devtools-backend: migate to support new auth services

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>

.changeset/slow-readers-clap.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-devtools-backend': minor
+---
+
+**BREAKING**: The `createRouter` method now requires the `discovery` service to be forwarded from the plugin environment. This is part of the migration to support new auth services.

packages/backend/src/plugins/devtools.ts

@@ -25,5 +25,6 @@ export default async function createPlugin(
     logger: env.logger,
     config: env.config,
     permissions: env.permissions,
+    discovery: env.discovery,
   });
 }

plugins/devtools-backend/api-report.md

@@ -7,10 +7,12 @@ import { BackendFeature } from '@backstage/backend-plugin-api';
 import { Config } from '@backstage/config';
 import { ConfigInfo } from '@backstage/plugin-devtools-common';
 import { DevToolsInfo } from '@backstage/plugin-devtools-common';
+import { DiscoveryService } from '@backstage/backend-plugin-api';
 import express from 'express';
 import { ExternalDependency } from '@backstage/plugin-devtools-common';
+import { HttpAuthService } from '@backstage/backend-plugin-api';
 import { Logger } from 'winston';
-import { PermissionEvaluator } from '@backstage/plugin-permission-common';
+import { PermissionsService } from '@backstage/backend-plugin-api';
 
 // @public (undocumented)
 export function createRouter(options: RouterOptions): Promise<express.Router>;
@@ -37,8 +39,12 @@ export interface RouterOptions {
   // (undocumented)
   devToolsBackendApi?: DevToolsBackendApi;
   // (undocumented)
+  discovery: DiscoveryService;
+  // (undocumented)
+  httpAuth?: HttpAuthService;
+  // (undocumented)
   logger: Logger;
   // (undocumented)
-  permissions: PermissionEvaluator;
+  permissions: PermissionsService;
 }
 ```

plugins/devtools-backend/package.json

@@ -54,6 +54,7 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
+    "@backstage/backend-test-utils": "workspace:^",
     "@backstage/cli": "workspace:^",
     "@types/minimist": "^1.2.0",
     "@types/ping": "^0.4.1",

plugins/devtools-backend/src/plugin.ts

@@ -35,13 +35,24 @@ export const devtoolsPlugin = createBackendPlugin({
         logger: coreServices.logger,
         permissions: coreServices.permissions,
         httpRouter: coreServices.httpRouter,
+        discovery: coreServices.discovery,
+        httpAuth: coreServices.httpAuth,
       },
-      async init({ config, logger, permissions, httpRouter }) {
+      async init({
+        config,
+        logger,
+        permissions,
+        httpRouter,
+        discovery,
+        httpAuth,
+      }) {
         httpRouter.use(
           await createRouter({
             config,
             logger: loggerToWinstonLogger(logger),
             permissions,
+            discovery,
+            httpAuth,
           }),
         );
       },

plugins/devtools-backend/src/service/router.test.ts

@@ -20,6 +20,7 @@ import express from 'express';
 import request from 'supertest';
 import { PermissionEvaluator } from '@backstage/plugin-permission-common';
 import { createRouter } from './router';
+import { mockServices } from '@backstage/backend-test-utils';
 
 const mockedAuthorize: jest.MockedFunction<PermissionEvaluator['authorize']> =
   jest.fn();
@@ -49,6 +50,7 @@ describe('createRouter', () => {
           ],
         },
       }),
+      discovery: mockServices.discovery(),
       permissions: permissionEvaluator,
     });
     app = express().use(router);

plugins/devtools-backend/src/service/router.ts

@@ -13,10 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import {
-  AuthorizeResult,
-  PermissionEvaluator,
-} from '@backstage/plugin-permission-common';
+import { AuthorizeResult } from '@backstage/plugin-permission-common';
 import {
   devToolsConfigReadPermission,
   devToolsExternalDependenciesReadPermission,
@@ -29,17 +26,26 @@ import { DevToolsBackendApi } from '../api';
 import { Logger } from 'winston';
 import { NotAllowedError } from '@backstage/errors';
 import Router from 'express-promise-router';
-import { errorHandler } from '@backstage/backend-common';
+import {
+  createLegacyAuthAdapters,
+  errorHandler,
+} from '@backstage/backend-common';
 import express from 'express';
-import { getBearerTokenFromAuthorizationHeader } from '@backstage/plugin-auth-node';
 import { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';
+import {
+  DiscoveryService,
+  HttpAuthService,
+  PermissionsService,
+} from '@backstage/backend-plugin-api';
 
 /** @public */
 export interface RouterOptions {
   devToolsBackendApi?: DevToolsBackendApi;
   logger: Logger;
   config: Config;
-  permissions: PermissionEvaluator;
+  permissions: PermissionsService;
+  discovery: DiscoveryService;
+  httpAuth?: HttpAuthService;
 }
 
 /** @public */
@@ -48,6 +54,8 @@ export async function createRouter(
 ): Promise<express.Router> {
   const { logger, config, permissions } = options;
 
+  const { httpAuth } = createLegacyAuthAdapters(options);
+
   const devToolsBackendApi =
     options.devToolsBackendApi || new DevToolsBackendApi(logger, config);
 
@@ -64,16 +72,10 @@ export async function createRouter(
   });
 
   router.get('/info', async (req, response) => {
-    const token = getBearerTokenFromAuthorizationHeader(
-      req.header('authorization'),
-    );
-
     const decision = (
       await permissions.authorize(
         [{ permission: devToolsInfoReadPermission }],
-        {
-          token,
-        },
+        { credentials: await httpAuth.credentials(req) },
       )
     )[0];
 
@@ -87,16 +89,10 @@ export async function createRouter(
   });
 
   router.get('/config', async (req, response) => {
-    const token = getBearerTokenFromAuthorizationHeader(
-      req.header('authorization'),
-    );
-
     const decision = (
       await permissions.authorize(
         [{ permission: devToolsConfigReadPermission }],
-        {
-          token,
-        },
+        { credentials: await httpAuth.credentials(req) },
       )
     )[0];
 
@@ -110,16 +106,10 @@ export async function createRouter(
   });
 
   router.get('/external-dependencies', async (req, response) => {
-    const token = getBearerTokenFromAuthorizationHeader(
-      req.header('authorization'),
-    );
-
     const decision = (
       await permissions.authorize(
         [{ permission: devToolsExternalDependenciesReadPermission }],
-        {
-          token,
-        },
+        { credentials: await httpAuth.credentials(req) },
       )
     )[0];
 

plugins/devtools-backend/src/service/standaloneServer.ts

@@ -50,6 +50,7 @@ export async function startStandaloneServer(
     logger,
     config,
     permissions,
+    discovery,
   });
 
   let service = createServiceBuilder(module)

yarn.lock

@@ -6183,6 +6183,7 @@ __metadata:
   dependencies:
     "@backstage/backend-common": "workspace:^"
     "@backstage/backend-plugin-api": "workspace:^"
+    "@backstage/backend-test-utils": "workspace:^"
     "@backstage/cli": "workspace:^"
     "@backstage/cli-common": "workspace:^"
     "@backstage/config": "workspace:^"