pangea 0.0.45 → 0.0.47
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.claude/skills/pangea-cloud-resource-creation/SKILL.md +169 -0
- data/.claude/skills/pangea-cloud-resource-creation/references/hetzner-volume-example.md +133 -0
- data/.claude/skills/pangea-cloud-resource-creation/references/patterns-antipatterns.md +149 -0
- data/.claude/skills/pangea-cloud-resource-creation/references/resource-templates.md +288 -0
- data/.claude/skills/pangea-cloud-resource-creation/references/tracker-cli.md +77 -0
- data/.claude/skills/pangea-cloud-resource-creation/references/type-system.md +105 -0
- data/.claude/skills/pangea-infrastructure/SKILL.md +300 -0
- data/.claude/skills/pangea-infrastructure/references/kubernetes-integration.md +149 -0
- data/.claude/skills/pangea-infrastructure/references/resource-patterns.md +206 -0
- data/.claude/skills/pangea-infrastructure/references/troubleshooting.md +86 -0
- data/.claude/skills/pangea-infrastructure/references/workflow-examples.md +98 -0
- data/.claude/skills/pangea-refactoring/SKILL.md +478 -0
- data/.claude/skills/pangea-resource-testing/SKILL.md +256 -0
- data/.claude/skills/pangea-rspec-resource-testing/SKILL.md +258 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/cloudflare-zone-example.md +57 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/common-patterns.md +109 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/debugging.md +63 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/integration-tests.md +55 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/synthesis-tests.md +169 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/troubleshooting.md +129 -0
- data/.claude/skills/pangea-rspec-resource-testing/references/type-validation-tests.md +92 -0
- data/.github/workflows/ci.yml +54 -53
- data/.gitignore +6 -1
- data/.rspec_status +17894 -0
- data/AGENT_GUIDE.md +24 -8
- data/CONTRIBUTING.md +35 -35
- data/Gemfile.lock +103 -57
- data/README.md +22 -13
- data/README_backend_configuration.md +16 -9
- data/bin/generate-hetzner-resource +204 -0
- data/bin/hetzner-tracker +280 -0
- data/bin/pangea +13 -0
- data/bin/pangea-compiler +15 -0
- data/bin/pangea-compiler-server +133 -0
- data/docs/KUBERNETES_OPERATOR_PLAN.md +2626 -0
- data/examples/test_simple/pangea.yml +7 -0
- data/examples/test_simple/simple.rb +39 -0
- data/flake.lock +748 -6
- data/flake.nix +501 -29
- data/gemset.nix +115 -104
- data/lib/pangea/agent/analysis.rb +128 -0
- data/lib/pangea/agent/compilation.rb +62 -0
- data/lib/pangea/agent/helpers.rb +29 -0
- data/lib/pangea/agent/listing.rb +108 -0
- data/lib/pangea/agent.rb +13 -349
- data/lib/pangea/architectures/base/architecture_reference/cost.rb +30 -0
- data/lib/pangea/architectures/base/architecture_reference/high_availability.rb +57 -0
- data/lib/pangea/architectures/base/architecture_reference/performance.rb +58 -0
- data/lib/pangea/architectures/base/architecture_reference/security.rb +61 -0
- data/lib/pangea/architectures/base/architecture_reference/validation.rb +46 -0
- data/lib/pangea/architectures/base/architecture_reference.rb +109 -0
- data/lib/pangea/architectures/base/vpc_networking.rb +155 -0
- data/lib/pangea/architectures/base.rb +9 -503
- data/lib/pangea/architectures/examples/architectures/devops_platform.rb +129 -0
- data/lib/pangea/architectures/examples/architectures/ecommerce_platform.rb +104 -0
- data/lib/pangea/architectures/examples/architectures/helpers.rb +47 -0
- data/lib/pangea/architectures/examples/architectures/ml_platform.rb +113 -0
- data/lib/pangea/architectures/examples/architectures/multi_region_saas.rb +95 -0
- data/lib/pangea/architectures/examples/web_application/analytics.rb +108 -0
- data/lib/pangea/architectures/examples/web_application/basic.rb +40 -0
- data/lib/pangea/architectures/examples/web_application/custom_database.rb +86 -0
- data/lib/pangea/architectures/examples/web_application/ecommerce.rb +103 -0
- data/lib/pangea/architectures/examples/web_application/microservices.rb +120 -0
- data/lib/pangea/architectures/examples/web_application/multi_environment.rb +88 -0
- data/lib/pangea/architectures/examples/web_application_examples.rb +7 -571
- data/lib/pangea/architectures/examples.rb +14 -480
- data/lib/pangea/architectures/patterns/data_processing/analytics.rb +70 -0
- data/lib/pangea/architectures/patterns/data_processing/iam_roles.rb +131 -0
- data/lib/pangea/architectures/patterns/data_processing/ingestion.rb +73 -0
- data/lib/pangea/architectures/patterns/data_processing/monitoring.rb +66 -0
- data/lib/pangea/architectures/patterns/data_processing/processing.rb +78 -0
- data/lib/pangea/architectures/patterns/data_processing/security.rb +34 -0
- data/lib/pangea/architectures/patterns/data_processing/storage.rb +74 -0
- data/lib/pangea/architectures/patterns/data_processing/streaming.rb +121 -0
- data/lib/pangea/architectures/patterns/data_processing/types.rb +79 -0
- data/lib/pangea/architectures/patterns/data_processing.rb +51 -619
- data/lib/pangea/architectures/patterns/microservices/helpers.rb +67 -0
- data/lib/pangea/architectures/patterns/microservices/observability.rb +83 -0
- data/lib/pangea/architectures/patterns/microservices/orchestration.rb +67 -0
- data/lib/pangea/architectures/patterns/microservices/platform_security.rb +56 -0
- data/lib/pangea/architectures/patterns/microservices/service.rb +117 -0
- data/lib/pangea/architectures/patterns/microservices/service_mesh.rb +49 -0
- data/lib/pangea/architectures/patterns/microservices/shared_services.rb +90 -0
- data/lib/pangea/architectures/patterns/microservices/types.rb +84 -0
- data/lib/pangea/architectures/patterns/microservices.rb +52 -563
- data/lib/pangea/architectures/patterns/web_application/compute_tier.rb +98 -0
- data/lib/pangea/architectures/patterns/web_application/database_tier.rb +76 -0
- data/lib/pangea/architectures/patterns/web_application/load_balancer_tier.rb +81 -0
- data/lib/pangea/architectures/patterns/web_application/monitoring_tier.rb +97 -0
- data/lib/pangea/architectures/patterns/web_application/security_tier.rb +76 -0
- data/lib/pangea/architectures/patterns/web_application/storage_tier.rb +58 -0
- data/lib/pangea/architectures/patterns/web_application/types.rb +99 -0
- data/lib/pangea/architectures/patterns/web_application/user_data.rb +107 -0
- data/lib/pangea/architectures/patterns/web_application.rb +46 -507
- data/lib/pangea/architectures/types/base_types.rb +58 -0
- data/lib/pangea/architectures/types/config_schemas.rb +112 -0
- data/lib/pangea/architectures/types/defaults.rb +62 -0
- data/lib/pangea/architectures/types/validators.rb +110 -0
- data/lib/pangea/architectures/types.rb +17 -257
- data/lib/pangea/architectures/web_application_architecture/architecture/component_creation.rb +146 -0
- data/lib/pangea/architectures/web_application_architecture/architecture/cost_estimation.rb +71 -0
- data/lib/pangea/architectures/web_application_architecture/architecture/fallback_resources.rb +63 -0
- data/lib/pangea/architectures/web_application_architecture/architecture/helpers.rb +50 -0
- data/lib/pangea/architectures/web_application_architecture/architecture/outputs.rb +73 -0
- data/lib/pangea/architectures/web_application_architecture/architecture/resource_creation.rb +54 -0
- data/lib/pangea/architectures/web_application_architecture/architecture.rb +18 -454
- data/lib/pangea/architectures/web_application_architecture/types/cost_estimation.rb +88 -0
- data/lib/pangea/architectures/web_application_architecture/types/defaults.rb +90 -0
- data/lib/pangea/architectures/web_application_architecture/types/input_schema.rb +91 -0
- data/lib/pangea/architectures/web_application_architecture/types/output_schema.rb +49 -0
- data/lib/pangea/architectures/web_application_architecture/types/validation.rb +81 -0
- data/lib/pangea/architectures/web_application_architecture/types.rb +35 -260
- data/lib/pangea/backends/local.rb +2 -2
- data/lib/pangea/backends/s3/dynamodb_lock.rb +115 -0
- data/lib/pangea/backends/s3.rb +47 -131
- data/lib/pangea/cli/application/command_router.rb +129 -0
- data/lib/pangea/cli/application/options.rb +128 -0
- data/lib/pangea/cli/application.rb +55 -156
- data/lib/pangea/cli/commands/agent/analysis.rb +107 -0
- data/lib/pangea/cli/commands/agent/complexity.rb +67 -0
- data/lib/pangea/cli/commands/agent/cost.rb +59 -0
- data/lib/pangea/cli/commands/agent/dependencies.rb +63 -0
- data/lib/pangea/cli/commands/agent/explanation.rb +81 -0
- data/lib/pangea/cli/commands/agent/security.rb +69 -0
- data/lib/pangea/cli/commands/agent/suggestions.rb +55 -0
- data/lib/pangea/cli/commands/agent/validation.rb +77 -0
- data/lib/pangea/cli/commands/agent.rb +36 -560
- data/lib/pangea/cli/commands/apply.rb +93 -185
- data/lib/pangea/cli/commands/base_command.rb +5 -0
- data/lib/pangea/cli/commands/destroy.rb +130 -62
- data/lib/pangea/cli/commands/enhanced_plan/metrics.rb +53 -0
- data/lib/pangea/cli/commands/enhanced_plan/plan_generation.rb +93 -0
- data/lib/pangea/cli/commands/enhanced_plan/template_operations.rb +106 -0
- data/lib/pangea/cli/commands/enhanced_plan.rb +63 -0
- data/lib/pangea/cli/commands/import/import_command_generator.rb +71 -0
- data/lib/pangea/cli/commands/import/resource_analyzer.rb +72 -0
- data/lib/pangea/cli/commands/import.rb +180 -0
- data/lib/pangea/cli/commands/init.rb +100 -0
- data/lib/pangea/cli/commands/inspect/config_inspection.rb +130 -0
- data/lib/pangea/cli/commands/inspect/resource_inspection.rb +105 -0
- data/lib/pangea/cli/commands/inspect/template_analysis.rb +124 -0
- data/lib/pangea/cli/commands/inspect.rb +30 -372
- data/lib/pangea/cli/commands/plan/json_analysis.rb +179 -0
- data/lib/pangea/cli/commands/plan/json_formatting.rb +53 -0
- data/lib/pangea/cli/commands/plan/plan_output.rb +152 -0
- data/lib/pangea/cli/commands/plan/resource_display.rb +98 -0
- data/lib/pangea/cli/commands/plan.rb +81 -138
- data/lib/pangea/cli/commands/sync.rb +110 -0
- data/lib/pangea/cli/commands/template_processor.rb +116 -0
- data/lib/pangea/cli/commands/workspace_operations.rb +154 -0
- data/lib/pangea/cli/error_handler.rb +169 -0
- data/lib/pangea/cli/errors.rb +57 -0
- data/lib/pangea/cli/ui/README.md +255 -0
- data/lib/pangea/cli/ui/banner/operation_summary.rb +120 -0
- data/lib/pangea/cli/ui/banner.rb +179 -0
- data/lib/pangea/cli/ui/command_display/cost_estimation.rb +82 -0
- data/lib/pangea/cli/ui/command_display/state_display.rb +116 -0
- data/lib/pangea/cli/ui/command_display/value_formatters.rb +68 -0
- data/lib/pangea/cli/ui/command_display.rb +147 -0
- data/lib/pangea/cli/ui/diff/formatting.rb +65 -0
- data/lib/pangea/cli/ui/diff/plan_parser.rb +84 -0
- data/lib/pangea/cli/ui/diff.rb +115 -202
- data/lib/pangea/cli/ui/logger/display_helpers.rb +98 -0
- data/lib/pangea/cli/ui/logger/info_panels.rb +99 -0
- data/lib/pangea/cli/ui/logger/resource_display.rb +66 -0
- data/lib/pangea/cli/ui/logger/styles.rb +63 -0
- data/lib/pangea/cli/ui/logger.rb +47 -122
- data/lib/pangea/cli/ui/output_formatter/constants.rb +28 -0
- data/lib/pangea/cli/ui/output_formatter/display.rb +156 -0
- data/lib/pangea/cli/ui/output_formatter/formatting.rb +44 -0
- data/lib/pangea/cli/ui/output_formatter.rb +28 -0
- data/lib/pangea/cli/ui/plan_display/action_group_display.rb +101 -0
- data/lib/pangea/cli/ui/plan_display.rb +150 -0
- data/lib/pangea/cli/ui/progress/animations.rb +69 -0
- data/lib/pangea/cli/ui/progress/wrappers.rb +111 -0
- data/lib/pangea/cli/ui/progress.rb +15 -153
- data/lib/pangea/cli/ui/spinner.rb +102 -10
- data/lib/pangea/cli/ui/table/formatters.rb +141 -0
- data/lib/pangea/cli/ui/table.rb +88 -11
- data/lib/pangea/cli/ui/template_display/resource_extractor.rb +109 -0
- data/lib/pangea/cli/ui/template_display.rb +185 -0
- data/lib/pangea/cli/ui/visualizer/cost.rb +37 -0
- data/lib/pangea/cli/ui/visualizer/display.rb +98 -0
- data/lib/pangea/cli/ui/visualizer/graph.rb +94 -0
- data/lib/pangea/cli/ui/visualizer/statistics.rb +58 -0
- data/lib/pangea/cli/ui/visualizer.rb +41 -270
- data/lib/pangea/compilation/backend_injector.rb +78 -0
- data/lib/pangea/compilation/compilation_helpers.rb +136 -0
- data/lib/pangea/compilation/template_compiler.rb +56 -317
- data/lib/pangea/compilation/template_extractor.rb +81 -0
- data/lib/pangea/compilation/template_validator.rb +88 -0
- data/lib/pangea/compiler_server.rb +133 -0
- data/lib/pangea/components/api_gateway_microservices/component.rb +79 -584
- data/lib/pangea/components/api_gateway_microservices/cors.rb +94 -0
- data/lib/pangea/components/api_gateway_microservices/deployment.rb +102 -0
- data/lib/pangea/components/api_gateway_microservices/helpers.rb +104 -0
- data/lib/pangea/components/api_gateway_microservices/methods.rb +111 -0
- data/lib/pangea/components/api_gateway_microservices/monitoring.rb +77 -0
- data/lib/pangea/components/api_gateway_microservices/rate_limiting.rb +75 -0
- data/lib/pangea/components/api_gateway_microservices/resources.rb +155 -0
- data/lib/pangea/components/api_gateway_microservices/types/core.rb +63 -0
- data/lib/pangea/components/api_gateway_microservices/types/endpoint.rb +53 -0
- data/lib/pangea/components/api_gateway_microservices/types/policy.rb +59 -0
- data/lib/pangea/components/api_gateway_microservices/types.rb +83 -176
- data/lib/pangea/components/application_load_balancer/component.rb +81 -264
- data/lib/pangea/components/application_load_balancer/listeners.rb +139 -0
- data/lib/pangea/components/application_load_balancer/monitoring.rb +93 -0
- data/lib/pangea/components/application_load_balancer/target_groups.rb +101 -0
- data/lib/pangea/components/auto_scaling_web_servers/component/launch_template.rb +79 -0
- data/lib/pangea/components/auto_scaling_web_servers/component/lifecycle.rb +90 -0
- data/lib/pangea/components/auto_scaling_web_servers/component/scaling_policies.rb +152 -0
- data/lib/pangea/components/auto_scaling_web_servers/component.rb +49 -347
- data/lib/pangea/components/carbon_aware_compute/component.rb +52 -1062
- data/lib/pangea/components/carbon_aware_compute/modules/code_generators/executor_code.rb +137 -0
- data/lib/pangea/components/carbon_aware_compute/modules/code_generators/monitor_code.rb +129 -0
- data/lib/pangea/components/carbon_aware_compute/modules/code_generators/scheduler_code.rb +145 -0
- data/lib/pangea/components/carbon_aware_compute/modules/code_generators.rb +31 -0
- data/lib/pangea/components/carbon_aware_compute/modules/functions.rb +99 -0
- data/lib/pangea/components/carbon_aware_compute/modules/helpers.rb +60 -0
- data/lib/pangea/components/carbon_aware_compute/modules/monitoring.rb +178 -0
- data/lib/pangea/components/carbon_aware_compute/modules/roles.rb +113 -0
- data/lib/pangea/components/carbon_aware_compute/modules/schedules.rb +51 -0
- data/lib/pangea/components/carbon_aware_compute/modules/tables.rb +80 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/component.rb +78 -1514
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/automation.rb +177 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/backup.rb +132 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/lambda_code.rb +152 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/runbook.rb +86 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/workflow.rb +137 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators.rb +31 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/compliance.rb +86 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/dr_region.rb +167 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/helpers.rb +164 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring/alarms.rb +79 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring/dashboards.rb +167 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring.rb +55 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/networking.rb +94 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/primary_region.rb +134 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/database.rb +103 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/efs.rb +45 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/s3.rb +120 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication.rb +61 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/modules/testing.rb +93 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/types/data_configs.rb +50 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/types/operational_configs.rb +50 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/types/optimization_configs.rb +63 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/types/region_configs.rb +50 -0
- data/lib/pangea/components/disaster_recovery_pilot_light/types.rb +38 -140
- data/lib/pangea/components/event_driven_microservice/api_gateway.rb +25 -0
- data/lib/pangea/components/event_driven_microservice/component.rb +56 -626
- data/lib/pangea/components/event_driven_microservice/event_sources.rb +113 -0
- data/lib/pangea/components/event_driven_microservice/functions.rb +91 -0
- data/lib/pangea/components/event_driven_microservice/helpers.rb +90 -0
- data/lib/pangea/components/event_driven_microservice/iam.rb +117 -0
- data/lib/pangea/components/event_driven_microservice/monitoring.rb +191 -0
- data/lib/pangea/components/event_driven_microservice/storage.rb +126 -0
- data/lib/pangea/components/event_driven_microservice/types/cqrs_config.rb +37 -0
- data/lib/pangea/components/event_driven_microservice/types/event_replay_config.rb +36 -0
- data/lib/pangea/components/event_driven_microservice/types/event_source.rb +42 -0
- data/lib/pangea/components/event_driven_microservice/types/event_store_config.rb +40 -0
- data/lib/pangea/components/event_driven_microservice/types/function_config.rb +40 -0
- data/lib/pangea/components/event_driven_microservice/types/monitoring_config.rb +37 -0
- data/lib/pangea/components/event_driven_microservice/types/saga_config.rb +37 -0
- data/lib/pangea/components/event_driven_microservice/types.rb +35 -112
- data/lib/pangea/components/examples/enterprise_application.rb +166 -0
- data/lib/pangea/components/examples/three_tier_web_application.rb +159 -0
- data/lib/pangea/components/examples.rb +7 -492
- data/lib/pangea/components/global_service_mesh/component.rb +94 -1271
- data/lib/pangea/components/global_service_mesh/modules/connectivity.rb +133 -0
- data/lib/pangea/components/global_service_mesh/modules/gateways.rb +197 -0
- data/lib/pangea/components/global_service_mesh/modules/helpers.rb +172 -0
- data/lib/pangea/components/global_service_mesh/modules/mesh_components.rb +126 -0
- data/lib/pangea/components/global_service_mesh/modules/observability.rb +106 -0
- data/lib/pangea/components/global_service_mesh/modules/regional_mesh.rb +109 -0
- data/lib/pangea/components/global_service_mesh/modules/resilience.rb +116 -0
- data/lib/pangea/components/global_service_mesh/modules/security.rb +125 -0
- data/lib/pangea/components/global_service_mesh/types/infrastructure_types.rb +49 -0
- data/lib/pangea/components/global_service_mesh/types/operational_types.rb +49 -0
- data/lib/pangea/components/global_service_mesh/types/policy_types.rb +63 -0
- data/lib/pangea/components/global_service_mesh/types/service_types.rb +52 -0
- data/lib/pangea/components/global_service_mesh/types.rb +59 -206
- data/lib/pangea/components/global_traffic_manager/component.rb +86 -1111
- data/lib/pangea/components/global_traffic_manager/modules/accelerator.rb +112 -0
- data/lib/pangea/components/global_traffic_manager/modules/advanced_routing.rb +85 -0
- data/lib/pangea/components/global_traffic_manager/modules/cloudfront.rb +188 -0
- data/lib/pangea/components/global_traffic_manager/modules/edge_functions.rb +56 -0
- data/lib/pangea/components/global_traffic_manager/modules/health_checks.rb +77 -0
- data/lib/pangea/components/global_traffic_manager/modules/helpers.rb +164 -0
- data/lib/pangea/components/global_traffic_manager/modules/monitoring.rb +180 -0
- data/lib/pangea/components/global_traffic_manager/modules/routing.rb +168 -0
- data/lib/pangea/components/global_traffic_manager/modules/security.rb +152 -0
- data/lib/pangea/components/global_traffic_manager/modules/synthetic.rb +70 -0
- data/lib/pangea/components/global_traffic_manager/types/advanced_routing_config.rb +36 -0
- data/lib/pangea/components/global_traffic_manager/types/cloudfront_config.rb +38 -0
- data/lib/pangea/components/global_traffic_manager/types/endpoint_config.rb +39 -0
- data/lib/pangea/components/global_traffic_manager/types/geo_routing_config.rb +35 -0
- data/lib/pangea/components/global_traffic_manager/types/observability_config.rb +38 -0
- data/lib/pangea/components/global_traffic_manager/types/performance_config.rb +36 -0
- data/lib/pangea/components/global_traffic_manager/types/security_config.rb +38 -0
- data/lib/pangea/components/global_traffic_manager/types/traffic_policy_config.rb +40 -0
- data/lib/pangea/components/global_traffic_manager/types/validators.rb +158 -0
- data/lib/pangea/components/global_traffic_manager/types.rb +27 -223
- data/lib/pangea/components/green_data_lifecycle/component.rb +80 -1343
- data/lib/pangea/components/green_data_lifecycle/modules/code_generators/access_analyzer_code.rb +159 -0
- data/lib/pangea/components/green_data_lifecycle/modules/code_generators/carbon_optimizer_code.rb +170 -0
- data/lib/pangea/components/green_data_lifecycle/modules/code_generators/lifecycle_manager_code.rb +169 -0
- data/lib/pangea/components/green_data_lifecycle/modules/code_generators.rb +31 -0
- data/lib/pangea/components/green_data_lifecycle/modules/functions.rb +97 -0
- data/lib/pangea/components/green_data_lifecycle/modules/glacier.rb +58 -0
- data/lib/pangea/components/green_data_lifecycle/modules/helpers.rb +40 -0
- data/lib/pangea/components/green_data_lifecycle/modules/inventory.rb +57 -0
- data/lib/pangea/components/green_data_lifecycle/modules/lifecycle.rb +158 -0
- data/lib/pangea/components/green_data_lifecycle/modules/monitoring.rb +180 -0
- data/lib/pangea/components/green_data_lifecycle/modules/roles.rb +107 -0
- data/lib/pangea/components/green_data_lifecycle/modules/storage.rb +47 -0
- data/lib/pangea/components/microservice_deployment/component/autoscaling.rb +67 -0
- data/lib/pangea/components/microservice_deployment/component/container_definitions.rb +73 -0
- data/lib/pangea/components/microservice_deployment/component/logging.rb +28 -0
- data/lib/pangea/components/microservice_deployment/component/monitoring.rb +66 -0
- data/lib/pangea/components/microservice_deployment/component/outputs.rb +66 -0
- data/lib/pangea/components/microservice_deployment/component/service.rb +87 -0
- data/lib/pangea/components/microservice_deployment/component.rb +41 -419
- data/lib/pangea/components/microservice_deployment/types/auto_scaling_config.rb +36 -0
- data/lib/pangea/components/microservice_deployment/types/circuit_breaker_config.rb +33 -0
- data/lib/pangea/components/microservice_deployment/types/container_definition.rb +43 -0
- data/lib/pangea/components/microservice_deployment/types/health_check_config.rb +35 -0
- data/lib/pangea/components/microservice_deployment/types/service_discovery_config.rb +41 -0
- data/lib/pangea/components/microservice_deployment/types/tracing_config.rb +34 -0
- data/lib/pangea/components/microservice_deployment/types.rb +75 -146
- data/lib/pangea/components/microservices_examples/platform.rb +91 -0
- data/lib/pangea/components/microservices_examples/saga.rb +49 -0
- data/lib/pangea/components/microservices_examples.rb +7 -435
- data/lib/pangea/components/multi_region_active_active/component.rb +110 -1164
- data/lib/pangea/components/multi_region_active_active/modules/applications.rb +117 -0
- data/lib/pangea/components/multi_region_active_active/modules/aurora.rb +121 -0
- data/lib/pangea/components/multi_region_active_active/modules/chaos.rb +103 -0
- data/lib/pangea/components/multi_region_active_active/modules/dynamodb.rb +77 -0
- data/lib/pangea/components/multi_region_active_active/modules/helpers.rb +193 -0
- data/lib/pangea/components/multi_region_active_active/modules/monitoring.rb +113 -0
- data/lib/pangea/components/multi_region_active_active/modules/networking.rb +134 -0
- data/lib/pangea/components/multi_region_active_active/modules/routing.rb +185 -0
- data/lib/pangea/components/multi_region_active_active/types/application_config.rb +38 -0
- data/lib/pangea/components/multi_region_active_active/types/consistency_config.rb +36 -0
- data/lib/pangea/components/multi_region_active_active/types/cost_config.rb +35 -0
- data/lib/pangea/components/multi_region_active_active/types/database_config.rb +37 -0
- data/lib/pangea/components/multi_region_active_active/types/failover_config.rb +37 -0
- data/lib/pangea/components/multi_region_active_active/types/monitoring_config.rb +37 -0
- data/lib/pangea/components/multi_region_active_active/types/region_config.rb +37 -0
- data/lib/pangea/components/multi_region_active_active/types/routing_config.rb +35 -0
- data/lib/pangea/components/multi_region_active_active/types/validators.rb +139 -0
- data/lib/pangea/components/multi_region_active_active/types.rb +28 -192
- data/lib/pangea/components/mysql_database/component/database.rb +167 -0
- data/lib/pangea/components/mysql_database/component/helpers.rb +105 -0
- data/lib/pangea/components/mysql_database/component/monitoring.rb +126 -0
- data/lib/pangea/components/mysql_database/component.rb +33 -295
- data/lib/pangea/components/public_private_subnets/component/outputs.rb +49 -0
- data/lib/pangea/components/public_private_subnets/component/routing/nat_gateways.rb +89 -0
- data/lib/pangea/components/public_private_subnets/component/routing.rb +145 -0
- data/lib/pangea/components/public_private_subnets/component/subnets.rb +70 -0
- data/lib/pangea/components/public_private_subnets/component.rb +47 -341
- data/lib/pangea/components/secure_s3_bucket/component/bucket_config.rb +51 -0
- data/lib/pangea/components/secure_s3_bucket/component/features.rb +75 -0
- data/lib/pangea/components/secure_s3_bucket/component/monitoring.rb +65 -0
- data/lib/pangea/components/secure_s3_bucket/component/outputs.rb +58 -0
- data/lib/pangea/components/secure_s3_bucket/component.rb +39 -421
- data/lib/pangea/components/secure_s3_bucket/types/bucket_configs.rb +51 -0
- data/lib/pangea/components/secure_s3_bucket/types/feature_configs.rb +60 -0
- data/lib/pangea/components/secure_s3_bucket/types/lifecycle_rule.rb +59 -0
- data/lib/pangea/components/secure_s3_bucket/types/monitoring_configs.rb +57 -0
- data/lib/pangea/components/secure_s3_bucket/types.rb +38 -168
- data/lib/pangea/components/service_mesh_observability/alerting.rb +165 -0
- data/lib/pangea/components/service_mesh_observability/anomaly.rb +51 -0
- data/lib/pangea/components/service_mesh_observability/component.rb +50 -567
- data/lib/pangea/components/service_mesh_observability/dashboard.rb +144 -0
- data/lib/pangea/components/service_mesh_observability/helpers.rb +92 -0
- data/lib/pangea/components/service_mesh_observability/logging.rb +73 -0
- data/lib/pangea/components/service_mesh_observability/types/dashboard_widget.rb +35 -0
- data/lib/pangea/components/service_mesh_observability/types/observability_configs.rb +57 -0
- data/lib/pangea/components/service_mesh_observability/types/operational_configs.rb +46 -0
- data/lib/pangea/components/service_mesh_observability/types/service_config.rb +37 -0
- data/lib/pangea/components/service_mesh_observability/types.rb +39 -129
- data/lib/pangea/components/service_mesh_observability/xray.rb +64 -0
- data/lib/pangea/components/siem_security_platform/component.rb +60 -2827
- data/lib/pangea/components/siem_security_platform/modules/helpers.rb +87 -0
- data/lib/pangea/components/siem_security_platform/modules/incident_response/branches.rb +78 -0
- data/lib/pangea/components/siem_security_platform/modules/incident_response/lambdas.rb +200 -0
- data/lib/pangea/components/siem_security_platform/modules/incident_response/state_machine.rb +157 -0
- data/lib/pangea/components/siem_security_platform/modules/incident_response.rb +84 -0
- data/lib/pangea/components/siem_security_platform/modules/ingestion/firehose_config.rb +84 -0
- data/lib/pangea/components/siem_security_platform/modules/ingestion/iam_policies.rb +109 -0
- data/lib/pangea/components/siem_security_platform/modules/ingestion.rb +85 -0
- data/lib/pangea/components/siem_security_platform/modules/integrations.rb +193 -0
- data/lib/pangea/components/siem_security_platform/modules/monitoring.rb +154 -0
- data/lib/pangea/components/siem_security_platform/modules/processing/code_generators.rb +159 -0
- data/lib/pangea/components/siem_security_platform/modules/processing.rb +181 -0
- data/lib/pangea/components/siem_security_platform/modules/security.rb +107 -0
- data/lib/pangea/components/siem_security_platform/modules/storage.rb +197 -0
- data/lib/pangea/components/siem_security_platform/modules/threat_detection.rb +135 -0
- data/lib/pangea/components/siem_security_platform/types/detection_configs.rb +73 -0
- data/lib/pangea/components/siem_security_platform/types/log_collection_configs.rb +55 -0
- data/lib/pangea/components/siem_security_platform/types/opensearch_config.rb +48 -0
- data/lib/pangea/components/siem_security_platform/types/operational_configs.rb +69 -0
- data/lib/pangea/components/siem_security_platform/types/response_configs.rb +68 -0
- data/lib/pangea/components/siem_security_platform/types/security_configs.rb +49 -0
- data/lib/pangea/components/siem_security_platform/types.rb +36 -174
- data/lib/pangea/components/spot_instance_carbon_optimizer/component.rb +54 -1560
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/carbon_monitor.rb +156 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/fleet_optimizer.rb +148 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/migration_orchestrator.rb +200 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators.rb +31 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/fleets.rb +112 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/functions.rb +103 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/helpers.rb +97 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/monitoring.rb +180 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/roles.rb +114 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/schedules.rb +68 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/modules/tables.rb +99 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/types/enums.rb +51 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/types/input.rb +109 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/types/output.rb +68 -0
- data/lib/pangea/components/spot_instance_carbon_optimizer/types.rb +6 -156
- data/lib/pangea/components/sustainable_ml_training/component.rb +52 -1676
- data/lib/pangea/components/sustainable_ml_training/modules/code_generators/carbon_scheduler.rb +151 -0
- data/lib/pangea/components/sustainable_ml_training/modules/code_generators/efficiency_monitor.rb +141 -0
- data/lib/pangea/components/sustainable_ml_training/modules/code_generators/training_optimizer.rb +151 -0
- data/lib/pangea/components/sustainable_ml_training/modules/code_generators.rb +31 -0
- data/lib/pangea/components/sustainable_ml_training/modules/compute.rb +98 -0
- data/lib/pangea/components/sustainable_ml_training/modules/functions.rb +101 -0
- data/lib/pangea/components/sustainable_ml_training/modules/helpers.rb +100 -0
- data/lib/pangea/components/sustainable_ml_training/modules/monitoring.rb +195 -0
- data/lib/pangea/components/sustainable_ml_training/modules/roles.rb +127 -0
- data/lib/pangea/components/sustainable_ml_training/modules/storage.rb +85 -0
- data/lib/pangea/components/sustainable_ml_training/modules/tables.rb +71 -0
- data/lib/pangea/components/sustainable_ml_training/modules/training.rb +83 -0
- data/lib/pangea/components/sustainable_ml_training/types/constants.rb +42 -0
- data/lib/pangea/components/sustainable_ml_training/types/enums.rb +56 -0
- data/lib/pangea/components/sustainable_ml_training/types/validations.rb +63 -0
- data/lib/pangea/components/sustainable_ml_training/types.rb +32 -94
- data/lib/pangea/components/threat_intelligence_platform/types/correlation_rule.rb +38 -0
- data/lib/pangea/components/threat_intelligence_platform/types/enrichment_source.rb +35 -0
- data/lib/pangea/components/threat_intelligence_platform/types/threat_feed.rb +37 -0
- data/lib/pangea/components/threat_intelligence_platform/types/threat_source.rb +48 -0
- data/lib/pangea/components/threat_intelligence_platform/types.rb +23 -69
- data/lib/pangea/components/web_security_group/component.rb +19 -103
- data/lib/pangea/components/web_security_group/rules.rb +136 -0
- data/lib/pangea/components/web_security_group/types/port_methods.rb +58 -0
- data/lib/pangea/components/web_security_group/types/rules_summary.rb +130 -0
- data/lib/pangea/components/web_security_group/types/security_analysis.rb +79 -0
- data/lib/pangea/components/web_security_group/types/validation.rb +67 -0
- data/lib/pangea/components/web_security_group/types.rb +12 -207
- data/lib/pangea/components/web_tier_subnets/component/outputs.rb +70 -0
- data/lib/pangea/components/web_tier_subnets/component.rb +7 -54
- data/lib/pangea/components/zero_trust_network/audit.rb +61 -0
- data/lib/pangea/components/zero_trust_network/compliance.rb +65 -0
- data/lib/pangea/components/zero_trust_network/component.rb +108 -608
- data/lib/pangea/components/zero_trust_network/endpoints.rb +46 -0
- data/lib/pangea/components/zero_trust_network/monitoring.rb +75 -0
- data/lib/pangea/components/zero_trust_network/networking.rb +43 -0
- data/lib/pangea/components/zero_trust_network/policies.rb +70 -0
- data/lib/pangea/components/zero_trust_network/security_automation.rb +130 -0
- data/lib/pangea/components/zero_trust_network/segments.rb +59 -0
- data/lib/pangea/components/zero_trust_network/threat_detection.rb +87 -0
- data/lib/pangea/configuration/config_loader.rb +86 -0
- data/lib/pangea/configuration/defaults.rb +58 -0
- data/lib/pangea/configuration/namespace_manager.rb +95 -0
- data/lib/pangea/configuration/types/backends.rb +95 -0
- data/lib/pangea/configuration/types/base.rb +33 -0
- data/lib/pangea/configuration/types/configuration_schema.rb +105 -0
- data/lib/pangea/configuration/types/settings.rb +56 -0
- data/lib/pangea/configuration/types/state.rb +91 -0
- data/lib/pangea/configuration/types.rb +6 -279
- data/lib/pangea/configuration.rb +28 -167
- data/lib/pangea/entities/namespace.rb +9 -1
- data/lib/pangea/errors.rb +76 -10
- data/lib/pangea/execution/terraform_command_builder.rb +87 -0
- data/lib/pangea/execution/terraform_command_executor.rb +152 -0
- data/lib/pangea/execution/terraform_executor.rb +58 -189
- data/lib/pangea/execution/terraform_operations.rb +91 -0
- data/lib/pangea/execution/terraform_output_parser.rb +129 -0
- data/lib/pangea/execution/terraform_retry.rb +99 -0
- data/lib/pangea/logging/formatters.rb +92 -0
- data/lib/pangea/logging/structured_logger.rb +195 -0
- data/lib/pangea/logging.rb +22 -0
- data/lib/pangea/resources/aws/cloudformation/types/stack_instances_attributes.rb +91 -0
- data/lib/pangea/resources/aws/cloudformation/types/stack_set_attributes.rb +150 -0
- data/lib/pangea/resources/aws/cloudformation/types/stack_set_instance_attributes.rb +96 -0
- data/lib/pangea/resources/aws/cloudformation/types/type_attributes.rb +102 -0
- data/lib/pangea/resources/aws/cloudformation/types.rb +15 -274
- data/lib/pangea/resources/aws/comprehendmedical/jobs/entities_detection_v2_job.rb +58 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs/icd10_cm_inference_job.rb +58 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs/job_builder.rb +77 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs/phi_detection_job.rb +58 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs/rx_norm_inference_job.rb +58 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs/snomed_ct_inference_job.rb +58 -0
- data/lib/pangea/resources/aws/comprehendmedical/jobs.rb +14 -290
- data/lib/pangea/resources/aws/ec2/access_control.rb +72 -0
- data/lib/pangea/resources/aws/ec2/account_settings.rb +57 -0
- data/lib/pangea/resources/aws/ec2/capacity.rb +87 -0
- data/lib/pangea/resources/aws/ec2/host.rb +57 -0
- data/lib/pangea/resources/aws/ec2/spot.rb +72 -0
- data/lib/pangea/resources/aws/ec2/transit_gateway_multicast.rb +72 -0
- data/lib/pangea/resources/aws/ec2.rb +25 -256
- data/lib/pangea/resources/aws/elasticache_extended.disabled/reserved_cache_node.rb +1 -1
- data/lib/pangea/resources/aws/elasticache_extended.disabled/serverless_cache.rb +3 -3
- data/lib/pangea/resources/aws/elasticache_extended.disabled/user_group.rb +1 -1
- data/lib/pangea/resources/aws/frauddetector/detector.rb +12 -190
- data/lib/pangea/resources/aws/frauddetector/entity_type.rb +65 -0
- data/lib/pangea/resources/aws/frauddetector/event_type.rb +84 -0
- data/lib/pangea/resources/aws/frauddetector/outcome.rb +66 -0
- data/lib/pangea/resources/aws/frauddetector/variable.rb +77 -0
- data/lib/pangea/resources/aws/gamelift/attributes.rb +104 -0
- data/lib/pangea/resources/aws/gamelift.rb +19 -98
- data/lib/pangea/resources/aws/gamesparks/types.rb +87 -0
- data/lib/pangea/resources/aws/gamesparks.rb +10 -103
- data/lib/pangea/resources/aws/healthlake/fhir_datastore.rb +4 -108
- data/lib/pangea/resources/aws/healthlake/fhir_export_job.rb +76 -0
- data/lib/pangea/resources/aws/healthlake/fhir_import_job.rb +82 -0
- data/lib/pangea/resources/aws/healthlake.rb +4 -0
- data/lib/pangea/resources/aws/load_balancing/classic_elb_dsl.rb +146 -0
- data/lib/pangea/resources/aws/load_balancing/modules/attachments.rb +65 -0
- data/lib/pangea/resources/aws/load_balancing/modules/policies.rb +85 -0
- data/lib/pangea/resources/aws/load_balancing/modules/trust_stores.rb +45 -0
- data/lib/pangea/resources/aws/load_balancing.rb +4 -122
- data/lib/pangea/resources/aws/lookout/equipment/dataset.rb +85 -0
- data/lib/pangea/resources/aws/lookout/equipment/inference_scheduler.rb +103 -0
- data/lib/pangea/resources/aws/lookout/equipment/model.rb +90 -0
- data/lib/pangea/resources/aws/lookout/equipment.rb +7 -197
- data/lib/pangea/resources/aws/opensearch.disabled/package.rb +1 -1
- data/lib/pangea/resources/aws/opensearch.disabled/serverless_collection.rb +1 -1
- data/lib/pangea/resources/aws/sfn_extended.disabled/activity.rb +1 -1
- data/lib/pangea/resources/aws/sumerian/attributes.rb +93 -0
- data/lib/pangea/resources/aws/sumerian.rb +14 -82
- data/lib/pangea/resources/aws/vpc/functions/defaults.rb +87 -0
- data/lib/pangea/resources/aws/vpc/functions/endpoints.rb +102 -0
- data/lib/pangea/resources/aws/vpc.rb +6 -136
- data/lib/pangea/resources/aws_acmpca_certificate_authority/types/attributes.rb +93 -0
- data/lib/pangea/resources/aws_acmpca_certificate_authority/types/helpers.rb +118 -0
- data/lib/pangea/resources/aws_acmpca_certificate_authority/types/templates.rb +140 -0
- data/lib/pangea/resources/aws_acmpca_certificate_authority/types/validators.rb +70 -0
- data/lib/pangea/resources/aws_acmpca_certificate_authority/types.rb +5 -328
- data/lib/pangea/resources/aws_alb_target_group_attachment/types.rb +1 -1
- data/lib/pangea/resources/aws_ami/types.rb +1 -1
- data/lib/pangea/resources/aws_api_gateway_api_key/types/configs.rb +125 -0
- data/lib/pangea/resources/aws_api_gateway_api_key/types.rb +96 -198
- data/lib/pangea/resources/aws_api_gateway_integration/types/factory_methods.rb +99 -0
- data/lib/pangea/resources/aws_api_gateway_integration/types/predicates.rb +57 -0
- data/lib/pangea/resources/aws_api_gateway_integration/types/uri_helpers.rb +58 -0
- data/lib/pangea/resources/aws_api_gateway_integration/types/validators.rb +98 -0
- data/lib/pangea/resources/aws_api_gateway_integration/types.rb +43 -202
- data/lib/pangea/resources/aws_api_gateway_rest_api/types.rb +1 -1
- data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/basic.rb +67 -0
- data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/configuration.rb +132 -0
- data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/method_settings.rb +88 -0
- data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers.rb +47 -0
- data/lib/pangea/resources/aws_api_gateway_stage/resource/main.rb +127 -0
- data/lib/pangea/resources/aws_api_gateway_stage/resource.rb +13 -298
- data/lib/pangea/resources/aws_api_gateway_stage/types/helpers.rb +75 -0
- data/lib/pangea/resources/aws_api_gateway_stage/types/validators.rb +133 -0
- data/lib/pangea/resources/aws_api_gateway_stage/types.rb +36 -143
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types/attributes.rb +64 -0
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types/configs.rb +81 -0
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types/helpers.rb +103 -0
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types/settings.rb +53 -0
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types/validation.rb +80 -0
- data/lib/pangea/resources/aws_api_gateway_usage_plan/types.rb +7 -295
- data/lib/pangea/resources/aws_appstream_fleet/types/attributes.rb +80 -0
- data/lib/pangea/resources/aws_appstream_fleet/types/cost_estimation.rb +54 -0
- data/lib/pangea/resources/aws_appstream_fleet/types/nested_types.rb +82 -0
- data/lib/pangea/resources/aws_appstream_fleet/types.rb +4 -218
- data/lib/pangea/resources/aws_athena_named_query/types/query_analysis.rb +148 -0
- data/lib/pangea/resources/aws_athena_named_query/types/query_templates.rb +88 -0
- data/lib/pangea/resources/aws_athena_named_query/types.rb +40 -208
- data/lib/pangea/resources/aws_athena_workgroup/types/attributes.rb +101 -0
- data/lib/pangea/resources/aws_athena_workgroup/types/class_methods.rb +102 -0
- data/lib/pangea/resources/aws_athena_workgroup/types/instance_methods.rb +104 -0
- data/lib/pangea/resources/aws_athena_workgroup/types/validation.rb +56 -0
- data/lib/pangea/resources/aws_athena_workgroup/types.rb +5 -235
- data/lib/pangea/resources/aws_autoscaling_group/types/auto_scaling_tag.rb +42 -0
- data/lib/pangea/resources/aws_autoscaling_group/types/instance_refresh_preferences.rb +39 -0
- data/lib/pangea/resources/aws_autoscaling_group/types/launch_template_specification.rb +57 -0
- data/lib/pangea/resources/aws_autoscaling_group/types.rb +90 -141
- data/lib/pangea/resources/aws_autoscaling_group_tag/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_lifecycle_hook/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_notification/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_policy/types/predictive_scaling_configuration.rb +42 -0
- data/lib/pangea/resources/aws_autoscaling_policy/types/step_adjustment.rb +38 -0
- data/lib/pangea/resources/aws_autoscaling_policy/types/target_tracking_configuration.rb +89 -0
- data/lib/pangea/resources/aws_autoscaling_policy/types.rb +88 -151
- data/lib/pangea/resources/aws_autoscaling_policy_step_adjustment/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_policy_target_tracking_scaling_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_schedule/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_tag/types/tag_queries.rb +121 -0
- data/lib/pangea/resources/aws_autoscaling_tag/types/tag_specification.rb +42 -0
- data/lib/pangea/resources/aws_autoscaling_tag/types/tag_validator.rb +103 -0
- data/lib/pangea/resources/aws_autoscaling_tag/types.rb +13 -186
- data/lib/pangea/resources/aws_autoscaling_traffic_source_attachment/types.rb +1 -1
- data/lib/pangea/resources/aws_autoscaling_warm_pool/types.rb +1 -1
- data/lib/pangea/resources/aws_batch_compute_environment/types/attributes.rb +88 -0
- data/lib/pangea/resources/aws_batch_compute_environment/types/helpers.rb +54 -0
- data/lib/pangea/resources/aws_batch_compute_environment/types/templates.rb +153 -0
- data/lib/pangea/resources/aws_batch_compute_environment/types/validators.rb +144 -0
- data/lib/pangea/resources/aws_batch_compute_environment/types.rb +5 -314
- data/lib/pangea/resources/aws_batch_job_definition/resource.rb +21 -189
- data/lib/pangea/resources/aws_batch_job_definition/synthesis/synthesizer.rb +144 -0
- data/lib/pangea/resources/aws_batch_job_definition/types/computed.rb +60 -0
- data/lib/pangea/resources/aws_batch_job_definition/types/configurations.rb +75 -0
- data/lib/pangea/resources/aws_batch_job_definition/types/templates.rb +156 -0
- data/lib/pangea/resources/aws_batch_job_definition/types/validation.rb +154 -0
- data/lib/pangea/resources/aws_batch_job_definition/types.rb +31 -502
- data/lib/pangea/resources/aws_batch_job_queue/types/attributes.rb +75 -0
- data/lib/pangea/resources/aws_batch_job_queue/types/templates.rb +132 -0
- data/lib/pangea/resources/aws_batch_job_queue/types.rb +6 -359
- data/lib/pangea/resources/aws_blockchain_query/types/attributes.rb +75 -0
- data/lib/pangea/resources/aws_blockchain_query/types/helpers.rb +187 -0
- data/lib/pangea/resources/aws_blockchain_query/types/validators.rb +95 -0
- data/lib/pangea/resources/aws_blockchain_query/types.rb +4 -324
- data/lib/pangea/resources/aws_blockchain_token_balance/types/attributes.rb +71 -0
- data/lib/pangea/resources/aws_blockchain_token_balance/types/network_helpers.rb +83 -0
- data/lib/pangea/resources/aws_blockchain_token_balance/types/query_helpers.rb +94 -0
- data/lib/pangea/resources/aws_blockchain_token_balance/types/token_helpers.rb +89 -0
- data/lib/pangea/resources/aws_blockchain_token_balance/types/validation.rb +86 -0
- data/lib/pangea/resources/aws_blockchain_token_balance/types.rb +6 -302
- data/lib/pangea/resources/aws_braket_device/types/helpers.rb +113 -0
- data/lib/pangea/resources/aws_braket_device/types/validations.rb +80 -0
- data/lib/pangea/resources/aws_braket_device/types.rb +73 -203
- data/lib/pangea/resources/aws_braket_device_capabilities/types/capability_support.rb +60 -0
- data/lib/pangea/resources/aws_braket_device_capabilities/types/device_classification.rb +66 -0
- data/lib/pangea/resources/aws_braket_device_capabilities/types/device_specs.rb +93 -0
- data/lib/pangea/resources/aws_braket_device_capabilities/types/execution_params.rb +60 -0
- data/lib/pangea/resources/aws_braket_device_capabilities/types.rb +47 -220
- data/lib/pangea/resources/aws_braket_job/types/attributes.rb +81 -0
- data/lib/pangea/resources/aws_braket_job/types/constants.rb +43 -0
- data/lib/pangea/resources/aws_braket_job/types/instance_methods.rb +71 -0
- data/lib/pangea/resources/aws_braket_job/types/validation.rb +69 -0
- data/lib/pangea/resources/aws_braket_job/types.rb +5 -260
- data/lib/pangea/resources/aws_braket_job_queue/types/cost_estimation.rb +64 -0
- data/lib/pangea/resources/aws_braket_job_queue/types/helpers.rb +100 -0
- data/lib/pangea/resources/aws_braket_job_queue/types/validators.rb +72 -0
- data/lib/pangea/resources/aws_braket_job_queue/types.rb +46 -206
- data/lib/pangea/resources/aws_braket_local_simulator/types/helpers.rb +143 -0
- data/lib/pangea/resources/aws_braket_local_simulator/types/validators.rb +91 -0
- data/lib/pangea/resources/aws_braket_local_simulator/types.rb +64 -263
- data/lib/pangea/resources/aws_budgets_budget/types/attributes.rb +68 -0
- data/lib/pangea/resources/aws_budgets_budget/types/enums.rb +60 -0
- data/lib/pangea/resources/aws_budgets_budget/types/helpers.rb +122 -0
- data/lib/pangea/resources/aws_budgets_budget/types/schemas.rb +175 -0
- data/lib/pangea/resources/aws_budgets_budget/types.rb +5 -319
- data/lib/pangea/resources/aws_budgets_budget_action/types/attributes.rb +104 -0
- data/lib/pangea/resources/aws_budgets_budget_action/types/definitions.rb +53 -0
- data/lib/pangea/resources/aws_budgets_budget_action/types.rb +6 -404
- data/lib/pangea/resources/aws_ce_cost_category/expression_builder.rb +84 -0
- data/lib/pangea/resources/aws_ce_cost_category/resource.rb +2 -54
- data/lib/pangea/resources/aws_ce_cost_category/types/attributes.rb +152 -0
- data/lib/pangea/resources/aws_ce_cost_category/types/expressions.rb +157 -0
- data/lib/pangea/resources/aws_ce_cost_category/types.rb +5 -386
- data/lib/pangea/resources/aws_cloudformation_stack/types/configs.rb +91 -0
- data/lib/pangea/resources/aws_cloudformation_stack/types/instance_methods.rb +79 -0
- data/lib/pangea/resources/aws_cloudformation_stack/types/validation.rb +88 -0
- data/lib/pangea/resources/aws_cloudformation_stack/types.rb +47 -206
- data/lib/pangea/resources/aws_cloudformation_stack_set/types/configs.rb +120 -0
- data/lib/pangea/resources/aws_cloudformation_stack_set/types/helpers.rb +89 -0
- data/lib/pangea/resources/aws_cloudformation_stack_set/types/validators.rb +120 -0
- data/lib/pangea/resources/aws_cloudformation_stack_set/types.rb +73 -283
- data/lib/pangea/resources/aws_cloudfront_distribution/builders/cache_behavior_builder.rb +86 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/builders/origin_builder.rb +81 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/builders/reference_builder.rb +62 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/builders/settings_builder.rb +81 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/resource.rb +23 -213
- data/lib/pangea/resources/aws_cloudfront_distribution/types/attributes.rb +47 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/types/instance_methods.rb +59 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/types/validation.rb +55 -0
- data/lib/pangea/resources/aws_cloudfront_distribution/types.rb +6 -402
- data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types/attributes.rb +153 -0
- data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types/configs.rb +81 -0
- data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types.rb +6 -373
- data/lib/pangea/resources/aws_cloudtrail/types/attributes.rb +92 -0
- data/lib/pangea/resources/aws_cloudtrail/types/configs.rb +87 -0
- data/lib/pangea/resources/aws_cloudtrail/types/selectors.rb +42 -0
- data/lib/pangea/resources/aws_cloudtrail/types.rb +9 -352
- data/lib/pangea/resources/aws_cloudwatch_dashboard/types/cloudwatch_dashboard_attributes.rb +158 -0
- data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_metric.rb +57 -0
- data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_widget.rb +83 -0
- data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_widget_properties.rb +75 -0
- data/lib/pangea/resources/aws_cloudwatch_dashboard/types.rb +6 -283
- data/lib/pangea/resources/aws_cloudwatch_event_target/resource.rb +51 -136
- data/lib/pangea/resources/aws_cloudwatch_event_target/target_builders.rb +97 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types/dead_letter_config.rb +36 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types/input_transformer.rb +40 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types/retry_policy.rb +40 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types/target_service_detection.rb +80 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types/validators.rb +66 -0
- data/lib/pangea/resources/aws_cloudwatch_event_target/types.rb +60 -144
- data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/instance_methods.rb +94 -0
- data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/metric_query.rb +71 -0
- data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/validation.rb +83 -0
- data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types.rb +36 -179
- data/lib/pangea/resources/aws_codeartifact_repository/types.rb +1 -1
- data/lib/pangea/resources/aws_codebuild_project/block_builders.rb +163 -0
- data/lib/pangea/resources/aws_codebuild_project/resource.rb +21 -154
- data/lib/pangea/resources/aws_codebuild_project/types/instance_methods.rb +74 -0
- data/lib/pangea/resources/aws_codebuild_project/types/schemas.rb +155 -0
- data/lib/pangea/resources/aws_codebuild_project/types/validation.rb +88 -0
- data/lib/pangea/resources/aws_codebuild_project/types.rb +58 -238
- data/lib/pangea/resources/aws_codecommit_repository/types.rb +2 -2
- data/lib/pangea/resources/aws_codedeploy_application/types.rb +1 -1
- data/lib/pangea/resources/aws_codedeploy_deployment_config/types.rb +1 -1
- data/lib/pangea/resources/aws_codedeploy_deployment_group/block_builders.rb +104 -0
- data/lib/pangea/resources/aws_codedeploy_deployment_group/resource.rb +5 -70
- data/lib/pangea/resources/aws_codedeploy_deployment_group/types/deployment.rb +65 -0
- data/lib/pangea/resources/aws_codedeploy_deployment_group/types/helpers.rb +85 -0
- data/lib/pangea/resources/aws_codedeploy_deployment_group/types/infrastructure.rb +78 -0
- data/lib/pangea/resources/aws_codedeploy_deployment_group/types/tag_filters.rb +43 -0
- data/lib/pangea/resources/aws_codedeploy_deployment_group/types.rb +55 -208
- data/lib/pangea/resources/aws_codepipeline/types/attributes.rb +130 -0
- data/lib/pangea/resources/aws_codepipeline/types/instance_methods.rb +85 -0
- data/lib/pangea/resources/aws_codepipeline/types/validation.rb +64 -0
- data/lib/pangea/resources/aws_codepipeline/types.rb +5 -194
- data/lib/pangea/resources/aws_codepipeline_webhook/types.rb +2 -2
- data/lib/pangea/resources/aws_cognito_identity_pool/types/attributes.rb +105 -0
- data/lib/pangea/resources/aws_cognito_identity_pool/types/providers.rb +38 -0
- data/lib/pangea/resources/aws_cognito_identity_pool/types/templates.rb +75 -0
- data/lib/pangea/resources/aws_cognito_identity_pool/types.rb +5 -340
- data/lib/pangea/resources/aws_cognito_identity_provider/types/attributes.rb +61 -0
- data/lib/pangea/resources/aws_cognito_identity_provider/types/templates.rb +69 -0
- data/lib/pangea/resources/aws_cognito_identity_provider/types/validation.rb +66 -0
- data/lib/pangea/resources/aws_cognito_identity_provider/types.rb +4 -476
- data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/authentication_config.rb +63 -0
- data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/messaging_config.rb +73 -0
- data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/mfa_config.rb +57 -0
- data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/schema_and_settings.rb +146 -0
- data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder.rb +42 -0
- data/lib/pangea/resources/aws_cognito_user_pool/resource.rb +49 -204
- data/lib/pangea/resources/aws_cognito_user_pool/types/attributes.rb +87 -0
- data/lib/pangea/resources/aws_cognito_user_pool/types/nested_types.rb +112 -0
- data/lib/pangea/resources/aws_cognito_user_pool/types/templates.rb +57 -0
- data/lib/pangea/resources/aws_cognito_user_pool/types.rb +8 -347
- data/lib/pangea/resources/aws_cognito_user_pool_client/types/attributes.rb +109 -0
- data/lib/pangea/resources/aws_cognito_user_pool_client/types/nested_types.rb +27 -0
- data/lib/pangea/resources/aws_cognito_user_pool_client/types/templates.rb +85 -0
- data/lib/pangea/resources/aws_cognito_user_pool_client/types.rb +8 -382
- data/lib/pangea/resources/aws_cognito_user_pool_domain/types/attributes.rb +124 -0
- data/lib/pangea/resources/aws_cognito_user_pool_domain/types/templates.rb +84 -0
- data/lib/pangea/resources/aws_cognito_user_pool_domain/types/validation.rb +73 -0
- data/lib/pangea/resources/aws_cognito_user_pool_domain/types.rb +4 -237
- data/lib/pangea/resources/aws_config_config_rule/types/cost_estimator.rb +77 -0
- data/lib/pangea/resources/aws_config_config_rule/types/validators.rb +94 -0
- data/lib/pangea/resources/aws_config_config_rule/types.rb +22 -150
- data/lib/pangea/resources/aws_config_remediation_configuration/types.rb +1 -1
- data/lib/pangea/resources/aws_customer_gateway/types.rb +1 -1
- data/lib/pangea/resources/aws_db_cluster_snapshot/types/configs.rb +117 -0
- data/lib/pangea/resources/aws_db_cluster_snapshot/types.rb +2 -96
- data/lib/pangea/resources/aws_db_instance/types/backup_attributes.rb +38 -0
- data/lib/pangea/resources/aws_db_instance/types/core_attributes.rb +60 -0
- data/lib/pangea/resources/aws_db_instance/types/engine_configs.rb +68 -0
- data/lib/pangea/resources/aws_db_instance/types/helpers.rb +92 -0
- data/lib/pangea/resources/aws_db_instance/types/monitoring_attributes.rb +38 -0
- data/lib/pangea/resources/aws_db_instance/types/network_attributes.rb +44 -0
- data/lib/pangea/resources/aws_db_instance/types/options_attributes.rb +44 -0
- data/lib/pangea/resources/aws_db_instance/types/storage_attributes.rb +44 -0
- data/lib/pangea/resources/aws_db_instance/types/validations.rb +85 -0
- data/lib/pangea/resources/aws_db_instance/types.rb +38 -228
- data/lib/pangea/resources/aws_db_parameter_group/types/db_parameter.rb +57 -0
- data/lib/pangea/resources/aws_db_parameter_group/types/db_parameter_configs.rb +82 -0
- data/lib/pangea/resources/aws_db_parameter_group/types/parameter_validators.rb +73 -0
- data/lib/pangea/resources/aws_db_parameter_group/types.rb +121 -259
- data/lib/pangea/resources/aws_db_snapshot/types.rb +1 -1
- data/lib/pangea/resources/aws_db_subnet_group/types.rb +1 -1
- data/lib/pangea/resources/aws_default_network_acl/types.rb +1 -1
- data/lib/pangea/resources/aws_default_route_table/types.rb +1 -1
- data/lib/pangea/resources/aws_default_security_group/types.rb +1 -1
- data/lib/pangea/resources/aws_default_vpc_dhcp_options/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_certificate/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_cluster/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_cluster_endpoint/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_cluster_instance/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_cluster_parameter_group/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_cluster_snapshot/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_event_subscription/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_global_cluster/types.rb +1 -1
- data/lib/pangea/resources/aws_docdb_subnet_group/types.rb +1 -1
- data/lib/pangea/resources/aws_dynamodb_global_table/types/configs.rb +105 -0
- data/lib/pangea/resources/aws_dynamodb_global_table/types/instance_methods.rb +68 -0
- data/lib/pangea/resources/aws_dynamodb_global_table/types.rb +87 -234
- data/lib/pangea/resources/aws_dynamodb_table/builders/config_builder.rb +153 -0
- data/lib/pangea/resources/aws_dynamodb_table/builders/index_builder.rb +62 -0
- data/lib/pangea/resources/aws_dynamodb_table/builders/reference_builder.rb +64 -0
- data/lib/pangea/resources/aws_dynamodb_table/builders/table_builder.rb +62 -0
- data/lib/pangea/resources/aws_dynamodb_table/resource.rb +8 -186
- data/lib/pangea/resources/aws_dynamodb_table/types/attributes.rb +150 -0
- data/lib/pangea/resources/aws_dynamodb_table/types/configs.rb +109 -0
- data/lib/pangea/resources/aws_dynamodb_table/types/instance_methods.rb +82 -0
- data/lib/pangea/resources/aws_dynamodb_table/types/validations.rb +131 -0
- data/lib/pangea/resources/aws_dynamodb_table/types.rb +5 -381
- data/lib/pangea/resources/aws_ebs_volume/types/attributes.rb +76 -0
- data/lib/pangea/resources/aws_ebs_volume/types/instance_methods.rb +121 -0
- data/lib/pangea/resources/aws_ebs_volume/types/validation.rb +114 -0
- data/lib/pangea/resources/aws_ebs_volume/types.rb +7 -228
- data/lib/pangea/resources/aws_ec2_ami_launch_permission/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_availability_zone_group/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_capacity_block_reservation/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_capacity_reservation/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_dedicated_host/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_fleet/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_host_resource_group_association/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_image_block_public_access/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_instance_metadata_defaults/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_serial_console_access/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_snapshot_block_public_access/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_spot_datafeed_subscription/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_spot_fleet_request/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_spot_instance_request/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_tag/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_domain/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_domain_association/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_group_member/types.rb +1 -1
- data/lib/pangea/resources/aws_ec2_transit_gateway_route/types/network_analysis.rb +91 -0
- data/lib/pangea/resources/aws_ec2_transit_gateway_route/types/security_analysis.rb +144 -0
- data/lib/pangea/resources/aws_ec2_transit_gateway_route/types.rb +41 -190
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/propagation_insights.rb +100 -0
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/security_concerns.rb +67 -0
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/troubleshooting_support.rb +68 -0
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types.rb +14 -169
- data/lib/pangea/resources/aws_ecr_lifecycle_policy/types/computed.rb +110 -0
- data/lib/pangea/resources/aws_ecr_lifecycle_policy/types/validation.rb +69 -0
- data/lib/pangea/resources/aws_ecr_lifecycle_policy/types.rb +42 -167
- data/lib/pangea/resources/aws_ecr_repository/types.rb +1 -1
- data/lib/pangea/resources/aws_ecs_capacity_provider/types.rb +1 -1
- data/lib/pangea/resources/aws_ecs_cluster/types.rb +1 -1
- data/lib/pangea/resources/aws_ecs_service/dsl_builders.rb +193 -0
- data/lib/pangea/resources/aws_ecs_service/reference_builder.rb +53 -0
- data/lib/pangea/resources/aws_ecs_service/resource.rb +21 -201
- data/lib/pangea/resources/aws_ecs_service/types/attributes.rb +56 -0
- data/lib/pangea/resources/aws_ecs_service/types/helpers.rb +34 -0
- data/lib/pangea/resources/aws_ecs_service/types/nested.rb +74 -0
- data/lib/pangea/resources/aws_ecs_service/types.rb +4 -324
- data/lib/pangea/resources/aws_ecs_task_definition/container_definitions.rb +191 -0
- data/lib/pangea/resources/aws_ecs_task_definition/resource.rb +107 -255
- data/lib/pangea/resources/aws_ecs_task_definition/types/container_definition.rb +121 -0
- data/lib/pangea/resources/aws_ecs_task_definition/types/task_definition.rb +100 -0
- data/lib/pangea/resources/aws_ecs_task_definition/types.rb +6 -427
- data/lib/pangea/resources/aws_ecs_task_definition/volumes.rb +105 -0
- data/lib/pangea/resources/aws_eip/types.rb +1 -1
- data/lib/pangea/resources/aws_eip_association/types.rb +1 -1
- data/lib/pangea/resources/aws_eks_access_entry/types.rb +1 -1
- data/lib/pangea/resources/aws_eks_node_group/builders/dsl_builder.rb +108 -0
- data/lib/pangea/resources/aws_eks_node_group/builders/reference_builder.rb +76 -0
- data/lib/pangea/resources/aws_eks_node_group/resource.rb +7 -114
- data/lib/pangea/resources/aws_eks_node_group/types/eks_node_group_attributes.rb +132 -0
- data/lib/pangea/resources/aws_eks_node_group/types/launch_template.rb +58 -0
- data/lib/pangea/resources/aws_eks_node_group/types/remote_access.rb +41 -0
- data/lib/pangea/resources/aws_eks_node_group/types/scaling_config.rb +62 -0
- data/lib/pangea/resources/aws_eks_node_group/types/taint.rb +43 -0
- data/lib/pangea/resources/aws_eks_node_group/types/update_config.rb +54 -0
- data/lib/pangea/resources/aws_eks_node_group/types.rb +8 -242
- data/lib/pangea/resources/aws_elasticache_cluster/types/configs.rb +69 -0
- data/lib/pangea/resources/aws_elasticache_cluster/types/helpers.rb +97 -0
- data/lib/pangea/resources/aws_elasticache_cluster/types/node_types.rb +51 -0
- data/lib/pangea/resources/aws_elasticache_cluster/types/validators.rb +114 -0
- data/lib/pangea/resources/aws_elasticache_cluster/types.rb +29 -196
- data/lib/pangea/resources/aws_elasticache_parameter_group/types/attributes.rb +132 -0
- data/lib/pangea/resources/aws_elasticache_parameter_group/types/configs.rb +102 -0
- data/lib/pangea/resources/aws_elasticache_parameter_group/types/parameter_helpers.rb +133 -0
- data/lib/pangea/resources/aws_elasticache_parameter_group/types.rb +4 -279
- data/lib/pangea/resources/aws_elasticache_subnet_group/types.rb +1 -1
- data/lib/pangea/resources/aws_elb_attachment/types.rb +1 -1
- data/lib/pangea/resources/aws_elb_service_account/types.rb +1 -1
- data/lib/pangea/resources/aws_elemental_data_plane_channel/types.rb +2 -2
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/auto_scaling.rb +93 -0
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/cluster_settings.rb +106 -0
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/configurations.rb +75 -0
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/ec2_attributes.rb +56 -0
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/instance_groups.rb +101 -0
- data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder.rb +44 -0
- data/lib/pangea/resources/aws_emr_cluster/resource.rb +63 -279
- data/lib/pangea/resources/aws_emr_cluster/types/attributes.rb +97 -0
- data/lib/pangea/resources/aws_emr_cluster/types/class_methods.rb +114 -0
- data/lib/pangea/resources/aws_emr_cluster/types/instance_methods.rb +113 -0
- data/lib/pangea/resources/aws_emr_cluster/types/validation.rb +51 -0
- data/lib/pangea/resources/aws_emr_cluster/types.rb +5 -480
- data/lib/pangea/resources/aws_emr_instance_group/types/attributes.rb +90 -0
- data/lib/pangea/resources/aws_emr_instance_group/types/configs.rb +63 -0
- data/lib/pangea/resources/aws_emr_instance_group/types.rb +6 -408
- data/lib/pangea/resources/aws_emr_step/types/attributes.rb +92 -0
- data/lib/pangea/resources/aws_emr_step/types/step_builders.rb +90 -0
- data/lib/pangea/resources/aws_emr_step/types.rb +6 -377
- data/lib/pangea/resources/aws_eventbridge_bus/types.rb +1 -1
- data/lib/pangea/resources/aws_eventbridge_rule/types/attributes.rb +80 -0
- data/lib/pangea/resources/aws_eventbridge_rule/types/helpers.rb +101 -0
- data/lib/pangea/resources/aws_eventbridge_rule/types/templates.rb +131 -0
- data/lib/pangea/resources/aws_eventbridge_rule/types/validators.rb +87 -0
- data/lib/pangea/resources/aws_eventbridge_rule/types.rb +5 -313
- data/lib/pangea/resources/aws_eventbridge_target/batch_target_builder.rb +48 -0
- data/lib/pangea/resources/aws_eventbridge_target/ecs_target_builder.rb +101 -0
- data/lib/pangea/resources/aws_eventbridge_target/resource.rb +4 -76
- data/lib/pangea/resources/aws_eventbridge_target/types/attributes.rb +115 -0
- data/lib/pangea/resources/aws_eventbridge_target/types/configs.rb +75 -0
- data/lib/pangea/resources/aws_eventbridge_target/types/parameters.rb +58 -0
- data/lib/pangea/resources/aws_eventbridge_target/types.rb +4 -466
- data/lib/pangea/resources/aws_fsx_lustre_filesystem/types/helpers.rb +101 -0
- data/lib/pangea/resources/aws_fsx_lustre_filesystem/types.rb +61 -164
- data/lib/pangea/resources/aws_glue_catalog_table/types/format_helpers.rb +80 -0
- data/lib/pangea/resources/aws_glue_catalog_table/types/storage_descriptor.rb +60 -0
- data/lib/pangea/resources/aws_glue_catalog_table/types/table_helpers.rb +95 -0
- data/lib/pangea/resources/aws_glue_catalog_table/types/validators.rb +72 -0
- data/lib/pangea/resources/aws_glue_catalog_table/types.rb +55 -248
- data/lib/pangea/resources/aws_glue_job/types/attributes.rb +99 -0
- data/lib/pangea/resources/aws_glue_job/types/class_methods.rb +86 -0
- data/lib/pangea/resources/aws_glue_job/types/instance_methods.rb +97 -0
- data/lib/pangea/resources/aws_glue_job/types/validation.rb +68 -0
- data/lib/pangea/resources/aws_glue_job/types.rb +5 -268
- data/lib/pangea/resources/aws_glue_trigger/types/attributes.rb +91 -0
- data/lib/pangea/resources/aws_glue_trigger/types/helpers/class_methods.rb +109 -0
- data/lib/pangea/resources/aws_glue_trigger/types/helpers/instance_methods.rb +140 -0
- data/lib/pangea/resources/aws_glue_trigger/types/helpers.rb +35 -0
- data/lib/pangea/resources/aws_glue_trigger/types/validation.rb +97 -0
- data/lib/pangea/resources/aws_glue_trigger/types.rb +9 -306
- data/lib/pangea/resources/aws_ground_station/config.rb +145 -0
- data/lib/pangea/resources/aws_ground_station/contact.rb +48 -0
- data/lib/pangea/resources/aws_ground_station/dataflow_endpoint_group.rb +46 -0
- data/lib/pangea/resources/aws_ground_station/mission_profile.rb +50 -0
- data/lib/pangea/resources/aws_ground_station.rb +15 -362
- data/lib/pangea/resources/aws_iam_group/types/access_patterns.rb +82 -0
- data/lib/pangea/resources/aws_iam_group/types/attributes.rb +97 -0
- data/lib/pangea/resources/aws_iam_group/types/group_classification.rb +132 -0
- data/lib/pangea/resources/aws_iam_group/types/patterns.rb +96 -0
- data/lib/pangea/resources/aws_iam_group/types.rb +10 -394
- data/lib/pangea/resources/aws_iam_policy/types/attributes.rb +117 -0
- data/lib/pangea/resources/aws_iam_policy/types/templates.rb +56 -0
- data/lib/pangea/resources/aws_iam_policy/types.rb +7 -346
- data/lib/pangea/resources/aws_iam_role/types/trust_policies.rb +90 -0
- data/lib/pangea/resources/aws_iam_role/types.rb +103 -174
- data/lib/pangea/resources/aws_iam_role_policy_attachment/types/attachment_patterns.rb +75 -0
- data/lib/pangea/resources/aws_iam_role_policy_attachment/types/aws_managed_policies.rb +93 -0
- data/lib/pangea/resources/aws_iam_role_policy_attachment/types.rb +101 -222
- data/lib/pangea/resources/aws_iam_user/types/attributes.rb +45 -0
- data/lib/pangea/resources/aws_iam_user/types/helpers.rb +123 -0
- data/lib/pangea/resources/aws_iam_user/types/templates.rb +147 -0
- data/lib/pangea/resources/aws_iam_user/types/validators.rb +68 -0
- data/lib/pangea/resources/aws_iam_user/types.rb +5 -323
- data/lib/pangea/resources/aws_instance/types.rb +1 -1
- data/lib/pangea/resources/aws_internet_gateway/resource.rb +3 -9
- data/lib/pangea/resources/aws_iot_analytics_channel/types.rb +1 -1
- data/lib/pangea/resources/aws_iot_analytics_datastore/types.rb +1 -1
- data/lib/pangea/resources/aws_iot_certificate/types/helpers.rb +164 -0
- data/lib/pangea/resources/aws_iot_certificate/types/validators.rb +84 -0
- data/lib/pangea/resources/aws_iot_certificate/types.rb +46 -208
- data/lib/pangea/resources/aws_iot_device_defender_security_profile/types.rb +3 -3
- data/lib/pangea/resources/aws_iot_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_iot_security_profile/types.rb +2 -2
- data/lib/pangea/resources/aws_iot_thing_type/types/analysis.rb +107 -0
- data/lib/pangea/resources/aws_iot_thing_type/types/properties.rb +64 -0
- data/lib/pangea/resources/aws_iot_thing_type/types/recommendations.rb +65 -0
- data/lib/pangea/resources/aws_iot_thing_type/types/templates.rb +69 -0
- data/lib/pangea/resources/aws_iot_thing_type/types.rb +35 -215
- data/lib/pangea/resources/aws_iot_topic_rule/types.rb +2 -2
- data/lib/pangea/resources/aws_iot_topic_rule_destination/types.rb +1 -1
- data/lib/pangea/resources/aws_iotanalytics_dataset/builders/action_builder.rb +76 -0
- data/lib/pangea/resources/aws_iotanalytics_dataset/resource.rb +2 -41
- data/lib/pangea/resources/aws_iotanalytics_dataset/types/action.rb +91 -0
- data/lib/pangea/resources/aws_iotanalytics_dataset/types/attributes.rb +81 -0
- data/lib/pangea/resources/aws_iotanalytics_dataset/types/content_delivery_rule.rb +67 -0
- data/lib/pangea/resources/aws_iotanalytics_dataset/types/trigger.rb +49 -0
- data/lib/pangea/resources/aws_iotanalytics_dataset/types.rb +6 -202
- data/lib/pangea/resources/aws_key_pair/types.rb +1 -1
- data/lib/pangea/resources/aws_kinesis_analytics_application/builders/application_code_builder.rb +62 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/builders/flink_builder.rb +76 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/builders/sql_builder.rb +197 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/resource.rb +67 -243
- data/lib/pangea/resources/aws_kinesis_analytics_application/types/computed.rb +131 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/types/configs.rb +86 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/types/sql_configs.rb +113 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/types/validation.rb +109 -0
- data/lib/pangea/resources/aws_kinesis_analytics_application/types.rb +25 -280
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/destination_builders.rb +108 -0
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/resource.rb +20 -210
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/s3_builders.rb +127 -0
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types/computed_properties.rb +65 -0
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types/validation.rb +73 -0
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types.rb +121 -242
- data/lib/pangea/resources/aws_kinesis_stream/types.rb +1 -1
- data/lib/pangea/resources/aws_kinesis_video_stream/types/kms_validation.rb +52 -0
- data/lib/pangea/resources/aws_kinesis_video_stream/types/media_type_helpers.rb +58 -0
- data/lib/pangea/resources/aws_kinesis_video_stream/types/storage_estimation.rb +75 -0
- data/lib/pangea/resources/aws_kinesis_video_stream/types.rb +60 -161
- data/lib/pangea/resources/aws_lambda_function/block_builders.rb +112 -0
- data/lib/pangea/resources/aws_lambda_function/resource.rb +13 -78
- data/lib/pangea/resources/aws_lambda_function/types/helpers.rb +58 -0
- data/lib/pangea/resources/aws_lambda_function/types/validators.rb +99 -0
- data/lib/pangea/resources/aws_lambda_function/types.rb +16 -156
- data/lib/pangea/resources/aws_launch_configuration/types.rb +1 -1
- data/lib/pangea/resources/aws_launch_template/types/block_device_mapping.rb +57 -0
- data/lib/pangea/resources/aws_launch_template/types/iam_instance_profile.rb +48 -0
- data/lib/pangea/resources/aws_launch_template/types/network_interface.rb +43 -0
- data/lib/pangea/resources/aws_launch_template/types/tag_specification.rb +43 -0
- data/lib/pangea/resources/aws_launch_template/types.rb +25 -111
- data/lib/pangea/resources/aws_lb/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_cookie_stickiness_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_listener/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_listener_rule/action_builders.rb +123 -0
- data/lib/pangea/resources/aws_lb_listener_rule/resource.rb +3 -88
- data/lib/pangea/resources/aws_lb_listener_rule/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_ssl_negotiation_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_target_group_attachment/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_trust_store/types.rb +1 -1
- data/lib/pangea/resources/aws_lb_trust_store_revocation/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_association/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_grant/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_grant_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_license_configuration/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_license_grant_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_licensemanager_report_generator/types.rb +2 -2
- data/lib/pangea/resources/aws_licensemanager_token/types.rb +2 -2
- data/lib/pangea/resources/aws_lightsail/compute.rb +83 -0
- data/lib/pangea/resources/aws_lightsail/database.rb +66 -0
- data/lib/pangea/resources/aws_lightsail/load_balancer.rb +68 -0
- data/lib/pangea/resources/aws_lightsail/networking.rb +118 -0
- data/lib/pangea/resources/aws_lightsail/storage.rb +101 -0
- data/lib/pangea/resources/aws_lightsail.rb +20 -499
- data/lib/pangea/resources/aws_load_balancer_backend_server_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_load_balancer_listener_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_load_balancer_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_local_zones/data_sources.rb +133 -0
- data/lib/pangea/resources/aws_local_zones/resources.rb +90 -0
- data/lib/pangea/resources/aws_local_zones.rb +9 -207
- data/lib/pangea/resources/aws_managedblockchain_accessor/types/blockchain_helpers.rb +76 -0
- data/lib/pangea/resources/aws_managedblockchain_accessor/types/cost_helpers.rb +68 -0
- data/lib/pangea/resources/aws_managedblockchain_accessor/types/network_helpers.rb +95 -0
- data/lib/pangea/resources/aws_managedblockchain_accessor/types.rb +58 -218
- data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types/attributes.rb +84 -0
- data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types/helpers.rb +97 -0
- data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types.rb +4 -346
- data/lib/pangea/resources/aws_managedblockchain_member/types/instance_methods.rb +102 -0
- data/lib/pangea/resources/aws_managedblockchain_member/types/validation.rb +80 -0
- data/lib/pangea/resources/aws_managedblockchain_member/types.rb +49 -189
- data/lib/pangea/resources/aws_managedblockchain_network/types/helpers.rb +107 -0
- data/lib/pangea/resources/aws_managedblockchain_network/types/validation.rb +91 -0
- data/lib/pangea/resources/aws_managedblockchain_network/types.rb +73 -223
- data/lib/pangea/resources/aws_managedblockchain_node/types/attributes.rb +87 -0
- data/lib/pangea/resources/aws_managedblockchain_node/types/cost_and_specs.rb +75 -0
- data/lib/pangea/resources/aws_managedblockchain_node/types/instance_methods.rb +96 -0
- data/lib/pangea/resources/aws_managedblockchain_node/types/validation.rb +56 -0
- data/lib/pangea/resources/aws_managedblockchain_node/types.rb +5 -235
- data/lib/pangea/resources/aws_media_convert_queue/types.rb +2 -2
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/configurations.rb +74 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/destinations.rb +67 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/audio_descriptions.rb +101 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/output_groups.rb +163 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/video_descriptions.rb +86 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings.rb +52 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/input_attachments.rb +131 -0
- data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder.rb +42 -0
- data/lib/pangea/resources/aws_media_live_channel/resource.rb +22 -527
- data/lib/pangea/resources/aws_media_live_channel/types/audio_codec_settings.rb +103 -0
- data/lib/pangea/resources/aws_media_live_channel/types/caption_settings.rb +112 -0
- data/lib/pangea/resources/aws_media_live_channel/types/channel_config.rb +77 -0
- data/lib/pangea/resources/aws_media_live_channel/types/encoder_config.rb +108 -0
- data/lib/pangea/resources/aws_media_live_channel/types/helpers.rb +58 -0
- data/lib/pangea/resources/aws_media_live_channel/types/hls_group_settings.rb +113 -0
- data/lib/pangea/resources/aws_media_live_channel/types/input_settings.rb +106 -0
- data/lib/pangea/resources/aws_media_live_channel/types/output_group_settings.rb +102 -0
- data/lib/pangea/resources/aws_media_live_channel/types/output_groups.rb +43 -0
- data/lib/pangea/resources/aws_media_live_channel/types/output_settings.rb +153 -0
- data/lib/pangea/resources/aws_media_live_channel/types/schedule_settings.rb +191 -0
- data/lib/pangea/resources/aws_media_live_channel/types/video_codec_h265_mpeg2.rb +111 -0
- data/lib/pangea/resources/aws_media_live_channel/types/video_codec_settings.rb +89 -0
- data/lib/pangea/resources/aws_media_live_channel/types.rb +98 -961
- data/lib/pangea/resources/aws_media_live_input/types/helpers.rb +100 -0
- data/lib/pangea/resources/aws_media_live_input/types/validation.rb +86 -0
- data/lib/pangea/resources/aws_media_live_input/types.rb +92 -218
- data/lib/pangea/resources/aws_media_package_channel/types.rb +2 -2
- data/lib/pangea/resources/aws_media_package_origin_endpoint/types.rb +7 -7
- data/lib/pangea/resources/aws_media_store_container/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_acl/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_cluster/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_cluster_endpoint/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_multi_region_cluster/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_parameter_group/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_snapshot/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_subnet_group/types.rb +1 -1
- data/lib/pangea/resources/aws_memorydb_user/types.rb +2 -2
- data/lib/pangea/resources/aws_minimal/requires/compute_network_resources.rb +77 -0
- data/lib/pangea/resources/aws_minimal/requires/database_resources.rb +76 -0
- data/lib/pangea/resources/aws_minimal/requires/extended_services.rb +74 -0
- data/lib/pangea/resources/aws_minimal/requires/service_modules.rb +60 -0
- data/lib/pangea/resources/aws_minimal.rb +13 -228
- data/lib/pangea/resources/aws_neptune_cluster/types.rb +2 -2
- data/lib/pangea/resources/aws_neptune_cluster_endpoint/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_cluster_instance/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_cluster_parameter_group/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_cluster_snapshot/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_event_subscription/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_parameter_group/types.rb +1 -1
- data/lib/pangea/resources/aws_neptune_subnet_group/types.rb +1 -1
- data/lib/pangea/resources/aws_network_acl/types.rb +1 -1
- data/lib/pangea/resources/aws_network_acl_rule/types.rb +1 -1
- data/lib/pangea/resources/aws_network_interface/types.rb +2 -2
- data/lib/pangea/resources/aws_organizations_organization/types.rb +2 -2
- data/lib/pangea/resources/aws_outposts/outpost.rb +64 -0
- data/lib/pangea/resources/aws_outposts/resources.rb +173 -0
- data/lib/pangea/resources/aws_outposts/site.rb +75 -0
- data/lib/pangea/resources/aws_outposts.rb +10 -343
- data/lib/pangea/resources/aws_placement_group/types.rb +1 -1
- data/lib/pangea/resources/aws_proxy_protocol_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_qldb_stream/types/stream_helpers.rb +134 -0
- data/lib/pangea/resources/aws_qldb_stream/types.rb +66 -172
- data/lib/pangea/resources/aws_ram_invitation_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_managed_permission/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_permission/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_permission_association/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_principal_association/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_resource_association/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_resource_share/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_resource_share_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_resource_share_invitation/types.rb +1 -1
- data/lib/pangea/resources/aws_ram_sharing_with_organization/types.rb +1 -1
- data/lib/pangea/resources/aws_rds_cluster/types/attributes.rb +84 -0
- data/lib/pangea/resources/aws_rds_cluster/types/configs.rb +44 -0
- data/lib/pangea/resources/aws_rds_cluster/types/nested_types.rb +45 -0
- data/lib/pangea/resources/aws_rds_cluster/types/validation.rb +26 -0
- data/lib/pangea/resources/aws_rds_cluster/types.rb +5 -460
- data/lib/pangea/resources/aws_rds_cluster_endpoint/types/configs.rb +97 -0
- data/lib/pangea/resources/aws_rds_cluster_endpoint/types/members.rb +36 -0
- data/lib/pangea/resources/aws_rds_cluster_endpoint/types.rb +104 -193
- data/lib/pangea/resources/aws_rds_cluster_instance/types/attributes.rb +59 -0
- data/lib/pangea/resources/aws_rds_cluster_instance/types/configs.rb +58 -0
- data/lib/pangea/resources/aws_rds_cluster_instance/types/instance_methods.rb +106 -0
- data/lib/pangea/resources/aws_rds_cluster_instance/types.rb +6 -425
- data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/attributes.rb +101 -0
- data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/configs.rb +102 -0
- data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/parameter.rb +36 -0
- data/lib/pangea/resources/aws_rds_cluster_parameter_group/types.rb +8 -349
- data/lib/pangea/resources/aws_rds_global_cluster/types/attributes.rb +90 -0
- data/lib/pangea/resources/aws_rds_global_cluster/types/backup_config.rb +52 -0
- data/lib/pangea/resources/aws_rds_global_cluster/types/configs.rb +47 -0
- data/lib/pangea/resources/aws_rds_global_cluster/types.rb +8 -413
- data/lib/pangea/resources/aws_rds_proxy/types/attributes.rb +73 -0
- data/lib/pangea/resources/aws_rds_proxy/types/configs.rb +43 -0
- data/lib/pangea/resources/aws_rds_proxy/types/nested_types.rb +61 -0
- data/lib/pangea/resources/aws_rds_proxy/types.rb +9 -398
- data/lib/pangea/resources/aws_redshift_cluster/types/capacity_calculator.rb +88 -0
- data/lib/pangea/resources/aws_redshift_cluster/types/cost_estimator.rb +66 -0
- data/lib/pangea/resources/aws_redshift_cluster/types/feature_checks.rb +46 -0
- data/lib/pangea/resources/aws_redshift_cluster/types/validators.rb +73 -0
- data/lib/pangea/resources/aws_redshift_cluster/types/workload_parameters.rb +67 -0
- data/lib/pangea/resources/aws_redshift_cluster/types.rb +114 -284
- data/lib/pangea/resources/aws_redshift_parameter_group/types/class_methods.rb +114 -0
- data/lib/pangea/resources/aws_redshift_parameter_group/types/instance_methods.rb +88 -0
- data/lib/pangea/resources/aws_redshift_parameter_group/types/validation.rb +53 -0
- data/lib/pangea/resources/aws_redshift_parameter_group/types.rb +35 -188
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/attributes.rb +46 -0
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/instance_methods.rb +92 -0
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/templates.rb +53 -0
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/validation.rb +71 -0
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/types.rb +7 -205
- data/lib/pangea/resources/aws_resources/analytics.rb +22 -0
- data/lib/pangea/resources/aws_resources/compute.rb +31 -0
- data/lib/pangea/resources/aws_resources/core.rb +35 -0
- data/lib/pangea/resources/aws_resources/database.rb +27 -0
- data/lib/pangea/resources/aws_resources/devops.rb +19 -0
- data/lib/pangea/resources/aws_resources/governance.rb +20 -0
- data/lib/pangea/resources/aws_resources/integration.rb +24 -0
- data/lib/pangea/resources/aws_resources/management.rb +33 -0
- data/lib/pangea/resources/aws_resources/ml.rb +15 -0
- data/lib/pangea/resources/aws_resources/security.rb +30 -0
- data/lib/pangea/resources/aws_resources/specialty.rb +67 -0
- data/lib/pangea/resources/aws_resources/storage.rb +23 -0
- data/lib/pangea/resources/aws_resources.rb +15 -338
- data/lib/pangea/resources/aws_route/types.rb +1 -1
- data/lib/pangea/resources/aws_route53_delegation_set/types.rb +1 -1
- data/lib/pangea/resources/aws_route53_health_check/types/attributes.rb +193 -0
- data/lib/pangea/resources/aws_route53_health_check/types/configs.rb +84 -0
- data/lib/pangea/resources/aws_route53_health_check/types.rb +6 -375
- data/lib/pangea/resources/aws_route53_query_log/types.rb +1 -1
- data/lib/pangea/resources/aws_route53_record/types/attributes.rb +149 -0
- data/lib/pangea/resources/aws_route53_record/types/configs.rb +124 -0
- data/lib/pangea/resources/aws_route53_record/types/instance_methods.rb +80 -0
- data/lib/pangea/resources/aws_route53_record/types/validation.rb +82 -0
- data/lib/pangea/resources/aws_route53_record/types.rb +6 -383
- data/lib/pangea/resources/aws_route53_zone/types/attributes.rb +85 -0
- data/lib/pangea/resources/aws_route53_zone/types/configs.rb +73 -0
- data/lib/pangea/resources/aws_route53_zone/types/instance_methods.rb +90 -0
- data/lib/pangea/resources/aws_route53_zone/types/validation.rb +42 -0
- data/lib/pangea/resources/aws_route53_zone/types.rb +5 -234
- data/lib/pangea/resources/aws_s3_access_point/types.rb +1 -1
- data/lib/pangea/resources/aws_s3_bucket/builders/configuration_builder.rb +105 -0
- data/lib/pangea/resources/aws_s3_bucket/builders/lifecycle_builder.rb +101 -0
- data/lib/pangea/resources/aws_s3_bucket/resource.rb +56 -175
- data/lib/pangea/resources/aws_s3_bucket/types/cors_rule.rb +37 -0
- data/lib/pangea/resources/aws_s3_bucket/types/lifecycle_rule.rb +57 -0
- data/lib/pangea/resources/aws_s3_bucket/types/server_side_encryption.rb +51 -0
- data/lib/pangea/resources/aws_s3_bucket/types.rb +130 -162
- data/lib/pangea/resources/aws_s3_bucket_inventory/types/helpers.rb +113 -0
- data/lib/pangea/resources/aws_s3_bucket_inventory/types.rb +3 -99
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/attributes.rb +55 -0
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/expiration.rb +39 -0
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/filter.rb +54 -0
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/rule.rb +49 -0
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/transition.rb +51 -0
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types.rb +14 -202
- data/lib/pangea/resources/aws_s3_bucket_notification/types/helpers.rb +76 -0
- data/lib/pangea/resources/aws_s3_bucket_notification/types/notification_config.rb +74 -0
- data/lib/pangea/resources/aws_s3_bucket_notification/types/s3_events.rb +54 -0
- data/lib/pangea/resources/aws_s3_bucket_notification/types/validators.rb +64 -0
- data/lib/pangea/resources/aws_s3_bucket_notification/types.rb +26 -188
- data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types/instance_methods.rb +130 -0
- data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types/validation.rb +75 -0
- data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types.rb +39 -202
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/destination.rb +84 -0
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/filter.rb +47 -0
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/helpers.rb +108 -0
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/rule.rb +78 -0
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/validators.rb +117 -0
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types.rb +22 -272
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/attributes.rb +57 -0
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/documents.rb +61 -0
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/redirect.rb +41 -0
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/routing_rules.rb +99 -0
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/types.rb +7 -385
- data/lib/pangea/resources/aws_s3_multi_region_access_point/types.rb +1 -1
- data/lib/pangea/resources/aws_s3_object/types/attributes.rb +112 -0
- data/lib/pangea/resources/aws_s3_object/types/instance_methods.rb +112 -0
- data/lib/pangea/resources/aws_s3_object/types/validation.rb +57 -0
- data/lib/pangea/resources/aws_s3_object/types.rb +4 -198
- data/lib/pangea/resources/aws_sagemaker_domain/types/app_settings_types.rb +91 -0
- data/lib/pangea/resources/aws_sagemaker_domain/types/base_types.rb +70 -0
- data/lib/pangea/resources/aws_sagemaker_domain/types/user_settings_types.rb +45 -0
- data/lib/pangea/resources/aws_sagemaker_domain/types.rb +80 -207
- data/lib/pangea/resources/aws_sagemaker_endpoint/reference_attributes.rb +119 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint/resource.rb +2 -80
- data/lib/pangea/resources/aws_sagemaker_endpoint/types/computed_properties.rb +100 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint/types/deployment_analysis.rb +108 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint/types/deployment_config.rb +54 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint/types.rb +62 -235
- data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/reference_attributes.rb +130 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/resource.rb +5 -45
- data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types/attributes.rb +155 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types/variant_types.rb +73 -0
- data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types.rb +8 -347
- data/lib/pangea/resources/aws_sagemaker_model/types/attributes.rb +62 -0
- data/lib/pangea/resources/aws_sagemaker_model/types/helpers.rb +73 -0
- data/lib/pangea/resources/aws_sagemaker_model/types/validators.rb +70 -0
- data/lib/pangea/resources/aws_sagemaker_model/types.rb +4 -327
- data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/helpers.rb +73 -0
- data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/pricing.rb +118 -0
- data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/security.rb +81 -0
- data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/validators.rb +97 -0
- data/lib/pangea/resources/aws_sagemaker_notebook_instance/types.rb +29 -240
- data/lib/pangea/resources/aws_sagemaker_training_job/types/attributes.rb +86 -0
- data/lib/pangea/resources/aws_sagemaker_training_job/types/configs.rb +38 -0
- data/lib/pangea/resources/aws_sagemaker_training_job/types/enums.rb +27 -0
- data/lib/pangea/resources/aws_sagemaker_training_job/types/validation.rb +70 -0
- data/lib/pangea/resources/aws_sagemaker_training_job/types.rb +5 -466
- data/lib/pangea/resources/aws_sagemaker_user_profile/types/attributes.rb +68 -0
- data/lib/pangea/resources/aws_sagemaker_user_profile/types/helpers.rb +67 -0
- data/lib/pangea/resources/aws_sagemaker_user_profile/types/validators.rb +60 -0
- data/lib/pangea/resources/aws_sagemaker_user_profile/types.rb +4 -327
- data/lib/pangea/resources/aws_security_group/types.rb +3 -3
- data/lib/pangea/resources/aws_sfn_state_machine/types/attributes.rb +51 -0
- data/lib/pangea/resources/aws_sfn_state_machine/types/builders.rb +88 -0
- data/lib/pangea/resources/aws_sfn_state_machine/types/validators.rb +86 -0
- data/lib/pangea/resources/aws_sfn_state_machine/types.rb +5 -344
- data/lib/pangea/resources/aws_snow_family/datasync.rb +124 -0
- data/lib/pangea/resources/aws_snow_family/snowball.rb +95 -0
- data/lib/pangea/resources/aws_snow_family/snowcone.rb +82 -0
- data/lib/pangea/resources/aws_snow_family/snowmobile.rb +51 -0
- data/lib/pangea/resources/aws_snow_family.rb +10 -392
- data/lib/pangea/resources/aws_sns_subscription/types/helpers.rb +73 -0
- data/lib/pangea/resources/aws_sns_subscription/types/validators.rb +144 -0
- data/lib/pangea/resources/aws_sns_subscription/types.rb +28 -191
- data/lib/pangea/resources/aws_sns_topic/types.rb +1 -1
- data/lib/pangea/resources/aws_sqs_queue/types.rb +1 -1
- data/lib/pangea/resources/aws_ssm_document/types/attributes.rb +101 -0
- data/lib/pangea/resources/aws_ssm_document/types/configs.rb +56 -0
- data/lib/pangea/resources/aws_ssm_document/types.rb +6 -405
- data/lib/pangea/resources/aws_ssm_maintenance_window/types/attributes.rb +188 -0
- data/lib/pangea/resources/aws_ssm_maintenance_window/types/configs.rb +88 -0
- data/lib/pangea/resources/aws_ssm_maintenance_window/types.rb +6 -362
- data/lib/pangea/resources/aws_ssm_parameter/types/configs.rb +118 -0
- data/lib/pangea/resources/aws_ssm_parameter/types/helpers.rb +101 -0
- data/lib/pangea/resources/aws_ssm_parameter/types/validation.rb +83 -0
- data/lib/pangea/resources/aws_ssm_parameter/types.rb +32 -250
- data/lib/pangea/resources/aws_ssm_patch_baseline/types/attributes.rb +75 -0
- data/lib/pangea/resources/aws_ssm_patch_baseline/types/configs.rb +94 -0
- data/lib/pangea/resources/aws_ssm_patch_baseline/types/instance_methods.rb +97 -0
- data/lib/pangea/resources/aws_ssm_patch_baseline/types/validation.rb +99 -0
- data/lib/pangea/resources/aws_ssm_patch_baseline/types.rb +7 -428
- data/lib/pangea/resources/aws_subnet/resource.rb +7 -13
- data/lib/pangea/resources/aws_subnet/types.rb +1 -1
- data/lib/pangea/resources/aws_timestream_access_policy/types.rb +1 -1
- data/lib/pangea/resources/aws_timestream_batch_load_task/types.rb +4 -4
- data/lib/pangea/resources/aws_timestream_database/types.rb +1 -1
- data/lib/pangea/resources/aws_timestream_influx_db_instance/types.rb +1 -1
- data/lib/pangea/resources/aws_timestream_scheduled_query/types.rb +5 -5
- data/lib/pangea/resources/aws_timestream_table/types.rb +4 -4
- data/lib/pangea/resources/aws_timestream_table_retention_properties/types.rb +1 -1
- data/lib/pangea/resources/aws_volume_attachment/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_dhcp_options_association/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_connection_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_connection_notification/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_route_table_association/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_service/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_service_allowed_principal/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_endpoint_subnet_association/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_network_performance_metric_subscription/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_peering_connection/types.rb +3 -3
- data/lib/pangea/resources/aws_vpc_peering_connection_accepter/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_peering_connection_options/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_security_group_egress_rule/types.rb +1 -1
- data/lib/pangea/resources/aws_vpc_security_group_ingress_rule/types.rb +1 -1
- data/lib/pangea/resources/aws_vpn_connection/types.rb +1 -1
- data/lib/pangea/resources/aws_vpn_gateway/types.rb +1 -1
- data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types/configs.rb +116 -0
- data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types/helpers.rb +106 -0
- data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types.rb +66 -226
- data/lib/pangea/resources/aws_wafv2_rule_group/resource/actions.rb +83 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/resource/dsl_builder.rb +107 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/resource/field_to_match.rb +45 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/resource/statements.rb +137 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/resource.rb +127 -379
- data/lib/pangea/resources/aws_wafv2_rule_group/types/actions.rb +78 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/types/computed.rb +65 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/types/rule_schema.rb +53 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/types/schemas.rb +74 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/types/validators.rb +121 -0
- data/lib/pangea/resources/aws_wafv2_rule_group/types.rb +14 -231
- data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/default_action.rb +60 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/field_to_match.rb +65 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/rules.rb +89 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/statements.rb +166 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder.rb +42 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/resource.rb +48 -450
- data/lib/pangea/resources/aws_wafv2_web_acl/types/default_action.rb +57 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types/rule.rb +60 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types/rule_action.rb +76 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types/statement.rb +176 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types/visibility_config.rb +35 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types/web_acl_attributes.rb +158 -0
- data/lib/pangea/resources/aws_wafv2_web_acl/types.rb +8 -526
- data/lib/pangea/resources/aws_wavelength/application_deployment.rb +78 -0
- data/lib/pangea/resources/aws_wavelength/carrier_gateway.rb +62 -0
- data/lib/pangea/resources/aws_wavelength/deployment.rb +68 -0
- data/lib/pangea/resources/aws_wavelength/edge_location.rb +66 -0
- data/lib/pangea/resources/aws_wavelength/network_interface.rb +77 -0
- data/lib/pangea/resources/aws_wavelength/workload.rb +74 -0
- data/lib/pangea/resources/aws_wavelength.rb +11 -307
- data/lib/pangea/resources/aws_workspaces_bundle/types/compute.rb +70 -0
- data/lib/pangea/resources/aws_workspaces_bundle/types/storage.rb +71 -0
- data/lib/pangea/resources/aws_workspaces_bundle/types.rb +40 -165
- data/lib/pangea/resources/aws_workspaces_directory/types/self_service_permissions_type.rb +54 -0
- data/lib/pangea/resources/aws_workspaces_directory/types/workspace_access_properties_type.rb +68 -0
- data/lib/pangea/resources/aws_workspaces_directory/types/workspace_creation_properties_type.rb +61 -0
- data/lib/pangea/resources/aws_workspaces_directory/types.rb +13 -168
- data/lib/pangea/resources/builders/output_builder.rb +158 -0
- data/lib/pangea/resources/cloudflare_access_rule/resource.rb +71 -0
- data/lib/pangea/resources/cloudflare_access_rule/types.rb +93 -0
- data/lib/pangea/resources/cloudflare_account/resource.rb +28 -0
- data/lib/pangea/resources/cloudflare_account/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_account_dns_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_account_dns_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_account_dns_settings_internal_view/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_account_dns_settings_internal_view/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_account_member/resource.rb +29 -0
- data/lib/pangea/resources/cloudflare_account_member/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_account_subscription/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_account_subscription/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_account_token/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_account_token/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_address_map/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_address_map/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_api_shield/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_api_shield/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_api_shield_discovery_operation/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_api_shield_discovery_operation/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_api_shield_operation/resource.rb +29 -0
- data/lib/pangea/resources/cloudflare_api_shield_operation/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_api_shield_operation_schema_validation_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_api_shield_operation_schema_validation_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_api_shield_schema/resource.rb +30 -0
- data/lib/pangea/resources/cloudflare_api_shield_schema/types.rb +14 -0
- data/lib/pangea/resources/cloudflare_api_shield_schema_validation_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_api_shield_schema_validation_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_api_token/resource.rb +33 -0
- data/lib/pangea/resources/cloudflare_api_token/types.rb +14 -0
- data/lib/pangea/resources/cloudflare_argo/resource.rb +91 -0
- data/lib/pangea/resources/cloudflare_argo/types.rb +92 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls/resource.rb +29 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_certificate/resource.rb +33 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_certificate/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_settings/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_settings/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_bot_management/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_bot_management/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_byo_ip_prefix/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_byo_ip_prefix/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_calls_sfu_app/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_calls_sfu_app/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_calls_turn_app/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_calls_turn_app/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_certificate_pack/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_certificate_pack/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_cloud_connector_rules/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_cloud_connector_rules/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_asset/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_asset/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_message/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_message/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_priority/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_cloudforce_one_request_priority/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_content_scanning/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_content_scanning/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_content_scanning_expression/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_content_scanning_expression/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_custom_hostname/resource.rb +157 -0
- data/lib/pangea/resources/cloudflare_custom_hostname/types/ssl_types.rb +145 -0
- data/lib/pangea/resources/cloudflare_custom_hostname/types.rb +107 -0
- data/lib/pangea/resources/cloudflare_custom_hostname_fallback_origin/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_custom_hostname_fallback_origin/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_custom_pages/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_custom_pages/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_custom_ssl/resource.rb +36 -0
- data/lib/pangea/resources/cloudflare_custom_ssl/types.rb +16 -0
- data/lib/pangea/resources/cloudflare_d1_database/resource.rb +92 -0
- data/lib/pangea/resources/cloudflare_d1_database/types.rb +110 -0
- data/lib/pangea/resources/cloudflare_dns_firewall/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_dns_firewall/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_acl/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_acl/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_incoming/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_incoming/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_outgoing/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_outgoing/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_peer/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_peer/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_tsig/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_dns_zone_transfers_tsig/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_email_routing_address/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_email_routing_address/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_email_routing_catch_all/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_email_routing_catch_all/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_email_routing_dns/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_email_routing_dns/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_email_routing_rule/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_email_routing_rule/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_email_routing_settings/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_email_routing_settings/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_email_security_block_sender/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_email_security_block_sender/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_email_security_impersonation_registry/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_email_security_impersonation_registry/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_email_security_trusted_domains/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_email_security_trusted_domains/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_filter/resource.rb +64 -0
- data/lib/pangea/resources/cloudflare_filter/types.rb +54 -0
- data/lib/pangea/resources/cloudflare_firewall_rule/resource.rb +70 -0
- data/lib/pangea/resources/cloudflare_firewall_rule/types.rb +64 -0
- data/lib/pangea/resources/cloudflare_healthcheck/resource.rb +138 -0
- data/lib/pangea/resources/cloudflare_healthcheck/types.rb +192 -0
- data/lib/pangea/resources/cloudflare_hostname_tls_setting/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_hostname_tls_setting/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/resource.rb +176 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types/attributes.rb +125 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types/caching.rb +52 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types/enums.rb +37 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types/mtls.rb +52 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types/origin.rb +89 -0
- data/lib/pangea/resources/cloudflare_hyperdrive_config/types.rb +23 -0
- data/lib/pangea/resources/cloudflare_image/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_image/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_image_variant/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_image_variant/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_keyless_certificate/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_keyless_certificate/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_leaked_credential_check/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_leaked_credential_check/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_leaked_credential_check_rule/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_leaked_credential_check_rule/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_list/resource.rb +57 -0
- data/lib/pangea/resources/cloudflare_list/types.rb +49 -0
- data/lib/pangea/resources/cloudflare_list_item/resource.rb +130 -0
- data/lib/pangea/resources/cloudflare_list_item/types.rb +183 -0
- data/lib/pangea/resources/cloudflare_load_balancer/resource.rb +97 -0
- data/lib/pangea/resources/cloudflare_load_balancer/types.rb +75 -0
- data/lib/pangea/resources/cloudflare_load_balancer_monitor/resource.rb +78 -0
- data/lib/pangea/resources/cloudflare_load_balancer_monitor/types.rb +62 -0
- data/lib/pangea/resources/cloudflare_load_balancer_pool/resource.rb +78 -0
- data/lib/pangea/resources/cloudflare_load_balancer_pool/types.rb +81 -0
- data/lib/pangea/resources/cloudflare_logpull_retention/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_logpull_retention/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_logpush_job/resource.rb +40 -0
- data/lib/pangea/resources/cloudflare_logpush_job/types.rb +24 -0
- data/lib/pangea/resources/cloudflare_logpush_ownership_challenge/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_logpush_ownership_challenge/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_network_monitoring_configuration/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_network_monitoring_configuration/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_network_monitoring_rule/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_network_monitoring_rule/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_transit_connector/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_transit_connector/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_acl/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_acl/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_lan/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_lan/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_wan/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_transit_site_wan/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_wan_gre_tunnel/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_wan_gre_tunnel/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_wan_ipsec_tunnel/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_wan_ipsec_tunnel/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_magic_wan_static_route/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_magic_wan_static_route/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_managed_transforms/resource.rb +36 -0
- data/lib/pangea/resources/cloudflare_managed_transforms/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_mtls_certificate/resource.rb +34 -0
- data/lib/pangea/resources/cloudflare_mtls_certificate/types.rb +14 -0
- data/lib/pangea/resources/cloudflare_notification_policy/resource.rb +34 -0
- data/lib/pangea/resources/cloudflare_notification_policy/types.rb +18 -0
- data/lib/pangea/resources/cloudflare_notification_policy_webhooks/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_notification_policy_webhooks/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_observatory_scheduled_test/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_observatory_scheduled_test/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_organization/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_organization/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_organization_profile/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_organization_profile/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_origin_ca_certificate/resource.rb +97 -0
- data/lib/pangea/resources/cloudflare_origin_ca_certificate/types.rb +125 -0
- data/lib/pangea/resources/cloudflare_page_rule/resource.rb +78 -0
- data/lib/pangea/resources/cloudflare_page_rule/types.rb +71 -0
- data/lib/pangea/resources/cloudflare_page_shield_policy/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_page_shield_policy/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_pages_domain/resource.rb +28 -0
- data/lib/pangea/resources/cloudflare_pages_domain/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_pages_project/resource/deployment_config.rb +80 -0
- data/lib/pangea/resources/cloudflare_pages_project/resource/main.rb +75 -0
- data/lib/pangea/resources/cloudflare_pages_project/resource.rb +19 -0
- data/lib/pangea/resources/cloudflare_pages_project/types/attributes.rb +51 -0
- data/lib/pangea/resources/cloudflare_pages_project/types/bindings.rb +38 -0
- data/lib/pangea/resources/cloudflare_pages_project/types/build_config.rb +55 -0
- data/lib/pangea/resources/cloudflare_pages_project/types/deployment_config.rb +83 -0
- data/lib/pangea/resources/cloudflare_pages_project/types.rb +27 -0
- data/lib/pangea/resources/cloudflare_queue/resource.rb +108 -0
- data/lib/pangea/resources/cloudflare_queue/types.rb +132 -0
- data/lib/pangea/resources/cloudflare_queue_consumer/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_queue_consumer/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_r2_bucket/resource.rb +91 -0
- data/lib/pangea/resources/cloudflare_r2_bucket/types.rb +101 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/resource.rb +130 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/attributes.rb +105 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_allowed.rb +59 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_method.rb +34 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_rule.rb +74 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_cors/types.rb +22 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_event_notification/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_event_notification/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_lifecycle/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_lifecycle/types.rb +26 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_lock/resource.rb +29 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_lock/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_sippy/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_r2_bucket_sippy/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_r2_custom_domain/resource.rb +28 -0
- data/lib/pangea/resources/cloudflare_r2_custom_domain/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_r2_managed_domain/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_r2_managed_domain/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_rate_limit/resource.rb +129 -0
- data/lib/pangea/resources/cloudflare_rate_limit/types.rb +143 -0
- data/lib/pangea/resources/cloudflare_record/resource.rb +91 -0
- data/lib/pangea/resources/cloudflare_record/types.rb +114 -0
- data/lib/pangea/resources/cloudflare_regional_hostname/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_regional_hostname/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_regional_tiered_cache/resource.rb +82 -0
- data/lib/pangea/resources/cloudflare_regional_tiered_cache/types.rb +73 -0
- data/lib/pangea/resources/cloudflare_registrar_domain/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_registrar_domain/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_ruleset/resource.rb +113 -0
- data/lib/pangea/resources/cloudflare_ruleset/types/ruleset_rule.rb +84 -0
- data/lib/pangea/resources/cloudflare_ruleset/types.rb +155 -0
- data/lib/pangea/resources/cloudflare_schema_validation_operation_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_schema_validation_operation_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_schema_validation_schemas/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_schema_validation_schemas/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_schema_validation_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_schema_validation_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_snippet/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_snippet/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_snippet_rules/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_snippet_rules/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_spectrum_application/resource.rb +122 -0
- data/lib/pangea/resources/cloudflare_spectrum_application/types.rb +147 -0
- data/lib/pangea/resources/cloudflare_static_route/resource.rb +119 -0
- data/lib/pangea/resources/cloudflare_static_route/types.rb +131 -0
- data/lib/pangea/resources/cloudflare_stream/resource.rb +35 -0
- data/lib/pangea/resources/cloudflare_stream/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_stream_audio_track/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_audio_track/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_caption_language/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_caption_language/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_download/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_download/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_key/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_key/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_live_input/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_live_input/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_watermark/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_watermark/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_stream_webhook/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_stream_webhook/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_tiered_cache/resource.rb +83 -0
- data/lib/pangea/resources/cloudflare_tiered_cache/types.rb +74 -0
- data/lib/pangea/resources/cloudflare_total_tls/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_total_tls/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_turnstile_widget/resource.rb +34 -0
- data/lib/pangea/resources/cloudflare_turnstile_widget/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_url_normalization_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_url_normalization_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_user/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_user/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_user_agent_blocking_rule/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_user_agent_blocking_rule/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_waiting_room/resource.rb +122 -0
- data/lib/pangea/resources/cloudflare_waiting_room/types.rb +171 -0
- data/lib/pangea/resources/cloudflare_waiting_room_event/resource.rb +118 -0
- data/lib/pangea/resources/cloudflare_waiting_room_event/types.rb +153 -0
- data/lib/pangea/resources/cloudflare_waiting_room_rules/resource.rb +40 -0
- data/lib/pangea/resources/cloudflare_waiting_room_rules/types.rb +32 -0
- data/lib/pangea/resources/cloudflare_waiting_room_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_waiting_room_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_web3_hostname/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_web3_hostname/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_web_analytics_rule/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_web_analytics_rule/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_web_analytics_site/resource.rb +33 -0
- data/lib/pangea/resources/cloudflare_web_analytics_site/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_worker/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_worker/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_worker_route/resource.rb +62 -0
- data/lib/pangea/resources/cloudflare_worker_route/types.rb +50 -0
- data/lib/pangea/resources/cloudflare_worker_script/resource.rb +90 -0
- data/lib/pangea/resources/cloudflare_worker_script/types.rb +109 -0
- data/lib/pangea/resources/cloudflare_worker_version/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_worker_version/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_workers_cron_trigger/resource.rb +94 -0
- data/lib/pangea/resources/cloudflare_workers_cron_trigger/types.rb +102 -0
- data/lib/pangea/resources/cloudflare_workers_custom_domain/resource.rb +93 -0
- data/lib/pangea/resources/cloudflare_workers_custom_domain/types.rb +93 -0
- data/lib/pangea/resources/cloudflare_workers_deployment/resource.rb +28 -0
- data/lib/pangea/resources/cloudflare_workers_deployment/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_workers_for_platforms_dispatch_namespace/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_workers_for_platforms_dispatch_namespace/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_workers_kv/resource.rb +98 -0
- data/lib/pangea/resources/cloudflare_workers_kv/types.rb +103 -0
- data/lib/pangea/resources/cloudflare_workers_kv_namespace/resource.rb +84 -0
- data/lib/pangea/resources/cloudflare_workers_kv_namespace/types.rb +74 -0
- data/lib/pangea/resources/cloudflare_workers_script_subdomain/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_workers_script_subdomain/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_workflow/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_workflow/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/block_builders.rb +116 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/resource.rb +161 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/attributes.rb +102 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/cors_headers.rb +37 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/destination.rb +37 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/enums.rb +31 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/footer_link.rb +31 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/landing_page_design.rb +34 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/saas_app.rb +44 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/scim_config.rb +35 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_application/types.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_custom_page/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_custom_page/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_group/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_group/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_identity_provider/resource.rb +31 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_identity_provider/types.rb +15 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_infrastructure_target/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_infrastructure_target/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_key_configuration/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_key_configuration/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_certificate/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_certificate/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_hostname_settings/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_hostname_settings/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_policy/resource.rb +39 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_policy/types.rb +23 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_service_token/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_service_token/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_short_lived_certificate/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_short_lived_certificate/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_tag/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_access_tag/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile_local_domain_fallback/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile_local_domain_fallback/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_certificates/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_certificates/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_local_domain_fallback/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_local_domain_fallback/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_managed_networks/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_managed_networks/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_posture_integration/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_posture_integration/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_posture_rule/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_posture_rule/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_settings/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_device_settings/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dex_test/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dex_test/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_entry/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_entry/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_profile/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_profile/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_dataset/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_dataset/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_entry/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_entry/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_integration_entry/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_integration_entry/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_entry/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_entry/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_profile/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_profile/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dns_location/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_dns_location/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_certificate/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_certificate/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_logging/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_logging/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_policy/resource.rb +34 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_policy/types.rb +18 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_proxy_endpoint/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_proxy_endpoint/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_settings/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_gateway_settings/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_list/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_list/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_network_hostname_route/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_network_hostname_route/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_organization/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_organization/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_risk_behavior/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_risk_behavior/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_risk_scoring_integration/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_risk_scoring_integration/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared/resource.rb +33 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared/types.rb +13 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_config/resource.rb +28 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_config/types.rb +12 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_route/resource.rb +30 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_route/types.rb +14 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_virtual_network/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_virtual_network/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_warp_connector/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zero_trust_tunnel_warp_connector/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zone/resource.rb +71 -0
- data/lib/pangea/resources/cloudflare_zone/types.rb +62 -0
- data/lib/pangea/resources/cloudflare_zone_cache_reserve/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_zone_cache_reserve/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_zone_cache_variants/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_zone_cache_variants/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_zone_dns_settings/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_zone_dns_settings/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_zone_dnssec/resource.rb +96 -0
- data/lib/pangea/resources/cloudflare_zone_dnssec/types.rb +81 -0
- data/lib/pangea/resources/cloudflare_zone_hold/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zone_hold/types.rb +10 -0
- data/lib/pangea/resources/cloudflare_zone_lockdown/resource.rb +27 -0
- data/lib/pangea/resources/cloudflare_zone_lockdown/types.rb +11 -0
- data/lib/pangea/resources/cloudflare_zone_settings_override/resource.rb +80 -0
- data/lib/pangea/resources/cloudflare_zone_settings_override/types.rb +64 -0
- data/lib/pangea/resources/cloudflare_zone_subscription/resource.rb +26 -0
- data/lib/pangea/resources/cloudflare_zone_subscription/types.rb +10 -0
- data/lib/pangea/resources/composition/auto_scaling_web_tier.rb +179 -0
- data/lib/pangea/resources/composition/composite_auto_scaling_reference.rb +63 -0
- data/lib/pangea/resources/composition/composite_vpc_reference.rb +73 -0
- data/lib/pangea/resources/composition/composite_web_server_reference.rb +46 -0
- data/lib/pangea/resources/composition/helpers.rb +75 -0
- data/lib/pangea/resources/composition/vpc_with_subnets.rb +143 -0
- data/lib/pangea/resources/composition/web_server.rb +72 -0
- data/lib/pangea/resources/composition.rb +14 -510
- data/lib/pangea/resources/event_driven_example/dynamodb_tables.rb +103 -0
- data/lib/pangea/resources/event_driven_example/eventbridge_buses.rb +68 -0
- data/lib/pangea/resources/event_driven_example/eventbridge_rules.rb +94 -0
- data/lib/pangea/resources/event_driven_example/eventbridge_targets.rb +123 -0
- data/lib/pangea/resources/event_driven_example.rb +48 -254
- data/lib/pangea/resources/hcloud_certificate/resource.rb +50 -0
- data/lib/pangea/resources/hcloud_certificate/types.rb +26 -0
- data/lib/pangea/resources/hcloud_firewall/resource.rb +57 -0
- data/lib/pangea/resources/hcloud_firewall/types.rb +25 -0
- data/lib/pangea/resources/hcloud_firewall_attachment/resource.rb +40 -0
- data/lib/pangea/resources/hcloud_firewall_attachment/types.rb +22 -0
- data/lib/pangea/resources/hcloud_floating_ip/resource.rb +52 -0
- data/lib/pangea/resources/hcloud_floating_ip/types.rb +28 -0
- data/lib/pangea/resources/hcloud_floating_ip_assignment/resource.rb +40 -0
- data/lib/pangea/resources/hcloud_floating_ip_assignment/types.rb +22 -0
- data/lib/pangea/resources/hcloud_load_balancer/resource.rb +57 -0
- data/lib/pangea/resources/hcloud_load_balancer/types.rb +28 -0
- data/lib/pangea/resources/hcloud_load_balancer_network/resource.rb +43 -0
- data/lib/pangea/resources/hcloud_load_balancer_network/types.rb +26 -0
- data/lib/pangea/resources/hcloud_load_balancer_service/resource.rb +70 -0
- data/lib/pangea/resources/hcloud_load_balancer_service/types.rb +29 -0
- data/lib/pangea/resources/hcloud_load_balancer_target/resource.rb +45 -0
- data/lib/pangea/resources/hcloud_load_balancer_target/types.rb +28 -0
- data/lib/pangea/resources/hcloud_managed_certificate/resource.rb +49 -0
- data/lib/pangea/resources/hcloud_managed_certificate/types.rb +25 -0
- data/lib/pangea/resources/hcloud_network/resource.rb +48 -0
- data/lib/pangea/resources/hcloud_network/types.rb +25 -0
- data/lib/pangea/resources/hcloud_network_route/resource.rb +42 -0
- data/lib/pangea/resources/hcloud_network_route/types.rb +23 -0
- data/lib/pangea/resources/hcloud_network_subnet/resource.rb +44 -0
- data/lib/pangea/resources/hcloud_network_subnet/types.rb +27 -0
- data/lib/pangea/resources/hcloud_placement_group/resource.rb +48 -0
- data/lib/pangea/resources/hcloud_placement_group/types.rb +25 -0
- data/lib/pangea/resources/hcloud_primary_ip/resource.rb +52 -0
- data/lib/pangea/resources/hcloud_primary_ip/types.rb +29 -0
- data/lib/pangea/resources/hcloud_rdns/resource.rb +42 -0
- data/lib/pangea/resources/hcloud_rdns/types.rb +23 -0
- data/lib/pangea/resources/hcloud_server/resource.rb +91 -0
- data/lib/pangea/resources/hcloud_server/types.rb +58 -0
- data/lib/pangea/resources/hcloud_server_network/resource.rb +43 -0
- data/lib/pangea/resources/hcloud_server_network/types.rb +26 -0
- data/lib/pangea/resources/hcloud_snapshot/resource.rb +41 -0
- data/lib/pangea/resources/hcloud_snapshot/types.rb +25 -0
- data/lib/pangea/resources/hcloud_ssh_key/resource.rb +73 -0
- data/lib/pangea/resources/hcloud_ssh_key/types.rb +38 -0
- data/lib/pangea/resources/hcloud_uploaded_certificate/resource.rb +44 -0
- data/lib/pangea/resources/hcloud_uploaded_certificate/types.rb +26 -0
- data/lib/pangea/resources/hcloud_volume/resource.rb +53 -0
- data/lib/pangea/resources/hcloud_volume/types.rb +28 -0
- data/lib/pangea/resources/hcloud_volume_attachment/resource.rb +41 -0
- data/lib/pangea/resources/hcloud_volume_attachment/types.rb +25 -0
- data/lib/pangea/resources/hcloud_zone/resource.rb +40 -0
- data/lib/pangea/resources/hcloud_zone/types.rb +24 -0
- data/lib/pangea/resources/hcloud_zone_rrset/resource.rb +44 -0
- data/lib/pangea/resources/hcloud_zone_rrset/types.rb +27 -0
- data/lib/pangea/resources/network_helpers.rb +75 -0
- data/lib/pangea/resources/reference/instance_computed_attributes.rb +78 -0
- data/lib/pangea/resources/reference/subnet_computed_attributes.rb +60 -0
- data/lib/pangea/resources/reference/vpc_computed_attributes.rb +89 -0
- data/lib/pangea/resources/reference.rb +43 -206
- data/lib/pangea/resources/types/aws/compute.rb +103 -0
- data/lib/pangea/resources/types/aws/core.rb +132 -0
- data/lib/pangea/resources/types/aws/database.rb +37 -0
- data/lib/pangea/resources/types/aws/iot.rb +181 -0
- data/lib/pangea/resources/types/aws/iot_analytics.rb +57 -0
- data/lib/pangea/resources/types/aws/load_balancer.rb +99 -0
- data/lib/pangea/resources/types/aws/monitoring.rb +52 -0
- data/lib/pangea/resources/types/aws/networking.rb +74 -0
- data/lib/pangea/resources/types/aws/security.rb +138 -0
- data/lib/pangea/resources/types/aws/storage.rb +60 -0
- data/lib/pangea/resources/types/cloudflare/core.rb +130 -0
- data/lib/pangea/resources/types/cloudflare/load_balancing.rb +104 -0
- data/lib/pangea/resources/types/cloudflare/security.rb +107 -0
- data/lib/pangea/resources/types/cloudflare/workers.rb +60 -0
- data/lib/pangea/resources/types/core.rb +38 -0
- data/lib/pangea/resources/types/hetzner/core.rb +136 -0
- data/lib/pangea/resources/types/index.rb +38 -0
- data/lib/pangea/resources/types.rb +2 -1216
- data/lib/pangea/resources/validators/shared/aws_validators.rb +66 -0
- data/lib/pangea/resources/validators/shared/format_validators.rb +79 -0
- data/lib/pangea/resources/validators/shared/network_validators.rb +106 -0
- data/lib/pangea/resources/validators/shared_validators.rb +49 -0
- data/lib/pangea/utilities/ip_discovery.rb +109 -0
- data/lib/pangea/utilities.rb +1 -0
- data/lib/pangea/validation/base_validator.rb +104 -0
- data/lib/pangea/validation/common_validation_rules.rb +92 -0
- data/lib/pangea/validation/resource_validator.rb +36 -0
- data/lib/pangea/validation/validator_manager.rb +200 -0
- data/lib/pangea/validation/validators/aws_compute_validators.rb +66 -0
- data/lib/pangea/validation/validators/aws_database_validators.rb +100 -0
- data/lib/pangea/validation/validators/aws_network_validators.rb +135 -0
- data/lib/pangea/validation.rb +2 -0
- data/lib/pangea/version.rb +1 -1
- data/lib/pangea.rb +8 -4
- data/pangea.gemspec +4 -2
- data/pkgs/products/pangea/deploy/configmap.yaml +67 -0
- data/pkgs/products/pangea/deploy/crds/infrastructuretemplates.yaml +395 -0
- data/pkgs/products/pangea/deploy/crds/pangeanamespaces.yaml +286 -0
- data/pkgs/products/pangea/deploy/kustomization.yaml +54 -0
- data/pkgs/products/pangea/deploy/namespace.yaml +6 -0
- data/pkgs/products/pangea/deploy/operator-deployment.yaml +138 -0
- data/pkgs/products/pangea/deploy/operator-service.yaml +23 -0
- data/pkgs/products/pangea/deploy/rbac/role.yaml +106 -0
- data/pkgs/products/pangea/deploy/rbac/rolebinding.yaml +15 -0
- data/pkgs/products/pangea/deploy/rbac/serviceaccount.yaml +7 -0
- data/pkgs/products/pangea/deploy/web-deployment.yaml +64 -0
- data/pkgs/products/pangea/deploy/web-service.yaml +19 -0
- data/synthesizer-tests.yaml +72 -0
- metadata +1509 -309
- data/CLAUDE.md +0 -626
- data/OPEN_SOURCE_READINESS.md +0 -170
- data/audit_results/vpc_resources_audit.json +0 -219
- data/examples/basic-web-app/pangea.yaml +0 -36
- data/examples/cicd-pipeline/pangea.yaml +0 -35
- data/examples/data-processing/pangea.yaml +0 -57
- data/examples/disaster-recovery/pangea.yaml +0 -62
- data/examples/global-multi-region/pangea.yaml +0 -61
- data/examples/microservices-platform/pangea.yaml +0 -35
- data/examples/ml-platform/pangea.yaml +0 -58
- data/examples/multi-environment/pangea.yaml +0 -71
- data/examples/multi-tier-architecture/pangea.yaml +0 -49
- data/examples/security-focused/pangea.yaml +0 -60
- data/lib/pangea/architectures/CLAUDE.md +0 -425
- data/lib/pangea/components/CLAUDE.md +0 -350
- data/lib/pangea/components/application_load_balancer/CLAUDE.md +0 -224
- data/lib/pangea/components/carbon_aware_compute/CLAUDE.md +0 -295
- data/lib/pangea/components/green_data_lifecycle/CLAUDE.md +0 -353
- data/lib/pangea/components/public_private_subnets/CLAUDE.md +0 -547
- data/lib/pangea/components/secure_vpc/CLAUDE.md +0 -366
- data/lib/pangea/components/spot_instance_carbon_optimizer/CLAUDE.md +0 -469
- data/lib/pangea/components/sustainable_ml_training/CLAUDE.md +0 -653
- data/lib/pangea/components/web_security_group/CLAUDE.md +0 -690
- data/lib/pangea/components/web_tier_subnets/CLAUDE.md +0 -572
- data/lib/pangea/resources/CLAUDE.md +0 -607
- data/lib/pangea/resources/DATABASE_SERVICES_CLAUDE.md +0 -577
- data/lib/pangea/resources/aws/audit_manager/CLAUDE.md +0 -778
- data/lib/pangea/resources/aws/batch/CLAUDE.md +0 -965
- data/lib/pangea/resources/aws/cloudformation/CLAUDE.md +0 -98
- data/lib/pangea/resources/aws/detective/CLAUDE.md +0 -668
- data/lib/pangea/resources/aws/extended_resources_CLAUDE.md +0 -470
- data/lib/pangea/resources/aws/media_services_CLAUDE.md +0 -494
- data/lib/pangea/resources/aws/opensearch.disabled/CLAUDE.md +0 -480
- data/lib/pangea/resources/aws/security_lake/CLAUDE.md +0 -932
- data/lib/pangea/resources/aws_acm_certificate/CLAUDE.md +0 -290
- data/lib/pangea/resources/aws_acm_certificate_validation/CLAUDE.md +0 -437
- data/lib/pangea/resources/aws_ami/CLAUDE.md +0 -253
- data/lib/pangea/resources/aws_api_gateway_deployment/CLAUDE.md +0 -270
- data/lib/pangea/resources/aws_api_gateway_integration/CLAUDE.md +0 -304
- data/lib/pangea/resources/aws_api_gateway_method/CLAUDE.md +0 -235
- data/lib/pangea/resources/aws_api_gateway_resource/CLAUDE.md +0 -215
- data/lib/pangea/resources/aws_api_gateway_rest_api/CLAUDE.md +0 -152
- data/lib/pangea/resources/aws_api_gateway_stage/CLAUDE.md +0 -308
- data/lib/pangea/resources/aws_appstream_fleet/CLAUDE.md +0 -468
- data/lib/pangea/resources/aws_appsync_datasource/CLAUDE.md +0 -479
- data/lib/pangea/resources/aws_appsync_graphql_api/CLAUDE.md +0 -325
- data/lib/pangea/resources/aws_appsync_resolver/CLAUDE.md +0 -459
- data/lib/pangea/resources/aws_athena_database/CLAUDE.md +0 -276
- data/lib/pangea/resources/aws_athena_named_query/CLAUDE.md +0 -385
- data/lib/pangea/resources/aws_athena_workgroup/CLAUDE.md +0 -315
- data/lib/pangea/resources/aws_autoscaling_attachment/CLAUDE.md +0 -226
- data/lib/pangea/resources/aws_autoscaling_group/CLAUDE.md +0 -263
- data/lib/pangea/resources/aws_autoscaling_lifecycle_hook/CLAUDE.md +0 -357
- data/lib/pangea/resources/aws_autoscaling_notification/CLAUDE.md +0 -405
- data/lib/pangea/resources/aws_autoscaling_policy/CLAUDE.md +0 -278
- data/lib/pangea/resources/aws_autoscaling_schedule/CLAUDE.md +0 -219
- data/lib/pangea/resources/aws_autoscaling_tag/CLAUDE.md +0 -443
- data/lib/pangea/resources/aws_batch_compute_environment/CLAUDE.md +0 -571
- data/lib/pangea/resources/aws_batch_job_definition/CLAUDE.md +0 -714
- data/lib/pangea/resources/aws_batch_job_queue/CLAUDE.md +0 -585
- data/lib/pangea/resources/aws_braket_device/CLAUDE.md +0 -331
- data/lib/pangea/resources/aws_braket_quantum_task/CLAUDE.md +0 -188
- data/lib/pangea/resources/aws_budgets_budget/CLAUDE.md +0 -304
- data/lib/pangea/resources/aws_budgets_budget_action/CLAUDE.md +0 -357
- data/lib/pangea/resources/aws_cloudformation_stack/CLAUDE.md +0 -244
- data/lib/pangea/resources/aws_cloudformation_stack_set/CLAUDE.md +0 -309
- data/lib/pangea/resources/aws_cloudfront_distribution/CLAUDE.md +0 -62
- data/lib/pangea/resources/aws_cloudwatch_composite_alarm/CLAUDE.md +0 -288
- data/lib/pangea/resources/aws_cloudwatch_dashboard/CLAUDE.md +0 -342
- data/lib/pangea/resources/aws_cloudwatch_event_rule/CLAUDE.md +0 -568
- data/lib/pangea/resources/aws_cloudwatch_event_target/CLAUDE.md +0 -625
- data/lib/pangea/resources/aws_cloudwatch_log_destination/CLAUDE.md +0 -388
- data/lib/pangea/resources/aws_cloudwatch_log_destination_policy/CLAUDE.md +0 -479
- data/lib/pangea/resources/aws_cloudwatch_log_group/CLAUDE.md +0 -175
- data/lib/pangea/resources/aws_cloudwatch_log_metric_filter/CLAUDE.md +0 -502
- data/lib/pangea/resources/aws_cloudwatch_log_stream/CLAUDE.md +0 -260
- data/lib/pangea/resources/aws_cloudwatch_log_subscription_filter/CLAUDE.md +0 -473
- data/lib/pangea/resources/aws_cloudwatch_metric_alarm/CLAUDE.md +0 -317
- data/lib/pangea/resources/aws_codeartifact_domain/CLAUDE.md +0 -54
- data/lib/pangea/resources/aws_codeartifact_repository/CLAUDE.md +0 -55
- data/lib/pangea/resources/aws_codebuild_project/CLAUDE.md +0 -304
- data/lib/pangea/resources/aws_codecommit_repository/CLAUDE.md +0 -150
- data/lib/pangea/resources/aws_codedeploy_application/CLAUDE.md +0 -312
- data/lib/pangea/resources/aws_codedeploy_deployment_config/CLAUDE.md +0 -354
- data/lib/pangea/resources/aws_codedeploy_deployment_group/CLAUDE.md +0 -342
- data/lib/pangea/resources/aws_codepipeline/CLAUDE.md +0 -592
- data/lib/pangea/resources/aws_codepipeline_webhook/CLAUDE.md +0 -449
- data/lib/pangea/resources/aws_codestar_connection/CLAUDE.md +0 -55
- data/lib/pangea/resources/aws_cognito_identity_pool/CLAUDE.md +0 -712
- data/lib/pangea/resources/aws_cognito_user_pool/CLAUDE.md +0 -431
- data/lib/pangea/resources/aws_cognito_user_pool_client/CLAUDE.md +0 -542
- data/lib/pangea/resources/aws_cognito_user_pool_domain/CLAUDE.md +0 -524
- data/lib/pangea/resources/aws_config_config_rule/CLAUDE.md +0 -381
- data/lib/pangea/resources/aws_config_configuration_recorder/CLAUDE.md +0 -247
- data/lib/pangea/resources/aws_config_delivery_channel/CLAUDE.md +0 -290
- data/lib/pangea/resources/aws_customer_gateway/CLAUDE.md +0 -458
- data/lib/pangea/resources/aws_db_instance/CLAUDE.md +0 -407
- data/lib/pangea/resources/aws_db_parameter_group/CLAUDE.md +0 -285
- data/lib/pangea/resources/aws_db_subnet_group/CLAUDE.md +0 -189
- data/lib/pangea/resources/aws_device_farm_project/CLAUDE.md +0 -299
- data/lib/pangea/resources/aws_docdb_certificate/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_cluster/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_cluster_endpoint/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_cluster_instance/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_cluster_parameter_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_cluster_snapshot/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_event_subscription/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_global_cluster/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_docdb_subnet_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_dynamodb_global_table/CLAUDE.md +0 -184
- data/lib/pangea/resources/aws_dynamodb_table/CLAUDE.md +0 -130
- data/lib/pangea/resources/aws_ebs_volume/CLAUDE.md +0 -275
- data/lib/pangea/resources/aws_ec2_transit_gateway/CLAUDE.md +0 -220
- data/lib/pangea/resources/aws_ec2_transit_gateway_route/CLAUDE.md +0 -458
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table/CLAUDE.md +0 -384
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_association/CLAUDE.md +0 -409
- data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/CLAUDE.md +0 -433
- data/lib/pangea/resources/aws_ec2_transit_gateway_vpc_attachment/CLAUDE.md +0 -326
- data/lib/pangea/resources/aws_ecr_lifecycle_policy/CLAUDE.md +0 -56
- data/lib/pangea/resources/aws_ecr_replication_configuration/CLAUDE.md +0 -55
- data/lib/pangea/resources/aws_ecr_repository/CLAUDE.md +0 -54
- data/lib/pangea/resources/aws_ecr_repository_policy/CLAUDE.md +0 -55
- data/lib/pangea/resources/aws_ecs_cluster/CLAUDE.md +0 -218
- data/lib/pangea/resources/aws_ecs_cluster_capacity_providers/CLAUDE.md +0 -191
- data/lib/pangea/resources/aws_ecs_service/CLAUDE.md +0 -256
- data/lib/pangea/resources/aws_ecs_task_definition/CLAUDE.md +0 -281
- data/lib/pangea/resources/aws_ecs_task_definition/types_old.rb +0 -439
- data/lib/pangea/resources/aws_efs_access_point/CLAUDE.md +0 -504
- data/lib/pangea/resources/aws_efs_file_system/CLAUDE.md +0 -279
- data/lib/pangea/resources/aws_efs_mount_target/CLAUDE.md +0 -361
- data/lib/pangea/resources/aws_eip/CLAUDE.md +0 -325
- data/lib/pangea/resources/aws_eip_association/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_eks_addon/CLAUDE.md +0 -271
- data/lib/pangea/resources/aws_eks_cluster/CLAUDE.md +0 -198
- data/lib/pangea/resources/aws_eks_fargate_profile/CLAUDE.md +0 -266
- data/lib/pangea/resources/aws_eks_node_group/CLAUDE.md +0 -258
- data/lib/pangea/resources/aws_elasticache_cluster/CLAUDE.md +0 -240
- data/lib/pangea/resources/aws_elasticache_parameter_group/CLAUDE.md +0 -334
- data/lib/pangea/resources/aws_elasticache_subnet_group/CLAUDE.md +0 -286
- data/lib/pangea/resources/aws_emr_cluster/CLAUDE.md +0 -660
- data/lib/pangea/resources/aws_emr_instance_group/CLAUDE.md +0 -586
- data/lib/pangea/resources/aws_emr_step/CLAUDE.md +0 -560
- data/lib/pangea/resources/aws_eventbridge_bus/CLAUDE.md +0 -208
- data/lib/pangea/resources/aws_eventbridge_rule/CLAUDE.md +0 -232
- data/lib/pangea/resources/aws_eventbridge_target/CLAUDE.md +0 -260
- data/lib/pangea/resources/aws_extended_resources_CLAUDE.md +0 -395
- data/lib/pangea/resources/aws_fsx_lustre_filesystem/CLAUDE.md +0 -383
- data/lib/pangea/resources/aws_gamelift_alias/CLAUDE.md +0 -261
- data/lib/pangea/resources/aws_gamelift_build/CLAUDE.md +0 -233
- data/lib/pangea/resources/aws_gamelift_fleet/CLAUDE.md +0 -191
- data/lib/pangea/resources/aws_gamelift_game_session_queue/CLAUDE.md +0 -282
- data/lib/pangea/resources/aws_gamelift_matchmaking_configuration/CLAUDE.md +0 -288
- data/lib/pangea/resources/aws_glue_catalog_database/CLAUDE.md +0 -161
- data/lib/pangea/resources/aws_glue_catalog_table/CLAUDE.md +0 -387
- data/lib/pangea/resources/aws_glue_job/CLAUDE.md +0 -398
- data/lib/pangea/resources/aws_glue_trigger/CLAUDE.md +0 -454
- data/lib/pangea/resources/aws_iam_group/CLAUDE.md +0 -351
- data/lib/pangea/resources/aws_iam_policy/CLAUDE.md +0 -278
- data/lib/pangea/resources/aws_iam_role/CLAUDE.md +0 -419
- data/lib/pangea/resources/aws_iam_role_policy_attachment/CLAUDE.md +0 -331
- data/lib/pangea/resources/aws_iam_user/CLAUDE.md +0 -312
- data/lib/pangea/resources/aws_instance/CLAUDE.md +0 -396
- data/lib/pangea/resources/aws_internet_gateway/CLAUDE.md +0 -157
- data/lib/pangea/resources/aws_iot_analytics_channel/CLAUDE.md +0 -3
- data/lib/pangea/resources/aws_iot_analytics_datastore/CLAUDE.md +0 -3
- data/lib/pangea/resources/aws_iot_certificate/CLAUDE.md +0 -361
- data/lib/pangea/resources/aws_iot_device_defender_security_profile/CLAUDE.md +0 -3
- data/lib/pangea/resources/aws_iot_policy/CLAUDE.md +0 -27
- data/lib/pangea/resources/aws_iot_security_profile/CLAUDE.md +0 -3
- data/lib/pangea/resources/aws_iot_thing/CLAUDE.md +0 -397
- data/lib/pangea/resources/aws_iot_thing_type/CLAUDE.md +0 -526
- data/lib/pangea/resources/aws_iot_topic_rule/CLAUDE.md +0 -11
- data/lib/pangea/resources/aws_iot_topic_rule_destination/CLAUDE.md +0 -5
- data/lib/pangea/resources/aws_key_pair/CLAUDE.md +0 -357
- data/lib/pangea/resources/aws_kinesis_analytics_application/CLAUDE.md +0 -630
- data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/CLAUDE.md +0 -532
- data/lib/pangea/resources/aws_kinesis_stream/CLAUDE.md +0 -255
- data/lib/pangea/resources/aws_kinesis_video_stream/CLAUDE.md +0 -595
- data/lib/pangea/resources/aws_lambda_event_source_mapping/CLAUDE.md +0 -316
- data/lib/pangea/resources/aws_lambda_function/CLAUDE.md +0 -255
- data/lib/pangea/resources/aws_lambda_layer_version/CLAUDE.md +0 -322
- data/lib/pangea/resources/aws_lambda_permission/CLAUDE.md +0 -276
- data/lib/pangea/resources/aws_launch_template/CLAUDE.md +0 -269
- data/lib/pangea/resources/aws_lb/CLAUDE.md +0 -411
- data/lib/pangea/resources/aws_lb_listener/CLAUDE.md +0 -310
- data/lib/pangea/resources/aws_lb_listener_certificate/CLAUDE.md +0 -463
- data/lib/pangea/resources/aws_lb_listener_rule/CLAUDE.md +0 -502
- data/lib/pangea/resources/aws_lb_target_group/CLAUDE.md +0 -271
- data/lib/pangea/resources/aws_lb_target_group_attachment/CLAUDE.md +0 -560
- data/lib/pangea/resources/aws_licensemanager_association/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_grant/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_grant_accepter/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_license_configuration/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_license_grant_accepter/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_report_generator/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_licensemanager_token/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_managedblockchain_member/CLAUDE.md +0 -478
- data/lib/pangea/resources/aws_managedblockchain_network/CLAUDE.md +0 -487
- data/lib/pangea/resources/aws_managedblockchain_node/CLAUDE.md +0 -505
- data/lib/pangea/resources/aws_media_live_channel/CLAUDE.md +0 -881
- data/lib/pangea/resources/aws_media_live_input/CLAUDE.md +0 -729
- data/lib/pangea/resources/aws_media_package_channel/CLAUDE.md +0 -698
- data/lib/pangea/resources/aws_memorydb_acl/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_cluster/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_cluster_endpoint/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_multi_region_cluster/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_parameter_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_snapshot/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_subnet_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_memorydb_user/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_mobile_analytics_app/CLAUDE.md +0 -262
- data/lib/pangea/resources/aws_nat_gateway/CLAUDE.md +0 -209
- data/lib/pangea/resources/aws_neptune_cluster/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_cluster_endpoint/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_cluster_instance/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_cluster_parameter_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_cluster_snapshot/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_event_subscription/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_parameter_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_neptune_subnet_group/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_network_acl/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_network_acl_rule/CLAUDE.md +0 -297
- data/lib/pangea/resources/aws_network_interface/CLAUDE.md +0 -310
- data/lib/pangea/resources/aws_pinpoint_app/CLAUDE.md +0 -363
- data/lib/pangea/resources/aws_qldb_ledger/CLAUDE.md +0 -734
- data/lib/pangea/resources/aws_qldb_stream/CLAUDE.md +0 -845
- data/lib/pangea/resources/aws_ram_invitation_accepter/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_managed_permission/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_permission/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_permission_association/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_principal_association/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_resource_association/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_resource_share/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_resource_share_accepter/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_resource_share_invitation/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_ram_sharing_with_organization/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_rds_cluster/CLAUDE.md +0 -361
- data/lib/pangea/resources/aws_rds_cluster_endpoint/CLAUDE.md +0 -279
- data/lib/pangea/resources/aws_rds_cluster_instance/CLAUDE.md +0 -378
- data/lib/pangea/resources/aws_rds_cluster_parameter_group/CLAUDE.md +0 -344
- data/lib/pangea/resources/aws_rds_global_cluster/CLAUDE.md +0 -362
- data/lib/pangea/resources/aws_redshift_cluster/CLAUDE.md +0 -358
- data/lib/pangea/resources/aws_redshift_parameter_group/CLAUDE.md +0 -352
- data/lib/pangea/resources/aws_redshift_snapshot_schedule/CLAUDE.md +0 -395
- data/lib/pangea/resources/aws_redshift_subnet_group/CLAUDE.md +0 -274
- data/lib/pangea/resources/aws_route/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_route53_health_check/CLAUDE.md +0 -408
- data/lib/pangea/resources/aws_route53_record/CLAUDE.md +0 -414
- data/lib/pangea/resources/aws_route53_zone/CLAUDE.md +0 -363
- data/lib/pangea/resources/aws_route_table/CLAUDE.md +0 -224
- data/lib/pangea/resources/aws_route_table_association/CLAUDE.md +0 -401
- data/lib/pangea/resources/aws_s3_access_point/CLAUDE.md +0 -211
- data/lib/pangea/resources/aws_s3_bucket/CLAUDE.md +0 -140
- data/lib/pangea/resources/aws_s3_bucket_cors_configuration/CLAUDE.md +0 -262
- data/lib/pangea/resources/aws_s3_bucket_encryption/CLAUDE.md +0 -465
- data/lib/pangea/resources/aws_s3_bucket_inventory/CLAUDE.md +0 -430
- data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/CLAUDE.md +0 -221
- data/lib/pangea/resources/aws_s3_bucket_notification/CLAUDE.md +0 -358
- data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/CLAUDE.md +0 -561
- data/lib/pangea/resources/aws_s3_bucket_policy/CLAUDE.md +0 -234
- data/lib/pangea/resources/aws_s3_bucket_public_access_block/CLAUDE.md +0 -528
- data/lib/pangea/resources/aws_s3_bucket_replication_configuration/CLAUDE.md +0 -628
- data/lib/pangea/resources/aws_s3_bucket_versioning/CLAUDE.md +0 -340
- data/lib/pangea/resources/aws_s3_bucket_website_configuration/CLAUDE.md +0 -355
- data/lib/pangea/resources/aws_s3_object/CLAUDE.md +0 -535
- data/lib/pangea/resources/aws_sagemaker_domain/CLAUDE.md +0 -253
- data/lib/pangea/resources/aws_secretsmanager_secret/CLAUDE.md +0 -528
- data/lib/pangea/resources/aws_sfn_activity/CLAUDE.md +0 -571
- data/lib/pangea/resources/aws_sfn_state_machine/CLAUDE.md +0 -464
- data/lib/pangea/resources/aws_sns_subscription/CLAUDE.md +0 -289
- data/lib/pangea/resources/aws_sns_topic/CLAUDE.md +0 -249
- data/lib/pangea/resources/aws_sqs_queue/CLAUDE.md +0 -190
- data/lib/pangea/resources/aws_sqs_queue_policy/CLAUDE.md +0 -227
- data/lib/pangea/resources/aws_ssm_document/CLAUDE.md +0 -410
- data/lib/pangea/resources/aws_ssm_maintenance_window/CLAUDE.md +0 -412
- data/lib/pangea/resources/aws_ssm_parameter/CLAUDE.md +0 -355
- data/lib/pangea/resources/aws_ssm_patch_baseline/CLAUDE.md +0 -509
- data/lib/pangea/resources/aws_subnet/CLAUDE.md +0 -301
- data/lib/pangea/resources/aws_timestream_access_policy/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_batch_load_task/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_database/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_influx_db_instance/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_scheduled_query/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_table/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_timestream_table_retention_properties/CLAUDE.md +0 -96
- data/lib/pangea/resources/aws_volume_attachment/CLAUDE.md +0 -326
- data/lib/pangea/resources/aws_vpc/CLAUDE.md +0 -184
- data/lib/pangea/resources/aws_vpc_endpoint/CLAUDE.md +0 -483
- data/lib/pangea/resources/aws_vpc_endpoint_service/CLAUDE.md +0 -313
- data/lib/pangea/resources/aws_vpc_peering_connection/CLAUDE.md +0 -361
- data/lib/pangea/resources/aws_vpc_peering_connection_accepter/CLAUDE.md +0 -248
- data/lib/pangea/resources/aws_vpn_connection/CLAUDE.md +0 -420
- data/lib/pangea/resources/aws_vpn_gateway/CLAUDE.md +0 -411
- data/lib/pangea/resources/aws_wafv2_web_acl/CLAUDE.md +0 -788
- data/lib/pangea/resources/aws_workspaces_bundle/CLAUDE.md +0 -412
- data/lib/pangea/resources/aws_workspaces_directory/CLAUDE.md +0 -365
- data/lib/pangea/resources/aws_workspaces_ip_group/CLAUDE.md +0 -421
- data/lib/pangea/resources/aws_workspaces_workspace/CLAUDE.md +0 -322
- data/pangea_test.yml +0 -19
- data/shell.nix +0 -13
|
@@ -0,0 +1,2626 @@
|
|
|
1
|
+
# Pangea Kubernetes Operator: Continuous Drift Detection & Reconciliation
|
|
2
|
+
|
|
3
|
+
## Executive Summary
|
|
4
|
+
|
|
5
|
+
This document outlines the architecture, implementation plan, and testing strategy for transforming Pangea into a Kubernetes-native, continuous drift detection and reconciliation system. The solution combines the strengths of Go-based Kubernetes operators with Pangea's Ruby infrastructure-as-code capabilities to provide automated, perpetual infrastructure management.
|
|
6
|
+
|
|
7
|
+
**Status:** Research Complete → Ready for Implementation
|
|
8
|
+
**Last Updated:** 2025-11-06
|
|
9
|
+
**Version:** 1.1 (Build System Integration)
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Table of Contents
|
|
14
|
+
|
|
15
|
+
1. [Problem Statement](#problem-statement)
|
|
16
|
+
2. [Solution Architecture](#solution-architecture)
|
|
17
|
+
3. [Component Specifications](#component-specifications)
|
|
18
|
+
4. [Build System Architecture](#build-system-architecture)
|
|
19
|
+
5. [CRD Definitions](#crd-definitions)
|
|
20
|
+
6. [Reconciliation Strategy](#reconciliation-strategy)
|
|
21
|
+
7. [Testing Framework Integration](#testing-framework-integration)
|
|
22
|
+
8. [Implementation Roadmap](#implementation-roadmap)
|
|
23
|
+
9. [Task Breakdown for Agents](#task-breakdown-for-agents)
|
|
24
|
+
10. [Success Metrics](#success-metrics)
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Problem Statement
|
|
29
|
+
|
|
30
|
+
### Current State
|
|
31
|
+
|
|
32
|
+
Pangea currently operates as a CLI tool requiring manual invocation:
|
|
33
|
+
- Infrastructure changes require human intervention
|
|
34
|
+
- Drift detection happens only when `pangea plan` is run
|
|
35
|
+
- No continuous monitoring of infrastructure state
|
|
36
|
+
- Manual remediation required when drift is detected
|
|
37
|
+
- Limited integration with Kubernetes-native workflows
|
|
38
|
+
|
|
39
|
+
### Desired State
|
|
40
|
+
|
|
41
|
+
Transform Pangea into a **Kubernetes-native, continuous infrastructure reconciliation system**:
|
|
42
|
+
- Automatic drift detection with configurable intervals
|
|
43
|
+
- Automatic remediation of detected drift
|
|
44
|
+
- Kubernetes-native API via Custom Resource Definitions (CRDs)
|
|
45
|
+
- Continuous compliance monitoring with InSpec integration
|
|
46
|
+
- Event-driven architecture responding to changes in real-time
|
|
47
|
+
- GitOps workflow integration
|
|
48
|
+
- Comprehensive testing with RSpec and InSpec
|
|
49
|
+
|
|
50
|
+
### 2025 Industry Trends
|
|
51
|
+
|
|
52
|
+
Based on research, the infrastructure management landscape in 2025 emphasizes:
|
|
53
|
+
- **Continuous reconciliation** over periodic manual checks
|
|
54
|
+
- **Immediate drift detection** via queryable state graphs
|
|
55
|
+
- **Automated remediation** rather than notification-only systems
|
|
56
|
+
- **Kubernetes-native** infrastructure management patterns
|
|
57
|
+
- **Compliance as code** with continuous validation
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## Solution Architecture
|
|
62
|
+
|
|
63
|
+
### High-Level Architecture
|
|
64
|
+
|
|
65
|
+
```
|
|
66
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
67
|
+
│ Kubernetes Cluster │
|
|
68
|
+
│ ┌───────────────────────────────────────────────────────────┐ │
|
|
69
|
+
│ │ Pangea Operator (Go) │ │
|
|
70
|
+
│ │ ┌─────────────┐ ┌──────────────┐ ┌────────────────┐ │ │
|
|
71
|
+
│ │ │ CRD Watch │ │ Reconciler │ │ Event Handler │ │ │
|
|
72
|
+
│ │ │ Manager │→│ Loop │→│ & Queue │ │ │
|
|
73
|
+
│ │ └─────────────┘ └──────────────┘ └────────────────┘ │ │
|
|
74
|
+
│ └───────────────────────────────────────────────────────────┘ │
|
|
75
|
+
│ ↓ │
|
|
76
|
+
│ ┌───────────────────────────────────────────────────────────┐ │
|
|
77
|
+
│ │ Pangea Executor (Ruby Pod) │ │
|
|
78
|
+
│ │ ┌──────────┐ ┌────────────┐ ┌───────────────────────┐ │ │
|
|
79
|
+
│ │ │ Template │ │ Drift │ │ InSpec Validator │ │ │
|
|
80
|
+
│ │ │ Compiler │ │ Detector │ │ │ │ │
|
|
81
|
+
│ │ └──────────┘ └────────────┘ └───────────────────────┘ │ │
|
|
82
|
+
│ │ ┌──────────┐ ┌────────────┐ ┌───────────────────────┐ │ │
|
|
83
|
+
│ │ │ Tofu │ │ State │ │ Metrics Exporter │ │ │
|
|
84
|
+
│ │ │ Executor │ │ Manager │ │ │ │ │
|
|
85
|
+
│ │ └──────────┘ └────────────┘ └───────────────────────┘ │ │
|
|
86
|
+
│ └───────────────────────────────────────────────────────────┘ │
|
|
87
|
+
│ ↓ │
|
|
88
|
+
│ ┌───────────────────────────────────────────────────────────┐ │
|
|
89
|
+
│ │ Cloud Provider APIs │ │
|
|
90
|
+
│ │ (AWS, GCP, Azure - via Terraform/OpenTofu) │ │
|
|
91
|
+
│ └───────────────────────────────────────────────────────────┘ │
|
|
92
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
93
|
+
|
|
94
|
+
External Integrations:
|
|
95
|
+
├─ Git Repository (GitOps source)
|
|
96
|
+
├─ S3/DynamoDB (Terraform state backend)
|
|
97
|
+
├─ Prometheus (Metrics & Monitoring)
|
|
98
|
+
└─ Slack/Webhooks (Alerting)
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Architectural Decisions
|
|
102
|
+
|
|
103
|
+
#### 1. Hybrid Go + Ruby Architecture
|
|
104
|
+
|
|
105
|
+
**Decision:** Use Go for the Kubernetes operator, Ruby for infrastructure operations
|
|
106
|
+
|
|
107
|
+
**Rationale:**
|
|
108
|
+
- Go is the standard for Kubernetes operators (controller-runtime, client-go)
|
|
109
|
+
- Ruby Kubernetes client is unmaintained as of 2025
|
|
110
|
+
- Pangea's core logic is already in Ruby and well-tested
|
|
111
|
+
- Clear separation of concerns: K8s orchestration (Go) vs. IaC execution (Ruby)
|
|
112
|
+
|
|
113
|
+
**Implementation:**
|
|
114
|
+
- Go operator handles CRD watching, reconciliation loop, and K8s API interactions
|
|
115
|
+
- Go operator spawns/manages Ruby executor pods
|
|
116
|
+
- Communication via Kubernetes Job API and ConfigMaps/Secrets
|
|
117
|
+
|
|
118
|
+
#### 2. Template-Level CRDs
|
|
119
|
+
|
|
120
|
+
**Decision:** Each Pangea template becomes a Kubernetes custom resource
|
|
121
|
+
|
|
122
|
+
**Rationale:**
|
|
123
|
+
- Aligns with Pangea's existing template isolation model
|
|
124
|
+
- Enables independent reconciliation and drift detection per template
|
|
125
|
+
- Allows fine-grained RBAC and lifecycle management
|
|
126
|
+
- Matches the Kubernetes controller pattern (one reconciler per resource type)
|
|
127
|
+
|
|
128
|
+
#### 3. Continuous Reconciliation Model
|
|
129
|
+
|
|
130
|
+
**Decision:** Implement event-driven + periodic reconciliation
|
|
131
|
+
|
|
132
|
+
**Rationale:**
|
|
133
|
+
- Event-driven: React immediately to CRD changes (GitOps updates)
|
|
134
|
+
- Periodic: Detect external drift at configurable intervals
|
|
135
|
+
- Hybrid approach provides both responsiveness and drift detection
|
|
136
|
+
|
|
137
|
+
**Configuration:**
|
|
138
|
+
```yaml
|
|
139
|
+
spec:
|
|
140
|
+
reconciliation:
|
|
141
|
+
mode: hybrid # event-driven | periodic | hybrid
|
|
142
|
+
interval: 5m # For periodic/hybrid mode
|
|
143
|
+
driftDetection: true
|
|
144
|
+
autoRemediate: true
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
#### 4. Declarative Drift Remediation
|
|
148
|
+
|
|
149
|
+
**Decision:** Make remediation behavior declarative via CRD spec
|
|
150
|
+
|
|
151
|
+
**Rationale:**
|
|
152
|
+
- Users explicitly opt-in to auto-remediation
|
|
153
|
+
- Different policies per environment (auto-remediate dev, alert-only prod)
|
|
154
|
+
- Audit trail via Kubernetes events
|
|
155
|
+
|
|
156
|
+
---
|
|
157
|
+
|
|
158
|
+
## Component Specifications
|
|
159
|
+
|
|
160
|
+
### 1. Pangea Operator (Go)
|
|
161
|
+
|
|
162
|
+
**Location:** `pkgs/operators/pangea-operator/`
|
|
163
|
+
|
|
164
|
+
**Responsibilities:**
|
|
165
|
+
- Watch `PangeaTemplate` and `PangeaStack` custom resources
|
|
166
|
+
- Implement reconciliation loop (target: <1s reconciliation time)
|
|
167
|
+
- Manage executor pod lifecycle
|
|
168
|
+
- Handle drift detection scheduling
|
|
169
|
+
- Emit Kubernetes events and metrics
|
|
170
|
+
- Update resource status with reconciliation results
|
|
171
|
+
|
|
172
|
+
**Dependencies:**
|
|
173
|
+
- `controller-runtime` v0.17+
|
|
174
|
+
- `client-go` v0.29+
|
|
175
|
+
- `kubebuilder` v3.14+ (scaffolding only)
|
|
176
|
+
|
|
177
|
+
**Key Interfaces:**
|
|
178
|
+
```go
|
|
179
|
+
type TemplateReconciler struct {
|
|
180
|
+
client.Client
|
|
181
|
+
Scheme *runtime.Scheme
|
|
182
|
+
Executor *PangeaExecutor
|
|
183
|
+
DriftDetector *DriftDetector
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
func (r *TemplateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
### 2. Pangea Executor (Ruby)
|
|
190
|
+
|
|
191
|
+
**Location:** `pkgs/operators/pangea-executor/`
|
|
192
|
+
|
|
193
|
+
**Responsibilities:**
|
|
194
|
+
- Execute `pangea plan` and `pangea apply` operations
|
|
195
|
+
- Perform drift detection via `terraform plan`
|
|
196
|
+
- Run InSpec compliance tests
|
|
197
|
+
- Report results back to operator via status updates
|
|
198
|
+
- Manage Terraform/OpenTofu state
|
|
199
|
+
|
|
200
|
+
**Container Image:**
|
|
201
|
+
- Base: `ruby:3.3-alpine`
|
|
202
|
+
- Includes: pangea gem, terraform/tofu, inspec
|
|
203
|
+
- Size target: <200MB
|
|
204
|
+
|
|
205
|
+
**Entry Points:**
|
|
206
|
+
```ruby
|
|
207
|
+
# Main executor script
|
|
208
|
+
class PangeaExecutor
|
|
209
|
+
def plan(template_spec) -> PlanResult
|
|
210
|
+
def apply(template_spec) -> ApplyResult
|
|
211
|
+
def detect_drift(template_spec) -> DriftReport
|
|
212
|
+
def validate_compliance(template_spec) -> ComplianceReport
|
|
213
|
+
end
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
### 3. Drift Detector
|
|
217
|
+
|
|
218
|
+
**Location:** `lib/pangea/drift/detector.rb`
|
|
219
|
+
|
|
220
|
+
**Responsibilities:**
|
|
221
|
+
- Compare desired state (template) with actual state (cloud resources)
|
|
222
|
+
- Generate drift reports with resource-level detail
|
|
223
|
+
- Classify drift severity (critical, warning, info)
|
|
224
|
+
- Track drift history for trending
|
|
225
|
+
|
|
226
|
+
**Algorithm:**
|
|
227
|
+
```ruby
|
|
228
|
+
def detect_drift(template:, namespace:)
|
|
229
|
+
# 1. Compile template to Terraform JSON
|
|
230
|
+
compiled = compile_template(template)
|
|
231
|
+
|
|
232
|
+
# 2. Generate plan (shows drift)
|
|
233
|
+
plan_result = execute_plan(compiled, namespace)
|
|
234
|
+
|
|
235
|
+
# 3. Parse plan output for changes
|
|
236
|
+
drift_report = parse_drift(plan_result)
|
|
237
|
+
|
|
238
|
+
# 4. Classify and enrich
|
|
239
|
+
classify_drift_severity(drift_report)
|
|
240
|
+
|
|
241
|
+
# 5. Return structured report
|
|
242
|
+
drift_report
|
|
243
|
+
end
|
|
244
|
+
```
|
|
245
|
+
|
|
246
|
+
### 4. Compliance Validator (InSpec Integration)
|
|
247
|
+
|
|
248
|
+
**Location:** `lib/pangea/compliance/validator.rb`
|
|
249
|
+
|
|
250
|
+
**Responsibilities:**
|
|
251
|
+
- Run InSpec profiles against deployed infrastructure
|
|
252
|
+
- Generate compliance reports
|
|
253
|
+
- Track compliance over time
|
|
254
|
+
- Integrate with Pangea's resource metadata
|
|
255
|
+
|
|
256
|
+
**InSpec Profile Structure:**
|
|
257
|
+
```ruby
|
|
258
|
+
# Example InSpec profile for Pangea template
|
|
259
|
+
control 'aws-vpc-compliance' do
|
|
260
|
+
impact 1.0
|
|
261
|
+
title 'VPC Security Configuration'
|
|
262
|
+
desc 'Ensure VPC meets security standards'
|
|
263
|
+
|
|
264
|
+
# Use template metadata
|
|
265
|
+
template_spec = attribute('pangea_template_spec')
|
|
266
|
+
|
|
267
|
+
describe aws_vpc(template_spec[:vpc_id]) do
|
|
268
|
+
it { should exist }
|
|
269
|
+
its('cidr_block') { should eq template_spec[:cidr_block] }
|
|
270
|
+
it { should_not have_default_security_group_with_full_access }
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
---
|
|
276
|
+
|
|
277
|
+
## Build System Architecture
|
|
278
|
+
|
|
279
|
+
All components in the Pangea operator system follow the Nexus monorepo's standardized Nix build patterns, ensuring reproducible builds, efficient caching, and consistent deployment workflows across the entire platform.
|
|
280
|
+
|
|
281
|
+
### Build Philosophy
|
|
282
|
+
|
|
283
|
+
**CRITICAL REQUIREMENT**: All operator components MUST use nix-lib and nexus-deploy, following the same patterns as existing Rust services and web products. This ensures:
|
|
284
|
+
|
|
285
|
+
- **Reproducible Builds**: Nix flakes guarantee identical builds across environments
|
|
286
|
+
- **Efficient Caching**: Attic cache integration for fast CI/CD
|
|
287
|
+
- **Multi-Architecture Support**: AMD64 and ARM64 builds out of the box
|
|
288
|
+
- **Layered Container Images**: Optimal Docker layer caching via `pkgs.dockerTools.buildLayeredImage`
|
|
289
|
+
- **Standardized Deployment**: nexus-deploy handles build → push → deploy workflows
|
|
290
|
+
- **GitOps Integration**: Automatic manifest updates and FluxCD reconciliation
|
|
291
|
+
|
|
292
|
+
### Component Build Overview
|
|
293
|
+
|
|
294
|
+
```
|
|
295
|
+
┌─────────────────────────────────────────────────────────────────────┐
|
|
296
|
+
│ Nix Flake Build Architecture │
|
|
297
|
+
├─────────────────────────────────────────────────────────────────────┤
|
|
298
|
+
│ │
|
|
299
|
+
│ ┌──────────────────────┐ ┌─────────────────────────────┐ │
|
|
300
|
+
│ │ Pangea Operator (Go) │ │ Pangea Executor (Ruby) │ │
|
|
301
|
+
│ ├──────────────────────┤ ├─────────────────────────────┤ │
|
|
302
|
+
│ │ flake.nix │ │ flake.nix │ │
|
|
303
|
+
│ │ ↓ │ │ ↓ │ │
|
|
304
|
+
│ │ nix-lib/ │ │ nix-lib/ │ │
|
|
305
|
+
│ │ go-service.nix │ │ ruby-tool.nix │ │
|
|
306
|
+
│ │ ↓ │ │ ↓ │ │
|
|
307
|
+
│ │ buildGoModule │ │ bundlerApp │ │
|
|
308
|
+
│ │ ↓ │ │ ↓ │ │
|
|
309
|
+
│ │ buildLayeredImage │ │ buildLayeredImage │ │
|
|
310
|
+
│ │ ↓ │ │ ↓ │ │
|
|
311
|
+
│ │ ghcr.io/pleme-io/ │ │ ghcr.io/pleme-io/ │ │
|
|
312
|
+
│ │ pangea-operator │ │ pangea-executor │ │
|
|
313
|
+
│ └──────────────────────┘ └─────────────────────────────┘ │
|
|
314
|
+
│ ↓ ↓ │
|
|
315
|
+
│ ┌────────────────────────────────────────────────────────────┐ │
|
|
316
|
+
│ │ nexus-deploy (Rust CLI Tool) │ │
|
|
317
|
+
│ │ • Build: nix build + Attic cache push │ │
|
|
318
|
+
│ │ • Push: skopeo with retries → GHCR │ │
|
|
319
|
+
│ │ • Deploy: Update K8s manifests → Git push → FluxCD │ │
|
|
320
|
+
│ │ • Rollout: Monitor pod status in real-time │ │
|
|
321
|
+
│ └────────────────────────────────────────────────────────────┘ │
|
|
322
|
+
│ ↓ ↓ │
|
|
323
|
+
│ ┌────────────────────────────────────────────────────────────┐ │
|
|
324
|
+
│ │ Kubernetes Cluster (FluxCD) │ │
|
|
325
|
+
│ │ nix/k8s/clusters/orion/infrastructure/pangea/ │ │
|
|
326
|
+
│ │ ├── operator-deployment.yaml │ │
|
|
327
|
+
│ │ ├── executor-rbac.yaml │ │
|
|
328
|
+
│ │ └── crds/ │ │
|
|
329
|
+
│ └────────────────────────────────────────────────────────────┘ │
|
|
330
|
+
└─────────────────────────────────────────────────────────────────────┘
|
|
331
|
+
```
|
|
332
|
+
|
|
333
|
+
### 1. Pangea Operator (Go) Build Configuration
|
|
334
|
+
|
|
335
|
+
**Location:** `pkgs/operators/pangea-operator/flake.nix`
|
|
336
|
+
|
|
337
|
+
**Strategy:** Create `go-service.nix` helper in nix-lib (similar to existing `rust-service.nix`)
|
|
338
|
+
|
|
339
|
+
#### flake.nix Structure
|
|
340
|
+
|
|
341
|
+
```nix
|
|
342
|
+
{
|
|
343
|
+
description = "Pangea Kubernetes Operator";
|
|
344
|
+
|
|
345
|
+
inputs = {
|
|
346
|
+
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
347
|
+
flake-utils.url = "github:numtide/flake-utils";
|
|
348
|
+
nexus.url = "path:../../..";
|
|
349
|
+
nix-lib.url = "path:../../../nix/lib";
|
|
350
|
+
};
|
|
351
|
+
|
|
352
|
+
outputs = { nixpkgs, flake-utils, nexus, nix-lib, ... }:
|
|
353
|
+
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (
|
|
354
|
+
system:
|
|
355
|
+
let
|
|
356
|
+
# Import go-service.nix builder (to be created)
|
|
357
|
+
goService = import "${nix-lib}/go-service.nix" {
|
|
358
|
+
inherit system nixpkgs;
|
|
359
|
+
nixLib = nix-lib;
|
|
360
|
+
nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
361
|
+
};
|
|
362
|
+
in
|
|
363
|
+
goService {
|
|
364
|
+
serviceName = "pangea-operator";
|
|
365
|
+
src = ./.;
|
|
366
|
+
description = "Pangea Kubernetes Operator for continuous drift detection";
|
|
367
|
+
|
|
368
|
+
# Go-specific configuration
|
|
369
|
+
goVersion = "1.23";
|
|
370
|
+
vendorHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; # Update after first build
|
|
371
|
+
|
|
372
|
+
# Build configuration
|
|
373
|
+
buildInputs = []; # Add any C dependencies if needed
|
|
374
|
+
ldflags = [
|
|
375
|
+
"-s"
|
|
376
|
+
"-w"
|
|
377
|
+
"-X main.version=\${version}"
|
|
378
|
+
];
|
|
379
|
+
|
|
380
|
+
# Container configuration
|
|
381
|
+
containerPorts = {
|
|
382
|
+
metrics = 8080;
|
|
383
|
+
health = 8081;
|
|
384
|
+
};
|
|
385
|
+
|
|
386
|
+
# Deployment configuration
|
|
387
|
+
productName = "infrastructure";
|
|
388
|
+
namespace = "pangea-system";
|
|
389
|
+
cluster = "orion";
|
|
390
|
+
}
|
|
391
|
+
);
|
|
392
|
+
}
|
|
393
|
+
```
|
|
394
|
+
|
|
395
|
+
#### go-service.nix Implementation
|
|
396
|
+
|
|
397
|
+
**Location:** `nix/lib/go-service.nix` (to be created)
|
|
398
|
+
|
|
399
|
+
```nix
|
|
400
|
+
# ============================================================================
|
|
401
|
+
# GO SERVICE BUILDER - High-Level Abstraction for Go Microservices
|
|
402
|
+
# ============================================================================
|
|
403
|
+
# Mirrors the pattern of rust-service.nix for Go-based services
|
|
404
|
+
#
|
|
405
|
+
# Usage in service flake.nix:
|
|
406
|
+
# let goService = import "${nix-lib}/go-service.nix" {
|
|
407
|
+
# inherit system nixpkgs;
|
|
408
|
+
# nixLib = nix-lib;
|
|
409
|
+
# nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
410
|
+
# };
|
|
411
|
+
# in goService {
|
|
412
|
+
# serviceName = "pangea-operator";
|
|
413
|
+
# src = ./.;
|
|
414
|
+
# goVersion = "1.23";
|
|
415
|
+
# }
|
|
416
|
+
#
|
|
417
|
+
{ nixpkgs, system, nixLib, nexusDeploy }: {
|
|
418
|
+
serviceName,
|
|
419
|
+
src,
|
|
420
|
+
description ? "${serviceName} - Go Service",
|
|
421
|
+
goVersion ? "1.23",
|
|
422
|
+
vendorHash,
|
|
423
|
+
buildInputs ? [],
|
|
424
|
+
ldflags ? [],
|
|
425
|
+
containerPorts ? {
|
|
426
|
+
metrics = 8080;
|
|
427
|
+
health = 8081;
|
|
428
|
+
},
|
|
429
|
+
productName ? "infrastructure",
|
|
430
|
+
namespace ? "${productName}-staging",
|
|
431
|
+
cluster ? "orion",
|
|
432
|
+
}: let
|
|
433
|
+
pkgs = import nixpkgs { inherit system; };
|
|
434
|
+
|
|
435
|
+
# Build the Go binary using buildGoModule
|
|
436
|
+
goBinary = pkgs.buildGoModule {
|
|
437
|
+
pname = serviceName;
|
|
438
|
+
version = "0.1.0";
|
|
439
|
+
inherit src vendorHash;
|
|
440
|
+
|
|
441
|
+
inherit buildInputs ldflags;
|
|
442
|
+
|
|
443
|
+
# Use specified Go version
|
|
444
|
+
nativeBuildInputs = [ pkgs."go_${builtins.replaceStrings ["."] ["_"] goVersion}" ];
|
|
445
|
+
|
|
446
|
+
# Standard Go build flags
|
|
447
|
+
CGO_ENABLED = if buildInputs == [] then "0" else "1";
|
|
448
|
+
};
|
|
449
|
+
|
|
450
|
+
# Build multi-arch Docker images
|
|
451
|
+
mkDockerImage = arch: pkgs.dockerTools.buildLayeredImage {
|
|
452
|
+
name = "ghcr.io/pleme-io/${serviceName}";
|
|
453
|
+
tag = "latest";
|
|
454
|
+
architecture = arch;
|
|
455
|
+
|
|
456
|
+
contents = [
|
|
457
|
+
goBinary
|
|
458
|
+
pkgs.cacert # For HTTPS
|
|
459
|
+
pkgs.tzdata # For timezone support
|
|
460
|
+
];
|
|
461
|
+
|
|
462
|
+
config = {
|
|
463
|
+
Cmd = [ "${goBinary}/bin/${serviceName}" ];
|
|
464
|
+
ExposedPorts = builtins.mapAttrs (name: port: {}) containerPorts;
|
|
465
|
+
Env = [
|
|
466
|
+
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
|
467
|
+
];
|
|
468
|
+
};
|
|
469
|
+
};
|
|
470
|
+
|
|
471
|
+
dockerImage-amd64 = mkDockerImage "amd64";
|
|
472
|
+
dockerImage-arm64 = mkDockerImage "arm64";
|
|
473
|
+
|
|
474
|
+
# Deployment manifest path
|
|
475
|
+
manifestPath = "../../nix/k8s/clusters/${cluster}/${namespace}/${serviceName}/deployment.yaml";
|
|
476
|
+
|
|
477
|
+
in {
|
|
478
|
+
# Package outputs
|
|
479
|
+
packages = {
|
|
480
|
+
default = goBinary;
|
|
481
|
+
inherit dockerImage-amd64 dockerImage-arm64;
|
|
482
|
+
};
|
|
483
|
+
|
|
484
|
+
# Development shell
|
|
485
|
+
devShells.default = pkgs.mkShell {
|
|
486
|
+
buildInputs = with pkgs; [
|
|
487
|
+
go
|
|
488
|
+
gopls
|
|
489
|
+
gotools
|
|
490
|
+
go-tools
|
|
491
|
+
golangci-lint
|
|
492
|
+
kubectl
|
|
493
|
+
kubernetes-helm
|
|
494
|
+
] ++ buildInputs;
|
|
495
|
+
|
|
496
|
+
shellHook = ''
|
|
497
|
+
echo "Go ${goVersion} development environment for ${serviceName}"
|
|
498
|
+
echo "Available commands:"
|
|
499
|
+
echo " go build -o bin/${serviceName} ."
|
|
500
|
+
echo " go test ./..."
|
|
501
|
+
echo " golangci-lint run"
|
|
502
|
+
'';
|
|
503
|
+
};
|
|
504
|
+
|
|
505
|
+
# Apps for CI/CD workflow
|
|
506
|
+
apps = {
|
|
507
|
+
default = {
|
|
508
|
+
type = "app";
|
|
509
|
+
program = "${goBinary}/bin/${serviceName}";
|
|
510
|
+
};
|
|
511
|
+
|
|
512
|
+
# Build both images and push to Attic cache
|
|
513
|
+
build = {
|
|
514
|
+
type = "app";
|
|
515
|
+
program = toString (pkgs.writeShellScript "build-${serviceName}" ''
|
|
516
|
+
set -euo pipefail
|
|
517
|
+
echo "Building ${serviceName} for amd64 and arm64..."
|
|
518
|
+
nix build .#dockerImage-amd64
|
|
519
|
+
nix build .#dockerImage-arm64
|
|
520
|
+
echo "✅ Build complete"
|
|
521
|
+
'');
|
|
522
|
+
};
|
|
523
|
+
|
|
524
|
+
# Push images to GHCR using nexus-deploy
|
|
525
|
+
push = {
|
|
526
|
+
type = "app";
|
|
527
|
+
program = toString (pkgs.writeShellScript "push-${serviceName}" ''
|
|
528
|
+
set -euo pipefail
|
|
529
|
+
${nexusDeploy}/bin/nexus-deploy push \
|
|
530
|
+
--registry ghcr.io/pleme-io/${serviceName} \
|
|
531
|
+
--retries 10 \
|
|
532
|
+
--tag $(git rev-parse HEAD)
|
|
533
|
+
echo "✅ Pushed to GHCR"
|
|
534
|
+
'');
|
|
535
|
+
};
|
|
536
|
+
|
|
537
|
+
# Full deployment workflow using nexus-deploy
|
|
538
|
+
deploy = {
|
|
539
|
+
type = "app";
|
|
540
|
+
program = toString (pkgs.writeShellScript "deploy-${serviceName}" ''
|
|
541
|
+
set -euo pipefail
|
|
542
|
+
${nexusDeploy}/bin/nexus-deploy deploy \
|
|
543
|
+
--manifest ${manifestPath} \
|
|
544
|
+
--registry ghcr.io/pleme-io/${serviceName} \
|
|
545
|
+
--watch \
|
|
546
|
+
--timeout 10m
|
|
547
|
+
echo "✅ Deployment complete"
|
|
548
|
+
'');
|
|
549
|
+
};
|
|
550
|
+
|
|
551
|
+
# Complete release: build + push + deploy
|
|
552
|
+
release = {
|
|
553
|
+
type = "app";
|
|
554
|
+
program = toString (pkgs.writeShellScript "release-${serviceName}" ''
|
|
555
|
+
set -euo pipefail
|
|
556
|
+
echo "🚀 Releasing ${serviceName}..."
|
|
557
|
+
nix run .#build
|
|
558
|
+
nix run .#push
|
|
559
|
+
nix run .#deploy
|
|
560
|
+
echo "✅ Release complete"
|
|
561
|
+
'');
|
|
562
|
+
};
|
|
563
|
+
};
|
|
564
|
+
}
|
|
565
|
+
```
|
|
566
|
+
|
|
567
|
+
### 2. Pangea Executor (Ruby) Build Configuration
|
|
568
|
+
|
|
569
|
+
**Location:** `pkgs/operators/pangea-executor/flake.nix`
|
|
570
|
+
|
|
571
|
+
**Strategy:** Create `ruby-tool.nix` helper in nix-lib (similar to `rust-tool.nix`)
|
|
572
|
+
|
|
573
|
+
#### flake.nix Structure
|
|
574
|
+
|
|
575
|
+
```nix
|
|
576
|
+
{
|
|
577
|
+
description = "Pangea Executor - Ruby infrastructure executor for Kubernetes operator";
|
|
578
|
+
|
|
579
|
+
inputs = {
|
|
580
|
+
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
581
|
+
flake-utils.url = "github:numtide/flake-utils";
|
|
582
|
+
nexus.url = "path:../../..";
|
|
583
|
+
nix-lib.url = "path:../../../nix/lib";
|
|
584
|
+
};
|
|
585
|
+
|
|
586
|
+
outputs = { nixpkgs, flake-utils, nexus, nix-lib, ... }:
|
|
587
|
+
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (
|
|
588
|
+
system:
|
|
589
|
+
let
|
|
590
|
+
# Import ruby-tool.nix builder (to be created)
|
|
591
|
+
rubyTool = import "${nix-lib}/ruby-tool.nix" {
|
|
592
|
+
inherit system nixpkgs;
|
|
593
|
+
nixLib = nix-lib;
|
|
594
|
+
nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
595
|
+
};
|
|
596
|
+
in
|
|
597
|
+
rubyTool {
|
|
598
|
+
toolName = "pangea-executor";
|
|
599
|
+
src = ./.;
|
|
600
|
+
description = "Pangea infrastructure executor with Terraform/OpenTofu and InSpec";
|
|
601
|
+
|
|
602
|
+
# Ruby version
|
|
603
|
+
rubyVersion = "3.3";
|
|
604
|
+
|
|
605
|
+
# Include Pangea gem and dependencies
|
|
606
|
+
gemfile = ./Gemfile;
|
|
607
|
+
gemset = ./gemset.nix; # Generated via bundix
|
|
608
|
+
|
|
609
|
+
# Additional runtime dependencies
|
|
610
|
+
runtimeDependencies = pkgs: with pkgs; [
|
|
611
|
+
opentofu # Infrastructure executor
|
|
612
|
+
inspec # Compliance testing
|
|
613
|
+
git # For GitOps
|
|
614
|
+
awscli2 # Cloud provider CLI
|
|
615
|
+
];
|
|
616
|
+
|
|
617
|
+
# Entry point script
|
|
618
|
+
entryPoint = "bin/pangea-executor";
|
|
619
|
+
|
|
620
|
+
# Container configuration
|
|
621
|
+
containerUser = "pangea";
|
|
622
|
+
containerWorkdir = "/workspace";
|
|
623
|
+
|
|
624
|
+
# Deployment configuration
|
|
625
|
+
productName = "infrastructure";
|
|
626
|
+
namespace = "pangea-system";
|
|
627
|
+
cluster = "orion";
|
|
628
|
+
}
|
|
629
|
+
);
|
|
630
|
+
}
|
|
631
|
+
```
|
|
632
|
+
|
|
633
|
+
#### ruby-tool.nix Implementation
|
|
634
|
+
|
|
635
|
+
**Location:** `nix/lib/ruby-tool.nix` (to be created)
|
|
636
|
+
|
|
637
|
+
```nix
|
|
638
|
+
# ============================================================================
|
|
639
|
+
# RUBY TOOL BUILDER - High-Level Abstraction for Ruby CLI Tools
|
|
640
|
+
# ============================================================================
|
|
641
|
+
# Mirrors the pattern of rust-tool.nix for Ruby-based tools
|
|
642
|
+
#
|
|
643
|
+
# Usage in tool flake.nix:
|
|
644
|
+
# let rubyTool = import "${nix-lib}/ruby-tool.nix" {
|
|
645
|
+
# inherit system nixpkgs;
|
|
646
|
+
# nixLib = nix-lib;
|
|
647
|
+
# nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
648
|
+
# };
|
|
649
|
+
# in rubyTool {
|
|
650
|
+
# toolName = "pangea-executor";
|
|
651
|
+
# src = ./.;
|
|
652
|
+
# rubyVersion = "3.3";
|
|
653
|
+
# }
|
|
654
|
+
#
|
|
655
|
+
{ nixpkgs, system, nixLib, nexusDeploy }: {
|
|
656
|
+
toolName,
|
|
657
|
+
src,
|
|
658
|
+
description ? "${toolName} - Ruby CLI Tool",
|
|
659
|
+
rubyVersion ? "3.3",
|
|
660
|
+
gemfile,
|
|
661
|
+
gemset,
|
|
662
|
+
runtimeDependencies ? pkgs: [],
|
|
663
|
+
entryPoint ? "bin/${toolName}",
|
|
664
|
+
containerUser ? "app",
|
|
665
|
+
containerWorkdir ? "/app",
|
|
666
|
+
productName ? "infrastructure",
|
|
667
|
+
namespace ? "${productName}-staging",
|
|
668
|
+
cluster ? "orion",
|
|
669
|
+
}: let
|
|
670
|
+
pkgs = import nixpkgs { inherit system; };
|
|
671
|
+
|
|
672
|
+
# Select Ruby version
|
|
673
|
+
ruby = pkgs."ruby_${builtins.replaceStrings ["."] ["_"] rubyVersion}";
|
|
674
|
+
|
|
675
|
+
# Build Ruby application with bundlerApp
|
|
676
|
+
rubyApp = pkgs.bundlerApp {
|
|
677
|
+
pname = toolName;
|
|
678
|
+
inherit gemfile gemset;
|
|
679
|
+
exes = [ toolName ];
|
|
680
|
+
inherit ruby;
|
|
681
|
+
};
|
|
682
|
+
|
|
683
|
+
# Collect runtime dependencies
|
|
684
|
+
allRuntimeDeps = [ rubyApp ruby ] ++ (runtimeDependencies pkgs);
|
|
685
|
+
|
|
686
|
+
# Build multi-arch Docker images
|
|
687
|
+
mkDockerImage = arch: pkgs.dockerTools.buildLayeredImage {
|
|
688
|
+
name = "ghcr.io/pleme-io/${toolName}";
|
|
689
|
+
tag = "latest";
|
|
690
|
+
architecture = arch;
|
|
691
|
+
|
|
692
|
+
contents = allRuntimeDeps ++ (with pkgs; [
|
|
693
|
+
cacert
|
|
694
|
+
tzdata
|
|
695
|
+
coreutils
|
|
696
|
+
bash
|
|
697
|
+
]);
|
|
698
|
+
|
|
699
|
+
config = {
|
|
700
|
+
Cmd = [ "${rubyApp}/bin/${toolName}" ];
|
|
701
|
+
WorkingDir = containerWorkdir;
|
|
702
|
+
User = containerUser;
|
|
703
|
+
Env = [
|
|
704
|
+
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
|
705
|
+
"PATH=/bin:/usr/bin"
|
|
706
|
+
];
|
|
707
|
+
};
|
|
708
|
+
|
|
709
|
+
# Create non-root user
|
|
710
|
+
extraCommands = ''
|
|
711
|
+
mkdir -p ${containerWorkdir}
|
|
712
|
+
mkdir -p etc
|
|
713
|
+
echo "${containerUser}:x:1000:1000::/home/${containerUser}:/bin/bash" > etc/passwd
|
|
714
|
+
echo "${containerUser}:x:1000:" > etc/group
|
|
715
|
+
'';
|
|
716
|
+
};
|
|
717
|
+
|
|
718
|
+
dockerImage-amd64 = mkDockerImage "amd64";
|
|
719
|
+
dockerImage-arm64 = mkDockerImage "arm64";
|
|
720
|
+
|
|
721
|
+
# Deployment manifest path
|
|
722
|
+
manifestPath = "../../nix/k8s/clusters/${cluster}/${namespace}/${toolName}/deployment.yaml";
|
|
723
|
+
|
|
724
|
+
in {
|
|
725
|
+
# Package outputs
|
|
726
|
+
packages = {
|
|
727
|
+
default = rubyApp;
|
|
728
|
+
inherit dockerImage-amd64 dockerImage-arm64;
|
|
729
|
+
};
|
|
730
|
+
|
|
731
|
+
# Development shell
|
|
732
|
+
devShells.default = pkgs.mkShell {
|
|
733
|
+
buildInputs = with pkgs; [
|
|
734
|
+
ruby
|
|
735
|
+
bundler
|
|
736
|
+
bundix # For generating gemset.nix
|
|
737
|
+
] ++ (runtimeDependencies pkgs);
|
|
738
|
+
|
|
739
|
+
shellHook = ''
|
|
740
|
+
echo "Ruby ${rubyVersion} development environment for ${toolName}"
|
|
741
|
+
echo "Available commands:"
|
|
742
|
+
echo " bundle install"
|
|
743
|
+
echo " bundle exec ${toolName}"
|
|
744
|
+
echo " bundix # Update gemset.nix after Gemfile changes"
|
|
745
|
+
'';
|
|
746
|
+
};
|
|
747
|
+
|
|
748
|
+
# Apps for CI/CD workflow (same pattern as Go service)
|
|
749
|
+
apps = {
|
|
750
|
+
default = {
|
|
751
|
+
type = "app";
|
|
752
|
+
program = "${rubyApp}/bin/${toolName}";
|
|
753
|
+
};
|
|
754
|
+
|
|
755
|
+
build = {
|
|
756
|
+
type = "app";
|
|
757
|
+
program = toString (pkgs.writeShellScript "build-${toolName}" ''
|
|
758
|
+
set -euo pipefail
|
|
759
|
+
echo "Building ${toolName} for amd64 and arm64..."
|
|
760
|
+
nix build .#dockerImage-amd64
|
|
761
|
+
nix build .#dockerImage-arm64
|
|
762
|
+
echo "✅ Build complete"
|
|
763
|
+
'');
|
|
764
|
+
};
|
|
765
|
+
|
|
766
|
+
push = {
|
|
767
|
+
type = "app";
|
|
768
|
+
program = toString (pkgs.writeShellScript "push-${toolName}" ''
|
|
769
|
+
set -euo pipefail
|
|
770
|
+
${nexusDeploy}/bin/nexus-deploy push \
|
|
771
|
+
--registry ghcr.io/pleme-io/${toolName} \
|
|
772
|
+
--retries 10 \
|
|
773
|
+
--tag $(git rev-parse HEAD)
|
|
774
|
+
echo "✅ Pushed to GHCR"
|
|
775
|
+
'');
|
|
776
|
+
};
|
|
777
|
+
|
|
778
|
+
deploy = {
|
|
779
|
+
type = "app";
|
|
780
|
+
program = toString (pkgs.writeShellScript "deploy-${toolName}" ''
|
|
781
|
+
set -euo pipefail
|
|
782
|
+
${nexusDeploy}/bin/nexus-deploy deploy \
|
|
783
|
+
--manifest ${manifestPath} \
|
|
784
|
+
--registry ghcr.io/pleme-io/${toolName} \
|
|
785
|
+
--watch \
|
|
786
|
+
--timeout 10m
|
|
787
|
+
echo "✅ Deployment complete"
|
|
788
|
+
'');
|
|
789
|
+
};
|
|
790
|
+
|
|
791
|
+
release = {
|
|
792
|
+
type = "app";
|
|
793
|
+
program = toString (pkgs.writeShellScript "release-${toolName}" ''
|
|
794
|
+
set -euo pipefail
|
|
795
|
+
echo "🚀 Releasing ${toolName}..."
|
|
796
|
+
nix run .#build
|
|
797
|
+
nix run .#push
|
|
798
|
+
nix run .#deploy
|
|
799
|
+
echo "✅ Release complete"
|
|
800
|
+
'');
|
|
801
|
+
};
|
|
802
|
+
};
|
|
803
|
+
}
|
|
804
|
+
```
|
|
805
|
+
|
|
806
|
+
### 3. Kubernetes Manifests Integration
|
|
807
|
+
|
|
808
|
+
All operator components deploy to the Orion cluster via GitOps with FluxCD.
|
|
809
|
+
|
|
810
|
+
**Manifest Location:** `nix/k8s/clusters/orion/infrastructure/pangea/`
|
|
811
|
+
|
|
812
|
+
```
|
|
813
|
+
nix/k8s/clusters/orion/infrastructure/pangea/
|
|
814
|
+
├── namespace.yaml # pangea-system namespace
|
|
815
|
+
├── crds/
|
|
816
|
+
│ ├── pangeatemplate-crd.yaml # Generated from operator
|
|
817
|
+
│ └── pangeastack-crd.yaml # Generated from operator
|
|
818
|
+
├── operator/
|
|
819
|
+
│ ├── deployment.yaml # Operator deployment
|
|
820
|
+
│ ├── service.yaml # Metrics service
|
|
821
|
+
│ ├── rbac.yaml # ClusterRole and binding
|
|
822
|
+
│ └── serviceaccount.yaml # Service account
|
|
823
|
+
├── executor/
|
|
824
|
+
│ ├── configmap.yaml # Executor configuration
|
|
825
|
+
│ ├── rbac.yaml # Executor RBAC
|
|
826
|
+
│ └── serviceaccount.yaml # Service account for jobs
|
|
827
|
+
└── monitoring/
|
|
828
|
+
├── servicemonitor.yaml # Prometheus ServiceMonitor
|
|
829
|
+
└── grafana-dashboard.yaml # Grafana dashboard ConfigMap
|
|
830
|
+
```
|
|
831
|
+
|
|
832
|
+
### 4. CI/CD Workflow with nexus-deploy
|
|
833
|
+
|
|
834
|
+
**GitHub Actions Workflow:** `.github/workflows/operator-release.yml`
|
|
835
|
+
|
|
836
|
+
```yaml
|
|
837
|
+
name: Release Pangea Operator
|
|
838
|
+
|
|
839
|
+
on:
|
|
840
|
+
push:
|
|
841
|
+
branches: [main]
|
|
842
|
+
paths:
|
|
843
|
+
- 'pkgs/operators/**'
|
|
844
|
+
|
|
845
|
+
jobs:
|
|
846
|
+
release-operator:
|
|
847
|
+
runs-on: ubuntu-latest
|
|
848
|
+
steps:
|
|
849
|
+
- uses: actions/checkout@v4
|
|
850
|
+
|
|
851
|
+
- name: Install Nix
|
|
852
|
+
uses: DeterminateSystems/nix-installer-action@v13
|
|
853
|
+
|
|
854
|
+
- name: Setup Nix Cache
|
|
855
|
+
uses: DeterminateSystems/magic-nix-cache-action@v7
|
|
856
|
+
|
|
857
|
+
- name: Build Operator
|
|
858
|
+
working-directory: pkgs/operators/pangea-operator
|
|
859
|
+
run: nix run .#build
|
|
860
|
+
|
|
861
|
+
- name: Push Operator
|
|
862
|
+
working-directory: pkgs/operators/pangea-operator
|
|
863
|
+
run: nix run .#push
|
|
864
|
+
env:
|
|
865
|
+
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
866
|
+
|
|
867
|
+
- name: Deploy Operator
|
|
868
|
+
working-directory: pkgs/operators/pangea-operator
|
|
869
|
+
run: nix run .#deploy
|
|
870
|
+
env:
|
|
871
|
+
KUBECONFIG: ${{ secrets.ORION_KUBECONFIG }}
|
|
872
|
+
|
|
873
|
+
release-executor:
|
|
874
|
+
runs-on: ubuntu-latest
|
|
875
|
+
steps:
|
|
876
|
+
- uses: actions/checkout@v4
|
|
877
|
+
|
|
878
|
+
- name: Install Nix
|
|
879
|
+
uses: DeterminateSystems/nix-installer-action@v13
|
|
880
|
+
|
|
881
|
+
- name: Setup Nix Cache
|
|
882
|
+
uses: DeterminateSystems/magic-nix-cache-action@v7
|
|
883
|
+
|
|
884
|
+
- name: Build Executor
|
|
885
|
+
working-directory: pkgs/operators/pangea-executor
|
|
886
|
+
run: nix run .#build
|
|
887
|
+
|
|
888
|
+
- name: Push Executor
|
|
889
|
+
working-directory: pkgs/operators/pangea-executor
|
|
890
|
+
run: nix run .#push
|
|
891
|
+
env:
|
|
892
|
+
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
893
|
+
|
|
894
|
+
- name: Deploy Executor
|
|
895
|
+
working-directory: pkgs/operators/pangea-executor
|
|
896
|
+
run: nix run .#deploy
|
|
897
|
+
env:
|
|
898
|
+
KUBECONFIG: ${{ secrets.ORION_KUBECONFIG }}
|
|
899
|
+
```
|
|
900
|
+
|
|
901
|
+
### 5. Local Development Workflow
|
|
902
|
+
|
|
903
|
+
**Build and test locally:**
|
|
904
|
+
|
|
905
|
+
```bash
|
|
906
|
+
# Operator development
|
|
907
|
+
cd pkgs/operators/pangea-operator
|
|
908
|
+
nix develop # Enter dev shell
|
|
909
|
+
go build -o bin/manager . # Build locally
|
|
910
|
+
go test ./... # Run tests
|
|
911
|
+
nix build .#dockerImage-amd64 # Build container
|
|
912
|
+
nix run .#build # Build both architectures
|
|
913
|
+
|
|
914
|
+
# Executor development
|
|
915
|
+
cd pkgs/operators/pangea-executor
|
|
916
|
+
nix develop # Enter dev shell with Ruby + Terraform + InSpec
|
|
917
|
+
bundle install # Install gems
|
|
918
|
+
bundle exec rspec # Run tests
|
|
919
|
+
bundix # Update gemset.nix after Gemfile changes
|
|
920
|
+
nix build .#dockerImage-amd64 # Build container
|
|
921
|
+
|
|
922
|
+
# Test against local kind cluster
|
|
923
|
+
kind create cluster --name pangea-test
|
|
924
|
+
nix run .#deploy # Deploy to kind cluster
|
|
925
|
+
kubectl apply -f examples/simple-template.yaml
|
|
926
|
+
```
|
|
927
|
+
|
|
928
|
+
### 6. Benefits of Nix Build System
|
|
929
|
+
|
|
930
|
+
This architecture provides:
|
|
931
|
+
|
|
932
|
+
1. **Reproducible Builds**: Same inputs → same outputs, always
|
|
933
|
+
2. **Efficient Caching**: Attic cache prevents rebuilding unchanged layers
|
|
934
|
+
3. **Multi-Architecture**: Single flake builds for AMD64 and ARM64
|
|
935
|
+
4. **Fast CI/CD**: Cached layers = fast builds (30s instead of 5min)
|
|
936
|
+
5. **Consistent Tooling**: Same pattern as all Nexus services
|
|
937
|
+
6. **Type Safety**: Nix catches configuration errors at build time
|
|
938
|
+
7. **Zero Shell Scripts**: All automation in type-safe Rust (nexus-deploy)
|
|
939
|
+
8. **GitOps Native**: nexus-deploy handles manifest updates automatically
|
|
940
|
+
|
|
941
|
+
---
|
|
942
|
+
|
|
943
|
+
## CRD Definitions
|
|
944
|
+
|
|
945
|
+
### PangeaTemplate CRD
|
|
946
|
+
|
|
947
|
+
**Purpose:** Represents a single Pangea template to be continuously reconciled
|
|
948
|
+
|
|
949
|
+
```yaml
|
|
950
|
+
apiVersion: pangea.io/v1alpha1
|
|
951
|
+
kind: PangeaTemplate
|
|
952
|
+
metadata:
|
|
953
|
+
name: novaskyn-production-dns
|
|
954
|
+
namespace: infrastructure
|
|
955
|
+
spec:
|
|
956
|
+
# Source configuration
|
|
957
|
+
source:
|
|
958
|
+
type: git # git | configmap | inline
|
|
959
|
+
git:
|
|
960
|
+
repository: https://github.com/pleme-io/nexus
|
|
961
|
+
path: infrastructure/pangea/novaskyn/novaskyn_production_dns.rb
|
|
962
|
+
ref: main
|
|
963
|
+
authSecretRef:
|
|
964
|
+
name: git-credentials
|
|
965
|
+
|
|
966
|
+
# Pangea-specific configuration
|
|
967
|
+
pangea:
|
|
968
|
+
namespace: production # Pangea namespace
|
|
969
|
+
template: production_dns
|
|
970
|
+
autoApprove: true
|
|
971
|
+
|
|
972
|
+
# Reconciliation configuration
|
|
973
|
+
reconciliation:
|
|
974
|
+
mode: hybrid # event-driven | periodic | hybrid
|
|
975
|
+
interval: 5m
|
|
976
|
+
timeout: 10m
|
|
977
|
+
|
|
978
|
+
# Drift detection configuration
|
|
979
|
+
driftDetection:
|
|
980
|
+
enabled: true
|
|
981
|
+
interval: 10m
|
|
982
|
+
autoRemediate: true
|
|
983
|
+
remediationPolicy: immediate # immediate | manual | scheduled
|
|
984
|
+
notifications:
|
|
985
|
+
- type: slack
|
|
986
|
+
channel: "#infrastructure-alerts"
|
|
987
|
+
secretRef:
|
|
988
|
+
name: slack-webhook
|
|
989
|
+
- type: email
|
|
990
|
+
recipients: ["oncall@example.com"]
|
|
991
|
+
|
|
992
|
+
# Compliance configuration
|
|
993
|
+
compliance:
|
|
994
|
+
enabled: true
|
|
995
|
+
profiles:
|
|
996
|
+
- name: aws-security-baseline
|
|
997
|
+
source:
|
|
998
|
+
git: https://github.com/dev-sec/cis-aws-benchmark
|
|
999
|
+
- name: custom-compliance
|
|
1000
|
+
source:
|
|
1001
|
+
configMap: custom-inspec-profile
|
|
1002
|
+
interval: 1h
|
|
1003
|
+
failOnNonCompliance: false
|
|
1004
|
+
|
|
1005
|
+
# Health checks
|
|
1006
|
+
healthCheck:
|
|
1007
|
+
enabled: true
|
|
1008
|
+
interval: 1m
|
|
1009
|
+
checks:
|
|
1010
|
+
- type: terraform-state
|
|
1011
|
+
description: "Verify state file is accessible"
|
|
1012
|
+
- type: resource-health
|
|
1013
|
+
description: "Check cloud resources are healthy"
|
|
1014
|
+
|
|
1015
|
+
status:
|
|
1016
|
+
# Reconciliation status
|
|
1017
|
+
conditions:
|
|
1018
|
+
- type: Ready
|
|
1019
|
+
status: "True"
|
|
1020
|
+
lastTransitionTime: "2025-11-06T10:30:00Z"
|
|
1021
|
+
reason: ReconciliationSucceeded
|
|
1022
|
+
message: "Template successfully reconciled"
|
|
1023
|
+
|
|
1024
|
+
# Current state
|
|
1025
|
+
observedGeneration: 5
|
|
1026
|
+
lastReconcileTime: "2025-11-06T10:30:00Z"
|
|
1027
|
+
lastSuccessfulReconcileTime: "2025-11-06T10:30:00Z"
|
|
1028
|
+
reconciliationDuration: "15s"
|
|
1029
|
+
|
|
1030
|
+
# Resource summary
|
|
1031
|
+
resources:
|
|
1032
|
+
total: 4
|
|
1033
|
+
created: 4
|
|
1034
|
+
modified: 0
|
|
1035
|
+
deleted: 0
|
|
1036
|
+
|
|
1037
|
+
# Drift status
|
|
1038
|
+
drift:
|
|
1039
|
+
detected: false
|
|
1040
|
+
lastCheckTime: "2025-11-06T10:29:00Z"
|
|
1041
|
+
nextCheckTime: "2025-11-06T10:39:00Z"
|
|
1042
|
+
resources: []
|
|
1043
|
+
|
|
1044
|
+
# Compliance status
|
|
1045
|
+
compliance:
|
|
1046
|
+
status: Compliant
|
|
1047
|
+
lastCheckTime: "2025-11-06T09:00:00Z"
|
|
1048
|
+
nextCheckTime: "2025-11-06T10:00:00Z"
|
|
1049
|
+
passedControls: 15
|
|
1050
|
+
failedControls: 0
|
|
1051
|
+
score: 100
|
|
1052
|
+
```
|
|
1053
|
+
|
|
1054
|
+
### PangeaStack CRD
|
|
1055
|
+
|
|
1056
|
+
**Purpose:** Represents a collection of related templates (multi-template orchestration)
|
|
1057
|
+
|
|
1058
|
+
```yaml
|
|
1059
|
+
apiVersion: pangea.io/v1alpha1
|
|
1060
|
+
kind: PangeaStack
|
|
1061
|
+
metadata:
|
|
1062
|
+
name: novaskyn-production
|
|
1063
|
+
namespace: infrastructure
|
|
1064
|
+
spec:
|
|
1065
|
+
templates:
|
|
1066
|
+
- name: novaskyn-vpc
|
|
1067
|
+
templateRef:
|
|
1068
|
+
name: novaskyn-production-vpc
|
|
1069
|
+
- name: novaskyn-dns
|
|
1070
|
+
templateRef:
|
|
1071
|
+
name: novaskyn-production-dns
|
|
1072
|
+
dependsOn:
|
|
1073
|
+
- novaskyn-vpc
|
|
1074
|
+
- name: novaskyn-compute
|
|
1075
|
+
templateRef:
|
|
1076
|
+
name: novaskyn-production-compute
|
|
1077
|
+
dependsOn:
|
|
1078
|
+
- novaskyn-vpc
|
|
1079
|
+
- novaskyn-dns
|
|
1080
|
+
|
|
1081
|
+
reconciliation:
|
|
1082
|
+
mode: sequential # sequential | parallel
|
|
1083
|
+
continueOnError: false
|
|
1084
|
+
|
|
1085
|
+
status:
|
|
1086
|
+
phase: Ready # Pending | Running | Ready | Failed
|
|
1087
|
+
templatesReady: 3
|
|
1088
|
+
templatesTotal: 3
|
|
1089
|
+
lastReconcileTime: "2025-11-06T10:30:00Z"
|
|
1090
|
+
```
|
|
1091
|
+
|
|
1092
|
+
---
|
|
1093
|
+
|
|
1094
|
+
## Reconciliation Strategy
|
|
1095
|
+
|
|
1096
|
+
### Reconciliation Loop Flow
|
|
1097
|
+
|
|
1098
|
+
```
|
|
1099
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
1100
|
+
│ Reconciliation Trigger │
|
|
1101
|
+
│ (CRD change | Periodic timer | Manual trigger) │
|
|
1102
|
+
└───────────────────────────┬─────────────────────────────────┘
|
|
1103
|
+
↓
|
|
1104
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
1105
|
+
│ 1. Fetch PangeaTemplate Resource │
|
|
1106
|
+
│ - Get current spec │
|
|
1107
|
+
│ - Read generation number │
|
|
1108
|
+
└───────────────────────────┬─────────────────────────────────┘
|
|
1109
|
+
↓
|
|
1110
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
1111
|
+
│ 2. Validate Specification │
|
|
1112
|
+
│ - Check source accessibility (Git/ConfigMap) │
|
|
1113
|
+
│ - Validate Pangea namespace exists │
|
|
1114
|
+
│ - Verify credentials │
|
|
1115
|
+
└───────────────────────────┬─────────────────────────────────┘
|
|
1116
|
+
↓
|
|
1117
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
1118
|
+
│ 3. Create/Update Executor Job │
|
|
1119
|
+
│ - Prepare ConfigMap with template source │
|
|
1120
|
+
│ - Mount credentials (AWS, Git, etc.) │
|
|
1121
|
+
│ - Set environment variables │
|
|
1122
|
+
│ - Launch Kubernetes Job │
|
|
1123
|
+
└───────────────────────────┬─────────────────────────────────┘
|
|
1124
|
+
↓
|
|
1125
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
1126
|
+
│ 4. Execute Pangea Plan │
|
|
1127
|
+
│ - Compile template to Terraform JSON │
|
|
1128
|
+
│ - Run `terraform plan` / `tofu plan` │
|
|
1129
|
+
│ - Capture output and parse changes │
|
|
1130
|
+
└───────────────────────────┬─────────────────────────────────┘
|
|
1131
|
+
↓
|
|
1132
|
+
┌─────────────┐
|
|
1133
|
+
│ Changes? │
|
|
1134
|
+
└──────┬──────┘
|
|
1135
|
+
Yes ←────┴────→ No
|
|
1136
|
+
↓ ↓
|
|
1137
|
+
┌──────────────────────────┐ │
|
|
1138
|
+
│ 5a. Drift Detected │ │
|
|
1139
|
+
│ - Log drift details │ │
|
|
1140
|
+
│ - Emit K8s event │ │
|
|
1141
|
+
│ - Send notifications │ │
|
|
1142
|
+
└──────────┬───────────────┘ │
|
|
1143
|
+
↓ ↓
|
|
1144
|
+
┌──────────────────────────┐ │
|
|
1145
|
+
│ 6. Check Auto-Remediate │ │
|
|
1146
|
+
└──────────┬───────────────┘ │
|
|
1147
|
+
Enabled │ Disabled │
|
|
1148
|
+
↓ ↓ ↓
|
|
1149
|
+
┌─────────────────────┐ ┌───────────────┐
|
|
1150
|
+
│ 7a. Execute Apply │ │ 7b. Update │
|
|
1151
|
+
│ - Run pangea apply │ │ Status │
|
|
1152
|
+
│ - Update resources │ │ - Mark drift │
|
|
1153
|
+
│ - Log changes │ │ - Requeue │
|
|
1154
|
+
└──────────┬──────────┘ └───────┬───────┘
|
|
1155
|
+
↓ ↓
|
|
1156
|
+
┌──────────────────────────────────────┐
|
|
1157
|
+
│ 8. Run Compliance Checks (If Enabled)│
|
|
1158
|
+
│ - Execute InSpec profiles │
|
|
1159
|
+
│ - Generate compliance report │
|
|
1160
|
+
└──────────┬───────────────────────────┘
|
|
1161
|
+
↓
|
|
1162
|
+
┌──────────────────────────────────────┐
|
|
1163
|
+
│ 9. Update Status Conditions │
|
|
1164
|
+
│ - Set Ready/Failed condition │
|
|
1165
|
+
│ - Update observedGeneration │
|
|
1166
|
+
│ - Record metrics │
|
|
1167
|
+
│ - Update resource counts │
|
|
1168
|
+
└──────────┬───────────────────────────┘
|
|
1169
|
+
↓
|
|
1170
|
+
┌──────────────────────────────────────┐
|
|
1171
|
+
│ 10. Schedule Next Reconciliation │
|
|
1172
|
+
│ - Requeue based on interval │
|
|
1173
|
+
│ - Or wait for next trigger │
|
|
1174
|
+
└──────────────────────────────────────┘
|
|
1175
|
+
```
|
|
1176
|
+
|
|
1177
|
+
### Reconciliation Timing
|
|
1178
|
+
|
|
1179
|
+
| Mode | Trigger | Requeue Interval |
|
|
1180
|
+
|------|---------|------------------|
|
|
1181
|
+
| **Event-Driven** | CRD spec change | On change only |
|
|
1182
|
+
| **Periodic** | Timer | Configurable (default: 5m) |
|
|
1183
|
+
| **Hybrid** | Both | On change + periodic |
|
|
1184
|
+
|
|
1185
|
+
### Error Handling & Retries
|
|
1186
|
+
|
|
1187
|
+
```go
|
|
1188
|
+
// Reconciliation result determines requeue behavior
|
|
1189
|
+
type ReconcileResult struct {
|
|
1190
|
+
Requeue bool
|
|
1191
|
+
RequeueAfter time.Duration
|
|
1192
|
+
}
|
|
1193
|
+
|
|
1194
|
+
// Exponential backoff for errors
|
|
1195
|
+
func (r *TemplateReconciler) handleError(err error, attempt int) ReconcileResult {
|
|
1196
|
+
if attempt > maxRetries {
|
|
1197
|
+
// Give up after max retries
|
|
1198
|
+
return ReconcileResult{Requeue: false}
|
|
1199
|
+
}
|
|
1200
|
+
|
|
1201
|
+
backoff := calculateBackoff(attempt) // 1s, 2s, 4s, 8s, 16s...
|
|
1202
|
+
|
|
1203
|
+
return ReconcileResult{
|
|
1204
|
+
Requeue: true,
|
|
1205
|
+
RequeueAfter: backoff,
|
|
1206
|
+
}
|
|
1207
|
+
}
|
|
1208
|
+
```
|
|
1209
|
+
|
|
1210
|
+
---
|
|
1211
|
+
|
|
1212
|
+
## Testing Framework Integration
|
|
1213
|
+
|
|
1214
|
+
### Three-Layer Testing Strategy
|
|
1215
|
+
|
|
1216
|
+
#### Layer 1: RSpec Unit & Integration Tests
|
|
1217
|
+
|
|
1218
|
+
**Purpose:** Test Ruby components and Pangea integration logic
|
|
1219
|
+
|
|
1220
|
+
**Location:** `spec/operators/`
|
|
1221
|
+
|
|
1222
|
+
**Test Categories:**
|
|
1223
|
+
|
|
1224
|
+
1. **Executor Tests** (`spec/operators/executor_spec.rb`)
|
|
1225
|
+
```ruby
|
|
1226
|
+
RSpec.describe PangeaExecutor do
|
|
1227
|
+
describe '#plan' do
|
|
1228
|
+
it 'generates valid plan output' do
|
|
1229
|
+
executor = PangeaExecutor.new
|
|
1230
|
+
result = executor.plan(template_spec)
|
|
1231
|
+
|
|
1232
|
+
expect(result).to be_success
|
|
1233
|
+
expect(result.changes).to be_a(Hash)
|
|
1234
|
+
expect(result.terraform_json).to be_valid_json
|
|
1235
|
+
end
|
|
1236
|
+
|
|
1237
|
+
it 'handles template compilation errors' do
|
|
1238
|
+
executor = PangeaExecutor.new
|
|
1239
|
+
invalid_spec = build(:invalid_template_spec)
|
|
1240
|
+
|
|
1241
|
+
result = executor.plan(invalid_spec)
|
|
1242
|
+
|
|
1243
|
+
expect(result).to be_failure
|
|
1244
|
+
expect(result.error).to include('compilation failed')
|
|
1245
|
+
end
|
|
1246
|
+
end
|
|
1247
|
+
|
|
1248
|
+
describe '#detect_drift' do
|
|
1249
|
+
it 'detects infrastructure drift accurately' do
|
|
1250
|
+
executor = PangeaExecutor.new
|
|
1251
|
+
|
|
1252
|
+
# Setup: Deploy infrastructure
|
|
1253
|
+
executor.apply(template_spec)
|
|
1254
|
+
|
|
1255
|
+
# Simulate external change (out-of-band modification)
|
|
1256
|
+
simulate_external_change
|
|
1257
|
+
|
|
1258
|
+
# Test: Drift detection
|
|
1259
|
+
drift = executor.detect_drift(template_spec)
|
|
1260
|
+
|
|
1261
|
+
expect(drift.detected?).to be true
|
|
1262
|
+
expect(drift.resources).to include(
|
|
1263
|
+
type: 'aws_route53_record',
|
|
1264
|
+
name: 'www',
|
|
1265
|
+
drift: 'records changed'
|
|
1266
|
+
)
|
|
1267
|
+
end
|
|
1268
|
+
end
|
|
1269
|
+
end
|
|
1270
|
+
```
|
|
1271
|
+
|
|
1272
|
+
2. **Drift Detector Tests** (`spec/drift/detector_spec.rb`)
|
|
1273
|
+
```ruby
|
|
1274
|
+
RSpec.describe Pangea::Drift::Detector do
|
|
1275
|
+
describe '#detect' do
|
|
1276
|
+
context 'when infrastructure matches template' do
|
|
1277
|
+
it 'reports no drift' do
|
|
1278
|
+
detector = described_class.new
|
|
1279
|
+
report = detector.detect(template: template, namespace: 'production')
|
|
1280
|
+
|
|
1281
|
+
expect(report.drift_detected?).to be false
|
|
1282
|
+
expect(report.resources_changed).to be_empty
|
|
1283
|
+
end
|
|
1284
|
+
end
|
|
1285
|
+
|
|
1286
|
+
context 'when infrastructure has drifted' do
|
|
1287
|
+
it 'identifies specific resource changes' do
|
|
1288
|
+
detector = described_class.new
|
|
1289
|
+
|
|
1290
|
+
# Modify infrastructure externally
|
|
1291
|
+
modify_resource_externally('aws_s3_bucket.example',
|
|
1292
|
+
attribute: 'versioning',
|
|
1293
|
+
value: 'Disabled'
|
|
1294
|
+
)
|
|
1295
|
+
|
|
1296
|
+
report = detector.detect(template: template, namespace: 'production')
|
|
1297
|
+
|
|
1298
|
+
expect(report.drift_detected?).to be true
|
|
1299
|
+
expect(report.drifted_resources).to include(
|
|
1300
|
+
resource: 'aws_s3_bucket.example',
|
|
1301
|
+
attribute: 'versioning',
|
|
1302
|
+
expected: 'Enabled',
|
|
1303
|
+
actual: 'Disabled'
|
|
1304
|
+
)
|
|
1305
|
+
end
|
|
1306
|
+
|
|
1307
|
+
it 'classifies drift severity correctly' do
|
|
1308
|
+
detector = described_class.new
|
|
1309
|
+
|
|
1310
|
+
# Critical drift: security group opened
|
|
1311
|
+
modify_security_group('sg-12345', ingress: '0.0.0.0/0')
|
|
1312
|
+
|
|
1313
|
+
report = detector.detect(template: template, namespace: 'production')
|
|
1314
|
+
|
|
1315
|
+
expect(report.severity).to eq(:critical)
|
|
1316
|
+
expect(report.requires_immediate_action?).to be true
|
|
1317
|
+
end
|
|
1318
|
+
end
|
|
1319
|
+
end
|
|
1320
|
+
end
|
|
1321
|
+
```
|
|
1322
|
+
|
|
1323
|
+
3. **Compliance Validator Tests** (`spec/compliance/validator_spec.rb`)
|
|
1324
|
+
```ruby
|
|
1325
|
+
RSpec.describe Pangea::Compliance::Validator do
|
|
1326
|
+
describe '#validate' do
|
|
1327
|
+
it 'runs InSpec profiles against infrastructure' do
|
|
1328
|
+
validator = described_class.new
|
|
1329
|
+
|
|
1330
|
+
result = validator.validate(
|
|
1331
|
+
template_spec: template_spec,
|
|
1332
|
+
profiles: ['aws-security-baseline']
|
|
1333
|
+
)
|
|
1334
|
+
|
|
1335
|
+
expect(result.controls_passed).to eq(15)
|
|
1336
|
+
expect(result.controls_failed).to eq(0)
|
|
1337
|
+
expect(result.compliance_score).to eq(100)
|
|
1338
|
+
end
|
|
1339
|
+
|
|
1340
|
+
it 'reports failed compliance controls' do
|
|
1341
|
+
validator = described_class.new
|
|
1342
|
+
|
|
1343
|
+
# Create non-compliant infrastructure
|
|
1344
|
+
create_insecure_bucket('test-bucket')
|
|
1345
|
+
|
|
1346
|
+
result = validator.validate(
|
|
1347
|
+
template_spec: template_spec,
|
|
1348
|
+
profiles: ['aws-security-baseline']
|
|
1349
|
+
)
|
|
1350
|
+
|
|
1351
|
+
expect(result.compliance_score).to be < 100
|
|
1352
|
+
expect(result.failed_controls).to include(
|
|
1353
|
+
control_id: 's3-bucket-encryption',
|
|
1354
|
+
severity: 'critical',
|
|
1355
|
+
resource: 'aws_s3_bucket.test-bucket'
|
|
1356
|
+
)
|
|
1357
|
+
end
|
|
1358
|
+
end
|
|
1359
|
+
end
|
|
1360
|
+
```
|
|
1361
|
+
|
|
1362
|
+
#### Layer 2: InSpec Infrastructure Tests
|
|
1363
|
+
|
|
1364
|
+
**Purpose:** Validate deployed infrastructure compliance and security
|
|
1365
|
+
|
|
1366
|
+
**Location:** `spec/compliance/profiles/`
|
|
1367
|
+
|
|
1368
|
+
**Profile Structure:**
|
|
1369
|
+
```
|
|
1370
|
+
spec/compliance/profiles/
|
|
1371
|
+
├── aws-baseline/
|
|
1372
|
+
│ ├── controls/
|
|
1373
|
+
│ │ ├── vpc_controls.rb
|
|
1374
|
+
│ │ ├── s3_controls.rb
|
|
1375
|
+
│ │ └── iam_controls.rb
|
|
1376
|
+
│ └── inspec.yml
|
|
1377
|
+
├── kubernetes-baseline/
|
|
1378
|
+
│ ├── controls/
|
|
1379
|
+
│ │ ├── rbac_controls.rb
|
|
1380
|
+
│ │ └── pod_security_controls.rb
|
|
1381
|
+
│ └── inspec.yml
|
|
1382
|
+
└── pangea-template/
|
|
1383
|
+
├── controls/
|
|
1384
|
+
│ └── template_compliance.rb
|
|
1385
|
+
└── inspec.yml
|
|
1386
|
+
```
|
|
1387
|
+
|
|
1388
|
+
**Example InSpec Profile:**
|
|
1389
|
+
```ruby
|
|
1390
|
+
# spec/compliance/profiles/aws-baseline/controls/s3_controls.rb
|
|
1391
|
+
|
|
1392
|
+
control 's3-bucket-encryption' do
|
|
1393
|
+
impact 1.0
|
|
1394
|
+
title 'S3 Bucket Encryption'
|
|
1395
|
+
desc 'All S3 buckets must have encryption enabled'
|
|
1396
|
+
|
|
1397
|
+
# Get bucket IDs from Pangea template metadata
|
|
1398
|
+
template_spec = attribute('pangea_template_spec')
|
|
1399
|
+
s3_buckets = template_spec.dig(:resources, :s3_buckets) || []
|
|
1400
|
+
|
|
1401
|
+
s3_buckets.each do |bucket_name|
|
|
1402
|
+
describe aws_s3_bucket(bucket_name) do
|
|
1403
|
+
it { should exist }
|
|
1404
|
+
it { should have_default_encryption_enabled }
|
|
1405
|
+
its('bucket_encryption_algorithm') { should eq 'AES256' }
|
|
1406
|
+
end
|
|
1407
|
+
end
|
|
1408
|
+
end
|
|
1409
|
+
|
|
1410
|
+
control 's3-bucket-versioning' do
|
|
1411
|
+
impact 0.8
|
|
1412
|
+
title 'S3 Bucket Versioning'
|
|
1413
|
+
desc 'Production S3 buckets should have versioning enabled'
|
|
1414
|
+
|
|
1415
|
+
template_spec = attribute('pangea_template_spec')
|
|
1416
|
+
environment = template_spec.dig(:namespace)
|
|
1417
|
+
|
|
1418
|
+
only_if { environment == 'production' }
|
|
1419
|
+
|
|
1420
|
+
s3_buckets = template_spec.dig(:resources, :s3_buckets) || []
|
|
1421
|
+
|
|
1422
|
+
s3_buckets.each do |bucket_name|
|
|
1423
|
+
describe aws_s3_bucket(bucket_name) do
|
|
1424
|
+
it { should have_versioning_enabled }
|
|
1425
|
+
end
|
|
1426
|
+
end
|
|
1427
|
+
end
|
|
1428
|
+
|
|
1429
|
+
control 's3-bucket-public-access' do
|
|
1430
|
+
impact 1.0
|
|
1431
|
+
title 'S3 Bucket Public Access Block'
|
|
1432
|
+
desc 'S3 buckets must block all public access'
|
|
1433
|
+
|
|
1434
|
+
template_spec = attribute('pangea_template_spec')
|
|
1435
|
+
s3_buckets = template_spec.dig(:resources, :s3_buckets) || []
|
|
1436
|
+
|
|
1437
|
+
s3_buckets.each do |bucket_name|
|
|
1438
|
+
describe aws_s3_bucket(bucket_name) do
|
|
1439
|
+
it { should have_access_logging_enabled }
|
|
1440
|
+
it { should_not be_public }
|
|
1441
|
+
its('bucket_acl.grants') { should_not include(grantee_type: 'AllUsers') }
|
|
1442
|
+
end
|
|
1443
|
+
end
|
|
1444
|
+
end
|
|
1445
|
+
```
|
|
1446
|
+
|
|
1447
|
+
**Running InSpec Tests:**
|
|
1448
|
+
```bash
|
|
1449
|
+
# Run InSpec profile against deployed infrastructure
|
|
1450
|
+
inspec exec spec/compliance/profiles/aws-baseline \
|
|
1451
|
+
--input-file template-metadata.json \
|
|
1452
|
+
--reporter json:compliance-report.json cli
|
|
1453
|
+
|
|
1454
|
+
# Automated execution via executor pod
|
|
1455
|
+
ruby -r pangea/compliance/validator -e '
|
|
1456
|
+
validator = Pangea::Compliance::Validator.new
|
|
1457
|
+
result = validator.validate(
|
|
1458
|
+
template_spec: load_template_spec,
|
|
1459
|
+
profiles: ["aws-baseline", "pangea-template"]
|
|
1460
|
+
)
|
|
1461
|
+
|
|
1462
|
+
puts JSON.pretty_generate(result.to_h)
|
|
1463
|
+
'
|
|
1464
|
+
```
|
|
1465
|
+
|
|
1466
|
+
#### Layer 3: End-to-End Operator Tests
|
|
1467
|
+
|
|
1468
|
+
**Purpose:** Test complete operator behavior in Kubernetes
|
|
1469
|
+
|
|
1470
|
+
**Location:** `spec/operators/e2e/`
|
|
1471
|
+
|
|
1472
|
+
**Test Framework:** Go testing + Ruby RSpec
|
|
1473
|
+
|
|
1474
|
+
**Test Scenarios:**
|
|
1475
|
+
|
|
1476
|
+
1. **Reconciliation Tests** (`spec/operators/e2e/reconciliation_test.go`)
|
|
1477
|
+
```go
|
|
1478
|
+
func TestTemplateReconciliation(t *testing.T) {
|
|
1479
|
+
// Setup test cluster
|
|
1480
|
+
testEnv := setupTestEnvironment(t)
|
|
1481
|
+
defer testEnv.Cleanup()
|
|
1482
|
+
|
|
1483
|
+
// Create PangeaTemplate resource
|
|
1484
|
+
template := &pangeav1alpha1.PangeaTemplate{
|
|
1485
|
+
ObjectMeta: metav1.ObjectMeta{
|
|
1486
|
+
Name: "test-template",
|
|
1487
|
+
Namespace: "default",
|
|
1488
|
+
},
|
|
1489
|
+
Spec: pangeav1alpha1.PangeaTemplateSpec{
|
|
1490
|
+
Source: pangeav1alpha1.SourceSpec{
|
|
1491
|
+
Type: "configmap",
|
|
1492
|
+
ConfigMap: &pangeav1alpha1.ConfigMapSource{
|
|
1493
|
+
Name: "test-template-source",
|
|
1494
|
+
},
|
|
1495
|
+
},
|
|
1496
|
+
Pangea: pangeav1alpha1.PangeaSpec{
|
|
1497
|
+
Namespace: "development",
|
|
1498
|
+
Template: "web_server",
|
|
1499
|
+
},
|
|
1500
|
+
Reconciliation: pangeav1alpha1.ReconciliationSpec{
|
|
1501
|
+
Mode: "event-driven",
|
|
1502
|
+
},
|
|
1503
|
+
},
|
|
1504
|
+
}
|
|
1505
|
+
|
|
1506
|
+
err := testEnv.Client.Create(context.TODO(), template)
|
|
1507
|
+
assert.NoError(t, err)
|
|
1508
|
+
|
|
1509
|
+
// Wait for reconciliation
|
|
1510
|
+
Eventually(func() bool {
|
|
1511
|
+
var updated pangeav1alpha1.PangeaTemplate
|
|
1512
|
+
err := testEnv.Client.Get(context.TODO(),
|
|
1513
|
+
types.NamespacedName{Name: "test-template", Namespace: "default"},
|
|
1514
|
+
&updated)
|
|
1515
|
+
|
|
1516
|
+
if err != nil {
|
|
1517
|
+
return false
|
|
1518
|
+
}
|
|
1519
|
+
|
|
1520
|
+
return updated.Status.Conditions[0].Type == "Ready" &&
|
|
1521
|
+
updated.Status.Conditions[0].Status == "True"
|
|
1522
|
+
}, timeout, interval).Should(BeTrue())
|
|
1523
|
+
|
|
1524
|
+
// Verify resources were created
|
|
1525
|
+
var updated pangeav1alpha1.PangeaTemplate
|
|
1526
|
+
err = testEnv.Client.Get(context.TODO(),
|
|
1527
|
+
types.NamespacedName{Name: "test-template", Namespace: "default"},
|
|
1528
|
+
&updated)
|
|
1529
|
+
assert.NoError(t, err)
|
|
1530
|
+
assert.Equal(t, 4, updated.Status.Resources.Total)
|
|
1531
|
+
assert.Equal(t, 4, updated.Status.Resources.Created)
|
|
1532
|
+
}
|
|
1533
|
+
```
|
|
1534
|
+
|
|
1535
|
+
2. **Drift Detection Tests** (`spec/operators/e2e/drift_detection_test.go`)
|
|
1536
|
+
```go
|
|
1537
|
+
func TestDriftDetectionAndRemediation(t *testing.T) {
|
|
1538
|
+
testEnv := setupTestEnvironment(t)
|
|
1539
|
+
defer testEnv.Cleanup()
|
|
1540
|
+
|
|
1541
|
+
// Create template with drift detection enabled
|
|
1542
|
+
template := createTemplateWithDrift(t, testEnv, &pangeav1alpha1.DriftDetectionSpec{
|
|
1543
|
+
Enabled: true,
|
|
1544
|
+
Interval: metav1.Duration{Duration: 1 * time.Minute},
|
|
1545
|
+
AutoRemediate: true,
|
|
1546
|
+
})
|
|
1547
|
+
|
|
1548
|
+
// Wait for initial reconciliation
|
|
1549
|
+
waitForTemplateReady(t, testEnv, template)
|
|
1550
|
+
|
|
1551
|
+
// Simulate external drift (modify infrastructure outside of Pangea)
|
|
1552
|
+
simulateExternalDrift(t, template.Spec.Pangea.Namespace)
|
|
1553
|
+
|
|
1554
|
+
// Wait for drift detection
|
|
1555
|
+
Eventually(func() bool {
|
|
1556
|
+
var updated pangeav1alpha1.PangeaTemplate
|
|
1557
|
+
testEnv.Client.Get(context.TODO(),
|
|
1558
|
+
types.NamespacedName{Name: template.Name, Namespace: template.Namespace},
|
|
1559
|
+
&updated)
|
|
1560
|
+
|
|
1561
|
+
return updated.Status.Drift.Detected == true
|
|
1562
|
+
}, timeout, interval).Should(BeTrue())
|
|
1563
|
+
|
|
1564
|
+
// Wait for auto-remediation
|
|
1565
|
+
Eventually(func() bool {
|
|
1566
|
+
var updated pangeav1alpha1.PangeaTemplate
|
|
1567
|
+
testEnv.Client.Get(context.TODO(),
|
|
1568
|
+
types.NamespacedName{Name: template.Name, Namespace: template.Namespace},
|
|
1569
|
+
&updated)
|
|
1570
|
+
|
|
1571
|
+
return updated.Status.Drift.Detected == false
|
|
1572
|
+
}, timeout, interval).Should(BeTrue())
|
|
1573
|
+
|
|
1574
|
+
// Verify infrastructure was corrected
|
|
1575
|
+
verifyInfrastructureState(t, template)
|
|
1576
|
+
}
|
|
1577
|
+
```
|
|
1578
|
+
|
|
1579
|
+
3. **Compliance Validation Tests** (`spec/operators/e2e/compliance_validation_spec.rb`)
|
|
1580
|
+
```ruby
|
|
1581
|
+
RSpec.describe 'Compliance Validation E2E' do
|
|
1582
|
+
let(:k8s_client) { Kubernetes::Client.new }
|
|
1583
|
+
let(:template_name) { 'compliance-test-template' }
|
|
1584
|
+
|
|
1585
|
+
before(:all) do
|
|
1586
|
+
# Create test template with compliance enabled
|
|
1587
|
+
create_template_with_compliance
|
|
1588
|
+
end
|
|
1589
|
+
|
|
1590
|
+
after(:all) do
|
|
1591
|
+
# Cleanup
|
|
1592
|
+
delete_template(template_name)
|
|
1593
|
+
end
|
|
1594
|
+
|
|
1595
|
+
it 'runs compliance checks on schedule' do
|
|
1596
|
+
# Wait for first compliance check
|
|
1597
|
+
sleep 65 # Wait for 1-minute interval
|
|
1598
|
+
|
|
1599
|
+
# Fetch template status
|
|
1600
|
+
template = k8s_client.get_resource(
|
|
1601
|
+
'PangeaTemplate',
|
|
1602
|
+
template_name,
|
|
1603
|
+
'infrastructure'
|
|
1604
|
+
)
|
|
1605
|
+
|
|
1606
|
+
expect(template.status.compliance.status).to eq('Compliant')
|
|
1607
|
+
expect(template.status.compliance.passedControls).to be > 0
|
|
1608
|
+
expect(template.status.compliance.score).to eq(100)
|
|
1609
|
+
end
|
|
1610
|
+
|
|
1611
|
+
it 'detects non-compliant infrastructure' do
|
|
1612
|
+
# Create non-compliant resource
|
|
1613
|
+
create_insecure_s3_bucket('test-insecure-bucket')
|
|
1614
|
+
|
|
1615
|
+
# Trigger compliance check
|
|
1616
|
+
trigger_compliance_check(template_name)
|
|
1617
|
+
|
|
1618
|
+
# Wait for check completion
|
|
1619
|
+
sleep 30
|
|
1620
|
+
|
|
1621
|
+
# Fetch updated status
|
|
1622
|
+
template = k8s_client.get_resource(
|
|
1623
|
+
'PangeaTemplate',
|
|
1624
|
+
template_name,
|
|
1625
|
+
'infrastructure'
|
|
1626
|
+
)
|
|
1627
|
+
|
|
1628
|
+
expect(template.status.compliance.status).to eq('NonCompliant')
|
|
1629
|
+
expect(template.status.compliance.failedControls).to be > 0
|
|
1630
|
+
expect(template.status.compliance.score).to be < 100
|
|
1631
|
+
|
|
1632
|
+
# Verify Kubernetes event was emitted
|
|
1633
|
+
events = k8s_client.get_events(
|
|
1634
|
+
field_selector: "involvedObject.name=#{template_name}"
|
|
1635
|
+
)
|
|
1636
|
+
|
|
1637
|
+
expect(events).to include(
|
|
1638
|
+
reason: 'ComplianceCheckFailed',
|
|
1639
|
+
message: /s3-bucket-encryption/
|
|
1640
|
+
)
|
|
1641
|
+
end
|
|
1642
|
+
end
|
|
1643
|
+
```
|
|
1644
|
+
|
|
1645
|
+
### Testing Pipeline
|
|
1646
|
+
|
|
1647
|
+
```yaml
|
|
1648
|
+
# .github/workflows/operator-tests.yml
|
|
1649
|
+
name: Operator Tests
|
|
1650
|
+
|
|
1651
|
+
on: [push, pull_request]
|
|
1652
|
+
|
|
1653
|
+
jobs:
|
|
1654
|
+
unit-tests:
|
|
1655
|
+
runs-on: ubuntu-latest
|
|
1656
|
+
steps:
|
|
1657
|
+
- uses: actions/checkout@v4
|
|
1658
|
+
- uses: ruby/setup-ruby@v1
|
|
1659
|
+
with:
|
|
1660
|
+
ruby-version: '3.3'
|
|
1661
|
+
- name: Run RSpec unit tests
|
|
1662
|
+
run: |
|
|
1663
|
+
bundle install
|
|
1664
|
+
rspec spec/operators/ \
|
|
1665
|
+
--exclude-pattern "spec/operators/e2e/**"
|
|
1666
|
+
|
|
1667
|
+
inspec-tests:
|
|
1668
|
+
runs-on: ubuntu-latest
|
|
1669
|
+
needs: unit-tests
|
|
1670
|
+
steps:
|
|
1671
|
+
- uses: actions/checkout@v4
|
|
1672
|
+
- name: Setup InSpec
|
|
1673
|
+
run: |
|
|
1674
|
+
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
|
|
1675
|
+
- name: Validate InSpec profiles
|
|
1676
|
+
run: |
|
|
1677
|
+
inspec check spec/compliance/profiles/aws-baseline
|
|
1678
|
+
inspec check spec/compliance/profiles/kubernetes-baseline
|
|
1679
|
+
|
|
1680
|
+
e2e-tests:
|
|
1681
|
+
runs-on: ubuntu-latest
|
|
1682
|
+
needs: [unit-tests, inspec-tests]
|
|
1683
|
+
steps:
|
|
1684
|
+
- uses: actions/checkout@v4
|
|
1685
|
+
- name: Setup kind cluster
|
|
1686
|
+
uses: helm/kind-action@v1
|
|
1687
|
+
- name: Build operator image
|
|
1688
|
+
run: |
|
|
1689
|
+
make docker-build
|
|
1690
|
+
kind load docker-image pangea-operator:test
|
|
1691
|
+
- name: Deploy operator
|
|
1692
|
+
run: |
|
|
1693
|
+
make deploy IMG=pangea-operator:test
|
|
1694
|
+
- name: Run E2E tests
|
|
1695
|
+
run: |
|
|
1696
|
+
go test ./test/e2e/... -v -timeout 30m
|
|
1697
|
+
```
|
|
1698
|
+
|
|
1699
|
+
---
|
|
1700
|
+
|
|
1701
|
+
## Implementation Roadmap
|
|
1702
|
+
|
|
1703
|
+
### Phase 1: Foundation (Weeks 1-2)
|
|
1704
|
+
|
|
1705
|
+
**Goal:** Build core operator infrastructure
|
|
1706
|
+
|
|
1707
|
+
**Tasks:**
|
|
1708
|
+
1. ✅ Create Go operator scaffold with Kubebuilder
|
|
1709
|
+
2. ✅ Define PangeaTemplate CRD
|
|
1710
|
+
3. ✅ Implement basic reconciliation loop
|
|
1711
|
+
4. ✅ Create executor pod specification
|
|
1712
|
+
5. ✅ Set up development environment (kind cluster)
|
|
1713
|
+
|
|
1714
|
+
**Deliverables:**
|
|
1715
|
+
- Operator watches PangeaTemplate CRDs
|
|
1716
|
+
- Spawns executor pods
|
|
1717
|
+
- Basic status updates
|
|
1718
|
+
- Local development workflow
|
|
1719
|
+
|
|
1720
|
+
**Success Criteria:**
|
|
1721
|
+
- Operator can create/delete executor pods
|
|
1722
|
+
- CRD spec is validated
|
|
1723
|
+
- Status conditions are updated
|
|
1724
|
+
|
|
1725
|
+
### Phase 2: Drift Detection (Weeks 3-4)
|
|
1726
|
+
|
|
1727
|
+
**Goal:** Implement continuous drift detection
|
|
1728
|
+
|
|
1729
|
+
**Tasks:**
|
|
1730
|
+
1. ✅ Implement drift detector in Ruby
|
|
1731
|
+
2. ✅ Integrate drift detection into reconciliation loop
|
|
1732
|
+
3. ✅ Add drift scheduling (periodic checks)
|
|
1733
|
+
4. ✅ Implement drift reporting and status updates
|
|
1734
|
+
5. ✅ Add Kubernetes events for drift detection
|
|
1735
|
+
|
|
1736
|
+
**Deliverables:**
|
|
1737
|
+
- Automated drift detection on schedule
|
|
1738
|
+
- Detailed drift reports in status
|
|
1739
|
+
- Event emission for drift
|
|
1740
|
+
- Drift history tracking
|
|
1741
|
+
|
|
1742
|
+
**Success Criteria:**
|
|
1743
|
+
- Detects drift within 1 minute of external change
|
|
1744
|
+
- Accurate drift classification
|
|
1745
|
+
- Clear status reporting
|
|
1746
|
+
|
|
1747
|
+
### Phase 3: Auto-Remediation (Weeks 5-6)
|
|
1748
|
+
|
|
1749
|
+
**Goal:** Implement automatic drift remediation
|
|
1750
|
+
|
|
1751
|
+
**Tasks:**
|
|
1752
|
+
1. ✅ Implement remediation policies (immediate, manual, scheduled)
|
|
1753
|
+
2. ✅ Add safety checks and validation before remediation
|
|
1754
|
+
3. ✅ Implement notification system (Slack, email, webhooks)
|
|
1755
|
+
4. ✅ Add audit logging for all remediation actions
|
|
1756
|
+
5. ✅ Create emergency override mechanisms
|
|
1757
|
+
|
|
1758
|
+
**Deliverables:**
|
|
1759
|
+
- Configurable auto-remediation
|
|
1760
|
+
- Multi-channel notifications
|
|
1761
|
+
- Audit trail
|
|
1762
|
+
- Safety mechanisms
|
|
1763
|
+
|
|
1764
|
+
**Success Criteria:**
|
|
1765
|
+
- Auto-remediation works correctly
|
|
1766
|
+
- No false positives in production
|
|
1767
|
+
- Clear audit trail
|
|
1768
|
+
|
|
1769
|
+
### Phase 4: Compliance Integration (Weeks 7-8)
|
|
1770
|
+
|
|
1771
|
+
**Goal:** Integrate InSpec for continuous compliance
|
|
1772
|
+
|
|
1773
|
+
**Tasks:**
|
|
1774
|
+
1. ✅ Create InSpec wrapper in Ruby
|
|
1775
|
+
2. ✅ Implement compliance validator
|
|
1776
|
+
3. ✅ Create baseline InSpec profiles
|
|
1777
|
+
4. ✅ Add compliance reporting to CRD status
|
|
1778
|
+
5. ✅ Integrate compliance into reconciliation
|
|
1779
|
+
|
|
1780
|
+
**Deliverables:**
|
|
1781
|
+
- Automated compliance checks
|
|
1782
|
+
- Pre-built compliance profiles
|
|
1783
|
+
- Compliance dashboard data
|
|
1784
|
+
- Compliance-as-code examples
|
|
1785
|
+
|
|
1786
|
+
**Success Criteria:**
|
|
1787
|
+
- Compliance checks run on schedule
|
|
1788
|
+
- Accurate compliance scoring
|
|
1789
|
+
- Clear non-compliance reporting
|
|
1790
|
+
|
|
1791
|
+
### Phase 5: Testing & Hardening (Weeks 9-10)
|
|
1792
|
+
|
|
1793
|
+
**Goal:** Comprehensive testing and production readiness
|
|
1794
|
+
|
|
1795
|
+
**Tasks:**
|
|
1796
|
+
1. ✅ Write RSpec unit tests (>80% coverage)
|
|
1797
|
+
2. ✅ Create InSpec profiles for all resource types
|
|
1798
|
+
3. ✅ Build E2E test suite
|
|
1799
|
+
4. ✅ Performance testing and optimization
|
|
1800
|
+
5. ✅ Security audit and hardening
|
|
1801
|
+
|
|
1802
|
+
**Deliverables:**
|
|
1803
|
+
- Complete test suite
|
|
1804
|
+
- Performance benchmarks
|
|
1805
|
+
- Security documentation
|
|
1806
|
+
- Production deployment guide
|
|
1807
|
+
|
|
1808
|
+
**Success Criteria:**
|
|
1809
|
+
- >80% test coverage
|
|
1810
|
+
- All E2E tests pass
|
|
1811
|
+
- Security audit complete
|
|
1812
|
+
- Documentation complete
|
|
1813
|
+
|
|
1814
|
+
### Phase 6: Production Deployment (Weeks 11-12)
|
|
1815
|
+
|
|
1816
|
+
**Goal:** Deploy to production clusters
|
|
1817
|
+
|
|
1818
|
+
**Tasks:**
|
|
1819
|
+
1. ✅ Create Helm chart
|
|
1820
|
+
2. ✅ Set up monitoring and alerting
|
|
1821
|
+
3. ✅ Create runbooks and documentation
|
|
1822
|
+
4. ✅ Gradual rollout to production
|
|
1823
|
+
5. ✅ Post-deployment validation
|
|
1824
|
+
|
|
1825
|
+
**Deliverables:**
|
|
1826
|
+
- Production Helm chart
|
|
1827
|
+
- Monitoring dashboards
|
|
1828
|
+
- Operational runbooks
|
|
1829
|
+
- Production deployment
|
|
1830
|
+
|
|
1831
|
+
**Success Criteria:**
|
|
1832
|
+
- Operator running in production
|
|
1833
|
+
- Zero downtime deployment
|
|
1834
|
+
- Monitoring operational
|
|
1835
|
+
- Documentation complete
|
|
1836
|
+
|
|
1837
|
+
---
|
|
1838
|
+
|
|
1839
|
+
## Task Breakdown for Agents
|
|
1840
|
+
|
|
1841
|
+
This section provides detailed, step-by-step tasks that an AI agent can execute without losing context. Each task is atomic, testable, and includes clear success criteria.
|
|
1842
|
+
|
|
1843
|
+
### Phase 1 Tasks
|
|
1844
|
+
|
|
1845
|
+
#### Task 1.1: Initialize Operator Project with Nix Build System
|
|
1846
|
+
|
|
1847
|
+
**Objective:** Create Go operator scaffold with Nix flake for reproducible builds
|
|
1848
|
+
|
|
1849
|
+
**Steps:**
|
|
1850
|
+
1. Install kubebuilder v3.14+
|
|
1851
|
+
```bash
|
|
1852
|
+
curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/$(go env GOOS)/$(go env GOARCH)
|
|
1853
|
+
chmod +x kubebuilder
|
|
1854
|
+
sudo mv kubebuilder /usr/local/bin/
|
|
1855
|
+
```
|
|
1856
|
+
|
|
1857
|
+
2. Initialize new operator project
|
|
1858
|
+
```bash
|
|
1859
|
+
mkdir -p pkgs/operators/pangea-operator
|
|
1860
|
+
cd pkgs/operators/pangea-operator
|
|
1861
|
+
kubebuilder init --domain pangea.io --repo github.com/pleme-io/nexus/pkgs/operators/pangea-operator
|
|
1862
|
+
```
|
|
1863
|
+
|
|
1864
|
+
3. Create API scaffold
|
|
1865
|
+
```bash
|
|
1866
|
+
kubebuilder create api --group pangea --version v1alpha1 --kind PangeaTemplate
|
|
1867
|
+
# Answer 'y' to both prompts
|
|
1868
|
+
```
|
|
1869
|
+
|
|
1870
|
+
4. **NEW: Create Nix flake for operator**
|
|
1871
|
+
```bash
|
|
1872
|
+
# Create flake.nix (see Build System Architecture section for complete example)
|
|
1873
|
+
cat > flake.nix <<'EOF'
|
|
1874
|
+
{
|
|
1875
|
+
description = "Pangea Kubernetes Operator";
|
|
1876
|
+
|
|
1877
|
+
inputs = {
|
|
1878
|
+
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
1879
|
+
flake-utils.url = "github:numtide/flake-utils";
|
|
1880
|
+
nexus.url = "path:../../..";
|
|
1881
|
+
nix-lib.url = "path:../../../nix/lib";
|
|
1882
|
+
};
|
|
1883
|
+
|
|
1884
|
+
outputs = { nixpkgs, flake-utils, nexus, nix-lib, ... }:
|
|
1885
|
+
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (
|
|
1886
|
+
system:
|
|
1887
|
+
let
|
|
1888
|
+
goService = import "${nix-lib}/go-service.nix" {
|
|
1889
|
+
inherit system nixpkgs;
|
|
1890
|
+
nixLib = nix-lib;
|
|
1891
|
+
nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
1892
|
+
};
|
|
1893
|
+
in
|
|
1894
|
+
goService {
|
|
1895
|
+
serviceName = "pangea-operator";
|
|
1896
|
+
src = ./.;
|
|
1897
|
+
description = "Pangea Kubernetes Operator for continuous drift detection";
|
|
1898
|
+
goVersion = "1.23";
|
|
1899
|
+
vendorHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
|
1900
|
+
buildInputs = [];
|
|
1901
|
+
ldflags = ["-s" "-w" "-X main.version=\${version}"];
|
|
1902
|
+
containerPorts = { metrics = 8080; health = 8081; };
|
|
1903
|
+
productName = "infrastructure";
|
|
1904
|
+
namespace = "pangea-system";
|
|
1905
|
+
cluster = "orion";
|
|
1906
|
+
}
|
|
1907
|
+
);
|
|
1908
|
+
}
|
|
1909
|
+
EOF
|
|
1910
|
+
```
|
|
1911
|
+
|
|
1912
|
+
5. **NEW: Create go-service.nix helper in nix-lib**
|
|
1913
|
+
```bash
|
|
1914
|
+
# Navigate to nix-lib directory
|
|
1915
|
+
cd ../../../nix/lib
|
|
1916
|
+
|
|
1917
|
+
# Create go-service.nix (see Build System Architecture section for complete implementation)
|
|
1918
|
+
# This file mirrors the pattern of rust-service.nix for Go services
|
|
1919
|
+
```
|
|
1920
|
+
|
|
1921
|
+
6. Verify scaffold and Nix build
|
|
1922
|
+
```bash
|
|
1923
|
+
cd pkgs/operators/pangea-operator
|
|
1924
|
+
|
|
1925
|
+
# Traditional Go build
|
|
1926
|
+
make manifests
|
|
1927
|
+
make generate
|
|
1928
|
+
go build -o bin/manager main.go
|
|
1929
|
+
|
|
1930
|
+
# Nix build (generates vendorHash on first run)
|
|
1931
|
+
go mod vendor
|
|
1932
|
+
nix-hash --type sha256 --sri --base64 <(tar -c vendor) # Update vendorHash in flake.nix
|
|
1933
|
+
nix build .#default # Build the operator binary
|
|
1934
|
+
nix build .#dockerImage-amd64 # Build container image
|
|
1935
|
+
```
|
|
1936
|
+
|
|
1937
|
+
7. **NEW: Test Nix development shell**
|
|
1938
|
+
```bash
|
|
1939
|
+
nix develop
|
|
1940
|
+
# Verify you have: go, gopls, gotools, golangci-lint, kubectl, helm
|
|
1941
|
+
go version # Should show Go 1.23
|
|
1942
|
+
```
|
|
1943
|
+
|
|
1944
|
+
**Success Criteria:**
|
|
1945
|
+
- Project builds without errors (both `go build` and `nix build`)
|
|
1946
|
+
- CRD manifests generated in `config/crd/bases/`
|
|
1947
|
+
- Controller code exists in `controllers/pangeatemplate_controller.go`
|
|
1948
|
+
- Nix flake builds successfully: `nix build .#default`
|
|
1949
|
+
- Docker image builds: `nix build .#dockerImage-amd64`
|
|
1950
|
+
- Development shell works: `nix develop`
|
|
1951
|
+
|
|
1952
|
+
**Output Files:**
|
|
1953
|
+
- `PROJECT` (kubebuilder project file)
|
|
1954
|
+
- `Makefile` (kubebuilder makefile)
|
|
1955
|
+
- `main.go` (operator entry point)
|
|
1956
|
+
- `api/v1alpha1/pangeatemplate_types.go` (CRD types)
|
|
1957
|
+
- `controllers/pangeatemplate_controller.go` (reconciler)
|
|
1958
|
+
- `flake.nix` (Nix build configuration)
|
|
1959
|
+
- `flake.lock` (Nix dependency lock file)
|
|
1960
|
+
- `go.mod` and `go.sum` (Go dependencies)
|
|
1961
|
+
- `vendor/` (Go vendored dependencies for Nix)
|
|
1962
|
+
- `nix/lib/go-service.nix` (Go service builder helper)
|
|
1963
|
+
|
|
1964
|
+
#### Task 1.2: Define PangeaTemplate CRD Spec
|
|
1965
|
+
|
|
1966
|
+
**Objective:** Implement complete CRD specification
|
|
1967
|
+
|
|
1968
|
+
**File to Edit:** `api/v1alpha1/pangeatemplate_types.go`
|
|
1969
|
+
|
|
1970
|
+
**Steps:**
|
|
1971
|
+
1. Add import statements
|
|
1972
|
+
```go
|
|
1973
|
+
import (
|
|
1974
|
+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
1975
|
+
corev1 "k8s.io/api/core/v1"
|
|
1976
|
+
)
|
|
1977
|
+
```
|
|
1978
|
+
|
|
1979
|
+
2. Define source specification
|
|
1980
|
+
```go
|
|
1981
|
+
type SourceSpec struct {
|
|
1982
|
+
// Type of source (git, configmap, inline)
|
|
1983
|
+
// +kubebuilder:validation:Enum=git;configmap;inline
|
|
1984
|
+
Type string `json:"type"`
|
|
1985
|
+
|
|
1986
|
+
// Git source configuration
|
|
1987
|
+
// +optional
|
|
1988
|
+
Git *GitSource `json:"git,omitempty"`
|
|
1989
|
+
|
|
1990
|
+
// ConfigMap source configuration
|
|
1991
|
+
// +optional
|
|
1992
|
+
ConfigMap *ConfigMapSource `json:"configMap,omitempty"`
|
|
1993
|
+
|
|
1994
|
+
// Inline template content
|
|
1995
|
+
// +optional
|
|
1996
|
+
Inline *string `json:"inline,omitempty"`
|
|
1997
|
+
}
|
|
1998
|
+
|
|
1999
|
+
type GitSource struct {
|
|
2000
|
+
Repository string `json:"repository"`
|
|
2001
|
+
Path string `json:"path"`
|
|
2002
|
+
Ref string `json:"ref"`
|
|
2003
|
+
|
|
2004
|
+
// +optional
|
|
2005
|
+
AuthSecretRef *corev1.LocalObjectReference `json:"authSecretRef,omitempty"`
|
|
2006
|
+
}
|
|
2007
|
+
|
|
2008
|
+
type ConfigMapSource struct {
|
|
2009
|
+
Name string `json:"name"`
|
|
2010
|
+
Key string `json:"key,omitempty"`
|
|
2011
|
+
}
|
|
2012
|
+
```
|
|
2013
|
+
|
|
2014
|
+
3. Define Pangea spec
|
|
2015
|
+
```go
|
|
2016
|
+
type PangeaSpec struct {
|
|
2017
|
+
// Pangea namespace (not K8s namespace)
|
|
2018
|
+
Namespace string `json:"namespace"`
|
|
2019
|
+
|
|
2020
|
+
// Template name
|
|
2021
|
+
Template string `json:"template"`
|
|
2022
|
+
|
|
2023
|
+
// Auto-approve changes
|
|
2024
|
+
// +optional
|
|
2025
|
+
// +kubebuilder:default=true
|
|
2026
|
+
AutoApprove bool `json:"autoApprove,omitempty"`
|
|
2027
|
+
}
|
|
2028
|
+
```
|
|
2029
|
+
|
|
2030
|
+
4. Define reconciliation spec
|
|
2031
|
+
```go
|
|
2032
|
+
type ReconciliationSpec struct {
|
|
2033
|
+
// +kubebuilder:validation:Enum=event-driven;periodic;hybrid
|
|
2034
|
+
// +kubebuilder:default=hybrid
|
|
2035
|
+
Mode string `json:"mode"`
|
|
2036
|
+
|
|
2037
|
+
// +optional
|
|
2038
|
+
// +kubebuilder:default="5m"
|
|
2039
|
+
Interval metav1.Duration `json:"interval,omitempty"`
|
|
2040
|
+
|
|
2041
|
+
// +optional
|
|
2042
|
+
// +kubebuilder:default="10m"
|
|
2043
|
+
Timeout metav1.Duration `json:"timeout,omitempty"`
|
|
2044
|
+
}
|
|
2045
|
+
```
|
|
2046
|
+
|
|
2047
|
+
5. Define drift detection spec
|
|
2048
|
+
```go
|
|
2049
|
+
type DriftDetectionSpec struct {
|
|
2050
|
+
Enabled bool `json:"enabled"`
|
|
2051
|
+
|
|
2052
|
+
// +optional
|
|
2053
|
+
// +kubebuilder:default="10m"
|
|
2054
|
+
Interval metav1.Duration `json:"interval,omitempty"`
|
|
2055
|
+
|
|
2056
|
+
// +optional
|
|
2057
|
+
// +kubebuilder:default=true
|
|
2058
|
+
AutoRemediate bool `json:"autoRemediate,omitempty"`
|
|
2059
|
+
|
|
2060
|
+
// +kubebuilder:validation:Enum=immediate;manual;scheduled
|
|
2061
|
+
// +kubebuilder:default=immediate
|
|
2062
|
+
RemediationPolicy string `json:"remediationPolicy,omitempty"`
|
|
2063
|
+
|
|
2064
|
+
// +optional
|
|
2065
|
+
Notifications []NotificationSpec `json:"notifications,omitempty"`
|
|
2066
|
+
}
|
|
2067
|
+
|
|
2068
|
+
type NotificationSpec struct {
|
|
2069
|
+
// +kubebuilder:validation:Enum=slack;email;webhook
|
|
2070
|
+
Type string `json:"type"`
|
|
2071
|
+
|
|
2072
|
+
// +optional
|
|
2073
|
+
Channel string `json:"channel,omitempty"`
|
|
2074
|
+
|
|
2075
|
+
// +optional
|
|
2076
|
+
Recipients []string `json:"recipients,omitempty"`
|
|
2077
|
+
|
|
2078
|
+
// +optional
|
|
2079
|
+
SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"`
|
|
2080
|
+
}
|
|
2081
|
+
```
|
|
2082
|
+
|
|
2083
|
+
6. Define complete PangeaTemplateSpec
|
|
2084
|
+
```go
|
|
2085
|
+
type PangeaTemplateSpec struct {
|
|
2086
|
+
Source SourceSpec `json:"source"`
|
|
2087
|
+
Pangea PangeaSpec `json:"pangea"`
|
|
2088
|
+
Reconciliation ReconciliationSpec `json:"reconciliation"`
|
|
2089
|
+
DriftDetection DriftDetectionSpec `json:"driftDetection"`
|
|
2090
|
+
// Add more fields as needed
|
|
2091
|
+
}
|
|
2092
|
+
```
|
|
2093
|
+
|
|
2094
|
+
7. Define status spec
|
|
2095
|
+
```go
|
|
2096
|
+
type PangeaTemplateStatus struct {
|
|
2097
|
+
// +optional
|
|
2098
|
+
Conditions []metav1.Condition `json:"conditions,omitempty"`
|
|
2099
|
+
|
|
2100
|
+
// +optional
|
|
2101
|
+
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
|
|
2102
|
+
|
|
2103
|
+
// +optional
|
|
2104
|
+
LastReconcileTime *metav1.Time `json:"lastReconcileTime,omitempty"`
|
|
2105
|
+
|
|
2106
|
+
// +optional
|
|
2107
|
+
Resources ResourceStatus `json:"resources,omitempty"`
|
|
2108
|
+
|
|
2109
|
+
// +optional
|
|
2110
|
+
Drift DriftStatus `json:"drift,omitempty"`
|
|
2111
|
+
}
|
|
2112
|
+
|
|
2113
|
+
type ResourceStatus struct {
|
|
2114
|
+
Total int `json:"total"`
|
|
2115
|
+
Created int `json:"created"`
|
|
2116
|
+
Modified int `json:"modified"`
|
|
2117
|
+
Deleted int `json:"deleted"`
|
|
2118
|
+
}
|
|
2119
|
+
|
|
2120
|
+
type DriftStatus struct {
|
|
2121
|
+
Detected bool `json:"detected"`
|
|
2122
|
+
LastCheckTime *metav1.Time `json:"lastCheckTime,omitempty"`
|
|
2123
|
+
NextCheckTime *metav1.Time `json:"nextCheckTime,omitempty"`
|
|
2124
|
+
Resources []DriftedResource `json:"resources,omitempty"`
|
|
2125
|
+
}
|
|
2126
|
+
|
|
2127
|
+
type DriftedResource struct {
|
|
2128
|
+
Type string `json:"type"`
|
|
2129
|
+
Name string `json:"name"`
|
|
2130
|
+
Attribute string `json:"attribute"`
|
|
2131
|
+
Expected string `json:"expected"`
|
|
2132
|
+
Actual string `json:"actual"`
|
|
2133
|
+
}
|
|
2134
|
+
```
|
|
2135
|
+
|
|
2136
|
+
8. Update PangeaTemplate struct
|
|
2137
|
+
```go
|
|
2138
|
+
// +kubebuilder:object:root=true
|
|
2139
|
+
// +kubebuilder:subresource:status
|
|
2140
|
+
// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
|
|
2141
|
+
// +kubebuilder:printcolumn:name="Drift",type=boolean,JSONPath=`.status.drift.detected`
|
|
2142
|
+
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
|
|
2143
|
+
type PangeaTemplate struct {
|
|
2144
|
+
metav1.TypeMeta `json:",inline"`
|
|
2145
|
+
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
2146
|
+
|
|
2147
|
+
Spec PangeaTemplateSpec `json:"spec,omitempty"`
|
|
2148
|
+
Status PangeaTemplateStatus `json:"status,omitempty"`
|
|
2149
|
+
}
|
|
2150
|
+
```
|
|
2151
|
+
|
|
2152
|
+
9. Generate manifests and code
|
|
2153
|
+
```bash
|
|
2154
|
+
make manifests
|
|
2155
|
+
make generate
|
|
2156
|
+
```
|
|
2157
|
+
|
|
2158
|
+
**Success Criteria:**
|
|
2159
|
+
- Code compiles without errors
|
|
2160
|
+
- CRD YAML is generated with all fields
|
|
2161
|
+
- Validation rules are present
|
|
2162
|
+
- Print columns are defined
|
|
2163
|
+
|
|
2164
|
+
**Verification:**
|
|
2165
|
+
```bash
|
|
2166
|
+
cat config/crd/bases/pangea.io_pangeatemplate.yaml | grep "type:" | wc -l
|
|
2167
|
+
# Should show multiple type definitions
|
|
2168
|
+
|
|
2169
|
+
make test
|
|
2170
|
+
# Should pass
|
|
2171
|
+
```
|
|
2172
|
+
|
|
2173
|
+
#### Task 1.3: Implement Basic Reconciliation Loop
|
|
2174
|
+
|
|
2175
|
+
**Objective:** Create functional reconciliation logic
|
|
2176
|
+
|
|
2177
|
+
**File to Edit:** `controllers/pangeatemplate_controller.go`
|
|
2178
|
+
|
|
2179
|
+
**Steps:**
|
|
2180
|
+
1. Update imports
|
|
2181
|
+
```go
|
|
2182
|
+
import (
|
|
2183
|
+
"context"
|
|
2184
|
+
"fmt"
|
|
2185
|
+
"time"
|
|
2186
|
+
|
|
2187
|
+
"k8s.io/apimachinery/pkg/runtime"
|
|
2188
|
+
ctrl "sigs.k8s.io/controller-runtime"
|
|
2189
|
+
"sigs.k8s.io/controller-runtime/pkg/client"
|
|
2190
|
+
"sigs.k8s.io/controller-runtime/pkg/log"
|
|
2191
|
+
|
|
2192
|
+
pangeav1alpha1 "github.com/pleme-io/nexus/pkgs/operators/pangea-operator/api/v1alpha1"
|
|
2193
|
+
)
|
|
2194
|
+
```
|
|
2195
|
+
|
|
2196
|
+
2. Implement Reconcile function
|
|
2197
|
+
```go
|
|
2198
|
+
func (r *PangeaTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
|
2199
|
+
logger := log.FromContext(ctx)
|
|
2200
|
+
logger.Info("Reconciling PangeaTemplate", "name", req.Name, "namespace", req.Namespace)
|
|
2201
|
+
|
|
2202
|
+
// 1. Fetch the PangeaTemplate resource
|
|
2203
|
+
var template pangeav1alpha1.PangeaTemplate
|
|
2204
|
+
if err := r.Get(ctx, req.NamespacedName, &template); err != nil {
|
|
2205
|
+
return ctrl.Result{}, client.IgnoreNotFound(err)
|
|
2206
|
+
}
|
|
2207
|
+
|
|
2208
|
+
// 2. Initialize status if needed
|
|
2209
|
+
if template.Status.Conditions == nil {
|
|
2210
|
+
template.Status.Conditions = []metav1.Condition{}
|
|
2211
|
+
}
|
|
2212
|
+
|
|
2213
|
+
// 3. Validate specification
|
|
2214
|
+
if err := r.validateSpec(&template); err != nil {
|
|
2215
|
+
logger.Error(err, "Invalid template specification")
|
|
2216
|
+
return r.updateStatusError(ctx, &template, err)
|
|
2217
|
+
}
|
|
2218
|
+
|
|
2219
|
+
// 4. Execute reconciliation
|
|
2220
|
+
if err := r.reconcileTemplate(ctx, &template); err != nil {
|
|
2221
|
+
logger.Error(err, "Reconciliation failed")
|
|
2222
|
+
return r.updateStatusError(ctx, &template, err)
|
|
2223
|
+
}
|
|
2224
|
+
|
|
2225
|
+
// 5. Update status with success
|
|
2226
|
+
if err := r.updateStatusSuccess(ctx, &template); err != nil {
|
|
2227
|
+
logger.Error(err, "Failed to update status")
|
|
2228
|
+
return ctrl.Result{}, err
|
|
2229
|
+
}
|
|
2230
|
+
|
|
2231
|
+
// 6. Calculate requeue interval based on mode
|
|
2232
|
+
requeueAfter := r.calculateRequeueInterval(&template)
|
|
2233
|
+
|
|
2234
|
+
logger.Info("Reconciliation complete", "requeueAfter", requeueAfter)
|
|
2235
|
+
return ctrl.Result{RequeueAfter: requeueAfter}, nil
|
|
2236
|
+
}
|
|
2237
|
+
```
|
|
2238
|
+
|
|
2239
|
+
3. Implement helper functions
|
|
2240
|
+
```go
|
|
2241
|
+
func (r *PangeaTemplateReconciler) validateSpec(template *pangeav1alpha1.PangeaTemplate) error {
|
|
2242
|
+
// Validate source configuration
|
|
2243
|
+
if template.Spec.Source.Type == "" {
|
|
2244
|
+
return fmt.Errorf("source type is required")
|
|
2245
|
+
}
|
|
2246
|
+
|
|
2247
|
+
switch template.Spec.Source.Type {
|
|
2248
|
+
case "git":
|
|
2249
|
+
if template.Spec.Source.Git == nil {
|
|
2250
|
+
return fmt.Errorf("git source configuration is required")
|
|
2251
|
+
}
|
|
2252
|
+
if template.Spec.Source.Git.Repository == "" {
|
|
2253
|
+
return fmt.Errorf("git repository is required")
|
|
2254
|
+
}
|
|
2255
|
+
case "configmap":
|
|
2256
|
+
if template.Spec.Source.ConfigMap == nil {
|
|
2257
|
+
return fmt.Errorf("configmap source configuration is required")
|
|
2258
|
+
}
|
|
2259
|
+
case "inline":
|
|
2260
|
+
if template.Spec.Source.Inline == nil || *template.Spec.Source.Inline == "" {
|
|
2261
|
+
return fmt.Errorf("inline template content is required")
|
|
2262
|
+
}
|
|
2263
|
+
default:
|
|
2264
|
+
return fmt.Errorf("unsupported source type: %s", template.Spec.Source.Type)
|
|
2265
|
+
}
|
|
2266
|
+
|
|
2267
|
+
return nil
|
|
2268
|
+
}
|
|
2269
|
+
|
|
2270
|
+
func (r *PangeaTemplateReconciler) reconcileTemplate(ctx context.Context, template *pangeav1alpha1.PangeaTemplate) error {
|
|
2271
|
+
logger := log.FromContext(ctx)
|
|
2272
|
+
|
|
2273
|
+
// For now, just log that we would execute
|
|
2274
|
+
logger.Info("Would execute Pangea template",
|
|
2275
|
+
"namespace", template.Spec.Pangea.Namespace,
|
|
2276
|
+
"template", template.Spec.Pangea.Template)
|
|
2277
|
+
|
|
2278
|
+
// TODO: Actually spawn executor pod and run Pangea
|
|
2279
|
+
// This will be implemented in later tasks
|
|
2280
|
+
|
|
2281
|
+
return nil
|
|
2282
|
+
}
|
|
2283
|
+
|
|
2284
|
+
func (r *PangeaTemplateReconciler) updateStatusSuccess(ctx context.Context, template *pangeav1alpha1.PangeaTemplate) error {
|
|
2285
|
+
// Update condition
|
|
2286
|
+
meta.SetStatusCondition(&template.Status.Conditions, metav1.Condition{
|
|
2287
|
+
Type: "Ready",
|
|
2288
|
+
Status: metav1.ConditionTrue,
|
|
2289
|
+
Reason: "ReconciliationSucceeded",
|
|
2290
|
+
Message: "Template successfully reconciled",
|
|
2291
|
+
})
|
|
2292
|
+
|
|
2293
|
+
// Update timestamps
|
|
2294
|
+
now := metav1.Now()
|
|
2295
|
+
template.Status.LastReconcileTime = &now
|
|
2296
|
+
template.Status.ObservedGeneration = template.Generation
|
|
2297
|
+
|
|
2298
|
+
// Update status
|
|
2299
|
+
return r.Status().Update(ctx, template)
|
|
2300
|
+
}
|
|
2301
|
+
|
|
2302
|
+
func (r *PangeaTemplateReconciler) updateStatusError(ctx context.Context, template *pangeav1alpha1.PangeaTemplate, err error) (ctrl.Result, error) {
|
|
2303
|
+
meta.SetStatusCondition(&template.Status.Conditions, metav1.Condition{
|
|
2304
|
+
Type: "Ready",
|
|
2305
|
+
Status: metav1.ConditionFalse,
|
|
2306
|
+
Reason: "ReconciliationFailed",
|
|
2307
|
+
Message: err.Error(),
|
|
2308
|
+
})
|
|
2309
|
+
|
|
2310
|
+
if updateErr := r.Status().Update(ctx, template); updateErr != nil {
|
|
2311
|
+
return ctrl.Result{}, updateErr
|
|
2312
|
+
}
|
|
2313
|
+
|
|
2314
|
+
return ctrl.Result{RequeueAfter: 1 * time.Minute}, err
|
|
2315
|
+
}
|
|
2316
|
+
|
|
2317
|
+
func (r *PangeaTemplateReconciler) calculateRequeueInterval(template *pangeav1alpha1.PangeaTemplate) time.Duration {
|
|
2318
|
+
switch template.Spec.Reconciliation.Mode {
|
|
2319
|
+
case "event-driven":
|
|
2320
|
+
return 0 // Don't requeue, only on events
|
|
2321
|
+
case "periodic":
|
|
2322
|
+
return template.Spec.Reconciliation.Interval.Duration
|
|
2323
|
+
case "hybrid":
|
|
2324
|
+
return template.Spec.Reconciliation.Interval.Duration
|
|
2325
|
+
default:
|
|
2326
|
+
return 5 * time.Minute
|
|
2327
|
+
}
|
|
2328
|
+
}
|
|
2329
|
+
```
|
|
2330
|
+
|
|
2331
|
+
4. Update SetupWithManager
|
|
2332
|
+
```go
|
|
2333
|
+
func (r *PangeaTemplateReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
|
2334
|
+
return ctrl.NewControllerManagedBy(mgr).
|
|
2335
|
+
For(&pangeav1alpha1.PangeaTemplate{}).
|
|
2336
|
+
Complete(r)
|
|
2337
|
+
}
|
|
2338
|
+
```
|
|
2339
|
+
|
|
2340
|
+
5. Test compilation
|
|
2341
|
+
```bash
|
|
2342
|
+
make build
|
|
2343
|
+
```
|
|
2344
|
+
|
|
2345
|
+
**Success Criteria:**
|
|
2346
|
+
- Controller compiles without errors
|
|
2347
|
+
- Reconcile function has complete logic flow
|
|
2348
|
+
- Status updates work correctly
|
|
2349
|
+
- Requeue logic is implemented
|
|
2350
|
+
|
|
2351
|
+
**Verification:**
|
|
2352
|
+
```bash
|
|
2353
|
+
# Build and test
|
|
2354
|
+
make build
|
|
2355
|
+
make test
|
|
2356
|
+
|
|
2357
|
+
# Should compile and tests should pass
|
|
2358
|
+
```
|
|
2359
|
+
|
|
2360
|
+
#### Task 1.4: Create Ruby Executor with Nix Build System
|
|
2361
|
+
|
|
2362
|
+
**Objective:** Create Pangea executor service with Nix flake for reproducible Ruby/Terraform/InSpec container builds
|
|
2363
|
+
|
|
2364
|
+
**Steps:**
|
|
2365
|
+
1. **Create executor project structure**
|
|
2366
|
+
```bash
|
|
2367
|
+
mkdir -p pkgs/operators/pangea-executor/{bin,lib,spec}
|
|
2368
|
+
cd pkgs/operators/pangea-executor
|
|
2369
|
+
```
|
|
2370
|
+
|
|
2371
|
+
2. **Create Gemfile with dependencies**
|
|
2372
|
+
```bash
|
|
2373
|
+
cat > Gemfile <<'EOF'
|
|
2374
|
+
source 'https://rubygems.org'
|
|
2375
|
+
|
|
2376
|
+
gem 'pangea', path: '../../tools/ruby/pangea' # Use monorepo Pangea
|
|
2377
|
+
gem 'thor', '~> 1.3' # CLI framework
|
|
2378
|
+
gem 'tty-spinner', '~> 0.9'
|
|
2379
|
+
gem 'tty-table', '~> 0.12'
|
|
2380
|
+
gem 'pastel', '~> 0.8'
|
|
2381
|
+
gem 'aws-sdk-s3', '~> 1.14'
|
|
2382
|
+
gem 'kubeclient', '~> 4.11'
|
|
2383
|
+
|
|
2384
|
+
group :test do
|
|
2385
|
+
gem 'rspec', '~> 3.13'
|
|
2386
|
+
gem 'rspec-mocks', '~> 3.13'
|
|
2387
|
+
gem 'webmock', '~> 3.19'
|
|
2388
|
+
end
|
|
2389
|
+
EOF
|
|
2390
|
+
```
|
|
2391
|
+
|
|
2392
|
+
3. **Create executor binary**
|
|
2393
|
+
```bash
|
|
2394
|
+
cat > bin/pangea-executor <<'EOF'
|
|
2395
|
+
#!/usr/bin/env ruby
|
|
2396
|
+
# frozen_string_literal: true
|
|
2397
|
+
|
|
2398
|
+
require_relative '../lib/pangea_executor'
|
|
2399
|
+
|
|
2400
|
+
PangeaExecutor::CLI.start(ARGV)
|
|
2401
|
+
EOF
|
|
2402
|
+
|
|
2403
|
+
chmod +x bin/pangea-executor
|
|
2404
|
+
```
|
|
2405
|
+
|
|
2406
|
+
4. **Create executor implementation stub**
|
|
2407
|
+
```bash
|
|
2408
|
+
cat > lib/pangea_executor.rb <<'EOF'
|
|
2409
|
+
# frozen_string_literal: true
|
|
2410
|
+
|
|
2411
|
+
require 'thor'
|
|
2412
|
+
require 'pangea'
|
|
2413
|
+
require 'json'
|
|
2414
|
+
|
|
2415
|
+
module PangeaExecutor
|
|
2416
|
+
class CLI < Thor
|
|
2417
|
+
desc 'plan TEMPLATE_SPEC_JSON', 'Execute Pangea plan and return results'
|
|
2418
|
+
def plan(template_spec_json)
|
|
2419
|
+
spec = JSON.parse(template_spec_json, symbolize_names: true)
|
|
2420
|
+
# Implementation will be added in later tasks
|
|
2421
|
+
puts JSON.generate({ status: 'success', changes: [] })
|
|
2422
|
+
end
|
|
2423
|
+
|
|
2424
|
+
desc 'apply TEMPLATE_SPEC_JSON', 'Execute Pangea apply and return results'
|
|
2425
|
+
def apply(template_spec_json)
|
|
2426
|
+
spec = JSON.parse(template_spec_json, symbolize_names: true)
|
|
2427
|
+
# Implementation will be added in later tasks
|
|
2428
|
+
puts JSON.generate({ status: 'success', applied: true })
|
|
2429
|
+
end
|
|
2430
|
+
|
|
2431
|
+
desc 'drift TEMPLATE_SPEC_JSON', 'Detect infrastructure drift'
|
|
2432
|
+
def drift(template_spec_json)
|
|
2433
|
+
spec = JSON.parse(template_spec_json, symbolize_names: true)
|
|
2434
|
+
# Implementation will be added in later tasks
|
|
2435
|
+
puts JSON.generate({ status: 'success', drift_detected: false })
|
|
2436
|
+
end
|
|
2437
|
+
end
|
|
2438
|
+
end
|
|
2439
|
+
EOF
|
|
2440
|
+
```
|
|
2441
|
+
|
|
2442
|
+
5. **Install dependencies and generate gemset.nix**
|
|
2443
|
+
```bash
|
|
2444
|
+
bundle install
|
|
2445
|
+
bundix # Generates gemset.nix for Nix build
|
|
2446
|
+
```
|
|
2447
|
+
|
|
2448
|
+
6. **NEW: Create Nix flake for executor**
|
|
2449
|
+
```bash
|
|
2450
|
+
cat > flake.nix <<'EOF'
|
|
2451
|
+
{
|
|
2452
|
+
description = "Pangea Executor - Ruby infrastructure executor for Kubernetes operator";
|
|
2453
|
+
|
|
2454
|
+
inputs = {
|
|
2455
|
+
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
2456
|
+
flake-utils.url = "github:numtide/flake-utils";
|
|
2457
|
+
nexus.url = "path:../../..";
|
|
2458
|
+
nix-lib.url = "path:../../../nix/lib";
|
|
2459
|
+
};
|
|
2460
|
+
|
|
2461
|
+
outputs = { nixpkgs, flake-utils, nexus, nix-lib, ... }:
|
|
2462
|
+
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (
|
|
2463
|
+
system:
|
|
2464
|
+
let
|
|
2465
|
+
rubyTool = import "${nix-lib}/ruby-tool.nix" {
|
|
2466
|
+
inherit system nixpkgs;
|
|
2467
|
+
nixLib = nix-lib;
|
|
2468
|
+
nexusDeploy = nexus.packages.${system}.nexus-deploy;
|
|
2469
|
+
};
|
|
2470
|
+
in
|
|
2471
|
+
rubyTool {
|
|
2472
|
+
toolName = "pangea-executor";
|
|
2473
|
+
src = ./.;
|
|
2474
|
+
description = "Pangea infrastructure executor with Terraform/OpenTofu and InSpec";
|
|
2475
|
+
rubyVersion = "3.3";
|
|
2476
|
+
gemfile = ./Gemfile;
|
|
2477
|
+
gemset = ./gemset.nix;
|
|
2478
|
+
runtimeDependencies = pkgs: with pkgs; [
|
|
2479
|
+
opentofu
|
|
2480
|
+
inspec
|
|
2481
|
+
git
|
|
2482
|
+
awscli2
|
|
2483
|
+
];
|
|
2484
|
+
entryPoint = "bin/pangea-executor";
|
|
2485
|
+
containerUser = "pangea";
|
|
2486
|
+
containerWorkdir = "/workspace";
|
|
2487
|
+
productName = "infrastructure";
|
|
2488
|
+
namespace = "pangea-system";
|
|
2489
|
+
cluster = "orion";
|
|
2490
|
+
}
|
|
2491
|
+
);
|
|
2492
|
+
}
|
|
2493
|
+
EOF
|
|
2494
|
+
```
|
|
2495
|
+
|
|
2496
|
+
7. **NEW: Create ruby-tool.nix helper in nix-lib** (if not already done in Task 1.1)
|
|
2497
|
+
```bash
|
|
2498
|
+
# Navigate to nix-lib directory
|
|
2499
|
+
cd ../../../nix/lib
|
|
2500
|
+
|
|
2501
|
+
# Create ruby-tool.nix (see Build System Architecture section for complete implementation)
|
|
2502
|
+
# This file mirrors the pattern of rust-tool.nix for Ruby tools
|
|
2503
|
+
```
|
|
2504
|
+
|
|
2505
|
+
8. **Verify executor and Nix build**
|
|
2506
|
+
```bash
|
|
2507
|
+
cd pkgs/operators/pangea-executor
|
|
2508
|
+
|
|
2509
|
+
# Test Ruby executor locally
|
|
2510
|
+
bundle exec bin/pangea-executor help
|
|
2511
|
+
|
|
2512
|
+
# Nix build
|
|
2513
|
+
nix build .#default # Build the Ruby application
|
|
2514
|
+
nix build .#dockerImage-amd64 # Build container with Ruby + Terraform + InSpec
|
|
2515
|
+
|
|
2516
|
+
# Test in container
|
|
2517
|
+
docker load < result
|
|
2518
|
+
docker run ghcr.io/pleme-io/pangea-executor:latest pangea-executor help
|
|
2519
|
+
```
|
|
2520
|
+
|
|
2521
|
+
9. **NEW: Test Nix development shell**
|
|
2522
|
+
```bash
|
|
2523
|
+
nix develop
|
|
2524
|
+
# Verify you have: ruby, bundler, bundix, opentofu, inspec, awscli2
|
|
2525
|
+
ruby --version # Should show Ruby 3.3
|
|
2526
|
+
tofu --version # Should show OpenTofu
|
|
2527
|
+
inspec --version # Should show InSpec
|
|
2528
|
+
```
|
|
2529
|
+
|
|
2530
|
+
**Success Criteria:**
|
|
2531
|
+
- Executor runs successfully: `bundle exec bin/pangea-executor help`
|
|
2532
|
+
- Nix flake builds successfully: `nix build .#default`
|
|
2533
|
+
- Docker image builds with all dependencies: `nix build .#dockerImage-amd64`
|
|
2534
|
+
- Docker image contains: Ruby 3.3, Pangea, OpenTofu, InSpec, AWS CLI
|
|
2535
|
+
- Development shell works: `nix develop`
|
|
2536
|
+
- CLI responds to commands: plan, apply, drift
|
|
2537
|
+
|
|
2538
|
+
**Output Files:**
|
|
2539
|
+
- `Gemfile` and `Gemfile.lock` (Ruby dependencies)
|
|
2540
|
+
- `gemset.nix` (Nix representation of Gemfile.lock)
|
|
2541
|
+
- `bin/pangea-executor` (executable CLI)
|
|
2542
|
+
- `lib/pangea_executor.rb` (executor implementation)
|
|
2543
|
+
- `flake.nix` (Nix build configuration)
|
|
2544
|
+
- `flake.lock` (Nix dependency lock file)
|
|
2545
|
+
- `nix/lib/ruby-tool.nix` (Ruby tool builder helper)
|
|
2546
|
+
|
|
2547
|
+
**Verification:**
|
|
2548
|
+
```bash
|
|
2549
|
+
# Test locally
|
|
2550
|
+
bundle exec bin/pangea-executor help
|
|
2551
|
+
# Should show available commands
|
|
2552
|
+
|
|
2553
|
+
# Test with Nix
|
|
2554
|
+
nix run .#default -- help
|
|
2555
|
+
# Should show available commands
|
|
2556
|
+
|
|
2557
|
+
# Test Docker image size
|
|
2558
|
+
nix build .#dockerImage-amd64
|
|
2559
|
+
docker load < result
|
|
2560
|
+
docker images ghcr.io/pleme-io/pangea-executor
|
|
2561
|
+
# Should be < 500MB (Ruby + Terraform + InSpec is large but optimized)
|
|
2562
|
+
|
|
2563
|
+
# Verify all tools in container
|
|
2564
|
+
docker run ghcr.io/pleme-io/pangea-executor:latest sh -c "ruby --version && tofu --version && inspec --version"
|
|
2565
|
+
# All should work
|
|
2566
|
+
```
|
|
2567
|
+
|
|
2568
|
+
---
|
|
2569
|
+
|
|
2570
|
+
## Success Metrics
|
|
2571
|
+
|
|
2572
|
+
### Operational Metrics
|
|
2573
|
+
|
|
2574
|
+
1. **Reconciliation Performance**
|
|
2575
|
+
- Time to reconcile: <30s for typical template
|
|
2576
|
+
- Drift detection time: <1 minute
|
|
2577
|
+
- Auto-remediation time: <2 minutes
|
|
2578
|
+
|
|
2579
|
+
2. **Reliability**
|
|
2580
|
+
- Reconciliation success rate: >99.9%
|
|
2581
|
+
- False positive drift rate: <0.1%
|
|
2582
|
+
- Operator uptime: >99.99%
|
|
2583
|
+
|
|
2584
|
+
3. **Scalability**
|
|
2585
|
+
- Templates per operator: >1000
|
|
2586
|
+
- Concurrent reconciliations: >50
|
|
2587
|
+
- Memory per template: <50MB
|
|
2588
|
+
|
|
2589
|
+
### Business Metrics
|
|
2590
|
+
|
|
2591
|
+
1. **Drift Reduction**
|
|
2592
|
+
- Mean time to detect drift: <5 minutes
|
|
2593
|
+
- Mean time to remediate drift: <10 minutes
|
|
2594
|
+
- Drift incidents per week: <5
|
|
2595
|
+
|
|
2596
|
+
2. **Compliance**
|
|
2597
|
+
- Compliance check frequency: hourly
|
|
2598
|
+
- Compliance score: >95%
|
|
2599
|
+
- Time to compliance: <1 hour
|
|
2600
|
+
|
|
2601
|
+
3. **Developer Experience**
|
|
2602
|
+
- Time to onboard new template: <30 minutes
|
|
2603
|
+
- Learning curve: <1 day
|
|
2604
|
+
- Documentation completeness: >90%
|
|
2605
|
+
|
|
2606
|
+
---
|
|
2607
|
+
|
|
2608
|
+
## Conclusion
|
|
2609
|
+
|
|
2610
|
+
This comprehensive plan transforms Pangea from a CLI tool into a Kubernetes-native, continuously reconciling infrastructure platform. The hybrid Go+Ruby architecture leverages the strengths of both ecosystems while maintaining Pangea's existing Ruby codebase.
|
|
2611
|
+
|
|
2612
|
+
The implementation is broken down into clear phases with atomic tasks that an AI agent can execute methodically. Each task has clear success criteria and verification steps to prevent loss of progress.
|
|
2613
|
+
|
|
2614
|
+
The integration of RSpec, InSpec, and E2E testing ensures quality at every layer, from unit tests to infrastructure compliance to full operator behavior.
|
|
2615
|
+
|
|
2616
|
+
**Next Steps:**
|
|
2617
|
+
1. Review and approve this plan
|
|
2618
|
+
2. Begin Phase 1 implementation
|
|
2619
|
+
3. Set up development environment
|
|
2620
|
+
4. Execute Task 1.1 (Initialize operator project)
|
|
2621
|
+
|
|
2622
|
+
**Questions for Clarification:**
|
|
2623
|
+
1. Should we prioritize certain cloud providers (AWS first, then GCP/Azure)?
|
|
2624
|
+
2. What is the target Kubernetes version (1.28+, 1.29+, 1.30+)?
|
|
2625
|
+
3. Are there specific compliance frameworks we should support (CIS, PCI-DSS, HIPAA)?
|
|
2626
|
+
4. What is the preferred deployment model (one operator per cluster, multi-cluster)?
|