": {
2050
- "type": "object",
2051
- "properties": {
2052
- "host": {
2053
- "description": "The hostname of the given Harness Code instance",
2054
- "visibility": "frontend",
2055
- "type": "string"
2056
- },
2057
- "apiKey": {
2058
- "description": "The apikey to use for authenticated requests.",
2059
- "visibility": "secret",
2060
- "type": "string"
2061
- },
2062
- "token": {
2063
- "description": "Harness Code token used to authenticate requests. This can be either a generated access token.",
2064
- "visibility": "secret",
2065
- "type": "string"
2835
+ }
2836
+ },
2837
+ "required": [
2838
+ "endpoints"
2839
+ ]
2840
+ }
2841
+ },
2842
+ "required": [
2843
+ "app"
2844
+ ],
2845
+ "$schema": "http://json-schema.org/draft-07/schema#"
2846
+ }
2847
+ },
2848
+ {
2849
+ "path": "../../plugins/events-node/config.d.ts",
2850
+ "value": {
2851
+ "type": "object",
2852
+ "properties": {
2853
+ "events": {
2854
+ "type": "object",
2855
+ "properties": {
2856
+ "useEventBus": {
2857
+ "description": "Whether to use the event bus API in the events plugin backend to\ndistribute events across multiple instances when publishing and\nsubscribing to events.\n\nThe default is 'auto', which means means that the event bus API will be\nused if it's available, but will be disabled if the events backend\nreturns a 404.\n\nIf set to 'never', the events service will only ever publish events\nlocally to the same instance, while if set to 'always', the event bus API\nwill never be disabled, even if the events backend returns a 404.",
2858
+ "enum": [
2859
+ "always",
2860
+ "auto",
2861
+ "never"
2862
+ ],
2863
+ "type": "string"
2864
+ }
2865
+ }
2866
+ }
2867
+ },
2868
+ "$schema": "http://json-schema.org/draft-07/schema#"
2869
+ }
2870
+ },
2871
+ {
2872
+ "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
2873
+ "value": {
2874
+ "type": "object",
2875
+ "properties": {
2876
+ "auth": {
2877
+ "type": "object",
2878
+ "properties": {
2879
+ "providers": {
2880
+ "type": "object",
2881
+ "properties": {
2882
+ "atlassian": {
2883
+ "visibility": "frontend",
2884
+ "type": "object",
2885
+ "additionalProperties": {
2886
+ "type": "object",
2887
+ "properties": {
2888
+ "clientId": {
2889
+ "type": "string"
2890
+ },
2891
+ "clientSecret": {
2892
+ "visibility": "secret",
2893
+ "type": "string"
2894
+ },
2895
+ "audience": {
2896
+ "type": "string"
2897
+ },
2898
+ "callbackUrl": {
2899
+ "type": "string"
2900
+ },
2901
+ "additionalScopes": {
2902
+ "anyOf": [
2903
+ {
2904
+ "type": "array",
2905
+ "items": {
2906
+ "type": "string"
2907
+ }
2908
+ },
2909
+ {
2910
+ "type": "string"
2911
+ }
2912
+ ]
2913
+ },
2914
+ "signIn": {
2915
+ "type": "object",
2916
+ "properties": {
2917
+ "resolvers": {
2918
+ "type": "array",
2919
+ "items": {
2920
+ "anyOf": [
2921
+ {
2922
+ "type": "object",
2923
+ "properties": {
2924
+ "resolver": {
2925
+ "type": "string",
2926
+ "const": "usernameMatchingUserEntityName"
2927
+ }
2928
+ },
2929
+ "required": [
2930
+ "resolver"
2931
+ ]
2932
+ },
2933
+ {
2934
+ "type": "object",
2935
+ "properties": {
2936
+ "resolver": {
2937
+ "type": "string",
2938
+ "const": "emailLocalPartMatchingUserEntityName"
2939
+ },
2940
+ "allowedDomains": {
2941
+ "type": "array",
2942
+ "items": {
2943
+ "type": "string"
2944
+ }
2945
+ }
2946
+ },
2947
+ "required": [
2948
+ "resolver"
2949
+ ]
2950
+ },
2951
+ {
2952
+ "type": "object",
2953
+ "properties": {
2954
+ "resolver": {
2955
+ "type": "string",
2956
+ "const": "emailMatchingUserEntityProfileEmail"
2957
+ }
2958
+ },
2959
+ "required": [
2960
+ "resolver"
2961
+ ]
2962
+ }
2963
+ ]
2964
+ }
2965
+ }
2966
+ },
2967
+ "required": [
2968
+ "resolvers"
2969
+ ]
2970
+ }
2971
+ },
2972
+ "required": [
2973
+ "clientId",
2974
+ "clientSecret"
2975
+ ]
2976
+ }
2977
+ }
2978
+ }
2979
+ }
2980
+ }
2981
+ }
2982
+ },
2983
+ "$schema": "http://json-schema.org/draft-07/schema#"
2984
+ }
2985
+ },
2986
+ {
2987
+ "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
2988
+ "value": {
2989
+ "type": "object",
2990
+ "properties": {
2991
+ "auth": {
2992
+ "type": "object",
2993
+ "properties": {
2994
+ "providers": {
2995
+ "type": "object",
2996
+ "properties": {
2997
+ "auth0": {
2998
+ "visibility": "frontend",
2999
+ "type": "object",
3000
+ "additionalProperties": {
3001
+ "type": "object",
3002
+ "properties": {
3003
+ "clientId": {
3004
+ "type": "string"
3005
+ },
3006
+ "clientSecret": {
3007
+ "visibility": "secret",
3008
+ "type": "string"
3009
+ },
3010
+ "domain": {
3011
+ "type": "string"
3012
+ },
3013
+ "callbackUrl": {
3014
+ "type": "string"
3015
+ },
3016
+ "audience": {
3017
+ "type": "string"
3018
+ },
3019
+ "connection": {
3020
+ "type": "string"
3021
+ },
3022
+ "connectionScope": {
3023
+ "type": "string"
3024
+ }
3025
+ },
3026
+ "required": [
3027
+ "clientId",
3028
+ "clientSecret",
3029
+ "domain"
3030
+ ]
2066
3031
  }
2067
- },
2068
- "required": [
2069
- "host"
2070
- ]
3032
+ }
2071
3033
  }
2072
3034
  }
2073
3035
  }
@@ -2077,106 +3039,256 @@
2077
3039
  }
2078
3040
  },
2079
3041
  {
2080
- "path": "../integration-aws-node/config.d.ts",
3042
+ "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
2081
3043
  "value": {
2082
3044
  "type": "object",
2083
3045
  "properties": {
2084
- "aws": {
2085
- "description": "Configuration for access to AWS accounts",
3046
+ "auth": {
2086
3047
  "type": "object",
2087
3048
  "properties": {
2088
- "accountDefaults": {
2089
- "description": "Defaults for retrieving AWS account credentials",
3049
+ "providers": {
2090
3050
  "type": "object",
2091
3051
  "properties": {
2092
- "roleName": {
2093
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2094
- "type": "string"
2095
- },
2096
- "partition": {
2097
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2098
- "type": "string"
2099
- },
2100
- "region": {
2101
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2102
- "type": "string"
2103
- },
2104
- "externalId": {
2105
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2106
- "visibility": "secret",
2107
- "type": "string"
3052
+ "bitbucket": {
3053
+ "visibility": "frontend",
3054
+ "type": "object",
3055
+ "additionalProperties": {
3056
+ "type": "object",
3057
+ "properties": {
3058
+ "clientId": {
3059
+ "type": "string"
3060
+ },
3061
+ "clientSecret": {
3062
+ "visibility": "secret",
3063
+ "type": "string"
3064
+ },
3065
+ "additionalScopes": {
3066
+ "anyOf": [
3067
+ {
3068
+ "type": "array",
3069
+ "items": {
3070
+ "type": "string"
3071
+ }
3072
+ },
3073
+ {
3074
+ "type": "string"
3075
+ }
3076
+ ]
3077
+ },
3078
+ "signIn": {
3079
+ "type": "object",
3080
+ "properties": {
3081
+ "resolvers": {
3082
+ "type": "array",
3083
+ "items": {
3084
+ "anyOf": [
3085
+ {
3086
+ "type": "object",
3087
+ "properties": {
3088
+ "resolver": {
3089
+ "type": "string",
3090
+ "const": "userIdMatchingUserEntityAnnotation"
3091
+ }
3092
+ },
3093
+ "required": [
3094
+ "resolver"
3095
+ ]
3096
+ },
3097
+ {
3098
+ "type": "object",
3099
+ "properties": {
3100
+ "resolver": {
3101
+ "type": "string",
3102
+ "const": "emailLocalPartMatchingUserEntityName"
3103
+ },
3104
+ "allowedDomains": {
3105
+ "type": "array",
3106
+ "items": {
3107
+ "type": "string"
3108
+ }
3109
+ }
3110
+ },
3111
+ "required": [
3112
+ "resolver"
3113
+ ]
3114
+ },
3115
+ {
3116
+ "type": "object",
3117
+ "properties": {
3118
+ "resolver": {
3119
+ "type": "string",
3120
+ "const": "emailMatchingUserEntityProfileEmail"
3121
+ }
3122
+ },
3123
+ "required": [
3124
+ "resolver"
3125
+ ]
3126
+ }
3127
+ ]
3128
+ }
3129
+ }
3130
+ },
3131
+ "required": [
3132
+ "resolvers"
3133
+ ]
3134
+ }
3135
+ },
3136
+ "required": [
3137
+ "clientId",
3138
+ "clientSecret"
3139
+ ]
3140
+ }
2108
3141
  }
2109
3142
  }
2110
- },
2111
- "mainAccount": {
2112
- "description": "Main account to use for retrieving AWS account credentials",
3143
+ }
3144
+ }
3145
+ }
3146
+ },
3147
+ "$schema": "http://json-schema.org/draft-07/schema#"
3148
+ }
3149
+ },
3150
+ {
3151
+ "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
3152
+ "value": {
3153
+ "type": "object",
3154
+ "properties": {
3155
+ "auth": {
3156
+ "type": "object",
3157
+ "properties": {
3158
+ "providers": {
2113
3159
  "type": "object",
2114
3160
  "properties": {
2115
- "accessKeyId": {
2116
- "description": "The access key ID for a set of static AWS credentials",
2117
- "visibility": "secret",
2118
- "type": "string"
2119
- },
2120
- "secretAccessKey": {
2121
- "description": "The secret access key for a set of static AWS credentials",
2122
- "visibility": "secret",
2123
- "type": "string"
2124
- },
2125
- "profile": {
2126
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2127
- "type": "string"
2128
- },
2129
- "region": {
2130
- "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
2131
- "type": "string"
3161
+ "bitbucketServer": {
3162
+ "visibility": "frontend",
3163
+ "type": "object",
3164
+ "additionalProperties": {
3165
+ "type": "object",
3166
+ "properties": {
3167
+ "clientId": {
3168
+ "type": "string"
3169
+ },
3170
+ "clientSecret": {
3171
+ "visibility": "secret",
3172
+ "type": "string"
3173
+ },
3174
+ "host": {
3175
+ "type": "string"
3176
+ },
3177
+ "callbackUrl": {
3178
+ "type": "string"
3179
+ }
3180
+ },
3181
+ "required": [
3182
+ "clientId",
3183
+ "clientSecret",
3184
+ "host"
3185
+ ]
3186
+ }
2132
3187
  }
2133
3188
  }
2134
- },
2135
- "accounts": {
2136
- "description": "Configuration for retrieving AWS accounts credentials",
2137
- "type": "array",
2138
- "items": {
2139
- "type": "object",
2140
- "properties": {
2141
- "accountId": {
2142
- "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
2143
- "type": "string"
2144
- },
2145
- "accessKeyId": {
2146
- "description": "The access key ID for a set of static AWS credentials",
2147
- "visibility": "secret",
2148
- "type": "string"
2149
- },
2150
- "secretAccessKey": {
2151
- "description": "The secret access key for a set of static AWS credentials",
2152
- "visibility": "secret",
2153
- "type": "string"
2154
- },
2155
- "profile": {
2156
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
2157
- "type": "string"
2158
- },
2159
- "roleName": {
2160
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
2161
- "type": "string"
2162
- },
2163
- "partition": {
2164
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
2165
- "type": "string"
2166
- },
2167
- "region": {
2168
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
2169
- "type": "string"
2170
- },
2171
- "externalId": {
2172
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
2173
- "visibility": "secret",
2174
- "type": "string"
2175
- }
3189
+ }
3190
+ }
3191
+ }
3192
+ },
3193
+ "$schema": "http://json-schema.org/draft-07/schema#"
3194
+ }
3195
+ },
3196
+ {
3197
+ "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
3198
+ "value": {
3199
+ "type": "object",
3200
+ "properties": {
3201
+ "auth": {
3202
+ "type": "object",
3203
+ "properties": {
3204
+ "providers": {
3205
+ "type": "object",
3206
+ "properties": {
3207
+ "cfaccess": {
3208
+ "visibility": "frontend",
3209
+ "type": "object",
3210
+ "properties": {
3211
+ "teamName": {
3212
+ "type": "string"
3213
+ },
3214
+ "serviceTokens": {
3215
+ "deepVisibility": "secret",
3216
+ "type": "array",
3217
+ "items": {
3218
+ "type": "object",
3219
+ "properties": {
3220
+ "token": {
3221
+ "type": "string"
3222
+ },
3223
+ "subject": {
3224
+ "type": "string"
3225
+ }
3226
+ },
3227
+ "required": [
3228
+ "subject",
3229
+ "token"
3230
+ ]
3231
+ }
3232
+ },
3233
+ "jwtHeaderName": {
3234
+ "type": "string"
3235
+ },
3236
+ "authorizationCookieName": {
3237
+ "type": "string"
3238
+ },
3239
+ "signIn": {
3240
+ "type": "object",
3241
+ "properties": {
3242
+ "resolvers": {
3243
+ "type": "array",
3244
+ "items": {
3245
+ "anyOf": [
3246
+ {
3247
+ "type": "object",
3248
+ "properties": {
3249
+ "resolver": {
3250
+ "type": "string",
3251
+ "const": "emailLocalPartMatchingUserEntityName"
3252
+ },
3253
+ "allowedDomains": {
3254
+ "type": "array",
3255
+ "items": {
3256
+ "type": "string"
3257
+ }
3258
+ }
3259
+ },
3260
+ "required": [
3261
+ "resolver"
3262
+ ]
3263
+ },
3264
+ {
3265
+ "type": "object",
3266
+ "properties": {
3267
+ "resolver": {
3268
+ "type": "string",
3269
+ "const": "emailMatchingUserEntityProfileEmail"
3270
+ }
3271
+ },
3272
+ "required": [
3273
+ "resolver"
3274
+ ]
3275
+ }
3276
+ ]
3277
+ }
3278
+ }
3279
+ },
3280
+ "required": [
3281
+ "resolvers"
3282
+ ]
3283
+ }
3284
+ },
3285
+ "required": [
3286
+ "teamName"
3287
+ ]
2176
3288
  },
2177
- "required": [
2178
- "accountId"
2179
- ]
3289
+ "backstageTokenExpiration": {
3290
+ "description": "The backstage token expiration."
3291
+ }
2180
3292
  }
2181
3293
  }
2182
3294
  }
@@ -2186,38 +3298,103 @@
2186
3298
  }
2187
3299
  },
2188
3300
  {
2189
- "path": "../backend-app-api/config.d.ts",
3301
+ "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
2190
3302
  "value": {
2191
3303
  "type": "object",
2192
3304
  "properties": {
2193
- "backend": {
3305
+ "auth": {
2194
3306
  "type": "object",
2195
3307
  "properties": {
2196
- "packages": {
2197
- "description": "Used by the feature discovery service",
2198
- "anyOf": [
2199
- {
3308
+ "providers": {
3309
+ "type": "object",
3310
+ "properties": {
3311
+ "gcpIap": {
3312
+ "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
2200
3313
  "type": "object",
2201
3314
  "properties": {
2202
- "include": {
2203
- "type": "array",
2204
- "items": {
2205
- "type": "string"
2206
- }
3315
+ "audience": {
3316
+ "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
3317
+ "type": "string"
2207
3318
  },
2208
- "exclude": {
2209
- "type": "array",
2210
- "items": {
2211
- "type": "string"
2212
- }
3319
+ "jwtHeader": {
3320
+ "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
3321
+ "type": "string"
3322
+ },
3323
+ "signIn": {
3324
+ "type": "object",
3325
+ "properties": {
3326
+ "resolvers": {
3327
+ "type": "array",
3328
+ "items": {
3329
+ "anyOf": [
3330
+ {
3331
+ "type": "object",
3332
+ "properties": {
3333
+ "resolver": {
3334
+ "type": "string",
3335
+ "const": "emailMatchingUserEntityAnnotation"
3336
+ }
3337
+ },
3338
+ "required": [
3339
+ "resolver"
3340
+ ]
3341
+ },
3342
+ {
3343
+ "type": "object",
3344
+ "properties": {
3345
+ "resolver": {
3346
+ "type": "string",
3347
+ "const": "idMatchingUserEntityAnnotation"
3348
+ }
3349
+ },
3350
+ "required": [
3351
+ "resolver"
3352
+ ]
3353
+ },
3354
+ {
3355
+ "type": "object",
3356
+ "properties": {
3357
+ "resolver": {
3358
+ "type": "string",
3359
+ "const": "emailLocalPartMatchingUserEntityName"
3360
+ },
3361
+ "allowedDomains": {
3362
+ "type": "array",
3363
+ "items": {
3364
+ "type": "string"
3365
+ }
3366
+ }
3367
+ },
3368
+ "required": [
3369
+ "resolver"
3370
+ ]
3371
+ },
3372
+ {
3373
+ "type": "object",
3374
+ "properties": {
3375
+ "resolver": {
3376
+ "type": "string",
3377
+ "const": "emailMatchingUserEntityProfileEmail"
3378
+ }
3379
+ },
3380
+ "required": [
3381
+ "resolver"
3382
+ ]
3383
+ }
3384
+ ]
3385
+ }
3386
+ }
3387
+ },
3388
+ "required": [
3389
+ "resolvers"
3390
+ ]
2213
3391
  }
2214
- }
2215
- },
2216
- {
2217
- "const": "all",
2218
- "type": "string"
3392
+ },
3393
+ "required": [
3394
+ "audience"
3395
+ ]
2219
3396
  }
2220
- ]
3397
+ }
2221
3398
  }
2222
3399
  }
2223
3400
  }
@@ -2226,828 +3403,930 @@
2226
3403
  }
2227
3404
  },
2228
3405
  {
2229
- "path": "../backend-defaults/config.d.ts",
3406
+ "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
2230
3407
  "value": {
2231
3408
  "type": "object",
2232
3409
  "properties": {
2233
- "app": {
2234
- "type": "object",
2235
- "properties": {
2236
- "baseUrl": {
2237
- "type": "string"
2238
- }
2239
- },
2240
- "required": [
2241
- "baseUrl"
2242
- ]
2243
- },
2244
- "backend": {
3410
+ "auth": {
2245
3411
  "type": "object",
2246
3412
  "properties": {
2247
- "baseUrl": {
2248
- "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2249
- "type": "string"
2250
- },
2251
- "listen": {
2252
- "description": "Address that the backend should listen to.",
2253
- "anyOf": [
2254
- {
2255
- "type": "object",
2256
- "properties": {
2257
- "host": {
2258
- "description": "Address of the interface that the backend should bind to.",
2259
- "type": "string"
2260
- },
2261
- "port": {
2262
- "description": "Port that the backend should listen to.",
2263
- "type": [
2264
- "string",
2265
- "number"
2266
- ]
2267
- }
2268
- }
2269
- },
2270
- {
2271
- "type": "string"
2272
- }
2273
- ]
2274
- },
2275
- "https": {
2276
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2277
- "anyOf": [
2278
- {
2279
- "type": "object",
2280
- "properties": {
2281
- "certificate": {
2282
- "description": "Certificate configuration",
2283
- "type": "object",
2284
- "properties": {
2285
- "cert": {
2286
- "description": "PEM encoded certificate. Use $file to load in a file",
2287
- "type": "string"
2288
- },
2289
- "key": {
2290
- "description": "PEM encoded certificate key. Use $file to load in a file.",
2291
- "visibility": "secret",
2292
- "type": "string"
2293
- }
2294
- },
2295
- "required": [
2296
- "cert",
2297
- "key"
2298
- ]
2299
- }
2300
- }
2301
- },
2302
- {
2303
- "const": true,
2304
- "type": "boolean"
2305
- }
2306
- ]
2307
- },
2308
- "auth": {
2309
- "description": "Options used by the default auth, httpAuth and userInfo services.",
3413
+ "providers": {
2310
3414
  "type": "object",
2311
3415
  "properties": {
2312
- "dangerouslyDisableDefaultAuthPolicy": {
2313
- "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2314
- "type": "boolean"
2315
- },
2316
- "pluginKeyStore": {
2317
- "description": "Controls how to store keys for plugin-to-plugin auth",
2318
- "anyOf": [
2319
- {
2320
- "type": "object",
2321
- "properties": {
2322
- "type": {
2323
- "type": "string",
2324
- "const": "database"
2325
- }
3416
+ "github": {
3417
+ "visibility": "frontend",
3418
+ "type": "object",
3419
+ "additionalProperties": {
3420
+ "type": "object",
3421
+ "properties": {
3422
+ "clientId": {
3423
+ "type": "string"
2326
3424
  },
2327
- "required": [
2328
- "type"
2329
- ]
2330
- },
2331
- {
2332
- "type": "object",
2333
- "properties": {
2334
- "type": {
2335
- "type": "string",
2336
- "const": "static"
2337
- },
2338
- "static": {
2339
- "type": "object",
2340
- "properties": {
2341
- "keys": {
2342
- "description": "Must be declared at least once and the first one will be used for signing.",
2343
- "type": "array",
2344
- "items": {
2345
- "type": "object",
2346
- "properties": {
2347
- "publicKeyFile": {
2348
- "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2349
- "type": "string"
2350
- },
2351
- "privateKeyFile": {
2352
- "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2353
- "type": "string"
2354
- },
2355
- "keyId": {
2356
- "description": "ID to uniquely identify this key within the JWK set.",
2357
- "type": "string"
2358
- },
2359
- "algorithm": {
2360
- "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2361
- "type": "string"
2362
- }
2363
- },
2364
- "required": [
2365
- "keyId",
2366
- "publicKeyFile"
2367
- ]
2368
- }
3425
+ "clientSecret": {
3426
+ "visibility": "secret",
3427
+ "type": "string"
3428
+ },
3429
+ "callbackUrl": {
3430
+ "type": "string"
3431
+ },
3432
+ "enterpriseInstanceUrl": {
3433
+ "type": "string"
3434
+ },
3435
+ "additionalScopes": {
3436
+ "anyOf": [
3437
+ {
3438
+ "type": "array",
3439
+ "items": {
3440
+ "type": "string"
2369
3441
  }
2370
3442
  },
2371
- "required": [
2372
- "keys"
2373
- ]
2374
- }
3443
+ {
3444
+ "type": "string"
3445
+ }
3446
+ ]
2375
3447
  },
2376
- "required": [
2377
- "static",
2378
- "type"
2379
- ]
2380
- }
2381
- ]
2382
- },
2383
- "externalAccess": {
2384
- "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2385
- "type": "array",
2386
- "items": {
2387
- "anyOf": [
2388
- {
3448
+ "signIn": {
2389
3449
  "type": "object",
2390
3450
  "properties": {
2391
- "type": {
2392
- "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2393
- "type": "string",
2394
- "const": "legacy"
2395
- },
2396
- "options": {
2397
- "type": "object",
2398
- "properties": {
2399
- "secret": {
2400
- "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2401
- "visibility": "secret",
2402
- "type": "string"
2403
- },
2404
- "subject": {
2405
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2406
- "type": "string"
2407
- }
2408
- },
2409
- "required": [
2410
- "secret",
2411
- "subject"
2412
- ]
2413
- },
2414
- "accessRestrictions": {
2415
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3451
+ "resolvers": {
2416
3452
  "type": "array",
2417
3453
  "items": {
2418
- "type": "object",
2419
- "properties": {
2420
- "plugin": {
2421
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2422
- "type": "string"
3454
+ "anyOf": [
3455
+ {
3456
+ "type": "object",
3457
+ "properties": {
3458
+ "resolver": {
3459
+ "type": "string",
3460
+ "const": "usernameMatchingUserEntityName"
3461
+ }
3462
+ },
3463
+ "required": [
3464
+ "resolver"
3465
+ ]
2423
3466
  },
2424
- "permission": {
2425
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2426
- "anyOf": [
2427
- {
3467
+ {
3468
+ "type": "object",
3469
+ "properties": {
3470
+ "resolver": {
3471
+ "type": "string",
3472
+ "const": "emailLocalPartMatchingUserEntityName"
3473
+ },
3474
+ "allowedDomains": {
2428
3475
  "type": "array",
2429
3476
  "items": {
2430
3477
  "type": "string"
2431
3478
  }
2432
- },
2433
- {
2434
- "type": "string"
2435
3479
  }
3480
+ },
3481
+ "required": [
3482
+ "resolver"
2436
3483
  ]
2437
3484
  },
2438
- "permissionAttribute": {
2439
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3485
+ {
2440
3486
  "type": "object",
2441
3487
  "properties": {
2442
- "action": {
2443
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2444
- "anyOf": [
2445
- {
2446
- "type": "array",
2447
- "items": {
2448
- "type": "string"
2449
- }
2450
- },
2451
- {
2452
- "type": "string"
2453
- }
2454
- ]
3488
+ "resolver": {
3489
+ "type": "string",
3490
+ "const": "emailMatchingUserEntityProfileEmail"
2455
3491
  }
2456
- }
3492
+ },
3493
+ "required": [
3494
+ "resolver"
3495
+ ]
2457
3496
  }
2458
- },
2459
- "required": [
2460
- "plugin"
2461
3497
  ]
2462
3498
  }
2463
3499
  }
2464
3500
  },
2465
3501
  "required": [
2466
- "options",
2467
- "type"
3502
+ "resolvers"
3503
+ ]
3504
+ }
3505
+ },
3506
+ "required": [
3507
+ "clientId",
3508
+ "clientSecret"
3509
+ ]
3510
+ }
3511
+ }
3512
+ }
3513
+ }
3514
+ }
3515
+ }
3516
+ },
3517
+ "$schema": "http://json-schema.org/draft-07/schema#"
3518
+ }
3519
+ },
3520
+ {
3521
+ "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
3522
+ "value": {
3523
+ "type": "object",
3524
+ "properties": {
3525
+ "auth": {
3526
+ "type": "object",
3527
+ "properties": {
3528
+ "providers": {
3529
+ "type": "object",
3530
+ "properties": {
3531
+ "gitlab": {
3532
+ "visibility": "frontend",
3533
+ "type": "object",
3534
+ "additionalProperties": {
3535
+ "type": "object",
3536
+ "properties": {
3537
+ "clientId": {
3538
+ "type": "string"
3539
+ },
3540
+ "clientSecret": {
3541
+ "visibility": "secret",
3542
+ "type": "string"
3543
+ },
3544
+ "audience": {
3545
+ "type": "string"
3546
+ },
3547
+ "callbackUrl": {
3548
+ "type": "string"
3549
+ },
3550
+ "additionalScopes": {
3551
+ "anyOf": [
3552
+ {
3553
+ "type": "array",
3554
+ "items": {
3555
+ "type": "string"
3556
+ }
3557
+ },
3558
+ {
3559
+ "type": "string"
3560
+ }
2468
3561
  ]
2469
3562
  },
2470
- {
3563
+ "signIn": {
2471
3564
  "type": "object",
2472
3565
  "properties": {
2473
- "type": {
2474
- "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2475
- "type": "string",
2476
- "const": "static"
2477
- },
2478
- "options": {
2479
- "type": "object",
2480
- "properties": {
2481
- "token": {
2482
- "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2483
- "visibility": "secret",
2484
- "type": "string"
2485
- },
2486
- "subject": {
2487
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2488
- "type": "string"
2489
- }
2490
- },
2491
- "required": [
2492
- "subject",
2493
- "token"
2494
- ]
2495
- },
2496
- "accessRestrictions": {
2497
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3566
+ "resolvers": {
2498
3567
  "type": "array",
2499
3568
  "items": {
2500
- "type": "object",
2501
- "properties": {
2502
- "plugin": {
2503
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2504
- "type": "string"
3569
+ "anyOf": [
3570
+ {
3571
+ "type": "object",
3572
+ "properties": {
3573
+ "resolver": {
3574
+ "type": "string",
3575
+ "const": "usernameMatchingUserEntityName"
3576
+ }
3577
+ },
3578
+ "required": [
3579
+ "resolver"
3580
+ ]
2505
3581
  },
2506
- "permission": {
2507
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2508
- "anyOf": [
2509
- {
3582
+ {
3583
+ "type": "object",
3584
+ "properties": {
3585
+ "resolver": {
3586
+ "type": "string",
3587
+ "const": "emailLocalPartMatchingUserEntityName"
3588
+ },
3589
+ "allowedDomains": {
2510
3590
  "type": "array",
2511
3591
  "items": {
2512
3592
  "type": "string"
2513
3593
  }
2514
- },
2515
- {
2516
- "type": "string"
2517
3594
  }
3595
+ },
3596
+ "required": [
3597
+ "resolver"
2518
3598
  ]
2519
3599
  },
2520
- "permissionAttribute": {
2521
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3600
+ {
2522
3601
  "type": "object",
2523
3602
  "properties": {
2524
- "action": {
2525
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2526
- "anyOf": [
2527
- {
2528
- "type": "array",
2529
- "items": {
2530
- "type": "string"
2531
- }
2532
- },
2533
- {
2534
- "type": "string"
2535
- }
2536
- ]
3603
+ "resolver": {
3604
+ "type": "string",
3605
+ "const": "emailMatchingUserEntityProfileEmail"
3606
+ }
3607
+ },
3608
+ "required": [
3609
+ "resolver"
3610
+ ]
3611
+ }
3612
+ ]
3613
+ }
3614
+ }
3615
+ },
3616
+ "required": [
3617
+ "resolvers"
3618
+ ]
3619
+ }
3620
+ },
3621
+ "required": [
3622
+ "clientId",
3623
+ "clientSecret"
3624
+ ]
3625
+ }
3626
+ }
3627
+ }
3628
+ }
3629
+ }
3630
+ }
3631
+ },
3632
+ "$schema": "http://json-schema.org/draft-07/schema#"
3633
+ }
3634
+ },
3635
+ {
3636
+ "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
3637
+ "value": {
3638
+ "type": "object",
3639
+ "properties": {
3640
+ "auth": {
3641
+ "description": "Configuration options for the auth plugin",
3642
+ "type": "object",
3643
+ "properties": {
3644
+ "providers": {
3645
+ "type": "object",
3646
+ "properties": {
3647
+ "google": {
3648
+ "type": "object",
3649
+ "additionalProperties": {
3650
+ "type": "object",
3651
+ "properties": {
3652
+ "clientId": {
3653
+ "type": "string"
3654
+ },
3655
+ "clientSecret": {
3656
+ "visibility": "secret",
3657
+ "type": "string"
3658
+ },
3659
+ "callbackUrl": {
3660
+ "type": "string"
3661
+ },
3662
+ "additionalScopes": {
3663
+ "anyOf": [
3664
+ {
3665
+ "type": "array",
3666
+ "items": {
3667
+ "type": "string"
3668
+ }
3669
+ },
3670
+ {
3671
+ "type": "string"
3672
+ }
3673
+ ]
3674
+ },
3675
+ "signIn": {
3676
+ "type": "object",
3677
+ "properties": {
3678
+ "resolvers": {
3679
+ "type": "array",
3680
+ "items": {
3681
+ "anyOf": [
3682
+ {
3683
+ "type": "object",
3684
+ "properties": {
3685
+ "resolver": {
3686
+ "type": "string",
3687
+ "const": "emailMatchingUserEntityAnnotation"
3688
+ }
3689
+ },
3690
+ "required": [
3691
+ "resolver"
3692
+ ]
3693
+ },
3694
+ {
3695
+ "type": "object",
3696
+ "properties": {
3697
+ "resolver": {
3698
+ "type": "string",
3699
+ "const": "emailLocalPartMatchingUserEntityName"
3700
+ },
3701
+ "allowedDomains": {
3702
+ "type": "array",
3703
+ "items": {
3704
+ "type": "string"
3705
+ }
2537
3706
  }
2538
- }
3707
+ },
3708
+ "required": [
3709
+ "resolver"
3710
+ ]
3711
+ },
3712
+ {
3713
+ "type": "object",
3714
+ "properties": {
3715
+ "resolver": {
3716
+ "type": "string",
3717
+ "const": "emailMatchingUserEntityProfileEmail"
3718
+ }
3719
+ },
3720
+ "required": [
3721
+ "resolver"
3722
+ ]
2539
3723
  }
2540
- },
2541
- "required": [
2542
- "plugin"
2543
3724
  ]
2544
3725
  }
2545
3726
  }
2546
3727
  },
2547
3728
  "required": [
2548
- "options",
2549
- "type"
3729
+ "resolvers"
2550
3730
  ]
3731
+ }
3732
+ },
3733
+ "required": [
3734
+ "clientId",
3735
+ "clientSecret"
3736
+ ]
3737
+ }
3738
+ }
3739
+ }
3740
+ }
3741
+ }
3742
+ }
3743
+ },
3744
+ "$schema": "http://json-schema.org/draft-07/schema#"
3745
+ }
3746
+ },
3747
+ {
3748
+ "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
3749
+ "value": {
3750
+ "type": "object",
3751
+ "properties": {
3752
+ "auth": {
3753
+ "type": "object",
3754
+ "properties": {
3755
+ "providers": {
3756
+ "type": "object",
3757
+ "properties": {
3758
+ "microsoft": {
3759
+ "visibility": "frontend",
3760
+ "type": "object",
3761
+ "additionalProperties": {
3762
+ "type": "object",
3763
+ "properties": {
3764
+ "clientId": {
3765
+ "type": "string"
2551
3766
  },
2552
- {
3767
+ "tenantId": {
3768
+ "type": "string"
3769
+ },
3770
+ "clientSecret": {
3771
+ "visibility": "secret",
3772
+ "type": "string"
3773
+ },
3774
+ "domainHint": {
3775
+ "type": "string"
3776
+ },
3777
+ "callbackUrl": {
3778
+ "type": "string"
3779
+ },
3780
+ "additionalScopes": {
3781
+ "anyOf": [
3782
+ {
3783
+ "type": "array",
3784
+ "items": {
3785
+ "type": "string"
3786
+ }
3787
+ },
3788
+ {
3789
+ "type": "string"
3790
+ }
3791
+ ]
3792
+ },
3793
+ "skipUserProfile": {
3794
+ "type": "boolean"
3795
+ },
3796
+ "signIn": {
2553
3797
  "type": "object",
2554
3798
  "properties": {
2555
- "type": {
2556
- "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2557
- "type": "string",
2558
- "const": "jwks"
2559
- },
2560
- "options": {
2561
- "type": "object",
2562
- "properties": {
2563
- "url": {
2564
- "description": "The full URL of the JWKS endpoint.",
2565
- "type": "string"
2566
- },
2567
- "algorithm": {
2568
- "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2569
- "anyOf": [
2570
- {
2571
- "type": "array",
2572
- "items": {
2573
- "type": "string"
2574
- }
2575
- },
2576
- {
2577
- "type": "string"
2578
- }
2579
- ]
2580
- },
2581
- "issuer": {
2582
- "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2583
- "anyOf": [
2584
- {
2585
- "type": "array",
2586
- "items": {
2587
- "type": "string"
2588
- }
2589
- },
2590
- {
2591
- "type": "string"
2592
- }
2593
- ]
2594
- },
2595
- "audience": {
2596
- "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2597
- "anyOf": [
2598
- {
2599
- "type": "array",
2600
- "items": {
2601
- "type": "string"
2602
- }
2603
- },
2604
- {
2605
- "type": "string"
2606
- }
2607
- ]
2608
- },
2609
- "subjectPrefix": {
2610
- "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2611
- "type": "string"
2612
- }
2613
- },
2614
- "required": [
2615
- "url"
2616
- ]
2617
- },
2618
- "accessRestrictions": {
2619
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3799
+ "resolvers": {
2620
3800
  "type": "array",
2621
3801
  "items": {
2622
- "type": "object",
2623
- "properties": {
2624
- "plugin": {
2625
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2626
- "type": "string"
3802
+ "anyOf": [
3803
+ {
3804
+ "type": "object",
3805
+ "properties": {
3806
+ "resolver": {
3807
+ "type": "string",
3808
+ "const": "emailMatchingUserEntityAnnotation"
3809
+ }
3810
+ },
3811
+ "required": [
3812
+ "resolver"
3813
+ ]
2627
3814
  },
2628
- "permission": {
2629
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2630
- "anyOf": [
2631
- {
3815
+ {
3816
+ "type": "object",
3817
+ "properties": {
3818
+ "resolver": {
3819
+ "type": "string",
3820
+ "const": "emailLocalPartMatchingUserEntityName"
3821
+ },
3822
+ "allowedDomains": {
2632
3823
  "type": "array",
2633
3824
  "items": {
2634
3825
  "type": "string"
2635
3826
  }
2636
- },
2637
- {
2638
- "type": "string"
2639
3827
  }
3828
+ },
3829
+ "required": [
3830
+ "resolver"
2640
3831
  ]
2641
3832
  },
2642
- "permissionAttribute": {
2643
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3833
+ {
2644
3834
  "type": "object",
2645
3835
  "properties": {
2646
- "action": {
2647
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2648
- "anyOf": [
2649
- {
2650
- "type": "array",
2651
- "items": {
2652
- "type": "string"
2653
- }
2654
- },
2655
- {
2656
- "type": "string"
2657
- }
2658
- ]
3836
+ "resolver": {
3837
+ "type": "string",
3838
+ "const": "emailMatchingUserEntityProfileEmail"
2659
3839
  }
2660
- }
3840
+ },
3841
+ "required": [
3842
+ "resolver"
3843
+ ]
2661
3844
  }
2662
- },
2663
- "required": [
2664
- "plugin"
2665
3845
  ]
2666
3846
  }
2667
3847
  }
2668
3848
  },
2669
3849
  "required": [
2670
- "options",
2671
- "type"
3850
+ "resolvers"
2672
3851
  ]
2673
3852
  }
3853
+ },
3854
+ "required": [
3855
+ "clientId",
3856
+ "clientSecret",
3857
+ "tenantId"
2674
3858
  ]
2675
3859
  }
2676
3860
  }
2677
3861
  }
2678
- },
2679
- "database": {
2680
- "description": "Database connection configuration, select base database type using the `client` field",
2681
- "type": "object",
2682
- "properties": {
2683
- "client": {
2684
- "description": "Default database client to use",
2685
- "enum": [
2686
- "better-sqlite3",
2687
- "pg",
2688
- "sqlite3"
2689
- ],
2690
- "type": "string"
2691
- },
2692
- "connection": {
2693
- "description": "Base database connection string, or object with individual connection properties",
2694
- "visibility": "secret",
2695
- "anyOf": [
2696
- {
2697
- "type": "object",
2698
- "additionalProperties": {},
2699
- "properties": {
2700
- "password": {
2701
- "description": "Password that belongs to the client User",
2702
- "visibility": "secret",
2703
- "type": "string"
2704
- }
2705
- }
2706
- },
2707
- {
2708
- "type": "string"
2709
- }
2710
- ]
2711
- },
2712
- "prefix": {
2713
- "description": "Database name prefix override",
2714
- "type": "string"
2715
- },
2716
- "ensureExists": {
2717
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2718
- "type": "boolean"
2719
- },
2720
- "ensureSchemaExists": {
2721
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2722
- "type": "boolean"
2723
- },
2724
- "pluginDivisionMode": {
2725
- "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2726
- "default": "database",
2727
- "enum": [
2728
- "database",
2729
- "schema"
2730
- ],
2731
- "type": "string"
2732
- },
2733
- "role": {
2734
- "description": "Configures the ownership of newly created schemas in pg databases.",
2735
- "type": "string"
2736
- },
2737
- "knexConfig": {
2738
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2739
- "type": "object",
2740
- "properties": {},
2741
- "additionalProperties": true
2742
- },
2743
- "skipMigrations": {
2744
- "description": "Skip running database migrations.",
2745
- "type": "boolean"
2746
- },
2747
- "plugin": {
2748
- "description": "Plugin specific database configuration and client override",
3862
+ }
3863
+ }
3864
+ }
3865
+ },
3866
+ "$schema": "http://json-schema.org/draft-07/schema#"
3867
+ }
3868
+ },
3869
+ {
3870
+ "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
3871
+ "value": {
3872
+ "type": "object",
3873
+ "properties": {
3874
+ "auth": {
3875
+ "type": "object",
3876
+ "properties": {
3877
+ "providers": {
3878
+ "type": "object",
3879
+ "properties": {
3880
+ "oauth2": {
3881
+ "visibility": "frontend",
2749
3882
  "type": "object",
2750
3883
  "additionalProperties": {
2751
3884
  "type": "object",
2752
3885
  "properties": {
2753
- "client": {
2754
- "description": "Database client override",
2755
- "enum": [
2756
- "better-sqlite3",
2757
- "pg",
2758
- "sqlite3"
2759
- ],
3886
+ "clientId": {
2760
3887
  "type": "string"
2761
3888
  },
2762
- "connection": {
2763
- "description": "Database connection string or Knex object override",
3889
+ "clientSecret": {
2764
3890
  "visibility": "secret",
3891
+ "type": "string"
3892
+ },
3893
+ "authorizationUrl": {
3894
+ "type": "string"
3895
+ },
3896
+ "tokenUrl": {
3897
+ "type": "string"
3898
+ },
3899
+ "scope": {
3900
+ "deprecated": "use `additionalScopes` instead",
3901
+ "type": "string"
3902
+ },
3903
+ "additionalScopes": {
2765
3904
  "anyOf": [
2766
3905
  {
2767
- "type": "object",
2768
- "properties": {},
2769
- "additionalProperties": true
3906
+ "type": "array",
3907
+ "items": {
3908
+ "type": "string"
3909
+ }
2770
3910
  },
2771
3911
  {
2772
3912
  "type": "string"
2773
3913
  }
2774
3914
  ]
2775
3915
  },
2776
- "ensureExists": {
2777
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
3916
+ "disableRefresh": {
2778
3917
  "type": "boolean"
2779
3918
  },
2780
- "ensureSchemaExists": {
2781
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
3919
+ "includeBasicAuth": {
2782
3920
  "type": "boolean"
2783
3921
  },
2784
- "knexConfig": {
2785
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
3922
+ "signIn": {
2786
3923
  "type": "object",
2787
- "properties": {},
2788
- "additionalProperties": true
2789
- },
2790
- "role": {
2791
- "description": "Configures the ownership of newly created schemas in pg databases.",
2792
- "type": "string"
2793
- },
2794
- "skipMigrations": {
2795
- "description": "Skip running database migrations.",
2796
- "type": "boolean"
3924
+ "properties": {
3925
+ "resolvers": {
3926
+ "type": "array",
3927
+ "items": {
3928
+ "anyOf": [
3929
+ {
3930
+ "type": "object",
3931
+ "properties": {
3932
+ "resolver": {
3933
+ "type": "string",
3934
+ "const": "usernameMatchingUserEntityName"
3935
+ }
3936
+ },
3937
+ "required": [
3938
+ "resolver"
3939
+ ]
3940
+ },
3941
+ {
3942
+ "type": "object",
3943
+ "properties": {
3944
+ "resolver": {
3945
+ "type": "string",
3946
+ "const": "emailLocalPartMatchingUserEntityName"
3947
+ },
3948
+ "allowedDomains": {
3949
+ "type": "array",
3950
+ "items": {
3951
+ "type": "string"
3952
+ }
3953
+ }
3954
+ },
3955
+ "required": [
3956
+ "resolver"
3957
+ ]
3958
+ },
3959
+ {
3960
+ "type": "object",
3961
+ "properties": {
3962
+ "resolver": {
3963
+ "type": "string",
3964
+ "const": "emailMatchingUserEntityProfileEmail"
3965
+ }
3966
+ },
3967
+ "required": [
3968
+ "resolver"
3969
+ ]
3970
+ }
3971
+ ]
3972
+ }
3973
+ }
3974
+ },
3975
+ "required": [
3976
+ "resolvers"
3977
+ ]
2797
3978
  }
2798
- }
2799
- }
2800
- }
2801
- },
2802
- "required": [
2803
- "client",
2804
- "connection"
2805
- ]
2806
- },
2807
- "cache": {
2808
- "description": "Cache connection configuration, select cache type using the `store` field",
2809
- "anyOf": [
2810
- {
2811
- "type": "object",
2812
- "properties": {
2813
- "store": {
2814
- "type": "string",
2815
- "const": "memory"
2816
- },
2817
- "defaultTtl": {
2818
- "description": "An optional default TTL (in milliseconds)."
2819
- }
2820
- },
2821
- "required": [
2822
- "store"
2823
- ]
2824
- },
2825
- {
2826
- "type": "object",
2827
- "properties": {
2828
- "store": {
2829
- "type": "string",
2830
- "const": "redis"
2831
- },
2832
- "connection": {
2833
- "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2834
- "visibility": "secret",
2835
- "type": "string"
2836
- },
2837
- "defaultTtl": {
2838
- "description": "An optional default TTL (in milliseconds)."
2839
3979
  },
2840
- "useRedisSets": {
2841
- "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
2842
- "type": "boolean"
2843
- }
2844
- },
2845
- "required": [
2846
- "connection",
2847
- "store"
2848
- ]
2849
- },
2850
- {
2851
- "type": "object",
2852
- "properties": {
2853
- "store": {
2854
- "type": "string",
2855
- "const": "memcache"
2856
- },
2857
- "connection": {
2858
- "description": "A memcache connection string in the form `user:pass@host:port`.",
2859
- "visibility": "secret",
2860
- "type": "string"
2861
- },
2862
- "defaultTtl": {
2863
- "description": "An optional default TTL (in milliseconds)."
2864
- }
2865
- },
2866
- "required": [
2867
- "connection",
2868
- "store"
2869
- ]
3980
+ "required": [
3981
+ "authorizationUrl",
3982
+ "clientId",
3983
+ "clientSecret",
3984
+ "tokenUrl"
3985
+ ]
3986
+ }
2870
3987
  }
2871
- ]
2872
- },
2873
- "cors": {
3988
+ }
3989
+ }
3990
+ }
3991
+ }
3992
+ },
3993
+ "$schema": "http://json-schema.org/draft-07/schema#"
3994
+ }
3995
+ },
3996
+ {
3997
+ "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
3998
+ "value": {
3999
+ "type": "object",
4000
+ "properties": {
4001
+ "auth": {
4002
+ "type": "object",
4003
+ "properties": {
4004
+ "providers": {
2874
4005
  "type": "object",
2875
4006
  "properties": {
2876
- "origin": {
2877
- "anyOf": [
2878
- {
2879
- "type": "array",
2880
- "items": {
4007
+ "oidc": {
4008
+ "visibility": "frontend",
4009
+ "type": "object",
4010
+ "additionalProperties": {
4011
+ "type": "object",
4012
+ "properties": {
4013
+ "clientId": {
2881
4014
  "type": "string"
2882
- }
2883
- },
2884
- {
2885
- "type": "string"
2886
- }
2887
- ]
2888
- },
2889
- "methods": {
2890
- "anyOf": [
2891
- {
2892
- "type": "array",
2893
- "items": {
4015
+ },
4016
+ "clientSecret": {
4017
+ "visibility": "secret",
2894
4018
  "type": "string"
2895
- }
2896
- },
2897
- {
2898
- "type": "string"
2899
- }
2900
- ]
2901
- },
2902
- "allowedHeaders": {
2903
- "anyOf": [
2904
- {
2905
- "type": "array",
2906
- "items": {
4019
+ },
4020
+ "metadataUrl": {
2907
4021
  "type": "string"
2908
- }
2909
- },
2910
- {
2911
- "type": "string"
2912
- }
2913
- ]
2914
- },
2915
- "exposedHeaders": {
2916
- "anyOf": [
2917
- {
2918
- "type": "array",
2919
- "items": {
4022
+ },
4023
+ "callbackUrl": {
4024
+ "type": "string"
4025
+ },
4026
+ "tokenEndpointAuthMethod": {
4027
+ "type": "string"
4028
+ },
4029
+ "tokenSignedResponseAlg": {
4030
+ "type": "string"
4031
+ },
4032
+ "additionalScopes": {
4033
+ "anyOf": [
4034
+ {
4035
+ "type": "array",
4036
+ "items": {
4037
+ "type": "string"
4038
+ }
4039
+ },
4040
+ {
4041
+ "type": "string"
4042
+ }
4043
+ ]
4044
+ },
4045
+ "prompt": {
2920
4046
  "type": "string"
4047
+ },
4048
+ "signIn": {
4049
+ "type": "object",
4050
+ "properties": {
4051
+ "resolvers": {
4052
+ "type": "array",
4053
+ "items": {
4054
+ "anyOf": [
4055
+ {
4056
+ "type": "object",
4057
+ "properties": {
4058
+ "resolver": {
4059
+ "type": "string",
4060
+ "const": "emailLocalPartMatchingUserEntityName"
4061
+ },
4062
+ "allowedDomains": {
4063
+ "type": "array",
4064
+ "items": {
4065
+ "type": "string"
4066
+ }
4067
+ }
4068
+ },
4069
+ "required": [
4070
+ "resolver"
4071
+ ]
4072
+ },
4073
+ {
4074
+ "type": "object",
4075
+ "properties": {
4076
+ "resolver": {
4077
+ "type": "string",
4078
+ "const": "emailMatchingUserEntityProfileEmail"
4079
+ }
4080
+ },
4081
+ "required": [
4082
+ "resolver"
4083
+ ]
4084
+ }
4085
+ ]
4086
+ }
4087
+ }
4088
+ },
4089
+ "required": [
4090
+ "resolvers"
4091
+ ]
2921
4092
  }
2922
4093
  },
2923
- {
2924
- "type": "string"
2925
- }
2926
- ]
2927
- },
2928
- "credentials": {
2929
- "type": "boolean"
2930
- },
2931
- "maxAge": {
2932
- "type": "number"
2933
- },
2934
- "preflightContinue": {
2935
- "type": "boolean"
2936
- },
2937
- "optionsSuccessStatus": {
2938
- "type": "number"
2939
- }
2940
- }
2941
- },
2942
- "csp": {
2943
- "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2944
- "type": "object",
2945
- "additionalProperties": {
2946
- "anyOf": [
2947
- {
2948
- "type": "array",
2949
- "items": {
2950
- "type": "string"
2951
- }
2952
- },
2953
- {
2954
- "const": false,
2955
- "type": "boolean"
4094
+ "required": [
4095
+ "clientId",
4096
+ "clientSecret",
4097
+ "metadataUrl"
4098
+ ]
2956
4099
  }
2957
- ]
4100
+ }
2958
4101
  }
2959
- },
2960
- "reading": {
2961
- "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
4102
+ }
4103
+ }
4104
+ }
4105
+ },
4106
+ "$schema": "http://json-schema.org/draft-07/schema#"
4107
+ }
4108
+ },
4109
+ {
4110
+ "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
4111
+ "value": {
4112
+ "type": "object",
4113
+ "properties": {
4114
+ "auth": {
4115
+ "type": "object",
4116
+ "properties": {
4117
+ "providers": {
2962
4118
  "type": "object",
2963
4119
  "properties": {
2964
- "allow": {
2965
- "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2966
- "type": "array",
2967
- "items": {
4120
+ "okta": {
4121
+ "visibility": "frontend",
4122
+ "type": "object",
4123
+ "additionalProperties": {
2968
4124
  "type": "object",
2969
4125
  "properties": {
2970
- "host": {
2971
- "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
4126
+ "clientId": {
2972
4127
  "type": "string"
2973
4128
  },
2974
- "paths": {
2975
- "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2976
- "type": "array",
2977
- "items": {
2978
- "type": "string"
2979
- }
4129
+ "clientSecret": {
4130
+ "visibility": "secret",
4131
+ "type": "string"
4132
+ },
4133
+ "audience": {
4134
+ "type": "string"
4135
+ },
4136
+ "authServerId": {
4137
+ "type": "string"
4138
+ },
4139
+ "idp": {
4140
+ "type": "string"
4141
+ },
4142
+ "callbackUrl": {
4143
+ "type": "string"
4144
+ },
4145
+ "additionalScopes": {
4146
+ "anyOf": [
4147
+ {
4148
+ "type": "array",
4149
+ "items": {
4150
+ "type": "string"
4151
+ }
4152
+ },
4153
+ {
4154
+ "type": "string"
4155
+ }
4156
+ ]
4157
+ },
4158
+ "signIn": {
4159
+ "type": "object",
4160
+ "properties": {
4161
+ "resolvers": {
4162
+ "type": "array",
4163
+ "items": {
4164
+ "anyOf": [
4165
+ {
4166
+ "type": "object",
4167
+ "properties": {
4168
+ "resolver": {
4169
+ "type": "string",
4170
+ "const": "emailMatchingUserEntityAnnotation"
4171
+ }
4172
+ },
4173
+ "required": [
4174
+ "resolver"
4175
+ ]
4176
+ },
4177
+ {
4178
+ "type": "object",
4179
+ "properties": {
4180
+ "resolver": {
4181
+ "type": "string",
4182
+ "const": "emailLocalPartMatchingUserEntityName"
4183
+ },
4184
+ "allowedDomains": {
4185
+ "type": "array",
4186
+ "items": {
4187
+ "type": "string"
4188
+ }
4189
+ }
4190
+ },
4191
+ "required": [
4192
+ "resolver"
4193
+ ]
4194
+ },
4195
+ {
4196
+ "type": "object",
4197
+ "properties": {
4198
+ "resolver": {
4199
+ "type": "string",
4200
+ "const": "emailMatchingUserEntityProfileEmail"
4201
+ }
4202
+ },
4203
+ "required": [
4204
+ "resolver"
4205
+ ]
4206
+ }
4207
+ ]
4208
+ }
4209
+ }
4210
+ },
4211
+ "required": [
4212
+ "resolvers"
4213
+ ]
2980
4214
  }
2981
4215
  },
2982
4216
  "required": [
2983
- "host"
4217
+ "clientId",
4218
+ "clientSecret"
2984
4219
  ]
2985
4220
  }
2986
4221
  }
2987
4222
  }
2988
4223
  }
2989
- },
2990
- "required": [
2991
- "baseUrl",
2992
- "database"
2993
- ]
2994
- },
2995
- "discovery": {
2996
- "description": "Options used by the default discovery service.",
4224
+ }
4225
+ }
4226
+ },
4227
+ "$schema": "http://json-schema.org/draft-07/schema#"
4228
+ }
4229
+ },
4230
+ {
4231
+ "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
4232
+ "value": {
4233
+ "type": "object",
4234
+ "properties": {
4235
+ "auth": {
2997
4236
  "type": "object",
2998
4237
  "properties": {
2999
- "endpoints": {
3000
- "description": "A list of target baseUrls and the associated plugins.",
3001
- "type": "array",
3002
- "items": {
3003
- "type": "object",
3004
- "properties": {
3005
- "target": {
3006
- "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
3007
- "anyOf": [
3008
- {
4238
+ "providers": {
4239
+ "type": "object",
4240
+ "properties": {
4241
+ "onelogin": {
4242
+ "visibility": "frontend",
4243
+ "type": "object",
4244
+ "additionalProperties": {
4245
+ "type": "object",
4246
+ "properties": {
4247
+ "clientId": {
4248
+ "type": "string"
4249
+ },
4250
+ "clientSecret": {
4251
+ "visibility": "secret",
4252
+ "type": "string"
4253
+ },
4254
+ "issuer": {
4255
+ "type": "string"
4256
+ },
4257
+ "callbackUrl": {
4258
+ "type": "string"
4259
+ },
4260
+ "signIn": {
3009
4261
  "type": "object",
3010
4262
  "properties": {
3011
- "internal": {
3012
- "type": "string"
3013
- },
3014
- "external": {
3015
- "type": "string"
4263
+ "resolvers": {
4264
+ "type": "array",
4265
+ "items": {
4266
+ "anyOf": [
4267
+ {
4268
+ "type": "object",
4269
+ "properties": {
4270
+ "resolver": {
4271
+ "type": "string",
4272
+ "const": "usernameMatchingUserEntityName"
4273
+ }
4274
+ },
4275
+ "required": [
4276
+ "resolver"
4277
+ ]
4278
+ },
4279
+ {
4280
+ "type": "object",
4281
+ "properties": {
4282
+ "resolver": {
4283
+ "type": "string",
4284
+ "const": "emailLocalPartMatchingUserEntityName"
4285
+ },
4286
+ "allowedDomains": {
4287
+ "type": "array",
4288
+ "items": {
4289
+ "type": "string"
4290
+ }
4291
+ }
4292
+ },
4293
+ "required": [
4294
+ "resolver"
4295
+ ]
4296
+ },
4297
+ {
4298
+ "type": "object",
4299
+ "properties": {
4300
+ "resolver": {
4301
+ "type": "string",
4302
+ "const": "emailMatchingUserEntityProfileEmail"
4303
+ }
4304
+ },
4305
+ "required": [
4306
+ "resolver"
4307
+ ]
4308
+ }
4309
+ ]
4310
+ }
3016
4311
  }
3017
4312
  },
3018
4313
  "required": [
3019
- "external",
3020
- "internal"
4314
+ "resolvers"
3021
4315
  ]
3022
- },
3023
- {
3024
- "type": "string"
3025
4316
  }
4317
+ },
4318
+ "required": [
4319
+ "clientId",
4320
+ "clientSecret",
4321
+ "issuer"
3026
4322
  ]
3027
- },
3028
- "plugins": {
3029
- "description": "Array of plugins which use the target base URL.",
3030
- "type": "array",
3031
- "items": {
3032
- "type": "string"
3033
- }
3034
4323
  }
3035
- },
3036
- "required": [
3037
- "plugins",
3038
- "target"
3039
- ]
4324
+ }
3040
4325
  }
3041
4326
  }
3042
- },
3043
- "required": [
3044
- "endpoints"
3045
- ]
4327
+ }
3046
4328
  }
3047
4329
  },
3048
- "required": [
3049
- "app"
3050
- ],
3051
4330
  "$schema": "http://json-schema.org/draft-07/schema#"
3052
4331
  }
3053
4332
  }