Remove strict validation from PermissionCriteria schemas

Signed-off-by: Joe Porpeglia <josephp@spotify.com>

.changeset/curvy-wolves-worry.md

@@ -0,0 +1,6 @@
+---
+'@backstage/plugin-permission-common': patch
+'@backstage/plugin-permission-node': patch
+---
+
+Removed [strict](https://github.com/colinhacks/zod#strict) validation from `PermissionCriteria` schemas to support backward-compatible changes.

plugins/permission-common/src/PermissionClient.ts

@@ -43,18 +43,9 @@ const permissionCriteriaSchema: z.ZodSchema<
       resourceType: z.string(),
       params: z.array(z.unknown()),
     })
-    .strict()
-    .or(
-      z
-        .object({ anyOf: z.array(permissionCriteriaSchema).nonempty() })
-        .strict(),
-    )
-    .or(
-      z
-        .object({ allOf: z.array(permissionCriteriaSchema).nonempty() })
-        .strict(),
-    )
-    .or(z.object({ not: permissionCriteriaSchema }).strict()),
+    .or(z.object({ anyOf: z.array(permissionCriteriaSchema).nonempty() }))
+    .or(z.object({ allOf: z.array(permissionCriteriaSchema).nonempty() }))
+    .or(z.object({ not: permissionCriteriaSchema })),
 );
 
 const authorizePermissionResponseSchema: z.ZodSchema<AuthorizePermissionResponse> =

plugins/permission-node/src/integration/createPermissionIntegrationRouter.ts

@@ -38,16 +38,14 @@ const permissionCriteriaSchema: z.ZodSchema<
   PermissionCriteria<PermissionCondition>
 > = z.lazy(() =>
   z.union([
-    z.object({ anyOf: z.array(permissionCriteriaSchema).nonempty() }).strict(),
-    z.object({ allOf: z.array(permissionCriteriaSchema).nonempty() }).strict(),
-    z.object({ not: permissionCriteriaSchema }).strict(),
-    z
-      .object({
-        rule: z.string(),
-        resourceType: z.string(),
-        params: z.array(z.unknown()),
-      })
-      .strict(),
+    z.object({ anyOf: z.array(permissionCriteriaSchema).nonempty() }),
+    z.object({ allOf: z.array(permissionCriteriaSchema).nonempty() }),
+    z.object({ not: permissionCriteriaSchema }),
+    z.object({
+      rule: z.string(),
+      resourceType: z.string(),
+      params: z.array(z.unknown()),
+    }),
   ]),
 );