@firestartr/cli 1.50.0-snapshot-1 → 1.50.0-snapshot-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/build/index.js +236 -138
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +91 -68
  3. package/build/packages/cdk8s_renderer/src/claims/external-secrets/external-secrets.schema.d.ts +91 -68
  4. package/build/packages/cdk8s_renderer/src/claims/external-secrets/index.d.ts +91 -68
  5. package/build/packages/cdk8s_renderer/src/validations/crossReferences.d.ts +2 -0
  6. package/package.json +1 -1
package/build/index.js CHANGED
@@ -302525,94 +302525,116 @@ const ArgoCDSchemas = [argocd_schema];
302525
302525
  $schema: SCHEMA,
302526
302526
  $id: 'ExternalSecretsProvider',
302527
302527
  definitions: {
302528
+ SecretStore: {
302529
+ $id: 'firestartr.dev://secrets/SecretStore',
302530
+ type: 'object',
302531
+ properties: {
302532
+ name: { type: 'string' },
302533
+ kind: {
302534
+ type: 'string',
302535
+ enum: ['SecretStore', 'ClusterSecretStore'],
302536
+ },
302537
+ },
302538
+ required: ['name'],
302539
+ },
302540
+ ExternalSecretsSection: {
302541
+ $id: 'firestartr.dev://secrets/ExternalSecretsSection',
302542
+ type: 'object',
302543
+ properties: {
302544
+ refreshInterval: { type: 'string' },
302545
+ secrets: {
302546
+ type: 'array',
302547
+ items: {
302548
+ additionalProperties: false,
302549
+ type: 'object',
302550
+ properties: {
302551
+ secretName: { type: 'string' },
302552
+ remoteRef: { type: 'string' },
302553
+ },
302554
+ required: ['secretName'],
302555
+ },
302556
+ },
302557
+ },
302558
+ },
302559
+ PushSecretsSection: {
302560
+ $id: 'firestartr.dev://secrets/PushSecretsSection',
302561
+ type: 'array',
302562
+ items: {
302563
+ type: 'object',
302564
+ properties: {
302565
+ data: { type: 'object' },
302566
+ template: { type: 'object' },
302567
+ secretName: { type: 'string' },
302568
+ refreshInterval: { type: 'string' },
302569
+ generator: {
302570
+ type: 'object',
302571
+ properties: {
302572
+ name: { type: 'string' },
302573
+ kind: {
302574
+ type: 'string',
302575
+ enum: [
302576
+ 'ACRAccessToken',
302577
+ 'ClusterGenerator',
302578
+ 'ECRAuthorizationToken',
302579
+ 'Fake',
302580
+ 'GCRAccessToken',
302581
+ 'GithubAccessToken',
302582
+ 'QuayAccessToken',
302583
+ 'Password',
302584
+ 'STSSessionToken',
302585
+ 'UUID',
302586
+ 'VaultDynamicSecret',
302587
+ 'Webhook',
302588
+ 'Grafana',
302589
+ ],
302590
+ },
302591
+ apiVersion: {
302592
+ type: 'string',
302593
+ },
302594
+ conversionStrategy: {
302595
+ type: 'string',
302596
+ },
302597
+ outputKey: {
302598
+ type: 'string',
302599
+ },
302600
+ },
302601
+ required: ['name'],
302602
+ },
302603
+ },
302604
+ required: ['secretName', 'generator'],
302605
+ },
302606
+ },
302528
302607
  ExternalSecretsProvider: {
302529
302608
  $id: 'firestartr.dev://secrets/ExternalSecretsProvider',
302530
302609
  type: 'object',
302531
302610
  description: 'A external secrets claim provider',
302532
302611
  allOf: [
302612
+ { $ref: 'firestartr.dev://common/ClaimProviderEnvelope' },
302533
302613
  {
302534
- $ref: 'firestartr.dev://common/ClaimProviderEnvelope',
302535
- },
302536
- {
302537
- type: 'object',
302538
- properties: {
302539
- secretStore: {
302540
- type: 'object',
302614
+ anyOf: [
302615
+ {
302541
302616
  properties: {
302542
- name: { type: 'string' },
302543
- kind: {
302544
- type: 'string',
302545
- enum: ['SecretStore', 'ClusterSecretStore'],
302617
+ externalSecrets: {
302618
+ $ref: 'firestartr.dev://secrets/ExternalSecretsSection',
302546
302619
  },
302547
- },
302548
- required: ['name'],
302549
- },
302550
- pushSecrets: {
302551
- type: 'array',
302552
- items: {
302553
- type: 'object',
302554
- properties: {
302555
- data: { type: 'object' },
302556
- template: { type: 'object' },
302557
- secretName: { type: 'string' },
302558
- refreshInterval: { type: 'string' },
302559
- generator: {
302560
- type: 'object',
302561
- properties: {
302562
- name: { type: 'string' },
302563
- kind: {
302564
- type: 'string',
302565
- enum: [
302566
- 'ACRAccessToken',
302567
- 'ClusterGenerator',
302568
- 'ECRAuthorizationToken',
302569
- 'Fake',
302570
- 'GCRAccessToken',
302571
- 'GithubAccessToken',
302572
- 'QuayAccessToken',
302573
- 'Password',
302574
- 'STSSessionToken',
302575
- 'UUID',
302576
- 'VaultDynamicSecret',
302577
- 'Webhook',
302578
- 'Grafana',
302579
- ],
302580
- },
302581
- apiVersion: {
302582
- type: 'string',
302583
- },
302584
- conversionStrategy: {
302585
- type: 'string',
302586
- },
302587
- outputKey: {
302588
- type: 'string',
302589
- },
302590
- },
302591
- required: ['name'],
302592
- },
302620
+ secretStore: {
302621
+ $ref: 'firestartr.dev://secrets/SecretStore',
302593
302622
  },
302594
- required: ['secretName', 'generator'],
302595
302623
  },
302624
+ required: ['secretStore', 'externalSecrets'],
302596
302625
  },
302597
- externalSecrets: {
302598
- type: 'object',
302626
+ {
302599
302627
  properties: {
302600
- refreshInterval: { type: 'string' },
302601
- secrets: {
302602
- type: 'array',
302603
- items: {
302604
- additionalProperties: false,
302605
- type: 'object',
302606
- properties: {
302607
- secretName: { type: 'string' },
302608
- },
302609
- required: ['secretName'],
302610
- },
302628
+ pushSecrets: {
302629
+ $ref: 'firestartr.dev://secrets/PushSecretsSection',
302630
+ },
302631
+ secretStore: {
302632
+ $ref: 'firestartr.dev://secrets/SecretStore',
302611
302633
  },
302612
302634
  },
302635
+ required: ['secretStore', 'pushSecrets'],
302613
302636
  },
302614
- },
302615
- required: ['secretStore'],
302637
+ ],
302616
302638
  },
302617
302639
  ],
302618
302640
  },
@@ -303313,15 +303335,19 @@ function validatePermissionsUniqueness(crs) {
303313
303335
  const permissions = cr.spec.permissions;
303314
303336
  cdk8s_renderer_src_logger.debug(`Validating Permissions Uniqueness of ${crkey}`);
303315
303337
  if (permissions) {
303316
- const seen = new Set();
303338
+ const rolesByIdentifier = new Map();
303317
303339
  for (const perm of permissions) {
303318
303340
  const identifier = perm.collaborator
303319
303341
  ? perm.collaborator
303320
303342
  : `ref:${perm.ref.kind}:${perm.ref.name}`;
303321
- if (seen.has(identifier)) {
303322
- throw new Error(`Duplicate permission reference found in FirestartrGithubRepository ${crkey}: ${identifier}\nFull CR: ${JSON.stringify(cr, null, 2)}`);
303343
+ const role = perm.role;
303344
+ const prevRole = rolesByIdentifier.get(identifier);
303345
+ if (prevRole === undefined) {
303346
+ rolesByIdentifier.set(identifier, role);
303347
+ }
303348
+ else if (prevRole !== role) {
303349
+ throw new Error(`Conflicting permission role in FirestartrGithubRepository ${crkey}: ${identifier} has roles "${prevRole}" and "${role}".\nFull CR: ${JSON.stringify(cr, null, 2)}`);
303323
303350
  }
303324
- seen.add(identifier);
303325
303351
  }
303326
303352
  }
303327
303353
  }
@@ -308590,12 +308616,12 @@ class SecretsChart extends BaseSecretsChart {
308590
308616
  gvk() {
308591
308617
  return {
308592
308618
  kind: 'ExternalSecret/PushSecret',
308593
- apiVersion: 'external-secrets.io/v1alpha1',
308619
+ apiVersion: 'external-secrets.io/v1',
308594
308620
  };
308595
308621
  }
308596
308622
  extraCharts() {
308597
- const externalSecrets = this.get('pushSecrets');
308598
- const pushSecrets = this.get('externalSecrets');
308623
+ const externalSecrets = this.get('externalSecrets');
308624
+ const pushSecrets = this.get('pushSecrets');
308599
308625
  const kind = this.get('claim').kind;
308600
308626
  const name = this.get('claim').name;
308601
308627
  const concatenated = externalSecrets
@@ -308627,12 +308653,12 @@ class SecretsChart extends BaseSecretsChart {
308627
308653
  refsData.push({
308628
308654
  secretKey: secret.secretName,
308629
308655
  remoteRef: {
308630
- key: secret.secretName,
308656
+ key: secret.remoteRef ? secret.remoteRef : secret.secretName,
308631
308657
  },
308632
308658
  });
308633
308659
  }
308634
308660
  const k8sResource = {
308635
- apiVersion: 'external-secrets.io/v1alpha1',
308661
+ apiVersion: 'external-secrets.io/v1',
308636
308662
  kind: 'ExternalSecret',
308637
308663
  metadata: {
308638
308664
  name: catalog_common.generic.normalizeName(claim.name),
@@ -308652,12 +308678,6 @@ class SecretsChart extends BaseSecretsChart {
308652
308678
  name: catalog_common.generic.normalizeName(claim.name),
308653
308679
  creationPolicy: 'Owner',
308654
308680
  deletionPolicy: 'Delete',
308655
- template: {
308656
- engineVersion: 'v2',
308657
- metadata: {
308658
- data: templateData,
308659
- },
308660
- },
308661
308681
  },
308662
308682
  data: refsData,
308663
308683
  },
@@ -308679,7 +308699,7 @@ class SecretsChart extends BaseSecretsChart {
308679
308699
  }
308680
308700
  for (const pushSecret of pushSecretsFromClaim) {
308681
308701
  const k8sResource = {
308682
- apiVersion: 'external-secrets.io/v1alpha1',
308702
+ apiVersion: 'external-secrets.io/v1',
308683
308703
  kind: 'PushSecret',
308684
308704
  metadata: {
308685
308705
  name: catalog_common.generic.normalizeName(`${pushSecret.secretName}-${claim.name}`),
@@ -308702,7 +308722,7 @@ class SecretsChart extends BaseSecretsChart {
308702
308722
  selector: {
308703
308723
  generatorRef: {
308704
308724
  apiVersion: pushSecret.generator?.apiVersion ||
308705
- 'generators.external-secrets.io/v1alpha1',
308725
+ 'generators.external-secrets.io/v1',
308706
308726
  kind: pushSecret.generator?.kind || 'Password',
308707
308727
  name: pushSecret.generator.name,
308708
308728
  },
@@ -308944,6 +308964,52 @@ async function renderClaim(catalogScope, firestartrScope, claim, patches, previo
308944
308964
  };
308945
308965
  }
308946
308966
 
308967
+ ;// CONCATENATED MODULE: ../cdk8s_renderer/src/validations/crossReferences.ts
308968
+ const IS_COMPONENT_CLAIM_REF = new RegExp(/^ComponentClaim-/);
308969
+ function validateSubReferences(renderClaims) {
308970
+ for (const ref of Object.keys(renderClaims)) {
308971
+ if (IS_COMPONENT_CLAIM_REF.test(ref))
308972
+ validateClaimsSecretsRefs(ref, renderClaims);
308973
+ }
308974
+ }
308975
+ function validateClaimsSecretsRefs(ref, renderClaims) {
308976
+ const claim = renderClaims[ref].claim;
308977
+ const secrets = claim.providers.github.secrets;
308978
+ if (!secrets) {
308979
+ return;
308980
+ }
308981
+ for (const section of ['actions', 'codespaces', 'copilot']) {
308982
+ const secretsSection = secrets[section];
308983
+ if (!secretsSection) {
308984
+ continue;
308985
+ }
308986
+ for (const secret of secretsSection) {
308987
+ const [secretName, key] = secret.value.split(':').slice(2);
308988
+ const keyFound = searchSecretKey(renderClaims[`SecretsClaim-${secretName}`].claim, key);
308989
+ if (!keyFound) {
308990
+ throw new Error(`CrossReference error: ComponentClaim/${claim.name} references a secret key inexistent: '${secretName}/${key}'`);
308991
+ }
308992
+ }
308993
+ }
308994
+ }
308995
+ function searchSecretKey(secretClaim, key) {
308996
+ let found = false;
308997
+ if ('pushSecrets' in secretClaim.providers['external_secrets']) {
308998
+ found =
308999
+ secretClaim.providers['external_secrets'].pushSecrets.find((secret) => {
309000
+ return secret.secretName === key;
309001
+ }) !== undefined;
309002
+ }
309003
+ if (!found &&
309004
+ 'externalSecrets' in secretClaim.providers['external_secrets']) {
309005
+ found =
309006
+ secretClaim.providers['external_secrets'].externalSecrets.secrets.find((secret) => {
309007
+ return secret.secretName === key;
309008
+ }) !== undefined;
309009
+ }
309010
+ return found;
309011
+ }
309012
+
308947
309013
  ;// CONCATENATED MODULE: ../cdk8s_renderer/src/renderer/renderer.ts
308948
309014
 
308949
309015
 
@@ -308951,6 +309017,7 @@ async function renderClaim(catalogScope, firestartrScope, claim, patches, previo
308951
309017
 
308952
309018
 
308953
309019
 
309020
+
308954
309021
  /*
308955
309022
  * Function called when rendering but not importing
308956
309023
  *
@@ -308966,6 +309033,7 @@ async function renderer_render(catalogScope, firestartrScope, claimList) {
308966
309033
  const data = await loadClaimsList(claimList);
308967
309034
  const result = await renderClaims(catalogScope, firestartrScope, data);
308968
309035
  try {
309036
+ validateSubReferences(data.renderClaims);
308969
309037
  validateTfStateKeyUniqueness(result);
308970
309038
  validateCrSizes(result);
308971
309039
  validatePermissionsUniqueness(result);
@@ -312731,7 +312799,7 @@ async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
312731
312799
  for (const section of sections) {
312732
312800
  if (section in secrets) {
312733
312801
  for (const secret of secrets[section]) {
312734
- await provisionRepositorySecret(scope, fsGithubRepository, section, secret.name, secret.ref);
312802
+ await provisionRepositorySecret(scope, fsGithubRepository, section, secret.name, secret.ref, repo);
312735
312803
  }
312736
312804
  }
312737
312805
  }
@@ -312740,7 +312808,7 @@ async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
312740
312808
  provisioner_src_logger.info(`FirestartrGithubRepository ${fsGithubRepository.metadata.name} does not have a secrets section`);
312741
312809
  }
312742
312810
  }
312743
- async function provisionRepositorySecret(scope, repo, section, repoSecretName, secretRef) {
312811
+ async function provisionRepositorySecret(scope, repo, section, repoSecretName, secretRef, repoResource) {
312744
312812
  provisioner_src_logger.info(`Provisioning repo secret ${repo.metadata.name}/${section}/${repoSecretName}`);
312745
312813
  const secretClass = section === 'actions'
312746
312814
  ? actions_secret/* ActionsSecret */.N
@@ -312750,19 +312818,42 @@ async function provisionRepositorySecret(scope, repo, section, repoSecretName, s
312750
312818
  ? dependabot_secret/* DependabotSecret */.c
312751
312819
  : null;
312752
312820
  if (secretClass) {
312753
- const { key_id, encrypted_value } = await encryptSecret(repo, secretRef);
312754
- const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
312755
- const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
312756
- const sc = new secretClass(scope, tfStateKey, {
312757
- secretName: repoSecretName,
312758
- repository: repo.metadata.name,
312759
- encryptedValue: encrypted_value,
312760
- });
312761
- provisioner_src_logger.info(tfStateKey);
312762
- repo.addResourceToStack(resourceKey, sc);
312821
+ const fSecretCreation = process.env['AVOID_PROVIDER_SECRET_ENCRYPTION']
312822
+ ? createUnencryptedSecret
312823
+ : createEncryptedSecrect;
312824
+ await fSecretCreation(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource);
312763
312825
  provisioner_src_logger.info(`RepoSecret provisioned ${section}-${repoSecretName.toLowerCase()}-secret`);
312764
312826
  }
312765
312827
  }
312828
+ async function createEncryptedSecrect(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
312829
+ const { key_id, encrypted_value } = await encryptSecret(repo, secretRef);
312830
+ const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
312831
+ const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
312832
+ const sc = new secretClass(scope, tfStateKey, {
312833
+ secretName: repoSecretName,
312834
+ repository: repo.metadata.name,
312835
+ encryptedValue: encrypted_value,
312836
+ dependsOn: [repoResource],
312837
+ });
312838
+ provisioner_src_logger.info(tfStateKey);
312839
+ repo.addResourceToStack(resourceKey, sc);
312840
+ }
312841
+ async function createUnencryptedSecret(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
312842
+ const plainTextSecret = repo.resolveSecretRef({
312843
+ name: secretRef.name,
312844
+ key: secretRef.key,
312845
+ });
312846
+ const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
312847
+ const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
312848
+ const sc = new secretClass(scope, tfStateKey, {
312849
+ secretName: repoSecretName,
312850
+ plaintextValue: plainTextSecret,
312851
+ repository: repo.metadata.name,
312852
+ dependsOn: [repoResource],
312853
+ });
312854
+ provisioner_src_logger.info(tfStateKey);
312855
+ repo.addResourceToStack(resourceKey, sc);
312856
+ }
312766
312857
  async function encryptSecret(repo, secretRef) {
312767
312858
  const plainTextSecret = repo.resolveSecretRef({
312768
312859
  name: secretRef.name,
@@ -312792,7 +312883,7 @@ async function provisionRepositoryVariables(scope, repo, fsGithubRepository) {
312792
312883
  key: repoVar.ref.key,
312793
312884
  });
312794
312885
  }
312795
- await provisionRepositoryVar(scope, fsGithubRepository, section, repoVar.name, plainTextSecret ? plainTextSecret : repoVar.value);
312886
+ await provisionRepositoryVar(scope, fsGithubRepository, section, repoVar.name, plainTextSecret ? plainTextSecret : repoVar.value, repo);
312796
312887
  }
312797
312888
  }
312798
312889
  }
@@ -312801,7 +312892,7 @@ async function provisionRepositoryVariables(scope, repo, fsGithubRepository) {
312801
312892
  // log.info(`FirestartrGithubRepository ${fsGithubRepository.metadata.name} does not have a vars section`)
312802
312893
  }
312803
312894
  }
312804
- async function provisionRepositoryVar(scope, repo, section, repoVarName, value) {
312895
+ async function provisionRepositoryVar(scope, repo, section, repoVarName, value, repoResource) {
312805
312896
  provisioner_src_logger.info(`Provisioning repo var ${repo.metadata.name}/${section}/${repoVarName}`);
312806
312897
  const varClass = section === 'actions' ? actions_variable/* ActionsVariable */.m : null;
312807
312898
  if (varClass) {
@@ -312811,6 +312902,7 @@ async function provisionRepositoryVar(scope, repo, section, repoVarName, value)
312811
312902
  variableName: repoVarName,
312812
312903
  repository: repo.metadata.name,
312813
312904
  value,
312905
+ dependsOn: [repoResource],
312814
312906
  });
312815
312907
  provisioner_src_logger.info(tfStateKey);
312816
312908
  repo.addResourceToStack(resourceKey, sc);
@@ -313538,18 +313630,13 @@ async function runTerraform(entity, command, stream) {
313538
313630
  ? '/library/packages/provisioner'
313539
313631
  : '/library/provisioner', 'cdktf.out', 'stacks', entityID);
313540
313632
  provisioner_src_logger.info(`Running terraform with command ${command} in ${workDir}`);
313633
+ // filter environment variables to exclude those starting with 'GITHUB'
313634
+ const env = Object.fromEntries(Object.entries(process.env).filter(([key]) => !key.startsWith('GITHUB')));
313541
313635
  return new Promise((ok, ko) => {
313542
313636
  const terraformProcess = (0,external_child_process_.spawn)('terraform', [...command], {
313543
313637
  stdio: ['inherit', 'pipe', 'pipe'],
313544
313638
  cwd: workDir,
313545
- env: {
313546
- PATH: process.env.PATH,
313547
- ORG: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.org),
313548
- TOKEN: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.token),
313549
- KUBERNETES_SERVICE_HOST: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.kubernetesServiceHost),
313550
- KUBERNETES_SERVICE_PORT: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.kubernetesServicePort),
313551
- CDKTF_LOG_LEVEL: 'DEBUG',
313552
- },
313639
+ env,
313553
313640
  });
313554
313641
  let output = '';
313555
313642
  terraformProcess.stdout.on('data', (log) => {
@@ -314255,7 +314342,7 @@ ${commentContent}
314255
314342
  }
314256
314343
  }
314257
314344
  catch (e) {
314258
- operator_src_logger.error(`An error occurred while publishing user feedback for item '${item.kind}/${item.metadata.name}' on pull request '${lastPr.number}': '${e}'.`);
314345
+ operator_src_logger.error(`An error occurred while publishing user feedback for item '${item.kind}/${item.metadata.name}': '${e}'.`);
314259
314346
  }
314260
314347
  }
314261
314348
  async function publishApply(item, applyOutput, kind) {
@@ -315697,38 +315784,48 @@ async function* errorPolicyCompatibility(syncPolicy, generalPolicy, item, op) {
315697
315784
 
315698
315785
  ;// CONCATENATED MODULE: ../operator/src/user-feedback-ops/tf-checkrun.ts
315699
315786
 
315787
+
315700
315788
  async function TFCheckRun(cmd, item) {
315701
- const prInfo = tf_checkrun_extractPrInfo(item);
315702
- if (!prInfo.prNumber) {
315703
- throw new Error('TFCheckRun: prNumber not retrievable');
315789
+ try {
315790
+ const prInfo = tf_checkrun_extractPrInfo(item);
315791
+ const checkRun = await github_0.feedback.createCheckRun(prInfo.org, prInfo.repo, tf_checkrun_helperCreateCheckRunName(cmd), {
315792
+ pullNumber: Number(prInfo.prNumber),
315793
+ includeCheckRunComment: true,
315794
+ checkRunComment: `The TFWorkspace is being processed (cmd=${cmd}). Details: `,
315795
+ });
315796
+ checkRun.mdOptionsDetails({
315797
+ quotes: 'terraform',
315798
+ });
315799
+ checkRun.update('Initiating', 'queued');
315800
+ return {
315801
+ fnData: (d) => {
315802
+ checkRun.update(d.toString(), 'in_progress');
315803
+ },
315804
+ fnEnd: () => {
315805
+ checkRun.close('OK', true);
315806
+ },
315807
+ fnOnError: (err) => {
315808
+ checkRun.close('KO', false);
315809
+ },
315810
+ };
315811
+ }
315812
+ catch (e) {
315813
+ // log error and return empty fns
315814
+ logger_logger.warn('Error in TFCheckRun:', e);
315815
+ return {
315816
+ fnData: (d) => { },
315817
+ fnEnd: () => { },
315818
+ fnOnError: (err) => { },
315819
+ };
315704
315820
  }
315705
- const checkRun = await github_0.feedback.createCheckRun(prInfo.org, prInfo.repo, tf_checkrun_helperCreateCheckRunName(cmd), {
315706
- //Number(pr_number),
315707
- pullNumber: Number(prInfo.prNumber),
315708
- includeCheckRunComment: true,
315709
- checkRunComment: `The TFWorkspace is being processed (cmd=${cmd}). Details: `,
315710
- });
315711
- checkRun.mdOptionsDetails({
315712
- quotes: 'terraform',
315713
- });
315714
- checkRun.update('Initiating', 'queued');
315715
- return {
315716
- fnData: (d) => {
315717
- checkRun.update(d.toString(), 'in_progress');
315718
- },
315719
- fnEnd: () => {
315720
- checkRun.close('OK', true);
315721
- },
315722
- fnOnError: (err) => {
315723
- checkRun.close('KO', false);
315724
- },
315725
- };
315726
315821
  }
315727
315822
  function tf_checkrun_helperCreateCheckRunName(cmd) {
315728
315823
  return `TFWorkspace - ${cmd}`;
315729
315824
  }
315730
315825
  function tf_checkrun_extractPrInfo(item) {
315731
315826
  const prInfo = item.metadata.annotations['firestartr.dev/last-state-pr'];
315827
+ if (!prInfo)
315828
+ throw new Error('No firestartr.dev/last-state-pr field in CR');
315732
315829
  const prNumber = prInfo.split('#')[1];
315733
315830
  if (!prNumber)
315734
315831
  throw new Error('No PR number found in CR');
@@ -317485,7 +317582,8 @@ class CRStateMetrics {
317485
317582
  catch (err) {
317486
317583
  console.log(`CRStateMetrics: update ${err}`);
317487
317584
  this.onUpdate = false;
317488
- operator_src_logger.error('CR_METRICS_UPDATE', { error: err });
317585
+ operator_src_logger.error(`On update of CR metrics: ${err}`);
317586
+ await this.__prepareConnection();
317489
317587
  }
317490
317588
  this.onUpdate = false;
317491
317589
  }
package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts CHANGED
@@ -837,97 +837,120 @@ declare const schemas: {
837
837
  $schema: string;
838
838
  $id: string;
839
839
  definitions: {
840
- ExternalSecretsProvider: {
840
+ SecretStore: {
841
841
  $id: string;
842
842
  type: string;
843
- description: string;
844
- allOf: ({
845
- $ref: string;
846
- type?: undefined;
847
- properties?: undefined;
848
- required?: undefined;
849
- } | {
850
- type: string;
851
- properties: {
852
- secretStore: {
843
+ properties: {
844
+ name: {
845
+ type: string;
846
+ };
847
+ kind: {
848
+ type: string;
849
+ enum: string[];
850
+ };
851
+ };
852
+ required: string[];
853
+ };
854
+ ExternalSecretsSection: {
855
+ $id: string;
856
+ type: string;
857
+ properties: {
858
+ refreshInterval: {
859
+ type: string;
860
+ };
861
+ secrets: {
862
+ type: string;
863
+ items: {
864
+ additionalProperties: boolean;
853
865
  type: string;
854
866
  properties: {
855
- name: {
867
+ secretName: {
856
868
  type: string;
857
869
  };
858
- kind: {
870
+ remoteRef: {
859
871
  type: string;
860
- enum: string[];
861
872
  };
862
873
  };
863
874
  required: string[];
864
875
  };
865
- pushSecrets: {
876
+ };
877
+ };
878
+ };
879
+ PushSecretsSection: {
880
+ $id: string;
881
+ type: string;
882
+ items: {
883
+ type: string;
884
+ properties: {
885
+ data: {
886
+ type: string;
887
+ };
888
+ template: {
889
+ type: string;
890
+ };
891
+ secretName: {
866
892
  type: string;
867
- items: {
868
- type: string;
869
- properties: {
870
- data: {
871
- type: string;
872
- };
873
- template: {
874
- type: string;
875
- };
876
- secretName: {
877
- type: string;
878
- };
879
- refreshInterval: {
880
- type: string;
881
- };
882
- generator: {
883
- type: string;
884
- properties: {
885
- name: {
886
- type: string;
887
- };
888
- kind: {
889
- type: string;
890
- enum: string[];
891
- };
892
- apiVersion: {
893
- type: string;
894
- };
895
- conversionStrategy: {
896
- type: string;
897
- };
898
- outputKey: {
899
- type: string;
900
- };
901
- };
902
- required: string[];
903
- };
904
- };
905
- required: string[];
906
- };
907
893
  };
908
- externalSecrets: {
894
+ refreshInterval: {
895
+ type: string;
896
+ };
897
+ generator: {
909
898
  type: string;
910
899
  properties: {
911
- refreshInterval: {
900
+ name: {
912
901
  type: string;
913
902
  };
914
- secrets: {
903
+ kind: {
904
+ type: string;
905
+ enum: string[];
906
+ };
907
+ apiVersion: {
908
+ type: string;
909
+ };
910
+ conversionStrategy: {
911
+ type: string;
912
+ };
913
+ outputKey: {
915
914
  type: string;
916
- items: {
917
- additionalProperties: boolean;
918
- type: string;
919
- properties: {
920
- secretName: {
921
- type: string;
922
- };
923
- };
924
- required: string[];
925
- };
926
915
  };
927
916
  };
917
+ required: string[];
928
918
  };
929
919
  };
930
920
  required: string[];
921
+ };
922
+ };
923
+ ExternalSecretsProvider: {
924
+ $id: string;
925
+ type: string;
926
+ description: string;
927
+ allOf: ({
928
+ $ref: string;
929
+ anyOf?: undefined;
930
+ } | {
931
+ anyOf: ({
932
+ properties: {
933
+ externalSecrets: {
934
+ $ref: string;
935
+ };
936
+ secretStore: {
937
+ $ref: string;
938
+ };
939
+ pushSecrets?: undefined;
940
+ };
941
+ required: string[];
942
+ } | {
943
+ properties: {
944
+ pushSecrets: {
945
+ $ref: string;
946
+ };
947
+ secretStore: {
948
+ $ref: string;
949
+ };
950
+ externalSecrets?: undefined;
951
+ };
952
+ required: string[];
953
+ })[];
931
954
  $ref?: undefined;
932
955
  })[];
933
956
  };
package/build/packages/cdk8s_renderer/src/claims/external-secrets/external-secrets.schema.d.ts CHANGED
@@ -2,97 +2,120 @@ declare const _default: {
2
2
  $schema: string;
3
3
  $id: string;
4
4
  definitions: {
5
- ExternalSecretsProvider: {
5
+ SecretStore: {
6
6
  $id: string;
7
7
  type: string;
8
- description: string;
9
- allOf: ({
10
- $ref: string;
11
- type?: undefined;
12
- properties?: undefined;
13
- required?: undefined;
14
- } | {
15
- type: string;
16
- properties: {
17
- secretStore: {
8
+ properties: {
9
+ name: {
10
+ type: string;
11
+ };
12
+ kind: {
13
+ type: string;
14
+ enum: string[];
15
+ };
16
+ };
17
+ required: string[];
18
+ };
19
+ ExternalSecretsSection: {
20
+ $id: string;
21
+ type: string;
22
+ properties: {
23
+ refreshInterval: {
24
+ type: string;
25
+ };
26
+ secrets: {
27
+ type: string;
28
+ items: {
29
+ additionalProperties: boolean;
18
30
  type: string;
19
31
  properties: {
20
- name: {
32
+ secretName: {
21
33
  type: string;
22
34
  };
23
- kind: {
35
+ remoteRef: {
24
36
  type: string;
25
- enum: string[];
26
37
  };
27
38
  };
28
39
  required: string[];
29
40
  };
30
- pushSecrets: {
41
+ };
42
+ };
43
+ };
44
+ PushSecretsSection: {
45
+ $id: string;
46
+ type: string;
47
+ items: {
48
+ type: string;
49
+ properties: {
50
+ data: {
51
+ type: string;
52
+ };
53
+ template: {
54
+ type: string;
55
+ };
56
+ secretName: {
57
+ type: string;
58
+ };
59
+ refreshInterval: {
31
60
  type: string;
32
- items: {
33
- type: string;
34
- properties: {
35
- data: {
36
- type: string;
37
- };
38
- template: {
39
- type: string;
40
- };
41
- secretName: {
42
- type: string;
43
- };
44
- refreshInterval: {
45
- type: string;
46
- };
47
- generator: {
48
- type: string;
49
- properties: {
50
- name: {
51
- type: string;
52
- };
53
- kind: {
54
- type: string;
55
- enum: string[];
56
- };
57
- apiVersion: {
58
- type: string;
59
- };
60
- conversionStrategy: {
61
- type: string;
62
- };
63
- outputKey: {
64
- type: string;
65
- };
66
- };
67
- required: string[];
68
- };
69
- };
70
- required: string[];
71
- };
72
61
  };
73
- externalSecrets: {
62
+ generator: {
74
63
  type: string;
75
64
  properties: {
76
- refreshInterval: {
65
+ name: {
66
+ type: string;
67
+ };
68
+ kind: {
69
+ type: string;
70
+ enum: string[];
71
+ };
72
+ apiVersion: {
77
73
  type: string;
78
74
  };
79
- secrets: {
75
+ conversionStrategy: {
76
+ type: string;
77
+ };
78
+ outputKey: {
80
79
  type: string;
81
- items: {
82
- additionalProperties: boolean;
83
- type: string;
84
- properties: {
85
- secretName: {
86
- type: string;
87
- };
88
- };
89
- required: string[];
90
- };
91
80
  };
92
81
  };
82
+ required: string[];
93
83
  };
94
84
  };
95
85
  required: string[];
86
+ };
87
+ };
88
+ ExternalSecretsProvider: {
89
+ $id: string;
90
+ type: string;
91
+ description: string;
92
+ allOf: ({
93
+ $ref: string;
94
+ anyOf?: undefined;
95
+ } | {
96
+ anyOf: ({
97
+ properties: {
98
+ externalSecrets: {
99
+ $ref: string;
100
+ };
101
+ secretStore: {
102
+ $ref: string;
103
+ };
104
+ pushSecrets?: undefined;
105
+ };
106
+ required: string[];
107
+ } | {
108
+ properties: {
109
+ pushSecrets: {
110
+ $ref: string;
111
+ };
112
+ secretStore: {
113
+ $ref: string;
114
+ };
115
+ externalSecrets?: undefined;
116
+ };
117
+ required: string[];
118
+ })[];
96
119
  $ref?: undefined;
97
120
  })[];
98
121
  };
package/build/packages/cdk8s_renderer/src/claims/external-secrets/index.d.ts CHANGED
@@ -2,97 +2,120 @@ export declare const SecretsSchemas: {
2
2
  $schema: string;
3
3
  $id: string;
4
4
  definitions: {
5
- ExternalSecretsProvider: {
5
+ SecretStore: {
6
6
  $id: string;
7
7
  type: string;
8
- description: string;
9
- allOf: ({
10
- $ref: string;
11
- type?: undefined;
12
- properties?: undefined;
13
- required?: undefined;
14
- } | {
15
- type: string;
16
- properties: {
17
- secretStore: {
8
+ properties: {
9
+ name: {
10
+ type: string;
11
+ };
12
+ kind: {
13
+ type: string;
14
+ enum: string[];
15
+ };
16
+ };
17
+ required: string[];
18
+ };
19
+ ExternalSecretsSection: {
20
+ $id: string;
21
+ type: string;
22
+ properties: {
23
+ refreshInterval: {
24
+ type: string;
25
+ };
26
+ secrets: {
27
+ type: string;
28
+ items: {
29
+ additionalProperties: boolean;
18
30
  type: string;
19
31
  properties: {
20
- name: {
32
+ secretName: {
21
33
  type: string;
22
34
  };
23
- kind: {
35
+ remoteRef: {
24
36
  type: string;
25
- enum: string[];
26
37
  };
27
38
  };
28
39
  required: string[];
29
40
  };
30
- pushSecrets: {
41
+ };
42
+ };
43
+ };
44
+ PushSecretsSection: {
45
+ $id: string;
46
+ type: string;
47
+ items: {
48
+ type: string;
49
+ properties: {
50
+ data: {
51
+ type: string;
52
+ };
53
+ template: {
54
+ type: string;
55
+ };
56
+ secretName: {
57
+ type: string;
58
+ };
59
+ refreshInterval: {
31
60
  type: string;
32
- items: {
33
- type: string;
34
- properties: {
35
- data: {
36
- type: string;
37
- };
38
- template: {
39
- type: string;
40
- };
41
- secretName: {
42
- type: string;
43
- };
44
- refreshInterval: {
45
- type: string;
46
- };
47
- generator: {
48
- type: string;
49
- properties: {
50
- name: {
51
- type: string;
52
- };
53
- kind: {
54
- type: string;
55
- enum: string[];
56
- };
57
- apiVersion: {
58
- type: string;
59
- };
60
- conversionStrategy: {
61
- type: string;
62
- };
63
- outputKey: {
64
- type: string;
65
- };
66
- };
67
- required: string[];
68
- };
69
- };
70
- required: string[];
71
- };
72
61
  };
73
- externalSecrets: {
62
+ generator: {
74
63
  type: string;
75
64
  properties: {
76
- refreshInterval: {
65
+ name: {
66
+ type: string;
67
+ };
68
+ kind: {
69
+ type: string;
70
+ enum: string[];
71
+ };
72
+ apiVersion: {
77
73
  type: string;
78
74
  };
79
- secrets: {
75
+ conversionStrategy: {
76
+ type: string;
77
+ };
78
+ outputKey: {
80
79
  type: string;
81
- items: {
82
- additionalProperties: boolean;
83
- type: string;
84
- properties: {
85
- secretName: {
86
- type: string;
87
- };
88
- };
89
- required: string[];
90
- };
91
80
  };
92
81
  };
82
+ required: string[];
93
83
  };
94
84
  };
95
85
  required: string[];
86
+ };
87
+ };
88
+ ExternalSecretsProvider: {
89
+ $id: string;
90
+ type: string;
91
+ description: string;
92
+ allOf: ({
93
+ $ref: string;
94
+ anyOf?: undefined;
95
+ } | {
96
+ anyOf: ({
97
+ properties: {
98
+ externalSecrets: {
99
+ $ref: string;
100
+ };
101
+ secretStore: {
102
+ $ref: string;
103
+ };
104
+ pushSecrets?: undefined;
105
+ };
106
+ required: string[];
107
+ } | {
108
+ properties: {
109
+ pushSecrets: {
110
+ $ref: string;
111
+ };
112
+ secretStore: {
113
+ $ref: string;
114
+ };
115
+ externalSecrets?: undefined;
116
+ };
117
+ required: string[];
118
+ })[];
96
119
  $ref?: undefined;
97
120
  })[];
98
121
  };
package/build/packages/cdk8s_renderer/src/validations/crossReferences.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { RenderClaims } from '../renderer/types';
2
+ export declare function validateSubReferences(renderClaims: RenderClaims): void;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@firestartr/cli",
3
- "version": "1.50.0-snapshot-1",
3
+ "version": "1.50.0-snapshot-2",
4
4
  "private": false,
5
5
  "description": "Commandline tool",
6
6
  "main": "build/main.js",