migrating acs plugin

.github/CODEOWNERS

@@ -10,6 +10,7 @@ yarn.lock                                           @backstage/community-plugins
 
 /workspaces/3scale                                  @backstage/community-plugins-maintainers  @04kash @AndrienkoAleksandr
 /workspaces/acr                                     @backstage/community-plugins-maintainers  @christoph-jerolimov @ciiay @invincibleJai
+/workspaces/acs                                     @backstage/community-plugins-maintainers  @sachaudh @maknop
 /workspaces/adr                                     @backstage/community-plugins-maintainers  @kuangp
 /workspaces/analytics                               @backstage/community-plugins-maintainers  @jmezach
 /workspaces/announcements                           @backstage/community-plugins-maintainers  @kurtaking

workspaces/acs/.changeset/README.md

@@ -0,0 +1,8 @@
+# Changesets
+
+Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
+with multi-package repos, or single-package repos to help you version and publish your code. You can
+find the full documentation for it [in our repository](https://github.com/changesets/changesets)
+
+We have a quick list of common questions to get you started engaging with this project in
+[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)

workspaces/acs/.changeset/config.json

@@ -0,0 +1,14 @@
+{
+  "$schema": "https://unpkg.com/@changesets/[email protected]/schema.json",
+  "changelog": "@changesets/cli/changelog",
+  "commit": false,
+  "fixed": [],
+  "linked": [],
+  "access": "public",
+  "baseBranch": "main",
+  "updateInternalDependencies": "patch",
+  "privatePackages": {
+    "tag": false,
+    "version": false
+  }
+}

workspaces/acs/.dockerignore

@@ -0,0 +1,8 @@
+.git
+.yarn/cache
+.yarn/install-state.gz
+node_modules
+packages/*/src
+packages/*/node_modules
+plugins
+*.local.yaml

workspaces/acs/.eslintignore

@@ -0,0 +1 @@
+playwright.config.ts

workspaces/acs/.eslintrc.js

@@ -0,0 +1 @@
+module.exports = require('../../.eslintrc.cjs');

workspaces/acs/.gitignore

@@ -0,0 +1,58 @@
+# macOS
+.DS_Store
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Coverage directory generated when running tests with coverage
+coverage
+
+# Dependencies
+node_modules/
+
+# Yarn 3 files
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Node version directives
+.nvmrc
+
+# dotenv environment variables file
+.env
+.env.test
+
+# Build output
+dist
+dist-types
+
+# Temporary change files created by Vim
+*.swp
+
+# MkDocs build output
+site
+
+# Local configuration files
+*.local.yaml
+
+# Sensitive credentials
+*-credentials.yaml
+
+# vscode database functionality support files
+*.session.sql
+
+# E2E test reports
+e2e-test-report/
+
+# other
+catalog
+

workspaces/acs/.prettierignore

@@ -0,0 +1,5 @@
+dist
+dist-types
+coverage
+.vscode
+.eslintrc.js

workspaces/acs/README.md

@@ -0,0 +1,111 @@
+# Advanced Cluster Security Backstage Plugin
+
+![ACS plugin image 1](images/acs_plugin_screenshot_1.png)
+![ACS plugin image 2](images/acs_plugin_screenshot_2.png)
+
+## Local Development
+
+### Prerequisites
+
+Along with the NodeJS specific prerequisites we'll cover below you will need to have some bog-standard development tools installed:
+
+- Git
+- Make
+- Podman / Docker
+
+### Node CLI Tools
+
+You will want to use node verion 20. You can set the version with the following command:
+
+```
+nvm use 20
+```
+
+NodeJS comes with `npm` the Node Package Manager. Use it to install `yarn` and `npx`.
+
+```bash
+> npm install yarn npx
+
+added 2 packages in 6s
+```
+
+### Test Catalog Data
+
+This repo comes with test data at `./catalog_default`.
+
+First copy the `catalog_default` directory and rename it to `catalog`:
+
+```
+cp -R catalog_default catalog
+```
+
+Edit line 20 of `./catalog/components/test-app.yaml` to have a comma separated string of deployment names from the ACS API you wish to test.
+
+### Export Environment Variables
+
+The `ACS_API_URL` and `ACS_API_KEY` will need to be set in order for the route to work in the `app-config.yaml` file. The purpose of this route is to access data from the ACS endpoint.
+
+To start the app, run:
+
+```sh
+yarn install
+yarn dev
+```
+
+The app will be available at `http://localhost:3000`.
+
+## RHDH Dynamic Plugin Config
+
+The ACS plugin is also available as an [Red Hat Developer Hub](https://github.com/redhat-developer/rhdh) dynamic plugin. The following should be able to run within the [RHDH local](https://github.com/redhat-developer/rhdh-local) repo.
+
+### Configuration
+
+In `app-config.yaml` first add the proxies:
+
+```yaml
+proxy:
+  endpoints:
+    '/acs':
+      credentials: dangerously-allow-unauthenticated
+      target: ${ACS_API_URL}
+      headers:
+        authorization: 'Bearer ${ACS_API_KEY}'
+```
+
+Add the following top-level stanza to the `app-config.yaml` file:
+
+```
+acs:
+  acsUrl: ${ACS_API_URL}
+```
+
+Here's an example of how to configure all of the various plugins in your dynmaic plugins config for RHDH.
+
+```yaml
+- package: 'https://github.com/RedHatInsights/backstage-plugin-advanced-cluster-security/releases/download/v0.1.1/redhatinsights-backstage-plugin-acs-dynamic-0.1.1.tgz'
+  integrity: sha256-9JeRK2jN/Jgenf9kHwuvTvwTuVpqrRYsTGL6cpYAzn4=
+  disabled: false
+  pluginConfig:
+    dynamicPlugins:
+      frontend:
+        redhatinsights.backstage-plugin-acs:
+          entityTabs:
+            - path: /acs
+              title: RHACS
+              mountPoint: entity.page.acs
+          mountPoints:
+            - mountPoint: entity.page.acs/cards
+              importName: EntityACSContent
+              config:
+                layout:
+                  gridColumnEnd:
+                    lg: 'span 12'
+                    md: 'span 12'
+                    xs: 'span 12'
+```
+
+Each entity in the catalog will need to have an annotation added that references the deployment(s) in order to display vulnerability data for them. Here is an example:
+
+```
+acs/deployment-name: "test-deployment-1,test-deployment-2,test-deployment-3"
+```

workspaces/acs/app-config.yaml

@@ -0,0 +1,107 @@
+app:
+  title: Scaffolded Backstage App
+  baseUrl: http://localhost:3000
+
+acs:
+  acsUrl: ${ACS_API_URL}
+
+organization:
+  name: My Company
+
+backend:
+  # Used for enabling authentication, secret is shared by all backend plugins
+  # See https://backstage.io/docs/auth/service-to-service-auth for
+  # information on the format
+  # auth:
+  #   keys:
+  #     - secret: ${BACKEND_SECRET}
+  baseUrl: http://localhost:7007
+  listen:
+    port: 7007
+    # Uncomment the following host directive to bind to specific interfaces
+    # host: 127.0.0.1
+  csp:
+    connect-src: ["'self'", 'http:', 'https:']
+    # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
+    # Default Helmet Content-Security-Policy values can be removed by setting the key to false
+  cors:
+    origin: http://localhost:3000
+    methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
+    credentials: true
+  # This is for local development only, it is not recommended to use this in production
+  # The production database configuration is stored in app-config.production.yaml
+  database:
+    client: better-sqlite3
+    connection: ':memory:'
+  # workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
+
+integrations:
+  github:
+    - host: github.com
+      # This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
+      # about setting up the GitHub integration here: https://backstage.io/docs/integrations/github/locations#configuration
+      token: ${GITHUB_TOKEN}
+    ### Example for how to add your GitHub Enterprise instance using the API:
+    # - host: ghe.example.net
+    #   apiBaseUrl: https://ghe.example.net/api/v3
+    #   token: ${GHE_TOKEN}
+
+proxy:
+  '/acs':
+    target: ${ACS_API_URL}
+    headers:
+      authorization: "Bearer ${ACS_API_KEY}"
+  ### Example for how to add a proxy endpoint for the frontend.
+  ### A typical reason to do this is to handle HTTPS and CORS for internal services.
+  # endpoints:
+  #   '/test':
+  #     target: 'https://example.com'
+  #     changeOrigin: true
+
+# Reference documentation http://backstage.io/docs/features/techdocs/configuration
+# Note: After experimenting with basic setup, use CI/CD to generate docs
+# and an external cloud storage when deploying TechDocs for production use-case.
+# https://backstage.io/docs/features/techdocs/how-to-guides#how-to-migrate-from-techdocs-basic-to-recommended-deployment-approach
+techdocs:
+  builder: 'local' # Alternatives - 'external'
+  generator:
+    runIn: 'docker' # Alternatives - 'local'
+  publisher:
+    type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
+
+auth:
+  # see https://backstage.io/docs/auth/ to learn about auth providers
+  providers:
+    # See https://backstage.io/docs/auth/guest/provider
+    guest: {}
+
+scaffolder:
+  # see https://backstage.io/docs/features/software-templates/configuration for software template options
+
+catalog:
+  import:
+    entityFilename: catalog-info.yaml
+    pullRequestBranchName: backstage-integration
+  rules:
+    - allow: [Component, System, User, Group, Resource, Location, Template, API]
+  locations:
+    - type: file
+      target: ../../catalog/all.yaml
+
+    ## Uncomment these lines to add more example data
+    # - type: url
+    #   target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/all.yaml
+
+    ## Uncomment these lines to add an example org
+    # - type: url
+    #   target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/acme-corp.yaml
+    #   rules:
+    #     - allow: [User, Group]
+
+kubernetes:
+  # see https://backstage.io/docs/features/kubernetes/configuration for kubernetes configuration options
+
+# see https://backstage.io/docs/permissions/getting-started for more on the permission framework
+permission:
+  # setting this to `false` will disable permissions
+  enabled: true

workspaces/acs/backstage.json

@@ -0,0 +1,3 @@
+{
+  "version": "1.35.1"
+}

workspaces/acs/build

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+yarn workspace @backstage-community/plugin-acs export-dynamic
+cd plugins/acs/
+rm *.tgz
+npm pack ./dist-dynamic
+cd ../..
+mv plugins/acs/*.tgz .
+sha256sum *.tgz | awk '{print $1}' | xxd -r -p | base64

workspaces/acs/catalog-info.yaml

@@ -0,0 +1,13 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: backstage-plugin-advanced-cluster-security
+  description: An example of a Backstage application.
+  # Example for optional annotations
+  # annotations:
+  #   github.com/project-slug: backstage/backstage
+  #   backstage.io/techdocs-ref: dir:.
+spec:
+  type: website
+  owner: [email protected]
+  lifecycle: experimental

workspaces/acs/catalog_default/all.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Location
+metadata:
+  name: app-interface-all
+  description: A collection of all systems
+spec:
+  targets:
+  - ./components/test-app.yaml