paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Address feedback

Browse Source 
Signed-off-by: Jessica He <jhe@redhat.com>
This commit is contained in:
Jessica He
2025-05-07 15:19:49 +09:00
parent c30d1a9963
commit 5cc1f7f3ed
22 changed files with 80 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/tall-suits-share.md
+23
View File
@@ -0,0 +1,23 @@
---
'@backstage/plugin-auth-backend-module-cloudflare-access-provider': patch
'@backstage/plugin-auth-backend-module-bitbucket-server-provider': patch
'@backstage/plugin-auth-backend-module-azure-easyauth-provider': patch
'@backstage/plugin-auth-backend-module-oauth2-proxy-provider': patch
'@backstage/plugin-auth-backend-module-vmware-cloud-provider': patch
'@backstage/plugin-auth-backend-module-atlassian-provider': patch
'@backstage/plugin-auth-backend-module-bitbucket-provider': patch
'@backstage/plugin-auth-backend-module-microsoft-provider': patch
'@backstage/plugin-auth-backend-module-onelogin-provider': patch
'@backstage/plugin-auth-backend-module-aws-alb-provider': patch
'@backstage/plugin-auth-backend-module-gcp-iap-provider': patch
'@backstage/plugin-auth-backend-module-github-provider': patch
'@backstage/plugin-auth-backend-module-gitlab-provider': patch
'@backstage/plugin-auth-backend-module-google-provider': patch
'@backstage/plugin-auth-backend-module-oauth2-provider': patch
'@backstage/plugin-auth-backend-module-oidc-provider': patch
'@backstage/plugin-auth-backend-module-okta-provider': patch
'@backstage/plugin-auth-backend': patch
'@backstage/plugin-auth-node': patch
---
introduce dangerouslyAllowSignInWithoutUserInCatalog auth resolver config
.changeset/twenty-olives-impress.md
-23
View File
@@ -1,23 +0,0 @@
---
'@backstage/plugin-auth-backend-module-cloudflare-access-provider': minor
'@backstage/plugin-auth-backend-module-bitbucket-server-provider': minor
'@backstage/plugin-auth-backend-module-azure-easyauth-provider': minor
'@backstage/plugin-auth-backend-module-oauth2-proxy-provider': minor
'@backstage/plugin-auth-backend-module-vmware-cloud-provider': minor
'@backstage/plugin-auth-backend-module-atlassian-provider': minor
'@backstage/plugin-auth-backend-module-bitbucket-provider': minor
'@backstage/plugin-auth-backend-module-microsoft-provider': minor
'@backstage/plugin-auth-backend-module-onelogin-provider': minor
'@backstage/plugin-auth-backend-module-aws-alb-provider': minor
'@backstage/plugin-auth-backend-module-gcp-iap-provider': minor
'@backstage/plugin-auth-backend-module-github-provider': minor
'@backstage/plugin-auth-backend-module-gitlab-provider': minor
'@backstage/plugin-auth-backend-module-google-provider': minor
'@backstage/plugin-auth-backend-module-oauth2-provider': minor
'@backstage/plugin-auth-backend-module-oidc-provider': minor
'@backstage/plugin-auth-backend-module-okta-provider': minor
'@backstage/plugin-auth-backend': minor
'@backstage/plugin-auth-node': minor
---
introduce dangerouslyAllowSignInWithoutUserInCatalog auth resolver config
.github/vale/config/vocabularies/Backstage/accept.txt
+1
View File
@@ -302,6 +302,7 @@ oidc
Okta
Olausson
Oldsberg
onboarded
onboarding
Onboarding
onelogin
plugins/auth-backend-module-atlassian-provider/src/resolvers.ts
+1 -1
View File
@@ -54,7 +54,7 @@ export namespace atlassianSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend-module-aws-alb-provider/src/resolvers.ts
+5 -1
View File
@@ -52,7 +52,11 @@ export namespace awsAlbSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: info.result.fullProfile.emails[0].value }
? {
entityRef: {
name: info.result.fullProfile.emails[0].value,
},
}
: undefined,
},
);
plugins/auth-backend-module-azure-easyauth-provider/src/resolvers.ts
+1 -1
View File
@@ -47,7 +47,7 @@ export namespace azureEasyAuthSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend-module-bitbucket-provider/src/resolvers.ts
+2 -2
View File
@@ -59,7 +59,7 @@ export namespace bitbucketSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
@@ -101,7 +101,7 @@ export namespace bitbucketSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: username }
? { entityRef: { name: username } }
: undefined,
},
);
plugins/auth-backend-module-bitbucket-server-provider/src/resolvers.ts
+1 -1
View File
@@ -59,7 +59,7 @@ export namespace bitbucketServerSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: profile.email }
? { entityRef: { name: profile.email } }
: undefined,
},
);
plugins/auth-backend-module-cloudflare-access-provider/src/resolvers.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export namespace cloudflareAccessSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: profile.email }
? { entityRef: { name: profile.email } }
: undefined,
},
);
plugins/auth-backend-module-gcp-iap-provider/src/resolvers.ts
+2 -2
View File
@@ -53,7 +53,7 @@ export namespace gcpIapSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: email }
? { entityRef: { name: email } }
: undefined,
},
);
@@ -83,7 +83,7 @@ export namespace gcpIapSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: userId }
? { entityRef: { name: userId } }
: undefined,
},
);
plugins/auth-backend-module-github-provider/src/resolvers.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export namespace githubSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: userId }
? { entityRef: { name: userId } }
: undefined,
},
);
plugins/auth-backend-module-gitlab-provider/src/resolvers.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export namespace gitlabSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend-module-google-provider/src/resolvers.ts
+1 -1
View File
@@ -57,7 +57,7 @@ export namespace googleSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: profile.email }
? { entityRef: { name: profile.email } }
: undefined,
},
);
plugins/auth-backend-module-microsoft-provider/src/resolvers.ts
+2 -2
View File
@@ -57,7 +57,7 @@ export namespace microsoftSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: profile.email }
? { entityRef: { name: profile.email } }
: undefined,
},
);
@@ -96,7 +96,7 @@ export namespace microsoftSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend-module-oauth2-provider/src/resolvers.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export namespace oauth2SignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend-module-oauth2-proxy-provider/src/resolvers.ts
+1 -1
View File
@@ -46,7 +46,7 @@ export namespace oauth2ProxySignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name }
? { entityRef: { name } }
: undefined,
},
);
plugins/auth-backend-module-okta-provider/src/resolvers.ts
+1 -1
View File
@@ -58,7 +58,7 @@ export namespace oktaSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: profile.email }
? { entityRef: { name: profile.email } }
: undefined,
},
);
plugins/auth-backend-module-onelogin-provider/src/resolvers.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export namespace oneLoginSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: id }
? { entityRef: { name: id } }
: undefined,
},
);
plugins/auth-backend/src/lib/resolvers/CatalogAuthResolverContext.ts
+14 -19
View File
@@ -142,13 +142,15 @@ export class CatalogAuthResolverContext implements AuthResolverContext {
async signInWithCatalogUser(
query: AuthResolverCatalogUserQuery,
options?: {
dangerousEntityRefFallback?:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
dangerousEntityRefFallback?: {
entityRef:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
};
},
) {
try {
@@ -165,21 +167,14 @@ export class CatalogAuthResolverContext implements AuthResolverContext {
},
});
} catch (error) {
if (error?.name !== 'NotFoundError') {
if (
error?.name !== 'NotFoundError' ||
!options?.dangerousEntityRefFallback
) {
throw error;
}
if (!options?.dangerousEntityRefFallback) {
this.logger.error(
'Failed to sign-in, unable to resolve user identity. For non-production environments, manually provision the user or disable the user provisioning requirement by setting the dangerouslyAllowSignInWithoutUserInCatalog option.',
);
throw new Error(
'Failed to sign-in, unable to resolve user identity. Please verify that your catalog contains the expected User entities that would match your configured sign-in resolver.',
);
}
const userEntityRef = stringifyEntityRef(
parseEntityRef(options.dangerousEntityRefFallback, {
parseEntityRef(options.dangerousEntityRefFallback.entityRef, {
defaultKind: 'User',
defaultNamespace: DEFAULT_NAMESPACE,
}),
plugins/auth-node/report.api.md
+9 -7
View File
@@ -111,13 +111,15 @@ export type AuthResolverContext = {
signInWithCatalogUser(
query: AuthResolverCatalogUserQuery,
options?: {
dangerousEntityRefFallback?:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
dangerousEntityRefFallback?: {
entityRef:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
};
},
): Promise<BackstageSignInResult>;
resolveOwnershipEntityRefs(entity: Entity): Promise<{
plugins/auth-node/src/sign-in/commonSignInResolvers.ts
+2 -2
View File
@@ -74,7 +74,7 @@ export namespace commonSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: noPlusEmail }
? { entityRef: { name: noPlusEmail } }
: undefined,
},
);
@@ -122,7 +122,7 @@ export namespace commonSignInResolvers {
{
dangerousEntityRefFallback:
options?.dangerouslyAllowSignInWithoutUserInCatalog
? { name: localPart }
? { entityRef: { name: localPart } }
: undefined,
},
);
plugins/auth-node/src/types.ts
+9 -7
View File
@@ -172,13 +172,15 @@ export type AuthResolverContext = {
signInWithCatalogUser(
query: AuthResolverCatalogUserQuery,
options?: {
dangerousEntityRefFallback?:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
dangerousEntityRefFallback?: {
entityRef:
| string
| {
kind?: string;
namespace?: string;
name: string;
};
};
},
): Promise<BackstageSignInResult>;