π Bug Report: Permission client throws an ZodError if "anyOf" used.
See original GitHub issueπ Description
We are trying to use playlist plugin in our backstage environment where we enabled the permissions. We are passing the ServerPermissionClient to playlist backend as required and getting the policy rules described as in repository:
https://github.com/backstage/backstage/tree/master/plugins/playlist-backend
We are getting an error:
Click to expand error
[
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_literal",
"expected": "ALLOW",
"path": [
"items",
0,
"result"
],
"message": "Invalid literal value, expected 'ALLOW'"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_literal",
"expected": "DENY",
"path": [
"items",
0,
"result"
],
"message": "Invalid literal value, expected 'DENY'"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"result"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_type",
"expected": "string",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"rule"
],
"message": "Required"
},
{
"code": "invalid_type",
"expected": "string",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"resourceType"
],
"message": "Required"
},
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"params"
],
"message": "Required"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"params"
],
"message": "Required"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "array",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"anyOf"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "array",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"allOf"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Required"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1,
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"anyOf",
1
],
"message": "Invalid input"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "array",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"allOf"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_union",
"unionErrors": [
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Required"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
},
{
"issues": [
{
"code": "invalid_type",
"expected": "object",
"received": "undefined",
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Required"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions",
"not"
],
"message": "Invalid input"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0,
"conditions"
],
"message": "Invalid input"
}
],
"name": "ZodError"
}
],
"path": [
"items",
0
],
"message": "Invalid input"
}
]"
π Expected behavior
The permission client should not throw a validation error if a conditional statement is returned.
π Actual Behavior with Screenshots
Permission client throws a validation. (ZodError)
π Reproduction steps
- Integrate playlist plugin (be and fe)
- Enable permissions and pass permission client to playlist
- Go to Playlist page
- You will get a validation error (ZodError)
π Provide the context for the Bug.
We can not enable playlist plugin with using the permission framework.
The following code paths are important to analyse:
I think we need to extend this permission schema where nothing about βanyβ defined, see below why it is important.
Playlist plugin defines a policy with anyOf:
but permission client does not have any kind of definition about anyOf If I follow the permission-common package correctly.
π₯οΈ Your Environment
OS: Darwin 22.1.0 - darwin/x64 node: v14.19.0 yarn: 3.2.3 cli: 0.20.0 (installed) backstage: 1.7.2
Dependencies: @backstage/app-defaults 1.0.7 @backstage/backend-app-api 0.2.2 @backstage/backend-common 0.15.2 @backstage/backend-plugin-api 0.1.3 @backstage/backend-tasks 0.3.6 @backstage/backend-test-utils 0.1.29 @backstage/catalog-client 1.1.1 @backstage/catalog-model 1.1.2 @backstage/cli-common 0.1.10 @backstage/cli 0.20.0 @backstage/config-loader 1.1.5 @backstage/config 1.0.3 @backstage/core-app-api 1.1.1 @backstage/core-components 0.11.2 @backstage/core-plugin-api 1.0.7 @backstage/dev-utils 1.0.7 @backstage/errors 1.1.2 @backstage/integration-react 1.1.5 @backstage/integration 1.3.2 @backstage/plugin-api-docs 0.8.10 @backstage/plugin-auth-backend 0.17.0 @backstage/plugin-auth-node 0.2.6 @backstage/plugin-badges-backend 0.1.31 @backstage/plugin-badges 0.2.34 @backstage/plugin-bazaar-backend 0.2.0 @backstage/plugin-bazaar 0.1.25 @backstage/plugin-catalog-backend-module-github 0.1.8 @backstage/plugin-catalog-backend 1.5.0 @backstage/plugin-catalog-common 1.0.7 @backstage/plugin-catalog-graph 0.2.22 @backstage/plugin-catalog-import 0.9.0 @backstage/plugin-catalog-node 1.2.0 @backstage/plugin-catalog-react 1.2.0 @backstage/plugin-catalog 1.6.0 @backstage/plugin-code-coverage 0.2.3 @backstage/plugin-explore-react 0.0.22 @backstage/plugin-explore 0.3.41 @backstage/plugin-github-actions 0.5.10 @backstage/plugin-github-deployments 0.1.41 @backstage/plugin-github-pull-requests-board 0.1.4 @backstage/plugin-graphiql 0.2.42 @backstage/plugin-home 0.4.26 @backstage/plugin-jenkins-backend 0.1.27 @backstage/plugin-jenkins-common 0.1.9 @backstage/plugin-jenkins 0.7.9 @backstage/plugin-kafka 0.3.10 @backstage/plugin-lighthouse 0.3.10 @backstage/plugin-org 0.5.10 @backstage/plugin-permission-backend 0.5.12 @backstage/plugin-permission-common 0.6.4, 0.7.0 @backstage/plugin-permission-node 0.7.0 @backstage/plugin-permission-react 0.4.6 @backstage/plugin-playlist-backend 0.2.0 @backstage/plugin-playlist-common 0.1.1 @backstage/plugin-playlist 0.1.1 @backstage/plugin-proxy-backend 0.2.31 @backstage/plugin-scaffolder-backend 1.7.0 @backstage/plugin-scaffolder-common 1.2.1 @backstage/plugin-scaffolder 1.7.0 @backstage/plugin-search-backend-module-elasticsearch 1.0.3 @backstage/plugin-search-backend-node 1.0.3 @backstage/plugin-search-backend 1.1.0 @backstage/plugin-search-common 0.3.4, 1.1.0 @backstage/plugin-search-react 1.2.0 @backstage/plugin-search 1.0.3 @backstage/plugin-shortcuts 0.3.2 @backstage/plugin-sonarqube-backend 0.1.2 @backstage/plugin-sonarqube 0.4.2 @backstage/plugin-stack-overflow 0.1.6 @backstage/plugin-tech-radar 0.5.17 @backstage/plugin-techdocs-backend 1.4.0 @backstage/plugin-techdocs-module-addons-contrib 1.0.5 @backstage/plugin-techdocs-node 1.4.1 @backstage/plugin-techdocs-react 1.0.5 @backstage/plugin-techdocs 1.3.3 @backstage/plugin-user-settings-backend 0.1.1 @backstage/plugin-user-settings 0.5.0 @backstage/release-manifests 0.0.6 @backstage/search-common 0.3.4 @backstage/test-utils 1.2.1 @backstage/theme 0.2.16 @backstage/types 1.0.0 @backstage/version-bridge 1.0.1
π Have you spent some time to check if this bug has been raised before?
- I checked and didnβt find similar issue
π’ Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
Yes I am willing to submit a PR!
Issue Analytics
- State:
- Created 10 months ago
- Comments:7 (7 by maintainers)
Top GitHub Comments
I can confirm it fixes this error and I can explore the playlists if permission framework is enabled. Thanks for your help and support! I will check the code to understand the permission schema better π
Also mentioning that the release was published just now.