From 87cd3d0b9ec6d4ef8ea3797d7e0a8d237334c0cb Mon Sep 17 00:00:00 2001 From: Johan Haals Date: Wed, 14 Aug 2024 13:41:17 +0200 Subject: [PATCH] backend-defaults: Added deprecation warning for the dangerouslyDisableDefaultAuthPolicy config option Co-authored-by: Camila Belo Signed-off-by: Johan Haals --- docs/tutorials/auth-service-migration.md | 2 ++ .../src/entrypoints/auth/DefaultAuthService.ts | 5 +++++ .../src/entrypoints/auth/authServiceFactory.ts | 1 + 3 files changed, 8 insertions(+) diff --git a/docs/tutorials/auth-service-migration.md b/docs/tutorials/auth-service-migration.md index 9e2633a12a..d12b0d5906 100644 --- a/docs/tutorials/auth-service-migration.md +++ b/docs/tutorials/auth-service-migration.md @@ -24,6 +24,8 @@ backend: dangerouslyDisableDefaultAuthPolicy: true ``` +Please note that this functionality will be removed in a future release, and you should migrate to using the new auth services as soon as possible or you would have to support your own service for issuing tokens. + In short, this will allow requests through to plugins in your backend, even if they do not include any credentials. The requests will still be treated as unauthenticated however, which not all plugin endpoints may accept. For more information on the impact of this configuration, see the [auth service documentation](../backend-system/core-services/auth.md). ### Migrating the backend diff --git a/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts b/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts index 159da79435..1b2077e9a8 100644 --- a/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts +++ b/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts @@ -22,6 +22,7 @@ import { BackstagePrincipalTypes, BackstageServicePrincipal, BackstageUserPrincipal, + LoggerService, } from '@backstage/backend-plugin-api'; import { AuthenticationError, ForwardedError } from '@backstage/errors'; import { JsonObject } from '@backstage/types'; @@ -47,6 +48,7 @@ export class DefaultAuthService implements AuthService { private readonly pluginId: string, private readonly disableDefaultAuthPolicy: boolean, private readonly pluginKeySource: PluginKeySource, + private readonly logger: LoggerService, ) {} async authenticate( @@ -166,6 +168,9 @@ export class DefaultAuthService implements AuthService { }); } // If the target plugin does not support the new auth service, fall back to using old token format + this.logger.warn( + 'tokenManager is DEPRECATED, please migrate to the new auth service, see https://backstage.io/docs/tutorials/auth-service-migration for more information', + ); return this.tokenManager.getToken().catch(error => { throw new ForwardedError( `Unable to generate legacy token for communication with the '${targetPluginId}' plugin. ` + diff --git a/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts b/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts index e275e2be00..b66ba7227f 100644 --- a/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts +++ b/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts @@ -88,6 +88,7 @@ export const authServiceFactory = createServiceFactory({ plugin.getId(), disableDefaultAuthPolicy, keySource, + logger, ); }, });