* Allow for Kubernetes cluster authentication via google auth
- For the kubernetes and kubernetes-backend plugins
- The kubernetes (front-end) plugin uses the googleAuthApi and goes
through oauth flow to fetch a Google auth token for the current user
and pass that in a request to the kubernetes-backend plugin, which
uses this token as the service account token (and hence as the
authentication token for making K8s API requests).
- Related to https://github.com/spotify/backstage/issues/2552
* Use KubernetesAuthProvider and KubernetesAuthTranslator interfaces for K8s auth
- Implementations of KubernetesAuthProvider decorate the bodies of requests (for
Kubernetes resources) sent from the kubernetes plugin (frontend) to the
kubernetes-backend plugin (backend) with whatever information is
needed for K8s authentication
- Implementations of KubernetesAuthTranslator take the contents of these request
bodies sent from the kubernetes plugin (frontend) to the kubernetes-backend plugin
(backend) and use specific values in the bodies to properly set up tokens for K8s auth
- Start with KubernetesAuthProvider + KubernetesAuthTranslator
implementations for 'serviceAccount' and 'google' as auth providers
- Implementation of what was proposed at https://github.com/spotify/backstage/issues/2552#issuecomment-702545382
- Load in and prepare KubernetesAuthProvider implementations at plugin
startup time via KubernetesAuthProviders API (that essentially stores
or wraps these KubernetesAuthProvider instances)
- Related to https://github.com/spotify/backstage/issues/2552
- Combine the various exported types; the only API surface is now the
`PluginDatabaseClientFactory` which is a free function.
- Rename to the SingleConnectionManager class.
- Refactor the PluginEnvironment type to use databaseClientFactory for
clarity.
- Fix mergeDatabaseConfig to not override the input dictionary.
This implements several types to own and manage databases on a database
server. The current SimpleDatabase* classes preserve the present
behaviour; future implementations can segregate databases to be owned by
different roles.
Fully aware that this isn't pretty. But since I am in the process of debugging migrations and catalog stuff and want to easily run manually against several databases while waiting for proper testcontainers and e2e tests, this at least lets me gain some confidence short term.
Stefan Ålund