@highstate/common 0.9.18 → 0.9.20

package/dist/units/ssh/key-pair/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/units/ssh/key-pair/index.ts"],"names":[],"mappings":";;;;AAIA,IAAM,EAAE,IAAA,EAAM,OAAA,EAAS,SAAQ,GAAI,OAAA,CAAQ,IAAI,OAAO,CAAA;AAEtD,IAAM,OAAA,GAAU,gBAAA,CAAiB,OAAA,CAAQ,UAAU,CAAA;AAEnD,IAAO,mBAAQ,OAAA,CAAQ;AAAA,EACrB,OAAA;AAAA,EACA,aAAA,EAAe;AAAA,IACb,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,GAAG,IAAI,CAAA,IAAA,CAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACR;AAAA,IACA,OAAA,EAAS;AAAA,MACP,IAAA,EAAM,UAAA;AAAA,MACN,OAAO,OAAA,CAAQ;AAAA;AACjB,GACF;AAAA,EACA,aAAA,EAAe;AAAA,IACb,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,WAAW,OAAA,CAAQ;AAAA;AAEvB,CAAC","file":"index.js","sourcesContent":["import { ssh } from \"@highstate/library\"\nimport { forUnit } from \"@highstate/pulumi\"\nimport { ensureSshKeyPair } from \"../../../shared\"\n\nconst { name, secrets, outputs } = forUnit(ssh.keyPair)\n\nconst keyPair = ensureSshKeyPair(secrets.privateKey)\n\nexport default outputs({\n  keyPair,\n  publicKeyFile: {\n    meta: {\n      name: `${name}.pub`,\n      mode: 0o644,\n    },\n    content: {\n      type: \"embedded\",\n      value: keyPair.publicKey,\n    },\n  },\n  $statusFields: {\n    fingerprint: keyPair.fingerprint,\n    publicKey: keyPair.publicKey,\n  },\n})\n"]}
+{"version":3,"sources":["../../../../src/units/ssh/key-pair/index.ts"],"names":[],"mappings":";;;;AAIA,IAAM,EAAE,IAAA,EAAM,SAAA,EAAW,SAAQ,GAAI,OAAA,CAAQ,IAAI,OAAO,CAAA;AAExD,IAAM,UAAA,GAAa,SAAA,CAAU,YAAA,EAAc,qBAAqB,CAAA;AAChE,IAAM,OAAA,GAAU,uBAAuB,UAAU,CAAA;AAEjD,IAAO,mBAAQ,OAAA,CAAQ;AAAA,EACrB,OAAA;AAAA,EACA,aAAA,EAAe;AAAA,IACb,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,GAAG,IAAI,CAAA,IAAA,CAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACR;AAAA,IACA,OAAA,EAAS;AAAA,MACP,IAAA,EAAM,UAAA;AAAA,MACN,OAAO,OAAA,CAAQ;AAAA;AACjB,GACF;AAAA,EACA,aAAA,EAAe;AAAA,IACb,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,WAAW,OAAA,CAAQ;AAAA;AAEvB,CAAC","file":"index.js","sourcesContent":["import { ssh } from \"@highstate/library\"\nimport { forUnit } from \"@highstate/pulumi\"\nimport { generateSshPrivateKey, sshPrivateKeyToKeyPair } from \"../../../shared\"\n\nconst { name, getSecret, outputs } = forUnit(ssh.keyPair)\n\nconst privateKey = getSecret(\"privateKey\", generateSshPrivateKey)\nconst keyPair = sshPrivateKeyToKeyPair(privateKey)\n\nexport default outputs({\n  keyPair,\n  publicKeyFile: {\n    meta: {\n      name: `${name}.pub`,\n      mode: 0o644,\n    },\n    content: {\n      type: \"embedded\",\n      value: keyPair.publicKey,\n    },\n  },\n  $statusFields: {\n    fingerprint: keyPair.fingerprint,\n    publicKey: keyPair.publicKey,\n  },\n})\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/common",
-  "version": "0.9.18",
+  "version": "0.9.20",
   "type": "module",
   "files": [
     "dist",
@@ -11,6 +11,54 @@
       ".": {
         "mode": "manual",
         "version": "1"
+      },
+      "./units/access-point": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/dns/record-set": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/network/l3-endpoint": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/network/l4-endpoint": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/existing-server": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/ssh/key-pair": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/script": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/server-dns": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/server-patch": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/databases/existing-mariadb": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/databases/existing-postgresql": {
+        "mode": "manual",
+        "version": "1"
+      },
+      "./units/databases/existing-mongodb": {
+        "mode": "manual",
+        "version": "1"
       }
     }
   },
@@ -19,6 +67,7 @@
       "types": "./src/index.ts",
       "default": "./dist/index.js"
     },
+    "./units/access-point": "./dist/units/access-point/index.js",
     "./units/dns/record-set": "./dist/units/dns/record-set/index.js",
     "./units/network/l3-endpoint": "./dist/units/network/l3-endpoint/index.js",
     "./units/network/l4-endpoint": "./dist/units/network/l4-endpoint/index.js",
@@ -26,7 +75,10 @@
     "./units/ssh/key-pair": "./dist/units/ssh/key-pair/index.js",
     "./units/script": "./dist/units/script/index.js",
     "./units/server-dns": "./dist/units/server-dns/index.js",
-    "./units/server-patch": "./dist/units/server-patch/index.js"
+    "./units/server-patch": "./dist/units/server-patch/index.js",
+    "./units/databases/existing-mariadb": "./dist/units/databases/existing-mariadb/index.js",
+    "./units/databases/existing-postgresql": "./dist/units/databases/existing-postgresql/index.js",
+    "./units/databases/existing-mongodb": "./dist/units/databases/existing-mongodb/index.js"
   },
   "publishConfig": {
     "access": "public"
@@ -36,9 +88,9 @@
     "update-images": "../../scripts/update-images.sh ./assets/images.json"
   },
   "dependencies": {
-    "@highstate/contract": "^0.9.18",
-    "@highstate/library": "^0.9.18",
-    "@highstate/pulumi": "^0.9.18",
+    "@highstate/contract": "^0.9.20",
+    "@highstate/library": "^0.9.20",
+    "@highstate/pulumi": "^0.9.20",
     "@noble/hashes": "^1.7.1",
     "@pulumi/command": "^1.0.2",
     "micro-key-producer": "^0.7.3",
@@ -48,9 +100,10 @@
     "unzipper": "^0.12.3"
   },
   "devDependencies": {
-    "@highstate/cli": "^0.9.18",
+    "@highstate/cli": "^0.9.20",
     "@types/tar": "^6.1.13",
-    "@types/unzipper": "^0.10.11"
+    "@types/unzipper": "^0.10.11",
+    "type-fest": "^4.41.0"
   },
-  "gitHead": "9ebcd7da56b00b8ca08bf52cc8438f527338cd64"
+  "gitHead": "4bf9183450c2c6f51d6a99d77efc379ff5c7b7ef"
 }

package/src/shared/access-point.ts

@@ -0,0 +1,110 @@
+import type { common } from "@highstate/library"
+import type { Except } from "type-fest"
+import {
+  ComponentResource,
+  type ComponentResourceOptions,
+  type Input,
+  type Output,
+  output,
+  toPromise,
+} from "@highstate/pulumi"
+import { DnsRecordSet } from "./dns"
+import { GatewayRoute, type GatewayRouteSpec } from "./gateway"
+import { TlsCertificate } from "./tls"
+
+export type AccessPointRouteArgs = Except<GatewayRouteSpec, "nativeData"> & {
+  /**
+   * The access point to use to expose the route.
+   */
+  accessPoint: Input<common.AccessPoint>
+
+  /**
+   * The native data to pass to the gateway route implementation.
+   */
+  gatewayNativeData?: unknown
+
+  /**
+   * The native data to pass to the tls ceertificate implementation.
+   */
+  tlsCertificateNativeData?: unknown
+}
+
+export class AccessPointRoute extends ComponentResource {
+  /**
+   * The created gateway route.
+   */
+  readonly route: GatewayRoute
+
+  /**
+   * The DNS record set created for the route.
+   *
+   * May be shared between multiple routes with the same FQDN.
+   */
+  readonly dnsRecordSet?: Output<DnsRecordSet | undefined>
+
+  /**
+   * The TLS certificate created for the route.
+   *
+   * May be shared between multiple routes with the same FQDN.
+   */
+  readonly tlsCertificate?: Output<TlsCertificate | undefined>
+
+  constructor(name: string, args: AccessPointRouteArgs, opts?: ComponentResourceOptions) {
+    super("highstate:common:AccessPointRoute", name, args, opts)
+
+    // 1. create TLS certificate if the route is HTTPS and the access point has TLS issuers
+    if (args.fqdn && args.type === "http" && !args.insecure) {
+      this.tlsCertificate = output(args.accessPoint).apply(accessPoint => {
+        if (accessPoint.tlsIssuers.length === 0) {
+          return undefined
+        }
+
+        return TlsCertificate.createOnce(
+          name,
+          {
+            issuers: accessPoint.tlsIssuers,
+            dnsNames: args.fqdn ? [args.fqdn] : [],
+            nativeData: args.tlsCertificateNativeData,
+          },
+          { ...opts, parent: this },
+        )
+      })
+    }
+
+    // 2. create the route and resolve the gateway endpoints
+    this.route = new GatewayRoute(
+      name,
+      {
+        ...args,
+        gateway: output(args.accessPoint).gateway,
+        tlsCertificate: this.tlsCertificate,
+        nativeData: args.gatewayNativeData,
+      },
+      { ...opts, parent: this },
+    )
+
+    // 3. register DNS records if FQDN is provided and the access point has DNS providers
+    if (args.fqdn) {
+      this.dnsRecordSet = output(args.accessPoint).apply(async accessPoint => {
+        if (accessPoint.dnsProviders.length === 0) {
+          return undefined
+        }
+
+        const fqdn = await toPromise(args.fqdn)
+        if (!fqdn) {
+          return undefined
+        }
+
+        return DnsRecordSet.createOnce(
+          fqdn,
+          {
+            providers: output(args.accessPoint).dnsProviders,
+            values: this.route.endpoints,
+            waitAt: "local",
+          },
+          { ...opts, parent: this },
+        )
+      })
+    }
+  }
+}

package/src/shared/command.ts

@@ -7,13 +7,13 @@ import {
   toPromise,
   type ComponentResourceOptions,
   type Input,
-  type InputMap,
   type InputOrArray,
   type Output,
 } from "@highstate/pulumi"
-import { common, ssh } from "@highstate/library"
+import type { common, ssh } from "@highstate/library"
 import { flat } from "remeda"
 import { l3EndpointToString } from "./network"
+import { sha256 } from "@noble/hashes/sha2"
 
 /**
  * Creates a connection object for the given SSH credentials.
@@ -22,7 +22,7 @@ import { l3EndpointToString } from "./network"
  * @returns An output connection object for Pulumi remote commands.
  */
 export function getServerConnection(
-  ssh: Input<ssh.Credentials>,
+  ssh: Input<ssh.Connection>,
 ): Output<types.input.remote.ConnectionArgs> {
   return output(ssh).apply(ssh => ({
     host: l3EndpointToString(ssh.endpoints[0]),
@@ -35,7 +35,7 @@ export function getServerConnection(
   }))
 }
 
-export type CommandHost = "local" | Input<common.Server> | Input<types.input.remote.ConnectionArgs>
+export type CommandHost = "local" | Input<common.Server>
 export type CommandRunMode = "auto" | "prefer-host"
 
 export type CommandArgs = {
@@ -83,6 +83,16 @@ export type CommandArgs = {
    */
   triggers?: InputOrArray<unknown>
 
+  /**
+   * The update triggers for the command.
+   *
+   * Unlike `triggers`, which replace the entire resource on change, these will only trigger the `update` command.
+   *
+   * Under the hood, it is implemented using a hash of the provided values and passing it as environment variable.
+   * It is recommended to pass only primitive values (strings, numbers, booleans) or small objects/arrays for proper serialization.
+   */
+  updateTriggers?: InputOrArray<unknown>
+
   /**
    * The working directory for the command.
    *
@@ -93,7 +103,7 @@ export type CommandArgs = {
   /**
    * The environment variables to set for the command.
    */
-  environment?: Input<InputMap<string>>
+  environment?: Input<Record<string, Input<string>>>
 
   /**
    * The run mode for the command.
@@ -168,12 +178,50 @@ function wrapWithWorkDir(dir?: Input<string>) {
   return (command: string) => interpolate`cd "${dir}" && ${command}`
 }
 
+function wrapWithEnvironment(environment?: Input<Record<string, Input<string>>>) {
+  if (!environment) {
+    return (command: string) => output(command)
+  }
+
+  return (command: string) =>
+    output({ command, environment }).apply(({ command, environment }) => {
+      if (!environment || Object.keys(environment).length === 0) {
+        return command
+      }
+
+      const envExport = Object.entries(environment)
+        .map(([key, value]) => `export ${key}="${value}"`)
+        .join(" && ")
+
+      return `${envExport} && ${command}`
+    })
+}
+
 function wrapWithWaitFor(timeout: Input<number> = 300, interval: Input<number> = 5) {
   return (command: string | string[]) =>
     // TOD: escape the command
     interpolate`timeout ${timeout} bash -c 'while ! ${createCommand(command)}; do sleep ${interval}; done'`
 }
 
+function applyUpdateTriggers(
+  env: Input<Record<string, Input<string>>> | undefined,
+  triggers: InputOrArray<unknown> | undefined,
+) {
+  return output({ env, triggers }).apply(({ env, triggers }) => {
+    if (!triggers) {
+      return env
+    }
+
+    const hash = sha256(JSON.stringify(triggers))
+    const hashHex = Buffer.from(hash).toString("hex")
+
+    return {
+      ...env,
+      HIGHSTATE_UPDATE_TRIGGER_HASH: hashHex,
+    }
+  })
+}
+
 export class Command extends ComponentResource {
   public readonly stdout: Output<string>
   public readonly stderr: Output<string>
@@ -181,6 +229,11 @@ export class Command extends ComponentResource {
   constructor(name: string, args: CommandArgs, opts?: ComponentResourceOptions) {
     super("highstate:common:Command", name, args, opts)
 
+    const environment = applyUpdateTriggers(
+      args.environment,
+      args.updateTriggers,
+    ) as local.CommandArgs["environment"]
+
     const command =
       args.host === "local"
         ? new local.Command(
@@ -192,7 +245,7 @@ export class Command extends ComponentResource {
               logging: args.logging,
               triggers: args.triggers ? output(args.triggers).apply(flat) : undefined,
               dir: args.cwd ?? homedir(),
-              environment: args.environment as local.CommandArgs["environment"],
+              environment,
               stdin: args.stdin,
             },
             { ...opts, parent: this },
@@ -201,10 +254,6 @@ export class Command extends ComponentResource {
             name,
             {
               connection: output(args.host).apply(server => {
-                if ("host" in server) {
-                  return output(server)
-                }
-
                 if (!server.ssh) {
                   throw new Error(`The server "${server.hostname}" has no SSH credentials`)
                 }
@@ -212,26 +261,44 @@ export class Command extends ComponentResource {
                 return getServerConnection(server.ssh)
               }),
 
-              create: output(args.create).apply(createCommand).apply(wrapWithWorkDir(args.cwd)),
+              create: output(args.create)
+                .apply(createCommand)
+                .apply(wrapWithWorkDir(args.cwd))
+                .apply(wrapWithEnvironment(environment)),
 
               update: args.update
-                ? output(args.update).apply(createCommand).apply(wrapWithWorkDir(args.cwd))
+                ? output(args.update)
+                    .apply(createCommand)
+                    .apply(wrapWithWorkDir(args.cwd))
+                    .apply(wrapWithEnvironment(environment))
                 : undefined,
 
               delete: args.delete
-                ? output(args.delete).apply(createCommand).apply(wrapWithWorkDir(args.cwd))
+                ? output(args.delete)
+                    .apply(createCommand)
+                    .apply(wrapWithWorkDir(args.cwd))
+                    .apply(wrapWithEnvironment(environment))
                 : undefined,
 
               logging: args.logging,
               triggers: args.triggers ? output(args.triggers).apply(flat) : undefined,
               stdin: args.stdin,
-              environment: args.environment as remote.CommandArgs["environment"],
+
+              addPreviousOutputInEnv: false,
+
+              // TODO: does not work if server do not define AcceptEnv
+              // environment,
             },
             { ...opts, parent: this },
           )
 
     this.stdout = command.stdout
     this.stderr = command.stderr
+
+    this.registerOutputs({
+      stdout: this.stdout,
+      stderr: this.stderr,
+    })
   }
 
   /**