Commit Graph

81 Commits

Author SHA1 Message Date
Harry Hogg fd7fc3902e Updated MetaData wording to Metadata
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-17 17:45:16 +01:00
Harry Hogg a7e4adf169 Updated import location
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-17 17:00:10 +01:00
Harry Hogg 9335ad115e Exported types for the permission router metadata endpoint
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-12 08:21:57 +01:00
Harry Hogg bbbe968e10 Fixed allowing optional params outside of the toQuery and apply
Signed-off-by: Harry Hogg <hhogg@spotify.com>

Co-authored-by: Mike Lewis <mlewis@spotify.com>
2022-10-11 11:53:02 +01:00
Harry Hogg 78e7698e4b Removed unnecessary tupling of params
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-07 12:08:00 +01:00
Harry Hogg fa40df2bc7 Made changs to allow params and schemas to be defaulted and required only when there is params defined.
Co-authored-by: Vincenzo Scamporlino <vincenzos@spotify.com>
Co-authored-by: Mike Lewis <mlewis@spotify.com>

Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-06 12:09:42 +01:00
Harry Hogg db63ce8b07 Rename schema to paramsSchema
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-06 09:36:54 +01:00
Harry Hogg 26e5513c32 Update API reports
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 15:57:04 +01:00
Harry Hogg 4eb0f6d23d Limited the permission rule parameters to JsonPrimatives and array of
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 13:24:33 +01:00
Harry Hogg fbc636c4a5 Use z.input to corrently type the input to correctly reflect optional fields
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:14:22 +01:00
Harry Hogg 445c5f41a5 Reworded and added missing parameter descriptions
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:14:20 +01:00
Harry Hogg 42fa9cdcdb Removed the parameters count from the permissions metadata endpoint
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:17 +01:00
Harry Hogg 755361681c Add explanation comment around the schema type and whay we need to remove the optional def for the schema
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:17 +01:00
Harry Hogg 1d4b847c98 Explicitly use the schema to infer the types for the permission rule
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:16 +01:00
Harry Hogg 6d447843fa Changing over permission rules params API to accept a single object
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:16 +01:00
Harry Hogg eec3f766f2 Output a JSON schema from the .well-known metadata endpoint
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:15 +01:00
Harry Hogg 9fe88c4fab Added parameter validation using the param schemas
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:15 +01:00
Harry Hogg e9b4191071 Added parameter scheamas to permission rules
Signed-off-by: Harry Hogg <hhogg@spotify.com>
2022-10-04 12:03:15 +01:00
Fredrik Adelöw aaab1e34da Fix linting errors after #13392
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2022-08-30 13:44:09 +02:00
Fredrik Adelöw 9212439d15 just some more use of setupRequestMockHandlers
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2022-08-24 11:26:12 +02:00
Joon Park 58426f9c0f Create permission aggregation endpoints (#11695)
* Create permission aggregation endpoints

Signed-off-by: Joon Park <joonp@spotify.com>

* Spelling

Signed-off-by: Joon Park <joonp@spotify.com>

* Refactor permission metadata aggregation into one endpoint

Signed-off-by: Joe Porpeglia <josephp@spotify.com>

* Change parameter field shape

Signed-off-by: Joon Park <joonp@spotify.com>

Co-authored-by: Joe Porpeglia <josephp@spotify.com>
2022-06-10 11:32:28 +01:00
Joe Porpeglia 90754d4fa9 Remove strict validation from PermissionCriteria schemas
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-04-18 12:38:29 -04:00
Vincenzo Scamporlino 63902fcc17 PermissionEvaluator: rename query to authorizeConditional
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev>
2022-04-08 12:29:00 +02:00
Vincenzo Scamporlino 2903c1fd5d Move PolicyQuery to permission-node
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev>
2022-04-08 12:28:59 +02:00
Vincenzo Scamporlino 8960a2bfed Split PermissionClient#authorize
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com>
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev>
2022-04-08 12:28:59 +02:00
MT Lewis 8012ac46a0 permissions: ensure returned conditions match permission in PermissionPolicy#handle (#10075)
* permission-node: fix signature of permission rule in test suites

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* permission-common: add isPermission helper for comparing permissions

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* permission-node: adjust createConditionExports for more type safety

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* permissions: add resourceType property to PermissionCondition and PermissionRule

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* catalog: handle changes to PermissionCondition and PermissionRule types

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* catalog-backend: avoid re-exporting alpha import

cf. https://github.com/backstage/backstage/pull/10128

Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>

* Update changeset

Signed-off-by: Joe Porpeglia <josephp@spotify.com>

* Resolve api-report conflict

Signed-off-by: Joon Park <joonp@spotify.com>

Co-authored-by: Joe Porpeglia <josephp@spotify.com>
Co-authored-by: Joon Park <joonp@spotify.com>
2022-03-28 11:06:38 +01:00
Joe Porpeglia 0b98a49509 Rename policy input type
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-03-25 10:02:46 -04:00
Joe Porpeglia e43290ce96 Rename permission backend request and response types
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-03-25 10:02:46 -04:00
Joe Porpeglia 970814ed38 Move policy decision types to permission-common
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com>
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-03-25 10:02:46 -04:00
Joe Porpeglia ac0a6cb827 Introduce PermissionMessageBatch utility type. Rename Identified type to IdentifiedPermissionMessage.
Co-authored-by: Mike Lewis <mtlewis@users.noreply.github.com>
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-03-25 10:02:46 -04:00
Mike Lewis 899d38ea68 permission-common: add utility types for creating and refining Permissions
Signed-off-by: Mike Lewis <mtlewis@users.noreply.github.com>
2022-03-22 14:32:38 -04:00
Vincenzo Scamporlino 7e0a0109bf Export permission criteria utilities
Signed-off-by: Vincenzo Scamporlino <me@vinzscam.dev>
2022-03-01 12:44:06 +01:00
Joe Porpeglia 0816f8237a Improve error message when permissions are enabled without backend-to-backend authentication
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-02-18 15:38:01 -05:00
Joe Porpeglia 6a079788e8 Cast type instead of throwing
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-02-11 11:08:56 -05:00
Joe Porpeglia 08ce0c83dd Use strict() validation for permission criteria zod schemas
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-02-11 11:08:56 -05:00
Joe Porpeglia e66bb84798 Require at least one item in allOf/anyOf criteria
Signed-off-by: Joe Porpeglia <josephp@spotify.com>
2022-02-11 11:08:56 -05:00
Fredrik Adelöw 86b40d464f move over BackstageSignInResult, BackstageIdentityResponse, BackstageUserIdentity
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2022-02-09 17:10:18 +01:00
MT Lewis 0ae4f4cc82 permissions: rename authorize request and response types to avoid envelope suffix
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 17:51:06 +00:00
MT Lewis b768259244 permission-backend: wrap authorize request and response batches in envelope
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 17:51:05 +00:00
MT Lewis 3bb0afb54c permission-node: add test for apply conditions router
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:30 +00:00
MT Lewis 34a4be296f permission-node: list all incorrect resource types in apply-conditions handler
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:06 +00:00
MT Lewis 1fb2e0e0b4 permission-node: wrap request and response arrays in object
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:06 +00:00
MT Lewis cbb85e07f0 permission-node: simplify undefined check and fix applyConditions signature
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:05 +00:00
MT Lewis 8e72b573aa permission-node: switch to array for getResources return value
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:04 +00:00
MT Lewis 706b6c29e9 permission-node: allow batch retrieval of resources in /apply-conditions
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:04 +00:00
MT Lewis b66704db18 permission-node: accept batched requests in /apply-conditions
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-13 13:04:03 +00:00
MT Lewis 9db1b86f32 permission-node: add helpers for creating PermissionRules
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2022-01-07 16:06:58 +00:00
MT Lewis bc9a205b86 backend-common: remove isSecure property in favour of a property on the NoopServerTokenManager
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2021-12-21 10:04:04 +00:00
MT Lewis 20d10b57d6 permission-node: rename static create method to fromConfig
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2021-12-21 09:46:22 +00:00
MT Lewis c829631b4a permission-node: use filename import in ServerPermissionClient test suite
Signed-off-by: MT Lewis <mtlewis@users.noreply.github.com>
2021-12-20 17:34:25 +00:00