Add a dynamic-plugin-aware PluginIDProvider (janus-idp#705)

* Add a dynamic-plugin-aware `PluginIDProvider` Signed-off-by: David Festal <dfestal@redhat.com> * Add changeset Signed-off-by: David Festal <dfestal@redhat.com> --------- Signed-off-by: David Festal <dfestal@redhat.com>
RedHatInsights · Nov 6, 2023 · 6a28d78 · 6a28d78
1 parent 58ed7c0
commit 6a28d78
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 29 deletions.
diff --git a/.changeset/nervous-mangos-protect.md b/.changeset/nervous-mangos-protect.md
@@ -0,0 +1,5 @@
+---
+'backend': patch
+---
+
+Add RBAC permission policy retrieval for backend dynamic plugins.
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
@@ -185,27 +185,29 @@ async function main() {
   const apiRouter = Router();
 
   // Scalprum frontend plugins provider
-  const scalprumEnv = useHotMemoize(module, () => createEnv('scalprum'));
-  apiRouter.use(
-    '/scalprum',
-    await scalprumRouter({
-      logger: scalprumEnv.logger,
-      pluginManager,
-      discovery: scalprumEnv.discovery,
-    }),
-  );
+  await addPlugin({
+    plugin: 'scalprum',
+    apiRouter,
+    createEnv,
+    router: env =>
+      scalprumRouter({
+        logger: env.logger,
+        pluginManager,
+        discovery: env.discovery,
+      }),
+  });
 
   // Dynamic plugins info provider
-  const dynamicPluginsInfoEnv = useHotMemoize(module, () =>
-    createEnv('dynamic-plugins-info'),
-  );
-  apiRouter.use(
-    '/dynamic-plugins-info',
-    await dynamicPluginsInfoRouter({
-      logger: dynamicPluginsInfoEnv.logger,
-      pluginManager,
-    }),
-  );
+  await addPlugin({
+    plugin: 'dynamic-plugins-info',
+    apiRouter,
+    createEnv,
+    router: env =>
+      dynamicPluginsInfoRouter({
+        logger: env.logger,
+        pluginManager,
+      }),
+  });
 
   // Required plugins
   await addPlugin({ plugin: 'proxy', apiRouter, createEnv, router: proxy });
@@ -223,7 +225,21 @@ async function main() {
     plugin: 'permission',
     apiRouter,
     createEnv,
-    router: permission,
+    router: env =>
+      permission(env, {
+        getPluginIds: () => [
+          'catalog', // Add the other required static plugins here
+          ...(pluginManager
+            .backendPlugins()
+            .map(p => {
+              if (p.installer.kind !== 'legacy') {
+                return undefined;
+              }
+              return p.installer.router?.pluginID;
+            })
+            .filter(p => p !== undefined) as string[]),
+        ],
+      }),
   });
 
   for (const plugin of pluginManager.backendPlugins()) {

diff --git a/packages/backend/src/plugins/permission.ts b/packages/backend/src/plugins/permission.ts
@@ -1,16 +1,23 @@
 import type { Router } from 'express';
 import type { PluginEnvironment } from '../types';
-import { PolicyBuilder } from '@janus-idp/backstage-plugin-rbac-backend';
+import {
+  PolicyBuilder,
+  PluginIdProvider,
+} from '@janus-idp/backstage-plugin-rbac-backend';
 
 export default async function createPlugin(
   env: PluginEnvironment,
+  pluginIdProvider?: PluginIdProvider | undefined,
 ): Promise<Router> {
-  return await PolicyBuilder.build({
-    config: env.config,
-    logger: env.logger,
-    discovery: env.discovery,
-    identity: env.identity,
-    permissions: env.permissions,
-    tokenManager: env.tokenManager,
-  });
+  return await PolicyBuilder.build(
+    {
+      config: env.config,
+      logger: env.logger,
+      discovery: env.discovery,
+      identity: env.identity,
+      permissions: env.permissions,
+      tokenManager: env.tokenManager,
+    },
+    pluginIdProvider,
+  );
 }