@firestartr/cli 1.53.0-snapshot-6 → 1.53.0-snapshot-7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/build/index.js +114 -405
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -47
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -73
  4. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  5. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  7. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  8. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  11. package/build/packages/operator/src/utils/index.d.ts +0 -7
  12. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  13. package/package.json +1 -1
package/build/index.js CHANGED
@@ -356807,10 +356807,6 @@ class SyncerInitializer extends InitializerPatches {
356807
356807
  const provider = helperCTX(ctx).provider;
356808
356808
  return claim.providers[provider].sync || {};
356809
356809
  }
356810
- function policyInfo(ctx) {
356811
- const provider = helperCTX(ctx).provider;
356812
- return claim.providers[provider].policy;
356813
- }
356814
356810
  return [
356815
356811
  {
356816
356812
  validate(cr) {
@@ -356841,23 +356837,21 @@ class SyncerInitializer extends InitializerPatches {
356841
356837
  }
356842
356838
  },
356843
356839
  apply(cr) {
356844
- cr.metadata.annotations = cr.metadata.annotations || {};
356845
- // Apply general policy annotation
356846
- if (policyInfo(this)) {
356847
- cr.metadata.annotations['firestartr.dev/policy'] =
356848
- policyInfo(this);
356849
- }
356850
356840
  if (syncInfo(this).enabled) {
356841
+ cr.metadata.annotations = cr.metadata.annotations || {};
356851
356842
  cr.metadata.annotations['firestartr.dev/sync-enabled'] = 'true';
356852
356843
  if (syncInfo(this).period) {
356844
+ cr.metadata.annotations = cr.metadata.annotations || {};
356853
356845
  cr.metadata.annotations['firestartr.dev/sync-period'] =
356854
356846
  syncInfo(this).period;
356855
356847
  }
356856
356848
  if (syncInfo(this).policy) {
356849
+ cr.metadata.annotations = cr.metadata.annotations || {};
356857
356850
  cr.metadata.annotations['firestartr.dev/sync-policy'] =
356858
356851
  syncInfo(this).policy;
356859
356852
  }
356860
356853
  if (syncInfo(this).schedule) {
356854
+ cr.metadata.annotations = cr.metadata.annotations || {};
356861
356855
  cr.metadata.annotations[SYNC_SCHED_ANNOTATION] =
356862
356856
  syncInfo(this).schedule;
356863
356857
  cr.metadata.annotations[SYNC_SCHED_TIMEZONE_ANNOTATION] =
@@ -357578,69 +357572,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357578
357572
  },
357579
357573
  additionalProperties: false,
357580
357574
  },
357581
- PolicyType: {
357582
- $id: 'firestartr.dev://common/PolicyType',
357583
- type: 'string',
357584
- description: 'Policy for resource management',
357585
- enum: [
357586
- 'apply',
357587
- 'create-only',
357588
- 'create-update-only',
357589
- 'full-control',
357590
- 'observe',
357591
- 'observe-only',
357592
- ],
357593
- },
357594
- SyncConfig: {
357595
- $id: 'firestartr.dev://common/SyncConfig',
357596
- type: 'object',
357597
- description: 'Sync configuration for resources',
357598
- properties: {
357599
- enabled: {
357600
- type: 'boolean',
357601
- description: 'Enable periodic sync operations',
357602
- },
357603
- period: {
357604
- type: 'string',
357605
- pattern: '^[0-9]+[smhd]$',
357606
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357607
- },
357608
- schedule: {
357609
- type: 'string',
357610
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357611
- },
357612
- schedule_timezone: {
357613
- type: 'string',
357614
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357615
- },
357616
- policy: {
357617
- type: 'string',
357618
- description: 'Policy for sync operations (apply or observe)',
357619
- },
357620
- },
357621
- additionalProperties: false,
357622
- required: ['enabled'],
357623
- oneOf: [
357624
- {
357625
- required: ['period'],
357626
- },
357627
- {
357628
- required: ['schedule'],
357629
- },
357630
- {
357631
- not: {
357632
- anyOf: [
357633
- {
357634
- required: ['period'],
357635
- },
357636
- {
357637
- required: ['schedule'],
357638
- },
357639
- ],
357640
- },
357641
- },
357642
- ],
357643
- },
357644
357575
  },
357645
357576
  });
357646
357577
 
@@ -358001,9 +357932,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358001
357932
  {
358002
357933
  type: 'object',
358003
357934
  properties: {
358004
- policy: {
358005
- $ref: 'firestartr.dev://common/PolicyType',
358006
- },
358007
357935
  privacy: {
358008
357936
  type: 'string',
358009
357937
  enum: ['closed', 'secret'],
@@ -358014,9 +357942,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358014
357942
  org: {
358015
357943
  type: 'string',
358016
357944
  },
358017
- sync: {
358018
- $ref: 'firestartr.dev://common/SyncConfig',
358019
- },
358020
357945
  },
358021
357946
  required: ['org', 'privacy'],
358022
357947
  },
@@ -358042,9 +357967,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358042
357967
  {
358043
357968
  type: 'object',
358044
357969
  properties: {
358045
- policy: {
358046
- $ref: 'firestartr.dev://common/PolicyType',
358047
- },
358048
357970
  role: {
358049
357971
  type: 'string',
358050
357972
  enum: ['admin', 'member'],
@@ -358052,9 +357974,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358052
357974
  org: {
358053
357975
  type: 'string',
358054
357976
  },
358055
- sync: {
358056
- $ref: 'firestartr.dev://common/SyncConfig',
358057
- },
358058
357977
  },
358059
357978
  required: ['org', 'role'],
358060
357979
  },
@@ -358079,9 +357998,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358079
357998
  {
358080
357999
  type: 'object',
358081
358000
  properties: {
358082
- policy: {
358083
- $ref: 'firestartr.dev://common/PolicyType',
358084
- },
358085
358001
  org: {
358086
358002
  type: 'string',
358087
358003
  description: 'The github organization name',
@@ -358090,9 +358006,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358090
358006
  type: 'string',
358091
358007
  enum: ['private', 'public', 'internal'],
358092
358008
  },
358093
- sync: {
358094
- $ref: 'firestartr.dev://common/SyncConfig',
358095
- },
358096
358009
  features: {
358097
358010
  type: 'array',
358098
358011
  items: {
@@ -358128,9 +358041,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358128
358041
  {
358129
358042
  type: 'object',
358130
358043
  properties: {
358131
- policy: {
358132
- $ref: 'firestartr.dev://common/PolicyType',
358133
- },
358134
358044
  orgName: {
358135
358045
  type: 'string',
358136
358046
  description: 'Organization name on GitHub',
@@ -358164,9 +358074,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358164
358074
  },
358165
358075
  required: ['url', 'contentType', 'events', 'secretRef'],
358166
358076
  },
358167
- sync: {
358168
- $ref: 'firestartr.dev://common/SyncConfig',
358169
- },
358170
358077
  },
358171
358078
  required: ['orgName', 'webhook'],
358172
358079
  },
@@ -358338,7 +358245,15 @@ const GithubSchemas = [
358338
358245
  type: 'object',
358339
358246
  properties: {
358340
358247
  policy: {
358341
- $ref: 'firestartr.dev://common/PolicyType',
358248
+ type: 'string',
358249
+ enum: [
358250
+ 'apply',
358251
+ 'create-only',
358252
+ 'create-update-only',
358253
+ 'full-control',
358254
+ 'observe',
358255
+ 'observe-only',
358256
+ ],
358342
358257
  },
358343
358258
  name: {
358344
358259
  type: 'string',
@@ -358348,7 +358263,47 @@ const GithubSchemas = [
358348
358263
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358349
358264
  },
358350
358265
  sync: {
358351
- $ref: 'firestartr.dev://common/SyncConfig',
358266
+ type: 'object',
358267
+ properties: {
358268
+ enabled: {
358269
+ type: 'boolean',
358270
+ },
358271
+ period: {
358272
+ type: 'string',
358273
+ pattern: '^[0-9]+[smhd]$',
358274
+ },
358275
+ schedule: {
358276
+ type: 'string',
358277
+ },
358278
+ schedule_timezone: {
358279
+ type: 'string',
358280
+ },
358281
+ policy: {
358282
+ type: 'string',
358283
+ },
358284
+ },
358285
+ additionalProperties: false,
358286
+ required: ['enabled'],
358287
+ oneOf: [
358288
+ {
358289
+ required: ['period'],
358290
+ },
358291
+ {
358292
+ required: ['schedule'],
358293
+ },
358294
+ {
358295
+ not: {
358296
+ anyOf: [
358297
+ {
358298
+ required: ['period'],
358299
+ },
358300
+ {
358301
+ required: ['schedule'],
358302
+ },
358303
+ ],
358304
+ },
358305
+ },
358306
+ ],
358352
358307
  },
358353
358308
  valuesSchema: {
358354
358309
  type: 'string',
@@ -370455,15 +370410,10 @@ class Resource {
370455
370410
  this.set('operation', operation);
370456
370411
  this.set('deps', deps);
370457
370412
  }
370458
- async run(options) {
370413
+ async run() {
370459
370414
  await this.preprocess();
370460
370415
  await this.synth();
370461
- if (options?.planOnly) {
370462
- await this.runTerraformPlanOnly();
370463
- }
370464
- else {
370465
- await this.runTerraform();
370466
- }
370416
+ await this.runTerraform();
370467
370417
  await this.postprocess();
370468
370418
  if (this.logStream) {
370469
370419
  this.logStream.end();
@@ -370488,13 +370438,6 @@ class Resource {
370488
370438
  log(msg) {
370489
370439
  this.logFn(msg);
370490
370440
  }
370491
- async runTerraformPlanOnly() {
370492
- await this.onTFStreaming();
370493
- let output = '';
370494
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370495
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370496
- this.set('output', output);
370497
- }
370498
370441
  async runTerraform() {
370499
370442
  await this.onTFStreaming();
370500
370443
  let output = '';
@@ -370882,7 +370825,7 @@ async function runProvisioner(data, opts) {
370882
370825
  if ('logStreamCallbacksTF' in opts) {
370883
370826
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370884
370827
  }
370885
- await resource.run({ planOnly: opts.planOnly });
370828
+ await resource.run();
370886
370829
  return resource;
370887
370830
  }
370888
370831
  function createInstanceOf(entity, op, deps) {
@@ -371164,51 +371107,6 @@ function helperCreateCheckRunName(cmd, item) {
371164
371107
  return `${item.kind} - ${cmd}`;
371165
371108
  }
371166
371109
 
371167
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371168
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371169
- function replaceConfigSecrets(config, secrets) {
371170
- for (const key in config) {
371171
- if (typeof config[key] === 'object' && config[key] !== null) {
371172
- // If the property is an object, call this function recursively
371173
- replaceConfigSecrets(config[key], secrets);
371174
- }
371175
- else if (typeof config[key] === 'string') {
371176
- // If the property is a string and its value is equal to secrets.something,
371177
- // replace the value with the value of the 'something' key in the secrets object
371178
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371179
- if (!secrets[group1]) {
371180
- throw new Error(`Secret ${group1} not found in secrets`);
371181
- }
371182
- return secrets[group1];
371183
- });
371184
- }
371185
- }
371186
- return config;
371187
- }
371188
- function replaceInlineSecrets(inline, secrets) {
371189
- if (typeof inline !== 'string' || !inline)
371190
- return inline;
371191
- let result = inline;
371192
- result = result.replace(secretRegex, (_, group1) => {
371193
- if (!secrets[group1]) {
371194
- throw new Error(`Secret ${group1} not found in secrets`);
371195
- }
371196
- return secrets[group1];
371197
- });
371198
- return result;
371199
- }
371200
- /**
371201
- * Retrieves a policy annotation value from a custom resource
371202
- * @param item - The CR to get the policy from
371203
- * @param annotation - The annotation key to retrieve
371204
- * @returns The policy value, or undefined if not set
371205
- */
371206
- function getPolicy(item, annotation) {
371207
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371208
- if (policy)
371209
- return policy;
371210
- }
371211
-
371212
371110
  ;// CONCATENATED MODULE: ../operator/cdktf.ts
371213
371111
 
371214
371112
 
@@ -371218,17 +371116,9 @@ function getPolicy(item, annotation) {
371218
371116
 
371219
371117
 
371220
371118
 
371221
-
371222
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371223
371119
  function processOperation(item, op, handler) {
371224
371120
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371225
371121
  try {
371226
- const policy = getPolicy(item, 'firestartr.dev/policy');
371227
- // If general policy is observe/observe-only, route to observe mode instead of apply
371228
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371229
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371230
- return cdktf_observe(item, op, handler);
371231
- }
371232
371122
  switch (op) {
371233
371123
  case OperationType.UPDATED:
371234
371124
  return updated(item, op, handler);
@@ -371253,11 +371143,6 @@ function processOperation(item, op, handler) {
371253
371143
  throw e;
371254
371144
  }
371255
371145
  }
371256
- async function* cdktf_observe(item, op, handler) {
371257
- for await (const transition of doPlan(item, op, handler)) {
371258
- yield transition;
371259
- }
371260
- }
371261
371146
  async function* created(item, op, handler) {
371262
371147
  for await (const transition of doApply(item, op, handler)) {
371263
371148
  yield transition;
@@ -371293,18 +371178,8 @@ async function* sync(item, op, handler) {
371293
371178
  status: 'False',
371294
371179
  message: 'Synth CDKTF',
371295
371180
  };
371296
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371297
- if (syncPolicy === 'apply') {
371298
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371299
- for await (const transition of doApply(item, op, handler)) {
371300
- yield transition;
371301
- }
371302
- }
371303
- else {
371304
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371305
- for await (const transition of doPlan(item, op, handler)) {
371306
- yield transition;
371307
- }
371181
+ for await (const transition of doApply(item, op, handler)) {
371182
+ yield transition;
371308
371183
  }
371309
371184
  yield {
371310
371185
  item,
@@ -371343,14 +371218,15 @@ async function* markedToDeletion(item, op, handler) {
371343
371218
  message: 'Destroying process started',
371344
371219
  };
371345
371220
  const deps = await handler.resolveReferences();
371346
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371221
+ const annotation = 'firestartr.dev/last-state-pr';
371222
+ const statePr = item?.metadata?.annotations?.[annotation];
371347
371223
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371348
371224
  if (!hasStatePr) {
371349
371225
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371350
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371226
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371351
371227
  }
371352
371228
  else {
371353
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371229
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371354
371230
  }
371355
371231
  const destroyOutput = await provisioner.runProvisioner({
371356
371232
  mainCr: item,
@@ -371385,7 +371261,7 @@ async function* markedToDeletion(item, op, handler) {
371385
371261
  };
371386
371262
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371387
371263
  await handler.writeTerraformOutputInTfResult(item, output);
371388
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371264
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371389
371265
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371390
371266
  }
371391
371267
  void handler.success();
@@ -371466,14 +371342,15 @@ async function* doApply(item, op, handler) {
371466
371342
  }
371467
371343
  const deps = await handler.resolveReferences();
371468
371344
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371469
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371345
+ const annotation = 'firestartr.dev/last-state-pr';
371346
+ const statePr = item?.metadata?.annotations?.[annotation];
371470
371347
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371471
371348
  if (!hasStatePr) {
371472
371349
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371473
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371350
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371474
371351
  }
371475
371352
  else {
371476
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371353
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371477
371354
  }
371478
371355
  const applyOutput = await provisioner.runProvisioner({
371479
371356
  mainCr: item,
@@ -371569,219 +371446,6 @@ async function* doApply(item, op, handler) {
371569
371446
  }
371570
371447
  }
371571
371448
  }
371572
- async function* doPlan(item, op, handler) {
371573
- let checkRunCtl;
371574
- try {
371575
- cleanTerraformState();
371576
- yield {
371577
- item,
371578
- reason: op,
371579
- type: 'PLANNING',
371580
- status: 'True',
371581
- message: 'Planning process started',
371582
- };
371583
- const deps = await handler.resolveReferences();
371584
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371585
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371586
- if (!hasStatePr) {
371587
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371588
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371589
- }
371590
- else {
371591
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371592
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371593
- }
371594
- // Run provisioner in plan-only mode
371595
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371596
- planOnly: true,
371597
- delete: 'deletionTimestamp' in item.metadata,
371598
- ...(hasStatePr
371599
- ? {
371600
- logStreamCallbacksCDKTF: {
371601
- prepare: async () => {
371602
- checkRunCtl = await GHCheckRun('synth', item);
371603
- return checkRunCtl;
371604
- },
371605
- },
371606
- logStreamCallbacksTF: {
371607
- prepare: async () => {
371608
- checkRunCtl = await GHCheckRun('plan', item);
371609
- return checkRunCtl;
371610
- },
371611
- },
371612
- }
371613
- : {}),
371614
- });
371615
- const planOutput = planResult?.output || '';
371616
- // Parse terraform plan output to detect changes
371617
- // Handles multiple Terraform output formats and versions
371618
- const hasChanges = detectPlanChanges(planOutput);
371619
- if (hasChanges) {
371620
- yield {
371621
- item,
371622
- reason: op,
371623
- type: 'OUT_OF_SYNC',
371624
- status: 'True',
371625
- message: 'Plan has changes',
371626
- };
371627
- yield {
371628
- item,
371629
- reason: op,
371630
- type: 'PROVISIONED',
371631
- status: 'False',
371632
- message: 'Plan has changes',
371633
- };
371634
- }
371635
- else {
371636
- yield {
371637
- item,
371638
- reason: op,
371639
- type: 'OUT_OF_SYNC',
371640
- status: 'False',
371641
- message: 'Plan has no changes',
371642
- };
371643
- yield {
371644
- item,
371645
- reason: op,
371646
- type: 'PROVISIONED',
371647
- status: 'True',
371648
- message: 'Plan has no changes',
371649
- };
371650
- }
371651
- // Store plan details for later reference
371652
- yield {
371653
- item,
371654
- reason: op,
371655
- type: 'LAST_PLAN_DETAILS',
371656
- status: 'Unknown',
371657
- message: planOutput,
371658
- };
371659
- yield {
371660
- item,
371661
- reason: op,
371662
- type: 'PLANNING',
371663
- status: 'False',
371664
- message: 'Planning process finished',
371665
- };
371666
- if (hasStatePr) {
371667
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371668
- }
371669
- }
371670
- catch (e) {
371671
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371672
- if (checkRunCtl) {
371673
- checkRunCtl.fnOnError(e);
371674
- }
371675
- yield {
371676
- item,
371677
- reason: op,
371678
- type: 'ERROR',
371679
- status: 'True',
371680
- message: e.toString(),
371681
- };
371682
- yield {
371683
- item,
371684
- reason: op,
371685
- type: 'PLANNING',
371686
- status: 'False',
371687
- message: e.toString(),
371688
- };
371689
- yield {
371690
- item,
371691
- reason: op,
371692
- type: 'PROVISIONED',
371693
- status: 'False',
371694
- message: e.toString(),
371695
- };
371696
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371697
- if (statePr) {
371698
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371699
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371700
- }
371701
- await handler.writeTerraformOutputInTfResult(item, e);
371702
- void handler.error();
371703
- }
371704
- }
371705
- /**
371706
- * Detects if a Terraform plan output contains changes
371707
- * Handles multiple Terraform versions and output formats
371708
- * @param planOutput - The text output from terraform plan
371709
- * @returns true if changes are detected, false otherwise
371710
- */
371711
- function detectPlanChanges(planOutput) {
371712
- if (!planOutput || planOutput.trim().length === 0) {
371713
- return false;
371714
- }
371715
- // Normalize the output for consistent matching
371716
- const normalized = planOutput.toLowerCase();
371717
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371718
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371719
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371720
- const planMatch = planOutput.match(planPattern);
371721
- if (planMatch) {
371722
- const add = Number(planMatch[1]);
371723
- const change = Number(planMatch[2]);
371724
- const destroy = Number(planMatch[3]);
371725
- if (add > 0 || change > 0 || destroy > 0) {
371726
- return true;
371727
- }
371728
- // Explicitly found "Plan:" with 0/0/0 - no changes
371729
- return false;
371730
- }
371731
- // Pattern 2: Individual change indicators
371732
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371733
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371734
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371735
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371736
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371737
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371738
- return true;
371739
- }
371740
- // Pattern 3: Resource-level change indicators
371741
- // Matches: "# resource will be created", "# resource will be updated", etc.
371742
- const resourceChangePatterns = [
371743
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371744
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371745
- /#.*\s+(create|destroy|update|replace)/i,
371746
- ];
371747
- for (const pattern of resourceChangePatterns) {
371748
- if (pattern.test(planOutput)) {
371749
- return true;
371750
- }
371751
- }
371752
- // Pattern 4: Action symbols in plan output
371753
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371754
- const actionSymbols = [
371755
- /^\s*[+]\s+/m,
371756
- /^\s*[-]\s+/m,
371757
- /^\s*[~]\s+/m,
371758
- /^\s*[-][/][+]\s+/m, // Replace
371759
- ];
371760
- for (const pattern of actionSymbols) {
371761
- if (pattern.test(planOutput)) {
371762
- return true;
371763
- }
371764
- }
371765
- // Pattern 5: No changes messages (inverse check)
371766
- const noChangesPatterns = [
371767
- /no\s+changes/i,
371768
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371769
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371770
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371771
- ];
371772
- for (const pattern of noChangesPatterns) {
371773
- if (pattern.test(planOutput)) {
371774
- return false;
371775
- }
371776
- }
371777
- // If we find "Plan:" keyword but couldn't parse it, log a warning and assume no changes
371778
- if (normalized.includes('plan:')) {
371779
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. Assuming no changes.');
371780
- return false;
371781
- }
371782
- // Default: assume no changes if we can't detect any
371783
- return false;
371784
- }
371785
371449
  function cleanTerraformState() {
371786
371450
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371787
371451
  recursive: true,
@@ -372781,6 +372445,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372781
372445
  return `TFWorkspace - ${cmd}`;
372782
372446
  }
372783
372447
 
372448
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372449
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372450
+ function replaceConfigSecrets(config, secrets) {
372451
+ for (const key in config) {
372452
+ if (typeof config[key] === 'object' && config[key] !== null) {
372453
+ // If the property is an object, call this function recursively
372454
+ replaceConfigSecrets(config[key], secrets);
372455
+ }
372456
+ else if (typeof config[key] === 'string') {
372457
+ // If the property is a string and its value is equal to secrets.something,
372458
+ // replace the value with the value of the 'something' key in the secrets object
372459
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372460
+ if (!secrets[group1]) {
372461
+ throw new Error(`Secret ${group1} not found in secrets`);
372462
+ }
372463
+ return secrets[group1];
372464
+ });
372465
+ }
372466
+ }
372467
+ return config;
372468
+ }
372469
+ function replaceInlineSecrets(inline, secrets) {
372470
+ if (typeof inline !== 'string' || !inline)
372471
+ return inline;
372472
+ let result = inline;
372473
+ result = result.replace(secretRegex, (_, group1) => {
372474
+ if (!secrets[group1]) {
372475
+ throw new Error(`Secret ${group1} not found in secrets`);
372476
+ }
372477
+ return secrets[group1];
372478
+ });
372479
+ return result;
372480
+ }
372481
+
372784
372482
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372785
372483
 
372786
372484
 
@@ -372971,6 +372669,11 @@ async function* process_operation_renamed(item, op, handler) {
372971
372669
  yield transition;
372972
372670
  }
372973
372671
  }
372672
+ function getPolicy(item, annotation) {
372673
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372674
+ if (policy)
372675
+ return policy;
372676
+ }
372974
372677
  async function* process_operation_updated(item, op, handler) {
372975
372678
  for await (const transition of process_operation_doApply(item, op, handler)) {
372976
372679
  yield transition;
@@ -373614,7 +373317,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373614
373317
  function processOperationPlan(item, op, handler) {
373615
373318
  try {
373616
373319
  processOperationPlan_clearLocalTfProjects();
373617
- const policy = getPolicy(item, 'firestartr.dev/policy');
373320
+ const policy = processOperationPlan_getPolicy(item);
373618
373321
  if (policy === 'observe' || policy === 'apply') {
373619
373322
  return processOperationPlan_plan(item, op, handler);
373620
373323
  }
@@ -374061,6 +373764,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374061
373764
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374062
373765
  }
374063
373766
  }
373767
+ function processOperationPlan_getPolicy(item) {
373768
+ const policy = item.metadata.annotations &&
373769
+ item.metadata.annotations['firestartr.dev/policy'];
373770
+ if (policy)
373771
+ return policy;
373772
+ }
374064
373773
 
374065
373774
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374066
373775
  class Ctx {
package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts CHANGED
@@ -91,53 +91,6 @@ declare const _default: {
91
91
  };
92
92
  additionalProperties: boolean;
93
93
  };
94
- PolicyType: {
95
- $id: string;
96
- type: string;
97
- description: string;
98
- enum: string[];
99
- };
100
- SyncConfig: {
101
- $id: string;
102
- type: string;
103
- description: string;
104
- properties: {
105
- enabled: {
106
- type: string;
107
- description: string;
108
- };
109
- period: {
110
- type: string;
111
- pattern: string;
112
- description: string;
113
- };
114
- schedule: {
115
- type: string;
116
- description: string;
117
- };
118
- schedule_timezone: {
119
- type: string;
120
- description: string;
121
- };
122
- policy: {
123
- type: string;
124
- description: string;
125
- };
126
- };
127
- additionalProperties: boolean;
128
- required: string[];
129
- oneOf: ({
130
- required: string[];
131
- not?: undefined;
132
- } | {
133
- not: {
134
- anyOf: {
135
- required: string[];
136
- }[];
137
- };
138
- required?: undefined;
139
- })[];
140
- };
141
94
  };
142
95
  };
143
96
  export default _default;
package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts CHANGED
@@ -95,53 +95,6 @@ declare const schemas: {
95
95
  };
96
96
  additionalProperties: boolean;
97
97
  };
98
- PolicyType: {
99
- $id: string;
100
- type: string;
101
- description: string;
102
- enum: string[];
103
- };
104
- SyncConfig: {
105
- $id: string;
106
- type: string;
107
- description: string;
108
- properties: {
109
- enabled: {
110
- type: string;
111
- description: string;
112
- };
113
- period: {
114
- type: string;
115
- pattern: string;
116
- description: string;
117
- };
118
- schedule: {
119
- type: string;
120
- description: string;
121
- };
122
- schedule_timezone: {
123
- type: string;
124
- description: string;
125
- };
126
- policy: {
127
- type: string;
128
- description: string;
129
- };
130
- };
131
- additionalProperties: boolean;
132
- required: string[];
133
- oneOf: ({
134
- required: string[];
135
- not?: undefined;
136
- } | {
137
- not: {
138
- anyOf: {
139
- required: string[];
140
- }[];
141
- };
142
- required?: undefined;
143
- })[];
144
- };
145
98
  };
146
99
  } | {
147
100
  $schema: string;
@@ -426,9 +379,6 @@ declare const schemas: {
426
379
  } | {
427
380
  type: string;
428
381
  properties: {
429
- policy: {
430
- $ref: string;
431
- };
432
382
  privacy: {
433
383
  type: string;
434
384
  enum: string[];
@@ -439,9 +389,6 @@ declare const schemas: {
439
389
  org: {
440
390
  type: string;
441
391
  };
442
- sync: {
443
- $ref: string;
444
- };
445
392
  };
446
393
  required: string[];
447
394
  $ref?: undefined;
@@ -464,9 +411,6 @@ declare const schemas: {
464
411
  } | {
465
412
  type: string;
466
413
  properties: {
467
- policy: {
468
- $ref: string;
469
- };
470
414
  role: {
471
415
  type: string;
472
416
  enum: string[];
@@ -474,9 +418,6 @@ declare const schemas: {
474
418
  org: {
475
419
  type: string;
476
420
  };
477
- sync: {
478
- $ref: string;
479
- };
480
421
  };
481
422
  required: string[];
482
423
  $ref?: undefined;
@@ -544,9 +485,6 @@ declare const schemas: {
544
485
  } | {
545
486
  type: string;
546
487
  properties: {
547
- policy: {
548
- $ref: string;
549
- };
550
488
  org: {
551
489
  type: string;
552
490
  description: string;
@@ -555,9 +493,6 @@ declare const schemas: {
555
493
  type: string;
556
494
  enum: string[];
557
495
  };
558
- sync: {
559
- $ref: string;
560
- };
561
496
  features: {
562
497
  type: string;
563
498
  items: {
@@ -592,9 +527,6 @@ declare const schemas: {
592
527
  } | {
593
528
  type: string;
594
529
  properties: {
595
- policy: {
596
- $ref: string;
597
- };
598
530
  orgName: {
599
531
  type: string;
600
532
  description: string;
@@ -628,9 +560,6 @@ declare const schemas: {
628
560
  };
629
561
  required: string[];
630
562
  };
631
- sync: {
632
- $ref: string;
633
- };
634
563
  };
635
564
  required: string[];
636
565
  $ref?: undefined;
@@ -735,7 +664,8 @@ declare const schemas: {
735
664
  type: string;
736
665
  properties: {
737
666
  policy: {
738
- $ref: string;
667
+ type: string;
668
+ enum: string[];
739
669
  };
740
670
  name: {
741
671
  type: string;
@@ -745,7 +675,38 @@ declare const schemas: {
745
675
  enum: string[];
746
676
  };
747
677
  sync: {
748
- $ref: string;
678
+ type: string;
679
+ properties: {
680
+ enabled: {
681
+ type: string;
682
+ };
683
+ period: {
684
+ type: string;
685
+ pattern: string;
686
+ };
687
+ schedule: {
688
+ type: string;
689
+ };
690
+ schedule_timezone: {
691
+ type: string;
692
+ };
693
+ policy: {
694
+ type: string;
695
+ };
696
+ };
697
+ additionalProperties: boolean;
698
+ required: string[];
699
+ oneOf: ({
700
+ required: string[];
701
+ not?: undefined;
702
+ } | {
703
+ not: {
704
+ anyOf: {
705
+ required: string[];
706
+ }[];
707
+ };
708
+ required?: undefined;
709
+ })[];
749
710
  };
750
711
  valuesSchema: {
751
712
  type: string;
package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts CHANGED
@@ -15,9 +15,6 @@ declare const _default: {
15
15
  } | {
16
16
  type: string;
17
17
  properties: {
18
- policy: {
19
- $ref: string;
20
- };
21
18
  org: {
22
19
  type: string;
23
20
  description: string;
@@ -26,9 +23,6 @@ declare const _default: {
26
23
  type: string;
27
24
  enum: string[];
28
25
  };
29
- sync: {
30
- $ref: string;
31
- };
32
26
  features: {
33
27
  type: string;
34
28
  items: {
package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  privacy: {
21
18
  type: string;
22
19
  enum: string[];
@@ -27,9 +24,6 @@ declare const _default: {
27
24
  org: {
28
25
  type: string;
29
26
  };
30
- sync: {
31
- $ref: string;
32
- };
33
27
  };
34
28
  required: string[];
35
29
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts CHANGED
@@ -14,9 +14,6 @@ export declare const GithubSchemas: ({
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  privacy: {
21
18
  type: string;
22
19
  enum: string[];
@@ -27,9 +24,6 @@ export declare const GithubSchemas: ({
27
24
  org: {
28
25
  type: string;
29
26
  };
30
- sync: {
31
- $ref: string;
32
- };
33
27
  };
34
28
  required: string[];
35
29
  $ref?: undefined;
@@ -52,9 +46,6 @@ export declare const GithubSchemas: ({
52
46
  } | {
53
47
  type: string;
54
48
  properties: {
55
- policy: {
56
- $ref: string;
57
- };
58
49
  role: {
59
50
  type: string;
60
51
  enum: string[];
@@ -62,9 +53,6 @@ export declare const GithubSchemas: ({
62
53
  org: {
63
54
  type: string;
64
55
  };
65
- sync: {
66
- $ref: string;
67
- };
68
56
  };
69
57
  required: string[];
70
58
  $ref?: undefined;
@@ -132,9 +120,6 @@ export declare const GithubSchemas: ({
132
120
  } | {
133
121
  type: string;
134
122
  properties: {
135
- policy: {
136
- $ref: string;
137
- };
138
123
  org: {
139
124
  type: string;
140
125
  description: string;
@@ -143,9 +128,6 @@ export declare const GithubSchemas: ({
143
128
  type: string;
144
129
  enum: string[];
145
130
  };
146
- sync: {
147
- $ref: string;
148
- };
149
131
  features: {
150
132
  type: string;
151
133
  items: {
@@ -180,9 +162,6 @@ export declare const GithubSchemas: ({
180
162
  } | {
181
163
  type: string;
182
164
  properties: {
183
- policy: {
184
- $ref: string;
185
- };
186
165
  orgName: {
187
166
  type: string;
188
167
  description: string;
@@ -216,9 +195,6 @@ export declare const GithubSchemas: ({
216
195
  };
217
196
  required: string[];
218
197
  };
219
- sync: {
220
- $ref: string;
221
- };
222
198
  };
223
199
  required: string[];
224
200
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  orgName: {
21
18
  type: string;
22
19
  description: string;
@@ -50,9 +47,6 @@ declare const _default: {
50
47
  };
51
48
  required: string[];
52
49
  };
53
- sync: {
54
- $ref: string;
55
- };
56
50
  };
57
51
  required: string[];
58
52
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  role: {
21
18
  type: string;
22
19
  enum: string[];
@@ -24,9 +21,6 @@ declare const _default: {
24
21
  org: {
25
22
  type: string;
26
23
  };
27
- sync: {
28
- $ref: string;
29
- };
30
24
  };
31
25
  required: string[];
32
26
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts CHANGED
@@ -14,7 +14,8 @@ export declare const TerraformSchemas: {
14
14
  type: string;
15
15
  properties: {
16
16
  policy: {
17
- $ref: string;
17
+ type: string;
18
+ enum: string[];
18
19
  };
19
20
  name: {
20
21
  type: string;
@@ -24,7 +25,38 @@ export declare const TerraformSchemas: {
24
25
  enum: string[];
25
26
  };
26
27
  sync: {
27
- $ref: string;
28
+ type: string;
29
+ properties: {
30
+ enabled: {
31
+ type: string;
32
+ };
33
+ period: {
34
+ type: string;
35
+ pattern: string;
36
+ };
37
+ schedule: {
38
+ type: string;
39
+ };
40
+ schedule_timezone: {
41
+ type: string;
42
+ };
43
+ policy: {
44
+ type: string;
45
+ };
46
+ };
47
+ additionalProperties: boolean;
48
+ required: string[];
49
+ oneOf: ({
50
+ required: string[];
51
+ not?: undefined;
52
+ } | {
53
+ not: {
54
+ anyOf: {
55
+ required: string[];
56
+ }[];
57
+ };
58
+ required?: undefined;
59
+ })[];
28
60
  };
29
61
  valuesSchema: {
30
62
  type: string;
package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts CHANGED
@@ -14,7 +14,8 @@ declare const _default: {
14
14
  type: string;
15
15
  properties: {
16
16
  policy: {
17
- $ref: string;
17
+ type: string;
18
+ enum: string[];
18
19
  };
19
20
  name: {
20
21
  type: string;
@@ -24,7 +25,38 @@ declare const _default: {
24
25
  enum: string[];
25
26
  };
26
27
  sync: {
27
- $ref: string;
28
+ type: string;
29
+ properties: {
30
+ enabled: {
31
+ type: string;
32
+ };
33
+ period: {
34
+ type: string;
35
+ pattern: string;
36
+ };
37
+ schedule: {
38
+ type: string;
39
+ };
40
+ schedule_timezone: {
41
+ type: string;
42
+ };
43
+ policy: {
44
+ type: string;
45
+ };
46
+ };
47
+ additionalProperties: boolean;
48
+ required: string[];
49
+ oneOf: ({
50
+ required: string[];
51
+ not?: undefined;
52
+ } | {
53
+ not: {
54
+ anyOf: {
55
+ required: string[];
56
+ }[];
57
+ };
58
+ required?: undefined;
59
+ })[];
28
60
  };
29
61
  valuesSchema: {
30
62
  type: string;
package/build/packages/operator/src/utils/index.d.ts CHANGED
@@ -1,9 +1,2 @@
1
1
  export declare function replaceConfigSecrets(config: any, secrets: any): any;
2
2
  export declare function replaceInlineSecrets(inline: string, secrets: any): string;
3
- /**
4
- * Retrieves a policy annotation value from a custom resource
5
- * @param item - The CR to get the policy from
6
- * @param annotation - The annotation key to retrieve
7
- * @returns The policy value, or undefined if not set
8
- */
9
- export declare function getPolicy(item: any, annotation: string): string | undefined;
package/build/packages/provisioner/src/resources/resource.d.ts CHANGED
@@ -14,13 +14,10 @@ export declare class Resource {
14
14
  onTFStreaming(): Promise<void>;
15
15
  setLogStream(fnData: Function, fnEnd: Function, reopen?: boolean): void;
16
16
  constructor(mainCR: any, operation: string, deps?: any[]);
17
- run(options?: {
18
- planOnly?: boolean;
19
- }): Promise<void>;
17
+ run(): Promise<void>;
20
18
  artifact(): any;
21
19
  synth(): Promise<void>;
22
20
  log(msg: string): void;
23
- runTerraformPlanOnly(): Promise<void>;
24
21
  runTerraform(): Promise<void>;
25
22
  preprocess(): Promise<void>;
26
23
  postprocess(): Promise<void>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@firestartr/cli",
3
- "version": "1.53.0-snapshot-6",
3
+ "version": "1.53.0-snapshot-7",
4
4
  "private": false,
5
5
  "description": "Commandline tool",
6
6
  "main": "build/main.js",