Exported types for the permission router metadata endpoint

Signed-off-by: Harry Hogg <hhogg@spotify.com>

.changeset/hot-bugs-roll.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-permission-node': patch
+---
+
+Exported types for the .metadata endpoint of the permission router

plugins/permission-node/api-report.md

@@ -14,6 +14,7 @@ import { DefinitivePolicyDecision } from '@backstage/plugin-permission-common';
 import { EvaluatorRequestOptions } from '@backstage/plugin-permission-common';
 import express from 'express';
 import { IdentifiedPermissionMessage } from '@backstage/plugin-permission-common';
+import { JsonSchema7Type } from 'zod-to-json-schema/src/parseDef';
 import { NotCriteria } from '@backstage/plugin-permission-common';
 import { Permission } from '@backstage/plugin-permission-common';
 import { PermissionCondition } from '@backstage/plugin-permission-common';
@@ -160,6 +161,20 @@ export const makeCreatePermissionRule: <
   rule: PermissionRule<TResource, TQuery, TResourceType, TParams>,
 ) => PermissionRule<TResource, TQuery, TResourceType, TParams>;
 
+// @public
+export type MetaDataResponse = {
+  permissions?: Permission[];
+  rules: MetaDataResponseSerializedRule[];
+};
+
+// @public
+export type MetaDataResponseSerializedRule = {
+  name: string;
+  description: string;
+  resourceType: string;
+  paramsSchema?: JsonSchema7Type;
+};
+
 // @public
 export interface PermissionPolicy {
   // (undocumented)

plugins/permission-node/src/integration/createPermissionIntegrationRouter.ts

@@ -36,6 +36,7 @@ import {
   isNotCriteria,
   isOrCriteria,
 } from './util';
+import { JsonSchema7Type } from 'zod-to-json-schema/src/parseDef';
 
 const permissionCriteriaSchema: z.ZodSchema<
   PermissionCriteria<PermissionCondition>
@@ -102,6 +103,29 @@ export type ApplyConditionsResponse = {
   items: ApplyConditionsResponseEntry[];
 };
 
+/**
+ * Serialized permission rules, with the paramsSchema
+ * converted from a ZodSchema to a JsonSchema.
+ *
+ * @public
+ */
+export type MetaDataResponseSerializedRule = {
+  name: string;
+  description: string;
+  resourceType: string;
+  paramsSchema?: JsonSchema7Type;
+};
+
+/**
+ * Response type for the .metadata endpoint.
+ *
+ * @public
+ */
+export type MetaDataResponse = {
+  permissions?: Permission[];
+  rules: MetaDataResponseSerializedRule[];
+};
+
 const applyConditions = <TResourceType extends string, TResource>(
   criteria: PermissionCriteria<PermissionCondition<TResourceType>>,
   resource: TResource | undefined,
@@ -191,14 +215,21 @@ export const createPermissionIntegrationRouter = <
   router.use(express.json());
 
   router.get('/.well-known/backstage/permissions/metadata', (_, res) => {
-    const serializableRules = rules.map(rule => ({
-      name: rule.name,
-      description: rule.description,
-      resourceType: rule.resourceType,
-      paramsSchema: zodToJsonSchema(rule.paramsSchema ?? z.object({})),
-    }));
+    const serializedRules: MetaDataResponseSerializedRule[] = rules.map(
+      rule => ({
+        name: rule.name,
+        description: rule.description,
+        resourceType: rule.resourceType,
+        paramsSchema: zodToJsonSchema(rule.paramsSchema ?? z.object({})),
+      }),
+    );
 
-    return res.json({ permissions, rules: serializableRules });
+    const responseJson: MetaDataResponse = {
+      permissions,
+      rules: serializedRules,
+    };
+
+    return res.json(responseJson);
   });
 
   const getRule = createGetRule(rules);