Move policy decision types to permission-common

Co-authored-by: Mike Lewis <[email protected]>
Signed-off-by: Joe Porpeglia <[email protected]>

packages/backend/src/plugins/permission.ts

@@ -16,11 +16,11 @@
 
 import { IdentityClient } from '@backstage/plugin-auth-node';
 import { createRouter } from '@backstage/plugin-permission-backend';
-import { AuthorizeResult } from '@backstage/plugin-permission-common';
 import {
-  PermissionPolicy,
+  AuthorizeResult,
   PolicyDecision,
-} from '@backstage/plugin-permission-node';
+} from '@backstage/plugin-permission-common';
+import { PermissionPolicy } from '@backstage/plugin-permission-node';
 import { Router } from 'express';
 import { PluginEnvironment } from '../types';
 

plugins/permission-backend/src/service/PermissionIntegrationClient.ts

@@ -17,11 +17,13 @@
 import fetch from 'node-fetch';
 import { z } from 'zod';
 import { PluginEndpointDiscovery } from '@backstage/backend-common';
-import { AuthorizeResult } from '@backstage/plugin-permission-common';
+import {
+  AuthorizeResult,
+  ConditionalPolicyDecision,
+} from '@backstage/plugin-permission-common';
 import {
   ApplyConditionsRequestEntry,
   ApplyConditionsResponseEntry,
-  ConditionalPolicyDecision,
 } from '@backstage/plugin-permission-node';
 
 const responseSchema = z.object({

plugins/permission-common/src/types/api.ts

@@ -50,6 +50,46 @@ export enum AuthorizeResult {
   CONDITIONAL = 'CONDITIONAL',
 }
 
+/**
+ * A definitive decision returned by the {@link @backstage/plugin-permission-node#PermissionPolicy}.
+ *
+ * @remarks
+ *
+ * This indicates that the policy unconditionally allows (or denies) the request.
+ *
+ * @public
+ */
+export type DefinitivePolicyDecision = {
+  result: AuthorizeResult.ALLOW | AuthorizeResult.DENY;
+};
+
+/**
+ * A conditional decision returned by the {@link @backstage/plugin-permission-node#PermissionPolicy}.
+ *
+ * @remarks
+ *
+ * This indicates that the policy allows authorization for the request, given that the returned
+ * conditions hold when evaluated. The conditions will be evaluated by the corresponding plugin
+ * which knows about the referenced permission rules.
+ *
+ * @public
+ */
+export type ConditionalPolicyDecision = {
+  result: AuthorizeResult.CONDITIONAL;
+  pluginId: string;
+  resourceType: string;
+  conditions: PermissionCriteria<PermissionCondition>;
+};
+
+/**
+ * A decision returned by the {@link @backstage/plugin-permission-node#PermissionPolicy}.
+ *
+ * @public
+ */
+export type PolicyDecision =
+  | DefinitivePolicyDecision
+  | ConditionalPolicyDecision;
+
 /**
  * An individual authorization request for {@link PermissionClient#authorize}.
  * @public

plugins/permission-common/src/types/index.ts

@@ -22,6 +22,9 @@ export type {
   AuthorizeResponse,
   IdentifiedPermissionMessage,
   PermissionMessageBatch,
+  ConditionalPolicyDecision,
+  DefinitivePolicyDecision,
+  PolicyDecision,
   PermissionCondition,
   PermissionCriteria,
   AllOfCriteria,

plugins/permission-node/src/integration/createConditionExports.ts

@@ -16,10 +16,10 @@
 
 import {
   AuthorizeResult,
+  ConditionalPolicyDecision,
   PermissionCondition,
   PermissionCriteria,
 } from '@backstage/plugin-permission-common';
-import { ConditionalPolicyDecision } from '../policy';
 import { PermissionRule } from '../types';
 import { createConditionFactory } from './createConditionFactory';
 

plugins/permission-node/src/integration/createPermissionIntegrationRouter.ts

@@ -21,6 +21,7 @@ import { InputError } from '@backstage/errors';
 import { errorHandler } from '@backstage/backend-common';
 import {
   AuthorizeResult,
+  DefinitivePolicyDecision,
   IdentifiedPermissionMessage,
   PermissionCondition,
   PermissionCriteria,
@@ -32,7 +33,6 @@ import {
   isNotCriteria,
   isOrCriteria,
 } from './util';
-import { DefinitivePolicyDecision } from '../policy/types';
 
 const permissionCriteriaSchema: z.ZodSchema<
   PermissionCriteria<PermissionCondition>

plugins/permission-node/src/policy/index.ts

@@ -14,10 +14,4 @@
  * limitations under the License.
  */
 
-export type {
-  ConditionalPolicyDecision,
-  DefinitivePolicyDecision,
-  PermissionPolicy,
-  PolicyAuthorizeQuery,
-  PolicyDecision,
-} from './types';
+export type { PermissionPolicy, PolicyAuthorizeQuery } from './types';

plugins/permission-node/src/policy/types.ts

@@ -16,9 +16,7 @@
 
 import {
   AuthorizeQuery,
-  AuthorizeResult,
-  PermissionCondition,
-  PermissionCriteria,
+  PolicyDecision,
 } from '@backstage/plugin-permission-common';
 import { BackstageIdentityResponse } from '@backstage/plugin-auth-node';
 
@@ -35,48 +33,6 @@ import { BackstageIdentityResponse } from '@backstage/plugin-auth-node';
  */
 export type PolicyAuthorizeQuery = Omit<AuthorizeQuery, 'resourceRef'>;
 
-/**
- * A definitive result to an authorization request, returned by the {@link PermissionPolicy}.
- *
- * @remarks
- *
- * This indicates that the policy unconditionally allows (or denies) the request.
- *
- * @public
- */
-export type DefinitivePolicyDecision = {
-  result: AuthorizeResult.ALLOW | AuthorizeResult.DENY;
-};
-
-/**
- * A conditional result to an authorization request, returned by the {@link PermissionPolicy}.
- *
- * @remarks
- *
- * This indicates that the policy allows authorization for the request, given that the returned
- * conditions hold when evaluated. The conditions will be evaluated by the corresponding plugin
- * which knows about the referenced permission rules.
- *
- * Similar to {@link @backstage/permission-common#AuthorizeDecision}, but with the plugin and resource
- * identifiers needed to evaluate the returned conditions.
- * @public
- */
-export type ConditionalPolicyDecision = {
-  result: AuthorizeResult.CONDITIONAL;
-  pluginId: string;
-  resourceType: string;
-  conditions: PermissionCriteria<PermissionCondition>;
-};
-
-/**
- * The result of evaluating an authorization request with a {@link PermissionPolicy}.
- *
- * @public
- */
-export type PolicyDecision =
-  | DefinitivePolicyDecision
-  | ConditionalPolicyDecision;
-
 /**
  * A policy to evaluate authorization requests for any permissioned action performed in Backstage.
  *