diff --git a/.changeset/green-bobcats-burn.md b/.changeset/green-bobcats-burn.md new file mode 100644 index 0000000000000..c28f4da678921 --- /dev/null +++ b/.changeset/green-bobcats-burn.md @@ -0,0 +1,22 @@ +--- +'@backstage/plugin-permission-backend': minor +--- + +Add a warning if the permission backend is used without setting `permission.enabled=true`. + +**BREAKING** Permission backend's `createRouter` now requires a `config` option. + +```diff +// packages/backend/src/plugins/permission.ts + +... +export default async function createPlugin({ + ... ++ config, +}: PluginEnvironment) { + return createRouter({ + ... ++ config, + }); +} +``` diff --git a/packages/backend/src/plugins/permission.ts b/packages/backend/src/plugins/permission.ts index 276d16ff971b8..557cea9a26c60 100644 --- a/packages/backend/src/plugins/permission.ts +++ b/packages/backend/src/plugins/permission.ts @@ -35,8 +35,9 @@ class AllowAllPermissionPolicy implements PermissionPolicy { export default async function createPlugin( env: PluginEnvironment, ): Promise { - const { logger, discovery } = env; + const { logger, discovery, config } = env; return await createRouter({ + config, logger, discovery, policy: new AllowAllPermissionPolicy(), diff --git a/plugins/permission-backend/api-report.md b/plugins/permission-backend/api-report.md index 843c9a315cbfb..2b591135356f7 100644 --- a/plugins/permission-backend/api-report.md +++ b/plugins/permission-backend/api-report.md @@ -3,6 +3,7 @@ > Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/). ```ts +import { Config } from '@backstage/config'; import express from 'express'; import { IdentityClient } from '@backstage/plugin-auth-node'; import { Logger as Logger_2 } from 'winston'; @@ -14,6 +15,8 @@ export function createRouter(options: RouterOptions): Promise; // @public export interface RouterOptions { + // (undocumented) + config: Config; // (undocumented) discovery: PluginEndpointDiscovery; // (undocumented) diff --git a/plugins/permission-backend/src/service/router.test.ts b/plugins/permission-backend/src/service/router.test.ts index 498fcb748b238..b98b32b01c1db 100644 --- a/plugins/permission-backend/src/service/router.test.ts +++ b/plugins/permission-backend/src/service/router.test.ts @@ -26,6 +26,7 @@ import { import { PermissionIntegrationClient } from './PermissionIntegrationClient'; import { createRouter } from './router'; +import { ConfigReader } from '@backstage/config'; const mockApplyConditions: jest.MockedFunction< InstanceType['applyConditions'] @@ -63,6 +64,7 @@ describe('createRouter', () => { beforeAll(async () => { const router = await createRouter({ + config: new ConfigReader({ permission: { enabled: true } }), logger: getVoidLogger(), discovery: { getBaseUrl: jest.fn(), diff --git a/plugins/permission-backend/src/service/router.ts b/plugins/permission-backend/src/service/router.ts index 413f3e6b45770..48f7b1a2e5196 100644 --- a/plugins/permission-backend/src/service/router.ts +++ b/plugins/permission-backend/src/service/router.ts @@ -44,6 +44,7 @@ import { import { PermissionIntegrationClient } from './PermissionIntegrationClient'; import { memoize } from 'lodash'; import DataLoader from 'dataloader'; +import { Config } from '@backstage/config'; const querySchema: z.ZodSchema> = z.object({ id: z.string(), @@ -79,6 +80,7 @@ export interface RouterOptions { discovery: PluginEndpointDiscovery; policy: PermissionPolicy; identity: IdentityClient; + config: Config; } const handleRequest = async ( @@ -139,7 +141,13 @@ const handleRequest = async ( export async function createRouter( options: RouterOptions, ): Promise { - const { policy, discovery, identity } = options; + const { policy, discovery, identity, config, logger } = options; + + if (!config.getOptionalBoolean('permission.enabled')) { + logger.warn( + 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.', + ); + } const permissionIntegrationClient = new PermissionIntegrationClient({ discovery,