@aifabrix/builder 2.1.5 → 2.1.7

package/lib/utils/secrets-utils.js

@@ -0,0 +1,206 @@
+/**
+ * AI Fabrix Builder Secrets Utilities
+ *
+ * This module provides utility functions for loading and processing secrets.
+ * Helper functions for secrets.js module.
+ *
+ * @fileoverview Secrets utility functions for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const os = require('os');
+const logger = require('./logger');
+
+/**
+ * Loads secrets from file with cascading lookup support
+ * First checks ~/.aifabrix/secrets.local.yaml, then build.secrets from variables.yaml
+ *
+ * @async
+ * @function loadSecretsFromFile
+ * @param {string} filePath - Path to secrets file
+ * @returns {Promise<Object>} Loaded secrets object or empty object if file doesn't exist
+ */
+async function loadSecretsFromFile(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    const secrets = yaml.load(content);
+
+    if (!secrets || typeof secrets !== 'object') {
+      return {};
+    }
+
+    return secrets;
+  } catch (error) {
+    logger.warn(`Warning: Could not read secrets file ${filePath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Loads user secrets from ~/.aifabrix/secrets.local.yaml
+ * @function loadUserSecrets
+ * @returns {Object} Loaded secrets object or empty object
+ */
+function loadUserSecrets() {
+  const userSecretsPath = path.join(os.homedir(), '.aifabrix', 'secrets.local.yaml');
+  if (!fs.existsSync(userSecretsPath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(userSecretsPath, 'utf8');
+    const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      throw new Error(`Invalid secrets file format: ${userSecretsPath}`);
+    }
+    return secrets;
+  } catch (error) {
+    if (error.message.includes('Invalid secrets file format')) {
+      throw error;
+    }
+    logger.warn(`Warning: Could not read secrets file ${userSecretsPath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Loads build secrets from variables.yaml and merges with existing secrets
+ * @async
+ * @function loadBuildSecrets
+ * @param {Object} mergedSecrets - Existing secrets to merge with
+ * @param {string} appName - Application name
+ * @returns {Promise<Object>} Merged secrets object
+ */
+async function loadBuildSecrets(mergedSecrets, appName) {
+  const variablesPath = path.join(process.cwd(), 'builder', appName, 'variables.yaml');
+  if (!fs.existsSync(variablesPath)) {
+    return mergedSecrets;
+  }
+
+  try {
+    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+    const variables = yaml.load(variablesContent);
+
+    if (variables?.build?.secrets) {
+      const buildSecretsPath = path.resolve(
+        path.dirname(variablesPath),
+        variables.build.secrets
+      );
+
+      const buildSecrets = await loadSecretsFromFile(buildSecretsPath);
+
+      // Merge: user's file takes priority, but use build.secrets for missing/empty values
+      for (const [key, value] of Object.entries(buildSecrets)) {
+        if (!(key in mergedSecrets) || !mergedSecrets[key] || mergedSecrets[key] === '') {
+          mergedSecrets[key] = value;
+        }
+      }
+    }
+  } catch (error) {
+    logger.warn(`Warning: Could not load build.secrets from variables.yaml: ${error.message}`);
+  }
+
+  return mergedSecrets;
+}
+
+/**
+ * Loads default secrets from ~/.aifabrix/secrets.yaml
+ * @function loadDefaultSecrets
+ * @returns {Object} Loaded secrets object or empty object
+ */
+function loadDefaultSecrets() {
+  const defaultPath = path.join(os.homedir(), '.aifabrix', 'secrets.yaml');
+  if (!fs.existsSync(defaultPath)) {
+    return {};
+  }
+
+  try {
+    const content = fs.readFileSync(defaultPath, 'utf8');
+    const secrets = yaml.load(content);
+    if (!secrets || typeof secrets !== 'object') {
+      throw new Error(`Invalid secrets file format: ${defaultPath}`);
+    }
+    return secrets;
+  } catch (error) {
+    if (error.message.includes('Invalid secrets file format')) {
+      throw error;
+    }
+    logger.warn(`Warning: Could not read secrets file ${defaultPath}: ${error.message}`);
+    return {};
+  }
+}
+
+/**
+ * Builds a map of hostname to service name from environment config
+ * @function buildHostnameToServiceMap
+ * @param {Object} dockerHosts - Docker environment hosts configuration
+ * @returns {Object} Map of hostname to service name
+ */
+function buildHostnameToServiceMap(dockerHosts) {
+  const hostnameToService = {};
+  for (const [key, hostname] of Object.entries(dockerHosts)) {
+    if (key.endsWith('_HOST')) {
+      // Use hostname directly as service name (e.g., 'keycloak', 'miso-controller')
+      hostnameToService[hostname] = hostname;
+    }
+  }
+  return hostnameToService;
+}
+
+/**
+ * Resolves port for a single URL by looking up service's variables.yaml
+ * @function resolveUrlPort
+ * @param {string} protocol - URL protocol (http:// or https://)
+ * @param {string} hostname - Service hostname
+ * @param {string} port - Current port
+ * @param {string} urlPath - URL path and query string
+ * @param {Object} hostnameToService - Map of hostname to service name
+ * @returns {string} URL with resolved port
+ */
+function resolveUrlPort(protocol, hostname, port, urlPath, hostnameToService) {
+  const serviceName = hostnameToService[hostname];
+  if (!serviceName) {
+    // Not a service hostname, keep original
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+
+  // Try to load service's variables.yaml
+  const serviceVariablesPath = path.join(process.cwd(), 'builder', serviceName, 'variables.yaml');
+  if (!fs.existsSync(serviceVariablesPath)) {
+    // Service variables.yaml not found, keep original port
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+
+  try {
+    const variablesContent = fs.readFileSync(serviceVariablesPath, 'utf8');
+    const variables = yaml.load(variablesContent);
+
+    // Get containerPort or fall back to port
+    const containerPort = variables?.build?.containerPort || variables?.port || port;
+
+    // Replace port in URL
+    return `${protocol}${hostname}:${containerPort}${urlPath}`;
+  } catch (error) {
+    // Error loading variables.yaml, keep original port
+    logger.warn(`Warning: Could not load variables.yaml for service ${serviceName}: ${error.message}`);
+    return `${protocol}${hostname}:${port}${urlPath}`;
+  }
+}
+
+module.exports = {
+  loadSecretsFromFile,
+  loadUserSecrets,
+  loadBuildSecrets,
+  loadDefaultSecrets,
+  buildHostnameToServiceMap,
+  resolveUrlPort
+};
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/builder",
-  "version": "2.1.5",
+  "version": "2.1.7",
   "description": "AI Fabrix Local Fabric & Deployment SDK",
   "main": "lib/index.js",
   "bin": {

package/templates/applications/keycloak/Dockerfile

@@ -21,9 +21,10 @@ RUN if [ -d "/tmp/build-context/themes" ] && [ "$(ls -A /tmp/build-context/theme
     fi && \
     rm -rf /tmp/build-context
 
-# Build Keycloak with health checks enabled
+# Build Keycloak with health checks enabled (similar to Keycloak 24.0)
 # This enables the /health, /health/live, /health/ready, and /health/started endpoints
-RUN /opt/keycloak/bin/kc.sh build --health-enabled=true
+# Expose health endpoints on main HTTP port (like 24.0) instead of management port
+RUN /opt/keycloak/bin/kc.sh build --health-enabled=true --http-management-health-enabled=false
 
 # Switch back to keycloak user
 USER keycloak

package/templates/applications/keycloak/env.template

@@ -15,8 +15,13 @@ KC_HTTP_ENABLED=true
 # HEALTH CHECK CONFIGURATION
 # =============================================================================
 # Enable health check endpoints: /health, /health/live, /health/ready, /health/started
+# Keycloak 26.4.0+: Health endpoints are exposed on main HTTP(S) port (8080) by default
+# Set http-management-health-enabled=false to expose on main port instead of management port
 
 KC_HEALTH_ENABLED=true
+# Expose health endpoints on main HTTP port (like Keycloak 24.0)
+# Set to false to expose on main port instead of management port (9000)
+KC_HTTP_MANAGEMENT_HEALTH_ENABLED=false
 
 # =============================================================================
 # DATABASE CONFIGURATION

package/templates/applications/keycloak/variables.yaml

@@ -25,9 +25,9 @@ requires:
 
 # Health Check
 healthCheck:
-  path: /health
+  path: /health/ready
   interval: 30
-  probePath: /health
+  probePath: /health/ready
   probeRequestType: GET
   probeProtocol: Https
   probeIntervalInSeconds: 120
@@ -49,4 +49,4 @@ build:
 # Docker Compose
 compose:
   file: docker-compose.yaml
-  service: keycloak
+  service: keycloak

package/templates/applications/miso-controller/Dockerfile

@@ -62,6 +62,9 @@ RUN pnpm exec tsc -p tsconfig.docker.json || true
 # Copy sensitive-fields.config.json to dist folder
 RUN mkdir -p dist/src/services/logging && \
     cp src/services/logging/sensitive-fields.config.json dist/src/services/logging/ || true
+# Copy generated Prisma logs client to dist folder (needed at runtime)
+RUN mkdir -p dist/database/generated && \
+    cp -r src/database/generated/logs-client dist/database/generated/ || true
 
 # Return to root to prune correctly (needed to keep workspace dependencies)
 WORKDIR /app

package/templates/applications/miso-controller/env.template

@@ -121,14 +121,14 @@ MISO_CONTROLLER_URL=kv://miso-controller-url
 
 # Web Server URL (for OpenAPI documentation server URLs)
 # Used to generate correct server URLs in OpenAPI spec
-WEB_SERVER_URL=kv://miso-web-server-url
+WEB_SERVER_URL=kv://miso-controller-web-server-url
 
 # MISO Environment Configuration (miso, dev, tst, pro)
 MISO_ENVIRONMENT=miso
 
 # MISO Application Client Credentials (per application)
-MISO_CLIENTID=kv://miso-client-idKeyVault
-MISO_CLIENTSECRET=kv://miso-client-secretKeyVault
+MISO_CLIENTID=kv://miso-controller-client-idKeyVault
+MISO_CLIENTSECRET=kv://miso-controller-client-secretKeyVault
 
 # =============================================================================
 # MORI SERVICE CONFIGURATION