@techdocs/cli 1.9.1 → 1.9.2-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +11 -0
  2. package/dist/embedded-app/.config-schema.json +1924 -1854
  3. package/dist/embedded-app/index.html +1 -1
  4. package/dist/embedded-app/index.html.tmpl +1 -1
  5. package/dist/embedded-app/static/2177.5241e8a7.chunk.js +4 -0
  6. package/dist/embedded-app/static/2177.5241e8a7.chunk.js.map +1 -0
  7. package/dist/embedded-app/static/{main.53048bb6.js → main.4f4fde3d.js} +6 -6
  8. package/dist/embedded-app/static/main.4f4fde3d.js.map +1 -0
  9. package/dist/embedded-app/static/{runtime.53048bb6.js → runtime.4f4fde3d.js} +2 -2
  10. package/dist/embedded-app/static/{runtime.53048bb6.js.map → runtime.4f4fde3d.js.map} +1 -1
  11. package/dist/embedded-app/static/{vendor.53048bb6.js → vendor.4f4fde3d.js} +1 -1
  12. package/dist/embedded-app/static/{vendor.53048bb6.js.map → vendor.4f4fde3d.js.map} +1 -1
  13. package/dist/package.json.cjs.js +1 -1
  14. package/package.json +7 -7
  15. package/dist/embedded-app/static/2177.8ae9ec12.chunk.js +0 -4
  16. package/dist/embedded-app/static/2177.8ae9ec12.chunk.js.map +0 -1
  17. package/dist/embedded-app/static/main.53048bb6.js.map +0 -1
package/dist/embedded-app/.config-schema.json CHANGED
@@ -400,62 +400,6 @@
400
400
  },
401
401
  "packageName": "@backstage/core-components"
402
402
  },
403
- {
404
- "path": "../../plugins/techdocs/config.d.ts",
405
- "value": {
406
- "type": "object",
407
- "properties": {
408
- "techdocs": {
409
- "description": "Configuration options for the techdocs plugin",
410
- "type": "object",
411
- "properties": {
412
- "builder": {
413
- "description": "Documentation building process depends on the builder attr",
414
- "visibility": "frontend",
415
- "enum": [
416
- "external",
417
- "local"
418
- ],
419
- "type": "string"
420
- },
421
- "legacyUseCaseSensitiveTripletPaths": {
422
- "description": "Allows fallback to case-sensitive triplets in case of migration issues.",
423
- "visibility": "frontend",
424
- "type": "boolean"
425
- },
426
- "sanitizer": {
427
- "type": "object",
428
- "properties": {
429
- "allowedIframeHosts": {
430
- "description": "Allows iframe tag only for listed hosts\nExample:\n allowedIframeHosts: [\"example.com\"]\n this will allow all iframes with the host `example.com` in the src attribute",
431
- "visibility": "frontend",
432
- "type": "array",
433
- "items": {
434
- "type": "string"
435
- }
436
- },
437
- "allowedCustomElementTagNameRegExp": {
438
- "description": "Allows listed custom element tag name regex\nExample:\n allowedCustomElementTagNameRegExp: '^backstage-'\n this will allow all custom elements with tag name matching `^backstage-` like <backstage-custom-element /> etc.",
439
- "visibility": "frontend",
440
- "type": "string"
441
- },
442
- "allowedCustomElementAttributeNameRegExp": {
443
- "description": "Allows listed custom element attribute name regex\nExample:\n allowedCustomElementAttributeNameRegExp: 'attribute1|attribute2'\n this will allow all custom element attributes matching `attribute1` or `attribute2` like <backstage-custom-element attribute1=\"yes\" attribute2/>",
444
- "visibility": "frontend",
445
- "type": "string"
446
- }
447
- }
448
- }
449
- }
450
- }
451
- },
452
- "required": [
453
- "techdocs"
454
- ],
455
- "$schema": "http://json-schema.org/draft-07/schema#"
456
- },
457
- "packageName": "@backstage/plugin-techdocs"
458
- },
459
403
  {
460
404
  "path": "../integration/config.d.ts",
461
405
  "value": {
@@ -937,6 +881,62 @@
937
881
  },
938
882
  "packageName": "@backstage/integration"
939
883
  },
884
+ {
885
+ "path": "../../plugins/techdocs/config.d.ts",
886
+ "value": {
887
+ "type": "object",
888
+ "properties": {
889
+ "techdocs": {
890
+ "description": "Configuration options for the techdocs plugin",
891
+ "type": "object",
892
+ "properties": {
893
+ "builder": {
894
+ "description": "Documentation building process depends on the builder attr",
895
+ "visibility": "frontend",
896
+ "enum": [
897
+ "external",
898
+ "local"
899
+ ],
900
+ "type": "string"
901
+ },
902
+ "legacyUseCaseSensitiveTripletPaths": {
903
+ "description": "Allows fallback to case-sensitive triplets in case of migration issues.",
904
+ "visibility": "frontend",
905
+ "type": "boolean"
906
+ },
907
+ "sanitizer": {
908
+ "type": "object",
909
+ "properties": {
910
+ "allowedIframeHosts": {
911
+ "description": "Allows iframe tag only for listed hosts\nExample:\n allowedIframeHosts: [\"example.com\"]\n this will allow all iframes with the host `example.com` in the src attribute",
912
+ "visibility": "frontend",
913
+ "type": "array",
914
+ "items": {
915
+ "type": "string"
916
+ }
917
+ },
918
+ "allowedCustomElementTagNameRegExp": {
919
+ "description": "Allows listed custom element tag name regex\nExample:\n allowedCustomElementTagNameRegExp: '^backstage-'\n this will allow all custom elements with tag name matching `^backstage-` like <backstage-custom-element /> etc.",
920
+ "visibility": "frontend",
921
+ "type": "string"
922
+ },
923
+ "allowedCustomElementAttributeNameRegExp": {
924
+ "description": "Allows listed custom element attribute name regex\nExample:\n allowedCustomElementAttributeNameRegExp: 'attribute1|attribute2'\n this will allow all custom element attributes matching `attribute1` or `attribute2` like <backstage-custom-element attribute1=\"yes\" attribute2/>",
925
+ "visibility": "frontend",
926
+ "type": "string"
927
+ }
928
+ }
929
+ }
930
+ }
931
+ }
932
+ },
933
+ "required": [
934
+ "techdocs"
935
+ ],
936
+ "$schema": "http://json-schema.org/draft-07/schema#"
937
+ },
938
+ "packageName": "@backstage/plugin-techdocs"
939
+ },
940
940
  {
941
941
  "path": "../frontend-app-api/config.d.ts",
942
942
  "value": {
@@ -1564,69 +1564,111 @@
1564
1564
  "packageName": "@backstage/core-components"
1565
1565
  },
1566
1566
  {
1567
- "path": "../backend-app-api/config.d.ts",
1567
+ "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
1568
1568
  "value": {
1569
1569
  "type": "object",
1570
1570
  "properties": {
1571
- "backend": {
1571
+ "auth": {
1572
1572
  "type": "object",
1573
1573
  "properties": {
1574
- "packages": {
1575
- "description": "Used by the feature discovery service",
1576
- "anyOf": [
1577
- {
1578
- "type": "object",
1579
- "properties": {
1580
- "include": {
1581
- "type": "array",
1582
- "items": {
1583
- "type": "string"
1584
- }
1585
- },
1586
- "exclude": {
1587
- "type": "array",
1588
- "items": {
1589
- "type": "string"
1590
- }
1591
- }
1592
- }
1593
- },
1594
- {
1595
- "const": "all",
1596
- "type": "string"
1597
- }
1598
- ]
1599
- },
1600
- "startup": {
1574
+ "providers": {
1601
1575
  "type": "object",
1602
1576
  "properties": {
1603
- "default": {
1604
- "type": "object",
1605
- "properties": {
1606
- "onPluginBootFailure": {
1607
- "description": "The default value for `onPluginBootFailure` if not specified for a particular plugin.\nThis defaults to 'abort', which means `onPluginBootFailure: continue` must be specified\nfor backend startup to continue on plugin boot failure. This can also be set to\n'continue', which flips the logic for individual plugins so that they must be set to\n`onPluginBootFailure: abort` to be required.",
1608
- "enum": [
1609
- "abort",
1610
- "continue"
1611
- ],
1612
- "type": "string"
1613
- }
1614
- }
1615
- },
1616
- "plugins": {
1577
+ "atlassian": {
1578
+ "visibility": "frontend",
1617
1579
  "type": "object",
1618
1580
  "additionalProperties": {
1619
1581
  "type": "object",
1620
1582
  "properties": {
1621
- "onPluginBootFailure": {
1622
- "description": "Used to control backend startup behavior when this plugin fails to boot up. Setting\nthis to `continue` allows the backend to continue starting up, even if this plugin\nfails. This can enable leaving a crashing plugin installed, but still permit backend\nstartup, which may help troubleshoot data-dependent issues. Plugin failures for plugins\nset to `abort` are fatal (this is the default unless overridden by the `default`\nsetting).",
1623
- "enum": [
1624
- "abort",
1625
- "continue"
1626
- ],
1583
+ "clientId": {
1627
1584
  "type": "string"
1628
- }
1629
- }
1585
+ },
1586
+ "clientSecret": {
1587
+ "visibility": "secret",
1588
+ "type": "string"
1589
+ },
1590
+ "audience": {
1591
+ "type": "string"
1592
+ },
1593
+ "callbackUrl": {
1594
+ "type": "string"
1595
+ },
1596
+ "additionalScopes": {
1597
+ "anyOf": [
1598
+ {
1599
+ "type": "array",
1600
+ "items": {
1601
+ "type": "string"
1602
+ }
1603
+ },
1604
+ {
1605
+ "type": "string"
1606
+ }
1607
+ ]
1608
+ },
1609
+ "signIn": {
1610
+ "type": "object",
1611
+ "properties": {
1612
+ "resolvers": {
1613
+ "type": "array",
1614
+ "items": {
1615
+ "anyOf": [
1616
+ {
1617
+ "type": "object",
1618
+ "properties": {
1619
+ "resolver": {
1620
+ "type": "string",
1621
+ "const": "usernameMatchingUserEntityName"
1622
+ }
1623
+ },
1624
+ "required": [
1625
+ "resolver"
1626
+ ]
1627
+ },
1628
+ {
1629
+ "type": "object",
1630
+ "properties": {
1631
+ "resolver": {
1632
+ "type": "string",
1633
+ "const": "emailLocalPartMatchingUserEntityName"
1634
+ },
1635
+ "allowedDomains": {
1636
+ "type": "array",
1637
+ "items": {
1638
+ "type": "string"
1639
+ }
1640
+ }
1641
+ },
1642
+ "required": [
1643
+ "resolver"
1644
+ ]
1645
+ },
1646
+ {
1647
+ "type": "object",
1648
+ "properties": {
1649
+ "resolver": {
1650
+ "type": "string",
1651
+ "const": "emailMatchingUserEntityProfileEmail"
1652
+ }
1653
+ },
1654
+ "required": [
1655
+ "resolver"
1656
+ ]
1657
+ }
1658
+ ]
1659
+ }
1660
+ }
1661
+ },
1662
+ "required": [
1663
+ "resolvers"
1664
+ ]
1665
+ },
1666
+ "sessionDuration": {}
1667
+ },
1668
+ "required": [
1669
+ "clientId",
1670
+ "clientSecret"
1671
+ ]
1630
1672
  }
1631
1673
  }
1632
1674
  }
@@ -1636,946 +1678,788 @@
1636
1678
  },
1637
1679
  "$schema": "http://json-schema.org/draft-07/schema#"
1638
1680
  },
1639
- "packageName": "@backstage/backend-app-api"
1681
+ "packageName": "@backstage/plugin-auth-backend-module-atlassian-provider"
1640
1682
  },
1641
1683
  {
1642
- "path": "../backend-defaults/config.d.ts",
1684
+ "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
1643
1685
  "value": {
1644
1686
  "type": "object",
1645
1687
  "properties": {
1646
- "app": {
1647
- "type": "object",
1648
- "properties": {
1649
- "baseUrl": {
1650
- "type": "string"
1651
- }
1652
- },
1653
- "required": [
1654
- "baseUrl"
1655
- ]
1656
- },
1657
- "backend": {
1688
+ "auth": {
1658
1689
  "type": "object",
1659
1690
  "properties": {
1660
- "baseUrl": {
1661
- "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
1662
- "type": "string"
1663
- },
1664
- "lifecycle": {
1691
+ "providers": {
1665
1692
  "type": "object",
1666
1693
  "properties": {
1667
- "startupRequestPauseTimeout": {
1668
- "description": "The maximum time that paused requests will wait for the service to start, before returning an error.\nDefaults to 5 seconds\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
1669
- },
1670
- "serverShutdownDelay": {
1671
- "description": "The minimum time that the HTTP server will delay the shutdown of the backend. During this delay health checks will be set to failing, allowing traffic to drain.\nDefaults to 0 seconds.\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
1672
- }
1673
- }
1674
- },
1675
- "listen": {
1676
- "description": "Address that the backend should listen to.",
1677
- "anyOf": [
1678
- {
1679
- "type": "object",
1680
- "properties": {
1681
- "host": {
1682
- "description": "Address of the interface that the backend should bind to.",
1683
- "type": "string"
1684
- },
1685
- "port": {
1686
- "description": "Port that the backend should listen to.",
1687
- "type": [
1688
- "string",
1689
- "number"
1690
- ]
1691
- }
1692
- }
1693
- },
1694
- {
1695
- "type": "string"
1696
- }
1697
- ]
1698
- },
1699
- "https": {
1700
- "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
1701
- "anyOf": [
1702
- {
1694
+ "auth0": {
1695
+ "visibility": "frontend",
1703
1696
  "type": "object",
1704
- "properties": {
1705
- "certificate": {
1706
- "description": "Certificate configuration",
1707
- "type": "object",
1708
- "properties": {
1709
- "cert": {
1710
- "description": "PEM encoded certificate. Use $file to load in a file",
1711
- "type": "string"
1712
- },
1713
- "key": {
1714
- "description": "PEM encoded certificate key. Use $file to load in a file.",
1715
- "visibility": "secret",
1716
- "type": "string"
1717
- }
1697
+ "additionalProperties": {
1698
+ "type": "object",
1699
+ "properties": {
1700
+ "clientId": {
1701
+ "type": "string"
1718
1702
  },
1719
- "required": [
1720
- "cert",
1721
- "key"
1722
- ]
1723
- }
1703
+ "clientSecret": {
1704
+ "visibility": "secret",
1705
+ "type": "string"
1706
+ },
1707
+ "domain": {
1708
+ "type": "string"
1709
+ },
1710
+ "callbackUrl": {
1711
+ "type": "string"
1712
+ },
1713
+ "audience": {
1714
+ "type": "string"
1715
+ },
1716
+ "connection": {
1717
+ "type": "string"
1718
+ },
1719
+ "connectionScope": {
1720
+ "type": "string"
1721
+ },
1722
+ "sessionDuration": {}
1723
+ },
1724
+ "required": [
1725
+ "clientId",
1726
+ "clientSecret",
1727
+ "domain"
1728
+ ]
1724
1729
  }
1725
- },
1726
- {
1727
- "const": true,
1728
- "type": "boolean"
1729
1730
  }
1730
- ]
1731
- },
1732
- "auth": {
1733
- "description": "Options used by the default auth, httpAuth and userInfo services.",
1731
+ }
1732
+ }
1733
+ }
1734
+ }
1735
+ },
1736
+ "$schema": "http://json-schema.org/draft-07/schema#"
1737
+ },
1738
+ "packageName": "@backstage/plugin-auth-backend-module-auth0-provider"
1739
+ },
1740
+ {
1741
+ "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
1742
+ "value": {
1743
+ "type": "object",
1744
+ "properties": {
1745
+ "auth": {
1746
+ "type": "object",
1747
+ "properties": {
1748
+ "providers": {
1734
1749
  "type": "object",
1735
1750
  "properties": {
1736
- "keys": {
1737
- "description": "Keys shared by all backends for signing and validating backend tokens.",
1738
- "deprecated": "this will be removed when the backwards compatibility is no longer needed with backend-common",
1739
- "type": "array",
1740
- "items": {
1751
+ "bitbucket": {
1752
+ "visibility": "frontend",
1753
+ "type": "object",
1754
+ "additionalProperties": {
1741
1755
  "type": "object",
1742
1756
  "properties": {
1743
- "secret": {
1744
- "description": "Secret for generating tokens. Should be a base64 string, recommended\nlength is 24 bytes.",
1757
+ "clientId": {
1758
+ "type": "string"
1759
+ },
1760
+ "clientSecret": {
1745
1761
  "visibility": "secret",
1746
1762
  "type": "string"
1747
- }
1748
- },
1749
- "required": [
1750
- "secret"
1751
- ]
1752
- }
1753
- },
1754
- "dangerouslyDisableDefaultAuthPolicy": {
1755
- "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
1756
- "type": "boolean"
1757
- },
1758
- "pluginKeyStore": {
1759
- "description": "Controls how to store keys for plugin-to-plugin auth",
1760
- "anyOf": [
1761
- {
1762
- "type": "object",
1763
- "properties": {
1764
- "type": {
1765
- "type": "string",
1766
- "const": "database"
1767
- }
1768
1763
  },
1769
- "required": [
1770
- "type"
1771
- ]
1772
- },
1773
- {
1774
- "type": "object",
1775
- "properties": {
1776
- "type": {
1777
- "type": "string",
1778
- "const": "static"
1779
- },
1780
- "static": {
1781
- "type": "object",
1782
- "properties": {
1783
- "keys": {
1784
- "description": "Must be declared at least once and the first one will be used for signing.",
1785
- "type": "array",
1786
- "items": {
1787
- "type": "object",
1788
- "properties": {
1789
- "publicKeyFile": {
1790
- "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
1791
- "type": "string"
1792
- },
1793
- "privateKeyFile": {
1794
- "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
1795
- "type": "string"
1796
- },
1797
- "keyId": {
1798
- "description": "ID to uniquely identify this key within the JWK set.",
1799
- "type": "string"
1800
- },
1801
- "algorithm": {
1802
- "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
1803
- "type": "string"
1804
- }
1805
- },
1806
- "required": [
1807
- "keyId",
1808
- "publicKeyFile"
1809
- ]
1810
- }
1764
+ "additionalScopes": {
1765
+ "anyOf": [
1766
+ {
1767
+ "type": "array",
1768
+ "items": {
1769
+ "type": "string"
1811
1770
  }
1812
1771
  },
1813
- "required": [
1814
- "keys"
1815
- ]
1816
- }
1772
+ {
1773
+ "type": "string"
1774
+ }
1775
+ ]
1817
1776
  },
1818
- "required": [
1819
- "static",
1820
- "type"
1821
- ]
1822
- }
1823
- ]
1824
- },
1825
- "externalAccess": {
1826
- "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
1827
- "type": "array",
1828
- "items": {
1829
- "anyOf": [
1830
- {
1777
+ "signIn": {
1831
1778
  "type": "object",
1832
1779
  "properties": {
1833
- "type": {
1834
- "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
1835
- "type": "string",
1836
- "const": "legacy"
1837
- },
1838
- "options": {
1839
- "type": "object",
1840
- "properties": {
1841
- "secret": {
1842
- "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
1843
- "visibility": "secret",
1844
- "type": "string"
1845
- },
1846
- "subject": {
1847
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
1848
- "type": "string"
1849
- }
1850
- },
1851
- "required": [
1852
- "secret",
1853
- "subject"
1854
- ]
1855
- },
1856
- "accessRestrictions": {
1857
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
1780
+ "resolvers": {
1858
1781
  "type": "array",
1859
1782
  "items": {
1860
- "type": "object",
1861
- "properties": {
1862
- "plugin": {
1863
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
1864
- "type": "string"
1865
- },
1866
- "permission": {
1867
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1868
- "anyOf": [
1869
- {
1870
- "type": "array",
1871
- "items": {
1872
- "type": "string"
1873
- }
1874
- },
1875
- {
1876
- "type": "string"
1783
+ "anyOf": [
1784
+ {
1785
+ "type": "object",
1786
+ "properties": {
1787
+ "resolver": {
1788
+ "type": "string",
1789
+ "const": "userIdMatchingUserEntityAnnotation"
1877
1790
  }
1791
+ },
1792
+ "required": [
1793
+ "resolver"
1878
1794
  ]
1879
1795
  },
1880
- "permissionAttribute": {
1881
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1796
+ {
1882
1797
  "type": "object",
1883
1798
  "properties": {
1884
- "action": {
1885
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
1886
- "anyOf": [
1887
- {
1888
- "type": "array",
1889
- "items": {
1890
- "type": "string"
1891
- }
1892
- },
1893
- {
1894
- "type": "string"
1895
- }
1896
- ]
1897
- }
1898
- }
1899
- }
1900
- },
1901
- "required": [
1902
- "plugin"
1903
- ]
1904
- }
1905
- }
1906
- },
1907
- "required": [
1908
- "options",
1909
- "type"
1910
- ]
1911
- },
1912
- {
1913
- "type": "object",
1914
- "properties": {
1915
- "type": {
1916
- "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
1917
- "type": "string",
1918
- "const": "static"
1919
- },
1920
- "options": {
1921
- "type": "object",
1922
- "properties": {
1923
- "token": {
1924
- "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
1925
- "visibility": "secret",
1926
- "type": "string"
1927
- },
1928
- "subject": {
1929
- "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
1930
- "type": "string"
1931
- }
1932
- },
1933
- "required": [
1934
- "subject",
1935
- "token"
1936
- ]
1937
- },
1938
- "accessRestrictions": {
1939
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
1940
- "type": "array",
1941
- "items": {
1942
- "type": "object",
1943
- "properties": {
1944
- "plugin": {
1945
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
1946
- "type": "string"
1947
- },
1948
- "permission": {
1949
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1950
- "anyOf": [
1951
- {
1799
+ "resolver": {
1800
+ "type": "string",
1801
+ "const": "emailLocalPartMatchingUserEntityName"
1802
+ },
1803
+ "allowedDomains": {
1952
1804
  "type": "array",
1953
1805
  "items": {
1954
1806
  "type": "string"
1955
1807
  }
1956
- },
1957
- {
1958
- "type": "string"
1959
1808
  }
1809
+ },
1810
+ "required": [
1811
+ "resolver"
1960
1812
  ]
1961
1813
  },
1962
- "permissionAttribute": {
1963
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
1814
+ {
1964
1815
  "type": "object",
1965
1816
  "properties": {
1966
- "action": {
1967
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
1968
- "anyOf": [
1969
- {
1970
- "type": "array",
1971
- "items": {
1972
- "type": "string"
1973
- }
1974
- },
1975
- {
1976
- "type": "string"
1977
- }
1978
- ]
1817
+ "resolver": {
1818
+ "type": "string",
1819
+ "const": "emailMatchingUserEntityProfileEmail"
1979
1820
  }
1980
- }
1821
+ },
1822
+ "required": [
1823
+ "resolver"
1824
+ ]
1981
1825
  }
1982
- },
1983
- "required": [
1984
- "plugin"
1985
1826
  ]
1986
1827
  }
1987
1828
  }
1988
1829
  },
1989
1830
  "required": [
1990
- "options",
1991
- "type"
1831
+ "resolvers"
1992
1832
  ]
1993
1833
  },
1994
- {
1834
+ "sessionDuration": {}
1835
+ },
1836
+ "required": [
1837
+ "clientId",
1838
+ "clientSecret"
1839
+ ]
1840
+ }
1841
+ }
1842
+ }
1843
+ }
1844
+ }
1845
+ }
1846
+ },
1847
+ "$schema": "http://json-schema.org/draft-07/schema#"
1848
+ },
1849
+ "packageName": "@backstage/plugin-auth-backend-module-bitbucket-provider"
1850
+ },
1851
+ {
1852
+ "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
1853
+ "value": {
1854
+ "type": "object",
1855
+ "properties": {
1856
+ "auth": {
1857
+ "type": "object",
1858
+ "properties": {
1859
+ "providers": {
1860
+ "type": "object",
1861
+ "properties": {
1862
+ "bitbucketServer": {
1863
+ "visibility": "frontend",
1864
+ "type": "object",
1865
+ "additionalProperties": {
1866
+ "type": "object",
1867
+ "properties": {
1868
+ "clientId": {
1869
+ "type": "string"
1870
+ },
1871
+ "clientSecret": {
1872
+ "visibility": "secret",
1873
+ "type": "string"
1874
+ },
1875
+ "host": {
1876
+ "type": "string"
1877
+ },
1878
+ "callbackUrl": {
1879
+ "type": "string"
1880
+ },
1881
+ "sessionDuration": {}
1882
+ },
1883
+ "required": [
1884
+ "clientId",
1885
+ "clientSecret",
1886
+ "host"
1887
+ ]
1888
+ }
1889
+ }
1890
+ }
1891
+ }
1892
+ }
1893
+ }
1894
+ },
1895
+ "$schema": "http://json-schema.org/draft-07/schema#"
1896
+ },
1897
+ "packageName": "@backstage/plugin-auth-backend-module-bitbucket-server-provider"
1898
+ },
1899
+ {
1900
+ "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
1901
+ "value": {
1902
+ "type": "object",
1903
+ "properties": {
1904
+ "auth": {
1905
+ "type": "object",
1906
+ "properties": {
1907
+ "providers": {
1908
+ "type": "object",
1909
+ "properties": {
1910
+ "cfaccess": {
1911
+ "visibility": "frontend",
1912
+ "type": "object",
1913
+ "properties": {
1914
+ "teamName": {
1915
+ "type": "string"
1916
+ },
1917
+ "serviceTokens": {
1918
+ "deepVisibility": "secret",
1919
+ "type": "array",
1920
+ "items": {
1995
1921
  "type": "object",
1996
1922
  "properties": {
1997
- "type": {
1998
- "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
1999
- "type": "string",
2000
- "const": "jwks"
1923
+ "token": {
1924
+ "type": "string"
2001
1925
  },
2002
- "options": {
2003
- "type": "object",
2004
- "properties": {
2005
- "url": {
2006
- "description": "The full URL of the JWKS endpoint.",
2007
- "type": "string"
2008
- },
2009
- "algorithm": {
2010
- "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
2011
- "anyOf": [
2012
- {
2013
- "type": "array",
2014
- "items": {
2015
- "type": "string"
2016
- }
1926
+ "subject": {
1927
+ "type": "string"
1928
+ }
1929
+ },
1930
+ "required": [
1931
+ "subject",
1932
+ "token"
1933
+ ]
1934
+ }
1935
+ },
1936
+ "jwtHeaderName": {
1937
+ "type": "string"
1938
+ },
1939
+ "authorizationCookieName": {
1940
+ "type": "string"
1941
+ },
1942
+ "signIn": {
1943
+ "type": "object",
1944
+ "properties": {
1945
+ "resolvers": {
1946
+ "type": "array",
1947
+ "items": {
1948
+ "anyOf": [
1949
+ {
1950
+ "type": "object",
1951
+ "properties": {
1952
+ "resolver": {
1953
+ "type": "string",
1954
+ "const": "emailLocalPartMatchingUserEntityName"
2017
1955
  },
2018
- {
2019
- "type": "string"
2020
- }
2021
- ]
2022
- },
2023
- "issuer": {
2024
- "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
2025
- "anyOf": [
2026
- {
1956
+ "allowedDomains": {
2027
1957
  "type": "array",
2028
1958
  "items": {
2029
1959
  "type": "string"
2030
1960
  }
2031
- },
2032
- {
2033
- "type": "string"
2034
1961
  }
1962
+ },
1963
+ "required": [
1964
+ "resolver"
2035
1965
  ]
2036
1966
  },
2037
- "audience": {
2038
- "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
2039
- "anyOf": [
2040
- {
2041
- "type": "array",
2042
- "items": {
2043
- "type": "string"
2044
- }
2045
- },
2046
- {
2047
- "type": "string"
1967
+ {
1968
+ "type": "object",
1969
+ "properties": {
1970
+ "resolver": {
1971
+ "type": "string",
1972
+ "const": "emailMatchingUserEntityProfileEmail"
2048
1973
  }
1974
+ },
1975
+ "required": [
1976
+ "resolver"
2049
1977
  ]
2050
- },
2051
- "subjectPrefix": {
2052
- "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
2053
- "type": "string"
2054
1978
  }
2055
- },
2056
- "required": [
2057
- "url"
2058
1979
  ]
2059
- },
2060
- "accessRestrictions": {
2061
- "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
2062
- "type": "array",
2063
- "items": {
2064
- "type": "object",
2065
- "properties": {
2066
- "plugin": {
2067
- "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
2068
- "type": "string"
2069
- },
2070
- "permission": {
2071
- "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2072
- "anyOf": [
2073
- {
2074
- "type": "array",
2075
- "items": {
2076
- "type": "string"
2077
- }
2078
- },
2079
- {
2080
- "type": "string"
2081
- }
2082
- ]
2083
- },
2084
- "permissionAttribute": {
2085
- "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
2086
- "type": "object",
2087
- "properties": {
2088
- "action": {
2089
- "description": "One of more of 'create', 'read', 'update', or 'delete'.",
2090
- "anyOf": [
2091
- {
2092
- "type": "array",
2093
- "items": {
2094
- "type": "string"
2095
- }
2096
- },
2097
- {
2098
- "type": "string"
2099
- }
2100
- ]
2101
- }
2102
- }
2103
- }
2104
- },
2105
- "required": [
2106
- "plugin"
2107
- ]
2108
- }
2109
1980
  }
2110
- },
2111
- "required": [
2112
- "options",
2113
- "type"
2114
- ]
2115
- }
2116
- ]
2117
- }
2118
- }
2119
- }
2120
- },
2121
- "database": {
2122
- "description": "Database connection configuration, select base database type using the `client` field",
2123
- "type": "object",
2124
- "properties": {
2125
- "client": {
2126
- "description": "Default database client to use",
2127
- "enum": [
2128
- "better-sqlite3",
2129
- "pg",
2130
- "sqlite3"
2131
- ],
2132
- "type": "string"
2133
- },
2134
- "connection": {
2135
- "description": "Base database connection string, or object with individual connection properties",
2136
- "visibility": "secret",
2137
- "anyOf": [
2138
- {
2139
- "type": "object",
2140
- "properties": {
2141
- "type": {
2142
- "description": "The specific config for cloudsql connections",
2143
- "type": "string",
2144
- "const": "cloudsql"
2145
- },
2146
- "instance": {
2147
- "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2148
- "type": "string"
2149
- },
2150
- "ipAddressType": {
2151
- "description": "The ip address type to use for the connection. Defaults to 'PUBLIC'",
2152
- "enum": [
2153
- "PRIVATE",
2154
- "PSC",
2155
- "PUBLIC"
2156
- ],
2157
- "type": "string"
2158
1981
  }
2159
1982
  },
2160
1983
  "required": [
2161
- "instance",
2162
- "type"
1984
+ "resolvers"
2163
1985
  ]
2164
- },
2165
- {
2166
- "type": "object",
2167
- "additionalProperties": {},
2168
- "properties": {
2169
- "password": {
2170
- "description": "Password that belongs to the client User",
2171
- "visibility": "secret",
2172
- "type": "string"
2173
- }
2174
- }
2175
- },
2176
- {
2177
- "type": "string"
2178
1986
  }
1987
+ },
1988
+ "required": [
1989
+ "teamName"
2179
1990
  ]
2180
1991
  },
2181
- "prefix": {
2182
- "description": "Database name prefix override",
2183
- "type": "string"
2184
- },
2185
- "ensureExists": {
2186
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
2187
- "type": "boolean"
2188
- },
2189
- "ensureSchemaExists": {
2190
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2191
- "type": "boolean"
2192
- },
2193
- "pluginDivisionMode": {
2194
- "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
2195
- "default": "database",
2196
- "enum": [
2197
- "database",
2198
- "schema"
2199
- ],
2200
- "type": "string"
2201
- },
2202
- "role": {
2203
- "description": "Configures the ownership of newly created schemas in pg databases.",
2204
- "type": "string"
2205
- },
2206
- "knexConfig": {
2207
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
2208
- "type": "object",
2209
- "properties": {},
2210
- "additionalProperties": true
2211
- },
2212
- "skipMigrations": {
2213
- "description": "Skip running database migrations.",
2214
- "type": "boolean"
1992
+ "backstageTokenExpiration": {
1993
+ "description": "The backstage token expiration."
2215
1994
  },
2216
- "plugin": {
2217
- "description": "Plugin specific database configuration and client override",
1995
+ "sessionDuration": {}
1996
+ }
1997
+ }
1998
+ }
1999
+ }
2000
+ },
2001
+ "$schema": "http://json-schema.org/draft-07/schema#"
2002
+ },
2003
+ "packageName": "@backstage/plugin-auth-backend-module-cloudflare-access-provider"
2004
+ },
2005
+ {
2006
+ "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
2007
+ "value": {
2008
+ "type": "object",
2009
+ "properties": {
2010
+ "auth": {
2011
+ "type": "object",
2012
+ "properties": {
2013
+ "providers": {
2014
+ "type": "object",
2015
+ "properties": {
2016
+ "gcpIap": {
2017
+ "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
2218
2018
  "type": "object",
2219
- "additionalProperties": {
2220
- "type": "object",
2221
- "properties": {
2222
- "client": {
2223
- "description": "Database client override",
2224
- "enum": [
2225
- "better-sqlite3",
2226
- "pg",
2227
- "sqlite3"
2228
- ],
2229
- "type": "string"
2230
- },
2231
- "connection": {
2232
- "description": "Database connection string or Knex object override",
2233
- "visibility": "secret",
2234
- "anyOf": [
2235
- {
2236
- "type": "object",
2237
- "properties": {
2238
- "type": {
2239
- "description": "The specific config for cloudsql connections",
2240
- "type": "string",
2241
- "const": "cloudsql"
2019
+ "properties": {
2020
+ "audience": {
2021
+ "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
2022
+ "type": "string"
2023
+ },
2024
+ "jwtHeader": {
2025
+ "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
2026
+ "type": "string"
2027
+ },
2028
+ "signIn": {
2029
+ "type": "object",
2030
+ "properties": {
2031
+ "resolvers": {
2032
+ "type": "array",
2033
+ "items": {
2034
+ "anyOf": [
2035
+ {
2036
+ "type": "object",
2037
+ "properties": {
2038
+ "resolver": {
2039
+ "type": "string",
2040
+ "const": "emailMatchingUserEntityAnnotation"
2041
+ }
2042
+ },
2043
+ "required": [
2044
+ "resolver"
2045
+ ]
2242
2046
  },
2243
- "instance": {
2244
- "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
2245
- "type": "string"
2047
+ {
2048
+ "type": "object",
2049
+ "properties": {
2050
+ "resolver": {
2051
+ "type": "string",
2052
+ "const": "idMatchingUserEntityAnnotation"
2053
+ }
2054
+ },
2055
+ "required": [
2056
+ "resolver"
2057
+ ]
2058
+ },
2059
+ {
2060
+ "type": "object",
2061
+ "properties": {
2062
+ "resolver": {
2063
+ "type": "string",
2064
+ "const": "emailLocalPartMatchingUserEntityName"
2065
+ },
2066
+ "allowedDomains": {
2067
+ "type": "array",
2068
+ "items": {
2069
+ "type": "string"
2070
+ }
2071
+ }
2072
+ },
2073
+ "required": [
2074
+ "resolver"
2075
+ ]
2076
+ },
2077
+ {
2078
+ "type": "object",
2079
+ "properties": {
2080
+ "resolver": {
2081
+ "type": "string",
2082
+ "const": "emailMatchingUserEntityProfileEmail"
2083
+ }
2084
+ },
2085
+ "required": [
2086
+ "resolver"
2087
+ ]
2246
2088
  }
2247
- },
2248
- "required": [
2249
- "instance",
2250
- "type"
2251
2089
  ]
2252
- },
2253
- {
2254
- "type": "object",
2255
- "additionalProperties": {},
2256
- "properties": {
2257
- "password": {
2258
- "description": "Password that belongs to the client User",
2259
- "visibility": "secret",
2260
- "type": "string"
2261
- }
2262
- }
2263
- },
2264
- {
2265
- "type": "string"
2266
2090
  }
2267
- ]
2268
- },
2269
- "ensureExists": {
2270
- "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
2271
- "type": "boolean"
2272
- },
2273
- "ensureSchemaExists": {
2274
- "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
2275
- "type": "boolean"
2276
- },
2277
- "knexConfig": {
2278
- "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
2279
- "type": "object",
2280
- "properties": {},
2281
- "additionalProperties": true
2282
- },
2283
- "role": {
2284
- "description": "Configures the ownership of newly created schemas in pg databases.",
2285
- "type": "string"
2091
+ }
2286
2092
  },
2287
- "skipMigrations": {
2288
- "description": "Skip running database migrations.",
2289
- "type": "boolean"
2290
- }
2291
- }
2292
- }
2293
- }
2294
- },
2295
- "required": [
2296
- "client",
2297
- "connection"
2298
- ]
2299
- },
2300
- "cache": {
2301
- "description": "Cache connection configuration, select cache type using the `store` field",
2302
- "anyOf": [
2303
- {
2304
- "type": "object",
2305
- "properties": {
2306
- "store": {
2307
- "type": "string",
2308
- "const": "memory"
2309
- },
2310
- "defaultTtl": {
2311
- "description": "An optional default TTL (in milliseconds, if given as a number)."
2312
- }
2313
- },
2314
- "required": [
2315
- "store"
2316
- ]
2317
- },
2318
- {
2319
- "type": "object",
2320
- "properties": {
2321
- "store": {
2322
- "type": "string",
2323
- "const": "redis"
2324
- },
2325
- "connection": {
2326
- "description": "A redis connection string in the form `redis://user:pass@host:port`.",
2327
- "visibility": "secret",
2328
- "type": "string"
2329
- },
2330
- "defaultTtl": {
2331
- "description": "An optional default TTL (in milliseconds, if given as a number)."
2332
- }
2333
- },
2334
- "required": [
2335
- "connection",
2336
- "store"
2337
- ]
2338
- },
2339
- {
2340
- "type": "object",
2341
- "properties": {
2342
- "store": {
2343
- "type": "string",
2344
- "const": "memcache"
2345
- },
2346
- "connection": {
2347
- "description": "A memcache connection string in the form `user:pass@host:port`.",
2348
- "visibility": "secret",
2349
- "type": "string"
2093
+ "required": [
2094
+ "resolvers"
2095
+ ]
2350
2096
  },
2351
- "defaultTtl": {
2352
- "description": "An optional default TTL (in milliseconds)."
2353
- }
2097
+ "sessionDuration": {}
2354
2098
  },
2355
2099
  "required": [
2356
- "connection",
2357
- "store"
2358
- ]
2359
- }
2360
- ]
2361
- },
2362
- "cors": {
2363
- "type": "object",
2364
- "properties": {
2365
- "origin": {
2366
- "anyOf": [
2367
- {
2368
- "type": "array",
2369
- "items": {
2370
- "type": "string"
2371
- }
2372
- },
2373
- {
2374
- "type": "string"
2375
- }
2376
- ]
2377
- },
2378
- "methods": {
2379
- "anyOf": [
2380
- {
2381
- "type": "array",
2382
- "items": {
2383
- "type": "string"
2384
- }
2385
- },
2386
- {
2387
- "type": "string"
2388
- }
2389
- ]
2390
- },
2391
- "allowedHeaders": {
2392
- "anyOf": [
2393
- {
2394
- "type": "array",
2395
- "items": {
2396
- "type": "string"
2397
- }
2398
- },
2399
- {
2400
- "type": "string"
2401
- }
2402
- ]
2403
- },
2404
- "exposedHeaders": {
2405
- "anyOf": [
2406
- {
2407
- "type": "array",
2408
- "items": {
2409
- "type": "string"
2410
- }
2411
- },
2412
- {
2413
- "type": "string"
2414
- }
2100
+ "audience"
2415
2101
  ]
2416
- },
2417
- "credentials": {
2418
- "type": "boolean"
2419
- },
2420
- "maxAge": {
2421
- "type": "number"
2422
- },
2423
- "preflightContinue": {
2424
- "type": "boolean"
2425
- },
2426
- "optionsSuccessStatus": {
2427
- "type": "number"
2428
2102
  }
2429
2103
  }
2430
- },
2431
- "csp": {
2432
- "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
2433
- "type": "object",
2434
- "additionalProperties": {
2435
- "anyOf": [
2436
- {
2437
- "type": "array",
2438
- "items": {
2439
- "type": "string"
2440
- }
2441
- },
2442
- {
2443
- "const": false,
2444
- "type": "boolean"
2445
- }
2446
- ]
2447
- }
2448
- },
2449
- "health": {
2450
- "description": "Options for the health check service and endpoint.",
2104
+ }
2105
+ }
2106
+ }
2107
+ },
2108
+ "$schema": "http://json-schema.org/draft-07/schema#"
2109
+ },
2110
+ "packageName": "@backstage/plugin-auth-backend-module-gcp-iap-provider"
2111
+ },
2112
+ {
2113
+ "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
2114
+ "value": {
2115
+ "type": "object",
2116
+ "properties": {
2117
+ "auth": {
2118
+ "type": "object",
2119
+ "properties": {
2120
+ "providers": {
2451
2121
  "type": "object",
2452
2122
  "properties": {
2453
- "headers": {
2454
- "description": "Additional headers to always include in the health check response.\n\nIt can be a good idea to set a header that uniquely identifies your service\nin a multi-service environment. This ensures that the health check that is\nconfigured for your service is actually hitting your service and not another.\n\nFor example, if using Envoy you can use the `service_name_matcher` configuration\nand set the `x-envoy-upstream-healthchecked-cluster` header to a matching value.",
2123
+ "github": {
2124
+ "visibility": "frontend",
2455
2125
  "type": "object",
2456
2126
  "additionalProperties": {
2457
- "type": "string"
2458
- }
2459
- }
2460
- }
2461
- },
2462
- "reading": {
2463
- "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
2464
- "type": "object",
2465
- "properties": {
2466
- "allow": {
2467
- "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
2468
- "type": "array",
2469
- "items": {
2470
2127
  "type": "object",
2471
2128
  "properties": {
2472
- "host": {
2473
- "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
2129
+ "clientId": {
2474
2130
  "type": "string"
2475
2131
  },
2476
- "paths": {
2477
- "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
2478
- "type": "array",
2479
- "items": {
2480
- "type": "string"
2481
- }
2482
- }
2132
+ "clientSecret": {
2133
+ "visibility": "secret",
2134
+ "type": "string"
2135
+ },
2136
+ "callbackUrl": {
2137
+ "type": "string"
2138
+ },
2139
+ "enterpriseInstanceUrl": {
2140
+ "type": "string"
2141
+ },
2142
+ "additionalScopes": {
2143
+ "anyOf": [
2144
+ {
2145
+ "type": "array",
2146
+ "items": {
2147
+ "type": "string"
2148
+ }
2149
+ },
2150
+ {
2151
+ "type": "string"
2152
+ }
2153
+ ]
2154
+ },
2155
+ "signIn": {
2156
+ "type": "object",
2157
+ "properties": {
2158
+ "resolvers": {
2159
+ "type": "array",
2160
+ "items": {
2161
+ "anyOf": [
2162
+ {
2163
+ "type": "object",
2164
+ "properties": {
2165
+ "resolver": {
2166
+ "type": "string",
2167
+ "const": "usernameMatchingUserEntityName"
2168
+ }
2169
+ },
2170
+ "required": [
2171
+ "resolver"
2172
+ ]
2173
+ },
2174
+ {
2175
+ "type": "object",
2176
+ "properties": {
2177
+ "resolver": {
2178
+ "type": "string",
2179
+ "const": "emailLocalPartMatchingUserEntityName"
2180
+ },
2181
+ "allowedDomains": {
2182
+ "type": "array",
2183
+ "items": {
2184
+ "type": "string"
2185
+ }
2186
+ }
2187
+ },
2188
+ "required": [
2189
+ "resolver"
2190
+ ]
2191
+ },
2192
+ {
2193
+ "type": "object",
2194
+ "properties": {
2195
+ "resolver": {
2196
+ "type": "string",
2197
+ "const": "emailMatchingUserEntityProfileEmail"
2198
+ }
2199
+ },
2200
+ "required": [
2201
+ "resolver"
2202
+ ]
2203
+ }
2204
+ ]
2205
+ }
2206
+ }
2207
+ },
2208
+ "required": [
2209
+ "resolvers"
2210
+ ]
2211
+ },
2212
+ "sessionDuration": {}
2483
2213
  },
2484
2214
  "required": [
2485
- "host"
2215
+ "clientId",
2216
+ "clientSecret"
2486
2217
  ]
2487
2218
  }
2488
2219
  }
2489
2220
  }
2490
2221
  }
2491
- },
2492
- "required": [
2493
- "baseUrl",
2494
- "database"
2495
- ]
2496
- },
2497
- "discovery": {
2498
- "description": "Options used by the default discovery service.",
2222
+ }
2223
+ }
2224
+ },
2225
+ "$schema": "http://json-schema.org/draft-07/schema#"
2226
+ },
2227
+ "packageName": "@backstage/plugin-auth-backend-module-github-provider"
2228
+ },
2229
+ {
2230
+ "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
2231
+ "value": {
2232
+ "type": "object",
2233
+ "properties": {
2234
+ "auth": {
2499
2235
  "type": "object",
2500
2236
  "properties": {
2501
- "endpoints": {
2502
- "description": "A list of target baseUrls and the associated plugins.",
2503
- "type": "array",
2504
- "items": {
2505
- "type": "object",
2506
- "properties": {
2507
- "target": {
2508
- "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
2509
- "anyOf": [
2510
- {
2511
- "type": "object",
2512
- "properties": {
2513
- "internal": {
2514
- "type": "string"
2237
+ "providers": {
2238
+ "type": "object",
2239
+ "properties": {
2240
+ "gitlab": {
2241
+ "visibility": "frontend",
2242
+ "type": "object",
2243
+ "additionalProperties": {
2244
+ "type": "object",
2245
+ "properties": {
2246
+ "clientId": {
2247
+ "type": "string"
2248
+ },
2249
+ "clientSecret": {
2250
+ "visibility": "secret",
2251
+ "type": "string"
2252
+ },
2253
+ "audience": {
2254
+ "type": "string"
2255
+ },
2256
+ "callbackUrl": {
2257
+ "type": "string"
2258
+ },
2259
+ "additionalScopes": {
2260
+ "anyOf": [
2261
+ {
2262
+ "type": "array",
2263
+ "items": {
2264
+ "type": "string"
2265
+ }
2515
2266
  },
2516
- "external": {
2267
+ {
2517
2268
  "type": "string"
2518
2269
  }
2519
- }
2270
+ ]
2520
2271
  },
2521
- {
2522
- "type": "string"
2523
- }
2272
+ "signIn": {
2273
+ "type": "object",
2274
+ "properties": {
2275
+ "resolvers": {
2276
+ "type": "array",
2277
+ "items": {
2278
+ "anyOf": [
2279
+ {
2280
+ "type": "object",
2281
+ "properties": {
2282
+ "resolver": {
2283
+ "type": "string",
2284
+ "const": "usernameMatchingUserEntityName"
2285
+ }
2286
+ },
2287
+ "required": [
2288
+ "resolver"
2289
+ ]
2290
+ },
2291
+ {
2292
+ "type": "object",
2293
+ "properties": {
2294
+ "resolver": {
2295
+ "type": "string",
2296
+ "const": "emailLocalPartMatchingUserEntityName"
2297
+ },
2298
+ "allowedDomains": {
2299
+ "type": "array",
2300
+ "items": {
2301
+ "type": "string"
2302
+ }
2303
+ }
2304
+ },
2305
+ "required": [
2306
+ "resolver"
2307
+ ]
2308
+ },
2309
+ {
2310
+ "type": "object",
2311
+ "properties": {
2312
+ "resolver": {
2313
+ "type": "string",
2314
+ "const": "emailMatchingUserEntityProfileEmail"
2315
+ }
2316
+ },
2317
+ "required": [
2318
+ "resolver"
2319
+ ]
2320
+ }
2321
+ ]
2322
+ }
2323
+ }
2324
+ },
2325
+ "required": [
2326
+ "resolvers"
2327
+ ]
2328
+ },
2329
+ "sessionDuration": {}
2330
+ },
2331
+ "required": [
2332
+ "clientId",
2333
+ "clientSecret"
2524
2334
  ]
2525
- },
2526
- "plugins": {
2527
- "description": "Array of plugins which use the target base URL.",
2528
- "type": "array",
2529
- "items": {
2530
- "type": "string"
2531
- }
2532
2335
  }
2533
- },
2534
- "required": [
2535
- "plugins",
2536
- "target"
2537
- ]
2336
+ }
2538
2337
  }
2539
2338
  }
2540
- },
2541
- "required": [
2542
- "endpoints"
2543
- ]
2339
+ }
2544
2340
  }
2545
2341
  },
2546
- "required": [
2547
- "app"
2548
- ],
2549
2342
  "$schema": "http://json-schema.org/draft-07/schema#"
2550
2343
  },
2551
- "packageName": "@backstage/backend-defaults"
2344
+ "packageName": "@backstage/plugin-auth-backend-module-gitlab-provider"
2552
2345
  },
2553
2346
  {
2554
- "path": "../../plugins/events-node/config.d.ts",
2347
+ "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
2555
2348
  "value": {
2556
2349
  "type": "object",
2557
2350
  "properties": {
2558
- "events": {
2351
+ "auth": {
2352
+ "description": "Configuration options for the auth plugin",
2559
2353
  "type": "object",
2560
2354
  "properties": {
2561
- "useEventBus": {
2562
- "description": "Whether to use the event bus API in the events plugin backend to\ndistribute events across multiple instances when publishing and\nsubscribing to events.\n\nThe default is 'auto', which means means that the event bus API will be\nused if it's available, but will be disabled if the events backend\nreturns a 404.\n\nIf set to 'never', the events service will only ever publish events\nlocally to the same instance, while if set to 'always', the event bus API\nwill never be disabled, even if the events backend returns a 404.",
2563
- "enum": [
2564
- "always",
2565
- "auto",
2566
- "never"
2567
- ],
2568
- "type": "string"
2355
+ "providers": {
2356
+ "type": "object",
2357
+ "properties": {
2358
+ "google": {
2359
+ "visibility": "frontend",
2360
+ "type": "object",
2361
+ "additionalProperties": {
2362
+ "type": "object",
2363
+ "properties": {
2364
+ "clientId": {
2365
+ "type": "string"
2366
+ },
2367
+ "clientSecret": {
2368
+ "visibility": "secret",
2369
+ "type": "string"
2370
+ },
2371
+ "callbackUrl": {
2372
+ "type": "string"
2373
+ },
2374
+ "additionalScopes": {
2375
+ "anyOf": [
2376
+ {
2377
+ "type": "array",
2378
+ "items": {
2379
+ "type": "string"
2380
+ }
2381
+ },
2382
+ {
2383
+ "type": "string"
2384
+ }
2385
+ ]
2386
+ },
2387
+ "signIn": {
2388
+ "type": "object",
2389
+ "properties": {
2390
+ "resolvers": {
2391
+ "type": "array",
2392
+ "items": {
2393
+ "anyOf": [
2394
+ {
2395
+ "type": "object",
2396
+ "properties": {
2397
+ "resolver": {
2398
+ "type": "string",
2399
+ "const": "emailMatchingUserEntityAnnotation"
2400
+ }
2401
+ },
2402
+ "required": [
2403
+ "resolver"
2404
+ ]
2405
+ },
2406
+ {
2407
+ "type": "object",
2408
+ "properties": {
2409
+ "resolver": {
2410
+ "type": "string",
2411
+ "const": "emailLocalPartMatchingUserEntityName"
2412
+ },
2413
+ "allowedDomains": {
2414
+ "type": "array",
2415
+ "items": {
2416
+ "type": "string"
2417
+ }
2418
+ }
2419
+ },
2420
+ "required": [
2421
+ "resolver"
2422
+ ]
2423
+ },
2424
+ {
2425
+ "type": "object",
2426
+ "properties": {
2427
+ "resolver": {
2428
+ "type": "string",
2429
+ "const": "emailMatchingUserEntityProfileEmail"
2430
+ }
2431
+ },
2432
+ "required": [
2433
+ "resolver"
2434
+ ]
2435
+ }
2436
+ ]
2437
+ }
2438
+ }
2439
+ },
2440
+ "required": [
2441
+ "resolvers"
2442
+ ]
2443
+ },
2444
+ "sessionDuration": {}
2445
+ },
2446
+ "required": [
2447
+ "clientId",
2448
+ "clientSecret"
2449
+ ]
2450
+ }
2451
+ }
2452
+ }
2569
2453
  }
2570
2454
  }
2571
2455
  }
2572
2456
  },
2573
2457
  "$schema": "http://json-schema.org/draft-07/schema#"
2574
2458
  },
2575
- "packageName": "@backstage/plugin-events-node"
2459
+ "packageName": "@backstage/plugin-auth-backend-module-google-provider"
2576
2460
  },
2577
2461
  {
2578
- "path": "../../plugins/auth-backend-module-atlassian-provider/config.d.ts",
2462
+ "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
2579
2463
  "value": {
2580
2464
  "type": "object",
2581
2465
  "properties": {
@@ -2585,7 +2469,7 @@
2585
2469
  "providers": {
2586
2470
  "type": "object",
2587
2471
  "properties": {
2588
- "atlassian": {
2472
+ "microsoft": {
2589
2473
  "visibility": "frontend",
2590
2474
  "type": "object",
2591
2475
  "additionalProperties": {
@@ -2594,11 +2478,14 @@
2594
2478
  "clientId": {
2595
2479
  "type": "string"
2596
2480
  },
2481
+ "tenantId": {
2482
+ "type": "string"
2483
+ },
2597
2484
  "clientSecret": {
2598
2485
  "visibility": "secret",
2599
2486
  "type": "string"
2600
2487
  },
2601
- "audience": {
2488
+ "domainHint": {
2602
2489
  "type": "string"
2603
2490
  },
2604
2491
  "callbackUrl": {
@@ -2617,6 +2504,9 @@
2617
2504
  }
2618
2505
  ]
2619
2506
  },
2507
+ "skipUserProfile": {
2508
+ "type": "boolean"
2509
+ },
2620
2510
  "signIn": {
2621
2511
  "type": "object",
2622
2512
  "properties": {
@@ -2629,7 +2519,7 @@
2629
2519
  "properties": {
2630
2520
  "resolver": {
2631
2521
  "type": "string",
2632
- "const": "usernameMatchingUserEntityName"
2522
+ "const": "emailMatchingUserEntityAnnotation"
2633
2523
  }
2634
2524
  },
2635
2525
  "required": [
@@ -2665,6 +2555,18 @@
2665
2555
  "required": [
2666
2556
  "resolver"
2667
2557
  ]
2558
+ },
2559
+ {
2560
+ "type": "object",
2561
+ "properties": {
2562
+ "resolver": {
2563
+ "type": "string",
2564
+ "const": "userIdMatchingUserEntityAnnotation"
2565
+ }
2566
+ },
2567
+ "required": [
2568
+ "resolver"
2569
+ ]
2668
2570
  }
2669
2571
  ]
2670
2572
  }
@@ -2678,7 +2580,8 @@
2678
2580
  },
2679
2581
  "required": [
2680
2582
  "clientId",
2681
- "clientSecret"
2583
+ "clientSecret",
2584
+ "tenantId"
2682
2585
  ]
2683
2586
  }
2684
2587
  }
@@ -2689,10 +2592,10 @@
2689
2592
  },
2690
2593
  "$schema": "http://json-schema.org/draft-07/schema#"
2691
2594
  },
2692
- "packageName": "@backstage/plugin-auth-backend-module-atlassian-provider"
2595
+ "packageName": "@backstage/plugin-auth-backend-module-microsoft-provider"
2693
2596
  },
2694
2597
  {
2695
- "path": "../../plugins/auth-backend-module-auth0-provider/config.d.ts",
2598
+ "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
2696
2599
  "value": {
2697
2600
  "type": "object",
2698
2601
  "properties": {
@@ -2702,7 +2605,7 @@
2702
2605
  "providers": {
2703
2606
  "type": "object",
2704
2607
  "properties": {
2705
- "auth0": {
2608
+ "oauth2": {
2706
2609
  "visibility": "frontend",
2707
2610
  "type": "object",
2708
2611
  "additionalProperties": {
@@ -2715,61 +2618,14 @@
2715
2618
  "visibility": "secret",
2716
2619
  "type": "string"
2717
2620
  },
2718
- "domain": {
2719
- "type": "string"
2720
- },
2721
- "callbackUrl": {
2722
- "type": "string"
2723
- },
2724
- "audience": {
2725
- "type": "string"
2726
- },
2727
- "connection": {
2728
- "type": "string"
2729
- },
2730
- "connectionScope": {
2621
+ "authorizationUrl": {
2731
2622
  "type": "string"
2732
2623
  },
2733
- "sessionDuration": {}
2734
- },
2735
- "required": [
2736
- "clientId",
2737
- "clientSecret",
2738
- "domain"
2739
- ]
2740
- }
2741
- }
2742
- }
2743
- }
2744
- }
2745
- }
2746
- },
2747
- "$schema": "http://json-schema.org/draft-07/schema#"
2748
- },
2749
- "packageName": "@backstage/plugin-auth-backend-module-auth0-provider"
2750
- },
2751
- {
2752
- "path": "../../plugins/auth-backend-module-bitbucket-provider/config.d.ts",
2753
- "value": {
2754
- "type": "object",
2755
- "properties": {
2756
- "auth": {
2757
- "type": "object",
2758
- "properties": {
2759
- "providers": {
2760
- "type": "object",
2761
- "properties": {
2762
- "bitbucket": {
2763
- "visibility": "frontend",
2764
- "type": "object",
2765
- "additionalProperties": {
2766
- "type": "object",
2767
- "properties": {
2768
- "clientId": {
2624
+ "tokenUrl": {
2769
2625
  "type": "string"
2770
2626
  },
2771
- "clientSecret": {
2772
- "visibility": "secret",
2627
+ "scope": {
2628
+ "deprecated": "use `additionalScopes` instead",
2773
2629
  "type": "string"
2774
2630
  },
2775
2631
  "additionalScopes": {
@@ -2785,6 +2641,12 @@
2785
2641
  }
2786
2642
  ]
2787
2643
  },
2644
+ "disableRefresh": {
2645
+ "type": "boolean"
2646
+ },
2647
+ "includeBasicAuth": {
2648
+ "type": "boolean"
2649
+ },
2788
2650
  "signIn": {
2789
2651
  "type": "object",
2790
2652
  "properties": {
@@ -2797,7 +2659,7 @@
2797
2659
  "properties": {
2798
2660
  "resolver": {
2799
2661
  "type": "string",
2800
- "const": "userIdMatchingUserEntityAnnotation"
2662
+ "const": "usernameMatchingUserEntityName"
2801
2663
  }
2802
2664
  },
2803
2665
  "required": [
@@ -2845,8 +2707,10 @@
2845
2707
  "sessionDuration": {}
2846
2708
  },
2847
2709
  "required": [
2710
+ "authorizationUrl",
2848
2711
  "clientId",
2849
- "clientSecret"
2712
+ "clientSecret",
2713
+ "tokenUrl"
2850
2714
  ]
2851
2715
  }
2852
2716
  }
@@ -2857,10 +2721,10 @@
2857
2721
  },
2858
2722
  "$schema": "http://json-schema.org/draft-07/schema#"
2859
2723
  },
2860
- "packageName": "@backstage/plugin-auth-backend-module-bitbucket-provider"
2724
+ "packageName": "@backstage/plugin-auth-backend-module-oauth2-provider"
2861
2725
  },
2862
2726
  {
2863
- "path": "../../plugins/auth-backend-module-bitbucket-server-provider/config.d.ts",
2727
+ "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
2864
2728
  "value": {
2865
2729
  "type": "object",
2866
2730
  "properties": {
@@ -2870,7 +2734,7 @@
2870
2734
  "providers": {
2871
2735
  "type": "object",
2872
2736
  "properties": {
2873
- "bitbucketServer": {
2737
+ "oidc": {
2874
2738
  "visibility": "frontend",
2875
2739
  "type": "object",
2876
2740
  "additionalProperties": {
@@ -2883,127 +2747,89 @@
2883
2747
  "visibility": "secret",
2884
2748
  "type": "string"
2885
2749
  },
2886
- "host": {
2750
+ "metadataUrl": {
2887
2751
  "type": "string"
2888
2752
  },
2889
2753
  "callbackUrl": {
2890
2754
  "type": "string"
2891
2755
  },
2892
- "sessionDuration": {}
2893
- },
2894
- "required": [
2895
- "clientId",
2896
- "clientSecret",
2897
- "host"
2898
- ]
2899
- }
2900
- }
2901
- }
2902
- }
2903
- }
2904
- }
2905
- },
2906
- "$schema": "http://json-schema.org/draft-07/schema#"
2907
- },
2908
- "packageName": "@backstage/plugin-auth-backend-module-bitbucket-server-provider"
2909
- },
2910
- {
2911
- "path": "../../plugins/auth-backend-module-cloudflare-access-provider/config.d.ts",
2912
- "value": {
2913
- "type": "object",
2914
- "properties": {
2915
- "auth": {
2916
- "type": "object",
2917
- "properties": {
2918
- "providers": {
2919
- "type": "object",
2920
- "properties": {
2921
- "cfaccess": {
2922
- "visibility": "frontend",
2923
- "type": "object",
2924
- "properties": {
2925
- "teamName": {
2926
- "type": "string"
2927
- },
2928
- "serviceTokens": {
2929
- "deepVisibility": "secret",
2930
- "type": "array",
2931
- "items": {
2932
- "type": "object",
2933
- "properties": {
2934
- "token": {
2935
- "type": "string"
2756
+ "tokenEndpointAuthMethod": {
2757
+ "type": "string"
2758
+ },
2759
+ "tokenSignedResponseAlg": {
2760
+ "type": "string"
2761
+ },
2762
+ "additionalScopes": {
2763
+ "anyOf": [
2764
+ {
2765
+ "type": "array",
2766
+ "items": {
2767
+ "type": "string"
2768
+ }
2936
2769
  },
2937
- "subject": {
2770
+ {
2938
2771
  "type": "string"
2939
2772
  }
2940
- },
2941
- "required": [
2942
- "subject",
2943
- "token"
2944
2773
  ]
2945
- }
2946
- },
2947
- "jwtHeaderName": {
2948
- "type": "string"
2949
- },
2950
- "authorizationCookieName": {
2951
- "type": "string"
2952
- },
2953
- "signIn": {
2954
- "type": "object",
2955
- "properties": {
2956
- "resolvers": {
2957
- "type": "array",
2958
- "items": {
2959
- "anyOf": [
2960
- {
2961
- "type": "object",
2962
- "properties": {
2963
- "resolver": {
2964
- "type": "string",
2965
- "const": "emailLocalPartMatchingUserEntityName"
2966
- },
2967
- "allowedDomains": {
2968
- "type": "array",
2969
- "items": {
2970
- "type": "string"
2971
- }
2972
- }
2973
- },
2974
- "required": [
2975
- "resolver"
2976
- ]
2977
- },
2978
- {
2979
- "type": "object",
2980
- "properties": {
2981
- "resolver": {
2982
- "type": "string",
2983
- "const": "emailMatchingUserEntityProfileEmail"
2984
- }
2774
+ },
2775
+ "prompt": {
2776
+ "type": "string"
2777
+ },
2778
+ "timeout": {},
2779
+ "signIn": {
2780
+ "type": "object",
2781
+ "properties": {
2782
+ "resolvers": {
2783
+ "type": "array",
2784
+ "items": {
2785
+ "anyOf": [
2786
+ {
2787
+ "type": "object",
2788
+ "properties": {
2789
+ "resolver": {
2790
+ "type": "string",
2791
+ "const": "emailLocalPartMatchingUserEntityName"
2792
+ },
2793
+ "allowedDomains": {
2794
+ "type": "array",
2795
+ "items": {
2796
+ "type": "string"
2797
+ }
2798
+ }
2799
+ },
2800
+ "required": [
2801
+ "resolver"
2802
+ ]
2985
2803
  },
2986
- "required": [
2987
- "resolver"
2988
- ]
2989
- }
2990
- ]
2804
+ {
2805
+ "type": "object",
2806
+ "properties": {
2807
+ "resolver": {
2808
+ "type": "string",
2809
+ "const": "emailMatchingUserEntityProfileEmail"
2810
+ }
2811
+ },
2812
+ "required": [
2813
+ "resolver"
2814
+ ]
2815
+ }
2816
+ ]
2817
+ }
2991
2818
  }
2992
- }
2819
+ },
2820
+ "required": [
2821
+ "resolvers"
2822
+ ]
2993
2823
  },
2994
- "required": [
2995
- "resolvers"
2996
- ]
2997
- }
2998
- },
2999
- "required": [
3000
- "teamName"
3001
- ]
3002
- },
3003
- "backstageTokenExpiration": {
3004
- "description": "The backstage token expiration."
3005
- },
3006
- "sessionDuration": {}
2824
+ "sessionDuration": {}
2825
+ },
2826
+ "required": [
2827
+ "clientId",
2828
+ "clientSecret",
2829
+ "metadataUrl"
2830
+ ]
2831
+ }
2832
+ }
3007
2833
  }
3008
2834
  }
3009
2835
  }
@@ -3011,10 +2837,10 @@
3011
2837
  },
3012
2838
  "$schema": "http://json-schema.org/draft-07/schema#"
3013
2839
  },
3014
- "packageName": "@backstage/plugin-auth-backend-module-cloudflare-access-provider"
2840
+ "packageName": "@backstage/plugin-auth-backend-module-oidc-provider"
3015
2841
  },
3016
2842
  {
3017
- "path": "../../plugins/auth-backend-module-gcp-iap-provider/config.d.ts",
2843
+ "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
3018
2844
  "value": {
3019
2845
  "type": "object",
3020
2846
  "properties": {
@@ -3024,92 +2850,108 @@
3024
2850
  "providers": {
3025
2851
  "type": "object",
3026
2852
  "properties": {
3027
- "gcpIap": {
3028
- "description": "Configuration for the Google Cloud Platform Identity-Aware Proxy (IAP) auth provider.",
2853
+ "okta": {
2854
+ "visibility": "frontend",
3029
2855
  "type": "object",
3030
- "properties": {
3031
- "audience": {
3032
- "description": "The audience to use when validating incoming JWT tokens.\nSee https://backstage.io/docs/auth/google/gcp-iap-auth",
3033
- "type": "string"
3034
- },
3035
- "jwtHeader": {
3036
- "description": "The name of the header to read the JWT token from, defaults to `'x-goog-iap-jwt-assertion'`.",
3037
- "type": "string"
3038
- },
3039
- "signIn": {
3040
- "type": "object",
3041
- "properties": {
3042
- "resolvers": {
3043
- "type": "array",
3044
- "items": {
3045
- "anyOf": [
3046
- {
3047
- "type": "object",
3048
- "properties": {
3049
- "resolver": {
3050
- "type": "string",
3051
- "const": "emailMatchingUserEntityAnnotation"
3052
- }
3053
- },
3054
- "required": [
3055
- "resolver"
3056
- ]
3057
- },
3058
- {
3059
- "type": "object",
3060
- "properties": {
3061
- "resolver": {
3062
- "type": "string",
3063
- "const": "idMatchingUserEntityAnnotation"
3064
- }
3065
- },
3066
- "required": [
3067
- "resolver"
3068
- ]
3069
- },
3070
- {
3071
- "type": "object",
3072
- "properties": {
3073
- "resolver": {
3074
- "type": "string",
3075
- "const": "emailLocalPartMatchingUserEntityName"
3076
- },
3077
- "allowedDomains": {
3078
- "type": "array",
3079
- "items": {
3080
- "type": "string"
2856
+ "additionalProperties": {
2857
+ "type": "object",
2858
+ "properties": {
2859
+ "clientId": {
2860
+ "type": "string"
2861
+ },
2862
+ "clientSecret": {
2863
+ "visibility": "secret",
2864
+ "type": "string"
2865
+ },
2866
+ "audience": {
2867
+ "type": "string"
2868
+ },
2869
+ "authServerId": {
2870
+ "type": "string"
2871
+ },
2872
+ "idp": {
2873
+ "type": "string"
2874
+ },
2875
+ "callbackUrl": {
2876
+ "type": "string"
2877
+ },
2878
+ "additionalScopes": {
2879
+ "anyOf": [
2880
+ {
2881
+ "type": "array",
2882
+ "items": {
2883
+ "type": "string"
2884
+ }
2885
+ },
2886
+ {
2887
+ "type": "string"
2888
+ }
2889
+ ]
2890
+ },
2891
+ "signIn": {
2892
+ "type": "object",
2893
+ "properties": {
2894
+ "resolvers": {
2895
+ "type": "array",
2896
+ "items": {
2897
+ "anyOf": [
2898
+ {
2899
+ "type": "object",
2900
+ "properties": {
2901
+ "resolver": {
2902
+ "type": "string",
2903
+ "const": "emailMatchingUserEntityAnnotation"
3081
2904
  }
3082
- }
2905
+ },
2906
+ "required": [
2907
+ "resolver"
2908
+ ]
3083
2909
  },
3084
- "required": [
3085
- "resolver"
3086
- ]
3087
- },
3088
- {
3089
- "type": "object",
3090
- "properties": {
3091
- "resolver": {
3092
- "type": "string",
3093
- "const": "emailMatchingUserEntityProfileEmail"
3094
- }
2910
+ {
2911
+ "type": "object",
2912
+ "properties": {
2913
+ "resolver": {
2914
+ "type": "string",
2915
+ "const": "emailLocalPartMatchingUserEntityName"
2916
+ },
2917
+ "allowedDomains": {
2918
+ "type": "array",
2919
+ "items": {
2920
+ "type": "string"
2921
+ }
2922
+ }
2923
+ },
2924
+ "required": [
2925
+ "resolver"
2926
+ ]
3095
2927
  },
3096
- "required": [
3097
- "resolver"
3098
- ]
3099
- }
3100
- ]
2928
+ {
2929
+ "type": "object",
2930
+ "properties": {
2931
+ "resolver": {
2932
+ "type": "string",
2933
+ "const": "emailMatchingUserEntityProfileEmail"
2934
+ }
2935
+ },
2936
+ "required": [
2937
+ "resolver"
2938
+ ]
2939
+ }
2940
+ ]
2941
+ }
3101
2942
  }
3102
- }
2943
+ },
2944
+ "required": [
2945
+ "resolvers"
2946
+ ]
3103
2947
  },
3104
- "required": [
3105
- "resolvers"
3106
- ]
2948
+ "sessionDuration": {}
3107
2949
  },
3108
- "sessionDuration": {}
3109
- },
3110
- "required": [
3111
- "audience"
3112
- ]
2950
+ "required": [
2951
+ "clientId",
2952
+ "clientSecret"
2953
+ ]
2954
+ }
3113
2955
  }
3114
2956
  }
3115
2957
  }
@@ -3118,10 +2960,10 @@
3118
2960
  },
3119
2961
  "$schema": "http://json-schema.org/draft-07/schema#"
3120
2962
  },
3121
- "packageName": "@backstage/plugin-auth-backend-module-gcp-iap-provider"
2963
+ "packageName": "@backstage/plugin-auth-backend-module-okta-provider"
3122
2964
  },
3123
2965
  {
3124
- "path": "../../plugins/auth-backend-module-github-provider/config.d.ts",
2966
+ "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
3125
2967
  "value": {
3126
2968
  "type": "object",
3127
2969
  "properties": {
@@ -3131,7 +2973,7 @@
3131
2973
  "providers": {
3132
2974
  "type": "object",
3133
2975
  "properties": {
3134
- "github": {
2976
+ "onelogin": {
3135
2977
  "visibility": "frontend",
3136
2978
  "type": "object",
3137
2979
  "additionalProperties": {
@@ -3144,25 +2986,12 @@
3144
2986
  "visibility": "secret",
3145
2987
  "type": "string"
3146
2988
  },
3147
- "callbackUrl": {
2989
+ "issuer": {
3148
2990
  "type": "string"
3149
2991
  },
3150
- "enterpriseInstanceUrl": {
2992
+ "callbackUrl": {
3151
2993
  "type": "string"
3152
2994
  },
3153
- "additionalScopes": {
3154
- "anyOf": [
3155
- {
3156
- "type": "array",
3157
- "items": {
3158
- "type": "string"
3159
- }
3160
- },
3161
- {
3162
- "type": "string"
3163
- }
3164
- ]
3165
- },
3166
2995
  "signIn": {
3167
2996
  "type": "object",
3168
2997
  "properties": {
@@ -3224,7 +3053,8 @@
3224
3053
  },
3225
3054
  "required": [
3226
3055
  "clientId",
3227
- "clientSecret"
3056
+ "clientSecret",
3057
+ "issuer"
3228
3058
  ]
3229
3059
  }
3230
3060
  }
@@ -3235,416 +3065,629 @@
3235
3065
  },
3236
3066
  "$schema": "http://json-schema.org/draft-07/schema#"
3237
3067
  },
3238
- "packageName": "@backstage/plugin-auth-backend-module-github-provider"
3068
+ "packageName": "@backstage/plugin-auth-backend-module-onelogin-provider"
3239
3069
  },
3240
3070
  {
3241
- "path": "../../plugins/auth-backend-module-gitlab-provider/config.d.ts",
3071
+ "path": "../backend-defaults/config.d.ts",
3242
3072
  "value": {
3243
3073
  "type": "object",
3244
3074
  "properties": {
3245
- "auth": {
3075
+ "app": {
3246
3076
  "type": "object",
3247
3077
  "properties": {
3248
- "providers": {
3078
+ "baseUrl": {
3079
+ "type": "string"
3080
+ }
3081
+ },
3082
+ "required": [
3083
+ "baseUrl"
3084
+ ]
3085
+ },
3086
+ "backend": {
3087
+ "type": "object",
3088
+ "properties": {
3089
+ "baseUrl": {
3090
+ "description": "The full base URL of the backend, as seen from the browser's point of\nview as it makes calls to the backend.",
3091
+ "type": "string"
3092
+ },
3093
+ "lifecycle": {
3249
3094
  "type": "object",
3250
3095
  "properties": {
3251
- "gitlab": {
3252
- "visibility": "frontend",
3096
+ "startupRequestPauseTimeout": {
3097
+ "description": "The maximum time that paused requests will wait for the service to start, before returning an error.\nDefaults to 5 seconds\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
3098
+ },
3099
+ "serverShutdownDelay": {
3100
+ "description": "The minimum time that the HTTP server will delay the shutdown of the backend. During this delay health checks will be set to failing, allowing traffic to drain.\nDefaults to 0 seconds.\nSupported formats:\n- A string in the format of '1d', '2 seconds' etc. as supported by the `ms`\n library.\n- A standard ISO formatted duration string, e.g. 'P2DT6H' or 'PT1M'.\n- An object with individual units (in plural) as keys, e.g. `{ days: 2, hours: 6 }`."
3101
+ }
3102
+ }
3103
+ },
3104
+ "listen": {
3105
+ "description": "Address that the backend should listen to.",
3106
+ "anyOf": [
3107
+ {
3253
3108
  "type": "object",
3254
- "additionalProperties": {
3109
+ "properties": {
3110
+ "host": {
3111
+ "description": "Address of the interface that the backend should bind to.",
3112
+ "type": "string"
3113
+ },
3114
+ "port": {
3115
+ "description": "Port that the backend should listen to.",
3116
+ "type": [
3117
+ "string",
3118
+ "number"
3119
+ ]
3120
+ }
3121
+ }
3122
+ },
3123
+ {
3124
+ "type": "string"
3125
+ }
3126
+ ]
3127
+ },
3128
+ "https": {
3129
+ "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
3130
+ "anyOf": [
3131
+ {
3132
+ "type": "object",
3133
+ "properties": {
3134
+ "certificate": {
3135
+ "description": "Certificate configuration",
3136
+ "type": "object",
3137
+ "properties": {
3138
+ "cert": {
3139
+ "description": "PEM encoded certificate. Use $file to load in a file",
3140
+ "type": "string"
3141
+ },
3142
+ "key": {
3143
+ "description": "PEM encoded certificate key. Use $file to load in a file.",
3144
+ "visibility": "secret",
3145
+ "type": "string"
3146
+ }
3147
+ },
3148
+ "required": [
3149
+ "cert",
3150
+ "key"
3151
+ ]
3152
+ }
3153
+ }
3154
+ },
3155
+ {
3156
+ "const": true,
3157
+ "type": "boolean"
3158
+ }
3159
+ ]
3160
+ },
3161
+ "auth": {
3162
+ "description": "Options used by the default auth, httpAuth and userInfo services.",
3163
+ "type": "object",
3164
+ "properties": {
3165
+ "keys": {
3166
+ "description": "Keys shared by all backends for signing and validating backend tokens.",
3167
+ "deprecated": "this will be removed when the backwards compatibility is no longer needed with backend-common",
3168
+ "type": "array",
3169
+ "items": {
3255
3170
  "type": "object",
3256
3171
  "properties": {
3257
- "clientId": {
3258
- "type": "string"
3259
- },
3260
- "clientSecret": {
3172
+ "secret": {
3173
+ "description": "Secret for generating tokens. Should be a base64 string, recommended\nlength is 24 bytes.",
3261
3174
  "visibility": "secret",
3262
3175
  "type": "string"
3176
+ }
3177
+ },
3178
+ "required": [
3179
+ "secret"
3180
+ ]
3181
+ }
3182
+ },
3183
+ "dangerouslyDisableDefaultAuthPolicy": {
3184
+ "description": "This disables the otherwise default auth policy, which requires all\nrequests to be authenticated with either user or service credentials.\n\nDisabling this check means that the backend will no longer block\nunauthenticated requests, but instead allow them to pass through to\nplugins.\n\nIf permissions are enabled, unauthenticated requests will be treated\nexactly as such, leaving it to the permission policy to determine what\npermissions should be allowed for an unauthenticated identity. Note\nthat this will also apply to service-to-service calls between plugins\nunless you configure credentials for service calls.",
3185
+ "type": "boolean"
3186
+ },
3187
+ "pluginKeyStore": {
3188
+ "description": "Controls how to store keys for plugin-to-plugin auth",
3189
+ "anyOf": [
3190
+ {
3191
+ "type": "object",
3192
+ "properties": {
3193
+ "type": {
3194
+ "type": "string",
3195
+ "const": "database"
3196
+ }
3263
3197
  },
3264
- "audience": {
3265
- "type": "string"
3266
- },
3267
- "callbackUrl": {
3268
- "type": "string"
3269
- },
3270
- "additionalScopes": {
3271
- "anyOf": [
3272
- {
3273
- "type": "array",
3274
- "items": {
3275
- "type": "string"
3198
+ "required": [
3199
+ "type"
3200
+ ]
3201
+ },
3202
+ {
3203
+ "type": "object",
3204
+ "properties": {
3205
+ "type": {
3206
+ "type": "string",
3207
+ "const": "static"
3208
+ },
3209
+ "static": {
3210
+ "type": "object",
3211
+ "properties": {
3212
+ "keys": {
3213
+ "description": "Must be declared at least once and the first one will be used for signing.",
3214
+ "type": "array",
3215
+ "items": {
3216
+ "type": "object",
3217
+ "properties": {
3218
+ "publicKeyFile": {
3219
+ "description": "Path to the public key file in the SPKI format. Should be an absolute path.",
3220
+ "type": "string"
3221
+ },
3222
+ "privateKeyFile": {
3223
+ "description": "Path to the matching private key file in the PKCS#8 format. Should be an absolute path.\n\nThe first array entry must specify a private key file, the rest must not.",
3224
+ "type": "string"
3225
+ },
3226
+ "keyId": {
3227
+ "description": "ID to uniquely identify this key within the JWK set.",
3228
+ "type": "string"
3229
+ },
3230
+ "algorithm": {
3231
+ "description": "JWS \"alg\" (Algorithm) Header Parameter value. Defaults to ES256.\nMust match the algorithm used to generate the keys in the provided files",
3232
+ "type": "string"
3233
+ }
3234
+ },
3235
+ "required": [
3236
+ "keyId",
3237
+ "publicKeyFile"
3238
+ ]
3239
+ }
3276
3240
  }
3277
3241
  },
3278
- {
3279
- "type": "string"
3280
- }
3281
- ]
3242
+ "required": [
3243
+ "keys"
3244
+ ]
3245
+ }
3282
3246
  },
3283
- "signIn": {
3247
+ "required": [
3248
+ "static",
3249
+ "type"
3250
+ ]
3251
+ }
3252
+ ]
3253
+ },
3254
+ "externalAccess": {
3255
+ "description": "Configures methods of external access, ie ways for callers outside of\nthe Backstage ecosystem to get authorized for access to APIs that do\nnot permit unauthorized access.",
3256
+ "type": "array",
3257
+ "items": {
3258
+ "anyOf": [
3259
+ {
3284
3260
  "type": "object",
3285
3261
  "properties": {
3286
- "resolvers": {
3262
+ "type": {
3263
+ "description": "This is the legacy service-to-service access method, where a set\nof static keys were shared among plugins and used for symmetric\nsigning and verification. These correspond to the old\n`backend.auth.keys` set and retain their behavior for backwards\ncompatibility. Please migrate to other access methods when\npossible.\n\nCallers generate JWT tokens with the following payload:\n\n```json\n{\n \"sub\": \"backstage-plugin\",\n \"exp\": <epoch seconds one hour in the future>\n}\n```\n\nAnd sign them with HS256, using the base64 decoded secret. The\ntokens are then passed along with requests in the Authorization\nheader:\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI...\n```",
3264
+ "type": "string",
3265
+ "const": "legacy"
3266
+ },
3267
+ "options": {
3268
+ "type": "object",
3269
+ "properties": {
3270
+ "secret": {
3271
+ "description": "Any set of base64 encoded random bytes to be used as both the\nsigning and verification key. Should be sufficiently long so as\nnot to be easy to guess by brute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```",
3272
+ "visibility": "secret",
3273
+ "type": "string"
3274
+ },
3275
+ "subject": {
3276
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
3277
+ "type": "string"
3278
+ }
3279
+ },
3280
+ "required": [
3281
+ "secret",
3282
+ "subject"
3283
+ ]
3284
+ },
3285
+ "accessRestrictions": {
3286
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3287
3287
  "type": "array",
3288
3288
  "items": {
3289
- "anyOf": [
3290
- {
3291
- "type": "object",
3292
- "properties": {
3293
- "resolver": {
3294
- "type": "string",
3295
- "const": "usernameMatchingUserEntityName"
3296
- }
3297
- },
3298
- "required": [
3299
- "resolver"
3300
- ]
3289
+ "type": "object",
3290
+ "properties": {
3291
+ "plugin": {
3292
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
3293
+ "type": "string"
3301
3294
  },
3302
- {
3303
- "type": "object",
3304
- "properties": {
3305
- "resolver": {
3306
- "type": "string",
3307
- "const": "emailLocalPartMatchingUserEntityName"
3308
- },
3309
- "allowedDomains": {
3295
+ "permission": {
3296
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3297
+ "anyOf": [
3298
+ {
3310
3299
  "type": "array",
3311
3300
  "items": {
3312
3301
  "type": "string"
3313
3302
  }
3303
+ },
3304
+ {
3305
+ "type": "string"
3314
3306
  }
3315
- },
3316
- "required": [
3317
- "resolver"
3318
3307
  ]
3319
3308
  },
3320
- {
3309
+ "permissionAttribute": {
3310
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3321
3311
  "type": "object",
3322
3312
  "properties": {
3323
- "resolver": {
3324
- "type": "string",
3325
- "const": "emailMatchingUserEntityProfileEmail"
3313
+ "action": {
3314
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
3315
+ "anyOf": [
3316
+ {
3317
+ "type": "array",
3318
+ "items": {
3319
+ "type": "string"
3320
+ }
3321
+ },
3322
+ {
3323
+ "type": "string"
3324
+ }
3325
+ ]
3326
3326
  }
3327
- },
3328
- "required": [
3329
- "resolver"
3330
- ]
3327
+ }
3331
3328
  }
3329
+ },
3330
+ "required": [
3331
+ "plugin"
3332
3332
  ]
3333
3333
  }
3334
3334
  }
3335
3335
  },
3336
3336
  "required": [
3337
- "resolvers"
3338
- ]
3339
- },
3340
- "sessionDuration": {}
3341
- },
3342
- "required": [
3343
- "clientId",
3344
- "clientSecret"
3345
- ]
3346
- }
3347
- }
3348
- }
3349
- }
3350
- }
3351
- }
3352
- },
3353
- "$schema": "http://json-schema.org/draft-07/schema#"
3354
- },
3355
- "packageName": "@backstage/plugin-auth-backend-module-gitlab-provider"
3356
- },
3357
- {
3358
- "path": "../../plugins/auth-backend-module-google-provider/config.d.ts",
3359
- "value": {
3360
- "type": "object",
3361
- "properties": {
3362
- "auth": {
3363
- "description": "Configuration options for the auth plugin",
3364
- "type": "object",
3365
- "properties": {
3366
- "providers": {
3367
- "type": "object",
3368
- "properties": {
3369
- "google": {
3370
- "visibility": "frontend",
3371
- "type": "object",
3372
- "additionalProperties": {
3373
- "type": "object",
3374
- "properties": {
3375
- "clientId": {
3376
- "type": "string"
3377
- },
3378
- "clientSecret": {
3379
- "visibility": "secret",
3380
- "type": "string"
3381
- },
3382
- "callbackUrl": {
3383
- "type": "string"
3384
- },
3385
- "additionalScopes": {
3386
- "anyOf": [
3387
- {
3388
- "type": "array",
3389
- "items": {
3390
- "type": "string"
3391
- }
3392
- },
3393
- {
3394
- "type": "string"
3395
- }
3337
+ "options",
3338
+ "type"
3396
3339
  ]
3397
3340
  },
3398
- "signIn": {
3341
+ {
3399
3342
  "type": "object",
3400
3343
  "properties": {
3401
- "resolvers": {
3344
+ "type": {
3345
+ "description": "This access method consists of random static tokens that can be\nhanded out to callers.\n\nThe tokens are then passed along verbatim with requests in the\nAuthorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
3346
+ "type": "string",
3347
+ "const": "static"
3348
+ },
3349
+ "options": {
3350
+ "type": "object",
3351
+ "properties": {
3352
+ "token": {
3353
+ "description": "A raw token that can be any string, but for security reasons\nshould be sufficiently long so as not to be easy to guess by\nbrute force.\n\nCan be generated eg using\n\n```sh\nnode -p 'require(\"crypto\").randomBytes(24).toString(\"base64\")'\n```\n\nSince the tokens can be any string, you are free to add\nadditional identifying data to them if you like. For example,\nadding a `freben-local-dev-` prefix for debugging purposes to a\ntoken that you know will be handed out for use as a personal\naccess token during development.",
3354
+ "visibility": "secret",
3355
+ "type": "string"
3356
+ },
3357
+ "subject": {
3358
+ "description": "Sets the subject of the principal, when matching this token.\nUseful for debugging and tracking purposes.",
3359
+ "type": "string"
3360
+ }
3361
+ },
3362
+ "required": [
3363
+ "subject",
3364
+ "token"
3365
+ ]
3366
+ },
3367
+ "accessRestrictions": {
3368
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3402
3369
  "type": "array",
3403
3370
  "items": {
3404
- "anyOf": [
3405
- {
3406
- "type": "object",
3407
- "properties": {
3408
- "resolver": {
3409
- "type": "string",
3410
- "const": "emailMatchingUserEntityAnnotation"
3411
- }
3412
- },
3413
- "required": [
3414
- "resolver"
3415
- ]
3371
+ "type": "object",
3372
+ "properties": {
3373
+ "plugin": {
3374
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
3375
+ "type": "string"
3416
3376
  },
3417
- {
3418
- "type": "object",
3419
- "properties": {
3420
- "resolver": {
3421
- "type": "string",
3422
- "const": "emailLocalPartMatchingUserEntityName"
3423
- },
3424
- "allowedDomains": {
3377
+ "permission": {
3378
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3379
+ "anyOf": [
3380
+ {
3425
3381
  "type": "array",
3426
3382
  "items": {
3427
3383
  "type": "string"
3428
3384
  }
3385
+ },
3386
+ {
3387
+ "type": "string"
3429
3388
  }
3430
- },
3431
- "required": [
3432
- "resolver"
3433
3389
  ]
3434
3390
  },
3435
- {
3391
+ "permissionAttribute": {
3392
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3436
3393
  "type": "object",
3437
3394
  "properties": {
3438
- "resolver": {
3439
- "type": "string",
3440
- "const": "emailMatchingUserEntityProfileEmail"
3395
+ "action": {
3396
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
3397
+ "anyOf": [
3398
+ {
3399
+ "type": "array",
3400
+ "items": {
3401
+ "type": "string"
3402
+ }
3403
+ },
3404
+ {
3405
+ "type": "string"
3406
+ }
3407
+ ]
3441
3408
  }
3442
- },
3443
- "required": [
3444
- "resolver"
3445
- ]
3409
+ }
3446
3410
  }
3411
+ },
3412
+ "required": [
3413
+ "plugin"
3447
3414
  ]
3448
3415
  }
3449
3416
  }
3450
3417
  },
3451
3418
  "required": [
3452
- "resolvers"
3453
- ]
3454
- },
3455
- "sessionDuration": {}
3456
- },
3457
- "required": [
3458
- "clientId",
3459
- "clientSecret"
3460
- ]
3461
- }
3462
- }
3463
- }
3464
- }
3465
- }
3466
- }
3467
- },
3468
- "$schema": "http://json-schema.org/draft-07/schema#"
3469
- },
3470
- "packageName": "@backstage/plugin-auth-backend-module-google-provider"
3471
- },
3472
- {
3473
- "path": "../../plugins/auth-backend-module-microsoft-provider/config.d.ts",
3474
- "value": {
3475
- "type": "object",
3476
- "properties": {
3477
- "auth": {
3478
- "type": "object",
3479
- "properties": {
3480
- "providers": {
3481
- "type": "object",
3482
- "properties": {
3483
- "microsoft": {
3484
- "visibility": "frontend",
3485
- "type": "object",
3486
- "additionalProperties": {
3487
- "type": "object",
3488
- "properties": {
3489
- "clientId": {
3490
- "type": "string"
3491
- },
3492
- "tenantId": {
3493
- "type": "string"
3494
- },
3495
- "clientSecret": {
3496
- "visibility": "secret",
3497
- "type": "string"
3498
- },
3499
- "domainHint": {
3500
- "type": "string"
3501
- },
3502
- "callbackUrl": {
3503
- "type": "string"
3504
- },
3505
- "additionalScopes": {
3506
- "anyOf": [
3507
- {
3508
- "type": "array",
3509
- "items": {
3510
- "type": "string"
3511
- }
3512
- },
3513
- {
3514
- "type": "string"
3515
- }
3419
+ "options",
3420
+ "type"
3516
3421
  ]
3517
3422
  },
3518
- "skipUserProfile": {
3519
- "type": "boolean"
3520
- },
3521
- "signIn": {
3423
+ {
3522
3424
  "type": "object",
3523
3425
  "properties": {
3524
- "resolvers": {
3525
- "type": "array",
3526
- "items": {
3527
- "anyOf": [
3528
- {
3529
- "type": "object",
3530
- "properties": {
3531
- "resolver": {
3532
- "type": "string",
3533
- "const": "emailMatchingUserEntityAnnotation"
3426
+ "type": {
3427
+ "description": "This access method consists of a JWKS endpoint that can be used to\nverify JWT tokens.\n\nCallers generate JWT tokens via 3rd party tooling\nand pass them in the Authorization header:\n\n```\nAuthorization: Bearer eZv5o+fW3KnR3kVabMW4ZcDNLPl8nmMW\n```",
3428
+ "type": "string",
3429
+ "const": "jwks"
3430
+ },
3431
+ "options": {
3432
+ "type": "object",
3433
+ "properties": {
3434
+ "url": {
3435
+ "description": "The full URL of the JWKS endpoint.",
3436
+ "type": "string"
3437
+ },
3438
+ "algorithm": {
3439
+ "description": "Sets the algorithm(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have been signed using one of the listed algorithms.",
3440
+ "anyOf": [
3441
+ {
3442
+ "type": "array",
3443
+ "items": {
3444
+ "type": "string"
3534
3445
  }
3535
3446
  },
3536
- "required": [
3537
- "resolver"
3538
- ]
3447
+ {
3448
+ "type": "string"
3449
+ }
3450
+ ]
3451
+ },
3452
+ "issuer": {
3453
+ "description": "Sets the issuer(s) that should be used to verify the JWT tokens.\nPassed JWTs must have an `iss` claim which matches one of the specified issuers.",
3454
+ "anyOf": [
3455
+ {
3456
+ "type": "array",
3457
+ "items": {
3458
+ "type": "string"
3459
+ }
3460
+ },
3461
+ {
3462
+ "type": "string"
3463
+ }
3464
+ ]
3465
+ },
3466
+ "audience": {
3467
+ "description": "Sets the audience(s) that should be used to verify the JWT tokens.\nThe passed JWTs must have an \"aud\" claim that matches one of the audiences specified,\nor have no audience specified.",
3468
+ "anyOf": [
3469
+ {
3470
+ "type": "array",
3471
+ "items": {
3472
+ "type": "string"
3473
+ }
3474
+ },
3475
+ {
3476
+ "type": "string"
3477
+ }
3478
+ ]
3479
+ },
3480
+ "subjectPrefix": {
3481
+ "description": "Sets an optional subject prefix. Passes the subject to called plugins.\nUseful for debugging and tracking purposes.",
3482
+ "type": "string"
3483
+ }
3484
+ },
3485
+ "required": [
3486
+ "url"
3487
+ ]
3488
+ },
3489
+ "accessRestrictions": {
3490
+ "description": "Restricts what types of access that are permitted for this access\nmethod. If no access restrictions are given, it'll have unlimited\naccess. This access restriction applies for the framework level;\nindividual plugins may have their own access control mechanisms\non top of this.",
3491
+ "type": "array",
3492
+ "items": {
3493
+ "type": "object",
3494
+ "properties": {
3495
+ "plugin": {
3496
+ "description": "Permit access to make requests to this plugin.\n\nCan be further refined by setting additional fields below.",
3497
+ "type": "string"
3539
3498
  },
3540
- {
3541
- "type": "object",
3542
- "properties": {
3543
- "resolver": {
3544
- "type": "string",
3545
- "const": "emailLocalPartMatchingUserEntityName"
3546
- },
3547
- "allowedDomains": {
3499
+ "permission": {
3500
+ "description": "If given, this method is limited to only performing actions\nwith these named permissions in this plugin.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3501
+ "anyOf": [
3502
+ {
3548
3503
  "type": "array",
3549
3504
  "items": {
3550
3505
  "type": "string"
3551
3506
  }
3507
+ },
3508
+ {
3509
+ "type": "string"
3552
3510
  }
3553
- },
3554
- "required": [
3555
- "resolver"
3556
- ]
3557
- },
3558
- {
3559
- "type": "object",
3560
- "properties": {
3561
- "resolver": {
3562
- "type": "string",
3563
- "const": "emailMatchingUserEntityProfileEmail"
3564
- }
3565
- },
3566
- "required": [
3567
- "resolver"
3568
3511
  ]
3569
3512
  },
3570
- {
3513
+ "permissionAttribute": {
3514
+ "description": "If given, this method is limited to only performing actions\nwhose permissions have these attributes.\n\nNote that this only applies where permissions checks are\nenabled in the first place. Endpoints that are not protected by\nthe permissions system at all, are not affected by this\nsetting.",
3571
3515
  "type": "object",
3572
3516
  "properties": {
3573
- "resolver": {
3574
- "type": "string",
3575
- "const": "userIdMatchingUserEntityAnnotation"
3517
+ "action": {
3518
+ "description": "One of more of 'create', 'read', 'update', or 'delete'.",
3519
+ "anyOf": [
3520
+ {
3521
+ "type": "array",
3522
+ "items": {
3523
+ "type": "string"
3524
+ }
3525
+ },
3526
+ {
3527
+ "type": "string"
3528
+ }
3529
+ ]
3576
3530
  }
3577
- },
3578
- "required": [
3579
- "resolver"
3580
- ]
3531
+ }
3581
3532
  }
3533
+ },
3534
+ "required": [
3535
+ "plugin"
3582
3536
  ]
3583
3537
  }
3584
3538
  }
3585
3539
  },
3586
3540
  "required": [
3587
- "resolvers"
3541
+ "options",
3542
+ "type"
3588
3543
  ]
3589
- },
3590
- "sessionDuration": {}
3591
- },
3592
- "required": [
3593
- "clientId",
3594
- "clientSecret",
3595
- "tenantId"
3544
+ }
3596
3545
  ]
3597
3546
  }
3598
3547
  }
3599
3548
  }
3600
- }
3601
- }
3602
- }
3603
- },
3604
- "$schema": "http://json-schema.org/draft-07/schema#"
3605
- },
3606
- "packageName": "@backstage/plugin-auth-backend-module-microsoft-provider"
3607
- },
3608
- {
3609
- "path": "../../plugins/auth-backend-module-oauth2-provider/config.d.ts",
3610
- "value": {
3611
- "type": "object",
3612
- "properties": {
3613
- "auth": {
3614
- "type": "object",
3615
- "properties": {
3616
- "providers": {
3549
+ },
3550
+ "database": {
3551
+ "description": "Database connection configuration, select base database type using the `client` field",
3617
3552
  "type": "object",
3618
3553
  "properties": {
3619
- "oauth2": {
3620
- "visibility": "frontend",
3554
+ "client": {
3555
+ "description": "Default database client to use",
3556
+ "enum": [
3557
+ "better-sqlite3",
3558
+ "pg",
3559
+ "sqlite3"
3560
+ ],
3561
+ "type": "string"
3562
+ },
3563
+ "connection": {
3564
+ "description": "Base database connection string, or object with individual connection properties",
3565
+ "visibility": "secret",
3566
+ "anyOf": [
3567
+ {
3568
+ "type": "object",
3569
+ "properties": {
3570
+ "type": {
3571
+ "description": "The specific config for cloudsql connections",
3572
+ "type": "string",
3573
+ "const": "cloudsql"
3574
+ },
3575
+ "instance": {
3576
+ "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
3577
+ "type": "string"
3578
+ },
3579
+ "ipAddressType": {
3580
+ "description": "The ip address type to use for the connection. Defaults to 'PUBLIC'",
3581
+ "enum": [
3582
+ "PRIVATE",
3583
+ "PSC",
3584
+ "PUBLIC"
3585
+ ],
3586
+ "type": "string"
3587
+ }
3588
+ },
3589
+ "required": [
3590
+ "instance",
3591
+ "type"
3592
+ ]
3593
+ },
3594
+ {
3595
+ "type": "object",
3596
+ "additionalProperties": {},
3597
+ "properties": {
3598
+ "password": {
3599
+ "description": "Password that belongs to the client User",
3600
+ "visibility": "secret",
3601
+ "type": "string"
3602
+ }
3603
+ }
3604
+ },
3605
+ {
3606
+ "type": "string"
3607
+ }
3608
+ ]
3609
+ },
3610
+ "prefix": {
3611
+ "description": "Database name prefix override",
3612
+ "type": "string"
3613
+ },
3614
+ "ensureExists": {
3615
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to true if unspecified.",
3616
+ "type": "boolean"
3617
+ },
3618
+ "ensureSchemaExists": {
3619
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
3620
+ "type": "boolean"
3621
+ },
3622
+ "pluginDivisionMode": {
3623
+ "description": "How plugins databases are managed/divided in the provided database instance.\n\n`database` -> Plugins are each given their own database to manage their schemas/tables.\n\n`schema` -> Plugins will be given their own schema (in the specified/default database)\n to manage their tables.\n\nNOTE: Currently only supported by the `pg` client.",
3624
+ "default": "database",
3625
+ "enum": [
3626
+ "database",
3627
+ "schema"
3628
+ ],
3629
+ "type": "string"
3630
+ },
3631
+ "role": {
3632
+ "description": "Configures the ownership of newly created schemas in pg databases.",
3633
+ "type": "string"
3634
+ },
3635
+ "knexConfig": {
3636
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the debug\nand asyncStackTraces booleans",
3637
+ "type": "object",
3638
+ "properties": {},
3639
+ "additionalProperties": true
3640
+ },
3641
+ "skipMigrations": {
3642
+ "description": "Skip running database migrations.",
3643
+ "type": "boolean"
3644
+ },
3645
+ "plugin": {
3646
+ "description": "Plugin specific database configuration and client override",
3621
3647
  "type": "object",
3622
3648
  "additionalProperties": {
3623
3649
  "type": "object",
3624
3650
  "properties": {
3625
- "clientId": {
3651
+ "client": {
3652
+ "description": "Database client override",
3653
+ "enum": [
3654
+ "better-sqlite3",
3655
+ "pg",
3656
+ "sqlite3"
3657
+ ],
3626
3658
  "type": "string"
3627
3659
  },
3628
- "clientSecret": {
3660
+ "connection": {
3661
+ "description": "Database connection string or Knex object override",
3629
3662
  "visibility": "secret",
3630
- "type": "string"
3631
- },
3632
- "authorizationUrl": {
3633
- "type": "string"
3634
- },
3635
- "tokenUrl": {
3636
- "type": "string"
3637
- },
3638
- "scope": {
3639
- "deprecated": "use `additionalScopes` instead",
3640
- "type": "string"
3641
- },
3642
- "additionalScopes": {
3643
3663
  "anyOf": [
3644
3664
  {
3645
- "type": "array",
3646
- "items": {
3647
- "type": "string"
3665
+ "type": "object",
3666
+ "properties": {
3667
+ "type": {
3668
+ "description": "The specific config for cloudsql connections",
3669
+ "type": "string",
3670
+ "const": "cloudsql"
3671
+ },
3672
+ "instance": {
3673
+ "description": "The instance connection name for the cloudsql instance, e.g. `project:region:instance`",
3674
+ "type": "string"
3675
+ }
3676
+ },
3677
+ "required": [
3678
+ "instance",
3679
+ "type"
3680
+ ]
3681
+ },
3682
+ {
3683
+ "type": "object",
3684
+ "additionalProperties": {},
3685
+ "properties": {
3686
+ "password": {
3687
+ "description": "Password that belongs to the client User",
3688
+ "visibility": "secret",
3689
+ "type": "string"
3690
+ }
3648
3691
  }
3649
3692
  },
3650
3693
  {
@@ -3652,315 +3695,423 @@
3652
3695
  }
3653
3696
  ]
3654
3697
  },
3655
- "disableRefresh": {
3698
+ "ensureExists": {
3699
+ "description": "Whether to ensure the given database exists by creating it if it does not.\nDefaults to base config if unspecified.",
3656
3700
  "type": "boolean"
3657
3701
  },
3658
- "includeBasicAuth": {
3702
+ "ensureSchemaExists": {
3703
+ "description": "Whether to ensure the given database schema exists by creating it if it does not.\nDefaults to false if unspecified.\n\nNOTE: Currently only supported by the `pg` client when pluginDivisionMode: schema",
3659
3704
  "type": "boolean"
3660
3705
  },
3661
- "signIn": {
3706
+ "knexConfig": {
3707
+ "description": "Arbitrary config object to pass to knex when initializing\n(https://knexjs.org/#Installation-client). Most notable is the\ndebug and asyncStackTraces booleans.\n\nThis is merged recursively into the base knexConfig",
3662
3708
  "type": "object",
3663
- "properties": {
3664
- "resolvers": {
3665
- "type": "array",
3666
- "items": {
3667
- "anyOf": [
3668
- {
3669
- "type": "object",
3670
- "properties": {
3671
- "resolver": {
3672
- "type": "string",
3673
- "const": "usernameMatchingUserEntityName"
3674
- }
3675
- },
3676
- "required": [
3677
- "resolver"
3678
- ]
3679
- },
3680
- {
3681
- "type": "object",
3682
- "properties": {
3683
- "resolver": {
3684
- "type": "string",
3685
- "const": "emailLocalPartMatchingUserEntityName"
3686
- },
3687
- "allowedDomains": {
3688
- "type": "array",
3689
- "items": {
3690
- "type": "string"
3691
- }
3692
- }
3693
- },
3694
- "required": [
3695
- "resolver"
3696
- ]
3697
- },
3698
- {
3699
- "type": "object",
3700
- "properties": {
3701
- "resolver": {
3702
- "type": "string",
3703
- "const": "emailMatchingUserEntityProfileEmail"
3704
- }
3705
- },
3706
- "required": [
3707
- "resolver"
3708
- ]
3709
- }
3710
- ]
3709
+ "properties": {},
3710
+ "additionalProperties": true
3711
+ },
3712
+ "role": {
3713
+ "description": "Configures the ownership of newly created schemas in pg databases.",
3714
+ "type": "string"
3715
+ },
3716
+ "skipMigrations": {
3717
+ "description": "Skip running database migrations.",
3718
+ "type": "boolean"
3719
+ }
3720
+ }
3721
+ }
3722
+ }
3723
+ },
3724
+ "required": [
3725
+ "client",
3726
+ "connection"
3727
+ ]
3728
+ },
3729
+ "cache": {
3730
+ "description": "Cache connection configuration, select cache type using the `store` field",
3731
+ "anyOf": [
3732
+ {
3733
+ "type": "object",
3734
+ "properties": {
3735
+ "store": {
3736
+ "type": "string",
3737
+ "const": "memory"
3738
+ },
3739
+ "defaultTtl": {
3740
+ "description": "An optional default TTL (in milliseconds, if given as a number)."
3741
+ }
3742
+ },
3743
+ "required": [
3744
+ "store"
3745
+ ]
3746
+ },
3747
+ {
3748
+ "type": "object",
3749
+ "properties": {
3750
+ "store": {
3751
+ "type": "string",
3752
+ "const": "redis"
3753
+ },
3754
+ "connection": {
3755
+ "description": "A redis connection string in the form `redis://user:pass@host:port`.",
3756
+ "visibility": "secret",
3757
+ "type": "string"
3758
+ },
3759
+ "defaultTtl": {
3760
+ "description": "An optional default TTL (in milliseconds, if given as a number)."
3761
+ },
3762
+ "redis": {
3763
+ "type": "object",
3764
+ "properties": {
3765
+ "client": {
3766
+ "description": "An optional Redis client configuration. These options are passed to the `@keyv/redis` client.",
3767
+ "type": "object",
3768
+ "properties": {
3769
+ "namespace": {
3770
+ "description": "Namespace for the current instance.",
3771
+ "type": "string"
3772
+ },
3773
+ "keyPrefixSeparator": {
3774
+ "description": "Separator to use between namespace and key.",
3775
+ "type": "string"
3776
+ },
3777
+ "clearBatchSize": {
3778
+ "description": "Number of keys to delete in a single batch.",
3779
+ "type": "number"
3780
+ },
3781
+ "useUnlink": {
3782
+ "description": "Enable Unlink instead of using Del for clearing keys. This is more performant but may not be supported by all Redis versions.",
3783
+ "type": "boolean"
3784
+ },
3785
+ "noNamespaceAffectsAll": {
3786
+ "description": "Whether to allow clearing all keys when no namespace is set.\nIf set to true and no namespace is set, iterate() will return all keys.\nDefaults to `false`.",
3787
+ "type": "boolean"
3711
3788
  }
3712
3789
  }
3713
3790
  },
3714
- "required": [
3715
- "resolvers"
3716
- ]
3717
- },
3718
- "sessionDuration": {}
3791
+ "cluster": {
3792
+ "description": "An optional Redis cluster configuration.",
3793
+ "type": "object",
3794
+ "properties": {
3795
+ "rootNodes": {
3796
+ "description": "Cluster configuration options to be passed to the `@keyv/redis` client (and node-redis under the hood)\nhttps://github.com/redis/node-redis/blob/master/docs/clustering.md",
3797
+ "visibility": "secret",
3798
+ "type": "array",
3799
+ "items": {
3800
+ "type": "object",
3801
+ "properties": {},
3802
+ "additionalProperties": true
3803
+ }
3804
+ },
3805
+ "defaults": {
3806
+ "description": "Cluster node default configuration options to be passed to the `@keyv/redis` client (and node-redis under the hood)\nhttps://github.com/redis/node-redis/blob/master/docs/clustering.md",
3807
+ "visibility": "secret",
3808
+ "type": "object",
3809
+ "properties": {},
3810
+ "additionalProperties": true
3811
+ },
3812
+ "minimizeConnections": {
3813
+ "description": "When `true`, `.connect()` will only discover the cluster topology, without actually connecting to all the nodes.\nUseful for short-term or PubSub-only connections.",
3814
+ "type": "boolean"
3815
+ },
3816
+ "useReplicas": {
3817
+ "description": "When `true`, distribute load by executing readonly commands (such as `GET`, `GEOSEARCH`, etc.) across all cluster nodes. When `false`, only use master nodes.",
3818
+ "type": "boolean"
3819
+ },
3820
+ "maxCommandRedirections": {
3821
+ "description": "The maximum number of times a command will be redirected due to `MOVED` or `ASK` errors.",
3822
+ "type": "number"
3823
+ }
3824
+ },
3825
+ "required": [
3826
+ "rootNodes"
3827
+ ]
3828
+ }
3829
+ }
3830
+ }
3831
+ },
3832
+ "required": [
3833
+ "connection",
3834
+ "store"
3835
+ ]
3836
+ },
3837
+ {
3838
+ "type": "object",
3839
+ "properties": {
3840
+ "store": {
3841
+ "type": "string",
3842
+ "const": "memcache"
3843
+ },
3844
+ "connection": {
3845
+ "description": "A memcache connection string in the form `user:pass@host:port`.",
3846
+ "visibility": "secret",
3847
+ "type": "string"
3848
+ },
3849
+ "defaultTtl": {
3850
+ "description": "An optional default TTL (in milliseconds)."
3851
+ }
3852
+ },
3853
+ "required": [
3854
+ "connection",
3855
+ "store"
3856
+ ]
3857
+ }
3858
+ ]
3859
+ },
3860
+ "cors": {
3861
+ "type": "object",
3862
+ "properties": {
3863
+ "origin": {
3864
+ "anyOf": [
3865
+ {
3866
+ "type": "array",
3867
+ "items": {
3868
+ "type": "string"
3869
+ }
3870
+ },
3871
+ {
3872
+ "type": "string"
3873
+ }
3874
+ ]
3875
+ },
3876
+ "methods": {
3877
+ "anyOf": [
3878
+ {
3879
+ "type": "array",
3880
+ "items": {
3881
+ "type": "string"
3882
+ }
3719
3883
  },
3720
- "required": [
3721
- "authorizationUrl",
3722
- "clientId",
3723
- "clientSecret",
3724
- "tokenUrl"
3725
- ]
3726
- }
3884
+ {
3885
+ "type": "string"
3886
+ }
3887
+ ]
3888
+ },
3889
+ "allowedHeaders": {
3890
+ "anyOf": [
3891
+ {
3892
+ "type": "array",
3893
+ "items": {
3894
+ "type": "string"
3895
+ }
3896
+ },
3897
+ {
3898
+ "type": "string"
3899
+ }
3900
+ ]
3901
+ },
3902
+ "exposedHeaders": {
3903
+ "anyOf": [
3904
+ {
3905
+ "type": "array",
3906
+ "items": {
3907
+ "type": "string"
3908
+ }
3909
+ },
3910
+ {
3911
+ "type": "string"
3912
+ }
3913
+ ]
3914
+ },
3915
+ "credentials": {
3916
+ "type": "boolean"
3917
+ },
3918
+ "maxAge": {
3919
+ "type": "number"
3920
+ },
3921
+ "preflightContinue": {
3922
+ "type": "boolean"
3923
+ },
3924
+ "optionsSuccessStatus": {
3925
+ "type": "number"
3727
3926
  }
3728
3927
  }
3729
- }
3730
- }
3731
- }
3732
- },
3733
- "$schema": "http://json-schema.org/draft-07/schema#"
3734
- },
3735
- "packageName": "@backstage/plugin-auth-backend-module-oauth2-provider"
3736
- },
3737
- {
3738
- "path": "../../plugins/auth-backend-module-oidc-provider/config.d.ts",
3739
- "value": {
3740
- "type": "object",
3741
- "properties": {
3742
- "auth": {
3743
- "type": "object",
3744
- "properties": {
3745
- "providers": {
3928
+ },
3929
+ "csp": {
3930
+ "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
3931
+ "type": "object",
3932
+ "additionalProperties": {
3933
+ "anyOf": [
3934
+ {
3935
+ "type": "array",
3936
+ "items": {
3937
+ "type": "string"
3938
+ }
3939
+ },
3940
+ {
3941
+ "const": false,
3942
+ "type": "boolean"
3943
+ }
3944
+ ]
3945
+ }
3946
+ },
3947
+ "health": {
3948
+ "description": "Options for the health check service and endpoint.",
3746
3949
  "type": "object",
3747
3950
  "properties": {
3748
- "oidc": {
3749
- "visibility": "frontend",
3951
+ "headers": {
3952
+ "description": "Additional headers to always include in the health check response.\n\nIt can be a good idea to set a header that uniquely identifies your service\nin a multi-service environment. This ensures that the health check that is\nconfigured for your service is actually hitting your service and not another.\n\nFor example, if using Envoy you can use the `service_name_matcher` configuration\nand set the `x-envoy-upstream-healthchecked-cluster` header to a matching value.",
3750
3953
  "type": "object",
3751
3954
  "additionalProperties": {
3955
+ "type": "string"
3956
+ }
3957
+ }
3958
+ }
3959
+ },
3960
+ "reading": {
3961
+ "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
3962
+ "type": "object",
3963
+ "properties": {
3964
+ "allow": {
3965
+ "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
3966
+ "type": "array",
3967
+ "items": {
3752
3968
  "type": "object",
3753
3969
  "properties": {
3754
- "clientId": {
3755
- "type": "string"
3756
- },
3757
- "clientSecret": {
3758
- "visibility": "secret",
3759
- "type": "string"
3760
- },
3761
- "metadataUrl": {
3762
- "type": "string"
3763
- },
3764
- "callbackUrl": {
3765
- "type": "string"
3766
- },
3767
- "tokenEndpointAuthMethod": {
3768
- "type": "string"
3769
- },
3770
- "tokenSignedResponseAlg": {
3970
+ "host": {
3971
+ "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
3771
3972
  "type": "string"
3772
3973
  },
3773
- "additionalScopes": {
3774
- "anyOf": [
3775
- {
3776
- "type": "array",
3777
- "items": {
3778
- "type": "string"
3779
- }
3974
+ "paths": {
3975
+ "description": "An optional list of paths. In case they are present only targets matching\nany of them will are allowed. You can use trailing slashes to make sure only\nsubdirectories are allowed, for example `/mydir/` will allow targets with\npaths like `/mydir/a` but will block paths like `/mydir2`.",
3976
+ "type": "array",
3977
+ "items": {
3978
+ "type": "string"
3979
+ }
3980
+ }
3981
+ },
3982
+ "required": [
3983
+ "host"
3984
+ ]
3985
+ }
3986
+ }
3987
+ }
3988
+ }
3989
+ },
3990
+ "required": [
3991
+ "baseUrl",
3992
+ "database"
3993
+ ]
3994
+ },
3995
+ "discovery": {
3996
+ "description": "Options used by the default discovery service.",
3997
+ "type": "object",
3998
+ "properties": {
3999
+ "endpoints": {
4000
+ "description": "A list of target baseUrls and the associated plugins.",
4001
+ "type": "array",
4002
+ "items": {
4003
+ "type": "object",
4004
+ "properties": {
4005
+ "target": {
4006
+ "description": "The target base URL to use for the plugin.\n\nCan be either a string or an object with internal and external keys.\nTargets with `{{pluginId}}` or `{{ pluginId }} in the URL will be replaced with the plugin ID.",
4007
+ "anyOf": [
4008
+ {
4009
+ "type": "object",
4010
+ "properties": {
4011
+ "internal": {
4012
+ "type": "string"
3780
4013
  },
3781
- {
4014
+ "external": {
3782
4015
  "type": "string"
3783
4016
  }
3784
- ]
4017
+ }
3785
4018
  },
3786
- "prompt": {
4019
+ {
3787
4020
  "type": "string"
3788
- },
3789
- "signIn": {
3790
- "type": "object",
3791
- "properties": {
3792
- "resolvers": {
3793
- "type": "array",
3794
- "items": {
3795
- "anyOf": [
3796
- {
3797
- "type": "object",
3798
- "properties": {
3799
- "resolver": {
3800
- "type": "string",
3801
- "const": "emailLocalPartMatchingUserEntityName"
3802
- },
3803
- "allowedDomains": {
3804
- "type": "array",
3805
- "items": {
3806
- "type": "string"
3807
- }
3808
- }
3809
- },
3810
- "required": [
3811
- "resolver"
3812
- ]
3813
- },
3814
- {
3815
- "type": "object",
3816
- "properties": {
3817
- "resolver": {
3818
- "type": "string",
3819
- "const": "emailMatchingUserEntityProfileEmail"
3820
- }
3821
- },
3822
- "required": [
3823
- "resolver"
3824
- ]
3825
- }
3826
- ]
3827
- }
3828
- }
3829
- },
3830
- "required": [
3831
- "resolvers"
3832
- ]
3833
- },
3834
- "sessionDuration": {}
3835
- },
3836
- "required": [
3837
- "clientId",
3838
- "clientSecret",
3839
- "metadataUrl"
4021
+ }
3840
4022
  ]
4023
+ },
4024
+ "plugins": {
4025
+ "description": "Array of plugins which use the target base URL.",
4026
+ "type": "array",
4027
+ "items": {
4028
+ "type": "string"
4029
+ }
3841
4030
  }
3842
- }
4031
+ },
4032
+ "required": [
4033
+ "plugins",
4034
+ "target"
4035
+ ]
3843
4036
  }
3844
4037
  }
3845
- }
4038
+ },
4039
+ "required": [
4040
+ "endpoints"
4041
+ ]
3846
4042
  }
3847
4043
  },
4044
+ "required": [
4045
+ "app"
4046
+ ],
3848
4047
  "$schema": "http://json-schema.org/draft-07/schema#"
3849
4048
  },
3850
- "packageName": "@backstage/plugin-auth-backend-module-oidc-provider"
4049
+ "packageName": "@backstage/backend-defaults"
3851
4050
  },
3852
4051
  {
3853
- "path": "../../plugins/auth-backend-module-okta-provider/config.d.ts",
4052
+ "path": "../backend-app-api/config.d.ts",
3854
4053
  "value": {
3855
4054
  "type": "object",
3856
4055
  "properties": {
3857
- "auth": {
4056
+ "backend": {
3858
4057
  "type": "object",
3859
4058
  "properties": {
3860
- "providers": {
4059
+ "packages": {
4060
+ "description": "Used by the feature discovery service",
4061
+ "anyOf": [
4062
+ {
4063
+ "type": "object",
4064
+ "properties": {
4065
+ "include": {
4066
+ "type": "array",
4067
+ "items": {
4068
+ "type": "string"
4069
+ }
4070
+ },
4071
+ "exclude": {
4072
+ "type": "array",
4073
+ "items": {
4074
+ "type": "string"
4075
+ }
4076
+ }
4077
+ }
4078
+ },
4079
+ {
4080
+ "const": "all",
4081
+ "type": "string"
4082
+ }
4083
+ ]
4084
+ },
4085
+ "startup": {
3861
4086
  "type": "object",
3862
4087
  "properties": {
3863
- "okta": {
3864
- "visibility": "frontend",
4088
+ "default": {
4089
+ "type": "object",
4090
+ "properties": {
4091
+ "onPluginBootFailure": {
4092
+ "description": "The default value for `onPluginBootFailure` if not specified for a particular plugin.\nThis defaults to 'abort', which means `onPluginBootFailure: continue` must be specified\nfor backend startup to continue on plugin boot failure. This can also be set to\n'continue', which flips the logic for individual plugins so that they must be set to\n`onPluginBootFailure: abort` to be required.",
4093
+ "enum": [
4094
+ "abort",
4095
+ "continue"
4096
+ ],
4097
+ "type": "string"
4098
+ }
4099
+ }
4100
+ },
4101
+ "plugins": {
3865
4102
  "type": "object",
3866
4103
  "additionalProperties": {
3867
4104
  "type": "object",
3868
4105
  "properties": {
3869
- "clientId": {
3870
- "type": "string"
3871
- },
3872
- "clientSecret": {
3873
- "visibility": "secret",
3874
- "type": "string"
3875
- },
3876
- "audience": {
3877
- "type": "string"
3878
- },
3879
- "authServerId": {
3880
- "type": "string"
3881
- },
3882
- "idp": {
3883
- "type": "string"
3884
- },
3885
- "callbackUrl": {
4106
+ "onPluginBootFailure": {
4107
+ "description": "Used to control backend startup behavior when this plugin fails to boot up. Setting\nthis to `continue` allows the backend to continue starting up, even if this plugin\nfails. This can enable leaving a crashing plugin installed, but still permit backend\nstartup, which may help troubleshoot data-dependent issues. Plugin failures for plugins\nset to `abort` are fatal (this is the default unless overridden by the `default`\nsetting).",
4108
+ "enum": [
4109
+ "abort",
4110
+ "continue"
4111
+ ],
3886
4112
  "type": "string"
3887
- },
3888
- "additionalScopes": {
3889
- "anyOf": [
3890
- {
3891
- "type": "array",
3892
- "items": {
3893
- "type": "string"
3894
- }
3895
- },
3896
- {
3897
- "type": "string"
3898
- }
3899
- ]
3900
- },
3901
- "signIn": {
3902
- "type": "object",
3903
- "properties": {
3904
- "resolvers": {
3905
- "type": "array",
3906
- "items": {
3907
- "anyOf": [
3908
- {
3909
- "type": "object",
3910
- "properties": {
3911
- "resolver": {
3912
- "type": "string",
3913
- "const": "emailMatchingUserEntityAnnotation"
3914
- }
3915
- },
3916
- "required": [
3917
- "resolver"
3918
- ]
3919
- },
3920
- {
3921
- "type": "object",
3922
- "properties": {
3923
- "resolver": {
3924
- "type": "string",
3925
- "const": "emailLocalPartMatchingUserEntityName"
3926
- },
3927
- "allowedDomains": {
3928
- "type": "array",
3929
- "items": {
3930
- "type": "string"
3931
- }
3932
- }
3933
- },
3934
- "required": [
3935
- "resolver"
3936
- ]
3937
- },
3938
- {
3939
- "type": "object",
3940
- "properties": {
3941
- "resolver": {
3942
- "type": "string",
3943
- "const": "emailMatchingUserEntityProfileEmail"
3944
- }
3945
- },
3946
- "required": [
3947
- "resolver"
3948
- ]
3949
- }
3950
- ]
3951
- }
3952
- }
3953
- },
3954
- "required": [
3955
- "resolvers"
3956
- ]
3957
- },
3958
- "sessionDuration": {}
3959
- },
3960
- "required": [
3961
- "clientId",
3962
- "clientSecret"
3963
- ]
4113
+ }
4114
+ }
3964
4115
  }
3965
4116
  }
3966
4117
  }
@@ -3970,112 +4121,31 @@
3970
4121
  },
3971
4122
  "$schema": "http://json-schema.org/draft-07/schema#"
3972
4123
  },
3973
- "packageName": "@backstage/plugin-auth-backend-module-okta-provider"
4124
+ "packageName": "@backstage/backend-app-api"
3974
4125
  },
3975
4126
  {
3976
- "path": "../../plugins/auth-backend-module-onelogin-provider/config.d.ts",
4127
+ "path": "../../plugins/events-node/config.d.ts",
3977
4128
  "value": {
3978
4129
  "type": "object",
3979
4130
  "properties": {
3980
- "auth": {
4131
+ "events": {
3981
4132
  "type": "object",
3982
4133
  "properties": {
3983
- "providers": {
3984
- "type": "object",
3985
- "properties": {
3986
- "onelogin": {
3987
- "visibility": "frontend",
3988
- "type": "object",
3989
- "additionalProperties": {
3990
- "type": "object",
3991
- "properties": {
3992
- "clientId": {
3993
- "type": "string"
3994
- },
3995
- "clientSecret": {
3996
- "visibility": "secret",
3997
- "type": "string"
3998
- },
3999
- "issuer": {
4000
- "type": "string"
4001
- },
4002
- "callbackUrl": {
4003
- "type": "string"
4004
- },
4005
- "signIn": {
4006
- "type": "object",
4007
- "properties": {
4008
- "resolvers": {
4009
- "type": "array",
4010
- "items": {
4011
- "anyOf": [
4012
- {
4013
- "type": "object",
4014
- "properties": {
4015
- "resolver": {
4016
- "type": "string",
4017
- "const": "usernameMatchingUserEntityName"
4018
- }
4019
- },
4020
- "required": [
4021
- "resolver"
4022
- ]
4023
- },
4024
- {
4025
- "type": "object",
4026
- "properties": {
4027
- "resolver": {
4028
- "type": "string",
4029
- "const": "emailLocalPartMatchingUserEntityName"
4030
- },
4031
- "allowedDomains": {
4032
- "type": "array",
4033
- "items": {
4034
- "type": "string"
4035
- }
4036
- }
4037
- },
4038
- "required": [
4039
- "resolver"
4040
- ]
4041
- },
4042
- {
4043
- "type": "object",
4044
- "properties": {
4045
- "resolver": {
4046
- "type": "string",
4047
- "const": "emailMatchingUserEntityProfileEmail"
4048
- }
4049
- },
4050
- "required": [
4051
- "resolver"
4052
- ]
4053
- }
4054
- ]
4055
- }
4056
- }
4057
- },
4058
- "required": [
4059
- "resolvers"
4060
- ]
4061
- },
4062
- "sessionDuration": {}
4063
- },
4064
- "required": [
4065
- "clientId",
4066
- "clientSecret",
4067
- "issuer"
4068
- ]
4069
- }
4070
- }
4071
- }
4134
+ "useEventBus": {
4135
+ "description": "Whether to use the event bus API in the events plugin backend to\ndistribute events across multiple instances when publishing and\nsubscribing to events.\n\nThe default is 'auto', which means means that the event bus API will be\nused if it's available, but will be disabled if the events backend\nreturns a 404.\n\nIf set to 'never', the events service will only ever publish events\nlocally to the same instance, while if set to 'always', the event bus API\nwill never be disabled, even if the events backend returns a 404.",
4136
+ "enum": [
4137
+ "always",
4138
+ "auto",
4139
+ "never"
4140
+ ],
4141
+ "type": "string"
4072
4142
  }
4073
4143
  }
4074
4144
  }
4075
4145
  },
4076
4146
  "$schema": "http://json-schema.org/draft-07/schema#"
4077
4147
  },
4078
- "packageName": "@backstage/plugin-auth-backend-module-onelogin-provider"
4148
+ "packageName": "@backstage/plugin-events-node"
4079
4149
  },
4080
4150
  {
4081
4151
  "path": "../integration-aws-node/config.d.ts",