@firestartr/cli 1.54.0-snapshot-1 → 1.54.0-snapshot-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/build/index.js +339 -484
  2. package/build/packages/cdk8s_renderer/imports/firestartr.dev.d.ts +3 -1
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -6
  4. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -77
  5. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  7. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  8. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  11. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  12. package/build/packages/cdk8s_renderer/src/refsSorter/refsExtractor.d.ts +1 -1
  13. package/build/packages/operator/src/metrics/CRStates.d.ts +1 -0
  14. package/build/packages/operator/src/syncCtl.d.ts +1 -0
  15. package/build/packages/operator/src/utils/index.d.ts +0 -7
  16. package/build/packages/operator/src/utils/operationErrorMessages.d.ts +1 -0
  17. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  18. package/build/packages/terraform_provisioner/src/resolutor/index.d.ts +1 -0
  19. package/build/packages/terraform_provisioner/src/resolutor/resolver.d.ts +1 -0
  20. package/package.json +1 -1
  21. package/build/packages/cdk8s_renderer/src/claims/base/schemas/sync-config.schema.d.ts +0 -47
package/build/index.js CHANGED
@@ -356807,10 +356807,6 @@ class SyncerInitializer extends InitializerPatches {
356807
356807
  const provider = helperCTX(ctx).provider;
356808
356808
  return claim.providers[provider].sync || {};
356809
356809
  }
356810
- function policyInfo(ctx) {
356811
- const provider = helperCTX(ctx).provider;
356812
- return claim.providers[provider].policy;
356813
- }
356814
356810
  return [
356815
356811
  {
356816
356812
  validate(cr) {
@@ -356829,38 +356825,33 @@ class SyncerInitializer extends InitializerPatches {
356829
356825
  if (!PERIOD_VALIDATOR.test(cr.metadata.annotations['firestartr.dev/sync-period'])) {
356830
356826
  throw `${this.identify()}: period incorrect '${cr.metadata.annotations['firestartr.dev/sync-period']}' for ${cr.kind}/${cr.metadata.name}`;
356831
356827
  }
356828
+ return true;
356832
356829
  }
356833
356830
  else if (helperHasSyncSchedule(cr)) {
356834
356831
  if (!catalog_common.cron.isValidCron(cr.metadata.annotations[SYNC_SCHED_ANNOTATION])) {
356835
356832
  throw `${this.identify()}: sync-schedule: cron incorrect '${cr.metadata.annotations[SYNC_SCHED_ANNOTATION]}' for ${cr.kind}/${cr.metadata.name}`;
356836
356833
  }
356837
356834
  }
356838
- return true;
356835
+ else {
356836
+ return true;
356837
+ }
356839
356838
  },
356840
356839
  apply(cr) {
356841
- cr.metadata.annotations = cr.metadata.annotations || {};
356842
- // Apply general policy annotation
356843
- const policy = policyInfo(this);
356844
- // Default to 'apply' for GitHub resources when no policy is specified
356845
- const provider = helperCTX(this).provider;
356846
- const defaultPolicy = provider === 'github' ? 'apply' : undefined;
356847
- if (policy) {
356848
- cr.metadata.annotations['firestartr.dev/policy'] = policy;
356849
- }
356850
- else if (defaultPolicy) {
356851
- cr.metadata.annotations['firestartr.dev/policy'] = defaultPolicy;
356852
- }
356853
356840
  if (syncInfo(this).enabled) {
356841
+ cr.metadata.annotations = cr.metadata.annotations || {};
356854
356842
  cr.metadata.annotations['firestartr.dev/sync-enabled'] = 'true';
356855
356843
  if (syncInfo(this).period) {
356844
+ cr.metadata.annotations = cr.metadata.annotations || {};
356856
356845
  cr.metadata.annotations['firestartr.dev/sync-period'] =
356857
356846
  syncInfo(this).period;
356858
356847
  }
356859
356848
  if (syncInfo(this).policy) {
356849
+ cr.metadata.annotations = cr.metadata.annotations || {};
356860
356850
  cr.metadata.annotations['firestartr.dev/sync-policy'] =
356861
356851
  syncInfo(this).policy;
356862
356852
  }
356863
356853
  if (syncInfo(this).schedule) {
356854
+ cr.metadata.annotations = cr.metadata.annotations || {};
356864
356855
  cr.metadata.annotations[SYNC_SCHED_ANNOTATION] =
356865
356856
  syncInfo(this).schedule;
356866
356857
  cr.metadata.annotations[SYNC_SCHED_TIMEZONE_ANNOTATION] =
@@ -357054,6 +357045,7 @@ class FirestartrAllClaim {
357054
357045
 
357055
357046
 
357056
357047
 
357048
+
357057
357049
  class RefValuesNormalizer extends Normalizer {
357058
357050
  constructor() {
357059
357051
  super(...arguments);
@@ -357093,6 +357085,14 @@ providerValues, resolveRef, references = new Map()) {
357093
357085
  for (const key in providerValues) {
357094
357086
  values[key] = await interpolateObject(providerValues[key], references, resolveRef);
357095
357087
  }
357088
+ let secretRefCount = 0;
357089
+ for (const key in providerValues) {
357090
+ if (isRepoSecretRef(providerValues[key])) {
357091
+ values[key] = await interpolateSecretClaimRef(providerValues[key], references,
357092
+ // closure to increase the refCount and avoid collision
357093
+ () => secretRefCount++);
357094
+ }
357095
+ }
357096
357096
  return { values, references: Array.from(updatedReferences.values()) };
357097
357097
  }
357098
357098
  async function interpolateObject(toInterpolate, references, resolveRef) {
@@ -357162,6 +357162,40 @@ async function replaceReferencesValues(contents, references, resolveRef) {
357162
357162
  }
357163
357163
  return replacedContent;
357164
357164
  }
357165
+ async function interpolateSecretClaimRef(secretClaimRef, references, getSecretRefCountF) {
357166
+ const extractedSecretClaimRef = {
357167
+ ...extractRepoSecretRef(secretClaimRef),
357168
+ // force the kind to ALWAYS be a Secret
357169
+ kind: 'Secret',
357170
+ };
357171
+ // has already been visited
357172
+ const alreadyPresentKey = findSecretKey(extractedSecretClaimRef, references);
357173
+ if (alreadyPresentKey)
357174
+ return alreadyPresentKey;
357175
+ // new reference we have to build it
357176
+ const secretClaimRefInternalKey = `secret-ref-${getSecretRefCountF()}`;
357177
+ // we set the secret value
357178
+ references.set(secretClaimRefInternalKey, {
357179
+ name: secretClaimRefInternalKey,
357180
+ ref: extractedSecretClaimRef,
357181
+ });
357182
+ return secretClaimRefInternalKey;
357183
+ }
357184
+ function findSecretKey(secretClaimRef, references) {
357185
+ const entry = Array.from(references.entries()).find(([, value]) => {
357186
+ // Destructure the entry to easily access the value.
357187
+ // Check if the value is an object and matches all properties.
357188
+ return (typeof value === 'object' &&
357189
+ value !== null &&
357190
+ value.ref !== null &&
357191
+ typeof value.ref === 'object' &&
357192
+ value.ref.kind === secretClaimRef.kind &&
357193
+ value.ref.name === secretClaimRef.name &&
357194
+ value.ref.key === secretClaimRef.key);
357195
+ });
357196
+ // If a matching entry was found, return its key (the first element of the entry array).
357197
+ return entry ? entry[0] : undefined;
357198
+ }
357165
357199
 
357166
357200
  ;// CONCATENATED MODULE: ../cdk8s_renderer/src/normalizers/RevisionNormalizer.ts
357167
357201
 
@@ -357293,14 +357327,20 @@ const kindMap = {
357293
357327
  secret: 'SecretsClaim',
357294
357328
  domain: 'DomainClaim',
357295
357329
  };
357330
+ // this function is intended to search for refs of the same kind
357331
+ // it is used to search for circular references (i.e. a reference to oneself)
357332
+ // to extract all type of references use extractAllRefs
357296
357333
  function extractRefs(renderClaims, kind) {
357297
357334
  const result = {};
357298
357335
  for (const key in renderClaims) {
357299
357336
  const claim = renderClaims[key].claim;
357300
357337
  let refs = [];
357338
+ // for workspaces
357339
+ let [tfWorkspaceRefs, secretsRefs] = [[], []];
357301
357340
  switch (kind) {
357302
357341
  case 'TFWorkspaceClaim':
357303
- refs = getTfWorkspacesRefs(claim.providers.terraform.values);
357342
+ [tfWorkspaceRefs, secretsRefs] = getTfWorkspacesRefs(claim.providers.terraform.values);
357343
+ refs = [...tfWorkspaceRefs];
357304
357344
  break;
357305
357345
  case 'GroupClaim':
357306
357346
  /**
@@ -357324,11 +357364,13 @@ function extractAllRefs(claimData) {
357324
357364
  refs.push(...extractVirtualRefs(parsedClaim));
357325
357365
  switch (parsedClaim.kind) {
357326
357366
  case 'TFWorkspaceClaim': {
357327
- const tfWorkspaceRefs = getTfWorkspacesRefs(parsedClaim.providers.terraform.values);
357367
+ const [tfWorkspaceRefs, secretRefs] = getTfWorkspacesRefs(parsedClaim.providers.terraform.values);
357328
357368
  tfWorkspaceRefs.forEach((ref, idx, arr) => {
357329
357369
  arr[idx] = `TFWorkspaceClaim-${ref}`;
357330
357370
  });
357371
+ cdk8s_renderer_src_logger.debug(`Obtained the following secret refs for ${parsedClaim.kind}/${parsedClaim.name}: ${JSON.stringify(secretRefs)}`);
357331
357372
  refs.push(...tfWorkspaceRefs);
357373
+ refs.push(...secretRefs);
357332
357374
  break;
357333
357375
  }
357334
357376
  case 'GroupClaim': {
@@ -357373,22 +357415,28 @@ function getGroupParentRef(parent, references = []) {
357373
357415
  }
357374
357416
  return references;
357375
357417
  }
357376
- function getTfWorkspacesRefs(values, references = []) {
357418
+ function getTfWorkspacesRefs(values, references = [], secretsRefs = []) {
357377
357419
  const regex = catalog_common.types.regex.TFWorkspaceRefRegex;
357378
357420
  for (const key in values) {
357379
357421
  switch (typeof values[key]) {
357380
357422
  case 'object':
357381
- getTfWorkspacesRefs(values[key], references);
357423
+ getTfWorkspacesRefs(values[key], references, secretsRefs);
357382
357424
  break;
357383
357425
  case 'string':
357426
+ // Extract all implicit refs
357384
357427
  for (const match of values[key].matchAll(regex)) {
357385
357428
  const [_, claimName] = match;
357386
357429
  references.push(claimName);
357387
357430
  }
357431
+ // extract a secretsclaim ref
357432
+ if (isRepoSecretRef(values[key])) {
357433
+ const secretRef = extractRepoSecretRef(values[key]);
357434
+ secretsRefs.push(`SecretsClaim-${secretRef.name}`);
357435
+ }
357388
357436
  break;
357389
357437
  }
357390
357438
  }
357391
- return references;
357439
+ return [references, secretsRefs];
357392
357440
  }
357393
357441
  function getComponentVarsAndSecretsRefs(parsedClaim) {
357394
357442
  const refs = {};
@@ -357581,76 +357629,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357581
357629
  },
357582
357630
  additionalProperties: false,
357583
357631
  },
357584
- PolicyType: {
357585
- $id: 'firestartr.dev://common/PolicyType',
357586
- type: 'string',
357587
- description: 'Policy for resource management',
357588
- enum: [
357589
- 'apply',
357590
- 'create-only',
357591
- 'create-update-only',
357592
- 'full-control',
357593
- 'observe',
357594
- 'observe-only',
357595
- ],
357596
- },
357597
- },
357598
- });
357599
-
357600
- ;// CONCATENATED MODULE: ../cdk8s_renderer/src/claims/base/schemas/sync-config.schema.ts
357601
- /* harmony default export */ const sync_config_schema = ({
357602
- $id: 'SyncConfig',
357603
- definitions: {
357604
- SyncConfig: {
357605
- $id: 'firestartr.dev://common/SyncConfig',
357606
- type: 'object',
357607
- description: 'Sync configuration for resources',
357608
- properties: {
357609
- enabled: {
357610
- type: 'boolean',
357611
- description: 'Enable periodic sync operations',
357612
- },
357613
- period: {
357614
- type: 'string',
357615
- pattern: '^[0-9]+[smhd]$',
357616
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357617
- },
357618
- schedule: {
357619
- type: 'string',
357620
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357621
- },
357622
- schedule_timezone: {
357623
- type: 'string',
357624
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357625
- },
357626
- policy: {
357627
- type: 'string',
357628
- description: 'Policy for sync operations (apply or observe)',
357629
- },
357630
- },
357631
- additionalProperties: false,
357632
- required: ['enabled'],
357633
- oneOf: [
357634
- {
357635
- required: ['period'],
357636
- },
357637
- {
357638
- required: ['schedule'],
357639
- },
357640
- {
357641
- not: {
357642
- anyOf: [
357643
- {
357644
- required: ['period'],
357645
- },
357646
- {
357647
- required: ['schedule'],
357648
- },
357649
- ],
357650
- },
357651
- },
357652
- ],
357653
- },
357654
357632
  },
357655
357633
  });
357656
357634
 
@@ -358011,9 +357989,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358011
357989
  {
358012
357990
  type: 'object',
358013
357991
  properties: {
358014
- policy: {
358015
- $ref: 'firestartr.dev://common/PolicyType',
358016
- },
358017
357992
  privacy: {
358018
357993
  type: 'string',
358019
357994
  enum: ['closed', 'secret'],
@@ -358024,9 +357999,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358024
357999
  org: {
358025
358000
  type: 'string',
358026
358001
  },
358027
- sync: {
358028
- $ref: 'firestartr.dev://common/SyncConfig',
358029
- },
358030
358002
  },
358031
358003
  required: ['org', 'privacy'],
358032
358004
  },
@@ -358052,9 +358024,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358052
358024
  {
358053
358025
  type: 'object',
358054
358026
  properties: {
358055
- policy: {
358056
- $ref: 'firestartr.dev://common/PolicyType',
358057
- },
358058
358027
  role: {
358059
358028
  type: 'string',
358060
358029
  enum: ['admin', 'member'],
@@ -358062,9 +358031,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358062
358031
  org: {
358063
358032
  type: 'string',
358064
358033
  },
358065
- sync: {
358066
- $ref: 'firestartr.dev://common/SyncConfig',
358067
- },
358068
358034
  },
358069
358035
  required: ['org', 'role'],
358070
358036
  },
@@ -358089,9 +358055,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358089
358055
  {
358090
358056
  type: 'object',
358091
358057
  properties: {
358092
- policy: {
358093
- $ref: 'firestartr.dev://common/PolicyType',
358094
- },
358095
358058
  org: {
358096
358059
  type: 'string',
358097
358060
  description: 'The github organization name',
@@ -358100,9 +358063,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358100
358063
  type: 'string',
358101
358064
  enum: ['private', 'public', 'internal'],
358102
358065
  },
358103
- sync: {
358104
- $ref: 'firestartr.dev://common/SyncConfig',
358105
- },
358106
358066
  features: {
358107
358067
  type: 'array',
358108
358068
  items: {
@@ -358138,9 +358098,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358138
358098
  {
358139
358099
  type: 'object',
358140
358100
  properties: {
358141
- policy: {
358142
- $ref: 'firestartr.dev://common/PolicyType',
358143
- },
358144
358101
  orgName: {
358145
358102
  type: 'string',
358146
358103
  description: 'Organization name on GitHub',
@@ -358174,9 +358131,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358174
358131
  },
358175
358132
  required: ['url', 'contentType', 'events', 'secretRef'],
358176
358133
  },
358177
- sync: {
358178
- $ref: 'firestartr.dev://common/SyncConfig',
358179
- },
358180
358134
  },
358181
358135
  required: ['orgName', 'webhook'],
358182
358136
  },
@@ -358348,7 +358302,15 @@ const GithubSchemas = [
358348
358302
  type: 'object',
358349
358303
  properties: {
358350
358304
  policy: {
358351
- $ref: 'firestartr.dev://common/PolicyType',
358305
+ type: 'string',
358306
+ enum: [
358307
+ 'apply',
358308
+ 'create-only',
358309
+ 'create-update-only',
358310
+ 'full-control',
358311
+ 'observe',
358312
+ 'observe-only',
358313
+ ],
358352
358314
  },
358353
358315
  name: {
358354
358316
  type: 'string',
@@ -358358,7 +358320,47 @@ const GithubSchemas = [
358358
358320
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358359
358321
  },
358360
358322
  sync: {
358361
- $ref: 'firestartr.dev://common/SyncConfig',
358323
+ type: 'object',
358324
+ properties: {
358325
+ enabled: {
358326
+ type: 'boolean',
358327
+ },
358328
+ period: {
358329
+ type: 'string',
358330
+ pattern: '^[0-9]+[smhd]$',
358331
+ },
358332
+ schedule: {
358333
+ type: 'string',
358334
+ },
358335
+ schedule_timezone: {
358336
+ type: 'string',
358337
+ },
358338
+ policy: {
358339
+ type: 'string',
358340
+ },
358341
+ },
358342
+ additionalProperties: false,
358343
+ required: ['enabled'],
358344
+ oneOf: [
358345
+ {
358346
+ required: ['period'],
358347
+ },
358348
+ {
358349
+ required: ['schedule'],
358350
+ },
358351
+ {
358352
+ not: {
358353
+ anyOf: [
358354
+ {
358355
+ required: ['period'],
358356
+ },
358357
+ {
358358
+ required: ['schedule'],
358359
+ },
358360
+ ],
358361
+ },
358362
+ },
358363
+ ],
358362
358364
  },
358363
358365
  valuesSchema: {
358364
358366
  type: 'string',
@@ -358659,12 +358661,10 @@ const SecretsSchemas = [external_secrets_schema];
358659
358661
 
358660
358662
 
358661
358663
 
358662
-
358663
358664
  const schemas = {
358664
358665
  root: root_schema,
358665
358666
  schemas: [
358666
358667
  common_meta_schema,
358667
- sync_config_schema,
358668
358668
  group_schema,
358669
358669
  user_schema,
358670
358670
  component_schema,
@@ -363508,6 +363508,8 @@ var FirestartrTerraformWorkspaceSpecReferencesRefKind;
363508
363508
  FirestartrTerraformWorkspaceSpecReferencesRefKind["FIRESTARTR_TERRAFORM_WORKSPACE"] = "FirestartrTerraformWorkspace";
363509
363509
  /** ExternalSecret */
363510
363510
  FirestartrTerraformWorkspaceSpecReferencesRefKind["EXTERNAL_SECRET"] = "ExternalSecret";
363511
+ /** Secret */
363512
+ FirestartrTerraformWorkspaceSpecReferencesRefKind["SECRET"] = "Secret";
363511
363513
  })(FirestartrTerraformWorkspaceSpecReferencesRefKind || (FirestartrTerraformWorkspaceSpecReferencesRefKind = {}));
363512
363514
  /**
363513
363515
  * @schema FirestartrTerraformWorkspaceSpecContextBackendRefKind
@@ -364149,12 +364151,8 @@ class FeatureRepoChart extends BaseGithubChart {
364149
364151
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364150
364152
  'claim-ref',
364151
364153
  'revision',
364152
- 'policy',
364153
- 'sync-policy',
364154
364154
  'sync-enabled',
364155
364155
  'sync-period',
364156
- 'sync-schedule',
364157
- 'sync-schedule-timezone',
364158
364156
  ]);
364159
364157
  cr.metadata.annotations = {
364160
364158
  ...cr.metadata.annotations,
@@ -364229,12 +364227,8 @@ class RepoSecretsSectionChart extends BaseGithubChart {
364229
364227
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364230
364228
  'claim-ref',
364231
364229
  'revision',
364232
- 'policy',
364233
- 'sync-policy',
364234
364230
  'sync-enabled',
364235
364231
  'sync-period',
364236
- 'sync-schedule',
364237
- 'sync-schedule-timezone',
364238
364232
  ]);
364239
364233
  cr.metadata.annotations = {
364240
364234
  ...cr.metadata.annotations,
@@ -367785,12 +367779,19 @@ function updateConditionByType(conditionList, type, newCondition) {
367785
367779
  return conditionList;
367786
367780
  }
367787
367781
 
367782
+ ;// CONCATENATED MODULE: ../operator/src/utils/operationErrorMessages.ts
367783
+ const APPLY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform apply operation.';
367784
+ const DESTROY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform destroy operation.';
367785
+ const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform plan operation.';
367786
+ const SYNC_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Sync operation.';
367787
+
367788
367788
  ;// CONCATENATED MODULE: ../operator/src/syncCtl.ts
367789
367789
  // Machinery for syncing
367790
367790
 
367791
367791
 
367792
367792
 
367793
367793
 
367794
+
367794
367795
  const DEFAULT_REVISION_TIME = '1m';
367795
367796
  async function createWatcherForItem(itemPath, itemCR) {
367796
367797
  const item = itemCR ?? (await getItemByItemPath(itemPath));
@@ -367853,7 +367854,7 @@ async function getSyncStatus(itemPath, itemCR) {
367853
367854
  : (await getSyncSpecs(itemPath, item)).schedule
367854
367855
  ? 'Scheduled'
367855
367856
  : 'Period';
367856
- return {
367857
+ const syncStatus = {
367857
367858
  itemPath,
367858
367859
  syncMode: mode,
367859
367860
  conditions: [syncCondition],
@@ -367861,6 +367862,11 @@ async function getSyncStatus(itemPath, itemCR) {
367861
367862
  nextTimeoutInMS: isLapsed ? -1 : nextSyncDate.getTime() - Date.now(),
367862
367863
  intervalLapsed: isLapsed,
367863
367864
  };
367865
+ if (syncCondition) {
367866
+ syncStatus.hasSyncFailed =
367867
+ syncCondition.message === SYNC_DEFAULT_ERROR_MESSAGE;
367868
+ }
367869
+ return syncStatus;
367864
367870
  }
367865
367871
  }
367866
367872
  async function setSyncStatus(itemPath, reason, status, message) {
@@ -368509,6 +368515,15 @@ function enqueue(pluralKind, workItem, queue, compute, syncCtl, retryCtl) {
368509
368515
  yield transition;
368510
368516
  }
368511
368517
  if (needsUpdateSyncConditions) {
368518
+ if (operation === OperationType.SYNC) {
368519
+ // let's check if the process has not failed
368520
+ const syncStatus = await getSyncStatus(workItem.handler.itemPath());
368521
+ if (syncStatus.hasSyncFailed) {
368522
+ // we do not update sync because we are not going to trigger
368523
+ // a RETRY operation if the sync has failed
368524
+ return;
368525
+ }
368526
+ }
368512
368527
  await setSyncStatus(workItem.handler.itemPath(), operation, operation === OperationType.SYNC ? 'True' : 'False', 'Sync process finished');
368513
368528
  void syncCtl.updateItem(informer_itemPath(pluralKind, item));
368514
368529
  }
@@ -369529,9 +369544,7 @@ function provisionFeatureFiles(scope, feature) {
369529
369544
  ? { ignoreChanges: ['content'] }
369530
369545
  : {};
369531
369546
  const repoConfig = {
369532
- branch: file.targetBranch.length === 0
369533
- ? defaultBranchName
369534
- : file.targetBranch,
369547
+ branch: file.targetBranch || defaultBranchName,
369535
369548
  commitMessage: `feat: ${feature.spec.type} ${feature.spec.version}`,
369536
369549
  content: cdktf_lib.Fn.base64decode(file.content),
369537
369550
  file: file.path,
@@ -370532,15 +370545,10 @@ class Resource {
370532
370545
  this.set('operation', operation);
370533
370546
  this.set('deps', deps);
370534
370547
  }
370535
- async run(options) {
370548
+ async run() {
370536
370549
  await this.preprocess();
370537
370550
  await this.synth();
370538
- if (options?.planOnly) {
370539
- await this.runTerraformPlanOnly();
370540
- }
370541
- else {
370542
- await this.runTerraform();
370543
- }
370551
+ await this.runTerraform();
370544
370552
  await this.postprocess();
370545
370553
  if (this.logStream) {
370546
370554
  this.logStream.end();
@@ -370565,13 +370573,6 @@ class Resource {
370565
370573
  log(msg) {
370566
370574
  this.logFn(msg);
370567
370575
  }
370568
- async runTerraformPlanOnly() {
370569
- await this.onTFStreaming();
370570
- let output = '';
370571
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370572
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370573
- this.set('output', output);
370574
- }
370575
370576
  async runTerraform() {
370576
370577
  await this.onTFStreaming();
370577
370578
  let output = '';
@@ -370959,7 +370960,7 @@ async function runProvisioner(data, opts) {
370959
370960
  if ('logStreamCallbacksTF' in opts) {
370960
370961
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370961
370962
  }
370962
- await resource.run({ planOnly: opts.planOnly });
370963
+ await resource.run();
370963
370964
  return resource;
370964
370965
  }
370965
370966
  function createInstanceOf(entity, op, deps) {
@@ -371241,57 +371242,6 @@ function helperCreateCheckRunName(cmd, item) {
371241
371242
  return `${item.kind} - ${cmd}`;
371242
371243
  }
371243
371244
 
371244
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371245
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371246
- function replaceConfigSecrets(config, secrets) {
371247
- for (const key in config) {
371248
- if (typeof config[key] === 'object' && config[key] !== null) {
371249
- // If the property is an object, call this function recursively
371250
- replaceConfigSecrets(config[key], secrets);
371251
- }
371252
- else if (typeof config[key] === 'string') {
371253
- // If the property is a string and its value is equal to secrets.something,
371254
- // replace the value with the value of the 'something' key in the secrets object
371255
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371256
- if (!secrets[group1]) {
371257
- throw new Error(`Secret ${group1} not found in secrets`);
371258
- }
371259
- return secrets[group1];
371260
- });
371261
- }
371262
- }
371263
- return config;
371264
- }
371265
- function replaceInlineSecrets(inline, secrets) {
371266
- if (typeof inline !== 'string' || !inline)
371267
- return inline;
371268
- let result = inline;
371269
- result = result.replace(secretRegex, (_, group1) => {
371270
- if (!secrets[group1]) {
371271
- throw new Error(`Secret ${group1} not found in secrets`);
371272
- }
371273
- return secrets[group1];
371274
- });
371275
- return result;
371276
- }
371277
- /**
371278
- * Retrieves a policy annotation value from a custom resource
371279
- * @param item - The CR to get the policy from
371280
- * @param annotation - The annotation key to retrieve
371281
- * @returns The policy value, or undefined if not set
371282
- */
371283
- function getPolicy(item, annotation) {
371284
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371285
- if (policy)
371286
- return policy;
371287
- return undefined;
371288
- }
371289
-
371290
- ;// CONCATENATED MODULE: ../operator/src/utils/operationErrorMessages.ts
371291
- const APPLY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform apply operation.';
371292
- const DESTROY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform destroy operation.';
371293
- const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform plan operation.';
371294
-
371295
371245
  ;// CONCATENATED MODULE: ../operator/cdktf.ts
371296
371246
 
371297
371247
 
@@ -371302,17 +371252,9 @@ const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraf
371302
371252
 
371303
371253
 
371304
371254
 
371305
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371306
-
371307
371255
  function processOperation(item, op, handler) {
371308
371256
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371309
371257
  try {
371310
- const policy = getPolicy(item, 'firestartr.dev/policy');
371311
- // If general policy is observe/observe-only, route to observe mode instead of apply
371312
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371313
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371314
- return cdktf_observe(item, op, handler);
371315
- }
371316
371258
  switch (op) {
371317
371259
  case OperationType.UPDATED:
371318
371260
  return updated(item, op, handler);
@@ -371337,11 +371279,6 @@ function processOperation(item, op, handler) {
371337
371279
  throw e;
371338
371280
  }
371339
371281
  }
371340
- async function* cdktf_observe(item, op, handler) {
371341
- for await (const transition of doPlan(item, op, handler)) {
371342
- yield transition;
371343
- }
371344
- }
371345
371282
  async function* created(item, op, handler) {
371346
371283
  for await (const transition of doApply(item, op, handler)) {
371347
371284
  yield transition;
@@ -371377,18 +371314,8 @@ async function* sync(item, op, handler) {
371377
371314
  status: 'False',
371378
371315
  message: 'Synth CDKTF',
371379
371316
  };
371380
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371381
- if (syncPolicy === 'apply') {
371382
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371383
- for await (const transition of doApply(item, op, handler)) {
371384
- yield transition;
371385
- }
371386
- }
371387
- else {
371388
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371389
- for await (const transition of doPlan(item, op, handler)) {
371390
- yield transition;
371391
- }
371317
+ for await (const transition of doApply(item, op, handler)) {
371318
+ yield transition;
371392
371319
  }
371393
371320
  yield {
371394
371321
  item,
@@ -371428,14 +371355,15 @@ async function* markedToDeletion(item, op, handler) {
371428
371355
  message: 'Destroying process started',
371429
371356
  };
371430
371357
  const deps = await handler.resolveReferences();
371431
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371358
+ const annotation = 'firestartr.dev/last-state-pr';
371359
+ const statePr = item?.metadata?.annotations?.[annotation];
371432
371360
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371433
371361
  if (!hasStatePr) {
371434
371362
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371435
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371363
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371436
371364
  }
371437
371365
  else {
371438
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371366
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371439
371367
  }
371440
371368
  const destroyOutput = await provisioner.runProvisioner({
371441
371369
  mainCr: item,
@@ -371470,7 +371398,7 @@ async function* markedToDeletion(item, op, handler) {
371470
371398
  };
371471
371399
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371472
371400
  await handler.writeTerraformOutputInTfResult(item, output);
371473
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371401
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371474
371402
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371475
371403
  }
371476
371404
  void handler.success();
@@ -371557,14 +371485,15 @@ async function* doApply(item, op, handler) {
371557
371485
  }
371558
371486
  const deps = await handler.resolveReferences();
371559
371487
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371560
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371488
+ const annotation = 'firestartr.dev/last-state-pr';
371489
+ const statePr = item?.metadata?.annotations?.[annotation];
371561
371490
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371562
371491
  if (!hasStatePr) {
371563
371492
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371564
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371493
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371565
371494
  }
371566
371495
  else {
371567
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371496
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371568
371497
  }
371569
371498
  const applyOutput = await provisioner.runProvisioner({
371570
371499
  mainCr: item,
@@ -371665,220 +371594,6 @@ async function* doApply(item, op, handler) {
371665
371594
  }
371666
371595
  }
371667
371596
  }
371668
- async function* doPlan(item, op, handler) {
371669
- let checkRunCtl;
371670
- try {
371671
- cleanTerraformState();
371672
- yield {
371673
- item,
371674
- reason: op,
371675
- type: 'PLANNING',
371676
- status: 'True',
371677
- message: 'Planning process started',
371678
- };
371679
- const deps = await handler.resolveReferences();
371680
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371681
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371682
- if (!hasStatePr) {
371683
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371684
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371685
- }
371686
- else {
371687
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371688
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371689
- }
371690
- // Run provisioner in plan-only mode
371691
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371692
- planOnly: true,
371693
- delete: 'deletionTimestamp' in item.metadata,
371694
- ...(hasStatePr
371695
- ? {
371696
- logStreamCallbacksCDKTF: {
371697
- prepare: async () => {
371698
- checkRunCtl = await GHCheckRun('synth', item);
371699
- return checkRunCtl;
371700
- },
371701
- },
371702
- logStreamCallbacksTF: {
371703
- prepare: async () => {
371704
- checkRunCtl = await GHCheckRun('plan', item);
371705
- return checkRunCtl;
371706
- },
371707
- },
371708
- }
371709
- : {}),
371710
- });
371711
- const planOutput = planResult?.output || '';
371712
- // Parse terraform plan output to detect changes
371713
- // Handles multiple Terraform output formats and versions
371714
- const hasChanges = detectPlanChanges(planOutput);
371715
- if (hasChanges) {
371716
- yield {
371717
- item,
371718
- reason: op,
371719
- type: 'OUT_OF_SYNC',
371720
- status: 'True',
371721
- message: 'Plan has changes',
371722
- };
371723
- yield {
371724
- item,
371725
- reason: op,
371726
- type: 'PROVISIONED',
371727
- status: 'False',
371728
- message: 'Plan has changes',
371729
- };
371730
- }
371731
- else {
371732
- yield {
371733
- item,
371734
- reason: op,
371735
- type: 'OUT_OF_SYNC',
371736
- status: 'False',
371737
- message: 'Plan has no changes',
371738
- };
371739
- yield {
371740
- item,
371741
- reason: op,
371742
- type: 'PROVISIONED',
371743
- status: 'True',
371744
- message: 'Plan has no changes',
371745
- };
371746
- }
371747
- // Store plan details for later reference
371748
- yield {
371749
- item,
371750
- reason: op,
371751
- type: 'LAST_PLAN_DETAILS',
371752
- status: 'Unknown',
371753
- message: planOutput,
371754
- };
371755
- yield {
371756
- item,
371757
- reason: op,
371758
- type: 'PLANNING',
371759
- status: 'False',
371760
- message: 'Planning process finished',
371761
- };
371762
- if (hasStatePr) {
371763
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371764
- }
371765
- }
371766
- catch (e) {
371767
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371768
- if (checkRunCtl) {
371769
- checkRunCtl.fnOnError(e);
371770
- }
371771
- yield {
371772
- item,
371773
- reason: op,
371774
- type: 'ERROR',
371775
- status: 'True',
371776
- message: PLAN_DEFAULT_ERROR_MESSAGE,
371777
- };
371778
- yield {
371779
- item,
371780
- reason: op,
371781
- type: 'PLANNING',
371782
- status: 'False',
371783
- message: PLAN_DEFAULT_ERROR_MESSAGE,
371784
- };
371785
- yield {
371786
- item,
371787
- reason: op,
371788
- type: 'PROVISIONED',
371789
- status: 'False',
371790
- message: PLAN_DEFAULT_ERROR_MESSAGE,
371791
- };
371792
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371793
- if (statePr) {
371794
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371795
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371796
- }
371797
- await handler.writeTerraformOutputInTfResult(item, e);
371798
- void handler.error();
371799
- }
371800
- }
371801
- /**
371802
- * Detects if a Terraform plan output contains changes
371803
- * Handles multiple Terraform versions and output formats
371804
- * @param planOutput - The text output from terraform plan
371805
- * @returns true if changes are detected, false otherwise
371806
- */
371807
- function detectPlanChanges(planOutput) {
371808
- if (!planOutput || planOutput.trim().length === 0) {
371809
- return false;
371810
- }
371811
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371812
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371813
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371814
- const planMatch = planOutput.match(planPattern);
371815
- if (planMatch) {
371816
- const add = Number(planMatch[1]);
371817
- const change = Number(planMatch[2]);
371818
- const destroy = Number(planMatch[3]);
371819
- if (add > 0 || change > 0 || destroy > 0) {
371820
- return true;
371821
- }
371822
- // Explicitly found "Plan:" with 0/0/0 - no changes
371823
- return false;
371824
- }
371825
- // Pattern 2: Individual change indicators
371826
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371827
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371828
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371829
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371830
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371831
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371832
- return true;
371833
- }
371834
- // Pattern 3: Resource-level change indicators
371835
- // Matches: "# resource will be created", "# resource will be updated", etc.
371836
- const resourceChangePatterns = [
371837
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371838
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371839
- /#.*\s+(create|destroy|update|replace)/i,
371840
- ];
371841
- for (const pattern of resourceChangePatterns) {
371842
- if (pattern.test(planOutput)) {
371843
- return true;
371844
- }
371845
- }
371846
- // Pattern 4: Action symbols in plan output
371847
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371848
- const actionSymbols = [
371849
- /^\s*[+]\s+/m,
371850
- /^\s*[-]\s+/m,
371851
- /^\s*[~]\s+/m,
371852
- /^\s*[-][/][+]\s+/m, // Replace
371853
- ];
371854
- for (const pattern of actionSymbols) {
371855
- if (pattern.test(planOutput)) {
371856
- return true;
371857
- }
371858
- }
371859
- // Pattern 5: No changes messages (inverse check)
371860
- const noChangesPatterns = [
371861
- /no\s+changes/i,
371862
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371863
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371864
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371865
- ];
371866
- for (const pattern of noChangesPatterns) {
371867
- if (pattern.test(planOutput)) {
371868
- return false;
371869
- }
371870
- }
371871
- // If we find "Plan:" keyword but couldn't parse it, log a warning and err on the side of caution
371872
- if (planOutput.toLowerCase().includes('plan:')) {
371873
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. ' +
371874
- 'Raw output excerpt (first 500 chars):\n' +
371875
- planOutput.slice(0, 500) +
371876
- '\nErring on the side of caution and assuming changes.');
371877
- return true;
371878
- }
371879
- // Default: assume no changes if we can't detect any
371880
- return false;
371881
- }
371882
371597
  function cleanTerraformState() {
371883
371598
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371884
371599
  recursive: true,
@@ -372299,6 +372014,8 @@ ${this.mainBlock}
372299
372014
  }
372300
372015
 
372301
372016
  ;// CONCATENATED MODULE: ../terraform_provisioner/src/resolutor/resolver.ts
372017
+
372018
+ const REG_IS_CLAIM_SECRET_REF = new RegExp(/^secret-ref-\d+$/);
372302
372019
  function resolveString(value, refs) {
372303
372020
  const regex = new RegExp(/(\$\{\{\s*references\.[\w\-.]+\s*\}\})/);
372304
372021
  if (hasRefs(value, regex) > 0) {
@@ -372352,6 +372069,18 @@ function getRefNameFromKey(key) {
372352
372069
  // name is in the first matching group
372353
372070
  return match[1];
372354
372071
  }
372072
+ function resolveClaimSecret(value, refs) {
372073
+ if (typeof value === 'string' && REG_IS_CLAIM_SECRET_REF.test(value)) {
372074
+ if (!Object.prototype.hasOwnProperty.call(refs, value)) {
372075
+ terraform_provisioner_src_logger.error(`SecretsClaim ref ${value} is not present on references`);
372076
+ throw new Error(`SecretsClaim ref ${value} is not present on references`);
372077
+ }
372078
+ return refs[value];
372079
+ }
372080
+ else {
372081
+ return value;
372082
+ }
372083
+ }
372355
372084
  function resolveRef(key, references, wantsInterpolation = false) {
372356
372085
  const refName = getRefNameFromKey(key);
372357
372086
  // check if key exists
@@ -372400,6 +372129,9 @@ function walkList(list, resolveScalar) {
372400
372129
  function resolveValues(values, refs) {
372401
372130
  return walker_walk(values, (value) => resolveScalar(value, refs));
372402
372131
  }
372132
+ function resolveClaimSecrets(values, refs) {
372133
+ return walker_walk(values, (value) => resolveClaimSecret(value, refs));
372134
+ }
372403
372135
 
372404
372136
  ;// CONCATENATED MODULE: ../terraform_provisioner/src/writer_tfvars_json.ts
372405
372137
 
@@ -372411,7 +372143,9 @@ class WriterTfVarsJson extends writer {
372411
372143
  this.references = references;
372412
372144
  }
372413
372145
  __replaceReferences(values, references) {
372414
- return resolveValues(values, references);
372146
+ values = resolveValues(values, references);
372147
+ values = resolveClaimSecrets(values, references);
372148
+ return values;
372415
372149
  }
372416
372150
  __resolveDeps() {
372417
372151
  const replaced = this.__replaceReferences(this.values, this.references);
@@ -372878,6 +372612,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372878
372612
  return `TFWorkspace - ${cmd}`;
372879
372613
  }
372880
372614
 
372615
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372616
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372617
+ function replaceConfigSecrets(config, secrets) {
372618
+ for (const key in config) {
372619
+ if (typeof config[key] === 'object' && config[key] !== null) {
372620
+ // If the property is an object, call this function recursively
372621
+ replaceConfigSecrets(config[key], secrets);
372622
+ }
372623
+ else if (typeof config[key] === 'string') {
372624
+ // If the property is a string and its value is equal to secrets.something,
372625
+ // replace the value with the value of the 'something' key in the secrets object
372626
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372627
+ if (!secrets[group1]) {
372628
+ throw new Error(`Secret ${group1} not found in secrets`);
372629
+ }
372630
+ return secrets[group1];
372631
+ });
372632
+ }
372633
+ }
372634
+ return config;
372635
+ }
372636
+ function replaceInlineSecrets(inline, secrets) {
372637
+ if (typeof inline !== 'string' || !inline)
372638
+ return inline;
372639
+ let result = inline;
372640
+ result = result.replace(secretRegex, (_, group1) => {
372641
+ if (!secrets[group1]) {
372642
+ throw new Error(`Secret ${group1} not found in secrets`);
372643
+ }
372644
+ return secrets[group1];
372645
+ });
372646
+ return result;
372647
+ }
372648
+
372881
372649
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372882
372650
 
372883
372651
 
@@ -372933,7 +372701,7 @@ async function* process_operation_observe(item, op, handler) {
372933
372701
  yield transition;
372934
372702
  }
372935
372703
  }
372936
- async function* doPlanJSONFormat(item, op, handler) {
372704
+ async function* doPlanJSONFormat(item, op, handler, setResult = function (_r) { }) {
372937
372705
  let error = false;
372938
372706
  try {
372939
372707
  yield {
@@ -373034,34 +372802,83 @@ async function* doPlanJSONFormat(item, op, handler) {
373034
372802
  }
373035
372803
  finally {
373036
372804
  if (error) {
373037
- yield {
373038
- item,
373039
- reason: op,
373040
- type: 'PROVISIONED',
373041
- status: 'False',
373042
- message: PLAN_DEFAULT_ERROR_MESSAGE,
373043
- };
373044
- yield {
373045
- item,
373046
- reason: op,
373047
- type: 'PLANNING',
373048
- status: 'False',
373049
- message: PLAN_DEFAULT_ERROR_MESSAGE,
373050
- };
373051
- yield {
373052
- item,
373053
- reason: op,
373054
- type: 'OUT_OF_SYNC',
373055
- status: 'False',
373056
- message: PLAN_DEFAULT_ERROR_MESSAGE,
373057
- };
373058
- yield {
373059
- item,
373060
- reason: op,
373061
- type: 'ERROR',
373062
- status: 'True',
373063
- message: PLAN_DEFAULT_ERROR_MESSAGE,
373064
- };
372805
+ if (op === OperationType.SYNC) {
372806
+ // if there is an error on a sync we never put the state on error
372807
+ // it would be problematic because the RETRY op kicks in
372808
+ if (error) {
372809
+ yield {
372810
+ item,
372811
+ reason: op,
372812
+ type: 'SYNCHRONIZED',
372813
+ status: 'True',
372814
+ message: SYNC_DEFAULT_ERROR_MESSAGE,
372815
+ };
372816
+ yield {
372817
+ item,
372818
+ reason: op,
372819
+ type: 'PROVISIONED',
372820
+ status: 'True',
372821
+ message: 'doPlanJSONFormat',
372822
+ };
372823
+ yield {
372824
+ item,
372825
+ reason: op,
372826
+ type: 'PLANNING',
372827
+ status: 'False',
372828
+ message: 'doPlanJSONFormat',
372829
+ };
372830
+ yield {
372831
+ item,
372832
+ reason: op,
372833
+ type: 'OUT_OF_SYNC',
372834
+ status: 'False',
372835
+ message: 'doPlanJSONFormat',
372836
+ };
372837
+ yield {
372838
+ item,
372839
+ reason: op,
372840
+ type: 'ERROR',
372841
+ status: 'False',
372842
+ message: 'doPlanJSONFormat',
372843
+ };
372844
+ }
372845
+ setResult('SYNC_ERROR_PLAN');
372846
+ }
372847
+ else {
372848
+ yield {
372849
+ item,
372850
+ reason: op,
372851
+ type: 'PROVISIONED',
372852
+ status: 'False',
372853
+ message: PLAN_DEFAULT_ERROR_MESSAGE,
372854
+ };
372855
+ yield {
372856
+ item,
372857
+ reason: op,
372858
+ type: 'PLANNING',
372859
+ status: 'False',
372860
+ message: PLAN_DEFAULT_ERROR_MESSAGE,
372861
+ };
372862
+ yield {
372863
+ item,
372864
+ reason: op,
372865
+ type: 'OUT_OF_SYNC',
372866
+ status: 'False',
372867
+ message: PLAN_DEFAULT_ERROR_MESSAGE,
372868
+ };
372869
+ yield {
372870
+ item,
372871
+ reason: op,
372872
+ type: 'ERROR',
372873
+ status: 'True',
372874
+ message: PLAN_DEFAULT_ERROR_MESSAGE,
372875
+ };
372876
+ }
372877
+ }
372878
+ else {
372879
+ if (op === OperationType.SYNC) {
372880
+ setResult('SYNC_SUCCESS');
372881
+ }
373065
372882
  }
373066
372883
  }
373067
372884
  }
@@ -373075,6 +372892,11 @@ async function* process_operation_renamed(item, op, handler) {
373075
372892
  yield transition;
373076
372893
  }
373077
372894
  }
372895
+ function getPolicy(item, annotation) {
372896
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372897
+ if (policy)
372898
+ return policy;
372899
+ }
373078
372900
  async function* process_operation_updated(item, op, handler) {
373079
372901
  for await (const transition of process_operation_doApply(item, op, handler)) {
373080
372902
  yield transition;
@@ -373099,6 +372921,7 @@ function isDestroyRetry(item) {
373099
372921
  return false;
373100
372922
  }
373101
372923
  async function* process_operation_sync(item, op, handler, syncPolicy, generalPolicy) {
372924
+ let doResult = '';
373102
372925
  if (!syncPolicy) {
373103
372926
  operator_src_logger.debug(`The Terraform processor is only observing item '${item.kind}/${item.metadata.name}' because no sync policy was found for operation '${op}'.`);
373104
372927
  yield* doPlanJSONFormat(item, op, handler);
@@ -373115,23 +372938,30 @@ async function* process_operation_sync(item, op, handler, syncPolicy, generalPol
373115
372938
  break;
373116
372939
  }
373117
372940
  case 'observe': {
373118
- yield* doPlanJSONFormat(item, op, handler);
372941
+ yield* doPlanJSONFormat(item, op, handler, (result) => {
372942
+ doResult = result;
372943
+ });
373119
372944
  break;
373120
372945
  }
373121
372946
  default: {
373122
372947
  operator_src_logger.debug(`The Terraform processor detected a sync policy '${syncPolicy}' for item '${item.kind}/${item.metadata.name}' that is not supported.`);
373123
- yield* doPlanJSONFormat(item, op, handler);
372948
+ yield* doPlanJSONFormat(item, op, handler, (result) => {
372949
+ doResult = result;
372950
+ });
373124
372951
  break;
373125
372952
  }
373126
372953
  }
373127
372954
  }
373128
- yield {
373129
- item,
373130
- reason: op,
373131
- type: 'SYNCHRONIZED',
373132
- status: 'True',
373133
- message: 'Sync process finished',
373134
- };
372955
+ operator_src_logger.debug(`doResult is ${doResult}`);
372956
+ if (doResult === 'SYNC_SUCCESS') {
372957
+ yield {
372958
+ item,
372959
+ reason: op,
372960
+ type: 'SYNCHRONIZED',
372961
+ status: 'True',
372962
+ message: 'Sync process finished',
372963
+ };
372964
+ }
373135
372965
  }
373136
372966
  async function* process_operation_markedToDeletion(item, op, handler) {
373137
372967
  let error = false;
@@ -373534,6 +373364,9 @@ function resolveReferences(item, deps) {
373534
373364
  // if(!process.env.TONISILLO) process.exit(1)
373535
373365
  for (const iRef of itemReferences) {
373536
373366
  const ref = deps[`${iRef.ref.kind}-${iRef.ref.name}`];
373367
+ if (iRef.ref.kind === 'Secret') {
373368
+ ref.secret = ref.cr;
373369
+ }
373537
373370
  if (!ref) {
373538
373371
  throw new Error(`Reference ${iRef.ref.kind}-${iRef.ref.name} not found`);
373539
373372
  }
@@ -373731,7 +373564,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373731
373564
  function processOperationPlan(item, op, handler) {
373732
373565
  try {
373733
373566
  processOperationPlan_clearLocalTfProjects();
373734
- const policy = getPolicy(item, 'firestartr.dev/policy');
373567
+ const policy = processOperationPlan_getPolicy(item);
373735
373568
  if (policy === 'observe' || policy === 'apply') {
373736
373569
  return processOperationPlan_plan(item, op, handler);
373737
373570
  }
@@ -374190,6 +374023,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374190
374023
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374191
374024
  }
374192
374025
  }
374026
+ function processOperationPlan_getPolicy(item) {
374027
+ const policy = item.metadata.annotations &&
374028
+ item.metadata.annotations['firestartr.dev/policy'];
374029
+ if (policy)
374030
+ return policy;
374031
+ }
374193
374032
 
374194
374033
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374195
374034
  class Ctx {
@@ -374462,6 +374301,7 @@ var sdk_metrics_build_src = __nccwpck_require__(84016);
374462
374301
 
374463
374302
 
374464
374303
 
374304
+
374465
374305
  const INTERVAL_IN_SEGS = 60;
374466
374306
  class CRStateMetrics {
374467
374307
  constructor(kind, namespace, meter) {
@@ -374484,6 +374324,9 @@ class CRStateMetrics {
374484
374324
  this.deletedGauge = meter.createGauge('firestartr_deleted_total', {
374485
374325
  description: 'Total number of CRs in DELETED state',
374486
374326
  });
374327
+ this.errorOnSyncGauge = meter.createGauge('firestartr_error_on_sync_total', {
374328
+ description: 'Total number of CRs with failed SYNCs',
374329
+ });
374487
374330
  this.namespace = namespace;
374488
374331
  }
374489
374332
  async start() {
@@ -374512,10 +374355,18 @@ class CRStateMetrics {
374512
374355
  let errorCount = 0;
374513
374356
  let planningCount = 0;
374514
374357
  let deletedCount = 0;
374358
+ let errorOnSyncCount = 0;
374515
374359
  for (const item of items) {
374516
374360
  const status = item.status?.conditions.find((condition) => condition.type !== 'SYNCHRONIZED' && condition.status === 'True');
374517
374361
  if (!status)
374518
374362
  continue;
374363
+ const syncCondition = item.status.conditions.find((condition) => {
374364
+ return condition.type === 'SYNCHRONIZED';
374365
+ });
374366
+ if (syncCondition &&
374367
+ syncCondition.message === SYNC_DEFAULT_ERROR_MESSAGE) {
374368
+ errorOnSyncCount++;
374369
+ }
374519
374370
  switch (status.type) {
374520
374371
  case 'PROVISIONED':
374521
374372
  provisionedCount++;
@@ -374561,6 +374412,10 @@ class CRStateMetrics {
374561
374412
  namespace: this.namespace,
374562
374413
  kind: this.kind,
374563
374414
  });
374415
+ this.errorOnSyncGauge.record(errorOnSyncCount, {
374416
+ namespace: this.namespace,
374417
+ kind: this.kind,
374418
+ });
374564
374419
  }
374565
374420
  catch (err) {
374566
374421
  console.log(`CRStateMetrics: update ${err}`);