refactor(vault): update dev environment and sample Vault config (#3547)

Signed-off-by: Thomas Cardonne <t.cardonne@gmail.com>

Author: tcardonne

workspaces/vault/.changeset/lovely-insects-exist.md

@@ -0,0 +1,6 @@
+---
+'@backstage-community/plugin-vault-backend': patch
+'@backstage-community/plugin-vault': patch
+---
+
+Add catalog plugins in devDependencies for development purposes.

workspaces/vault/README.md

@@ -1,10 +1,34 @@
-# [Backstage](https://backstage.io)
+# Vault plugin for Backstage
 
-This is your newly scaffolded Backstage App, Good Luck!
+The [Vault](https://www.vaultproject.io/) Backstage plugin allows you to display a list of secrets in a certain path inside your Vault instance. There are also some useful links to edit and/or view them using the official UI.
 
-To start the app, run:
+## Plugins
+
+This plugin is composed of several packages:
+
+- [vault](./plugins/vault/README.md) - The frontend plugin that provides the UI components and pages.
+- [vault-backend](./plugins/vault-backend/README.md) - The backend plugin that provides the REST API.
+- [vault-node](./plugins/vault-node/README.md) - A node library containing reusable service logic.
+
+## Quick start
+
+You will find detailed installation instructions in each plugin's readme file.
+
+## Developing
+
+To test the plugin locally, you can start the development environment:
 
 ```sh
 yarn install
 yarn dev
 ```
+
+The sample dev app uses a Vault instance on `localhost:8200`, which you can setup in a separate terminal with:
+
+```sh
+# Start a Vault server, using "root" as the root token
+vault server -dev -dev-root-token-id=root
+
+# Configures sample data in Vault (secrets engine and secrets inside)
+./scripts/configure-dev-vault.sh
+```

workspaces/vault/app-config.yaml

@@ -0,0 +1,50 @@
+app:
+  title: Vault Backstage App
+  baseUrl: http://localhost:3000
+
+backend:
+  baseUrl: http://localhost:7007
+  listen:
+    port: 7007
+  csp:
+    connect-src: ["'self'", 'http:', 'https:']
+  cors:
+    origin: http://localhost:3000
+    methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
+    credentials: true
+  database:
+    client: better-sqlite3
+    connection: ':memory:'
+
+auth:
+  providers:
+    guest: {}
+
+catalog:
+  import:
+    entityFilename: catalog-info.yaml
+    pullRequestBranchName: backstage-integration
+  rules:
+    - allow: [Component, System, API, Resource, Location]
+  locations:
+    # Local example data, file locations are relative to the backend process, typically `packages/backend`
+    - type: file
+      target: ../../examples/entities.yaml
+
+    # Local example organizational data
+    - type: file
+      target: ../../examples/org.yaml
+      rules:
+        - allow: [User, Group]
+
+vault:
+  baseUrl: http://localhost:8200
+  publicUrl: http://localhost:8200
+  auth:
+    type: static
+    secret: root
+  secretEngine: 'secrets-v1' # Optional. By default it uses 'secrets'. Can be overwritten by the annotation of the entity
+  kvVersion: 1 # Optional. The K/V version that your instance is using. The available options are '1' or '2'
+  schedule: # Optional. If the token renewal is enabled this schedule will be used instead of the hourly one
+    frequency: { hours: 1 }
+    timeout: { hours: 1 }

workspaces/vault/examples/entities.yaml

@@ -0,0 +1,22 @@
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-system
+apiVersion: backstage.io/v1alpha1
+kind: System
+metadata:
+  name: examples
+spec:
+  owner: guests
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-component
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: example-website
+  annotations:
+    vault.io/secrets-path: website-v1
+    vault.io/secrets-engine: secrets-v1 # Optional. By default it uses the 'secretEngine' value from your app-config.
+spec:
+  type: website
+  lifecycle: experimental
+  owner: guests
+  system: examples

workspaces/vault/package.json

@@ -6,6 +6,7 @@
     "node": "18 || 20"
   },
   "scripts": {
+    "dev": "yarn workspaces foreach -A --include @backstage-community/plugin-vault --include @backstage-community/plugin-vault-backend --parallel -v -i run start",
     "tsc": "tsc",
     "tsc:full": "tsc --skipLibCheck false --incremental false",
     "build:all": "backstage-cli repo build --all",

workspaces/vault/plugins/vault-backend/dev/index.ts

@@ -17,8 +17,13 @@ import { createBackend } from '@backstage/backend-defaults';
 
 const backend = createBackend();
 
+// the auth plugin is needed to setup a fully authenticated backend for the catalog backend
 backend.add(import('@backstage/plugin-auth-backend'));
 backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
+
+// We need the catalog plugin to get the example entities and make the front entity page functional
+backend.add(import('@backstage/plugin-catalog-backend'));
+
 backend.add(import('../src'));
 
 backend.start();

workspaces/vault/plugins/vault-backend/package.json

@@ -65,6 +65,7 @@
     "@backstage/cli": "^0.31.0",
     "@backstage/plugin-auth-backend": "^0.24.4",
     "@backstage/plugin-auth-backend-module-guest-provider": "^0.2.6",
+    "@backstage/plugin-catalog-backend": "^1.32.0",
     "@types/compression": "^1.7.2",
     "@types/node-fetch": "^2.5.12",
     "@types/supertest": "^6.0.0",

workspaces/vault/plugins/vault/dev/index.tsx

@@ -14,74 +14,55 @@
  * limitations under the License.
  */
 
-import { Entity } from '@backstage/catalog-model';
-import { Content, Header, HeaderLabel, Page } from '@backstage/core-components';
 import { createDevApp } from '@backstage/dev-utils';
-import { EntityProvider } from '@backstage/plugin-catalog-react';
-import { TestApiProvider } from '@backstage/test-utils';
-import Box from '@material-ui/core/Box';
-import Typography from '@material-ui/core/Typography';
-import SomeIcon from '@material-ui/icons/Storage';
-import React from 'react';
-import { VaultApi, vaultApiRef } from '../src/api';
+import {
+  CatalogEntityPage,
+  CatalogIndexPage,
+  catalogPlugin,
+  EntityAboutCard,
+  EntityHasSubcomponentsCard,
+  EntityLayout,
+} from '@backstage/plugin-catalog';
+import Grid from '@material-ui/core/Grid';
+import React, { PropsWithChildren } from 'react';
 import { EntityVaultCard } from '../src/components/EntityVaultCard';
-import { EntityVaultTable } from '../src/components/EntityVaultTable';
-import { VAULT_SECRET_PATH_ANNOTATION } from '../src/constants';
 import { vaultPlugin } from '../src/plugin';
 
-const entity: Entity = {
-  apiVersion: 'backstage.io/v1alpha1',
-  kind: 'Component',
-  metadata: {
-    name: 'backstage',
-    annotations: { [VAULT_SECRET_PATH_ANNOTATION]: 'a/b' },
-  },
-  spec: {
-    type: 'service',
-  },
-};
-
-const mockedApi: VaultApi = {
-  async listSecrets() {
-    return [
-      {
-        name: 'a::b',
-        path: '',
-        editUrl: 'https://example.com',
-        showUrl: 'https://example.com',
-      },
-      {
-        name: 'c::d',
-        path: '',
-        editUrl: 'https://example.com',
-        showUrl: 'https://example.com',
-      },
-    ];
-  },
-};
+const SampleEntityPage = ({ children }: PropsWithChildren<{}>) => (
+  <EntityLayout>
+    <EntityLayout.Route path="/" title="Overview">
+      <Grid container spacing={3} alignItems="stretch">
+        <Grid item md={12}>
+          <EntityAboutCard variant="gridItem" />
+        </Grid>
+        {children}
+        <Grid item xs={12}>
+          <EntityHasSubcomponentsCard variant="gridItem" />
+        </Grid>
+      </Grid>
+    </EntityLayout.Route>
+  </EntityLayout>
+);
 
 createDevApp()
-  .registerPlugin(vaultPlugin)
+  // We need the catalog plugin to get the example entities and make the front entity page functional
+  .registerPlugin(catalogPlugin)
   .addPage({
-    element: (
-      <TestApiProvider apis={[[vaultApiRef, mockedApi]]}>
-        <EntityProvider entity={entity}>
-          <Page themeId="service">
-            <Header title="Mocked Vault">
-              <HeaderLabel label="Mode" value="Development" />
-            </Header>
-            <Content>
-              <Typography variant="h3">As a card</Typography>
-              <EntityVaultCard />
-              <Box mt={4} />
-              <Typography variant="h3">As a table</Typography>
-              <EntityVaultTable entity={entity} />
-            </Content>
-          </Page>
-        </EntityProvider>
-      </TestApiProvider>
+    path: '/catalog',
+    title: 'Catalog',
+    element: <CatalogIndexPage />,
+  })
+  // We need the entity page experience to see the linguist card
+  .addPage({
+    path: '/catalog/:namespace/:kind/:name',
+    element: <CatalogEntityPage />,
+    children: (
+      <SampleEntityPage>
+        <Grid item md={12}>
+          <EntityVaultCard />
+        </Grid>
+      </SampleEntityPage>
     ),
-    title: 'Vault',
-    icon: SomeIcon,
   })
+  .registerPlugin(vaultPlugin)
   .render();

workspaces/vault/plugins/vault/package.json

@@ -58,6 +58,7 @@
     "@backstage/cli": "^0.31.0",
     "@backstage/core-app-api": "^1.16.0",
     "@backstage/dev-utils": "^1.1.8",
+    "@backstage/plugin-catalog": "^1.28.0",
     "@backstage/test-utils": "^1.7.6",
     "@testing-library/dom": "^10.0.0",
     "@testing-library/jest-dom": "^6.0.0",

workspaces/vault/scripts/configure-dev-vault.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+export VAULT_ADDR='http://127.0.0.1:8200'
+export VAULT_TOKEN='root'
+
+# Create a kv v1 under secrets-v1/
+vault secrets enable -path=secrets-v1 -version=1 kv
+
+# Create a kv v2 under secrets-v2/
+vault secrets enable -path=secrets-v2 -version=2 kv
+
+# Create secrets for v1
+vault kv put secrets-v1/website-v1/prod/database username="user" password="it's a secret"
+vault kv put secrets-v1/website-v1/preprod/database username="user" password="it's a secret"
+
+# Create secrets for v2
+vault kv put secrets-v2/website-v2/prod/database username="user" password="it's a secret"
+vault kv put secrets-v2/website-v2/preprod/database username="user" password="it's a secret"