@highstate/k8s 0.19.1 → 0.21.1

package/dist/chunk-FE4SHRAJ.js

@@ -1,286 +0,0 @@
-import { Workload, getWorkloadComponents } from './chunk-P2VOUU7E.js';
-import { commonExtraArgs, Namespace, mapMetadata, getProvider } from './chunk-OBDQONMV.js';
-import { getOrCreate } from '@highstate/contract';
-import { output, interpolate, toPromise } from '@highstate/pulumi';
-import { batch } from '@pulumi/kubernetes';
-import { deepmerge } from 'deepmerge-ts';
-import { omit } from 'remeda';
-
-var Job = class _Job extends Workload {
-  constructor(type, name, args, opts, metadata, namespace, terminalArgs, containers, networkPolicy, spec, status) {
-    super(
-      type,
-      name,
-      args,
-      opts,
-      metadata,
-      namespace,
-      terminalArgs,
-      containers,
-      spec.template,
-      networkPolicy
-    );
-    this.spec = spec;
-    this.status = status;
-  }
-  static apiVersion = "batch/v1";
-  static kind = "Job";
-  get templateMetadata() {
-    return this.spec.template.metadata;
-  }
-  /**
-   * The Highstate job entity.
-   */
-  get entity() {
-    return output(this.entityBase);
-  }
-  getTerminalMeta() {
-    return output({
-      title: "Job",
-      globalTitle: interpolate`Job | ${this.metadata.name}`,
-      description: "The shell inside the job.",
-      icon: "devicon:kubernetes"
-    });
-  }
-  get resourceType() {
-    return "job";
-  }
-  /**
-   * Creates a new job.
-   */
-  static create(name, args, opts) {
-    return new CreatedJob(name, args, opts);
-  }
-  /**
-   * Creates a new job or patches an existing one.
-   *
-   * @param name The name of the resource. May not be the same as the job name.
-   * @param args The arguments to create or patch the job with.
-   * @param opts Optional resource options.
-   */
-  static createOrPatch(name, args, opts) {
-    if (args.existing) {
-      return new JobPatch(name, {
-        ...args,
-        name: output(args.existing).metadata.name,
-        namespace: Namespace.forResourceAsync(args.existing, output(args.namespace).cluster)
-      });
-    }
-    return new CreatedJob(name, args, opts);
-  }
-  /**
-   * Creates a new job or gets an existing one.
-   *
-   * @param name The name of the resource. May not be the same as the job name. Will not be used when existing job is retrieved.
-   * @param args The arguments to create or get the job with.
-   * @param opts Optional resource options.
-   */
-  static async createOrGet(name, args, opts) {
-    if (args.existing) {
-      return await _Job.forAsync(args.existing, output(args.namespace).cluster);
-    }
-    return new CreatedJob(name, args, opts);
-  }
-  /**
-   * Patches an existing job.
-   *
-   * Will throw an error if the job does not exist.
-   *
-   * @param name The name of the resource. May not be the same as the job name.
-   * @param args The arguments to patch the job with.
-   * @param opts Optional resource options.
-   */
-  static patch(name, args, opts) {
-    return new JobPatch(name, args, opts);
-  }
-  /**
-   * Wraps an existing Kubernetes job.
-   */
-  static wrap(name, args, opts) {
-    return new WrappedJob(name, args, opts);
-  }
-  /**
-   * Gets an existing job.
-   *
-   * Will throw an error if the job does not exist.
-   */
-  static get(name, args, opts) {
-    return new ExternalJob(name, args, opts);
-  }
-  static jobCache = /* @__PURE__ */ new Map();
-  /**
-   * Gets an existing job for a given entity.
-   * Prefer this method over `get` when possible.
-   *
-   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.
-   *
-   * This method is idempotent and will return the same instance for the same entity.
-   *
-   * @param entity The entity to get the job for.
-   * @param cluster The cluster where the job is located.
-   */
-  static for(entity, cluster) {
-    return getOrCreate(
-      _Job.jobCache,
-      `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,
-      (name) => {
-        return _Job.get(name, {
-          name: entity.metadata.name,
-          namespace: Namespace.forResource(entity, cluster)
-        });
-      }
-    );
-  }
-  /**
-   * Gets an existing job for a given entity.
-   * Prefer this method over `get` when possible.
-   *
-   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.
-   *
-   * This method is idempotent and will return the same instance for the same entity.
-   *
-   * @param entity The entity to get the job for.
-   * @param cluster The cluster where the job is located.
-   */
-  static async forAsync(entity, cluster) {
-    const resolvedEntity = await toPromise(entity);
-    return _Job.for(resolvedEntity, cluster);
-  }
-};
-var jobExtraArgs = [...commonExtraArgs, "container", "containers"];
-var CreatedJob = class extends Job {
-  constructor(name, args, opts) {
-    const { podTemplate, containers, networkPolicy } = getWorkloadComponents(
-      name,
-      args,
-      () => this,
-      opts
-    );
-    const job = output(args.namespace).cluster.apply((cluster) => {
-      return new batch.v1.Job(
-        name,
-        {
-          metadata: mapMetadata(args, name),
-          spec: output({ args, podTemplate }).apply(({ args: args2, podTemplate: podTemplate2 }) => {
-            return deepmerge(
-              {
-                template: deepmerge(
-                  {
-                    spec: {
-                      restartPolicy: "Never"
-                    }
-                  },
-                  podTemplate2
-                )
-              },
-              omit(args2, jobExtraArgs)
-            );
-          })
-        },
-        { ...opts, parent: this, provider: getProvider(cluster) }
-      );
-    });
-    super(
-      "highstate:k8s:Job",
-      name,
-      args,
-      opts,
-      job.metadata,
-      output(args.namespace),
-      output(args.terminal ?? {}),
-      containers,
-      networkPolicy,
-      job.spec,
-      job.status
-    );
-  }
-};
-var JobPatch = class extends Job {
-  constructor(name, args, opts) {
-    const { podTemplate, containers, networkPolicy } = getWorkloadComponents(
-      name,
-      args,
-      () => this,
-      opts,
-      true
-    );
-    const job = output(args.namespace).cluster.apply((cluster) => {
-      return new batch.v1.JobPatch(
-        name,
-        {
-          metadata: mapMetadata(args, name),
-          spec: output({ args, podTemplate }).apply(({ args: args2, podTemplate: podTemplate2 }) => {
-            return deepmerge(
-              { template: podTemplate2 },
-              omit(args2, jobExtraArgs)
-            );
-          })
-        },
-        { ...opts, parent: this, provider: getProvider(cluster) }
-      );
-    });
-    super(
-      "highstate:k8s:JobPatch",
-      name,
-      args,
-      opts,
-      job.metadata,
-      output(args.namespace),
-      output(args.terminal ?? {}),
-      containers,
-      networkPolicy,
-      job.spec,
-      job.status
-    );
-    this.registerOutputs({
-      metadata: this.metadata,
-      spec: this.spec,
-      status: this.status
-    });
-  }
-};
-var WrappedJob = class extends Job {
-  constructor(name, args, opts) {
-    super(
-      "highstate:k8s:WrappedJob",
-      name,
-      args,
-      opts,
-      output(args.job).metadata,
-      output(args.namespace),
-      output(args.terminal ?? {}),
-      output([]),
-      output(void 0),
-      output(args.job).spec,
-      output(args.job).status
-    );
-  }
-};
-var ExternalJob = class extends Job {
-  constructor(name, args, opts) {
-    const job = output(args.namespace).cluster.apply((cluster) => {
-      return batch.v1.Job.get(
-        name,
-        interpolate`${output(args.namespace).metadata.name}/${args.name}`,
-        { ...opts, parent: this, provider: getProvider(cluster) }
-      );
-    });
-    super(
-      "highstate:k8s:ExternalJob",
-      name,
-      args,
-      opts,
-      job.metadata,
-      output(args.namespace),
-      output({}),
-      output([]),
-      output(void 0),
-      job.spec,
-      job.status
-    );
-  }
-};
-
-export { Job };
-//# sourceMappingURL=chunk-FE4SHRAJ.js.map
-//# sourceMappingURL=chunk-FE4SHRAJ.js.map

package/dist/chunk-FE4SHRAJ.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/job.ts"],"names":["args","podTemplate"],"mappings":";;;;;;;;AA4CO,IAAe,GAAA,GAAf,MAAe,IAAA,SAAY,QAAA,CAAS;AAAA,EAI/B,WAAA,CACR,IAAA,EACA,IAAA,EACA,IAAA,EACA,IAAA,EAEA,QAAA,EACA,SAAA,EACA,YAAA,EACA,UAAA,EACA,aAAA,EAKS,IAAA,EAKA,MAAA,EACT;AACA,IAAA,KAAA;AAAA,MACE,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,QAAA;AAAA,MACA,SAAA;AAAA,MACA,YAAA;AAAA,MACA,UAAA;AAAA,MACA,IAAA,CAAK,QAAA;AAAA,MACL;AAAA,KACF;AAlBS,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAKA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAcX;AAAA,EArCA,OAAO,UAAA,GAAa,UAAA;AAAA,EACpB,OAAO,IAAA,GAAO,KAAA;AAAA,EAsCd,IAAuB,gBAAA,GAA4D;AACjF,IAAA,OAAO,IAAA,CAAK,KAAK,QAAA,CAAS,QAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,MAAA,GAA0B;AAC5B,IAAA,OAAO,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,EAC/B;AAAA,EAEU,eAAA,GAAgD;AACxD,IAAA,OAAO,MAAA,CAAO;AAAA,MACZ,KAAA,EAAO,KAAA;AAAA,MACP,WAAA,EAAa,WAAA,CAAA,MAAA,EAAoB,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA,CAAA;AAAA,MACnD,WAAA,EAAa,2BAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AAAA,EACH;AAAA,EAEA,IAAc,YAAA,GAAuB;AACnC,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,MAAA,CAAO,IAAA,EAAc,IAAA,EAAe,IAAA,EAAsC;AAC/E,IAAA,OAAO,IAAI,UAAA,CAAW,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,aAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACK;AACL,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,GAAG,IAAA;AAAA,QACH,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,QAAQ,EAAE,QAAA,CAAS,IAAA;AAAA,QACrC,SAAA,EAAW,UAAU,gBAAA,CAAiB,IAAA,CAAK,UAAU,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAO;AAAA,OACpF,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAI,UAAA,CAAW,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,aAAa,WAAA,CACX,IAAA,EACA,IAAA,EACA,IAAA,EACc;AACd,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,MAAM,KAAI,QAAA,CAAS,IAAA,CAAK,UAAU,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAO,CAAA;AAAA,IACzE;AAEA,IAAA,OAAO,IAAI,UAAA,CAAW,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,KAAA,CAAM,IAAA,EAAc,IAAA,EAAe,IAAA,EAAsC;AAC9E,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,IAAA,CAAK,IAAA,EAAc,IAAA,EAAsB,IAAA,EAAsC;AACpF,IAAA,OAAO,IAAI,UAAA,CAAW,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,GAAA,CAAI,IAAA,EAAc,IAAA,EAAuB,IAAA,EAAsC;AACpF,IAAA,OAAO,IAAI,WAAA,CAAY,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACzC;AAAA,EAEA,OAAwB,QAAA,mBAAW,IAAI,GAAA,EAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaxD,OAAO,GAAA,CAAI,MAAA,EAAgC,OAAA,EAAkC;AAC3E,IAAA,OAAO,WAAA;AAAA,MACL,IAAA,CAAI,QAAA;AAAA,MACJ,CAAA,EAAG,MAAA,CAAO,WAAW,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,OAAO,SAAS,CAAA,CAAA;AAAA,MAC9F,CAAA,IAAA,KAAQ;AACN,QAAA,OAAO,IAAA,CAAI,IAAI,IAAA,EAAM;AAAA,UACnB,IAAA,EAAM,OAAO,QAAA,CAAS,IAAA;AAAA,UACtB,SAAA,EAAW,SAAA,CAAU,WAAA,CAAY,MAAA,EAAQ,OAAO;AAAA,SACjD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,aAAa,QAAA,CACX,MAAA,EACA,OAAA,EACc;AACd,IAAA,MAAM,cAAA,GAAiB,MAAM,SAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,OAAO,IAAA,CAAI,GAAA,CAAI,cAAA,EAAgB,OAAO,CAAA;AAAA,EACxC;AACF;AAEA,IAAM,YAAA,GAAe,CAAC,GAAG,eAAA,EAAiB,aAAa,YAAY,CAAA;AAEnE,IAAM,UAAA,GAAN,cAAyB,GAAA,CAAI;AAAA,EAC3B,WAAA,CAAY,IAAA,EAAc,IAAA,EAAe,IAAA,EAAiC;AACxE,IAAA,MAAM,EAAE,WAAA,EAAa,UAAA,EAAY,aAAA,EAAc,GAAI,qBAAA;AAAA,MACjD,IAAA;AAAA,MACA,IAAA;AAAA,MACA,MAAM,IAAA;AAAA,MACN;AAAA,KACF;AAEA,IAAA,MAAM,MAAM,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,OAAA,KAAW;AAC1D,MAAA,OAAO,IAAI,MAAM,EAAA,CAAG,GAAA;AAAA,QAClB,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU,WAAA,CAAY,IAAA,EAAM,IAAI,CAAA;AAAA,UAChC,IAAA,EAAM,MAAA,CAAO,EAAE,IAAA,EAAM,aAAa,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,IAAA,EAAAA,KAAAA,EAAM,WAAA,EAAAC,cAAY,KAAM;AACnE,YAAA,OAAO,SAAA;AAAA,cACL;AAAA,gBACE,QAAA,EAAU,SAAA;AAAA,kBACR;AAAA,oBACE,IAAA,EAAM;AAAA,sBACJ,aAAA,EAAe;AAAA;AACjB,mBACF;AAAA,kBACAA;AAAA;AACF,eACF;AAAA,cACA,IAAA,CAAKD,OAAM,YAAY;AAAA,aACzB;AAAA,UACF,CAAC;AAAA,SACH;AAAA,QACA,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,mBAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,GAAA,CAAI,QAAA;AAAA,MACJ,MAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrB,MAAA,CAAO,IAAA,CAAK,QAAA,IAAY,EAAE,CAAA;AAAA,MAC1B,UAAA;AAAA,MACA,aAAA;AAAA,MACA,GAAA,CAAI,IAAA;AAAA,MACJ,GAAA,CAAI;AAAA,KACN;AAAA,EACF;AACF,CAAA;AAEA,IAAM,QAAA,GAAN,cAAuB,GAAA,CAAI;AAAA,EACzB,WAAA,CAAY,IAAA,EAAc,IAAA,EAAe,IAAA,EAAiC;AACxE,IAAA,MAAM,EAAE,WAAA,EAAa,UAAA,EAAY,aAAA,EAAc,GAAI,qBAAA;AAAA,MACjD,IAAA;AAAA,MACA,IAAA;AAAA,MACA,MAAM,IAAA;AAAA,MACN,IAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,MAAM,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,OAAA,KAAW;AAC1D,MAAA,OAAO,IAAI,MAAM,EAAA,CAAG,QAAA;AAAA,QAClB,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU,WAAA,CAAY,IAAA,EAAM,IAAI,CAAA;AAAA,UAChC,IAAA,EAAM,MAAA,CAAO,EAAE,IAAA,EAAM,aAAa,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,IAAA,EAAAA,KAAAA,EAAM,WAAA,EAAAC,cAAY,KAAM;AACnE,YAAA,OAAO,SAAA;AAAA,cACL,EAAE,UAAUA,YAAAA,EAAY;AAAA,cACxB,IAAA,CAAKD,OAAM,YAAY;AAAA,aACzB;AAAA,UACF,CAAC;AAAA,SACH;AAAA,QACA,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,wBAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,GAAA,CAAI,QAAA;AAAA,MACJ,MAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrB,MAAA,CAAO,IAAA,CAAK,QAAA,IAAY,EAAE,CAAA;AAAA,MAC1B,UAAA;AAAA,MACA,aAAA;AAAA,MACA,GAAA,CAAI,IAAA;AAAA,MACJ,GAAA,CAAI;AAAA,KACN;AAEA,IAAA,IAAA,CAAK,eAAA,CAAgB;AAAA,MACnB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAQ,IAAA,CAAK;AAAA,KACd,CAAA;AAAA,EACH;AACF,CAAA;AAmBA,IAAM,UAAA,GAAN,cAAyB,GAAA,CAAI;AAAA,EAC3B,WAAA,CAAY,IAAA,EAAc,IAAA,EAAsB,IAAA,EAAiC;AAC/E,IAAA,KAAA;AAAA,MACE,0BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MAEA,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,QAAA;AAAA,MACjB,MAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrB,MAAA,CAAO,IAAA,CAAK,QAAA,IAAY,EAAE,CAAA;AAAA,MAC1B,MAAA,CAAO,EAAE,CAAA;AAAA,MACT,OAAO,MAAS,CAAA;AAAA,MAEhB,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,IAAA;AAAA,MACjB,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE;AAAA,KACnB;AAAA,EACF;AACF,CAAA;AAcA,IAAM,WAAA,GAAN,cAA0B,GAAA,CAAI;AAAA,EAC5B,WAAA,CAAY,IAAA,EAAc,IAAA,EAAuB,IAAA,EAAiC;AAChF,IAAA,MAAM,MAAM,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,OAAA,KAAW;AAC1D,MAAA,OAAO,KAAA,CAAM,GAAG,GAAA,CAAI,GAAA;AAAA,QAClB,IAAA;AAAA,QACA,WAAA,CAAA,EAAc,OAAO,IAAA,CAAK,SAAS,EAAE,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAA;AAAA,QAC/D,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,2BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MAEA,GAAA,CAAI,QAAA;AAAA,MACJ,MAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrB,MAAA,CAAO,EAAE,CAAA;AAAA,MACT,MAAA,CAAO,EAAE,CAAA;AAAA,MACT,OAAO,MAAS,CAAA;AAAA,MAEhB,GAAA,CAAI,IAAA;AAAA,MACJ,GAAA,CAAI;AAAA,KACN;AAAA,EACF;AACF,CAAA","file":"chunk-FE4SHRAJ.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport type { Container } from \"./container\"\nimport type { NetworkPolicy } from \"./network-policy\"\nimport { getOrCreate, type UnitTerminal } from \"@highstate/contract\"\nimport {\n  type ComponentResourceOptions,\n  type Input,\n  type Inputs,\n  interpolate,\n  type Output,\n  output,\n  toPromise,\n  type Unwrap,\n} from \"@highstate/pulumi\"\nimport { batch, type types } from \"@pulumi/kubernetes\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { omit } from \"remeda\"\nimport { Namespace } from \"./namespace\"\nimport { commonExtraArgs, getProvider, mapMetadata, type ScopedResourceArgs } from \"./shared\"\nimport {\n  getWorkloadComponents,\n  Workload,\n  type WorkloadArgs,\n  type WorkloadTerminalArgs,\n} from \"./workload\"\n\nexport type JobArgs = ScopedResourceArgs &\n  Omit<Partial<types.input.batch.v1.JobSpec>, \"template\"> & {\n    template?: {\n      metadata?: types.input.meta.v1.ObjectMeta\n      spec?: Partial<types.input.core.v1.PodSpec>\n    }\n  } & WorkloadArgs\n\nexport type CreateOrGetJobArgs = JobArgs & {\n  /**\n   * The job entity to patch/retrieve.\n   */\n  existing: Input<k8s.NamespacedResource> | undefined\n}\n\n/**\n * Represents a Kubernetes Job resource with metadata and spec.\n */\nexport abstract class Job extends Workload {\n  static apiVersion = \"batch/v1\"\n  static kind = \"Job\"\n\n  protected constructor(\n    type: string,\n    name: string,\n    args: Inputs,\n    opts: ComponentResourceOptions | undefined,\n\n    metadata: Output<types.output.meta.v1.ObjectMeta>,\n    namespace: Output<Namespace>,\n    terminalArgs: Output<Unwrap<WorkloadTerminalArgs>>,\n    containers: Output<Container[]>,\n    networkPolicy: Output<NetworkPolicy | undefined>,\n\n    /**\n     * The spec of the underlying Kubernetes job.\n     */\n    readonly spec: Output<types.output.batch.v1.JobSpec>,\n\n    /**\n     * The status of the underlying Kubernetes job.\n     */\n    readonly status: Output<types.output.batch.v1.JobStatus>,\n  ) {\n    super(\n      type,\n      name,\n      args,\n      opts,\n      metadata,\n      namespace,\n      terminalArgs,\n      containers,\n      spec.template,\n      networkPolicy,\n    )\n  }\n\n  protected override get templateMetadata(): Output<types.output.meta.v1.ObjectMeta> {\n    return this.spec.template.metadata\n  }\n\n  /**\n   * The Highstate job entity.\n   */\n  get entity(): Output<k8s.Job> {\n    return output(this.entityBase)\n  }\n\n  protected getTerminalMeta(): Output<UnitTerminal[\"meta\"]> {\n    return output({\n      title: \"Job\",\n      globalTitle: interpolate`Job | ${this.metadata.name}`,\n      description: \"The shell inside the job.\",\n      icon: \"devicon:kubernetes\",\n    })\n  }\n\n  protected get resourceType(): string {\n    return \"job\"\n  }\n\n  /**\n   * Creates a new job.\n   */\n  static create(name: string, args: JobArgs, opts?: ComponentResourceOptions): Job {\n    return new CreatedJob(name, args, opts)\n  }\n\n  /**\n   * Creates a new job or patches an existing one.\n   *\n   * @param name The name of the resource. May not be the same as the job name.\n   * @param args The arguments to create or patch the job with.\n   * @param opts Optional resource options.\n   */\n  static createOrPatch(\n    name: string,\n    args: CreateOrGetJobArgs,\n    opts?: ComponentResourceOptions,\n  ): Job {\n    if (args.existing) {\n      return new JobPatch(name, {\n        ...args,\n        name: output(args.existing).metadata.name,\n        namespace: Namespace.forResourceAsync(args.existing, output(args.namespace).cluster),\n      })\n    }\n\n    return new CreatedJob(name, args, opts)\n  }\n\n  /**\n   * Creates a new job or gets an existing one.\n   *\n   * @param name The name of the resource. May not be the same as the job name. Will not be used when existing job is retrieved.\n   * @param args The arguments to create or get the job with.\n   * @param opts Optional resource options.\n   */\n  static async createOrGet(\n    name: string,\n    args: CreateOrGetJobArgs,\n    opts?: ComponentResourceOptions,\n  ): Promise<Job> {\n    if (args.existing) {\n      return await Job.forAsync(args.existing, output(args.namespace).cluster)\n    }\n\n    return new CreatedJob(name, args, opts)\n  }\n\n  /**\n   * Patches an existing job.\n   *\n   * Will throw an error if the job does not exist.\n   *\n   * @param name The name of the resource. May not be the same as the job name.\n   * @param args The arguments to patch the job with.\n   * @param opts Optional resource options.\n   */\n  static patch(name: string, args: JobArgs, opts?: ComponentResourceOptions): Job {\n    return new JobPatch(name, args, opts)\n  }\n\n  /**\n   * Wraps an existing Kubernetes job.\n   */\n  static wrap(name: string, args: WrappedJobArgs, opts?: ComponentResourceOptions): Job {\n    return new WrappedJob(name, args, opts)\n  }\n\n  /**\n   * Gets an existing job.\n   *\n   * Will throw an error if the job does not exist.\n   */\n  static get(name: string, args: ExternalJobArgs, opts?: ComponentResourceOptions): Job {\n    return new ExternalJob(name, args, opts)\n  }\n\n  private static readonly jobCache = new Map<string, Job>()\n\n  /**\n   * Gets an existing job for a given entity.\n   * Prefer this method over `get` when possible.\n   *\n   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.\n   *\n   * This method is idempotent and will return the same instance for the same entity.\n   *\n   * @param entity The entity to get the job for.\n   * @param cluster The cluster where the job is located.\n   */\n  static for(entity: k8s.NamespacedResource, cluster: Input<k8s.Cluster>): Job {\n    return getOrCreate(\n      Job.jobCache,\n      `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,\n      name => {\n        return Job.get(name, {\n          name: entity.metadata.name,\n          namespace: Namespace.forResource(entity, cluster),\n        })\n      },\n    )\n  }\n\n  /**\n   * Gets an existing job for a given entity.\n   * Prefer this method over `get` when possible.\n   *\n   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.\n   *\n   * This method is idempotent and will return the same instance for the same entity.\n   *\n   * @param entity The entity to get the job for.\n   * @param cluster The cluster where the job is located.\n   */\n  static async forAsync(\n    entity: Input<k8s.NamespacedResource>,\n    cluster: Input<k8s.Cluster>,\n  ): Promise<Job> {\n    const resolvedEntity = await toPromise(entity)\n    return Job.for(resolvedEntity, cluster)\n  }\n}\n\nconst jobExtraArgs = [...commonExtraArgs, \"container\", \"containers\"] as const\n\nclass CreatedJob extends Job {\n  constructor(name: string, args: JobArgs, opts?: ComponentResourceOptions) {\n    const { podTemplate, containers, networkPolicy } = getWorkloadComponents(\n      name,\n      args,\n      () => this,\n      opts,\n    )\n\n    const job = output(args.namespace).cluster.apply(cluster => {\n      return new batch.v1.Job(\n        name,\n        {\n          metadata: mapMetadata(args, name),\n          spec: output({ args, podTemplate }).apply(({ args, podTemplate }) => {\n            return deepmerge(\n              {\n                template: deepmerge(\n                  {\n                    spec: {\n                      restartPolicy: \"Never\",\n                    },\n                  },\n                  podTemplate,\n                ),\n              },\n              omit(args, jobExtraArgs) as types.input.batch.v1.JobSpec,\n            )\n          }),\n        },\n        { ...opts, parent: this, provider: getProvider(cluster) },\n      )\n    })\n\n    super(\n      \"highstate:k8s:Job\",\n      name,\n      args,\n      opts,\n      job.metadata,\n      output(args.namespace),\n      output(args.terminal ?? {}),\n      containers,\n      networkPolicy,\n      job.spec,\n      job.status,\n    )\n  }\n}\n\nclass JobPatch extends Job {\n  constructor(name: string, args: JobArgs, opts?: ComponentResourceOptions) {\n    const { podTemplate, containers, networkPolicy } = getWorkloadComponents(\n      name,\n      args,\n      () => this,\n      opts,\n      true,\n    )\n\n    const job = output(args.namespace).cluster.apply(cluster => {\n      return new batch.v1.JobPatch(\n        name,\n        {\n          metadata: mapMetadata(args, name),\n          spec: output({ args, podTemplate }).apply(({ args, podTemplate }) => {\n            return deepmerge(\n              { template: podTemplate } satisfies types.input.batch.v1.JobSpec,\n              omit(args, jobExtraArgs) as types.input.batch.v1.JobSpec,\n            )\n          }),\n        },\n        { ...opts, parent: this, provider: getProvider(cluster) },\n      )\n    })\n\n    super(\n      \"highstate:k8s:JobPatch\",\n      name,\n      args,\n      opts,\n      job.metadata,\n      output(args.namespace),\n      output(args.terminal ?? {}),\n      containers,\n      networkPolicy,\n      job.spec,\n      job.status,\n    )\n\n    this.registerOutputs({\n      metadata: this.metadata,\n      spec: this.spec,\n      status: this.status,\n    })\n  }\n}\n\nexport type WrappedJobArgs = {\n  /**\n   * The underlying Kubernetes job to wrap.\n   */\n  job: Input<batch.v1.Job>\n\n  /**\n   * The namespace where the job is located.\n   */\n  namespace: Input<Namespace>\n\n  /**\n   * The args for the terminal to use.\n   */\n  terminal?: Input<WorkloadTerminalArgs>\n}\n\nclass WrappedJob extends Job {\n  constructor(name: string, args: WrappedJobArgs, opts?: ComponentResourceOptions) {\n    super(\n      \"highstate:k8s:WrappedJob\",\n      name,\n      args,\n      opts,\n\n      output(args.job).metadata,\n      output(args.namespace),\n      output(args.terminal ?? {}),\n      output([]),\n      output(undefined),\n\n      output(args.job).spec,\n      output(args.job).status,\n    )\n  }\n}\n\nexport type ExternalJobArgs = {\n  /**\n   * The name of the job to get.\n   */\n  name: Input<string>\n\n  /**\n   * The namespace where the job is located.\n   */\n  namespace: Input<Namespace>\n}\n\nclass ExternalJob extends Job {\n  constructor(name: string, args: ExternalJobArgs, opts?: ComponentResourceOptions) {\n    const job = output(args.namespace).cluster.apply(cluster => {\n      return batch.v1.Job.get(\n        name,\n        interpolate`${output(args.namespace).metadata.name}/${args.name}`,\n        { ...opts, parent: this, provider: getProvider(cluster) },\n      )\n    })\n\n    super(\n      \"highstate:k8s:ExternalJob\",\n      name,\n      args,\n      opts,\n\n      job.metadata,\n      output(args.namespace),\n      output({}),\n      output([]),\n      output(undefined),\n\n      job.spec,\n      job.status,\n    )\n  }\n}\n"]}

package/dist/chunk-HH2JJELM.js

@@ -1,13 +0,0 @@
-import { ImplementationMediator } from '@highstate/common';
-import { z } from '@highstate/contract';
-
-// src/dns01-solver.ts
-var dns01SolverMediator = new ImplementationMediator(
-  "dns01-solver",
-  z.object({ namespace: z.custom() }),
-  z.custom()
-);
-
-export { dns01SolverMediator };
-//# sourceMappingURL=chunk-HH2JJELM.js.map
-//# sourceMappingURL=chunk-HH2JJELM.js.map

package/dist/chunk-HH2JJELM.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/dns01-solver.ts"],"names":[],"mappings":";;;;AAKO,IAAM,sBAAsB,IAAI,sBAAA;AAAA,EACrC,cAAA;AAAA,EACA,EAAE,MAAA,CAAO,EAAE,WAAW,CAAA,CAAE,MAAA,IAAqB,CAAA;AAAA,EAC7C,EAAE,MAAA;AACJ","file":"chunk-HH2JJELM.js","sourcesContent":["import type { types } from \"@highstate/cert-manager\"\nimport type { Namespace } from \"./namespace\"\nimport { ImplementationMediator } from \"@highstate/common\"\nimport { z } from \"@highstate/contract\"\n\nexport const dns01SolverMediator = new ImplementationMediator(\n  \"dns01-solver\",\n  z.object({ namespace: z.custom<Namespace>() }),\n  z.custom<types.input.cert_manager.v1.ClusterIssuerSpecAcmeSolversDns01>(),\n)\n"]}

package/dist/chunk-KMLRI5UZ.js

@@ -1,155 +0,0 @@
-import { Secret } from './chunk-4G6LLC2X.js';
-import { getProvider, getNamespaceName, NamespacedResource } from './chunk-OBDQONMV.js';
-import { ComponentResource, output, normalizeInputs, interpolate, toPromise } from '@highstate/pulumi';
-import { KubeConfig } from '@kubernetes/client-node';
-import { core, rbac } from '@pulumi/kubernetes';
-import { map, unique } from 'remeda';
-import { stringify } from 'yaml';
-
-var ClusterAccessScope = class extends ComponentResource {
-  /**
-   * The cluster entity with the reduced access.
-   */
-  cluster;
-  constructor(name, args, opts) {
-    super("highstate:k8s:ClusterAccessScope", name, args, opts);
-    const { serviceAccount, kubeconfig } = output(args.namespace).cluster.apply((cluster) => {
-      const provider = getProvider(cluster);
-      const namespaceName = output(args.namespace).metadata.name;
-      const serviceAccount2 = new core.v1.ServiceAccount(
-        name,
-        {
-          metadata: {
-            name,
-            namespace: namespaceName
-          }
-        },
-        { provider }
-      );
-      const clusterRole = new rbac.v1.ClusterRole(
-        name,
-        {
-          metadata: {
-            name: interpolate`hs.${namespaceName}.${name}`,
-            annotations: {
-              "kubernetes.io/description": interpolate`Created by Highstate for the ServiceAccount "${name}" in the namespace "${namespaceName}".`
-            }
-          },
-          rules: output({
-            rules: normalizeInputs(args.rule, args.rules),
-            resources: args.resources ?? []
-          }).apply(({ rules, resources }) => mergeResources(rules, resources))
-        },
-        { provider }
-      );
-      const createRoleBinding = (namespace) => {
-        return new rbac.v1.RoleBinding(
-          name,
-          {
-            metadata: { name, namespace },
-            roleRef: {
-              kind: "ClusterRole",
-              name: clusterRole.metadata.name,
-              apiGroup: "rbac.authorization.k8s.io"
-            },
-            subjects: [
-              {
-                kind: "ServiceAccount",
-                name: serviceAccount2.metadata.name,
-                namespace: namespaceName
-              }
-            ]
-          },
-          { provider }
-        );
-      };
-      if (args.clusterWide) {
-        new rbac.v1.ClusterRoleBinding(
-          name,
-          {
-            metadata: { name },
-            roleRef: {
-              kind: "ClusterRole",
-              name: clusterRole.metadata.name,
-              apiGroup: "rbac.authorization.k8s.io"
-            },
-            subjects: [
-              {
-                kind: "ServiceAccount",
-                name: serviceAccount2.metadata.name,
-                namespace: namespaceName
-              }
-            ]
-          },
-          { provider }
-        );
-      } else {
-        if (args.allowOriginNamespace !== false) {
-          createRoleBinding(namespaceName);
-        }
-        output(args.extraNamespaces ?? []).apply(map(getNamespaceName)).apply(map(createRoleBinding));
-      }
-      return { serviceAccount: serviceAccount2, kubeconfig: cluster.kubeconfig };
-    });
-    const accessTokenSecret = Secret.create(`${name}-token`, {
-      namespace: args.namespace,
-      type: "kubernetes.io/service-account-token",
-      metadata: {
-        annotations: {
-          "kubernetes.io/service-account.name": serviceAccount.metadata.name
-        }
-      }
-    });
-    this.cluster = output({
-      cluster: output(args.namespace).cluster,
-      kubeconfig,
-      newToken: accessTokenSecret.getValue("token"),
-      serviceAccount: serviceAccount.metadata.name
-    }).apply(({ cluster, kubeconfig: kubeconfig2, newToken, serviceAccount: serviceAccount2 }) => {
-      const config = new KubeConfig();
-      config.loadFromString(kubeconfig2);
-      config.users = [];
-      config.contexts = [];
-      config.addUser({ name: serviceAccount2, token: newToken });
-      config.addContext({
-        name: config.clusters[0].name,
-        cluster: config.clusters[0].name,
-        user: serviceAccount2
-      });
-      config.setCurrentContext(config.clusters[0].name);
-      return {
-        ...cluster,
-        kubeconfig: stringify(JSON.parse(config.exportConfig()))
-      };
-    });
-  }
-};
-async function mergeResources(rules, resources) {
-  for (const resource of resources) {
-    const entity = await toPromise(
-      resource instanceof NamespacedResource ? resource.entity : resource
-    );
-    const apiGroup = entity.apiVersion.includes("/") ? entity.apiVersion.split("/")[0] : "";
-    const resourceCollection = `${entity.kind.toLowerCase()}s`;
-    const matchingRule = rules.find((rule) => {
-      const apiGroupsMatch = rule.apiGroups?.length === 1 && rule.apiGroups[0] === apiGroup;
-      const resourcesMatch = rule.resources?.length === 1 && rule.resources[0] === resourceCollection;
-      return apiGroupsMatch && resourcesMatch;
-    });
-    if (!matchingRule) {
-      continue;
-    }
-    matchingRule.resourceNames = await toPromise(
-      unique([
-        //
-        ...matchingRule.resourceNames ?? [],
-        entity.metadata.name
-      ])
-    );
-  }
-  return rules;
-}
-
-export { ClusterAccessScope };
-//# sourceMappingURL=chunk-KMLRI5UZ.js.map
-//# sourceMappingURL=chunk-KMLRI5UZ.js.map

package/dist/chunk-KMLRI5UZ.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/rbac.ts"],"names":["serviceAccount","kubeconfig"],"mappings":";;;;;;;;AA4EO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA;AAAA;AAAA;AAAA,EAI/C,OAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAc,IAAA,EAA8B,IAAA,EAAiC;AACvF,IAAA,KAAA,CAAM,kCAAA,EAAoC,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAE1D,IAAA,MAAM,EAAE,cAAA,EAAgB,UAAA,EAAW,GAAI,MAAA,CAAO,KAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAM,CAAA,OAAA,KAAW;AACrF,MAAA,MAAM,QAAA,GAAW,YAAY,OAAO,CAAA;AACpC,MAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,IAAA,CAAK,SAAS,EAAE,QAAA,CAAS,IAAA;AAEtD,MAAA,MAAMA,eAAAA,GAAiB,IAAI,IAAA,CAAK,EAAA,CAAG,cAAA;AAAA,QACjC,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU;AAAA,YACR,IAAA;AAAA,YACA,SAAA,EAAW;AAAA;AACb,SACF;AAAA,QACA,EAAE,QAAA;AAAS,OACb;AAEA,MAAA,MAAM,WAAA,GAAc,IAAI,IAAA,CAAK,EAAA,CAAG,WAAA;AAAA,QAC9B,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU;AAAA,YACR,IAAA,EAAM,WAAA,CAAA,GAAA,EAAiB,aAAa,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,YAC5C,WAAA,EAAa;AAAA,cACX,2BAAA,EAA6B,WAAA,CAAA,6CAAA,EAA2D,IAAI,CAAA,oBAAA,EAAuB,aAAa,CAAA,EAAA;AAAA;AAClI,WACF;AAAA,UACA,OAAO,MAAA,CAAO;AAAA,YACZ,KAAA,EAAO,eAAA,CAAgB,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK,CAAA;AAAA,YAC5C,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa;AAAC,WAC/B,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,KAAA,EAAO,SAAA,EAAU,KAAM,cAAA,CAAe,KAAA,EAAO,SAAS,CAAC;AAAA,SACrE;AAAA,QACA,EAAE,QAAA;AAAS,OACb;AAEA,MAAA,MAAM,iBAAA,GAAoB,CAAC,SAAA,KAA6B;AACtD,QAAA,OAAO,IAAI,KAAK,EAAA,CAAG,WAAA;AAAA,UACjB,IAAA;AAAA,UACA;AAAA,YACE,QAAA,EAAU,EAAE,IAAA,EAAM,SAAA,EAAU;AAAA,YAC5B,OAAA,EAAS;AAAA,cACP,IAAA,EAAM,aAAA;AAAA,cACN,IAAA,EAAM,YAAY,QAAA,CAAS,IAAA;AAAA,cAC3B,QAAA,EAAU;AAAA,aACZ;AAAA,YACA,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,gBAAA;AAAA,gBACN,IAAA,EAAMA,gBAAe,QAAA,CAAS,IAAA;AAAA,gBAC9B,SAAA,EAAW;AAAA;AACb;AACF,WACF;AAAA,UACA,EAAE,QAAA;AAAS,SACb;AAAA,MACF,CAAA;AAEA,MAAA,IAAI,KAAK,WAAA,EAAa;AACpB,QAAA,IAAI,KAAK,EAAA,CAAG,kBAAA;AAAA,UACV,IAAA;AAAA,UACA;AAAA,YACE,QAAA,EAAU,EAAE,IAAA,EAAK;AAAA,YACjB,OAAA,EAAS;AAAA,cACP,IAAA,EAAM,aAAA;AAAA,cACN,IAAA,EAAM,YAAY,QAAA,CAAS,IAAA;AAAA,cAC3B,QAAA,EAAU;AAAA,aACZ;AAAA,YACA,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,gBAAA;AAAA,gBACN,IAAA,EAAMA,gBAAe,QAAA,CAAS,IAAA;AAAA,gBAC9B,SAAA,EAAW;AAAA;AACb;AACF,WACF;AAAA,UACA,EAAE,QAAA;AAAS,SACb;AAAA,MACF,CAAA,MAAO;AACL,QAAA,IAAI,IAAA,CAAK,yBAAyB,KAAA,EAAO;AACvC,UAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,QACjC;AAEA,QAAA,MAAA,CAAO,IAAA,CAAK,eAAA,IAAmB,EAAE,CAAA,CAC9B,KAAA,CAAM,GAAA,CAAI,gBAAgB,CAAC,CAAA,CAC3B,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAC,CAAA;AAAA,MACjC;AAEA,MAAA,OAAO,EAAE,cAAA,EAAAA,eAAAA,EAAgB,UAAA,EAAY,QAAQ,UAAA,EAAW;AAAA,IAC1D,CAAC,CAAA;AAED,IAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,IAAI,CAAA,MAAA,CAAA,EAAU;AAAA,MACvD,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,qCAAA;AAAA,MACN,QAAA,EAAU;AAAA,QACR,WAAA,EAAa;AAAA,UACX,oCAAA,EAAsC,eAAe,QAAA,CAAS;AAAA;AAChE;AACF,KACD,CAAA;AAED,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO;AAAA,MACpB,OAAA,EAAS,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA;AAAA,MAChC,UAAA;AAAA,MACA,QAAA,EAAU,iBAAA,CAAkB,QAAA,CAAS,OAAO,CAAA;AAAA,MAC5C,cAAA,EAAgB,eAAe,QAAA,CAAS;AAAA,KACzC,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,OAAA,EAAS,UAAA,EAAAC,WAAAA,EAAY,QAAA,EAAU,cAAA,EAAAD,eAAAA,EAAe,KAAM;AAC9D,MAAA,MAAM,MAAA,GAAS,IAAI,UAAA,EAAW;AAC9B,MAAA,MAAA,CAAO,eAAeC,WAAU,CAAA;AAGhC,MAAA,MAAA,CAAO,QAAQ,EAAC;AAChB,MAAA,MAAA,CAAO,WAAW,EAAC;AAEnB,MAAA,MAAA,CAAO,QAAQ,EAAE,IAAA,EAAMD,eAAAA,EAAgB,KAAA,EAAO,UAAU,CAAA;AAExD,MAAA,MAAA,CAAO,UAAA,CAAW;AAAA,QAChB,IAAA,EAAM,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,CAAE,IAAA;AAAA,QACzB,OAAA,EAAS,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,CAAE,IAAA;AAAA,QAC5B,IAAA,EAAMA;AAAA,OACP,CAAA;AAED,MAAA,MAAA,CAAO,iBAAA,CAAkB,MAAA,CAAO,QAAA,CAAS,CAAC,EAAE,IAAI,CAAA;AAEhD,MAAA,OAAO;AAAA,QACL,GAAG,OAAA;AAAA,QACH,YAAY,SAAA,CAAU,IAAA,CAAK,MAAM,MAAA,CAAO,YAAA,EAAc,CAAC;AAAA,OACzD;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AACF;AAEA,eAAe,cAAA,CACb,OACA,SAAA,EAC2C;AAC3C,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,MAAM,SAAS,MAAM,SAAA;AAAA,MACnB,QAAA,YAAoB,kBAAA,GAAqB,QAAA,CAAS,MAAA,GAAS;AAAA,KAC7D;AAEA,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,UAAA,CAAW,QAAA,CAAS,GAAG,CAAA,GAC3C,MAAA,CAAO,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,GAC9B,EAAA;AAEJ,IAAA,MAAM,kBAAA,GAAqB,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA,CAAA,CAAA;AAEvD,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,IAAA,CAAK,CAAA,IAAA,KAAQ;AACtC,MAAA,MAAM,cAAA,GAAiB,KAAK,SAAA,EAAW,MAAA,KAAW,KAAK,IAAA,CAAK,SAAA,CAAU,CAAC,CAAA,KAAM,QAAA;AAC7E,MAAA,MAAM,cAAA,GACJ,KAAK,SAAA,EAAW,MAAA,KAAW,KAAK,IAAA,CAAK,SAAA,CAAU,CAAC,CAAA,KAAM,kBAAA;AAExD,MAAA,OAAO,cAAA,IAAkB,cAAA;AAAA,IAC3B,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA;AAAA,IACF;AAEA,IAAA,YAAA,CAAa,gBAAgB,MAAM,SAAA;AAAA,MACjC,MAAA,CAAO;AAAA;AAAA,QAEL,GAAI,YAAA,CAAa,aAAA,IAAiB,EAAC;AAAA,QACnC,OAAO,QAAA,CAAS;AAAA,OACjB;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT","file":"chunk-KMLRI5UZ.js","sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport type { Namespace } from \"./namespace\"\nimport {\n  ComponentResource,\n  type ComponentResourceOptions,\n  type Input,\n  type InputArray,\n  interpolate,\n  normalizeInputs,\n  type Output,\n  output,\n  toPromise,\n  type Unwrap,\n} from \"@highstate/pulumi\"\nimport { KubeConfig } from \"@kubernetes/client-node\"\nimport { core, rbac, type types } from \"@pulumi/kubernetes\"\nimport { map, unique } from \"remeda\"\nimport { stringify } from \"yaml\"\nimport { Secret } from \"./secret\"\nimport {\n  getNamespaceName,\n  getProvider,\n  NamespacedResource,\n  type NamespaceLike,\n  type Resource,\n} from \"./shared\"\n\nexport type ClusterAccessScopeArgs = {\n  /**\n   * The namespace to create the ServiceAccount in.\n   */\n  namespace: Input<Namespace>\n\n  /**\n   * The RBAC rule to apply to the `ServiceAccount`.\n   *\n   * It will be used to create ClusterRole.\n   */\n  rule?: Input<types.input.rbac.v1.PolicyRule>\n\n  /**\n   * The RBAC rules to apply to the `ServiceAccount`.\n   *\n   * It will be used to create `ClusterRole`.\n   */\n  rules?: InputArray<types.input.rbac.v1.PolicyRule>\n\n  /**\n   * Whether to allow the `ServiceAccount` to access resources in the namespace where it is created.\n   *\n   * By default, it is set to `true`.\n   */\n  allowOriginNamespace?: boolean\n\n  /**\n   * The extra namespaces to bind to the `ClusterRole` and allow `ServiceAccount` to access them\n   * with specified `rules`.\n   */\n  extraNamespaces?: InputArray<NamespaceLike>\n\n  /**\n   * Whether to create `ClusterRoleBinding` instead of `RoleBinding` to allow cluster-wide access.\n   *\n   * This will allow the `ServiceAccount` to access all namespaces and cluster resources.\n   */\n  clusterWide?: boolean\n\n  /**\n   * The extra resources to merge into passed rules.\n   *\n   * Resources will be merged into rule `resourceNames` if they exactly match rule's `apiGroups` and `resources`.\n   * If rule specifies multiple apiGroups or resources, resources will not be merged into it.\n   */\n  resources?: InputArray<Resource | k8s.Resource>\n}\n\nexport class ClusterAccessScope extends ComponentResource {\n  /**\n   * The cluster entity with the reduced access.\n   */\n  readonly cluster: Output<k8s.Cluster>\n\n  constructor(name: string, args: ClusterAccessScopeArgs, opts?: ComponentResourceOptions) {\n    super(\"highstate:k8s:ClusterAccessScope\", name, args, opts)\n\n    const { serviceAccount, kubeconfig } = output(args.namespace).cluster.apply(cluster => {\n      const provider = getProvider(cluster)\n      const namespaceName = output(args.namespace).metadata.name\n\n      const serviceAccount = new core.v1.ServiceAccount(\n        name,\n        {\n          metadata: {\n            name,\n            namespace: namespaceName,\n          },\n        },\n        { provider },\n      )\n\n      const clusterRole = new rbac.v1.ClusterRole(\n        name,\n        {\n          metadata: {\n            name: interpolate`hs.${namespaceName}.${name}`,\n            annotations: {\n              \"kubernetes.io/description\": interpolate`Created by Highstate for the ServiceAccount \"${name}\" in the namespace \"${namespaceName}\".`,\n            },\n          },\n          rules: output({\n            rules: normalizeInputs(args.rule, args.rules),\n            resources: args.resources ?? [],\n          }).apply(({ rules, resources }) => mergeResources(rules, resources)),\n        },\n        { provider },\n      )\n\n      const createRoleBinding = (namespace: Input<string>) => {\n        return new rbac.v1.RoleBinding(\n          name,\n          {\n            metadata: { name, namespace },\n            roleRef: {\n              kind: \"ClusterRole\",\n              name: clusterRole.metadata.name,\n              apiGroup: \"rbac.authorization.k8s.io\",\n            },\n            subjects: [\n              {\n                kind: \"ServiceAccount\",\n                name: serviceAccount.metadata.name,\n                namespace: namespaceName,\n              },\n            ],\n          },\n          { provider },\n        )\n      }\n\n      if (args.clusterWide) {\n        new rbac.v1.ClusterRoleBinding(\n          name,\n          {\n            metadata: { name },\n            roleRef: {\n              kind: \"ClusterRole\",\n              name: clusterRole.metadata.name,\n              apiGroup: \"rbac.authorization.k8s.io\",\n            },\n            subjects: [\n              {\n                kind: \"ServiceAccount\",\n                name: serviceAccount.metadata.name,\n                namespace: namespaceName,\n              },\n            ],\n          },\n          { provider },\n        )\n      } else {\n        if (args.allowOriginNamespace !== false) {\n          createRoleBinding(namespaceName)\n        }\n\n        output(args.extraNamespaces ?? [])\n          .apply(map(getNamespaceName))\n          .apply(map(createRoleBinding))\n      }\n\n      return { serviceAccount, kubeconfig: cluster.kubeconfig }\n    })\n\n    const accessTokenSecret = Secret.create(`${name}-token`, {\n      namespace: args.namespace,\n      type: \"kubernetes.io/service-account-token\",\n      metadata: {\n        annotations: {\n          \"kubernetes.io/service-account.name\": serviceAccount.metadata.name,\n        },\n      },\n    })\n\n    this.cluster = output({\n      cluster: output(args.namespace).cluster,\n      kubeconfig,\n      newToken: accessTokenSecret.getValue(\"token\"),\n      serviceAccount: serviceAccount.metadata.name,\n    }).apply(({ cluster, kubeconfig, newToken, serviceAccount }) => {\n      const config = new KubeConfig()\n      config.loadFromString(kubeconfig)\n\n      // clear all existing contexts and users\n      config.users = []\n      config.contexts = []\n\n      config.addUser({ name: serviceAccount, token: newToken })\n\n      config.addContext({\n        name: config.clusters[0].name,\n        cluster: config.clusters[0].name,\n        user: serviceAccount,\n      })\n\n      config.setCurrentContext(config.clusters[0].name)\n\n      return {\n        ...cluster,\n        kubeconfig: stringify(JSON.parse(config.exportConfig())),\n      }\n    })\n  }\n}\n\nasync function mergeResources(\n  rules: Unwrap<types.input.rbac.v1.PolicyRule>[],\n  resources: (Resource | k8s.Resource)[],\n): Promise<types.input.rbac.v1.PolicyRule[]> {\n  for (const resource of resources) {\n    const entity = await toPromise(\n      resource instanceof NamespacedResource ? resource.entity : resource,\n    )\n\n    const apiGroup = entity.apiVersion.includes(\"/\") // e.g., \"apps/v1\"\n      ? entity.apiVersion.split(\"/\")[0]\n      : \"\"\n\n    const resourceCollection = `${entity.kind.toLowerCase()}s`\n\n    const matchingRule = rules.find(rule => {\n      const apiGroupsMatch = rule.apiGroups?.length === 1 && rule.apiGroups[0] === apiGroup\n      const resourcesMatch =\n        rule.resources?.length === 1 && rule.resources[0] === resourceCollection\n\n      return apiGroupsMatch && resourcesMatch\n    })\n\n    if (!matchingRule) {\n      continue\n    }\n\n    matchingRule.resourceNames = await toPromise(\n      unique([\n        //\n        ...(matchingRule.resourceNames ?? []),\n        entity.metadata.name,\n      ]),\n    )\n  }\n\n  return rules\n}\n"]}

package/dist/chunk-LGHFSXNT.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/cluster.ts"],"names":[],"mappings":";;;;;;AAOA,eAAsB,iBAAA,CACpB,YACA,iBAAA,EAC4B;AAC5B,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,QAAA,EAAS;AAErC,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,OAAA,CAAQ,CAAA,IAAA,KAAQ;AACjC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAE7C,IAAA,MAAM,aAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW,OAAA,CAAQ,SAAS,YAAY,CAAA;AAC1E,IAAA,MAAM,aAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW,OAAA,CAAQ,SAAS,YAAY,CAAA;AAE1E,IAAA,MAAM,eAAA,GAAkB,UAAA,GAAa,YAAA,CAAa,UAAA,CAAW,OAAO,CAAA,GAAI,MAAA;AACxE,IAAA,MAAM,eAAA,GAAkB,UAAA,GAAa,YAAA,CAAa,UAAA,CAAW,OAAO,CAAA,GAAI,MAAA;AAExE,IAAA,MAAM,SAA4B,EAAC;AAEnC,IAAA,IAAI,eAAA,EAAiB;AACnB,MAAA,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,IAC7B;AAEA,IAAA,IAAI,eAAA,IAAmB,sBAAsB,QAAA,EAAU;AACrD,MAAA,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,IAC7B;AAEA,IAAA,IAAI,mBAAmB,iBAAA,KAAsB,QAAA,IAAY,CAAC,gBAAA,CAAiB,eAAe,CAAA,EAAG;AAC3F,MAAA,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,IAC7B;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AACH;AAEO,SAAS,kBAAkB,UAAA,EAAiD;AACjF,EAAA,OAAO,MAAA,CAAO;AAAA,IACZ,IAAA,EAAM,YAAA;AAAA,IAEN,IAAA,EAAM;AAAA,MACJ,KAAA,EAAO,oBAAA;AAAA,MACP,WAAA,EAAa,2CAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACR;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,KAAA,EAAO,cAAA,CAAO,kBAAkB,CAAA,CAAE,KAAA;AAAA,MAClC,OAAA,EAAS,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAA,MAE/B,KAAA,EAAO;AAAA,QACL,eAAe,cAAA,CAAe,YAAA,EAAc,YAAY,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,QAE1E,aAAA,EAAe,cAAA;AAAA,UACb,YAAA;AAAA,UACA,IAAA;AAAA;AAAA;;AAAA;AAAA;;AAAA;AAAA,UAAA;AAAA;AASF,OACF;AAAA,MAEA,GAAA,EAAK;AAAA,QACH,UAAA,EAAY;AAAA;AACd;AACF,GACD,CAAA;AACH","file":"chunk-LGHFSXNT.js","sourcesContent":["import type { k8s, network } from \"@highstate/library\"\nimport { isPrivateAddress, parseAddress } from \"@highstate/common\"\nimport { text, type UnitTerminal } from \"@highstate/contract\"\nimport { fileFromString, type Input, type Output, output } from \"@highstate/pulumi\"\nimport { CoreV1Api, type KubeConfig } from \"@kubernetes/client-node\"\nimport { images } from \"./shared\"\n\nexport async function detectExternalIps(\n  kubeConfig: KubeConfig,\n  internalIpsPolicy: k8s.InternalIpsPolicy,\n): Promise<network.Address[]> {\n  const nodeApi = kubeConfig.makeApiClient(CoreV1Api)\n  const nodes = await nodeApi.listNode()\n\n  return nodes.items.flatMap(node => {\n    const addresses = node.status?.addresses ?? []\n\n    const externalIp = addresses.find(address => address.type === \"ExternalIP\")\n    const internalIp = addresses.find(address => address.type === \"InternalIP\")\n\n    const externalAddress = externalIp ? parseAddress(externalIp.address) : undefined\n    const internalAddress = internalIp ? parseAddress(internalIp.address) : undefined\n\n    const result: network.Address[] = []\n\n    if (externalAddress) {\n      result.push(externalAddress)\n    }\n\n    if (internalAddress && internalIpsPolicy === \"always\") {\n      result.push(internalAddress)\n    }\n\n    if (internalAddress && internalIpsPolicy === \"public\" && !isPrivateAddress(internalAddress)) {\n      result.push(internalAddress)\n    }\n\n    return result\n  })\n}\n\nexport function createK8sTerminal(kubeconfig: Input<string>): Output<UnitTerminal> {\n  return output({\n    name: \"management\",\n\n    meta: {\n      title: \"Cluster Management\",\n      description: \"Manage the cluster using kubectl and helm\",\n      icon: \"devicon:kubernetes\",\n    },\n\n    spec: {\n      image: images[\"terminal-kubectl\"].image,\n      command: [\"bash\", \"/welcome.sh\"],\n\n      files: {\n        \"/kubeconfig\": fileFromString(\"kubeconfig\", kubeconfig, { isSecret: true }),\n\n        \"/welcome.sh\": fileFromString(\n          \"welcome.sh\",\n          text`\n            echo \"Connecting to the cluster...\"\n            kubectl cluster-info\n\n            echo \"Use 'kubectl' and 'helm' to manage the cluster.\"\n            echo\n\n            exec bash\n          `,\n        ),\n      },\n\n      env: {\n        KUBECONFIG: \"/kubeconfig\",\n      },\n    },\n  })\n}\n"]}