import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
import { LoggerService, DiscoveryService, HttpAuthService, PermissionsService } from '@backstage/backend-plugin-api';
import * as k8sTypes from '@backstage/plugin-kubernetes-node';
import { AuthenticationStrategy, ClusterDetails, KubernetesCredential, AuthMetadata, ObjectToFetch, KubernetesClustersSupplier } from '@backstage/plugin-kubernetes-node';
import { KubernetesRequestAuth, KubernetesRequestBody } from '@backstage/plugin-kubernetes-common';
import { Config } from '@backstage/config';
import { TokenCredential } from '@azure/identity';
import { RequestHandler } from 'http-proxy-middleware';

/**
 * This is the backend plugin that provides the Kubernetes integration.
 * @public
 */
declare const kubernetesPlugin: _backstage_backend_plugin_api.BackendFeature;

/**
 *
 * @public
 */
declare class AksStrategy implements AuthenticationStrategy {
    getCredential(_: ClusterDetails, requestAuth: KubernetesRequestAuth): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
declare class AnonymousStrategy implements AuthenticationStrategy {
    getCredential(): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
type SigningCreds = {
    accessKeyId: string | undefined;
    secretAccessKey: string | undefined;
    sessionToken: string | undefined;
};
/**
 *
 * @public
 */
declare class AwsIamStrategy implements AuthenticationStrategy {
    private readonly credsManager;
    constructor(opts: {
        config: Config;
    });
    getCredential(clusterDetails: ClusterDetails): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    private getBearerToken;
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
declare class AzureIdentityStrategy implements AuthenticationStrategy {
    private accessToken;
    private newTokenPromise;
    private readonly logger;
    private readonly tokenCredential;
    constructor(logger: LoggerService, tokenCredential?: TokenCredential);
    getCredential(): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    private fetchNewToken;
    private tokenRequiresRefresh;
    private tokenExpired;
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
declare class GoogleStrategy implements AuthenticationStrategy {
    getCredential(_: ClusterDetails, requestAuth: KubernetesRequestAuth): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 * GoogleServiceAccountStrategy provides authentication using Google Service Account credentials.
 *
 * Credentials can be provided via configuration:
 * ```yaml
 * kubernetes:
 *   googleServiceAccountCredentials: |
 *     {
 *       "type": "service_account",
 *       "project_id": "your-project-id",
 *       "private_key_id": "key-id",
 *       "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
 *       "client_email": "your-service-account@your-project.iam.gserviceaccount.com",
 *       "client_id": "client-id",
 *       "auth_uri": "https://accounts.google.com/o/oauth2/auth",
 *       "token_uri": "https://oauth2.googleapis.com/token",
 *       "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
 *       "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/..."
 *     }
 * ```
 *
 * If no credentials are provided in config, falls back to GOOGLE_APPLICATION_CREDENTIALS or ADC.
 *
 * @public
 */
declare class GoogleServiceAccountStrategy implements AuthenticationStrategy {
    private readonly credentials?;
    constructor(opts: {
        config: Config;
    });
    getCredential(): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
type DispatchStrategyOptions = {
    authStrategyMap: {
        [key: string]: AuthenticationStrategy;
    };
};
/**
 * used to direct a KubernetesAuthProvider to its corresponding AuthenticationStrategy
 * @public
 */
declare class DispatchStrategy implements AuthenticationStrategy {
    private readonly strategyMap;
    constructor(options: DispatchStrategyOptions);
    getCredential(clusterDetails: ClusterDetails, auth: KubernetesRequestAuth): Promise<KubernetesCredential>;
    validateCluster(authMetadata: AuthMetadata): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
declare class ServiceAccountStrategy implements AuthenticationStrategy {
    private injectedKubernetesClient?;
    getCredential(clusterDetails: ClusterDetails): Promise<KubernetesCredential>;
    validateCluster(): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
declare class OidcStrategy implements AuthenticationStrategy {
    getCredential(clusterDetails: ClusterDetails, authConfig: KubernetesRequestAuth): Promise<KubernetesCredential>;
    validateCluster(authMetadata: AuthMetadata): Error[];
    presentAuthMetadata(_authMetadata: AuthMetadata): AuthMetadata;
}

/**
 *
 * @public
 */
type ServiceLocatorMethod = 'multiTenant' | 'singleTenant' | 'catalogRelation' | 'http';
/**
 *
 * @public
 */
interface KubernetesObjectsProviderOptions {
    logger: LoggerService;
    config: Config;
    fetcher: k8sTypes.KubernetesFetcher;
    serviceLocator: k8sTypes.KubernetesServiceLocator;
    customResources: k8sTypes.CustomResource[];
    objectTypesToFetch?: k8sTypes.ObjectToFetch[];
}
/**
 *
 * @public
 */
type ObjectsByEntityRequest = KubernetesRequestBody;

/**
 *
 * @public
 */
declare const DEFAULT_OBJECTS: ObjectToFetch[];

/**
 * The header that is used to specify the cluster name.
 *
 * @public
 */
declare const HEADER_KUBERNETES_CLUSTER: string;
/**
 * The header that is used to specify the Authentication Authorities token.
 * e.x if using the google auth provider as your authentication authority then this field would be the google provided bearer token.
 * @public
 */
declare const HEADER_KUBERNETES_AUTH: string;
/**
 * The options object expected to be passed as a parameter to KubernetesProxy.createRequestHandler().
 *
 * @public
 */
type KubernetesProxyCreateRequestHandlerOptions = {
    permissionApi: PermissionsService;
};
/**
 * Options accepted as a parameter by the KubernetesProxy
 *
 * @public
 */
type KubernetesProxyOptions = {
    logger: LoggerService;
    clusterSupplier: KubernetesClustersSupplier;
    authStrategy: AuthenticationStrategy;
    discovery: DiscoveryService;
    httpAuth: HttpAuthService;
};
/**
 * A proxy that routes requests to the Kubernetes API.
 *
 * @public
 */
declare class KubernetesProxy {
    private readonly middlewareForClusterName;
    private readonly logger;
    private readonly clusterSupplier;
    private readonly authStrategy;
    private readonly httpAuth;
    constructor(options: KubernetesProxyOptions);
    createRequestHandler(options: KubernetesProxyCreateRequestHandlerOptions): RequestHandler;
    private getMiddleware;
    private getClusterForRequest;
    private static authHeadersToKubernetesRequestAuth;
    private static headerToDictionary;
    private static combineHeaders;
}

export { AksStrategy, AnonymousStrategy, AwsIamStrategy, AzureIdentityStrategy, DEFAULT_OBJECTS, DispatchStrategy, GoogleServiceAccountStrategy, GoogleStrategy, HEADER_KUBERNETES_AUTH, HEADER_KUBERNETES_CLUSTER, KubernetesProxy, OidcStrategy, ServiceAccountStrategy, kubernetesPlugin as default };
export type { DispatchStrategyOptions, KubernetesObjectsProviderOptions, KubernetesProxyCreateRequestHandlerOptions, KubernetesProxyOptions, ObjectsByEntityRequest, ServiceLocatorMethod, SigningCreds };
