UNPKG

@infosys_ltd/openfga-plugin-backstage

Version:

This plugin wraps around the Backstage Permission Framework and uses the OPENFGA client to evaluate policies.

github.com/Infosys/openfga-plugin-backstage

Infosys/openfga-plugin-backstage

75 lines (67 loc) 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import * as react from 'react'; import * as _backstage_core_plugin_api from '@backstage/core-plugin-api'; import { DiscoveryApi, ConfigApi } from '@backstage/core-plugin-api'; import * as _backstage_config from '@backstage/config'; import { PolicyDecision } from '@backstage/plugin-permission-common'; import { PermissionPolicy, PolicyQuery } from '@backstage/plugin-permission-node'; import { BackstageIdentityResponse } from '@backstage/plugin-auth-node'; import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api'; declare const openfgaPlugin: _backstage_core_plugin_api.BackstagePlugin<{ root: _backstage_core_plugin_api.RouteRef<undefined>; }, {}, {}>; declare const OpenfgaPage: () => react.JSX.Element; interface OpenFgaRequest { tuple_key: { user: string; relation: string; object: string; }; authorization_model_id: string; } interface OpenFgaResponse { allowed: boolean; ok?: boolean; message: string; } declare class OpenFgaClient implements OpenFgaApi { readonly discoveryApi: DiscoveryApi; private readonly baseUrl; private readonly storeId; private readonly authorizationModelId; private permissionResponse; static fromConfig(configApi: ConfigApi, discoveryApi: DiscoveryApi): OpenFgaClient; constructor(opts: { discoveryApi: DiscoveryApi; baseUrl: string; storeId: string; authorizationModelId: string; }); getPermissionResponse(): OpenFgaResponse | null; private fetch; sendPermissionRequest(entityName: string, action: string, userName: any): Promise<OpenFgaResponse>; addPolicy(entityName: string, accessType: string, userName: any): Promise<OpenFgaResponse>; revokePolicy(entityName: string, accessType: string, userName: any): Promise<OpenFgaResponse>; } declare const openFgaApiRef: _backstage_core_plugin_api.ApiRef<OpenFgaApi>; interface OpenFgaApi { sendPermissionRequest(entityName: string, action: string, userName: any): Promise<OpenFgaResponse>; addPolicy(entityName: string, accessType: string, userName: any): Promise<OpenFgaResponse>; revokePolicy(entityName: string, accessType: string, userName: any): Promise<OpenFgaResponse>; } declare const openFgaApiFactory: { deps: { configApi: _backstage_core_plugin_api.ApiRef<_backstage_config.Config>; discoveryApi: _backstage_core_plugin_api.ApiRef<DiscoveryApi>; }; factory: ({ configApi, discoveryApi }: { configApi: ConfigApi; discoveryApi: DiscoveryApi; }) => OpenFgaClient; }; declare class OpenFgaCatalogPolicy implements PermissionPolicy { private openFgaClient; constructor(configApi: ConfigApi, discoveryApi: DiscoveryApi); handle(request: PolicyQuery, user: BackstageIdentityResponse): Promise<PolicyDecision>; } declare const permissionModuleCatalogPolicy: _backstage_backend_plugin_api.BackendFeatureCompat; export { type OpenFgaApi, OpenFgaCatalogPolicy, OpenFgaClient, type OpenFgaRequest, type OpenFgaResponse, OpenfgaPage, openFgaApiFactory, openFgaApiRef, openfgaPlugin, permissionModuleCatalogPolicy };