Add API Proxy, Enhance Tabs Content and add Proper Data Types (#2766)

Author: asmasarw

workspaces/dcm/.changeset/slim-lobsters-refactor.md

@@ -0,0 +1,41 @@
+---
+'@red-hat-developer-hub/backstage-plugin-dcm': minor
+'@red-hat-developer-hub/backstage-plugin-dcm-backend': minor
+'@red-hat-developer-hub/backstage-plugin-dcm-common': minor
+---
+
+Refactor DCM frontend plugin for reusability, maintainability, and test coverage.
+
+**New shared utilities & hooks**
+
+- `createYupValidator` – factory that wraps a Yup schema and returns stable `validate` / `isValid` helpers, eliminating per-tab validation boilerplate.
+- `useCrudTab` – custom React hook that centralises data loading, client-side search/pagination, and create/edit/delete dialog state for every CRUD tab. Tabs now consist only of feature-specific rendering logic.
+
+**New shared components**
+
+- `DcmCrudTabLayout` – generic layout that handles loading spinners, load-error alerts with a Retry button, empty states, and a searchable paginated table inside an `InfoCard`.
+- `DcmFormDialogActions` – reusable Save / Cancel button row with loading spinner and disabled states, used by all form dialogs.
+- `DcmErrorSnackbar` – transient error snackbar for surfacing delete-operation failures.
+- `DcmDeleteDialog` – standalone confirmation dialog component extracted from inline usage.
+
+**Per-feature file decomposition**
+
+Each CRUD tab now has dedicated files for form types, Yup schema, field components, and column definitions:
+
+- `providers/` → `providerFormTypes.ts`, `components/ProviderFormFields.tsx`, `components/ProviderStatus.tsx`, `components/CopyButton.tsx`
+- `policies/` → `policyFormTypes.ts`, `components/PolicyFormFields.tsx`
+- `catalog-items/` → `catalogItemFormTypes.ts`, `components/CatalogItemFormFields.tsx`
+- `catalog-item-instances/` → `instanceFormTypes.ts`, `components/InstanceFormFields.tsx`
+- `resources/` → `resourceFormTypes.ts`, `components/ResourceFormFields.tsx`
+
+**Error handling improvements**
+
+Load errors and delete errors are now surfaced in the UI via `DcmCrudTabLayout` (inline alert with Retry) and `DcmErrorSnackbar` respectively, replacing silent `.catch(() => {})` handlers.
+
+**Dead code removal**
+
+Removed the unused `ExampleComponent` directory and its tests.
+
+**Test coverage**
+
+Added unit tests for `extractApiError`, `createYupValidator`, `useCrudTab`, `DcmFormDialogActions`, `DcmDeleteDialog`, and form-type validators for providers, policies, and resources.

workspaces/dcm/app-config.yaml

@@ -65,6 +65,15 @@ dcm:
     - security-baseline
     - compliance-pci
     - audit-logging
+  # Base URL of the DCM API Gateway. All three API services (catalog,
+  # policy-manager, providers) are routed through this single endpoint.
+  # Override in app-config.local.yaml for local development.
+  # apiGatewayUrl: https://your-api-gateway.example.com
+  #
+  # SSO credentials for the backend to obtain a bearer token:
+  # ssoBaseUrl: https://sso.redhat.com
+  # clientId: your-client-id
+  # clientSecret: your-client-secret
 
 catalog:
   import:

workspaces/dcm/package.json

@@ -16,7 +16,7 @@
     "tsc:full": "tsc --skipLibCheck true --incremental false",
     "build:all": "backstage-cli repo build --all",
     "build:api-reports": "yarn build:api-reports:only --tsc",
-    "build:api-reports:only": "backstage-repo-tools api-reports -o ae-wrong-input-file-type,ae-missing-release-tag --validate-release-tags",
+    "build:api-reports:only": "backstage-repo-tools api-reports -o ae-wrong-input-file-type,ae-missing-release-tag,ae-undocumented --validate-release-tags",
     "build:knip-reports": "backstage-repo-tools knip-reports",
     "clean": "backstage-cli repo clean",
     "test": "backstage-cli repo test",
@@ -68,5 +68,8 @@
     "*.{json,md}": [
       "prettier --write"
     ]
+  },
+  "dependencies": {
+    "yup": "^1.7.1"
   }
 }

workspaces/dcm/plugins/dcm-backend/config.d.ts

@@ -0,0 +1,54 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export interface Config {
+  dcm: {
+    /**
+     * Base URL of the DCM API Gateway.
+     *
+     * All API services (catalog, policy-manager, providers) are routed
+     * through this single gateway. The backend appends `/api/v1alpha1/<path>`
+     * to construct the upstream URL.
+     *
+     * @example "http://localhost:9080"
+     * @visibility backend
+     */
+    apiGatewayUrl?: string;
+
+    /**
+     * Base URL for the SSO token endpoint.
+     *
+     * Defaults to "https://sso.redhat.com".
+     *
+     * @visibility backend
+     */
+    ssoBaseUrl?: string;
+
+    /**
+     * SSO client ID used to obtain a bearer token for upstream API calls.
+     *
+     * @visibility secret
+     */
+    clientId: string;
+
+    /**
+     * SSO client secret used to obtain a bearer token for upstream API calls.
+     *
+     * @visibility secret
+     */
+    clientSecret: string;
+  };
+}

workspaces/dcm/plugins/dcm-backend/package.json

@@ -14,6 +14,7 @@
     "url": "https://github.com/redhat-developer/rhdh-plugins",
     "directory": "workspaces/dcm/plugins/dcm-backend"
   },
+  "configSchema": "config.d.ts",
   "backstage": {
     "role": "backend-plugin",
     "pluginId": "dcm",
@@ -38,7 +39,6 @@
     "@backstage/plugin-permission-common": "^0.8.4",
     "@backstage/plugin-permission-node": "^0.8.7",
     "@red-hat-developer-hub/backstage-plugin-dcm-common": "workspace:^",
-    "assert": "^2.1.0",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0"
   },

workspaces/dcm/plugins/dcm-backend/src/plugin.ts

@@ -57,6 +57,10 @@ export const dcmPlugin = createBackendPlugin({
           path: '/access',
           allow: 'user-cookie',
         });
+        httpRouter.addAuthPolicy({
+          path: '/proxy',
+          allow: 'user-cookie',
+        });
       },
     });
   },

workspaces/dcm/plugins/dcm-backend/src/router.ts

@@ -21,6 +21,7 @@ import Router from 'express-promise-router';
 import type { RouterOptions } from './models/RouterOptions';
 import { getToken } from './routes/token';
 import { getAccess } from './routes/access';
+import { createDcmProxy } from './routes/proxy';
 
 export async function createRouter(
   options: RouterOptions,
@@ -41,5 +42,7 @@ export async function createRouter(
   router.get('/token', getToken(options));
   router.get('/access', getAccess(options));
 
+  router.all('/proxy/*', createDcmProxy(options));
+
   return router;
 }

workspaces/dcm/plugins/dcm-backend/src/routes/proxy.test.ts

@@ -0,0 +1,212 @@
+/*
+ * Copyright Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* eslint-disable @backstage/no-undeclared-imports -- deps in dcm-backend package.json */
+import { mockServices } from '@backstage/backend-test-utils';
+import express from 'express';
+import request from 'supertest';
+
+import { createDcmProxy } from './proxy';
+import type { RouterOptions } from '../models/RouterOptions';
+
+const TOKEN_RESPONSE = {
+  ok: true,
+  json: async () => ({ access_token: 'test-token', expires_in: 3600 }),
+} as Response;
+
+function makeApp(configData: Record<string, Record<string, string>> = {}) {
+  const options: RouterOptions = {
+    logger: mockServices.rootLogger(),
+    config: mockServices.rootConfig({ data: configData }),
+    httpAuth: mockServices.httpAuth.mock({
+      credentials: jest.fn().mockResolvedValue({
+        principal: { userEntityRef: 'user:default/test' },
+      }),
+    }),
+    permissions: mockServices.permissions.mock({
+      authorize: jest.fn().mockResolvedValue([{ result: 'ALLOW' }]),
+    }),
+    cache: mockServices.cache.mock(),
+  };
+  const app = express();
+  app.use(express.json());
+  // Mount using a wildcard path matching the router convention
+  app.all('/proxy/*', createDcmProxy(options));
+  return app;
+}
+
+describe('createDcmProxy', () => {
+  let fetchSpy: jest.SpyInstance;
+
+  afterEach(() => {
+    fetchSpy?.mockRestore();
+  });
+
+  it('returns 503 when dcm.apiGatewayUrl is not configured', async () => {
+    const app = makeApp({ dcm: { clientId: 'id', clientSecret: 'secret' } });
+
+    const res = await request(app).get('/proxy/providers');
+
+    expect(res.status).toBe(503);
+    expect(res.body).toMatchObject({
+      error: expect.stringContaining('not configured'),
+    });
+  });
+
+  it('returns 502 when token acquisition fails', async () => {
+    fetchSpy = jest
+      .spyOn(globalThis, 'fetch')
+      .mockRejectedValueOnce(new Error('SSO unreachable'));
+
+    const app = makeApp({
+      dcm: {
+        apiGatewayUrl: 'https://gateway.example.com',
+        clientId: 'id',
+        clientSecret: 'secret',
+      },
+    });
+
+    const res = await request(app).get('/proxy/providers');
+
+    expect(res.status).toBe(502);
+    expect(res.body).toMatchObject({
+      error: expect.stringContaining('access token'),
+    });
+  });
+
+  it('returns 502 when the upstream fetch throws', async () => {
+    fetchSpy = jest
+      .spyOn(globalThis, 'fetch')
+      // First call: token fetch succeeds
+      .mockResolvedValueOnce(TOKEN_RESPONSE)
+      // Second call: upstream fetch throws
+      .mockRejectedValueOnce(new Error('Connection refused'));
+
+    const app = makeApp({
+      dcm: {
+        apiGatewayUrl: 'https://gateway.example.com',
+        clientId: 'id',
+        clientSecret: 'secret',
+      },
+    });
+
+    const res = await request(app).get('/proxy/providers');
+
+    expect(res.status).toBe(502);
+    expect(res.body).toMatchObject({
+      error: expect.stringContaining('DCM API gateway'),
+    });
+  });
+
+  it('proxies a GET request and forwards the upstream response', async () => {
+    const upstreamBody = JSON.stringify({ items: [] });
+    fetchSpy = jest
+      .spyOn(globalThis, 'fetch')
+      // Token fetch
+      .mockResolvedValueOnce(TOKEN_RESPONSE)
+      // Upstream GET
+      .mockResolvedValueOnce({
+        status: 200,
+        ok: true,
+        headers: {
+          get: (h: string) =>
+            h === 'content-type' ? 'application/json' : null,
+        },
+        text: async () => upstreamBody,
+      } as unknown as Response);
+
+    const app = makeApp({
+      dcm: {
+        apiGatewayUrl: 'https://gateway.example.com',
+        clientId: 'id',
+        clientSecret: 'secret',
+      },
+    });
+
+    const res = await request(app).get('/proxy/providers?foo=bar');
+
+    expect(res.status).toBe(200);
+    expect(res.text).toBe(upstreamBody);
+
+    // Verify upstream URL contains path and query param
+    const upstreamCall = fetchSpy.mock.calls[1];
+    expect(upstreamCall[0]).toContain('/api/v1alpha1/providers');
+    expect(upstreamCall[0]).toContain('foo=bar');
+
+    // Verify auth header was injected
+    expect(upstreamCall[1].headers.Authorization).toBe('Bearer test-token');
+  });
+
+  it('proxies a POST request and forwards the request body', async () => {
+    const requestBody = { name: 'my-provider' };
+    fetchSpy = jest
+      .spyOn(globalThis, 'fetch')
+      .mockResolvedValueOnce(TOKEN_RESPONSE)
+      .mockResolvedValueOnce({
+        status: 201,
+        ok: true,
+        headers: {
+          get: (h: string) =>
+            h === 'content-type' ? 'application/json' : null,
+        },
+        text: async () => JSON.stringify(requestBody),
+      } as unknown as Response);
+
+    const app = makeApp({
+      dcm: {
+        apiGatewayUrl: 'https://gateway.example.com',
+        clientId: 'id',
+        clientSecret: 'secret',
+      },
+    });
+
+    const res = await request(app)
+      .post('/proxy/providers')
+      .send(requestBody)
+      .set('Content-Type', 'application/json');
+
+    expect(res.status).toBe(201);
+
+    const upstreamCall = fetchSpy.mock.calls[1];
+    expect(upstreamCall[1].method).toBe('POST');
+    expect(JSON.parse(upstreamCall[1].body)).toEqual(requestBody);
+  });
+
+  it('handles 204 No Content upstream responses without a body', async () => {
+    fetchSpy = jest
+      .spyOn(globalThis, 'fetch')
+      .mockResolvedValueOnce(TOKEN_RESPONSE)
+      .mockResolvedValueOnce({
+        status: 204,
+        ok: true,
+        headers: { get: () => null },
+        text: async () => '',
+      } as unknown as Response);
+
+    const app = makeApp({
+      dcm: {
+        apiGatewayUrl: 'https://gateway.example.com',
+        clientId: 'id',
+        clientSecret: 'secret',
+      },
+    });
+
+    const res = await request(app).delete('/proxy/providers/test-id');
+
+    expect(res.status).toBe(204);
+    expect(res.text).toBe('');
+  });
+});