Fredrik Adelöw
aaab1e34da
Fix linting errors after #13392
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2022-08-30 13:44:09 +02:00
Fredrik Adelöw
9212439d15
just some more use of setupRequestMockHandlers
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2022-08-24 11:26:12 +02:00
Joon Park
58426f9c0f
Create permission aggregation endpoints ( #11695 )
...
* Create permission aggregation endpoints
Signed-off-by: Joon Park <joonp@spotify.com >
* Spelling
Signed-off-by: Joon Park <joonp@spotify.com >
* Refactor permission metadata aggregation into one endpoint
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
* Change parameter field shape
Signed-off-by: Joon Park <joonp@spotify.com >
Co-authored-by: Joe Porpeglia <josephp@spotify.com >
2022-06-10 11:32:28 +01:00
Joe Porpeglia
90754d4fa9
Remove strict validation from PermissionCriteria schemas
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-04-18 12:38:29 -04:00
Vincenzo Scamporlino
63902fcc17
PermissionEvaluator: rename query to authorizeConditional
...
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev >
2022-04-08 12:29:00 +02:00
Vincenzo Scamporlino
2903c1fd5d
Move PolicyQuery to permission-node
...
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev >
2022-04-08 12:28:59 +02:00
Vincenzo Scamporlino
8960a2bfed
Split PermissionClient#authorize
...
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com >
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev >
2022-04-08 12:28:59 +02:00
MT Lewis
8012ac46a0
permissions: ensure returned conditions match permission in PermissionPolicy#handle ( #10075 )
...
* permission-node: fix signature of permission rule in test suites
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* permission-common: add isPermission helper for comparing permissions
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* permission-node: adjust createConditionExports for more type safety
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* permissions: add resourceType property to PermissionCondition and PermissionRule
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* catalog: handle changes to PermissionCondition and PermissionRule types
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* catalog-backend: avoid re-exporting alpha import
cf. https://github.com/backstage/backstage/pull/10128
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
* Update changeset
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
* Resolve api-report conflict
Signed-off-by: Joon Park <joonp@spotify.com >
Co-authored-by: Joe Porpeglia <josephp@spotify.com >
Co-authored-by: Joon Park <joonp@spotify.com >
2022-03-28 11:06:38 +01:00
Joe Porpeglia
0b98a49509
Rename policy input type
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-03-25 10:02:46 -04:00
Joe Porpeglia
e43290ce96
Rename permission backend request and response types
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-03-25 10:02:46 -04:00
Joe Porpeglia
970814ed38
Move policy decision types to permission-common
...
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com >
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-03-25 10:02:46 -04:00
Joe Porpeglia
ac0a6cb827
Introduce PermissionMessageBatch utility type. Rename Identified type to IdentifiedPermissionMessage.
...
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com >
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-03-25 10:02:46 -04:00
Mike Lewis
899d38ea68
permission-common: add utility types for creating and refining Permissions
...
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
2022-03-22 14:32:38 -04:00
Vincenzo Scamporlino
7e0a0109bf
Export permission criteria utilities
...
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev >
2022-03-01 12:44:06 +01:00
Joe Porpeglia
0816f8237a
Improve error message when permissions are enabled without backend-to-backend authentication
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-02-18 15:38:01 -05:00
Joe Porpeglia
6a079788e8
Cast type instead of throwing
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-02-11 11:08:56 -05:00
Joe Porpeglia
08ce0c83dd
Use strict() validation for permission criteria zod schemas
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-02-11 11:08:56 -05:00
Joe Porpeglia
e66bb84798
Require at least one item in allOf/anyOf criteria
...
Signed-off-by: Joe Porpeglia <josephp@spotify.com >
2022-02-11 11:08:56 -05:00
Fredrik Adelöw
86b40d464f
move over BackstageSignInResult, BackstageIdentityResponse, BackstageUserIdentity
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2022-02-09 17:10:18 +01:00
MT Lewis
0ae4f4cc82
permissions: rename authorize request and response types to avoid envelope suffix
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 17:51:06 +00:00
MT Lewis
b768259244
permission-backend: wrap authorize request and response batches in envelope
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 17:51:05 +00:00
MT Lewis
3bb0afb54c
permission-node: add test for apply conditions router
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:30 +00:00
MT Lewis
34a4be296f
permission-node: list all incorrect resource types in apply-conditions handler
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:06 +00:00
MT Lewis
1fb2e0e0b4
permission-node: wrap request and response arrays in object
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:06 +00:00
MT Lewis
cbb85e07f0
permission-node: simplify undefined check and fix applyConditions signature
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:05 +00:00
MT Lewis
8e72b573aa
permission-node: switch to array for getResources return value
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:04 +00:00
MT Lewis
706b6c29e9
permission-node: allow batch retrieval of resources in /apply-conditions
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:04 +00:00
MT Lewis
b66704db18
permission-node: accept batched requests in /apply-conditions
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-13 13:04:03 +00:00
MT Lewis
9db1b86f32
permission-node: add helpers for creating PermissionRules
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2022-01-07 16:06:58 +00:00
MT Lewis
bc9a205b86
backend-common: remove isSecure property in favour of a property on the NoopServerTokenManager
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-12-21 10:04:04 +00:00
MT Lewis
20d10b57d6
permission-node: rename static create method to fromConfig
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-12-21 09:46:22 +00:00
MT Lewis
c829631b4a
permission-node: use filename import in ServerPermissionClient test suite
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-12-20 17:34:25 +00:00
Joon Park
f898c014ca
Add explicit instance variable to denote the given token manager's scope of authentication
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:52:36 +00:00
Joon Park
0e8ec6d974
Rename all the things
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:47 +00:00
Joon Park
d1801d7166
Refactor ServerPermissionClient away from inheritance
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:47 +00:00
Joon Park
816e0e04f9
Address various comments round 1
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:47 +00:00
Joon Park
24dce3ca43
Reintroduce noop token manager and refactor ServerPermissionClient
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:47 +00:00
Joon Park
abb7616345
Add changeset and docs.
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:46 +00:00
Joon Park
6b8713df35
Create ServerPermissionClient and add it to example backend
...
Signed-off-by: Joon Park <joonp@spotify.com >
2021-12-17 18:16:46 +00:00
Johan Haals
dd77b5eb12
Merge pull request #8283 from backstage/mob/identity-api
...
core-plugin-api: stabilize IdentityApi
2021-12-08 14:29:03 +01:00
Fredrik Adelöw
dcd1a0c3f4
Do not unpack arguments directly on exported items
...
Signed-off-by: Fredrik Adelöw <freben@gmail.com >
2021-12-07 19:42:10 +01:00
Johan Haals
8c337a480f
chore: Update types and API reports
...
Signed-off-by: Johan Haals <johan.haals@gmail.com >
2021-12-02 13:32:35 +01:00
MT Lewis
450ca92330
permissions: change permission integration route to use /.well-known prefix
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-12-01 15:52:08 +00:00
MT Lewis
8c6f4810c9
permission-node: fix test suite name
...
Co-authored-by: Joe Porpeglia <porpegliaj@gmail.com >
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-11-30 15:58:47 +00:00
MT Lewis
e7851efa9e
permission-node: rename and adjust policy return type to reduce nesting
...
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com >
2021-11-30 15:21:28 +00:00
Mike Lewis
370da15e7b
permission-node: separate doc comment summaries with @remarks tag
...
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
2021-11-24 14:30:21 +00:00
Mike Lewis
f5a25ec804
permission-node: fix typo in doc comment
...
Co-authored-by: Fredrik Adelöw <freben@gmail.com >
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
2021-11-24 14:19:59 +00:00
Mike Lewis
b08dbb1035
permission-node: destructure options inside function to simplify api-report
...
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
2021-11-24 14:18:11 +00:00
Mike Lewis
5bff67aac4
permission-node: expose ApplyConditionsResponse type
...
This type will be shared with the backend.
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
2021-11-22 15:37:36 +00:00
Mike Lewis
3254303a96
permission-node: refactor and split createPermissionIntegration
...
This refactor makes the createPermissionIntegration system much more
flexible by splitting it up into a few different helpers with different
responsibilities. This frees up plugin authors to connect together the
different parts of the permission integration in whatever way is
convenient for them, and makes the process of registering additional
permission rules a bit more explicit, by requiring them to be passed
in when constructing the systems for transforming or applying
conditions.
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com >
Co-authored-by: Joon Park <joonp@spotify.com >
Co-authored-by: Tim Hansen <timbonicus@gmail.com >
2021-11-22 15:37:35 +00:00