@backstage/plugin-catalog-backend
Version:
The Backstage backend plugin that provides the Backstage catalog
122 lines (117 loc) • 6.03 kB
TypeScript
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
import { PermissionRuleParams } from '@backstage/plugin-permission-common';
import * as _backstage_plugin_permission_node from '@backstage/plugin-permission-node';
import { PermissionRule } from '@backstage/plugin-permission-node';
import * as _backstage_plugin_catalog_node from '@backstage/plugin-catalog-node';
import { EntitiesSearchFilter } from '@backstage/plugin-catalog-node';
import * as _backstage_catalog_model from '@backstage/catalog-model';
import { Entity } from '@backstage/catalog-model';
/**
* These conditions are used when creating conditional decisions for catalog
* entities that are returned by authorization policies.
*
* @alpha
*/
declare const catalogConditions: _backstage_plugin_permission_node.Conditions<{
hasAnnotation: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
annotation: string;
value?: string | undefined;
}>;
hasLabel: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
label: string;
value?: string | undefined;
}>;
hasMetadata: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
key: string;
value?: string | undefined;
}>;
hasSpec: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
key: string;
value?: string | undefined;
}>;
isEntityKind: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
kinds: string[];
}>;
isEntityOwner: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
claims: string[];
}>;
}>;
/**
* `createCatalogConditionalDecision` can be used when authoring policies to
* create conditional decisions. It requires a permission of type
* `ResourcePermission<'catalog-entity'>` to be passed as the first parameter.
* It's recommended that you use the provided `isResourcePermission` and
* `isPermission` helper methods to narrow the type of the permission passed to
* the handle method as shown below.
*
* ```
* // MyAuthorizationPolicy.ts
* ...
* import { createCatalogPolicyDecision } from '@backstage/plugin-catalog-backend';
* import { RESOURCE_TYPE_CATALOG_ENTITY } from '@backstage/plugin-catalog-common';
*
* class MyAuthorizationPolicy implements PermissionPolicy {
* async handle(request, user) {
* ...
*
* if (isResourcePermission(request.permission, RESOURCE_TYPE_CATALOG_ENTITY)) {
* return createCatalogConditionalDecision(
* request.permission,
* { anyOf: [...insert conditions here...] }
* );
* }
*
* ...
* }
* ```
*
* @alpha
*/
declare const createCatalogConditionalDecision: (permission: _backstage_plugin_permission_common.ResourcePermission<"catalog-entity">, conditions: _backstage_plugin_permission_common.PermissionCriteria<_backstage_plugin_permission_common.PermissionCondition<"catalog-entity">>) => _backstage_plugin_permission_common.ConditionalPolicyDecision;
/**
* Convenience type for {@link @backstage/plugin-permission-node#PermissionRule}
* instances with the correct resource type, resource, and filter to work with
* the catalog.
*
* @alpha
*/
type CatalogPermissionRule<TParams extends PermissionRuleParams = PermissionRuleParams> = PermissionRule<Entity, EntitiesSearchFilter, 'catalog-entity', TParams>;
/**
* Helper function for creating correctly-typed
* {@link @backstage/plugin-permission-node#PermissionRule}s for the
* catalog-backend.
*
* @alpha
*/
declare const createCatalogPermissionRule: <TParams extends PermissionRuleParams = undefined>(rule: PermissionRule<Entity, EntitiesSearchFilter, "catalog-entity", TParams>) => PermissionRule<Entity, EntitiesSearchFilter, "catalog-entity", TParams>;
/**
* These permission rules can be used to conditionally filter catalog entities
* or describe a user's access to the entities.
*
* @alpha
*/
declare const permissionRules: {
hasAnnotation: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
annotation: string;
value?: string | undefined;
}>;
hasLabel: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
label: string;
value?: string | undefined;
}>;
hasMetadata: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
key: string;
value?: string | undefined;
}>;
hasSpec: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
key: string;
value?: string | undefined;
}>;
isEntityKind: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
kinds: string[];
}>;
isEntityOwner: _backstage_plugin_permission_node.PermissionRule<_backstage_catalog_model.Entity, _backstage_plugin_catalog_node.EntitiesSearchFilter, "catalog-entity", {
claims: string[];
}>;
};
export { type CatalogPermissionRule, catalogConditions, createCatalogConditionalDecision, createCatalogPermissionRule, permissionRules };