From 4467036e2abf1116c7e575712ed91c1351da8643 Mon Sep 17 00:00:00 2001 From: Patrik Oldsberg Date: Mon, 18 Mar 2024 11:40:39 +0100 Subject: [PATCH] plugins: allow unauthenticated access to health check endpoints Signed-off-by: Patrik Oldsberg --- .changeset/cyan-dragons-shave.md | 16 ++++++++++++++++ plugins/airbrake-backend/src/plugin.ts | 4 ++++ plugins/azure-devops-backend/src/plugin.ts | 4 ++++ plugins/azure-sites-backend/src/plugin.ts | 4 ++++ plugins/code-coverage-backend/src/plugin.ts | 4 ++++ plugins/devtools-backend/src/plugin.ts | 4 ++++ plugins/example-todo-list-backend/src/plugin.ts | 4 ++++ plugins/linguist-backend/src/plugin.ts | 4 ++++ plugins/nomad-backend/src/plugin.ts | 4 ++++ plugins/notifications-backend/src/plugin.ts | 4 ++++ plugins/periskop-backend/src/alpha.ts | 4 ++++ plugins/permission-backend/src/plugin.ts | 4 ++++ plugins/signals-backend/src/plugin.ts | 4 ++++ plugins/vault-backend/src/service/plugin.ts | 4 ++++ 14 files changed, 68 insertions(+) create mode 100644 .changeset/cyan-dragons-shave.md diff --git a/.changeset/cyan-dragons-shave.md b/.changeset/cyan-dragons-shave.md new file mode 100644 index 0000000000..6d591c5d31 --- /dev/null +++ b/.changeset/cyan-dragons-shave.md @@ -0,0 +1,16 @@ +--- +'@backstage/plugin-code-coverage-backend': patch +'@backstage/plugin-notifications-backend': patch +'@backstage/plugin-azure-devops-backend': patch +'@backstage/plugin-azure-sites-backend': patch +'@backstage/plugin-permission-backend': patch +'@backstage/plugin-airbrake-backend': patch +'@backstage/plugin-devtools-backend': patch +'@backstage/plugin-linguist-backend': patch +'@backstage/plugin-periskop-backend': patch +'@backstage/plugin-signals-backend': patch +'@backstage/plugin-nomad-backend': patch +'@backstage/plugin-vault-backend': patch +--- + +Allow unauthenticated access to health check endpoint. diff --git a/plugins/airbrake-backend/src/plugin.ts b/plugins/airbrake-backend/src/plugin.ts index 90e790c05f..83606ba115 100644 --- a/plugins/airbrake-backend/src/plugin.ts +++ b/plugins/airbrake-backend/src/plugin.ts @@ -43,6 +43,10 @@ export const airbrakePlugin = createBackendPlugin({ logger: loggerToWinstonLogger(logger), }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/azure-devops-backend/src/plugin.ts b/plugins/azure-devops-backend/src/plugin.ts index 1cf17ceecc..f378e9c62e 100644 --- a/plugins/azure-devops-backend/src/plugin.ts +++ b/plugins/azure-devops-backend/src/plugin.ts @@ -46,6 +46,10 @@ export const azureDevOpsPlugin = createBackendPlugin({ permissions, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/azure-sites-backend/src/plugin.ts b/plugins/azure-sites-backend/src/plugin.ts index a8afe4e430..5416e853a1 100644 --- a/plugins/azure-sites-backend/src/plugin.ts +++ b/plugins/azure-sites-backend/src/plugin.ts @@ -63,6 +63,10 @@ export const azureSitesPlugin = createBackendPlugin({ httpAuth, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/code-coverage-backend/src/plugin.ts b/plugins/code-coverage-backend/src/plugin.ts index 340280795f..0ddb6418bc 100644 --- a/plugins/code-coverage-backend/src/plugin.ts +++ b/plugins/code-coverage-backend/src/plugin.ts @@ -54,6 +54,10 @@ export const codeCoveragePlugin = createBackendPlugin({ database, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/devtools-backend/src/plugin.ts b/plugins/devtools-backend/src/plugin.ts index 28447e02cc..fb0bb8b048 100644 --- a/plugins/devtools-backend/src/plugin.ts +++ b/plugins/devtools-backend/src/plugin.ts @@ -55,6 +55,10 @@ export const devtoolsPlugin = createBackendPlugin({ httpAuth, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/example-todo-list-backend/src/plugin.ts b/plugins/example-todo-list-backend/src/plugin.ts index 6bdae201f1..1838a8a165 100644 --- a/plugins/example-todo-list-backend/src/plugin.ts +++ b/plugins/example-todo-list-backend/src/plugin.ts @@ -42,6 +42,10 @@ export const exampleTodoListPlugin = createBackendPlugin({ logger: loggerToWinstonLogger(logger), }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/linguist-backend/src/plugin.ts b/plugins/linguist-backend/src/plugin.ts index e569b00233..e6de4297ad 100644 --- a/plugins/linguist-backend/src/plugin.ts +++ b/plugins/linguist-backend/src/plugin.ts @@ -68,6 +68,10 @@ export const linguistPlugin = createBackendPlugin({ tokenManager, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/nomad-backend/src/plugin.ts b/plugins/nomad-backend/src/plugin.ts index f3a43c4a91..3c6a34f5fa 100644 --- a/plugins/nomad-backend/src/plugin.ts +++ b/plugins/nomad-backend/src/plugin.ts @@ -46,6 +46,10 @@ export const nomadPlugin = createBackendPlugin({ config, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/notifications-backend/src/plugin.ts b/plugins/notifications-backend/src/plugin.ts index 9f4c5912fd..c0344fb06f 100644 --- a/plugins/notifications-backend/src/plugin.ts +++ b/plugins/notifications-backend/src/plugin.ts @@ -90,6 +90,10 @@ export const notificationsPlugin = createBackendPlugin({ processors: processingExtensions.processors, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/periskop-backend/src/alpha.ts b/plugins/periskop-backend/src/alpha.ts index 59271e02fc..c18e0dc87d 100644 --- a/plugins/periskop-backend/src/alpha.ts +++ b/plugins/periskop-backend/src/alpha.ts @@ -39,6 +39,10 @@ export default createBackendPlugin({ httpRouter.use( await createRouter({ config, logger: loggerToWinstonLogger(logger) }), ); + httpRouter.addAuthPolicy({ + allow: 'unauthenticated', + path: '/health', + }); }, }); }, diff --git a/plugins/permission-backend/src/plugin.ts b/plugins/permission-backend/src/plugin.ts index cc7f31dfdd..28555b1836 100644 --- a/plugins/permission-backend/src/plugin.ts +++ b/plugins/permission-backend/src/plugin.ts @@ -86,6 +86,10 @@ export const permissionPlugin = createBackendPlugin({ userInfo, }), ); + http.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/signals-backend/src/plugin.ts b/plugins/signals-backend/src/plugin.ts index 2cd1917bfb..d20506f004 100644 --- a/plugins/signals-backend/src/plugin.ts +++ b/plugins/signals-backend/src/plugin.ts @@ -57,6 +57,10 @@ export const signalsPlugin = createBackendPlugin({ events, }), ); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); }, diff --git a/plugins/vault-backend/src/service/plugin.ts b/plugins/vault-backend/src/service/plugin.ts index cf9d2cf87b..200bc092d5 100644 --- a/plugins/vault-backend/src/service/plugin.ts +++ b/plugins/vault-backend/src/service/plugin.ts @@ -68,6 +68,10 @@ export const vaultPlugin = createBackendPlugin({ const { router } = builder.build(); httpRouter.use(router); + httpRouter.addAuthPolicy({ + path: '/health', + allow: 'unauthenticated', + }); }, }); },