permissions: change permission integration route to use /.well-known prefix

Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2021-12-01 11:40:44 +00:00
parent b7b33e0293
commit 450ca92330
5 changed files with 15 additions and 9 deletions
@@ -0,0 +1,6 @@
+---
+'@backstage/plugin-permission-backend': minor
+'@backstage/plugin-permission-node': minor
+---
+
+Change route used for integration between the authorization framework and other plugin backends to use the /.well-known prefix.
@@ -64,7 +64,7 @@ describe('PermissionIntegrationClient', () => {
      server.listen({ onUnhandledRequest: 'error' });
      server.use(
        rest.post(
-          `${mockBaseUrl}/permissions/apply-conditions`,
+          `${mockBaseUrl}/.well-known/backstage/permissions/apply-conditions`,
          mockApplyConditionsHandler,
        ),
      );
@@ -54,7 +54,7 @@ export class PermissionIntegrationClient {
  ): Promise<ApplyConditionsResponse> {
    const endpoint = `${await this.discovery.getBaseUrl(
      pluginId,
-    )}/permissions/apply-conditions`;
+    )}/.well-known/backstage/permissions/apply-conditions`;

    const request: ApplyConditionsRequest = {
      resourceRef,
@@ -61,7 +61,7 @@ describe('createPermissionIntegrationRouter', () => {
    expect(router).toBeDefined();
  });

-  describe('POST /permissions/apply-conditions', () => {
+  describe('POST /.well-known/backstage/permissions/apply-conditions', () => {
    it.each([
      { rule: 'test-rule-1', params: ['abc', 123] },
      {
@@ -94,7 +94,7 @@ describe('createPermissionIntegrationRouter', () => {
      },
    ])('returns 200/ALLOW when criteria match (case %#)', async conditions => {
      const response = await request(app)
-        .post('/permissions/apply-conditions')
+        .post('/.well-known/backstage/permissions/apply-conditions')
        .send({
          resourceRef: 'default:test/resource',
          resourceType: 'test-resource',
@@ -135,7 +135,7 @@ describe('createPermissionIntegrationRouter', () => {
      'returns 200/DENY when criteria do not match (case %#)',
      async conditions => {
        const response = await request(app)
-          .post('/permissions/apply-conditions')
+          .post('/.well-known/backstage/permissions/apply-conditions')
          .send({
            resourceRef: 'default:test/resource',
            resourceType: 'test-resource',
@@ -149,7 +149,7 @@ describe('createPermissionIntegrationRouter', () => {

    it('returns 400 when called with incorrect resource type', async () => {
      const response = await request(app)
-        .post('/permissions/apply-conditions')
+        .post('/.well-known/backstage/permissions/apply-conditions')
        .send({
          resourceRef: 'default:test/resource',
          resourceType: 'test-incorrect-resource',
@@ -168,7 +168,7 @@ describe('createPermissionIntegrationRouter', () => {
      mockGetResource.mockReturnValueOnce(Promise.resolve(undefined));

      const response = await request(app)
-        .post('/permissions/apply-conditions')
+        .post('/.well-known/backstage/permissions/apply-conditions')
        .send({
          resourceRef: 'default:test/resource',
          resourceType: 'test-resource',
@@ -198,7 +198,7 @@ describe('createPermissionIntegrationRouter', () => {
      { conditions: { anyOf: [] } },
    ])(`returns 400 for invalid input %#`, async input => {
      const response = await request(app)
-        .post('/permissions/apply-conditions')
+        .post('/.well-known/backstage/permissions/apply-conditions')
        .send(input);

      expect(response.status).toEqual(400);
@@ -132,7 +132,7 @@ export const createPermissionIntegrationRouter = <TResource>({
  const getRule = createGetRule(rules);

  router.post(
-    '/permissions/apply-conditions',
+    '/.well-known/backstage/permissions/apply-conditions',
    express.json(),
    async (
      req,