import type { Policy } from '@spotify/backstage-plugin-rbac-common';

export interface Config {
  permission?: {
    /**
     * A list of plugins which export permissions and permission rules. If
     * listed here, the plugin's permissions and permission rules will be
     * aggregated and displayed in the RBAC UI.
     * @visibility frontend
     */
    permissionedPlugins?: string[];

    rbac?: {
      /**
       * A list of users and groups who are authorized to access the RBAC UI.
       * @visibility backend
       */
      authorizedUsers: string[];
      /**
       * A list of features that are enabled in the RBAC UI.
       * @visibility frontend
       */
      flags?: string[];
      /**
       * A default policy that is seeded into the RBAC database
       * on startup, when no policies already exist.
       * @visibility backend
       */
      defaultPolicy?: Policy;
      /**
       * A fallback policy that is used when there is an error
       * in Backstage or the RBAC backend and no active policy
       * is being used. If no fallback policy is specified, RBAC
       * will continue to DENY ALL as it did previously by default.
       * @visibility backend
       */
      fallbackPolicy?: Policy;
      /**
       * A list of experimental feature flags enabled for the RBAC backend.
       * Include 'rbac-actions' to enable RBAC action registration.
       * @visibility backend
       */
      experimentalFlags?: string[];
    };
  };
}