@techdocs/cli 1.8.24-next.2 → 1.8.25-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/dist/embedded-app/.config-schema.json +983 -2315
  3. package/dist/embedded-app/index.html +1 -1
  4. package/dist/embedded-app/index.html.tmpl +1 -1
  5. package/dist/embedded-app/static/2177.8343b97e.chunk.js +4 -0
  6. package/dist/embedded-app/static/2177.8343b97e.chunk.js.map +1 -0
  7. package/dist/embedded-app/static/3720.646b3e89.chunk.js +11 -0
  8. package/dist/embedded-app/static/3720.646b3e89.chunk.js.map +1 -0
  9. package/dist/embedded-app/static/4487.f04b8beb.chunk.js +3 -0
  10. package/dist/embedded-app/static/4487.f04b8beb.chunk.js.map +1 -0
  11. package/dist/embedded-app/static/{5788.ae686304.chunk.js → 5788.b8d84f8c.chunk.js} +2 -2
  12. package/dist/embedded-app/static/5788.b8d84f8c.chunk.js.map +1 -0
  13. package/dist/embedded-app/static/8803.2d9f247d.chunk.js +11 -0
  14. package/dist/embedded-app/static/{8803.428ea2da.chunk.js.map → 8803.2d9f247d.chunk.js.map} +1 -1
  15. package/dist/embedded-app/static/main.a90fd85d.js +553 -0
  16. package/dist/embedded-app/static/main.a90fd85d.js.map +1 -0
  17. package/dist/embedded-app/static/{runtime.379a4fa3.js → runtime.a90fd85d.js} +2 -2
  18. package/dist/embedded-app/static/{runtime.379a4fa3.js.map → runtime.a90fd85d.js.map} +1 -1
  19. package/dist/embedded-app/static/{vendor.379a4fa3.js → vendor.a90fd85d.js} +4 -4
  20. package/dist/embedded-app/static/vendor.a90fd85d.js.map +1 -0
  21. package/dist/package.json.cjs.js +1 -1
  22. package/package.json +6 -6
  23. package/dist/embedded-app/static/2177.ccfa8e42.chunk.js +0 -4
  24. package/dist/embedded-app/static/2177.ccfa8e42.chunk.js.map +0 -1
  25. package/dist/embedded-app/static/3720.68bd02ba.chunk.js +0 -11
  26. package/dist/embedded-app/static/3720.68bd02ba.chunk.js.map +0 -1
  27. package/dist/embedded-app/static/4487.bd329be6.chunk.js +0 -3
  28. package/dist/embedded-app/static/4487.bd329be6.chunk.js.map +0 -1
  29. package/dist/embedded-app/static/5788.ae686304.chunk.js.map +0 -1
  30. package/dist/embedded-app/static/8803.428ea2da.chunk.js +0 -11
  31. package/dist/embedded-app/static/main.379a4fa3.js +0 -553
  32. package/dist/embedded-app/static/main.379a4fa3.js.map +0 -1
  33. package/dist/embedded-app/static/vendor.379a4fa3.js.map +0 -1
package/dist/embedded-app/.config-schema.json CHANGED
@@ -1,6 +1,7 @@
1
1
  {
2
2
  "schemas": [
3
3
  {
4
+ "packageName": "@backstage/cli",
4
5
  "value": {
5
6
  "$schema": "https://backstage.io/schema/config-v1",
6
7
  "title": "@backstage/cli",
@@ -123,7 +124,8 @@
123
124
  }
124
125
  },
125
126
  "$schema": "http://json-schema.org/draft-07/schema#"
126
- }
127
+ },
128
+ "packageName": "@backstage/plugin-permission-common"
127
129
  },
128
130
  {
129
131
  "path": "../core-app-api/config.d.ts",
@@ -352,7 +354,8 @@
352
354
  "backend"
353
355
  ],
354
356
  "$schema": "http://json-schema.org/draft-07/schema#"
355
- }
357
+ },
358
+ "packageName": "@backstage/core-app-api"
356
359
  },
357
360
  {
358
361
  "path": "../core-components/config.d.ts",
@@ -397,7 +400,8 @@
397
400
  }
398
401
  },
399
402
  "$schema": "http://json-schema.org/draft-07/schema#"
400
- }
403
+ },
404
+ "packageName": "@backstage/core-components"
401
405
  },
402
406
  {
403
407
  "path": "../../plugins/techdocs/config.d.ts",
@@ -452,7 +456,8 @@
452
456
  "techdocs"
453
457
  ],
454
458
  "$schema": "http://json-schema.org/draft-07/schema#"
455
- }
459
+ },
460
+ "packageName": "@backstage/plugin-techdocs"
456
461
  },
457
462
  {
458
463
  "path": "../integration/config.d.ts",
@@ -897,7 +902,8 @@
897
902
  }
898
903
  },
899
904
  "$schema": "http://json-schema.org/draft-07/schema#"
900
- }
905
+ },
906
+ "packageName": "@backstage/integration"
901
907
  },
902
908
  {
903
909
  "path": "../frontend-app-api/config.d.ts",
@@ -1009,7 +1015,8 @@
1009
1015
  }
1010
1016
  },
1011
1017
  "$schema": "http://json-schema.org/draft-07/schema#"
1012
- }
1018
+ },
1019
+ "packageName": "@backstage/frontend-app-api"
1013
1020
  },
1014
1021
  {
1015
1022
  "path": "../../plugins/catalog/config.d.ts",
@@ -1039,7 +1046,8 @@
1039
1046
  }
1040
1047
  },
1041
1048
  "$schema": "http://json-schema.org/draft-07/schema#"
1042
- }
1049
+ },
1050
+ "packageName": "@backstage/plugin-catalog"
1043
1051
  },
1044
1052
  {
1045
1053
  "path": "../../node_modules/@backstage-community/plugin-stackstorm/config.d.ts",
@@ -1061,7 +1069,8 @@
1061
1069
  }
1062
1070
  },
1063
1071
  "$schema": "http://json-schema.org/draft-07/schema#"
1064
- }
1072
+ },
1073
+ "packageName": "@backstage-community/plugin-stackstorm"
1065
1074
  },
1066
1075
  {
1067
1076
  "path": "../../node_modules/@oriflame/backstage-plugin-score-card/config.d.ts",
@@ -1104,7 +1113,8 @@
1104
1113
  "scorecards"
1105
1114
  ],
1106
1115
  "$schema": "http://json-schema.org/draft-07/schema#"
1107
- }
1116
+ },
1117
+ "packageName": "@oriflame/backstage-plugin-score-card"
1108
1118
  },
1109
1119
  {
1110
1120
  "path": "../backend-plugin-api/config.d.ts",
@@ -1122,7 +1132,8 @@
1122
1132
  }
1123
1133
  },
1124
1134
  "$schema": "http://json-schema.org/draft-07/schema#"
1125
- }
1135
+ },
1136
+ "packageName": "@backstage/backend-plugin-api"
1126
1137
  },
1127
1138
  {
1128
1139
  "path": "../../plugins/auth-backend/config.d.ts",
@@ -1379,7 +1390,8 @@
1379
1390
  }
1380
1391
  },
1381
1392
  "$schema": "http://json-schema.org/draft-07/schema#"
1382
- }
1393
+ },
1394
+ "packageName": "@backstage/plugin-auth-backend"
1383
1395
  },
1384
1396
  {
1385
1397
  "path": "../../plugins/auth-backend-module-guest-provider/config.d.ts",
@@ -1424,7 +1436,8 @@
1424
1436
  }
1425
1437
  },
1426
1438
  "$schema": "http://json-schema.org/draft-07/schema#"
1427
- }
1439
+ },
1440
+ "packageName": "@backstage/plugin-auth-backend-module-guest-provider"
1428
1441
  },
1429
1442
  {
1430
1443
  "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/core-components/config.d.ts",
@@ -1469,236 +1482,8 @@
1469
1482
  }
1470
1483
  },
1471
1484
  "$schema": "http://json-schema.org/draft-07/schema#"
1472
- }
1473
- },
1474
- {
1475
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/core-app-api/config.d.ts",
1476
- "value": {
1477
- "type": "object",
1478
- "properties": {
1479
- "app": {
1480
- "description": "Generic frontend configuration.",
1481
- "type": "object",
1482
- "properties": {
1483
- "baseUrl": {
1484
- "description": "The public absolute root URL that the frontend.",
1485
- "visibility": "frontend",
1486
- "type": "string"
1487
- },
1488
- "title": {
1489
- "description": "The title of the app, as shown in the Backstage web interface.",
1490
- "visibility": "frontend",
1491
- "type": "string"
1492
- },
1493
- "support": {
1494
- "description": "Information about support of this Backstage instance and how to contact the integrator team.",
1495
- "type": "object",
1496
- "properties": {
1497
- "url": {
1498
- "description": "The primary support url.",
1499
- "visibility": "frontend",
1500
- "type": "string"
1501
- },
1502
- "items": {
1503
- "description": "A list of categorized support item groupings.",
1504
- "type": "array",
1505
- "items": {
1506
- "type": "object",
1507
- "properties": {
1508
- "title": {
1509
- "description": "The title of the support item grouping.",
1510
- "visibility": "frontend",
1511
- "type": "string"
1512
- },
1513
- "icon": {
1514
- "description": "An optional icon for the support item grouping.",
1515
- "visibility": "frontend",
1516
- "type": "string"
1517
- },
1518
- "links": {
1519
- "description": "A list of support links for the Backstage instance inside this grouping.",
1520
- "type": "array",
1521
- "items": {
1522
- "type": "object",
1523
- "properties": {
1524
- "url": {
1525
- "visibility": "frontend",
1526
- "type": "string"
1527
- },
1528
- "title": {
1529
- "visibility": "frontend",
1530
- "type": "string"
1531
- }
1532
- },
1533
- "required": [
1534
- "url"
1535
- ]
1536
- }
1537
- }
1538
- },
1539
- "required": [
1540
- "links",
1541
- "title"
1542
- ]
1543
- }
1544
- }
1545
- },
1546
- "required": [
1547
- "items",
1548
- "url"
1549
- ]
1550
- },
1551
- "routes": {
1552
- "type": "object",
1553
- "properties": {
1554
- "bindings": {
1555
- "description": "Maps external route references to regular route references. Both the\nkey and the value is expected to be on the form `<pluginId>.<routeId>`.\nIf the value is `false`, the route will be disabled even if it has a\ndefault mapping.",
1556
- "deepVisibility": "frontend",
1557
- "type": "object",
1558
- "additionalProperties": {
1559
- "anyOf": [
1560
- {
1561
- "const": false,
1562
- "type": "boolean"
1563
- },
1564
- {
1565
- "type": "string"
1566
- }
1567
- ]
1568
- }
1569
- }
1570
- }
1571
- }
1572
- },
1573
- "required": [
1574
- "baseUrl"
1575
- ]
1576
- },
1577
- "backend": {
1578
- "description": "Generic backend configuration.",
1579
- "type": "object",
1580
- "properties": {
1581
- "baseUrl": {
1582
- "description": "The public absolute root URL that the backend is reachable at, from the browser's perspective.",
1583
- "visibility": "frontend",
1584
- "type": "string"
1585
- }
1586
- },
1587
- "required": [
1588
- "baseUrl"
1589
- ]
1590
- },
1591
- "organization": {
1592
- "description": "Configuration that provides information about the organization that the app is for.",
1593
- "type": "object",
1594
- "properties": {
1595
- "name": {
1596
- "description": "The name of the organization that the app belongs to.",
1597
- "visibility": "frontend",
1598
- "type": "string"
1599
- }
1600
- }
1601
- },
1602
- "homepage": {
1603
- "description": "This config was used by the HomepageTimer but has been replaced by the HeaderWorldClock in the home plugin",
1604
- "deprecated": "in favor of the HeaderWorldClock which is found in the home plugin",
1605
- "type": "object",
1606
- "properties": {
1607
- "clocks": {
1608
- "type": "array",
1609
- "items": {
1610
- "type": "object",
1611
- "properties": {
1612
- "label": {
1613
- "visibility": "frontend",
1614
- "type": "string"
1615
- },
1616
- "timezone": {
1617
- "visibility": "frontend",
1618
- "type": "string"
1619
- }
1620
- },
1621
- "required": [
1622
- "label",
1623
- "timezone"
1624
- ]
1625
- }
1626
- }
1627
- }
1628
- },
1629
- "auth": {
1630
- "description": "Configuration that provides information on available configured authentication providers.",
1631
- "type": "object",
1632
- "properties": {
1633
- "environment": {
1634
- "description": "The 'environment' attribute added as an optional parameter to have configurable environment value for `auth.providers`.\ndefault value: 'development'\noptional values: 'development' | 'production'",
1635
- "visibility": "frontend",
1636
- "type": "string"
1637
- }
1638
- }
1639
- },
1640
- "enableExperimentalRedirectFlow": {
1641
- "description": "Enable redirect authentication flow type, instead of a popup for authentication.",
1642
- "visibility": "frontend",
1643
- "type": "boolean"
1644
- },
1645
- "discovery": {
1646
- "description": "Discovery options.",
1647
- "visibility": "frontend",
1648
- "type": "object",
1649
- "properties": {
1650
- "endpoints": {
1651
- "description": "Endpoints\n\nA list of target baseUrls and the associated plugins.",
1652
- "visibility": "frontend",
1653
- "type": "array",
1654
- "items": {
1655
- "type": "object",
1656
- "properties": {
1657
- "target": {
1658
- "description": "The target baseUrl to use for the plugin\n\nCan be either a string or an object with internal and external keys. (Internal is used for the backend, external for the frontend)\nTargets with `{{pluginId}}` or `{{ pluginId }} in the url will be replaced with the pluginId.",
1659
- "visibility": "frontend",
1660
- "anyOf": [
1661
- {
1662
- "type": "object",
1663
- "properties": {
1664
- "external": {
1665
- "visibility": "frontend",
1666
- "type": "string"
1667
- }
1668
- },
1669
- "required": [
1670
- "external"
1671
- ]
1672
- },
1673
- {
1674
- "type": "string"
1675
- }
1676
- ]
1677
- },
1678
- "plugins": {
1679
- "description": "Array of plugins which use the target baseUrl.",
1680
- "visibility": "frontend",
1681
- "type": "array",
1682
- "items": {
1683
- "type": "string"
1684
- }
1685
- }
1686
- },
1687
- "required": [
1688
- "plugins",
1689
- "target"
1690
- ]
1691
- }
1692
- }
1693
- }
1694
- }
1695
- },
1696
- "required": [
1697
- "app",
1698
- "backend"
1699
- ],
1700
- "$schema": "http://json-schema.org/draft-07/schema#"
1701
- }
1485
+ },
1486
+ "packageName": "@backstage/core-components"
1702
1487
  },
1703
1488
  {
1704
1489
  "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/core-components/config.d.ts",
@@ -1743,1510 +1528,530 @@
1743
1528
  }
1744
1529
  },
1745
1530
  "$schema": "http://json-schema.org/draft-07/schema#"
1746
- }
1531
+ },
1532
+ "packageName": "@backstage/core-components"
1747
1533
  },
1748
1534
  {
1749
- "path": "../../node_modules/@oriflame/backstage-plugin-score-card/node_modules/@backstage/integration/config.d.ts",
1535
+ "path": "../backend-app-api/config.d.ts",
1750
1536
  "value": {
1751
1537
  "type": "object",
1752
1538
  "properties": {
1753
- "integrations": {
1754
- "description": "Configuration for integrations towards various external repository provider systems",
1755
- "visibility": "frontend",
1539
+ "backend": {
1756
1540
  "type": "object",
1757
1541
  "properties": {
1758
- "azure": {
1759
- "description": "Integration configuration for Azure",
1760
- "type": "array",
1761
- "items": {
1762
- "type": "object",
1763
- "properties": {
1764
- "host": {
1765
- "description": "The hostname of the given Azure instance",
1766
- "visibility": "frontend",
1767
- "type": "string"
1768
- },
1769
- "token": {
1770
- "description": "Token used to authenticate requests.",
1771
- "visibility": "secret",
1772
- "deprecated": "Use `credentials` instead.",
1773
- "type": "string"
1774
- },
1775
- "credential": {
1776
- "description": "The credential to use for requests.\n\nIf no credential is specified anonymous access is used.",
1777
- "deepVisibility": "secret",
1778
- "deprecated": "Use `credentials` instead.",
1779
- "type": "object",
1780
- "properties": {
1781
- "clientId": {
1782
- "type": "string"
1783
- },
1784
- "clientSecret": {
1785
- "type": "string"
1786
- },
1787
- "tenantId": {
1542
+ "packages": {
1543
+ "description": "Used by the feature discovery service",
1544
+ "anyOf": [
1545
+ {
1546
+ "type": "object",
1547
+ "properties": {
1548
+ "include": {
1549
+ "type": "array",
1550
+ "items": {
1788
1551
  "type": "string"
1789
- },
1790
- "personalAccessToken": {
1552
+ }
1553
+ },
1554
+ "exclude": {
1555
+ "type": "array",
1556
+ "items": {
1791
1557
  "type": "string"
1792
1558
  }
1793
1559
  }
1794
- },
1795
- "credentials": {
1796
- "description": "The credentials to use for requests. If multiple credentials are specified the first one that matches the organization is used.\nIf not organization matches the first credential without an organization is used.\n\nIf no credentials are specified at all, either a default credential (for Azure DevOps) or anonymous access (for Azure DevOps Server) is used.",
1797
- "deepVisibility": "secret",
1798
- "type": "array",
1799
- "items": {
1560
+ }
1561
+ },
1562
+ {
1563
+ "const": "all",
1564
+ "type": "string"
1565
+ }
1566
+ ]
1567
+ }
1568
+ }
1569
+ }
1570
+ },
1571
+ "$schema": "http://json-schema.org/draft-07/schema#"
1572
+ },
1573
+ "packageName": "@backstage/backend-app-api"
1574
+ },
1575
+ {
1576
+ "path": "../backend-defaults/config.d.ts",
1577
+ "value": {
1578
+ "type": "object",
1579
+ "properties": {
1580
+ "app": {
1581
+ "type": "object",
1582
+ "properties": {
1583
+ "baseUrl": {
1584
+ "type": "string"
1585
+ }
1586
+ },
1587
+ "required": [
1588
+ "baseUrl"
1589
+ ]
1590
+ },
1591
+ "backend": {
1592
+ "type": "object",
1593
+ "properties": {
1594
+ "baseUrl": {
1595
+ "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
1596
+ "type": "string"
1597
+ },
1598
+ "lifecycle": {
1599
+ "type": "object",
1600
+ "properties": {
1601
+ "startupRequestPauseTimeout": {
1602
+ "description": "The maximum time that paused requests will wait for the service to start, before returning an error.\nDefaults to 5 seconds\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
1603
+ },
1604
+ "serverShutdownDelay": {
1605
+ "description": "The minimum time that the HTTP server will delay the shutdown of the backend. During this delay health checks will be set to failing, allowing traffic to drain.\nDefaults to 0 seconds.\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
1606
+ }
1607
+ }
1608
+ },
1609
+ "listen": {
1610
+ "description": "Address that the backend should listen to.",
1611
+ "anyOf": [
1612
+ {
1613
+ "type": "object",
1614
+ "properties": {
1615
+ "host": {
1616
+ "description": "Address of the interface that the backend should bind to.",
1617
+ "type": "string"
1618
+ },
1619
+ "port": {
1620
+ "description": "Port that the backend should listen to.",
1621
+ "type": [
1622
+ "string",
1623
+ "number"
1624
+ ]
1625
+ }
1626
+ }
1627
+ },
1628
+ {
1629
+ "type": "string"
1630
+ }
1631
+ ]
1632
+ },
1633
+ "https": {
1634
+ "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
1635
+ "anyOf": [
1636
+ {
1637
+ "type": "object",
1638
+ "properties": {
1639
+ "certificate": {
1640
+ "description": "Certificate configuration",
1800
1641
  "type": "object",
1801
1642
  "properties": {
1802
- "clientId": {
1803
- "type": "string"
1804
- },
1805
- "clientSecret": {
1806
- "type": "string"
1807
- },
1808
- "tenantId": {
1643
+ "cert": {
1644
+ "description": "PEM encoded certificate. Use $file to load in a file",
1809
1645
  "type": "string"
1810
1646
  },
1811
- "personalAccessToken": {
1647
+ "key": {
1648
+ "description": "PEM encoded certificate key. Use $file to load in a file.",
1649
+ "visibility": "secret",
1812
1650
  "type": "string"
1813
1651
  }
1814
- }
1652
+ },
1653
+ "required": [
1654
+ "cert",
1655
+ "key"
1656
+ ]
1815
1657
  }
1816
1658
  }
1817
1659
  },
1818
- "required": [
1819
- "host"
1820
- ]
1821
- }
1660
+ {
1661
+ "const": true,
1662
+ "type": "boolean"
1663
+ }
1664
+ ]
1822
1665
  },
1823
- "bitbucket": {
1824
- "description": "Integration configuration for Bitbucket",
1825
- "deprecated": "replaced by bitbucketCloud and bitbucketServer",
1826
- "type": "array",
1827
- "items": {
1828
- "type": "object",
1829
- "properties": {
1830
- "host": {
1831
- "description": "The hostname of the given Bitbucket instance",
1832
- "visibility": "frontend",
1833
- "type": "string"
1834
- },
1835
- "token": {
1836
- "description": "Token used to authenticate requests.",
1837
- "visibility": "secret",
1838
- "type": "string"
1839
- },
1840
- "apiBaseUrl": {
1841
- "description": "The base url for the Bitbucket API, for example https://api.bitbucket.org/2.0",
1842
- "visibility": "frontend",
1843
- "type": "string"
1844
- },
1845
- "username": {
1846
- "description": "The username to use for authenticated requests.",
1847
- "visibility": "secret",
1848
- "type": "string"
1849
- },
1850
- "appPassword": {
1851
- "description": "Bitbucket app password used to authenticate requests.",
1852
- "visibility": "secret",
1853
- "type": "string"
1666
+ "auth": {
1667
+ "description": "Options used by the default auth, httpAuth and userInfo services.",
1668
+ "type": "object",
1669
+ "properties": {
1670
+ "keys": {
1671
+ "description": "Keys shared by all backends for signing and validating backend tokens.",
1672
+ "deprecated": "this will be removed when the backwards compatibility is no longer needed with backend-common",
1673
+ "type": "array",
1674
+ "items": {
1675
+ "type": "object",
1676
+ "properties": {
1677
+ "secret": {
1678
+ "description": "Secret for generating tokens. Should be a base64 string, recommended\nlength is 24 bytes.",
1679
+ "visibility": "secret",
1680
+ "type": "string"
1681
+ }
1682
+ },
1683
+ "required": [
1684
+ "secret"
1685
+ ]
1854
1686
  }
1855
1687
  },
1856
- "required": [
1857
- "host"
1858
- ]
1859
- }
1860
- },
1861
- "bitbucketCloud": {
1862
- "description": "Integration configuration for Bitbucket Cloud",
1863
- "type": "array",
1864
- "items": {
1865
- "type": "object",
1866
- "properties": {
1867
- "username": {
1868
- "description": "The username to use for authenticated requests.",
1869
- "visibility": "secret",
1870
- "type": "string"
1871
- },
1872
- "appPassword": {
1873
- "description": "Bitbucket Cloud app password used to authenticate requests.",
1874
- "visibility": "secret",
1875
- "type": "string"
1876
- }
1688
+ "dangerouslyDisableDefaultAuthPolicy": {
1689
+ "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
1690
+ "type": "boolean"
1877
1691
  },
1878
- "required": [
1879
- "appPassword",
1880
- "username"
1881
- ]
1882
- }
1883
- },
1884
- "bitbucketServer": {
1885
- "description": "Integration configuration for Bitbucket Server",
1886
- "type": "array",
1887
- "items": {
1888
- "type": "object",
1889
- "properties": {
1890
- "host": {
1891
- "description": "The hostname of the given Bitbucket Server instance",
1892
- "visibility": "frontend",
1893
- "type": "string"
1894
- },
1895
- "token": {
1896
- "description": "Token used to authenticate requests.",
1897
- "visibility": "secret",
1898
- "type": "string"
1899
- },
1900
- "username": {
1901
- "description": "Username used to authenticate requests with Basic Auth.",
1902
- "visibility": "secret",
1903
- "type": "string"
1904
- },
1905
- "password": {
1906
- "description": "Password (or token as password) used to authenticate requests with Basic Auth.",
1907
- "visibility": "secret",
1908
- "type": "string"
1909
- },
1910
- "apiBaseUrl": {
1911
- "description": "The base url for the Bitbucket Server API, for example https://<host>/rest/api/1.0",
1912
- "visibility": "frontend",
1913
- "type": "string"
1914
- }
1915
- },
1916
- "required": [
1917
- "host"
1918
- ]
1919
- }
1920
- },
1921
- "gerrit": {
1922
- "description": "Integration configuration for Gerrit",
1923
- "type": "array",
1924
- "items": {
1925
- "type": "object",
1926
- "properties": {
1927
- "host": {
1928
- "description": "The hostname of the given Gerrit instance",
1929
- "visibility": "frontend",
1930
- "type": "string"
1931
- },
1932
- "baseUrl": {
1933
- "description": "The base url for the Gerrit instance.",
1934
- "visibility": "frontend",
1935
- "type": "string"
1936
- },
1937
- "gitilesBaseUrl": {
1938
- "description": "The gitiles base url.",
1939
- "visibility": "frontend",
1940
- "type": "string"
1941
- },
1942
- "cloneUrl": {
1943
- "description": "The base url for cloning repos.",
1944
- "visibility": "frontend",
1945
- "type": "string"
1946
- },
1947
- "username": {
1948
- "description": "The username to use for authenticated requests.",
1949
- "visibility": "secret",
1950
- "type": "string"
1951
- },
1952
- "password": {
1953
- "description": "Gerrit password used to authenticate requests. This can be either a password\nor a generated access token.",
1954
- "visibility": "secret",
1955
- "type": "string"
1956
- }
1957
- },
1958
- "required": [
1959
- "gitilesBaseUrl",
1960
- "host"
1961
- ]
1962
- }
1963
- },
1964
- "github": {
1965
- "description": "Integration configuration for GitHub",
1966
- "type": "array",
1967
- "items": {
1968
- "type": "object",
1969
- "properties": {
1970
- "host": {
1971
- "description": "The hostname of the given GitHub instance",
1972
- "visibility": "frontend",
1973
- "type": "string"
1974
- },
1975
- "token": {
1976
- "description": "Token used to authenticate requests.",
1977
- "visibility": "secret",
1978
- "type": "string"
1979
- },
1980
- "apiBaseUrl": {
1981
- "description": "The base url for the GitHub API, for example https://api.github.com",
1982
- "visibility": "frontend",
1983
- "type": "string"
1984
- },
1985
- "rawBaseUrl": {
1986
- "description": "The base url for GitHub raw resources, for example https://raw.githubusercontent.com",
1987
- "visibility": "frontend",
1988
- "type": "string"
1989
- },
1990
- "apps": {
1991
- "description": "GitHub Apps configuration",
1992
- "type": "array",
1993
- "items": {
1692
+ "pluginKeyStore": {
1693
+ "description": "Controls how to store keys for plugin-to-plugin auth",
1694
+ "anyOf": [
1695
+ {
1994
1696
  "type": "object",
1995
1697
  "properties": {
1996
- "appId": {
1997
- "description": "The numeric GitHub App ID, string for environment variables",
1998
- "type": [
1999
- "string",
2000
- "number"
2001
- ]
2002
- },
2003
- "privateKey": {
2004
- "description": "The private key to use for auth against the app",
2005
- "visibility": "secret",
2006
- "type": "string"
2007
- },
2008
- "webhookSecret": {
2009
- "description": "The secret used for webhooks",
2010
- "visibility": "secret",
2011
- "type": "string"
2012
- },
2013
- "clientId": {
2014
- "description": "The client ID to use",
2015
- "type": "string"
2016
- },
2017
- "clientSecret": {
2018
- "description": "The client secret to use",
2019
- "visibility": "secret",
2020
- "type": "string"
1698
+ "type": {
1699
+ "type": "string",
1700
+ "const": "database"
1701
+ }
1702
+ },
1703
+ "required": [
1704
+ "type"
1705
+ ]
1706
+ },
1707
+ {
1708
+ "type": "object",
1709
+ "properties": {
1710
+ "type": {
1711
+ "type": "string",
1712
+ "const": "static"
2021
1713
  },
2022
- "allowedInstallationOwners": {
2023
- "description": "List of installation owners allowed to be used by this GitHub app. The GitHub UI does not provide a way to list the installations.\nHowever you can list the installations with the GitHub API. You can find the list of installations here:\nhttps://api.github.com/app/installations\nThe relevant documentation for this is here.\nhttps://docs.github.com/en/rest/reference/apps#list-installations-for-the-authenticated-app--code-samples",
2024
- "type": "array",
2025
- "items": {
2026
- "type": "string"
2027
- }
1714
+ "static": {
1715
+ "type": "object",
1716
+ "properties": {
1717
+ "keys": {
1718
+ "description": "Must be declared at least once and the first one will be used for signing.",
1719
+ "type": "array",
1720
+ "items": {
1721
+ "type": "object",
1722
+ "properties": {
1723
+ "publicKeyFile": {
1724
+ "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
1725
+ "type": "string"
1726
+ },
1727
+ "privateKeyFile": {
1728
+ "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
1729
+ "type": "string"
1730
+ },
1731
+ "keyId": {
1732
+ "description": "ID to uniquely identify this key within the JWK set.",
1733
+ "type": "string"
1734
+ },
1735
+ "algorithm": {
1736
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
1737
+ "type": "string"
1738
+ }
1739
+ },
1740
+ "required": [
1741
+ "keyId",
1742
+ "publicKeyFile"
1743
+ ]
1744
+ }
1745
+ }
1746
+ },
1747
+ "required": [
1748
+ "keys"
1749
+ ]
2028
1750
  }
2029
1751
  },
2030
1752
  "required": [
2031
- "appId",
2032
- "clientId",
2033
- "clientSecret",
2034
- "privateKey",
2035
- "webhookSecret"
1753
+ "static",
1754
+ "type"
2036
1755
  ]
2037
1756
  }
2038
- }
2039
- },
2040
- "required": [
2041
- "host"
2042
- ]
2043
- }
2044
- },
2045
- "gitlab": {
2046
- "description": "Integration configuration for GitLab",
2047
- "type": "array",
2048
- "items": {
2049
- "type": "object",
2050
- "properties": {
2051
- "host": {
2052
- "description": "The host of the target that this matches on, e.g. \"gitlab.com\".",
2053
- "visibility": "frontend",
2054
- "type": "string"
2055
- },
2056
- "apiBaseUrl": {
2057
- "description": "The base URL of the API of this provider, e.g.\n\"https://gitlab.com/api/v4\", with no trailing slash.\n\nMay be omitted specifically for public GitLab; then it will be deduced.",
2058
- "visibility": "frontend",
2059
- "type": "string"
2060
- },
2061
- "token": {
2062
- "description": "The authorization token to use for requests to this provider.\n\nIf no token is specified, anonymous access is used.",
2063
- "visibility": "secret",
2064
- "type": "string"
2065
- },
2066
- "baseUrl": {
2067
- "description": "The baseUrl of this provider, e.g. \"https://gitlab.com\", which is\npassed into the GitLab client.\n\nIf no baseUrl is provided, it will default to https://${host}.",
2068
- "visibility": "frontend",
2069
- "type": "string"
2070
- }
2071
- },
2072
- "required": [
2073
- "host"
2074
- ]
2075
- }
2076
- },
2077
- "googleGcs": {
2078
- "description": "Integration configuration for Google Cloud Storage",
2079
- "type": "object",
2080
- "properties": {
2081
- "clientEmail": {
2082
- "description": "Service account email used to authenticate requests.",
2083
- "type": "string"
1757
+ ]
2084
1758
  },
2085
- "privateKey": {
2086
- "description": "Service account private key used to authenticate requests.",
2087
- "visibility": "secret",
2088
- "type": "string"
2089
- }
2090
- }
2091
- },
2092
- "awsS3": {
2093
- "description": "Integration configuration for AWS S3 Service",
2094
- "type": "array",
2095
- "items": {
2096
- "type": "object",
2097
- "properties": {
2098
- "endpoint": {
2099
- "description": "AWS Endpoint.\nThe endpoint URI to send requests to. The default endpoint is built from the configured region.",
2100
- "visibility": "frontend",
2101
- "type": "string"
2102
- },
2103
- "s3ForcePathStyle": {
2104
- "description": "Whether to use path style URLs when communicating with S3.\nDefaults to false.\nThis allows providers like LocalStack, Minio and Wasabi (and possibly others) to be used.",
2105
- "visibility": "frontend",
2106
- "type": "boolean"
2107
- },
2108
- "accessKeyId": {
2109
- "description": "Account access key used to authenticate requests.",
2110
- "type": "string"
2111
- },
2112
- "secretAccessKey": {
2113
- "description": "Account secret key used to authenticate requests.",
2114
- "visibility": "secret",
2115
- "type": "string"
2116
- },
2117
- "roleArn": {
2118
- "description": "ARN of the role to be assumed",
2119
- "type": "string"
2120
- },
2121
- "externalId": {
2122
- "description": "External ID to use when assuming role",
2123
- "type": "string"
2124
- }
2125
- }
2126
- }
2127
- },
2128
- "gitea": {
2129
- "description": "Integration configuration for Gitea",
2130
- "type": "array",
2131
- "items": {
2132
- "type": "object",
2133
- "properties": {
2134
- "host": {
2135
- "description": "The hostname of the given Gitea instance",
2136
- "visibility": "frontend",
2137
- "type": "string"
2138
- },
2139
- "baseUrl": {
2140
- "description": "The base url for the Gitea instance.",
2141
- "visibility": "frontend",
2142
- "type": "string"
2143
- },
2144
- "username": {
2145
- "description": "The username to use for authenticated requests.",
2146
- "visibility": "secret",
2147
- "type": "string"
2148
- },
2149
- "password": {
2150
- "description": "Gitea password used to authenticate requests. This can be either a password\nor a generated access token.",
2151
- "visibility": "secret",
2152
- "type": "string"
2153
- }
2154
- },
2155
- "required": [
2156
- "host"
2157
- ]
2158
- }
2159
- },
2160
- "harness": {
2161
- "description": "Integration configuration for Harness Code",
2162
- "type": "array",
2163
- "items": {
2164
- "type": "object",
2165
- "properties": {
2166
- "host": {
2167
- "description": "The hostname of the given Harness Code instance",
2168
- "visibility": "frontend",
2169
- "type": "string"
2170
- },
2171
- "apiKey": {
2172
- "description": "The apikey to use for authenticated requests.",
2173
- "visibility": "secret",
2174
- "type": "string"
2175
- },
2176
- "token": {
2177
- "description": "Harness Code token used to authenticate requests. This can be either a generated access token.",
2178
- "visibility": "secret",
2179
- "type": "string"
2180
- }
2181
- },
2182
- "required": [
2183
- "host"
2184
- ]
2185
- }
2186
- }
2187
- }
2188
- }
2189
- },
2190
- "$schema": "http://json-schema.org/draft-07/schema#"
2191
- }
2192
- },
2193
- {
2194
- "path": "../backend-app-api/config.d.ts",
2195
- "value": {
2196
- "type": "object",
2197
- "properties": {
2198
- "backend": {
2199
- "type": "object",
2200
- "properties": {
2201
- "packages": {
2202
- "description": "Used by the feature discovery service",
2203
- "anyOf": [
2204
- {
2205
- "type": "object",
2206
- "properties": {
2207
- "include": {
2208
- "type": "array",
2209
- "items": {
2210
- "type": "string"
2211
- }
2212
- },
2213
- "exclude": {
2214
- "type": "array",
2215
- "items": {
2216
- "type": "string"
2217
- }
2218
- }
2219
- }
2220
- },
2221
- {
2222
- "const": "all",
2223
- "type": "string"
2224
- }
2225
- ]
2226
- }
2227
- }
2228
- }
2229
- },
2230
- "$schema": "http://json-schema.org/draft-07/schema#"
2231
- }
2232
- },
2233
- {
2234
- "path": "../backend-defaults/config.d.ts",
2235
- "value": {
2236
- "type": "object",
2237
- "properties": {
2238
- "app": {
2239
- "type": "object",
2240
- "properties": {
2241
- "baseUrl": {
2242
- "type": "string"
2243
- }
2244
- },
2245
- "required": [
2246
- "baseUrl"
2247
- ]
2248
- },
2249
- "backend": {
2250
- "type": "object",
2251
- "properties": {
2252
- "baseUrl": {
2253
- "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
2254
- "type": "string"
2255
- },
2256
- "lifecycle": {
2257
- "type": "object",
2258
- "properties": {
2259
- "startupRequestPauseTimeout": {
2260
- "description": "The maximum time that paused requests will wait for the service to start, before returning an error.\nDefaults to 5 seconds\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
2261
- },
2262
- "serverShutdownDelay": {
2263
- "description": "The minimum time that the HTTP server will delay the shutdown of the backend. During this delay health checks will be set to failing, allowing traffic to drain.\nDefaults to 0 seconds.\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
2264
- }
2265
- }
2266
- },
2267
- "listen": {
2268
- "description": "Address that the backend should listen to.",
2269
- "anyOf": [
2270
- {
2271
- "type": "object",
2272
- "properties": {
2273
- "host": {
2274
- "description": "Address of the interface that the backend should bind to.",
2275
- "type": "string"
2276
- },
2277
- "port": {
2278
- "description": "Port that the backend should listen to.",
2279
- "type": [
2280
- "string",
2281
- "number"
2282
- ]
2283
- }
2284
- }
2285
- },
2286
- {
2287
- "type": "string"
2288
- }
2289
- ]
2290
- },
2291
- "https": {
2292
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
2293
- "anyOf": [
2294
- {
2295
- "type": "object",
2296
- "properties": {
2297
- "certificate": {
2298
- "description": "Certificate configuration",
2299
- "type": "object",
2300
- "properties": {
2301
- "cert": {
2302
- "description": "PEM encoded certificate. Use $file to load in a file",
2303
- "type": "string"
2304
- },
2305
- "key": {
2306
- "description": "PEM encoded certificate key. Use $file to load in a file.",
2307
- "visibility": "secret",
2308
- "type": "string"
2309
- }
2310
- },
2311
- "required": [
2312
- "cert",
2313
- "key"
2314
- ]
2315
- }
2316
- }
2317
- },
2318
- {
2319
- "const": true,
2320
- "type": "boolean"
2321
- }
2322
- ]
2323
- },
2324
- "auth": {
2325
- "description": "Options used by the default auth, httpAuth and userInfo services.",
2326
- "type": "object",
2327
- "properties": {
2328
- "dangerouslyDisableDefaultAuthPolicy": {
2329
- "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
2330
- "type": "boolean"
2331
- },
2332
- "pluginKeyStore": {
2333
- "description": "Controls how to store keys for plugin-to-plugin auth",
2334
- "anyOf": [
2335
- {
2336
- "type": "object",
2337
- "properties": {
2338
- "type": {
2339
- "type": "string",
2340
- "const": "database"
2341
- }
2342
- },
2343
- "required": [
2344
- "type"
2345
- ]
2346
- },
2347
- {
2348
- "type": "object",
2349
- "properties": {
2350
- "type": {
2351
- "type": "string",
2352
- "const": "static"
2353
- },
2354
- "static": {
2355
- "type": "object",
2356
- "properties": {
2357
- "keys": {
2358
- "description": "Must be declared at least once and the first one will be used for signing.",
2359
- "type": "array",
2360
- "items": {
2361
- "type": "object",
2362
- "properties": {
2363
- "publicKeyFile": {
2364
- "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
2365
- "type": "string"
2366
- },
2367
- "privateKeyFile": {
2368
- "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
2369
- "type": "string"
2370
- },
2371
- "keyId": {
2372
- "description": "ID to uniquely identify this key within the JWK set.",
2373
- "type": "string"
2374
- },
2375
- "algorithm": {
2376
- "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
2377
- "type": "string"
2378
- }
2379
- },
2380
- "required": [
2381
- "keyId",
2382
- "publicKeyFile"
2383
- ]
2384
- }
2385
- }
2386
- },
2387
- "required": [
2388
- "keys"
2389
- ]
2390
- }
2391
- },
2392
- "required": [
2393
- "static",
2394
- "type"
2395
- ]
2396
- }
2397
- ]
2398
- },
2399
- "externalAccess": {
2400
- "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
2401
- "type": "array",
2402
- "items": {
2403
- "anyOf": [
2404
- {
2405
- "type": "object",
2406
- "properties": {
2407
- "type": {
2408
- "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
2409
- "type": "string",
2410
- "const": "legacy"
2411
- },
2412
- "options": {
2413
- "type": "object",
2414
- "properties": {
2415
- "secret": {
2416
- "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
2417
- "visibility": "secret",
2418
- "type": "string"
2419
- },
2420
- "subject": {
2421
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2422
- "type": "string"
2423
- }
2424
- },
2425
- "required": [
2426
- "secret",
2427
- "subject"
2428
- ]
2429
- },
2430
- "accessRestrictions": {
2431
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2432
- "type": "array",
2433
- "items": {
2434
- "type": "object",
2435
- "properties": {
2436
- "plugin": {
2437
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2438
- "type": "string"
2439
- },
2440
- "permission": {
2441
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2442
- "anyOf": [
2443
- {
2444
- "type": "array",
2445
- "items": {
2446
- "type": "string"
2447
- }
2448
- },
2449
- {
2450
- "type": "string"
2451
- }
2452
- ]
2453
- },
2454
- "permissionAttribute": {
2455
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2456
- "type": "object",
2457
- "properties": {
2458
- "action": {
2459
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2460
- "anyOf": [
2461
- {
2462
- "type": "array",
2463
- "items": {
2464
- "type": "string"
2465
- }
2466
- },
2467
- {
2468
- "type": "string"
2469
- }
2470
- ]
2471
- }
2472
- }
2473
- }
2474
- },
2475
- "required": [
2476
- "plugin"
2477
- ]
2478
- }
2479
- }
2480
- },
2481
- "required": [
2482
- "options",
2483
- "type"
2484
- ]
2485
- },
2486
- {
2487
- "type": "object",
2488
- "properties": {
2489
- "type": {
2490
- "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2491
- "type": "string",
2492
- "const": "static"
2493
- },
2494
- "options": {
2495
- "type": "object",
2496
- "properties": {
2497
- "token": {
2498
- "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
2499
- "visibility": "secret",
2500
- "type": "string"
2501
- },
2502
- "subject": {
2503
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
2504
- "type": "string"
2505
- }
2506
- },
2507
- "required": [
2508
- "subject",
2509
- "token"
2510
- ]
2511
- },
2512
- "accessRestrictions": {
2513
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2514
- "type": "array",
2515
- "items": {
2516
- "type": "object",
2517
- "properties": {
2518
- "plugin": {
2519
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2520
- "type": "string"
2521
- },
2522
- "permission": {
2523
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2524
- "anyOf": [
2525
- {
2526
- "type": "array",
2527
- "items": {
2528
- "type": "string"
2529
- }
2530
- },
2531
- {
2532
- "type": "string"
2533
- }
2534
- ]
2535
- },
2536
- "permissionAttribute": {
2537
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2538
- "type": "object",
2539
- "properties": {
2540
- "action": {
2541
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2542
- "anyOf": [
2543
- {
2544
- "type": "array",
2545
- "items": {
2546
- "type": "string"
2547
- }
2548
- },
2549
- {
2550
- "type": "string"
2551
- }
2552
- ]
2553
- }
2554
- }
2555
- }
2556
- },
2557
- "required": [
2558
- "plugin"
2559
- ]
2560
- }
2561
- }
2562
- },
2563
- "required": [
2564
- "options",
2565
- "type"
2566
- ]
2567
- },
2568
- {
2569
- "type": "object",
2570
- "properties": {
2571
- "type": {
2572
- "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
2573
- "type": "string",
2574
- "const": "jwks"
2575
- },
2576
- "options": {
2577
- "type": "object",
2578
- "properties": {
2579
- "url": {
2580
- "description": "The full URL of the JWKS endpoint.",
2581
- "type": "string"
2582
- },
2583
- "algorithm": {
2584
- "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2585
- "anyOf": [
2586
- {
2587
- "type": "array",
2588
- "items": {
2589
- "type": "string"
2590
- }
2591
- },
2592
- {
2593
- "type": "string"
2594
- }
2595
- ]
2596
- },
2597
- "issuer": {
2598
- "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2599
- "anyOf": [
2600
- {
2601
- "type": "array",
2602
- "items": {
2603
- "type": "string"
2604
- }
2605
- },
2606
- {
2607
- "type": "string"
2608
- }
2609
- ]
2610
- },
2611
- "audience": {
2612
- "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2613
- "anyOf": [
2614
- {
2615
- "type": "array",
2616
- "items": {
2617
- "type": "string"
2618
- }
2619
- },
2620
- {
2621
- "type": "string"
2622
- }
2623
- ]
2624
- },
2625
- "subjectPrefix": {
2626
- "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2627
- "type": "string"
2628
- }
2629
- },
2630
- "required": [
2631
- "url"
2632
- ]
2633
- },
2634
- "accessRestrictions": {
2635
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2636
- "type": "array",
2637
- "items": {
2638
- "type": "object",
2639
- "properties": {
2640
- "plugin": {
2641
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2642
- "type": "string"
2643
- },
2644
- "permission": {
2645
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2646
- "anyOf": [
2647
- {
2648
- "type": "array",
2649
- "items": {
2650
- "type": "string"
2651
- }
2652
- },
2653
- {
2654
- "type": "string"
2655
- }
2656
- ]
2657
- },
2658
- "permissionAttribute": {
2659
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2660
- "type": "object",
2661
- "properties": {
2662
- "action": {
2663
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2664
- "anyOf": [
2665
- {
2666
- "type": "array",
2667
- "items": {
2668
- "type": "string"
2669
- }
2670
- },
2671
- {
2672
- "type": "string"
2673
- }
2674
- ]
2675
- }
2676
- }
2677
- }
2678
- },
2679
- "required": [
2680
- "plugin"
2681
- ]
2682
- }
2683
- }
2684
- },
2685
- "required": [
2686
- "options",
2687
- "type"
2688
- ]
2689
- }
2690
- ]
2691
- }
2692
- }
2693
- }
2694
- },
2695
- "database": {
2696
- "description": "Database connection configuration, select base database type using the `client` field",
2697
- "type": "object",
2698
- "properties": {
2699
- "client": {
2700
- "description": "Default database client to use",
2701
- "enum": [
2702
- "better-sqlite3",
2703
- "pg",
2704
- "sqlite3"
2705
- ],
2706
- "type": "string"
2707
- },
2708
- "connection": {
2709
- "description": "Base database connection string, or object with individual connection properties",
2710
- "visibility": "secret",
2711
- "anyOf": [
2712
- {
2713
- "type": "object",
2714
- "properties": {
2715
- "type": {
2716
- "description": "The specific config for cloudsql connections",
2717
- "type": "string",
2718
- "const": "cloudsql"
2719
- },
2720
- "instance": {
2721
- "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2722
- "type": "string"
2723
- }
2724
- },
2725
- "required": [
2726
- "instance",
2727
- "type"
2728
- ]
2729
- },
2730
- {
2731
- "type": "object",
2732
- "additionalProperties": {},
2733
- "properties": {
2734
- "password": {
2735
- "description": "Password that belongs to the client User",
2736
- "visibility": "secret",
2737
- "type": "string"
2738
- }
2739
- }
2740
- },
2741
- {
2742
- "type": "string"
2743
- }
2744
- ]
2745
- },
2746
- "prefix": {
2747
- "description": "Database name prefix override",
2748
- "type": "string"
2749
- },
2750
- "ensureExists": {
2751
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2752
- "type": "boolean"
2753
- },
2754
- "ensureSchemaExists": {
2755
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2756
- "type": "boolean"
2757
- },
2758
- "pluginDivisionMode": {
2759
- "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2760
- "default": "database",
2761
- "enum": [
2762
- "database",
2763
- "schema"
2764
- ],
2765
- "type": "string"
2766
- },
2767
- "role": {
2768
- "description": "Configures the ownership of newly created schemas in pg databases.",
2769
- "type": "string"
2770
- },
2771
- "knexConfig": {
2772
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2773
- "type": "object",
2774
- "properties": {},
2775
- "additionalProperties": true
2776
- },
2777
- "skipMigrations": {
2778
- "description": "Skip running database migrations.",
2779
- "type": "boolean"
2780
- },
2781
- "plugin": {
2782
- "description": "Plugin specific database configuration and client override",
2783
- "type": "object",
2784
- "additionalProperties": {
2785
- "type": "object",
2786
- "properties": {
2787
- "client": {
2788
- "description": "Database client override",
2789
- "enum": [
2790
- "better-sqlite3",
2791
- "pg",
2792
- "sqlite3"
2793
- ],
2794
- "type": "string"
2795
- },
2796
- "connection": {
2797
- "description": "Database connection string or Knex object override",
2798
- "visibility": "secret",
2799
- "anyOf": [
2800
- {
2801
- "type": "object",
2802
- "properties": {
2803
- "type": {
2804
- "description": "The specific config for cloudsql connections",
2805
- "type": "string",
2806
- "const": "cloudsql"
2807
- },
2808
- "instance": {
2809
- "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2810
- "type": "string"
2811
- }
2812
- },
2813
- "required": [
2814
- "instance",
2815
- "type"
2816
- ]
2817
- },
2818
- {
2819
- "type": "object",
2820
- "additionalProperties": {},
2821
- "properties": {
2822
- "password": {
2823
- "description": "Password that belongs to the client User",
2824
- "visibility": "secret",
2825
- "type": "string"
2826
- }
2827
- }
2828
- },
2829
- {
2830
- "type": "string"
2831
- }
2832
- ]
2833
- },
2834
- "ensureExists": {
2835
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
2836
- "type": "boolean"
2837
- },
2838
- "ensureSchemaExists": {
2839
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2840
- "type": "boolean"
2841
- },
2842
- "knexConfig": {
2843
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
2844
- "type": "object",
2845
- "properties": {},
2846
- "additionalProperties": true
2847
- },
2848
- "role": {
2849
- "description": "Configures the ownership of newly created schemas in pg databases.",
2850
- "type": "string"
2851
- },
2852
- "skipMigrations": {
2853
- "description": "Skip running database migrations.",
2854
- "type": "boolean"
2855
- }
2856
- }
2857
- }
2858
- }
2859
- },
2860
- "required": [
2861
- "client",
2862
- "connection"
2863
- ]
2864
- },
2865
- "cache": {
2866
- "description": "Cache connection configuration, select cache type using the `store` field",
2867
- "anyOf": [
2868
- {
2869
- "type": "object",
2870
- "properties": {
2871
- "store": {
2872
- "type": "string",
2873
- "const": "memory"
2874
- },
2875
- "defaultTtl": {
2876
- "description": "An optional default TTL (in milliseconds, if given as a number)."
2877
- }
2878
- },
2879
- "required": [
2880
- "store"
2881
- ]
2882
- },
2883
- {
2884
- "type": "object",
2885
- "properties": {
2886
- "store": {
2887
- "type": "string",
2888
- "const": "redis"
2889
- },
2890
- "connection": {
2891
- "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2892
- "visibility": "secret",
2893
- "type": "string"
2894
- },
2895
- "defaultTtl": {
2896
- "description": "An optional default TTL (in milliseconds, if given as a number)."
2897
- }
2898
- },
2899
- "required": [
2900
- "connection",
2901
- "store"
2902
- ]
2903
- },
2904
- {
2905
- "type": "object",
2906
- "properties": {
2907
- "store": {
2908
- "type": "string",
2909
- "const": "memcache"
2910
- },
2911
- "connection": {
2912
- "description": "A memcache connection string in the form `user:pass@host:port`.",
2913
- "visibility": "secret",
2914
- "type": "string"
2915
- },
2916
- "defaultTtl": {
2917
- "description": "An optional default TTL (in milliseconds)."
2918
- }
2919
- },
2920
- "required": [
2921
- "connection",
2922
- "store"
2923
- ]
2924
- }
2925
- ]
2926
- },
2927
- "cors": {
2928
- "type": "object",
2929
- "properties": {
2930
- "origin": {
2931
- "anyOf": [
2932
- {
2933
- "type": "array",
2934
- "items": {
2935
- "type": "string"
2936
- }
2937
- },
2938
- {
2939
- "type": "string"
2940
- }
2941
- ]
2942
- },
2943
- "methods": {
2944
- "anyOf": [
2945
- {
2946
- "type": "array",
2947
- "items": {
2948
- "type": "string"
2949
- }
2950
- },
2951
- {
2952
- "type": "string"
2953
- }
2954
- ]
2955
- },
2956
- "allowedHeaders": {
2957
- "anyOf": [
2958
- {
2959
- "type": "array",
2960
- "items": {
2961
- "type": "string"
2962
- }
2963
- },
2964
- {
2965
- "type": "string"
2966
- }
2967
- ]
2968
- },
2969
- "exposedHeaders": {
2970
- "anyOf": [
2971
- {
2972
- "type": "array",
2973
- "items": {
2974
- "type": "string"
2975
- }
2976
- },
2977
- {
2978
- "type": "string"
2979
- }
2980
- ]
2981
- },
2982
- "credentials": {
2983
- "type": "boolean"
2984
- },
2985
- "maxAge": {
2986
- "type": "number"
2987
- },
2988
- "preflightContinue": {
2989
- "type": "boolean"
2990
- },
2991
- "optionsSuccessStatus": {
2992
- "type": "number"
2993
- }
2994
- }
2995
- },
2996
- "csp": {
2997
- "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2998
- "type": "object",
2999
- "additionalProperties": {
3000
- "anyOf": [
3001
- {
3002
- "type": "array",
3003
- "items": {
3004
- "type": "string"
3005
- }
3006
- },
3007
- {
3008
- "const": false,
3009
- "type": "boolean"
3010
- }
3011
- ]
3012
- }
3013
- },
3014
- "health": {
3015
- "description": "Options for the health check service and endpoint.",
3016
- "type": "object",
3017
- "properties": {
3018
- "headers": {
3019
- "description": "Additional headers to always include in the health check response.\n\nIt can be a good idea to set a header that uniquely identifies your service\nin a multi-service environment. This ensures that the health check that is\nconfigured for your service is actually hitting your service and not another.\n\nFor example, if using Envoy you can use the `service_name_matcher` configuration\nand set the `x-envoy-upstream-healthchecked-cluster` header to a matching value.",
3020
- "type": "object",
3021
- "additionalProperties": {
3022
- "type": "string"
3023
- }
3024
- }
3025
- }
3026
- },
3027
- "reading": {
3028
- "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
3029
- "type": "object",
3030
- "properties": {
3031
- "allow": {
3032
- "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
1759
+ "externalAccess": {
1760
+ "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
3033
1761
  "type": "array",
3034
1762
  "items": {
3035
- "type": "object",
3036
- "properties": {
3037
- "host": {
3038
- "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
3039
- "type": "string"
3040
- },
3041
- "paths": {
3042
- "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
3043
- "type": "array",
3044
- "items": {
3045
- "type": "string"
3046
- }
3047
- }
3048
- },
3049
- "required": [
3050
- "host"
3051
- ]
3052
- }
3053
- }
3054
- }
3055
- }
3056
- },
3057
- "required": [
3058
- "baseUrl",
3059
- "database"
3060
- ]
3061
- },
3062
- "discovery": {
3063
- "description": "Options used by the default discovery service.",
3064
- "type": "object",
3065
- "properties": {
3066
- "endpoints": {
3067
- "description": "A list of target baseUrls and the associated plugins.",
3068
- "type": "array",
3069
- "items": {
3070
- "type": "object",
3071
- "properties": {
3072
- "target": {
3073
- "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
3074
1763
  "anyOf": [
3075
1764
  {
3076
1765
  "type": "object",
3077
1766
  "properties": {
3078
- "internal": {
3079
- "type": "string"
1767
+ "type": {
1768
+ "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
1769
+ "type": "string",
1770
+ "const": "legacy"
1771
+ },
1772
+ "options": {
1773
+ "type": "object",
1774
+ "properties": {
1775
+ "secret": {
1776
+ "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
1777
+ "visibility": "secret",
1778
+ "type": "string"
1779
+ },
1780
+ "subject": {
1781
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
1782
+ "type": "string"
1783
+ }
1784
+ },
1785
+ "required": [
1786
+ "secret",
1787
+ "subject"
1788
+ ]
1789
+ },
1790
+ "accessRestrictions": {
1791
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
1792
+ "type": "array",
1793
+ "items": {
1794
+ "type": "object",
1795
+ "properties": {
1796
+ "plugin": {
1797
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
1798
+ "type": "string"
1799
+ },
1800
+ "permission": {
1801
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1802
+ "anyOf": [
1803
+ {
1804
+ "type": "array",
1805
+ "items": {
1806
+ "type": "string"
1807
+ }
1808
+ },
1809
+ {
1810
+ "type": "string"
1811
+ }
1812
+ ]
1813
+ },
1814
+ "permissionAttribute": {
1815
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1816
+ "type": "object",
1817
+ "properties": {
1818
+ "action": {
1819
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
1820
+ "anyOf": [
1821
+ {
1822
+ "type": "array",
1823
+ "items": {
1824
+ "type": "string"
1825
+ }
1826
+ },
1827
+ {
1828
+ "type": "string"
1829
+ }
1830
+ ]
1831
+ }
1832
+ }
1833
+ }
1834
+ },
1835
+ "required": [
1836
+ "plugin"
1837
+ ]
1838
+ }
1839
+ }
1840
+ },
1841
+ "required": [
1842
+ "options",
1843
+ "type"
1844
+ ]
1845
+ },
1846
+ {
1847
+ "type": "object",
1848
+ "properties": {
1849
+ "type": {
1850
+ "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
1851
+ "type": "string",
1852
+ "const": "static"
1853
+ },
1854
+ "options": {
1855
+ "type": "object",
1856
+ "properties": {
1857
+ "token": {
1858
+ "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
1859
+ "visibility": "secret",
1860
+ "type": "string"
1861
+ },
1862
+ "subject": {
1863
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
1864
+ "type": "string"
1865
+ }
1866
+ },
1867
+ "required": [
1868
+ "subject",
1869
+ "token"
1870
+ ]
1871
+ },
1872
+ "accessRestrictions": {
1873
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
1874
+ "type": "array",
1875
+ "items": {
1876
+ "type": "object",
1877
+ "properties": {
1878
+ "plugin": {
1879
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
1880
+ "type": "string"
1881
+ },
1882
+ "permission": {
1883
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1884
+ "anyOf": [
1885
+ {
1886
+ "type": "array",
1887
+ "items": {
1888
+ "type": "string"
1889
+ }
1890
+ },
1891
+ {
1892
+ "type": "string"
1893
+ }
1894
+ ]
1895
+ },
1896
+ "permissionAttribute": {
1897
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1898
+ "type": "object",
1899
+ "properties": {
1900
+ "action": {
1901
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
1902
+ "anyOf": [
1903
+ {
1904
+ "type": "array",
1905
+ "items": {
1906
+ "type": "string"
1907
+ }
1908
+ },
1909
+ {
1910
+ "type": "string"
1911
+ }
1912
+ ]
1913
+ }
1914
+ }
1915
+ }
1916
+ },
1917
+ "required": [
1918
+ "plugin"
1919
+ ]
1920
+ }
1921
+ }
1922
+ },
1923
+ "required": [
1924
+ "options",
1925
+ "type"
1926
+ ]
1927
+ },
1928
+ {
1929
+ "type": "object",
1930
+ "properties": {
1931
+ "type": {
1932
+ "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
1933
+ "type": "string",
1934
+ "const": "jwks"
1935
+ },
1936
+ "options": {
1937
+ "type": "object",
1938
+ "properties": {
1939
+ "url": {
1940
+ "description": "The full URL of the JWKS endpoint.",
1941
+ "type": "string"
1942
+ },
1943
+ "algorithm": {
1944
+ "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
1945
+ "anyOf": [
1946
+ {
1947
+ "type": "array",
1948
+ "items": {
1949
+ "type": "string"
1950
+ }
1951
+ },
1952
+ {
1953
+ "type": "string"
1954
+ }
1955
+ ]
1956
+ },
1957
+ "issuer": {
1958
+ "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
1959
+ "anyOf": [
1960
+ {
1961
+ "type": "array",
1962
+ "items": {
1963
+ "type": "string"
1964
+ }
1965
+ },
1966
+ {
1967
+ "type": "string"
1968
+ }
1969
+ ]
1970
+ },
1971
+ "audience": {
1972
+ "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
1973
+ "anyOf": [
1974
+ {
1975
+ "type": "array",
1976
+ "items": {
1977
+ "type": "string"
1978
+ }
1979
+ },
1980
+ {
1981
+ "type": "string"
1982
+ }
1983
+ ]
1984
+ },
1985
+ "subjectPrefix": {
1986
+ "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
1987
+ "type": "string"
1988
+ }
1989
+ },
1990
+ "required": [
1991
+ "url"
1992
+ ]
3080
1993
  },
3081
- "external": {
3082
- "type": "string"
1994
+ "accessRestrictions": {
1995
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
1996
+ "type": "array",
1997
+ "items": {
1998
+ "type": "object",
1999
+ "properties": {
2000
+ "plugin": {
2001
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2002
+ "type": "string"
2003
+ },
2004
+ "permission": {
2005
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2006
+ "anyOf": [
2007
+ {
2008
+ "type": "array",
2009
+ "items": {
2010
+ "type": "string"
2011
+ }
2012
+ },
2013
+ {
2014
+ "type": "string"
2015
+ }
2016
+ ]
2017
+ },
2018
+ "permissionAttribute": {
2019
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2020
+ "type": "object",
2021
+ "properties": {
2022
+ "action": {
2023
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2024
+ "anyOf": [
2025
+ {
2026
+ "type": "array",
2027
+ "items": {
2028
+ "type": "string"
2029
+ }
2030
+ },
2031
+ {
2032
+ "type": "string"
2033
+ }
2034
+ ]
2035
+ }
2036
+ }
2037
+ }
2038
+ },
2039
+ "required": [
2040
+ "plugin"
2041
+ ]
2042
+ }
3083
2043
  }
3084
2044
  },
3085
2045
  "required": [
3086
- "external",
3087
- "internal"
2046
+ "options",
2047
+ "type"
3088
2048
  ]
3089
- },
3090
- {
3091
- "type": "string"
3092
- }
3093
- ]
3094
- },
3095
- "plugins": {
3096
- "description": "Array of plugins which use the target base URL.",
3097
- "type": "array",
3098
- "items": {
3099
- "type": "string"
3100
- }
3101
- }
3102
- },
3103
- "required": [
3104
- "plugins",
3105
- "target"
3106
- ]
3107
- }
3108
- }
3109
- },
3110
- "required": [
3111
- "endpoints"
3112
- ]
3113
- }
3114
- },
3115
- "required": [
3116
- "app"
3117
- ],
3118
- "$schema": "http://json-schema.org/draft-07/schema#"
3119
- }
3120
- },
3121
- {
3122
- "path": "../../plugins/events-node/config.d.ts",
3123
- "value": {
3124
- "type": "object",
3125
- "properties": {
3126
- "events": {
3127
- "type": "object",
3128
- "properties": {
3129
- "useEventBus": {
3130
- "description": "Whether to use the event bus API in the events plugin backend to\ndistribute events across multiple instances when publishing and\nsubscribing to events.\n\nThe default is 'auto', which means means that the event bus API will be\nused if it's available, but will be disabled if the events backend\nreturns a 404.\n\nIf set to 'never', the events service will only ever publish events\nlocally to the same instance, while if set to 'always', the event bus API\nwill never be disabled, even if the events backend returns a 404.",
3131
- "enum": [
3132
- "always",
3133
- "auto",
3134
- "never"
3135
- ],
3136
- "type": "string"
3137
- }
3138
- }
3139
- }
3140
- },
3141
- "$schema": "http://json-schema.org/draft-07/schema#"
3142
- }
3143
- },
3144
- {
3145
- "path": "../../node_modules/@backstage/backend-common/config.d.ts",
3146
- "value": {
3147
- "type": "object",
3148
- "properties": {
3149
- "app": {
3150
- "type": "object",
3151
- "properties": {
3152
- "baseUrl": {
3153
- "type": "string"
3154
- }
3155
- },
3156
- "required": [
3157
- "baseUrl"
3158
- ]
3159
- },
3160
- "backend": {
3161
- "type": "object",
3162
- "properties": {
3163
- "auth": {
3164
- "description": "Backend configuration for when request authentication is enabled",
3165
- "type": "object",
3166
- "properties": {
3167
- "keys": {
3168
- "description": "Keys shared by all backends for signing and validating backend tokens.",
3169
- "type": "array",
3170
- "items": {
3171
- "type": "object",
3172
- "properties": {
3173
- "secret": {
3174
- "description": "Secret for generating tokens. Should be a base64 string, recommended\nlength is 24 bytes.",
3175
- "visibility": "secret",
3176
- "type": "string"
3177
2049
  }
3178
- },
3179
- "required": [
3180
- "secret"
3181
2050
  ]
3182
2051
  }
3183
2052
  }
3184
2053
  }
3185
2054
  },
3186
- "baseUrl": {
3187
- "type": "string"
3188
- },
3189
- "listen": {
3190
- "description": "Address that the backend should listen to.",
3191
- "anyOf": [
3192
- {
3193
- "type": "object",
3194
- "properties": {
3195
- "host": {
3196
- "description": "Address of the interface that the backend should bind to.",
3197
- "type": "string"
3198
- },
3199
- "port": {
3200
- "description": "Port that the backend should listen to.",
3201
- "type": [
3202
- "string",
3203
- "number"
3204
- ]
3205
- }
3206
- }
3207
- },
3208
- {
3209
- "type": "string"
3210
- }
3211
- ]
3212
- },
3213
- "https": {
3214
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
3215
- "anyOf": [
3216
- {
3217
- "type": "object",
3218
- "properties": {
3219
- "certificate": {
3220
- "description": "Certificate configuration",
3221
- "type": "object",
3222
- "properties": {
3223
- "cert": {
3224
- "description": "PEM encoded certificate. Use $file to load in a file",
3225
- "type": "string"
3226
- },
3227
- "key": {
3228
- "description": "PEM encoded certificate key. Use $file to load in a file.",
3229
- "visibility": "secret",
3230
- "type": "string"
3231
- }
3232
- },
3233
- "required": [
3234
- "cert",
3235
- "key"
3236
- ]
3237
- }
3238
- }
3239
- },
3240
- {
3241
- "const": true,
3242
- "type": "boolean"
3243
- }
3244
- ]
3245
- },
3246
- "workingDirectory": {
3247
- "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
3248
- "type": "string"
3249
- },
3250
2055
  "database": {
3251
2056
  "description": "Database connection configuration, select base database type using the `client` field",
3252
2057
  "type": "object",
@@ -3264,6 +2069,24 @@
3264
2069
  "description": "Base database connection string, or object with individual connection properties",
3265
2070
  "visibility": "secret",
3266
2071
  "anyOf": [
2072
+ {
2073
+ "type": "object",
2074
+ "properties": {
2075
+ "type": {
2076
+ "description": "The specific config for cloudsql connections",
2077
+ "type": "string",
2078
+ "const": "cloudsql"
2079
+ },
2080
+ "instance": {
2081
+ "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2082
+ "type": "string"
2083
+ }
2084
+ },
2085
+ "required": [
2086
+ "instance",
2087
+ "type"
2088
+ ]
2089
+ },
3267
2090
  {
3268
2091
  "type": "object",
3269
2092
  "additionalProperties": {},
@@ -3311,6 +2134,10 @@
3311
2134
  "properties": {},
3312
2135
  "additionalProperties": true
3313
2136
  },
2137
+ "skipMigrations": {
2138
+ "description": "Skip running database migrations.",
2139
+ "type": "boolean"
2140
+ },
3314
2141
  "plugin": {
3315
2142
  "description": "Plugin specific database configuration and client override",
3316
2143
  "type": "object",
@@ -3332,8 +2159,32 @@
3332
2159
  "anyOf": [
3333
2160
  {
3334
2161
  "type": "object",
3335
- "properties": {},
3336
- "additionalProperties": true
2162
+ "properties": {
2163
+ "type": {
2164
+ "description": "The specific config for cloudsql connections",
2165
+ "type": "string",
2166
+ "const": "cloudsql"
2167
+ },
2168
+ "instance": {
2169
+ "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2170
+ "type": "string"
2171
+ }
2172
+ },
2173
+ "required": [
2174
+ "instance",
2175
+ "type"
2176
+ ]
2177
+ },
2178
+ {
2179
+ "type": "object",
2180
+ "additionalProperties": {},
2181
+ "properties": {
2182
+ "password": {
2183
+ "description": "Password that belongs to the client User",
2184
+ "visibility": "secret",
2185
+ "type": "string"
2186
+ }
2187
+ }
3337
2188
  },
3338
2189
  {
3339
2190
  "type": "string"
@@ -3357,6 +2208,10 @@
3357
2208
  "role": {
3358
2209
  "description": "Configures the ownership of newly created schemas in pg databases.",
3359
2210
  "type": "string"
2211
+ },
2212
+ "skipMigrations": {
2213
+ "description": "Skip running database migrations.",
2214
+ "type": "boolean"
3360
2215
  }
3361
2216
  }
3362
2217
  }
@@ -3378,7 +2233,7 @@
3378
2233
  "const": "memory"
3379
2234
  },
3380
2235
  "defaultTtl": {
3381
- "description": "An optional default TTL (in milliseconds)."
2236
+ "description": "An optional default TTL (in milliseconds, if given as a number)."
3382
2237
  }
3383
2238
  },
3384
2239
  "required": [
@@ -3398,11 +2253,7 @@
3398
2253
  "type": "string"
3399
2254
  },
3400
2255
  "defaultTtl": {
3401
- "description": "An optional default TTL (in milliseconds)."
3402
- },
3403
- "useRedisSets": {
3404
- "description": "Whether or not [useRedisSets](https://github.com/jaredwray/keyv/tree/main/packages/redis#useredissets) should be configured to this redis cache.\nDefaults to true if unspecified.",
3405
- "type": "boolean"
2256
+ "description": "An optional default TTL (in milliseconds, if given as a number)."
3406
2257
  }
3407
2258
  },
3408
2259
  "required": [
@@ -3434,7 +2285,6 @@
3434
2285
  ]
3435
2286
  },
3436
2287
  "cors": {
3437
- "description": "Properties returned upon CORS requests to the backend, including the app-backend.",
3438
2288
  "type": "object",
3439
2289
  "properties": {
3440
2290
  "origin": {
@@ -3521,6 +2371,19 @@
3521
2371
  ]
3522
2372
  }
3523
2373
  },
2374
+ "health": {
2375
+ "description": "Options for the health check service and endpoint.",
2376
+ "type": "object",
2377
+ "properties": {
2378
+ "headers": {
2379
+ "description": "Additional headers to always include in the health check response.\n\nIt can be a good idea to set a header that uniquely identifies your service\nin a multi-service environment. This ensures that the health check that is\nconfigured for your service is actually hitting your service and not another.\n\nFor example, if using Envoy you can use the `service_name_matcher` configuration\nand set the `x-envoy-upstream-healthchecked-cluster` header to a matching value.",
2380
+ "type": "object",
2381
+ "additionalProperties": {
2382
+ "type": "string"
2383
+ }
2384
+ }
2385
+ }
2386
+ },
3524
2387
  "reading": {
3525
2388
  "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
3526
2389
  "type": "object",
@@ -3553,17 +2416,92 @@
3553
2416
  },
3554
2417
  "required": [
3555
2418
  "baseUrl",
3556
- "database",
3557
- "listen"
2419
+ "database"
2420
+ ]
2421
+ },
2422
+ "discovery": {
2423
+ "description": "Options used by the default discovery service.",
2424
+ "type": "object",
2425
+ "properties": {
2426
+ "endpoints": {
2427
+ "description": "A list of target baseUrls and the associated plugins.",
2428
+ "type": "array",
2429
+ "items": {
2430
+ "type": "object",
2431
+ "properties": {
2432
+ "target": {
2433
+ "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
2434
+ "anyOf": [
2435
+ {
2436
+ "type": "object",
2437
+ "properties": {
2438
+ "internal": {
2439
+ "type": "string"
2440
+ },
2441
+ "external": {
2442
+ "type": "string"
2443
+ }
2444
+ },
2445
+ "required": [
2446
+ "external",
2447
+ "internal"
2448
+ ]
2449
+ },
2450
+ {
2451
+ "type": "string"
2452
+ }
2453
+ ]
2454
+ },
2455
+ "plugins": {
2456
+ "description": "Array of plugins which use the target base URL.",
2457
+ "type": "array",
2458
+ "items": {
2459
+ "type": "string"
2460
+ }
2461
+ }
2462
+ },
2463
+ "required": [
2464
+ "plugins",
2465
+ "target"
2466
+ ]
2467
+ }
2468
+ }
2469
+ },
2470
+ "required": [
2471
+ "endpoints"
3558
2472
  ]
3559
2473
  }
3560
2474
  },
3561
2475
  "required": [
3562
- "app",
3563
- "backend"
2476
+ "app"
3564
2477
  ],
3565
2478
  "$schema": "http://json-schema.org/draft-07/schema#"
3566
- }
2479
+ },
2480
+ "packageName": "@backstage/backend-defaults"
2481
+ },
2482
+ {
2483
+ "path": "../../plugins/events-node/config.d.ts",
2484
+ "value": {
2485
+ "type": "object",
2486
+ "properties": {
2487
+ "events": {
2488
+ "type": "object",
2489
+ "properties": {
2490
+ "useEventBus": {
2491
+ "description": "Whether to use the event bus API in the events plugin backend to\ndistribute events across multiple instances when publishing and\nsubscribing to events.\n\nThe default is 'auto', which means means that the event bus API will be\nused if it's available, but will be disabled if the events backend\nreturns a 404.\n\nIf set to 'never', the events service will only ever publish events\nlocally to the same instance, while if set to 'always', the event bus API\nwill never be disabled, even if the events backend returns a 404.",
2492
+ "enum": [
2493
+ "always",
2494
+ "auto",
2495
+ "never"
2496
+ ],
2497
+ "type": "string"
2498
+ }
2499
+ }
2500
+ }
2501
+ },
2502
+ "$schema": "http://json-schema.org/draft-07/schema#"
2503
+ },
2504
+ "packageName": "@backstage/plugin-events-node"
3567
2505
  },
3568
2506
  {
3569
2507
  "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
@@ -3678,7 +2616,8 @@
3678
2616
  }
3679
2617
  },
3680
2618
  "$schema": "http://json-schema.org/draft-07/schema#"
3681
- }
2619
+ },
2620
+ "packageName": "@backstage/plugin-auth-backend-module-atlassian-provider"
3682
2621
  },
3683
2622
  {
3684
2623
  "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
@@ -3733,7 +2672,8 @@
3733
2672
  }
3734
2673
  },
3735
2674
  "$schema": "http://json-schema.org/draft-07/schema#"
3736
- }
2675
+ },
2676
+ "packageName": "@backstage/plugin-auth-backend-module-auth0-provider"
3737
2677
  },
3738
2678
  {
3739
2679
  "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
@@ -3842,7 +2782,8 @@
3842
2782
  }
3843
2783
  },
3844
2784
  "$schema": "http://json-schema.org/draft-07/schema#"
3845
- }
2785
+ },
2786
+ "packageName": "@backstage/plugin-auth-backend-module-bitbucket-provider"
3846
2787
  },
3847
2788
  {
3848
2789
  "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
@@ -3888,10 +2829,11 @@
3888
2829
  }
3889
2830
  },
3890
2831
  "$schema": "http://json-schema.org/draft-07/schema#"
3891
- }
2832
+ },
2833
+ "packageName": "@backstage/plugin-auth-backend-module-bitbucket-server-provider"
3892
2834
  },
3893
2835
  {
3894
- "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
2836
+ "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
3895
2837
  "value": {
3896
2838
  "type": "object",
3897
2839
  "properties": {
@@ -3901,36 +2843,16 @@
3901
2843
  "providers": {
3902
2844
  "type": "object",
3903
2845
  "properties": {
3904
- "cfaccess": {
3905
- "visibility": "frontend",
2846
+ "gcpIap": {
2847
+ "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
3906
2848
  "type": "object",
3907
2849
  "properties": {
3908
- "teamName": {
3909
- "type": "string"
3910
- },
3911
- "serviceTokens": {
3912
- "deepVisibility": "secret",
3913
- "type": "array",
3914
- "items": {
3915
- "type": "object",
3916
- "properties": {
3917
- "token": {
3918
- "type": "string"
3919
- },
3920
- "subject": {
3921
- "type": "string"
3922
- }
3923
- },
3924
- "required": [
3925
- "subject",
3926
- "token"
3927
- ]
3928
- }
3929
- },
3930
- "jwtHeaderName": {
2850
+ "audience": {
2851
+ "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
3931
2852
  "type": "string"
3932
2853
  },
3933
- "authorizationCookieName": {
2854
+ "jwtHeader": {
2855
+ "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
3934
2856
  "type": "string"
3935
2857
  },
3936
2858
  "signIn": {
@@ -3940,6 +2862,30 @@
3940
2862
  "type": "array",
3941
2863
  "items": {
3942
2864
  "anyOf": [
2865
+ {
2866
+ "type": "object",
2867
+ "properties": {
2868
+ "resolver": {
2869
+ "type": "string",
2870
+ "const": "emailMatchingUserEntityAnnotation"
2871
+ }
2872
+ },
2873
+ "required": [
2874
+ "resolver"
2875
+ ]
2876
+ },
2877
+ {
2878
+ "type": "object",
2879
+ "properties": {
2880
+ "resolver": {
2881
+ "type": "string",
2882
+ "const": "idMatchingUserEntityAnnotation"
2883
+ }
2884
+ },
2885
+ "required": [
2886
+ "resolver"
2887
+ ]
2888
+ },
3943
2889
  {
3944
2890
  "type": "object",
3945
2891
  "properties": {
@@ -3980,11 +2926,8 @@
3980
2926
  }
3981
2927
  },
3982
2928
  "required": [
3983
- "teamName"
2929
+ "audience"
3984
2930
  ]
3985
- },
3986
- "backstageTokenExpiration": {
3987
- "description": "The backstage token expiration."
3988
2931
  }
3989
2932
  }
3990
2933
  }
@@ -3992,10 +2935,11 @@
3992
2935
  }
3993
2936
  },
3994
2937
  "$schema": "http://json-schema.org/draft-07/schema#"
3995
- }
2938
+ },
2939
+ "packageName": "@backstage/plugin-auth-backend-module-gcp-iap-provider"
3996
2940
  },
3997
2941
  {
3998
- "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
2942
+ "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
3999
2943
  "value": {
4000
2944
  "type": "object",
4001
2945
  "properties": {
@@ -4005,49 +2949,45 @@
4005
2949
  "providers": {
4006
2950
  "type": "object",
4007
2951
  "properties": {
4008
- "gcpIap": {
4009
- "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
2952
+ "cfaccess": {
2953
+ "visibility": "frontend",
4010
2954
  "type": "object",
4011
2955
  "properties": {
4012
- "audience": {
4013
- "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
2956
+ "teamName": {
4014
2957
  "type": "string"
4015
2958
  },
4016
- "jwtHeader": {
4017
- "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
2959
+ "serviceTokens": {
2960
+ "deepVisibility": "secret",
2961
+ "type": "array",
2962
+ "items": {
2963
+ "type": "object",
2964
+ "properties": {
2965
+ "token": {
2966
+ "type": "string"
2967
+ },
2968
+ "subject": {
2969
+ "type": "string"
2970
+ }
2971
+ },
2972
+ "required": [
2973
+ "subject",
2974
+ "token"
2975
+ ]
2976
+ }
2977
+ },
2978
+ "jwtHeaderName": {
2979
+ "type": "string"
2980
+ },
2981
+ "authorizationCookieName": {
4018
2982
  "type": "string"
4019
2983
  },
4020
2984
  "signIn": {
4021
- "type": "object",
4022
- "properties": {
4023
- "resolvers": {
4024
- "type": "array",
4025
- "items": {
4026
- "anyOf": [
4027
- {
4028
- "type": "object",
4029
- "properties": {
4030
- "resolver": {
4031
- "type": "string",
4032
- "const": "emailMatchingUserEntityAnnotation"
4033
- }
4034
- },
4035
- "required": [
4036
- "resolver"
4037
- ]
4038
- },
4039
- {
4040
- "type": "object",
4041
- "properties": {
4042
- "resolver": {
4043
- "type": "string",
4044
- "const": "idMatchingUserEntityAnnotation"
4045
- }
4046
- },
4047
- "required": [
4048
- "resolver"
4049
- ]
4050
- },
2985
+ "type": "object",
2986
+ "properties": {
2987
+ "resolvers": {
2988
+ "type": "array",
2989
+ "items": {
2990
+ "anyOf": [
4051
2991
  {
4052
2992
  "type": "object",
4053
2993
  "properties": {
@@ -4088,8 +3028,11 @@
4088
3028
  }
4089
3029
  },
4090
3030
  "required": [
4091
- "audience"
3031
+ "teamName"
4092
3032
  ]
3033
+ },
3034
+ "backstageTokenExpiration": {
3035
+ "description": "The backstage token expiration."
4093
3036
  }
4094
3037
  }
4095
3038
  }
@@ -4097,7 +3040,8 @@
4097
3040
  }
4098
3041
  },
4099
3042
  "$schema": "http://json-schema.org/draft-07/schema#"
4100
- }
3043
+ },
3044
+ "packageName": "@backstage/plugin-auth-backend-module-cloudflare-access-provider"
4101
3045
  },
4102
3046
  {
4103
3047
  "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
@@ -4212,122 +3156,8 @@
4212
3156
  }
4213
3157
  },
4214
3158
  "$schema": "http://json-schema.org/draft-07/schema#"
4215
- }
4216
- },
4217
- {
4218
- "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
4219
- "value": {
4220
- "type": "object",
4221
- "properties": {
4222
- "auth": {
4223
- "type": "object",
4224
- "properties": {
4225
- "providers": {
4226
- "type": "object",
4227
- "properties": {
4228
- "gitlab": {
4229
- "visibility": "frontend",
4230
- "type": "object",
4231
- "additionalProperties": {
4232
- "type": "object",
4233
- "properties": {
4234
- "clientId": {
4235
- "type": "string"
4236
- },
4237
- "clientSecret": {
4238
- "visibility": "secret",
4239
- "type": "string"
4240
- },
4241
- "audience": {
4242
- "type": "string"
4243
- },
4244
- "callbackUrl": {
4245
- "type": "string"
4246
- },
4247
- "additionalScopes": {
4248
- "anyOf": [
4249
- {
4250
- "type": "array",
4251
- "items": {
4252
- "type": "string"
4253
- }
4254
- },
4255
- {
4256
- "type": "string"
4257
- }
4258
- ]
4259
- },
4260
- "signIn": {
4261
- "type": "object",
4262
- "properties": {
4263
- "resolvers": {
4264
- "type": "array",
4265
- "items": {
4266
- "anyOf": [
4267
- {
4268
- "type": "object",
4269
- "properties": {
4270
- "resolver": {
4271
- "type": "string",
4272
- "const": "usernameMatchingUserEntityName"
4273
- }
4274
- },
4275
- "required": [
4276
- "resolver"
4277
- ]
4278
- },
4279
- {
4280
- "type": "object",
4281
- "properties": {
4282
- "resolver": {
4283
- "type": "string",
4284
- "const": "emailLocalPartMatchingUserEntityName"
4285
- },
4286
- "allowedDomains": {
4287
- "type": "array",
4288
- "items": {
4289
- "type": "string"
4290
- }
4291
- }
4292
- },
4293
- "required": [
4294
- "resolver"
4295
- ]
4296
- },
4297
- {
4298
- "type": "object",
4299
- "properties": {
4300
- "resolver": {
4301
- "type": "string",
4302
- "const": "emailMatchingUserEntityProfileEmail"
4303
- }
4304
- },
4305
- "required": [
4306
- "resolver"
4307
- ]
4308
- }
4309
- ]
4310
- }
4311
- }
4312
- },
4313
- "required": [
4314
- "resolvers"
4315
- ]
4316
- }
4317
- },
4318
- "required": [
4319
- "clientId",
4320
- "clientSecret"
4321
- ]
4322
- }
4323
- }
4324
- }
4325
- }
4326
- }
4327
- }
4328
- },
4329
- "$schema": "http://json-schema.org/draft-07/schema#"
4330
- }
3159
+ },
3160
+ "packageName": "@backstage/plugin-auth-backend-module-github-provider"
4331
3161
  },
4332
3162
  {
4333
3163
  "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
@@ -4440,7 +3270,8 @@
4440
3270
  }
4441
3271
  },
4442
3272
  "$schema": "http://json-schema.org/draft-07/schema#"
4443
- }
3273
+ },
3274
+ "packageName": "@backstage/plugin-auth-backend-module-google-provider"
4444
3275
  },
4445
3276
  {
4446
3277
  "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
@@ -4562,7 +3393,8 @@
4562
3393
  }
4563
3394
  },
4564
3395
  "$schema": "http://json-schema.org/draft-07/schema#"
4565
- }
3396
+ },
3397
+ "packageName": "@backstage/plugin-auth-backend-module-microsoft-provider"
4566
3398
  },
4567
3399
  {
4568
3400
  "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
@@ -4614,134 +3446,8 @@
4614
3446
  "disableRefresh": {
4615
3447
  "type": "boolean"
4616
3448
  },
4617
- "includeBasicAuth": {
4618
- "type": "boolean"
4619
- },
4620
- "signIn": {
4621
- "type": "object",
4622
- "properties": {
4623
- "resolvers": {
4624
- "type": "array",
4625
- "items": {
4626
- "anyOf": [
4627
- {
4628
- "type": "object",
4629
- "properties": {
4630
- "resolver": {
4631
- "type": "string",
4632
- "const": "usernameMatchingUserEntityName"
4633
- }
4634
- },
4635
- "required": [
4636
- "resolver"
4637
- ]
4638
- },
4639
- {
4640
- "type": "object",
4641
- "properties": {
4642
- "resolver": {
4643
- "type": "string",
4644
- "const": "emailLocalPartMatchingUserEntityName"
4645
- },
4646
- "allowedDomains": {
4647
- "type": "array",
4648
- "items": {
4649
- "type": "string"
4650
- }
4651
- }
4652
- },
4653
- "required": [
4654
- "resolver"
4655
- ]
4656
- },
4657
- {
4658
- "type": "object",
4659
- "properties": {
4660
- "resolver": {
4661
- "type": "string",
4662
- "const": "emailMatchingUserEntityProfileEmail"
4663
- }
4664
- },
4665
- "required": [
4666
- "resolver"
4667
- ]
4668
- }
4669
- ]
4670
- }
4671
- }
4672
- },
4673
- "required": [
4674
- "resolvers"
4675
- ]
4676
- }
4677
- },
4678
- "required": [
4679
- "authorizationUrl",
4680
- "clientId",
4681
- "clientSecret",
4682
- "tokenUrl"
4683
- ]
4684
- }
4685
- }
4686
- }
4687
- }
4688
- }
4689
- }
4690
- },
4691
- "$schema": "http://json-schema.org/draft-07/schema#"
4692
- }
4693
- },
4694
- {
4695
- "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
4696
- "value": {
4697
- "type": "object",
4698
- "properties": {
4699
- "auth": {
4700
- "type": "object",
4701
- "properties": {
4702
- "providers": {
4703
- "type": "object",
4704
- "properties": {
4705
- "oidc": {
4706
- "visibility": "frontend",
4707
- "type": "object",
4708
- "additionalProperties": {
4709
- "type": "object",
4710
- "properties": {
4711
- "clientId": {
4712
- "type": "string"
4713
- },
4714
- "clientSecret": {
4715
- "visibility": "secret",
4716
- "type": "string"
4717
- },
4718
- "metadataUrl": {
4719
- "type": "string"
4720
- },
4721
- "callbackUrl": {
4722
- "type": "string"
4723
- },
4724
- "tokenEndpointAuthMethod": {
4725
- "type": "string"
4726
- },
4727
- "tokenSignedResponseAlg": {
4728
- "type": "string"
4729
- },
4730
- "additionalScopes": {
4731
- "anyOf": [
4732
- {
4733
- "type": "array",
4734
- "items": {
4735
- "type": "string"
4736
- }
4737
- },
4738
- {
4739
- "type": "string"
4740
- }
4741
- ]
4742
- },
4743
- "prompt": {
4744
- "type": "string"
3449
+ "includeBasicAuth": {
3450
+ "type": "boolean"
4745
3451
  },
4746
3452
  "signIn": {
4747
3453
  "type": "object",
@@ -4750,6 +3456,18 @@
4750
3456
  "type": "array",
4751
3457
  "items": {
4752
3458
  "anyOf": [
3459
+ {
3460
+ "type": "object",
3461
+ "properties": {
3462
+ "resolver": {
3463
+ "type": "string",
3464
+ "const": "usernameMatchingUserEntityName"
3465
+ }
3466
+ },
3467
+ "required": [
3468
+ "resolver"
3469
+ ]
3470
+ },
4753
3471
  {
4754
3472
  "type": "object",
4755
3473
  "properties": {
@@ -4790,9 +3508,10 @@
4790
3508
  }
4791
3509
  },
4792
3510
  "required": [
3511
+ "authorizationUrl",
4793
3512
  "clientId",
4794
3513
  "clientSecret",
4795
- "metadataUrl"
3514
+ "tokenUrl"
4796
3515
  ]
4797
3516
  }
4798
3517
  }
@@ -4802,7 +3521,8 @@
4802
3521
  }
4803
3522
  },
4804
3523
  "$schema": "http://json-schema.org/draft-07/schema#"
4805
- }
3524
+ },
3525
+ "packageName": "@backstage/plugin-auth-backend-module-oauth2-provider"
4806
3526
  },
4807
3527
  {
4808
3528
  "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
@@ -4923,10 +3643,11 @@
4923
3643
  }
4924
3644
  },
4925
3645
  "$schema": "http://json-schema.org/draft-07/schema#"
4926
- }
3646
+ },
3647
+ "packageName": "@backstage/plugin-auth-backend-module-okta-provider"
4927
3648
  },
4928
3649
  {
4929
- "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
3650
+ "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
4930
3651
  "value": {
4931
3652
  "type": "object",
4932
3653
  "properties": {
@@ -4936,7 +3657,7 @@
4936
3657
  "providers": {
4937
3658
  "type": "object",
4938
3659
  "properties": {
4939
- "onelogin": {
3660
+ "oidc": {
4940
3661
  "visibility": "frontend",
4941
3662
  "type": "object",
4942
3663
  "additionalProperties": {
@@ -4949,12 +3670,34 @@
4949
3670
  "visibility": "secret",
4950
3671
  "type": "string"
4951
3672
  },
4952
- "issuer": {
3673
+ "metadataUrl": {
4953
3674
  "type": "string"
4954
3675
  },
4955
3676
  "callbackUrl": {
4956
3677
  "type": "string"
4957
3678
  },
3679
+ "tokenEndpointAuthMethod": {
3680
+ "type": "string"
3681
+ },
3682
+ "tokenSignedResponseAlg": {
3683
+ "type": "string"
3684
+ },
3685
+ "additionalScopes": {
3686
+ "anyOf": [
3687
+ {
3688
+ "type": "array",
3689
+ "items": {
3690
+ "type": "string"
3691
+ }
3692
+ },
3693
+ {
3694
+ "type": "string"
3695
+ }
3696
+ ]
3697
+ },
3698
+ "prompt": {
3699
+ "type": "string"
3700
+ },
4958
3701
  "signIn": {
4959
3702
  "type": "object",
4960
3703
  "properties": {
@@ -4962,18 +3705,6 @@
4962
3705
  "type": "array",
4963
3706
  "items": {
4964
3707
  "anyOf": [
4965
- {
4966
- "type": "object",
4967
- "properties": {
4968
- "resolver": {
4969
- "type": "string",
4970
- "const": "usernameMatchingUserEntityName"
4971
- }
4972
- },
4973
- "required": [
4974
- "resolver"
4975
- ]
4976
- },
4977
3708
  {
4978
3709
  "type": "object",
4979
3710
  "properties": {
@@ -5016,7 +3747,7 @@
5016
3747
  "required": [
5017
3748
  "clientId",
5018
3749
  "clientSecret",
5019
- "issuer"
3750
+ "metadataUrl"
5020
3751
  ]
5021
3752
  }
5022
3753
  }
@@ -5026,202 +3757,231 @@
5026
3757
  }
5027
3758
  },
5028
3759
  "$schema": "http://json-schema.org/draft-07/schema#"
5029
- }
3760
+ },
3761
+ "packageName": "@backstage/plugin-auth-backend-module-oidc-provider"
5030
3762
  },
5031
3763
  {
5032
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/plugin-catalog-react/node_modules/@backstage/core-components/config.d.ts",
3764
+ "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
5033
3765
  "value": {
5034
3766
  "type": "object",
5035
3767
  "properties": {
5036
3768
  "auth": {
5037
3769
  "type": "object",
5038
3770
  "properties": {
5039
- "autologout": {
5040
- "description": "Autologout feature configuration",
3771
+ "providers": {
5041
3772
  "type": "object",
5042
3773
  "properties": {
5043
- "enabled": {
5044
- "description": "Enable or disable the autologout feature",
5045
- "visibility": "frontend",
5046
- "type": "boolean"
5047
- },
5048
- "idleTimeoutMinutes": {
5049
- "description": "Number of minutes after which the inactive user is logged out automatically.\nDefault is 60 minutes (1 hour)",
5050
- "visibility": "frontend",
5051
- "type": "number"
5052
- },
5053
- "promptBeforeIdleSeconds": {
5054
- "description": "Number of seconds before the idle timeout where the user will be asked if it's still active.\nA dialog will be shown.\nDefault is 10 seconds.\nSet to 0 seconds to disable the prompt.",
5055
- "visibility": "frontend",
5056
- "type": "number"
5057
- },
5058
- "useWorkerTimers": {
5059
- "description": "Enable/disable the usage of worker thread timers instead of main thread timers.\nDefault is true.\nIf you experience some browser incompatibility, you may try to set this to false.",
5060
- "visibility": "frontend",
5061
- "type": "boolean"
5062
- },
5063
- "logoutIfDisconnected": {
5064
- "description": "Enable/disable the automatic logout also on users that are logged in but with no Backstage tabs open.\nDefault is true.",
3774
+ "gitlab": {
5065
3775
  "visibility": "frontend",
5066
- "type": "boolean"
5067
- }
5068
- }
5069
- }
5070
- }
5071
- }
5072
- },
5073
- "$schema": "http://json-schema.org/draft-07/schema#"
5074
- }
5075
- },
5076
- {
5077
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/plugin-permission-common/config.d.ts",
5078
- "value": {
5079
- "type": "object",
5080
- "properties": {
5081
- "permission": {
5082
- "description": "Configuration options for Backstage permissions and authorization",
5083
- "type": "object",
5084
- "properties": {
5085
- "enabled": {
5086
- "description": "Whether authorization is enabled in Backstage. Defaults to false, which means authorization\nrequests will be automatically allowed without invoking the authorization policy.",
5087
- "visibility": "frontend",
5088
- "type": "boolean"
5089
- }
5090
- }
5091
- }
5092
- },
5093
- "$schema": "http://json-schema.org/draft-07/schema#"
5094
- }
5095
- },
5096
- {
5097
- "path": "../integration-aws-node/config.d.ts",
5098
- "value": {
5099
- "type": "object",
5100
- "properties": {
5101
- "aws": {
5102
- "description": "Configuration for access to AWS accounts",
5103
- "type": "object",
5104
- "properties": {
5105
- "accountDefaults": {
5106
- "description": "Defaults for retrieving AWS account credentials",
5107
- "type": "object",
5108
- "properties": {
5109
- "roleName": {
5110
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
5111
- "type": "string"
5112
- },
5113
- "partition": {
5114
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
5115
- "type": "string"
5116
- },
5117
- "region": {
5118
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
5119
- "type": "string"
5120
- },
5121
- "externalId": {
5122
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
5123
- "visibility": "secret",
5124
- "type": "string"
5125
- }
5126
- }
5127
- },
5128
- "mainAccount": {
5129
- "description": "Main account to use for retrieving AWS account credentials",
5130
- "type": "object",
5131
- "properties": {
5132
- "accessKeyId": {
5133
- "description": "The access key ID for a set of static AWS credentials",
5134
- "visibility": "secret",
5135
- "type": "string"
5136
- },
5137
- "secretAccessKey": {
5138
- "description": "The secret access key for a set of static AWS credentials",
5139
- "visibility": "secret",
5140
- "type": "string"
5141
- },
5142
- "profile": {
5143
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
5144
- "type": "string"
5145
- },
5146
- "region": {
5147
- "description": "The STS regional endpoint to use for the main account, e.g. \"ap-northeast-1\"",
5148
- "type": "string"
5149
- }
5150
- }
5151
- },
5152
- "accounts": {
5153
- "description": "Configuration for retrieving AWS accounts credentials",
5154
- "type": "array",
5155
- "items": {
5156
- "type": "object",
5157
- "properties": {
5158
- "accountId": {
5159
- "description": "The account ID of the target account that this matches on, e.g. \"123456789012\"",
5160
- "type": "string"
5161
- },
5162
- "accessKeyId": {
5163
- "description": "The access key ID for a set of static AWS credentials",
5164
- "visibility": "secret",
5165
- "type": "string"
5166
- },
5167
- "secretAccessKey": {
5168
- "description": "The secret access key for a set of static AWS credentials",
5169
- "visibility": "secret",
5170
- "type": "string"
5171
- },
5172
- "profile": {
5173
- "description": "The configuration profile from a credentials file at ~/.aws/credentials and\na configuration file at ~/.aws/config.",
5174
- "type": "string"
5175
- },
5176
- "roleName": {
5177
- "description": "The IAM role to assume to retrieve temporary AWS credentials",
5178
- "type": "string"
5179
- },
5180
- "partition": {
5181
- "description": "The AWS partition of the IAM role, e.g. \"aws\", \"aws-cn\"",
5182
- "type": "string"
5183
- },
5184
- "region": {
5185
- "description": "The STS regional endpoint to use when retrieving temporary AWS credentials, e.g. \"ap-northeast-1\"",
5186
- "type": "string"
5187
- },
5188
- "externalId": {
5189
- "description": "The unique identifier needed to assume the role to retrieve temporary AWS credentials",
5190
- "visibility": "secret",
5191
- "type": "string"
3776
+ "type": "object",
3777
+ "additionalProperties": {
3778
+ "type": "object",
3779
+ "properties": {
3780
+ "clientId": {
3781
+ "type": "string"
3782
+ },
3783
+ "clientSecret": {
3784
+ "visibility": "secret",
3785
+ "type": "string"
3786
+ },
3787
+ "audience": {
3788
+ "type": "string"
3789
+ },
3790
+ "callbackUrl": {
3791
+ "type": "string"
3792
+ },
3793
+ "additionalScopes": {
3794
+ "anyOf": [
3795
+ {
3796
+ "type": "array",
3797
+ "items": {
3798
+ "type": "string"
3799
+ }
3800
+ },
3801
+ {
3802
+ "type": "string"
3803
+ }
3804
+ ]
3805
+ },
3806
+ "signIn": {
3807
+ "type": "object",
3808
+ "properties": {
3809
+ "resolvers": {
3810
+ "type": "array",
3811
+ "items": {
3812
+ "anyOf": [
3813
+ {
3814
+ "type": "object",
3815
+ "properties": {
3816
+ "resolver": {
3817
+ "type": "string",
3818
+ "const": "usernameMatchingUserEntityName"
3819
+ }
3820
+ },
3821
+ "required": [
3822
+ "resolver"
3823
+ ]
3824
+ },
3825
+ {
3826
+ "type": "object",
3827
+ "properties": {
3828
+ "resolver": {
3829
+ "type": "string",
3830
+ "const": "emailLocalPartMatchingUserEntityName"
3831
+ },
3832
+ "allowedDomains": {
3833
+ "type": "array",
3834
+ "items": {
3835
+ "type": "string"
3836
+ }
3837
+ }
3838
+ },
3839
+ "required": [
3840
+ "resolver"
3841
+ ]
3842
+ },
3843
+ {
3844
+ "type": "object",
3845
+ "properties": {
3846
+ "resolver": {
3847
+ "type": "string",
3848
+ "const": "emailMatchingUserEntityProfileEmail"
3849
+ }
3850
+ },
3851
+ "required": [
3852
+ "resolver"
3853
+ ]
3854
+ }
3855
+ ]
3856
+ }
3857
+ }
3858
+ },
3859
+ "required": [
3860
+ "resolvers"
3861
+ ]
3862
+ }
3863
+ },
3864
+ "required": [
3865
+ "clientId",
3866
+ "clientSecret"
3867
+ ]
5192
3868
  }
5193
- },
5194
- "required": [
5195
- "accountId"
5196
- ]
3869
+ }
5197
3870
  }
5198
3871
  }
5199
3872
  }
5200
3873
  }
5201
3874
  },
5202
3875
  "$schema": "http://json-schema.org/draft-07/schema#"
5203
- }
3876
+ },
3877
+ "packageName": "@backstage/plugin-auth-backend-module-gitlab-provider"
5204
3878
  },
5205
3879
  {
5206
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/backend-plugin-api/config.d.ts",
3880
+ "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
5207
3881
  "value": {
5208
3882
  "type": "object",
5209
3883
  "properties": {
5210
- "backend": {
3884
+ "auth": {
5211
3885
  "type": "object",
5212
3886
  "properties": {
5213
- "workingDirectory": {
5214
- "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
5215
- "type": "string"
3887
+ "providers": {
3888
+ "type": "object",
3889
+ "properties": {
3890
+ "onelogin": {
3891
+ "visibility": "frontend",
3892
+ "type": "object",
3893
+ "additionalProperties": {
3894
+ "type": "object",
3895
+ "properties": {
3896
+ "clientId": {
3897
+ "type": "string"
3898
+ },
3899
+ "clientSecret": {
3900
+ "visibility": "secret",
3901
+ "type": "string"
3902
+ },
3903
+ "issuer": {
3904
+ "type": "string"
3905
+ },
3906
+ "callbackUrl": {
3907
+ "type": "string"
3908
+ },
3909
+ "signIn": {
3910
+ "type": "object",
3911
+ "properties": {
3912
+ "resolvers": {
3913
+ "type": "array",
3914
+ "items": {
3915
+ "anyOf": [
3916
+ {
3917
+ "type": "object",
3918
+ "properties": {
3919
+ "resolver": {
3920
+ "type": "string",
3921
+ "const": "usernameMatchingUserEntityName"
3922
+ }
3923
+ },
3924
+ "required": [
3925
+ "resolver"
3926
+ ]
3927
+ },
3928
+ {
3929
+ "type": "object",
3930
+ "properties": {
3931
+ "resolver": {
3932
+ "type": "string",
3933
+ "const": "emailLocalPartMatchingUserEntityName"
3934
+ },
3935
+ "allowedDomains": {
3936
+ "type": "array",
3937
+ "items": {
3938
+ "type": "string"
3939
+ }
3940
+ }
3941
+ },
3942
+ "required": [
3943
+ "resolver"
3944
+ ]
3945
+ },
3946
+ {
3947
+ "type": "object",
3948
+ "properties": {
3949
+ "resolver": {
3950
+ "type": "string",
3951
+ "const": "emailMatchingUserEntityProfileEmail"
3952
+ }
3953
+ },
3954
+ "required": [
3955
+ "resolver"
3956
+ ]
3957
+ }
3958
+ ]
3959
+ }
3960
+ }
3961
+ },
3962
+ "required": [
3963
+ "resolvers"
3964
+ ]
3965
+ }
3966
+ },
3967
+ "required": [
3968
+ "clientId",
3969
+ "clientSecret",
3970
+ "issuer"
3971
+ ]
3972
+ }
3973
+ }
3974
+ }
5216
3975
  }
5217
3976
  }
5218
3977
  }
5219
3978
  },
5220
3979
  "$schema": "http://json-schema.org/draft-07/schema#"
5221
- }
3980
+ },
3981
+ "packageName": "@backstage/plugin-auth-backend-module-onelogin-provider"
5222
3982
  },
5223
3983
  {
5224
- "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/integration-aws-node/config.d.ts",
3984
+ "path": "../integration-aws-node/config.d.ts",
5225
3985
  "value": {
5226
3986
  "type": "object",
5227
3987
  "properties": {
@@ -5327,119 +4087,27 @@
5327
4087
  }
5328
4088
  },
5329
4089
  "$schema": "http://json-schema.org/draft-07/schema#"
5330
- }
4090
+ },
4091
+ "packageName": "@backstage/integration-aws-node"
5331
4092
  },
5332
4093
  {
5333
- "path": "../../node_modules/@backstage-community/plugin-puppetdb/node_modules/@backstage/frontend-app-api/config.d.ts",
4094
+ "path": "../../node_modules/@backstage/backend-common/node_modules/@backstage/backend-plugin-api/config.d.ts",
5334
4095
  "value": {
5335
4096
  "type": "object",
5336
4097
  "properties": {
5337
- "app": {
4098
+ "backend": {
5338
4099
  "type": "object",
5339
4100
  "properties": {
5340
- "experimental": {
5341
- "type": "object",
5342
- "properties": {
5343
- "packages": {
5344
- "visibility": "frontend",
5345
- "deepVisibility": "frontend",
5346
- "anyOf": [
5347
- {
5348
- "type": "object",
5349
- "properties": {
5350
- "include": {
5351
- "type": "array",
5352
- "items": {
5353
- "type": "string"
5354
- }
5355
- },
5356
- "exclude": {
5357
- "type": "array",
5358
- "items": {
5359
- "type": "string"
5360
- }
5361
- }
5362
- }
5363
- },
5364
- {
5365
- "const": "all",
5366
- "type": "string"
5367
- }
5368
- ]
5369
- }
5370
- }
5371
- },
5372
- "routes": {
5373
- "type": "object",
5374
- "properties": {
5375
- "bindings": {
5376
- "description": "Maps external route references to regular route references. Both the\nkey and the value is expected to be on the form `<pluginId>.<routeId>`.\nIf the value is `false`, the route will be disabled even if it has a\ndefault mapping.",
5377
- "deepVisibility": "frontend",
5378
- "type": "object",
5379
- "additionalProperties": {
5380
- "anyOf": [
5381
- {
5382
- "const": false,
5383
- "type": "boolean"
5384
- },
5385
- {
5386
- "type": "string"
5387
- }
5388
- ]
5389
- }
5390
- }
5391
- }
5392
- },
5393
- "extensions": {
5394
- "deepVisibility": "frontend",
5395
- "type": "array",
5396
- "items": {
5397
- "anyOf": [
5398
- {
5399
- "type": "object",
5400
- "additionalProperties": {
5401
- "anyOf": [
5402
- {
5403
- "type": "object",
5404
- "properties": {
5405
- "attachTo": {
5406
- "type": "object",
5407
- "properties": {
5408
- "id": {
5409
- "type": "string"
5410
- },
5411
- "input": {
5412
- "type": "string"
5413
- }
5414
- },
5415
- "required": [
5416
- "id",
5417
- "input"
5418
- ]
5419
- },
5420
- "disabled": {
5421
- "type": "boolean"
5422
- },
5423
- "config": {}
5424
- }
5425
- },
5426
- {
5427
- "type": "boolean"
5428
- }
5429
- ]
5430
- }
5431
- },
5432
- {
5433
- "type": "string"
5434
- }
5435
- ]
5436
- }
4101
+ "workingDirectory": {
4102
+ "description": "An absolute path to a directory that can be used as a working dir, for\nexample as scratch space for large operations.",
4103
+ "type": "string"
5437
4104
  }
5438
4105
  }
5439
4106
  }
5440
4107
  },
5441
4108
  "$schema": "http://json-schema.org/draft-07/schema#"
5442
- }
4109
+ },
4110
+ "packageName": "@backstage/backend-plugin-api"
5443
4111
  }
5444
4112
  ],
5445
4113
  "backstageConfigSchemaVersion": 1