Add GitLab auth

Author: GDYendell

backstage/app-config.yaml

@@ -53,22 +53,15 @@ techdocs:
 auth:
   environment: development
   providers:
-    # guest: {}
-    # github:
-    #   development:
-    #     clientId: ${GITHUB_APP_CLIENT_ID}
-    #     clientSecret: ${GITHUB_APP_SECRET}
+    guest: {}
     gitlab:
       development:
         clientId: ${AUTH_GITLAB_CLIENT_ID}
         clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
         audience: https://gitlab.diamond.ac.uk
-        ## uncomment if using a custom redirect URI
-        # callbackUrl: https://${BASE_URL}/api/auth/gitlab/handler/frame
-        # signIn:
-        #   resolvers:
-        #     # See https://backstage.io/docs/auth/gitlab/provider#resolvers for more resolvers
-        #     - resolver: usernameMatchingUserEntityName
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
 
 catalog:
   readonly: true

backstage/packages/backend/src/index.ts

@@ -1,52 +1,15 @@
 import { createBackend } from '@backstage/backend-defaults';
-import { createBackendModule } from '@backstage/backend-plugin-api';
-import { gitlabAuthenticator } from '@backstage/plugin-auth-backend-module-gitlab-provider';
-import {
-  authProvidersExtensionPoint,
-  createOAuthProviderFactory,
-} from '@backstage/plugin-auth-node';
 import {
   catalogPluginGitlabFillerProcessorModule,
   gitlabPlugin,
 } from '@immobiliarelabs/backstage-plugin-gitlab-backend';
 
-const customAuth = createBackendModule({
-  // This ID must be exactly "auth" because that's the plugin it targets
-  pluginId: 'auth',
-  // This ID must be unique, but can be anything
-  moduleId: 'custom-auth-provider',
-  register(reg) {
-    reg.registerInit({
-      deps: { providers: authProvidersExtensionPoint },
-      async init({ providers }) {
-        providers.registerProvider({
-          providerId: 'gitlab',
-          factory: createOAuthProviderFactory({
-            authenticator: gitlabAuthenticator,
-            async signInResolver(info, ctx) {
-              console.log(info);
-              const userEntity = 'user:default/guest';
-              return ctx.issueToken({
-                claims: {
-                  sub: userEntity,
-                  ent: [userEntity],
-                },
-              });
-            },
-          }),
-        });
-      },
-    });
-  },
-});
-
 const backend = createBackend();
 
 // Auth
 backend.add(import('@backstage/plugin-auth-backend'));
-// backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
-// backend.add(import('@backstage/plugin-auth-backend-module-gitlab-provider'));
-backend.add(customAuth);
+backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
+backend.add(import('@backstage/plugin-auth-backend-module-gitlab-provider'));
 
 // Catalog with Scaffolder module
 backend.add(import('@backstage/plugin-catalog-backend'));

charts/backend/dev-values.yaml

@@ -16,5 +16,7 @@ secrets:
   githubAppSecret: AgBViW+/AOCSg+nIhhxWqZf/Zn7WxWWHIYte6A5Y89W1aEl7iVI/dl4Fr+QGS/ucQVEpO0hKv2d1JVxbiJv82yR2BsHlvZnv6D6BTdfpW8XFrTGpgK5AUMIVoFpBBXuyd/3120KdqIN9U6V/MGFRvY4Cc5uf0yZ4DIfh8Om4BcgiyUkkKMSrnBftnEeP7ZOiDXMGyb5OGcFHc5duNDpIjgnfJz4E6mSqEHjrNcREeqxXWFa+hGoPDMr100h0x/cgseWMMi8FNZgDFmL8qfu/uzLbPTjG0auyajKjUJcbrpZHc85cLER9mLY5dIBSbn8Fm37z523kkAx2tDsw387/1e3frL81fTpqBCL/lGuqmGhV9e064KFf6iahRJXOJ133RrPsae1HkeNDzNp2gifLLWOCN1tl5DkmpgIZtN/9Bgz+hIqVGo4Q369Xrljx2xpzaFALV/EmjkSiaxsHeAJGITC2FYWEo+5hwg+hsVKehUWzbTBQVhIlSNr/xsSCWqcl8kJ3AD2QvWUtQtZn+eSjAnol8NgYUzfD4de0vDAy2o1LVEIF0+kPv6YxC+8DEWkrDiAR/N0sdWlviCnys8VEjzvf1kML6mPHBKHtfjR3QR+uNTSXv4kLDpMvQvuDNe0QGaUoOcim4MQCysYa215fu8NyycmhCAsO9kMvrdEgSfpetkA1rbq8grDLxWL1ptfc0cSMLkevOuGNI+omH04kLV9JUyZSUa3TOZMn6rAkmGXLCF5bJGpUI6T/
   githubToken: AgAZomoKEOt9/dinkfc6kpj8Hrq/pVVEBE7eklKUhexkZIEO5NCWNX8RByRC6JQgndL4fcS+whlHLBSaLnK6P46wfbdeH3kP6eNOgnQCoEn3grtKfvIhDqFLsxMkRKiYH18uikI8muIj4c8qDI5YTkgW+H2i8qx580tHw7IU9tz9eEqBtx5LoUA0DEX6jOlAh58ivgwhjmhXCgPkV0wU/9kumk2/rx4qeaNRz9+iUe6DJt5vmxjMMsHh+txoPeVEqf95XNBtHeSpDMwB8HkdnJZqgX6GLd55JUNb+ZNuFY9MUJabthLykMyTJ6ZVzJ4cvZn3p49i0NAIOdnuKWQ/o7Fy5KAN5nLiS3rP2tneR5+WVWL+ZFLbgaw5c8AbK7+9Ol6rhP6k1Pgd9DfkKlrODHosHp//TWXddnH6yZNQZRz1O8fxIlEyUezLx62gQQOnku23sntWSCUqsob1HkUyvHFHll+fmSQV78EKe5LyAroaQGDXVQK5roJCGWStHMCYhDvETzQyd0V+dd7tvOX4ColyeCZNY+1pOVexob+O888em2ubB2hRri6i2FvDOySUU5nHSNoOX6lOGMGyXV7KMCTodJQLZvONdJZEjlOtb6S0o1EiBC+IIYWYr/mR71fTUBuVkFQaMO17dFMe0TQ8t0XzwcHPrKAC+jPuUSDLEIBVZWw2Wf67vDE6xCbgNBF5+LOLemxG1j6WGJjQq3MKtf26gYoBBmyF9Pwhjv+OVm+RBzISb2b4eKK1
   gitlabToken: AgAIDeRGbHTXIo9htz+UJKy01ak7V16E53LNRShWtndgMKI3665/lVPTmX8uRbpSYxKdQjE56YHkZKjcms8GTVjaKLzaUxXmfxgPs3HZ/7cyRLZzCGoo7g4loMOjPk7Lp/BnEz6h8Dy7IHNYV42Ag452U0j1RvSCsAoZP/9mQ2yMmOFfhge7azS3eFaZ8h8j8Jz86wEfQcpiHRA/pvp59QbF21YDumP/DGB9qp/gheuGPJ0o3FRG4O364P3LK+JxV2JFbjuWw9S0a0lMB17NkEubrRkph+/2vHKiAUVVlQRAgb4DsgGAUtUUiMRPa/gzUaC4cI2A2ON6yV0EyljNV31/E7CAzSRP1m/uKy8E8Psywy5hC4WtuRgeda8J1PRuYV2NaGUcx/zbrLLNLX79gfSqkgp30vhjNftbx9YDV+lza18hIYetIL+pq/r6rDHaqFMxwJCB1ki19txbhmx+b3TojawkU0QeGBDBmjHw9k9RKJ9LNYWjSwZed00LXl1afAJFLMhbQGGz5AvHwq8Rdo4gvSstJPrOZMiptvlWTjeAQt8JLGjXpUyhaUQWo/kWIITqgNrvKAhHvK7FM1LcqKOffnnAVYtPzMeSu8vqIeOaQChZVvSwFFgRWfCN3PEasAkjDpGqI9HkUpinSAij1C7YZQ9SF9rLbL02jMLR4aFzzlUkTYULF7oZNER6F3chGdQjN3Alc9h1zTGYWLrAXCBOZosCdqr6JTZt2w==
+  authGitlabClientId: AgBoTlY1xr1SM9BvQMbaPGVok8sb5s8QWpFs2Y6wr7UIeIMgkGbKBhv7HE2qJD7HiJ/DDL3p4r1of95vz1sKaPuZ/+AwxstjSEf6+N8YJbFz/aXNJ1RLZlExJ+V2/CWBVL4hGrg4OXpnNzc7LqUnnv3P2ZqeKX1341dt7EiGUYS2ymeLtmA+G0IXaAxwiydNUYsb0aMfUEnEL0f2IORzj+nInTNFRGwl8tUO9lsWhS356+FZDBlEtaErtqHsY1KzY5ox6DLiXlxmJKxeLNvrA6f0ycmhZqbmgF6FbZ4SccZA7ExAqxgiQpC3bc2K3Rw+mpZX6fNeRaSxSC3dlkCzjnFgoPUpeJrNtSDUzu7CoBqU4BcqhQ+6c/2xl0iFjoMlZx2hc8JpBlHao035FoawP4z4maXWevJayU4vkVNwq5ha/8K7GOaXL8Tl+Tv/W8BWvbfDSHNCXqYv5lzNyTkO8upUIt5nRibFxEO5dUbmbv72pRk9l/ecr+nTsdMhY2l3wgBHbJVEqarsrNu1s/QKq3BEvIs73fwETwueD7LE10RDo3T/WqPPYgdTwLEqwoiCWbFtXh6FSAttDCersUZXMW4oQqiC+p8fYfXonv/A+5JhIuXsmCffMO8oUkXYDiSBu2nsFag+VLDMCgQaG7Dmk4Ed/oO7WhWhJtXxvi9zmvMFv1B9L6/2kuJRXweSQn0YcfHYATq0sNZ9qo9jjZbTbfJbvlMaWsgPBmm6qVOqvTZinoiCl8sc1elD+sJJl8DzbpHz0UXAz2YIh/GDGb+ChfjM
+  authGitlabClientSecret: AgAto99I1TxoOQWYQI/OFZelbqlM76cwkNM6vNqfbmi6sbGiab6FoZZ78wCJuaB+WU0Dgcdgi2yZGvLyLQjG6/AwrwZMTWsmE18Va+rW/apCsUAIZeQkiJYoDmV0HE6ptGvAa1ve/Evzp+QIzq7i5JX8VLe6FGo1VXMa1Arzuh5UQ4NKjaKWOO5FbJY75Ge4HuIoxFwz91drfluF3O2FgxSMXpoHY6tCaxJpy10VQhYWbeTcvY2EVfVJnofWhOUIH7VmvLdzoghZG2FuDbRpFHMLmOjDrlRQyDYxWjtIAThJ6o+BB8k9j/HDhMT4jgWMQSRHUOB8jcQVI+2oXkdCSAelsFVbfzjg/DnwzS/dlyXCrV9951GPmitbc3dI9roNqkrXlM7Azce/vjSst4wEvGBa5UjQutE+am6PCdTmgh5xEOXyAEcFDMojzxakDVNKr/C4vmvHOBqom6sNnbQc9vst0uWQmPyt+QtUs6JZYNx1Ig7J9K3a5qmwR/46SPiVcVb0e2u9N9q49UcklqeEPSOOhUz2fP9EVr0l2AhNKkphKNaovoFCA0XC+u8hJif+3/TPWj0zedrcS2x2JVr76+PO5auXrWAKPPOB+2y5rTKjp0w21ekfz+yCDQ34WsSSF/BGWLpkPyMqKYtxMeSOti+lUjRSa4wUHPbW8d7keLM7oN3AFtMMWFnyiIHPfA8TKPiKf1VAlFYuFb3y93K4DcH7hZsSJgjp4loqpmWJPAVzcsk3AJdZaUSde9w5hgnswzq8/w8bsg6uJa0CvC7prnBErlEpJLWn
   s3AccessKeyId: AgAHW3zmQDNqqdGam0sDwZ6cmVKNQpNXqLRQLbVycmG2XFCRPRe3ayAibj+nhMIqwM9sBcL9/qf6s2rGy9VKVnj810EXyVan+fTpPbFP/coEWf5mU7fFImv+baREJlqY5WuZoy+pZoqyY1tyxvjxRdnDEasVKX0CP0EnA3jpw9JFryY7cRgam+sz2FNmPc+0BnsmFUtIZzOzfGRFesXtLLVJkYZeXvG8VoQMLJOwVOiXNz1+/pMdGDsr6AEQh9aKhFOTMFpaVaQ4xwmATc5CFAbG4mVs3FOFjFOP1N3aHVZxubYrQKYyeRZNMkFOGnvs/j4dZSqoLau1T9ckS+3o3F5YJYYQl32YerKPHCridvqIUmEyBMCAtJBpgilsc07Nak+alSSn4UvDQK5TfwpOn/sIQoeyVKl1oiMnSkSpnhqxfdigJCTQv1JwIrt31ZRSz51uSiCILrRQGUnFqsK3iD5lS8wl2Lhzw6MjvDJhHJtCMErhKPy81//YCJrUziDy4Ha6/RCFTV1PNkTwWOMbQOa3gitwwPLhO3A6cWGspUO/mVH3r+TlJ0aRlZEGRkCCMASyOzAQELSSYre7+byhH7XrsAKAMgwI+sLLUZrkp9WnnwDbeCcRS+bxX1M7Qrr9bD2uOVG2oDQ97Hj4BLEXpKbI3oWFaVTV9loeM92liQI0Rt/DCCdBIK03Es4rD3VKkavGMDbZspNYju8GmSWRRi+mZ4UZ6w==
   s3AccessKeySecret: AgAmLViKnuqALeXA4otvsUymw9R+2ydPdL6r+aUAM/w6i8KDUq8o9f+wtN7hcyiklMbed0moos5j8P/Cko9hIcKH/AHh93JTPo+/kh9XSJWmtpoI2osbKrFT176XsHwhfW5K3nmKDcNa/7h3JuXQsc7v+yOLeZMdfmD4unFrKKTcbMGmv4i+9LrTRxAxVoakxiEP64swIM7wZF9St2NlCQA5CPJu+Q61mNWY0v7KnCbKpX3BzmPrIAERscYPY8GgfzXaz0y/01CMD8xrmt7O0YhDSrh+pVvb0iwV8tabn3zu0Y9srNn1bPsVFbCHTsN/kNXr+ikQ5xnKJijBC40M+POoe/O+6pQNqu68gNyCvOmTdOYUBAaUGPA3/D5KUJNmX+5nMYRhqUNS8bR0Z4/ppt9gcAgsZOEwb0+KUk10N32ELvrgdVXPJizUDXX1+lab+gED65ITCAxijlIc4dNIQGOYdcrsv18phJqphTuXPZT9dJxxDHM3s9dbhus77YN1DRCdMJvG2qjl9BPKfC0uUwKcKNhp0URhGF1Mq+dyliYo92kxW7pPs+QZOUAPjtcxJt+wCKj2+R6fuoNXm2sZRAKkHKkQ48iv9SBUxUCOAinP7CrrJwap29m7gVC4oehkHMqnlVwLXY5dw4toGxcB2R7lMWnZwDFED1/+kUkSt8xAGO6pyzYhc9A6Ft2yrpDq5J9O6C6OJVg/fP3WxiN7J2J7OBJHWJuQS+saShnTGdEhj2OzR5XgaAGG

charts/backend/templates/deployment.yaml

@@ -66,6 +66,16 @@ spec:
                 secretKeyRef:
                   name: {{ include "common.names.fullname" $ }}
                   key: gitlab-token
+            - name: AUTH_GITLAB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "common.names.fullname" $ }}
+                  key: auth-gitlab-client-id
+            - name: AUTH_GITLAB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "common.names.fullname" $ }}
+                  key: auth-gitlab-client-secret
             - name: AWS_ACCESS_KEY_ID
               valueFrom:
                 secretKeyRef:

charts/backend/templates/secrets.yaml

@@ -17,6 +17,8 @@ spec:
     github-app-client-id: {{ .Values.secrets.githubAppClientId }}
     github-app-secret: {{ .Values.secrets.githubAppSecret }}
     github-token: {{ .Values.secrets.githubToken }}
+    auth-gitlab-client-id: {{ .Values.secrets.authGitlabClientId }}
+    auth-gitlab-client-secret: {{ .Values.secrets.authGitlabClientSecret }}
     gitlab-token: {{ .Values.secrets.gitlabToken }}
     s3-access-key-id: {{ .Values.secrets.s3AccessKeyId }}
     s3-access-key-secret: {{ .Values.secrets.s3AccessKeySecret }}