npm - @highstate/k8s - Versions diffs - 0.20.0 → 0.21.1 - Mend

@highstate/k8s 0.20.0 → 0.21.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/chunk-23vn2rdc.js +11 -0
package/dist/chunk-2pfx13ay.js +11 -0
package/dist/chunk-46ntav0c.js +299 -0
package/dist/chunk-556pc9e6.js +155 -0
package/dist/chunk-7kgjgcft.js +170 -0
package/dist/{chunk-ADHZK6V2.js → chunk-9hs97f1q.js} +13 -11
package/dist/chunk-aame3x1b.js +11 -0
package/dist/chunk-b05q6fm2.js +37 -0
package/dist/chunk-bmvc9d2d.js +11 -0
package/dist/chunk-de82bbp2.js +7 -0
package/dist/chunk-facs31cb.js +624 -0
package/dist/chunk-h1b79v66.js +1425 -0
package/dist/chunk-k4w9zpn5.js +215 -0
package/dist/chunk-pqc6w52f.js +352 -0
package/dist/chunk-qyshvz32.js +176 -0
package/dist/chunk-tpfyj6fe.js +199 -0
package/dist/chunk-z6bmpnm7.js +180 -0
package/dist/highstate.manifest.json +3 -3
package/dist/impl/dynamic-endpoint-resolver.js +82 -81
package/dist/impl/gateway-route.js +131 -168
package/dist/impl/tls-certificate.js +31 -32
package/dist/index.js +245 -201
package/dist/units/cert-manager/index.js +19 -13
package/dist/units/cluster-patch/index.js +9 -8
package/dist/units/dns01-issuer/index.js +44 -41
package/dist/units/existing-cluster/index.js +25 -13
package/dist/units/gateway-api/index.js +15 -16
package/dist/units/reduced-access-cluster/index.js +28 -32
package/package.json +21 -21
package/src/cron-job.ts +26 -1
package/src/deployment.ts +17 -1
package/src/job.ts +15 -1
package/src/scripting/bundle.ts +21 -98
package/src/scripting/environment.ts +2 -9
package/src/shared.ts +1 -1
package/src/stateful-set.ts +17 -1
package/src/workload.ts +31 -14
package/LICENSE +0 -21
package/dist/chunk-23X5SXQG.js +0 -301
package/dist/chunk-23X5SXQG.js.map +0 -1
package/dist/chunk-ADHZK6V2.js.map +0 -1
package/dist/chunk-BTAEFJ5N.js +0 -291
package/dist/chunk-BTAEFJ5N.js.map +0 -1
package/dist/chunk-HH2JJELM.js +0 -13
package/dist/chunk-HH2JJELM.js.map +0 -1
package/dist/chunk-IXE3OKB4.js +0 -249
package/dist/chunk-IXE3OKB4.js.map +0 -1
package/dist/chunk-OG2OPX7B.js +0 -333
package/dist/chunk-OG2OPX7B.js.map +0 -1
package/dist/chunk-P26SQ2ZB.js +0 -393
package/dist/chunk-P26SQ2ZB.js.map +0 -1
package/dist/chunk-PG27ZY2H.js +0 -319
package/dist/chunk-PG27ZY2H.js.map +0 -1
package/dist/chunk-PZYGZSN5.js +0 -54
package/dist/chunk-PZYGZSN5.js.map +0 -1
package/dist/chunk-S77TE7UC.js +0 -309
package/dist/chunk-S77TE7UC.js.map +0 -1
package/dist/chunk-SZKOAHNX.js +0 -1804
package/dist/chunk-SZKOAHNX.js.map +0 -1
package/dist/chunk-TOLFVF4S.js +0 -889
package/dist/chunk-TOLFVF4S.js.map +0 -1
package/dist/chunk-TVKT3ZYX.js +0 -423
package/dist/chunk-TVKT3ZYX.js.map +0 -1
package/dist/cron-job-RKB2HYTO.js +0 -7
package/dist/cron-job-RKB2HYTO.js.map +0 -1
package/dist/deployment-T35TUOL2.js +0 -7
package/dist/deployment-T35TUOL2.js.map +0 -1
package/dist/impl/dynamic-endpoint-resolver.js.map +0 -1
package/dist/impl/gateway-route.js.map +0 -1
package/dist/impl/tls-certificate.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/job-PE4AKOHB.js +0 -7
package/dist/job-PE4AKOHB.js.map +0 -1
package/dist/stateful-set-LUIRHQJY.js +0 -7
package/dist/stateful-set-LUIRHQJY.js.map +0 -1
package/dist/units/cert-manager/index.js.map +0 -1
package/dist/units/cluster-patch/index.js.map +0 -1
package/dist/units/dns01-issuer/index.js.map +0 -1
package/dist/units/existing-cluster/index.js.map +0 -1
package/dist/units/gateway-api/index.js.map +0 -1
package/dist/units/reduced-access-cluster/index.js.map +0 -1

package/dist/chunk-TOLFVF4S.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../assets/images.json","../src/shared.ts","../src/rbac.ts","../src/namespace.ts","../src/secret.ts"],"names":["terminal-kubectl","worker.k8s-monitor","file","cluster","entity","ComponentResource","output","serviceAccount","core","kubeconfig","toPromise","makeEntityOutput","k8s","getOrCreate","secret","interpolate"],"mappings":";;;;;;;;;;AAAA,IAAA,cAAA,GAAA;AAAA,QAAA,CAAA,cAAA,EAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,OAAA,EAAA,MAAA,cAAA;AAAA,EAAA,kBAAA,EAAA,MAAAA,gBAAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,oBAAA,EAAA,MAAAC;AAAA,CAAA,CAAA;AACE,IAAAD,gBAAAA,GAAoB;AAAA,EAClB,IAAA,EAAQ,iDAAA;AAAA,EACR,GAAA,EAAO,QAAA;AAAA,EACP,KAAA,EAAS;AACX,CAAA;AACA,IAAAC,kBAAAA,GAAsB;AAAA,EACpB,IAAA,EAAQ,mDAAA;AAAA,EACR,GAAA,EAAO,OAAA;AAAA,EACP,KAAA,EAAS;AACX,CAAA;AACA,IAAA,MAAA,GAAU;AAAA,EACR,IAAA,EAAQ,QAAA;AAAA,EACR,GAAA,EAAO,QAAA;AAAA,EACP,KAAA,EAAS;AACX,CAAA;AACA,IAAA,MAAA,GAAU;AAAA,EACR,IAAA,EAAQ,QAAA;AAAA,EACR,GAAA,EAAO,QAAA;AAAA,EACP,KAAA,EAAS;AACX,CAAA;AApBF,IAAA,cAAA,GAAA;AAAA,EACE,kBAAA,EAAAD,gBAAAA;AAAA,EAKA,oBAAA,EAAAC,kBAAAA;AAAA,EAKA,MAAA;AAAA,EAKA;AAKF,CAAA;ACJA,IAAM,SAAA,uBAAgB,GAAA,EAAqC;AAEpD,SAAS,YAAY,OAAA,EAAgC;AAC1D,EAAA,MAAM,OAAO,CAAA,EAAG,OAAA,CAAQ,IAAI,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA,CAAA;AACpD,EAAA,MAAM,QAAA,GAAW,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AACnC,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAA,CAAQ,IAAA,KAAS,iBAAA,EAAmB;AACzD,IAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,EACtF;AAEA,EAAA,MAAM,QAAA,GAAW,IAAI,QAAA,CAAS,IAAA,EAAM;AAAA,IAClC,YAAY,MAAA,CAAO,OAAA,CAAQ,UAAA,CAAW,OAAA,CAAQ,MAAM,KAAK;AAAA,GAC1D,CAAA;AACD,EAAA,SAAA,CAAU,GAAA,CAAI,MAAM,QAAQ,CAAA;AAE5B,EAAA,OAAO,QAAA;AACT;AAEA,eAAsB,iBAAiB,OAAA,EAAgD;AACrF,EAAA,MAAM,eAAA,GAAkB,MAAM,SAAA,CAAU,OAAO,CAAA;AAE/C,EAAA,OAAO,YAAY,eAAe,CAAA;AACpC;AAEO,SAAS,6BAA6B,IAAA,EAA0C;AACrF,EAAA,OAAO,MAAA,CAAO,IAAI,CAAA,CAAE,KAAA,CAAM,CAAAC,KAAAA,KAAQ;AAChC,IAAA,IAAIA,KAAAA,CAAK,OAAA,CAAQ,IAAA,KAAS,iBAAA,EAAmB;AAC3C,MAAA,MAAM,IAAI,MAAM,yEAAyE,CAAA;AAAA,IAC3F;AAEA,IAAA,OAAOA,KAAAA,CAAK,QAAQ,KAAA,CAAM,KAAA;AAAA,EAC5B,CAAC,CAAA;AACH;AAEO,SAAS,4BAA4B,OAAA,EAA6C;AACvF,EAAA,OAAO,MAAA,CAAO,OAAO,CAAA,CAAE,KAAA,CAAM,CAAAC,QAAAA,KAAW;AACtC,IAAA,IAAIA,QAAAA,CAAQ,UAAA,CAAW,OAAA,CAAQ,IAAA,KAAS,iBAAA,EAAmB;AACzD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,OAAOA,QAAAA,CAAQ,UAAA,CAAW,OAAA,CAAQ,KAAA,CAAM,KAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAqBO,IAAM,eAAA,GAAkB,CAAC,MAAA,EAAQ,WAAA,EAAa,UAAU;AAExD,SAAS,WAAA,CACd,MACA,YAAA,EACgD;AAChD,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,KAAA;AAAA,IAAM,cACjC,MAAA,CAAO;AAAA,MACL,GAAG,QAAA;AAAA,MACH,IAAA,EAAM,IAAA,CAAK,IAAA,IAAQ,QAAA,EAAU,IAAA,IAAQ,YAAA;AAAA,MACrC,SAAA,EACE,QAAA,EAAU,SAAA,KAAc,IAAA,CAAK,SAAA,GAAY,OAAO,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,CAAS,IAAA,GAAO,MAAA;AAAA,KACnF;AAAA,GACH;AACF;AAIO,SAAS,0BACd,QAAA,EACmC;AACnC,EAAA,IAAI,aAAA,IAAiB,QAAA,IAAY,kBAAA,IAAsB,QAAA,EAAU;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,WAAA,EAAa;AAAA,GACf;AACF;AAEO,SAAS,iBAAiB,SAAA,EAA0C;AACzE,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,SAAS,CAAA,EAAG;AACnC,IAAA,OAAO,UAAU,QAAA,CAAS,IAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,IAAA,CAAK,EAAA,CAAG,SAAA,CAAU,UAAA,CAAW,SAAS,CAAA,EAAG;AAC3C,IAAA,OAAO,UAAU,QAAA,CAAS,IAAA;AAAA,EAC5B;AAEA,EAAA,OAAO,OAAO,SAAS,CAAA;AACzB;AAEO,SAAS,2BACd,SAAA,EACmC;AACnC,EAAA,OAAO;AAAA,IACL,WAAA,EAAa;AAAA,MACX,6BAAA,EAA+B;AAAA;AACjC,GACF;AACF;AAEO,SAAS,eAAA,CACd,QACA,OAAA,EACoB;AACpB,EAAA,OAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAAC,OAAAA,EAAQ,OAAA,EAAAD,UAAQ,KAAM;AAChE,IAAA,IAAIC,OAAAA,CAAO,SAAA,KAAcD,QAAAA,CAAQ,EAAA,EAAI;AACnC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,qBAAA,EAAwBC,OAAAA,CAAO,IAAI,CAAA,EAAA,EAAKA,OAAAA,CAAO,QAAA,CAAS,IAAI,CAAA,IAAA,EAAOA,OAAAA,CAAO,SAAS,CAAA,MAAA,EAASD,QAAAA,CAAQ,EAAE,CAAA,CAAA;AAAA,OACxG;AAAA,IACF;AAEA,IAAA,OAAOA,QAAAA;AAAA,EACT,CAAC,CAAA;AACH;AASO,IAAe,QAAA,GAAf,cAAgC,iBAAA,CAAkB;AAAA,EAgB7C,YACR,IAAA,EACA,IAAA,EACA,IAAA,EACA,IAAA,EAKS,SAKA,QAAA,EACT;AACA,IAAA,KAAA,CAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAPnB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAKA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EA7BA,OAAgB,UAAA;AAAA;AAAA;AAAA;AAAA,EAKhB,OAAgB,IAAA;AAAA;AAAA;AAAA;AAAA,EAKhB,OAAgB,YAAA,GAAwB,KAAA;AAAA;AAAA;AAAA;AAAA,EAwBxC,IAAI,UAAA,GAAa;AACf,IAAA,OAAQ,KAAK,WAAA,CAAgC,UAAA;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAO;AACT,IAAA,OAAQ,KAAK,WAAA,CAAgC,IAAA;AAAA,EAC/C;AAAA,EAEA,IAAI,YAAA,GAAe;AACjB,IAAA,OAAQ,KAAK,WAAA,CAAgC,YAAA;AAAA,EAC/C;AAAA,EAEA,IAAc,UAAA,GAAa;AACzB,IAAA,OAAO;AAAA,MACL,SAAA,EAAW,KAAK,OAAA,CAAQ,EAAA;AAAA,MACxB,WAAA,EAAa,KAAK,OAAA,CAAQ,IAAA;AAAA,MAC1B,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,YAAA,EAAc,KAAA;AAAA,MACd,UAAU,IAAA,CAAK;AAAA,KACjB;AAAA,EACF;AACF;AAOO,IAAe,kBAAA,GAAf,cAA0C,QAAA,CAAS;AAAA,EAG9C,YACR,IAAA,EACA,IAAA,EACA,IAAA,EACA,IAAA,EACA,UAKS,SAAA,EACT;AACA,IAAA,KAAA,CAAM,MAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,CAAU,SAAS,QAAQ,CAAA;AAFhD,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAGX;AAAA,EAfA,OAAgB,YAAA,GAAe,IAAA;AAAA,EAsB/B,IAAc,UAAA,GAAa;AACzB,IAAA,OAAO;AAAA,MACL,SAAA,EAAW,KAAK,OAAA,CAAQ,EAAA;AAAA,MACxB,WAAA,EAAa,KAAK,OAAA,CAAQ,IAAA;AAAA,MAC1B,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,YAAA,EAAc,IAAA;AAAA,MACd,UAAU,IAAA,CAAK;AAAA,KACjB;AAAA,EACF;AACF;;;AC1LO,IAAM,kBAAA,GAAN,cAAiCE,iBAAAA,CAAkB;AAAA;AAAA;AAAA;AAAA,EAI/C,OAAA;AAAA,EAET,WAAA,CAAY,IAAA,EAAc,IAAA,EAA8B,IAAA,EAAiC;AACvF,IAAA,KAAA,CAAM,kCAAA,EAAoC,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAE1D,IAAA,MAAM,EAAE,cAAA,EAAgB,UAAA,EAAW,GAAIC,MAAAA,CAAO,KAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAM,CAAA,OAAA,KAAW;AACrF,MAAA,MAAM,QAAA,GAAW,YAAY,OAAO,CAAA;AACpC,MAAA,MAAM,aAAA,GAAgBA,MAAAA,CAAO,IAAA,CAAK,SAAS,EAAE,QAAA,CAAS,IAAA;AAEtD,MAAA,MAAMC,eAAAA,GAAiB,IAAIC,IAAAA,CAAK,EAAA,CAAG,cAAA;AAAA,QACjC,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU;AAAA,YACR,IAAA;AAAA,YACA,SAAA,EAAW;AAAA;AACb,SACF;AAAA,QACA,EAAE,QAAA;AAAS,OACb;AAEA,MAAA,MAAM,WAAA,GAAc,IAAI,IAAA,CAAK,EAAA,CAAG,WAAA;AAAA,QAC9B,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU;AAAA,YACR,IAAA,EAAM,WAAA,CAAA,GAAA,EAAiB,aAAa,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,YAC5C,WAAA,EAAa;AAAA,cACX,2BAAA,EAA6B,WAAA,CAAA,6CAAA,EAA2D,IAAI,CAAA,oBAAA,EAAuB,aAAa,CAAA,EAAA;AAAA;AAClI,WACF;AAAA,UACA,OAAOF,MAAAA,CAAO;AAAA,YACZ,KAAA,EAAO,eAAA,CAAgB,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK,CAAA;AAAA,YAC5C,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa;AAAC,WAC/B,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,KAAA,EAAO,SAAA,EAAU,KAAM,cAAA,CAAe,KAAA,EAAO,SAAS,CAAC;AAAA,SACrE;AAAA,QACA,EAAE,QAAA;AAAS,OACb;AAEA,MAAA,MAAM,iBAAA,GAAoB,CAAC,SAAA,KAA6B;AACtD,QAAA,OAAO,IAAI,KAAK,EAAA,CAAG,WAAA;AAAA,UACjB,IAAA;AAAA,UACA;AAAA,YACE,QAAA,EAAU,EAAE,IAAA,EAAM,SAAA,EAAU;AAAA,YAC5B,OAAA,EAAS;AAAA,cACP,IAAA,EAAM,aAAA;AAAA,cACN,IAAA,EAAM,YAAY,QAAA,CAAS,IAAA;AAAA,cAC3B,QAAA,EAAU;AAAA,aACZ;AAAA,YACA,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,gBAAA;AAAA,gBACN,IAAA,EAAMC,gBAAe,QAAA,CAAS,IAAA;AAAA,gBAC9B,SAAA,EAAW;AAAA;AACb;AACF,WACF;AAAA,UACA,EAAE,QAAA;AAAS,SACb;AAAA,MACF,CAAA;AAEA,MAAA,IAAI,KAAK,WAAA,EAAa;AACpB,QAAA,IAAI,KAAK,EAAA,CAAG,kBAAA;AAAA,UACV,IAAA;AAAA,UACA;AAAA,YACE,QAAA,EAAU,EAAE,IAAA,EAAK;AAAA,YACjB,OAAA,EAAS;AAAA,cACP,IAAA,EAAM,aAAA;AAAA,cACN,IAAA,EAAM,YAAY,QAAA,CAAS,IAAA;AAAA,cAC3B,QAAA,EAAU;AAAA,aACZ;AAAA,YACA,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,gBAAA;AAAA,gBACN,IAAA,EAAMA,gBAAe,QAAA,CAAS,IAAA;AAAA,gBAC9B,SAAA,EAAW;AAAA;AACb;AACF,WACF;AAAA,UACA,EAAE,QAAA;AAAS,SACb;AAAA,MACF,CAAA,MAAO;AACL,QAAA,IAAI,IAAA,CAAK,yBAAyB,KAAA,EAAO;AACvC,UAAA,iBAAA,CAAkB,aAAa,CAAA;AAAA,QACjC;AAEA,QAAAD,MAAAA,CAAO,IAAA,CAAK,eAAA,IAAmB,EAAE,CAAA,CAC9B,KAAA,CAAM,GAAA,CAAI,gBAAgB,CAAC,CAAA,CAC3B,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAC,CAAA;AAAA,MACjC;AAEA,MAAA,OAAO,EAAE,cAAA,EAAAC,eAAAA,EAAgB,UAAA,EAAY,QAAQ,UAAA,EAAW;AAAA,IAC1D,CAAC,CAAA;AAED,IAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,IAAI,CAAA,MAAA,CAAA,EAAU;AAAA,MACvD,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,qCAAA;AAAA,MACN,QAAA,EAAU;AAAA,QACR,WAAA,EAAa;AAAA,UACX,oCAAA,EAAsC,eAAe,QAAA,CAAS;AAAA;AAChE;AACF,KACD,CAAA;AAED,IAAA,IAAA,CAAK,UAAUD,MAAAA,CAAO;AAAA,MACpB,OAAA,EAASA,MAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA;AAAA,MAChC,UAAA;AAAA,MACA,QAAA,EAAU,iBAAA,CAAkB,QAAA,CAAS,OAAO,CAAA;AAAA,MAC5C,cAAA,EAAgB,eAAe,QAAA,CAAS,IAAA;AAAA,MACxC,gBAAA,EAAkB,eAAe,QAAA,CAAS;AAAA,KAC3C,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,OAAA,EAAS,UAAA,EAAAG,WAAAA,EAAY,QAAA,EAAU,cAAA,EAAAF,eAAAA,EAAgB,gBAAA,EAAiB,KAAM;AAChF,MAAA,IAAIE,WAAAA,CAAW,OAAA,CAAQ,IAAA,KAAS,iBAAA,EAAmB;AACjD,QAAA,MAAM,IAAI,MAAM,oEAAoE,CAAA;AAAA,MACtF;AAEA,MAAA,MAAM,MAAA,GAAS,IAAI,UAAA,EAAW;AAC9B,MAAA,MAAA,CAAO,cAAA,CAAeA,WAAAA,CAAW,OAAA,CAAQ,KAAA,CAAM,KAAK,CAAA;AAGpD,MAAA,MAAA,CAAO,QAAQ,EAAC;AAChB,MAAA,MAAA,CAAO,WAAW,EAAC;AAEnB,MAAA,MAAA,CAAO,QAAQ,EAAE,IAAA,EAAMF,eAAAA,EAAgB,KAAA,EAAO,UAAU,CAAA;AAExD,MAAA,MAAA,CAAO,UAAA,CAAW;AAAA,QAChB,IAAA,EAAM,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,CAAE,IAAA;AAAA,QACzB,OAAA,EAAS,MAAA,CAAO,QAAA,CAAS,CAAC,CAAA,CAAE,IAAA;AAAA,QAC5B,IAAA,EAAMA;AAAA,OACP,CAAA;AAED,MAAA,MAAA,CAAO,iBAAA,CAAkB,MAAA,CAAO,QAAA,CAAS,CAAC,EAAE,IAAI,CAAA;AAEhD,MAAA,OAAO;AAAA,QACL,GAAG,OAAA;AAAA,QACH,YAAA,EAAc,gBAAA;AAAA,QACd,YAAY,UAAA,CAAW;AAAA,UACrB,QAAQ,MAAA,CAAO,UAAA;AAAA,UACf,QAAA,EAAU,GAAG,gBAAgB,CAAA,WAAA,CAAA;AAAA,UAC7B,IAAA,EAAM;AAAA,YACJ,KAAA,EAAO,qBAAqBA,eAAc,CAAA;AAAA,WAC5C;AAAA,UACA,KAAA,EAAO;AAAA,YACL,OAAA,EAAS;AAAA,cACP,IAAA,EAAM,iBAAA;AAAA,cACN,KAAA,EAAO,OAAO,YAAA;AAAa,aAC7B;AAAA,YACA,IAAA,EAAM;AAAA,cACJ,IAAA,EAAM,YAAA;AAAA,cACN,WAAA,EAAa,WAAA;AAAA,cACb,IAAA,EAAM;AAAA;AACR;AACF,SACD;AAAA,OACH;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AACF;AAEA,eAAe,cAAA,CACb,OACA,SAAA,EAC2C;AAC3C,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,MAAM,SAAS,MAAMG,SAAAA;AAAA,MACnB,QAAA,YAAoB,kBAAA,GAAqB,QAAA,CAAS,MAAA,GAAS;AAAA,KAC7D;AAEA,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,UAAA,CAAW,QAAA,CAAS,GAAG,CAAA,GAC3C,MAAA,CAAO,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,GAC9B,EAAA;AAEJ,IAAA,MAAM,kBAAA,GAAqB,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA,CAAA,CAAA;AAEvD,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,IAAA,CAAK,CAAA,IAAA,KAAQ;AACtC,MAAA,MAAM,cAAA,GAAiB,KAAK,SAAA,EAAW,MAAA,KAAW,KAAK,IAAA,CAAK,SAAA,CAAU,CAAC,CAAA,KAAM,QAAA;AAC7E,MAAA,MAAM,cAAA,GACJ,KAAK,SAAA,EAAW,MAAA,KAAW,KAAK,IAAA,CAAK,SAAA,CAAU,CAAC,CAAA,KAAM,kBAAA;AAExD,MAAA,OAAO,cAAA,IAAkB,cAAA;AAAA,IAC3B,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA;AAAA,IACF;AAEA,IAAA,YAAA,CAAa,gBAAgB,MAAMA,SAAAA;AAAA,MACjC,MAAA,CAAO;AAAA;AAAA,QAEL,GAAI,YAAA,CAAa,aAAA,IAAiB,EAAC;AAAA,QACnC,OAAO,QAAA,CAAS;AAAA,OACjB;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;;;AClOO,IAAe,SAAA,GAAf,MAAe,UAAA,SAAkB,QAAA,CAAS;AAAA,EAW/C,WAAA,CACE,MACA,IAAA,EACA,IAAA,EACA,MAEA,OAAA,EACA,QAAA,EAKS,MAKA,MAAA,EACT;AACA,IAAA,KAAA,CAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAS,QAAQ,CAAA;AAPtC,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAKA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAGX;AAAA,EA9BA,OAAgB,UAAA,GAAa,IAAA;AAAA,EAC7B,OAAgB,IAAA,GAAO,WAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOvB,kBAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,IAAI,MAAA,GAAgC;AAClC,IAAA,OAAO,gBAAA,CAAiB;AAAA,MACtB,QAAQ,GAAA,CAAI,eAAA;AAAA,MACZ,QAAA,EAAU,KAAK,QAAA,CAAS,GAAA;AAAA,MACxB,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,KAAK,QAAA,CAAS;AAAA,OACvB;AAAA,MACA,KAAA,EAAO;AAAA,QACL,GAAG,IAAA,CAAK;AAAA;AACV,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,MAAA,CAAO,IAAA,EAAc,IAAA,EAAqB,IAAA,EAA4C;AAC3F,IAAA,OAAO,IAAI,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,IAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACW;AACX,IAAA,OAAO,IAAI,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,aAAa,WAAA,CACX,IAAA,EACA,IAAA,EACA,IAAA,EACoB;AACpB,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,MAAM,UAAA,CAAU,gBAAA,CAAiB,IAAA,CAAK,QAAA,EAAU,KAAK,OAAO,CAAA;AAAA,IACrE;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,MAAM,UAAA,CAAU,QAAA,CAAS,IAAA,CAAK,QAAA,EAAU,KAAK,OAAO,CAAA;AAAA,IAC7D;AAEA,IAAA,OAAO,IAAI,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,aAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACW;AACX,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAI,eAAe,IAAA,EAAM;AAAA,QAC9B,GAAG,IAAA;AAAA,QACH,IAAA,EAAMJ,QAAAA,CAAO,IAAA,CAAK,QAAQ,EAAE,QAAA,CAAS,SAAA;AAAA,QACrC,OAAA,EAAS,eAAA,CAAgB,IAAA,CAAK,QAAA,EAAU,KAAK,OAAO;AAAA,OACrD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAI,eAAe,IAAA,EAAM;AAAA,QAC9B,GAAG,IAAA;AAAA,QACH,IAAA,EAAMA,QAAAA,CAAO,IAAA,CAAK,QAAQ,EAAE,QAAA,CAAS,IAAA;AAAA,QACrC,OAAA,EAAS,eAAA,CAAgB,IAAA,CAAK,QAAA,EAAU,KAAK,OAAO;AAAA,OACrD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAI,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,KAAA,CAAM,IAAA,EAAc,IAAA,EAAqB,IAAA,EAA4C;AAC1F,IAAA,OAAO,IAAI,cAAA,CAAe,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,GAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACW;AACX,IAAA,OAAO,IAAI,iBAAA,CAAkB,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,OAAwB,cAAA,mBAAiB,IAAI,GAAA,EAAuB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAapE,OAAO,GAAA,CAAI,MAAA,EAAuB,OAAA,EAAwC;AACxE,IAAA,OAAO,WAAA;AAAA,MACL,UAAA,CAAU,cAAA;AAAA,MACV,CAAA,EAAG,OAAO,WAAW,CAAA,CAAA,EAAI,OAAO,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,MAAA,CAAO,SAAS,CAAA,CAAA;AAAA,MACjE,CAAA,IAAA,KAAQ;AACN,QAAA,OAAO,UAAA,CAAU,IAAI,IAAA,EAAM;AAAA,UACzB,IAAA,EAAM,OAAO,QAAA,CAAS,IAAA;AAAA,UACtB,OAAA,EAAS,eAAA,CAAgB,MAAA,EAAQ,OAAO;AAAA,SACzC,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,aAAa,QAAA,CACX,MAAA,EACA,OAAA,EACoB;AACpB,IAAA,MAAM,cAAA,GAAiB,MAAMI,SAAAA,CAAU,MAAM,CAAA;AAE7C,IAAA,OAAO,UAAA,CAAU,GAAA,CAAI,cAAA,EAAgB,OAAO,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,OAAO,WAAA,CAAY,QAAA,EAAkC,OAAA,EAAwC;AAC3F,IAAA,OAAO,WAAA;AAAA,MACL,UAAA,CAAU,cAAA;AAAA,MACV,CAAA,EAAG,SAAS,WAAW,CAAA,CAAA,EAAI,SAAS,QAAA,CAAS,SAAS,CAAA,CAAA,EAAI,QAAA,CAAS,SAAS,CAAA,CAAA;AAAA,MAC5E,CAAA,IAAA,KAAQ;AACN,QAAA,OAAO,UAAA,CAAU,IAAI,IAAA,EAAM;AAAA,UACzB,IAAA,EAAM,SAAS,QAAA,CAAS,SAAA;AAAA,UACxB,OAAA,EAAS,eAAA,CAAgB,QAAA,EAAU,OAAO;AAAA,SAC3C,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,aAAa,gBAAA,CACX,QAAA,EACA,OAAA,EACoB;AACpB,IAAA,MAAM,gBAAA,GAAmB,MAAMA,SAAAA,CAAU,QAAQ,CAAA;AAEjD,IAAA,OAAO,UAAA,CAAU,WAAA,CAAY,gBAAA,EAAkB,OAAO,CAAA;AAAA,EACxD;AACF;AAEA,SAAS,oBAAA,CACP,MACA,YAAA,EACgD;AAChD,EAAA,OAAO,WAAA,CAAY,IAAA,EAAM,YAAY,CAAA,CAAE,MAAM,CAAA,QAAA,KAAY;AACvD,IAAA,IAAI,KAAK,UAAA,EAAY;AACnB,MAAA,QAAA,CAAS,MAAA,GAAS;AAAA,QAChB,GAAG,QAAA,CAAS,MAAA;AAAA,QACZ,oCAAA,EAAsC;AAAA,OACxC;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAC,CAAA;AACH;AAEA,IAAM,gBAAA,GAAN,cAA+B,SAAA,CAAU;AAAA,EACvC,WAAA,CAAY,IAAA,EAAc,IAAA,EAAqB,IAAA,EAAiC;AAC9E,IAAA,MAAM,YAAYJ,QAAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,MAAM,CAAA,OAAA,KAAW;AACtD,MAAA,OAAO,IAAIE,KAAK,EAAA,CAAG,SAAA;AAAA,QACjB,IAAA;AAAA,QACA,EAAE,QAAA,EAAU,oBAAA,CAAqB,IAAA,EAAM,IAAI,CAAA,EAAE;AAAA,QAC7C,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,yBAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAF,QAAAA,CAAO,KAAK,OAAO,CAAA;AAAA,MACnB,SAAA,CAAU,QAAA;AAAA,MACV,SAAA,CAAU,IAAA;AAAA,MACV,SAAA,CAAU;AAAA,KACZ;AAEA,IAAA,MAAM,QAAQ,IAAI,kBAAA;AAAA,MAChB,GAAG,IAAI,CAAA,aAAA,CAAA;AAAA,MACP;AAAA,QACE,SAAA,EAAW,IAAA;AAAA,QACX,KAAA,EAAO;AAAA,UACL;AAAA,YACE,SAAA,EAAW,CAAC,EAAE,CAAA;AAAA,YACd,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,YACtB,KAAA,EAAO,CAAC,KAAK;AAAA,WACf;AAAA,UACA;AAAA,YACE,SAAA,EAAW,CAAC,EAAE,CAAA;AAAA,YACd,SAAA,EAAW,CAAC,MAAM,CAAA;AAAA,YAClB,KAAA,EAAO,CAAC,KAAA,EAAO,MAAM;AAAA,WACvB;AAAA,UACA;AAAA,YACE,SAAA,EAAW,CAAC,EAAE,CAAA;AAAA,YACd,SAAA,EAAW,CAAC,kBAAkB,CAAA;AAAA,YAC9B,KAAA,EAAO,CAAC,QAAQ;AAAA;AAClB;AACF,OACF;AAAA,MACA,EAAE,QAAQ,IAAA;AAAK,KACjB;AAEA,IAAA,IAAA,CAAK,qBAAqB,KAAA,CAAM,OAAA;AAAA,EAClC;AACF,CAAA;AAEA,IAAM,cAAA,GAAN,cAA6B,SAAA,CAAU;AAAA,EACrC,WAAA,CAAY,IAAA,EAAc,IAAA,EAAqB,IAAA,EAAiC;AAC9E,IAAA,MAAM,YAAYA,QAAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,MAAM,CAAA,OAAA,KAAW;AACtD,MAAA,OAAO,IAAIE,KAAK,EAAA,CAAG,cAAA;AAAA,QACjB,IAAA;AAAA,QACA,EAAE,QAAA,EAAU,oBAAA,CAAqB,IAAA,EAAM,IAAI,CAAA,EAAE;AAAA,QAC7C,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,8BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAF,QAAAA,CAAO,KAAK,OAAO,CAAA;AAAA,MACnB,SAAA,CAAU,QAAA;AAAA,MACV,SAAA,CAAU,IAAA;AAAA,MACV,SAAA,CAAU;AAAA,KACZ;AAAA,EACF;AACF,CAAA;AA0BA,IAAM,iBAAA,GAAN,cAAgC,SAAA,CAAU;AAAA,EACxC,WAAA,CAAY,IAAA,EAAc,IAAA,EAA6B,IAAA,EAAiC;AACtF,IAAA,MAAM,YAAYA,QAAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,MAAM,CAAA,OAAA,KAAW;AACtD,MAAA,OAAOE,KAAK,EAAA,CAAG,SAAA,CAAU,GAAA,CAAI,IAAA,EAAM,KAAK,IAAA,EAAM;AAAA,QAC5C,GAAG,IAAA;AAAA,QACH,MAAA,EAAQ,IAAA;AAAA,QACR,QAAA,EAAU,YAAY,OAAO;AAAA,OAC9B,CAAA;AAAA,IACH,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,iCAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAF,QAAAA,CAAO,KAAK,OAAO,CAAA;AAAA,MACnB,SAAA,CAAU,QAAA;AAAA,MACV,SAAA,CAAU,IAAA;AAAA,MACV,SAAA,CAAU;AAAA,KACZ;AAAA,EACF;AACF,CAAA;AAEA,IAAM,gBAAA,GAAN,cAA+B,SAAA,CAAU;AAAA,EACvC,WAAA,CAAY,IAAA,EAAc,IAAA,EAA4B,IAAA,EAAiC;AACrF,IAAA,KAAA;AAAA,MACE,gCAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MAEAA,QAAAA,CAAO,KAAK,OAAO,CAAA;AAAA,MACnBA,QAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA;AAAA,MACvBA,QAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,IAAA;AAAA,MACvBA,QAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE;AAAA,KACzB;AAAA,EACF;AACF,CAAA;;;AClZO,IAAe,MAAA,GAAf,MAAe,OAAA,SAAe,kBAAA,CAAmB;AAAA,EAI5C,WAAA,CACR,MACA,IAAA,EACA,IAAA,EACA,MAEA,QAAA,EACA,SAAA,EAKS,MAKA,UAAA,EACT;AACA,IAAA,KAAA,CAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,UAAU,SAAS,CAAA;AAPxC,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAKA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAAA,EAGX;AAAA,EAvBA,OAAO,UAAA,GAAa,IAAA;AAAA,EACpB,OAAO,IAAA,GAAO,QAAA;AAAA;AAAA;AAAA;AAAA,EA2Bd,IAAI,MAAA,GAA6B;AAC/B,IAAA,OAAOK,gBAAAA,CAAiB;AAAA,MACtB,QAAQC,GAAAA,CAAI,YAAA;AAAA,MACZ,QAAA,EAAU,KAAK,QAAA,CAAS,GAAA;AAAA,MACxB,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,KAAK,QAAA,CAAS;AAAA,OACvB;AAAA,MACA,KAAA,EAAO;AAAA,QACL,GAAG,IAAA,CAAK;AAAA;AACV,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,SAAS,GAAA,EAA6B;AACpC,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA,CAAE,KAAA,CAAM,CAAA,KAAA,KAAS,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,QAAQ,CAAA,CAAE,QAAA,EAAU,CAAA;AAAA,EAC9E;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,MAAA,CAAO,IAAA,EAAc,IAAA,EAAkB,IAAA,EAAyC;AACrF,IAAA,OAAO,IAAI,aAAA,CAAc,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,aAAA,CACL,IAAA,EACA,IAAA,EACA,IAAA,EACQ;AACR,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAI,YAAY,IAAA,EAAM;AAAA,QAC3B,GAAG,IAAA;AAAA,QACH,IAAA,EAAMN,MAAAA,CAAO,IAAA,CAAK,QAAQ,EAAE,QAAA,CAAS;AAAA,OACtC,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAI,aAAA,CAAc,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,aAAa,WAAA,CACX,IAAA,EACA,IAAA,EACA,IAAA,EACiB;AACjB,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,MAAM,QAAO,QAAA,CAAS,IAAA,CAAK,UAAUA,MAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAO,CAAA;AAAA,IAC5E;AAEA,IAAA,OAAO,IAAI,aAAA,CAAc,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,KAAA,CAAM,IAAA,EAAc,IAAA,EAAkB,IAAA,EAAyC;AACpF,IAAA,OAAO,IAAI,WAAA,CAAY,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,IAAA,CAAK,IAAA,EAAc,IAAA,EAAyB,IAAA,EAAyC;AAC1F,IAAA,OAAO,IAAI,aAAA,CAAc,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,GAAA,CAAI,IAAA,EAAc,IAAA,EAA0B,IAAA,EAAyC;AAC1F,IAAA,OAAO,IAAI,cAAA,CAAe,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC5C;AAAA,EAEA,OAAwB,WAAA,mBAAc,IAAI,GAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAa9D,OAAO,GAAA,CAAI,MAAA,EAAgC,OAAA,EAAqC;AAC9E,IAAA,OAAOO,WAAAA;AAAA,MACL,OAAA,CAAO,WAAA;AAAA,MACP,CAAA,EAAG,MAAA,CAAO,WAAW,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,OAAO,SAAS,CAAA,CAAA;AAAA,MAC9F,CAAA,IAAA,KAAQ;AACN,QAAA,OAAO,OAAA,CAAO,IAAI,IAAA,EAAM;AAAA,UACtB,IAAA,EAAM,OAAO,QAAA,CAAS,IAAA;AAAA,UACtB,SAAA,EAAW,SAAA,CAAU,WAAA,CAAY,MAAA,EAAQ,OAAO;AAAA,SACjD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,aAAa,QAAA,CACX,MAAA,EACA,OAAA,EACiB;AACjB,IAAA,MAAM,cAAA,GAAiB,MAAMH,SAAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,OAAO,OAAA,CAAO,GAAA,CAAI,cAAA,EAAgB,OAAO,CAAA;AAAA,EAC3C;AACF;AAEA,IAAM,aAAA,GAAN,cAA4B,MAAA,CAAO;AAAA,EACjC,WAAA,CAAY,IAAA,EAAc,IAAA,EAAkB,IAAA,EAAiC;AAC3E,IAAA,MAAMI,UAASR,MAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,OAAA,KAAW;AAC7D,MAAA,OAAO,IAAIE,KAAK,EAAA,CAAG,MAAA;AAAA,QACjB,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU,WAAA,CAAY,IAAA,EAAM,IAAI,CAAA;AAAA,UAChC,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,YAAY,IAAA,CAAK,UAAA;AAAA,UACjB,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA;AAAA,UACE,GAAG,IAAA;AAAA,UACH,MAAA,EAAQ,IAAA;AAAA,UACR,QAAA,EAAU,YAAY,OAAO;AAAA;AAC/B,OACF;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,sBAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAM,OAAAA,CAAO,QAAA;AAAA,MACPR,MAAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrBQ,OAAAA,CAAO,IAAA;AAAA,MACPA,OAAAA,CAAO;AAAA,KACT;AAAA,EACF;AACF,CAAA;AAEA,IAAM,WAAA,GAAN,cAA0B,MAAA,CAAO;AAAA,EAC/B,WAAA,CAAY,IAAA,EAAc,IAAA,EAAkB,IAAA,EAAiC;AAC3E,IAAA,MAAMA,UAASR,MAAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,OAAA,KAAW;AAC7D,MAAA,OAAO,IAAIE,KAAK,EAAA,CAAG,WAAA;AAAA,QACjB,IAAA;AAAA,QACA;AAAA,UACE,QAAA,EAAU,WAAA,CAAY,IAAA,EAAM,IAAI,CAAA;AAAA,UAChC,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,YAAY,IAAA,CAAK,UAAA;AAAA,UACjB,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA;AAAA,UACE,GAAG,IAAA;AAAA,UACH,MAAA,EAAQ,IAAA;AAAA,UACR,QAAA,EAAU,YAAY,OAAO;AAAA;AAC/B,OACF;AAAA,IACF,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,2BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAM,OAAAA,CAAO,QAAA;AAAA,MACPR,MAAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrBQ,OAAAA,CAAO,IAAA;AAAA,MACPA,OAAAA,CAAO;AAAA,KACT;AAAA,EACF;AACF,CAAA;AAcA,IAAM,aAAA,GAAN,cAA4B,MAAA,CAAO;AAAA,EACjC,WAAA,CAAY,IAAA,EAAc,IAAA,EAAyB,IAAA,EAAiC;AAClF,IAAA,KAAA;AAAA,MACE,6BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAR,MAAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,QAAA;AAAA,MACpBA,MAAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrBA,MAAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE,IAAA;AAAA,MACpBA,MAAAA,CAAO,IAAA,CAAK,MAAM,CAAA,CAAE;AAAA,KACtB;AAAA,EACF;AACF,CAAA;AAcA,IAAM,cAAA,GAAN,cAA6B,MAAA,CAAO;AAAA,EAClC,WAAA,CAAY,IAAA,EAAc,IAAA,EAA0B,IAAA,EAAiC;AACnF,IAAA,MAAMQ,OAAAA,GAASR,OAAO,IAAA,CAAK,SAAS,EAAE,OAAA,CAAQ,KAAA,CAAM,OAAM,OAAA,KAAW;AACnE,MAAA,MAAMQ,OAAAA,GAASN,IAAAA,CAAK,EAAA,CAAG,MAAA,CAAO,GAAA;AAAA,QAC5B,IAAA;AAAA,QACAO,WAAAA,CAAAA,EAAcT,OAAO,IAAA,CAAK,SAAS,EAAE,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAA;AAAA,QAC/D,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,MAAM,QAAA,EAAU,WAAA,CAAY,OAAO,CAAA;AAAE,OAC1D;AAGA,MAAA,MAAM,SAAA,GAAY,MAAMI,SAAAA,CAAUJ,MAAAA,CAAO,KAAK,SAAS,CAAA,CAAE,SAAS,IAAI,CAAA;AACtE,MAAA,MAAM,YAAA,GAAe,MAAMI,SAAAA,CAAU,IAAA,CAAK,IAAI,CAAA;AAC9C,MAAA,MAAM,QAAA,GAAW,MAAMA,SAAAA,CAAUI,OAAAA,CAAO,QAAQ,CAAA;AAChD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,OAAA,EAAU,YAAY,CAAA,cAAA,EAAiB,SAAS,CAAA,UAAA,CAAY,CAAA;AAAA,MAC9E;AAEA,MAAA,OAAOA,OAAAA;AAAA,IACT,CAAC,CAAA;AAED,IAAA,KAAA;AAAA,MACE,8BAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA;AAAA,MACAA,OAAAA,CAAO,QAAA;AAAA,MACPR,MAAAA,CAAO,KAAK,SAAS,CAAA;AAAA,MACrBQ,OAAAA,CAAO,IAAA;AAAA,MACPA,OAAAA,CAAO;AAAA,KACT;AAAA,EACF;AACF,CAAA","file":"chunk-TOLFVF4S.js","sourcesContent":["{\n \"terminal-kubectl\": {\n \"name\": \"ghcr.io/highstate-io/highstate/terminal.kubectl\",\n \"tag\": \"latest\",\n \"image\": \"ghcr.io/highstate-io/highstate/terminal.kubectl:latest@sha256:31cf095ec6acc0b3a5088c92483d88dc1e2e7dd7fcbf2ec8de29a0171debd8aa\"\n },\n \"worker.k8s-monitor\": {\n \"name\": \"ghcr.io/highstate-io/highstate/worker.k8s-monitor\",\n \"tag\": \"debug\",\n \"image\": \"ghcr.io/highstate-io/highstate/worker.k8s-monitor:debug@sha256:808eccda739d1e963d345a92612f3ca64ecf64de71a6010daa0e1fffbfc7aa5c\"\n },\n \"alpine\": {\n \"name\": \"alpine\",\n \"tag\": \"latest\",\n \"image\": \"alpine:latest@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659\"\n },\n \"ubuntu\": {\n \"name\": \"ubuntu\",\n \"tag\": \"latest\",\n \"image\": \"ubuntu:latest@sha256:84e77dee7d1bc93fb029a45e3c6cb9d8aa4831ccfcc7103d36e876938d28895b\"\n }\n}\n","import type { PartialKeys } from \"@highstate/contract\"\nimport type { common, k8s } from \"@highstate/library\"\nimport {\n ComponentResource,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n type Output,\n output,\n secret,\n toPromise,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { core, Provider, type types } from \"@pulumi/kubernetes\"\nimport * as images from \"../assets/images.json\"\nimport { Namespace } from \"./namespace\"\n\nconst providers = new Map<`${string}.${string}`, Provider>()\n\nexport function getProvider(cluster: k8s.Cluster): Provider {\n const name = `${cluster.name}.${cluster.connectionId}` as const\n const existing = providers.get(name)\n if (existing) {\n return existing\n }\n\n if (cluster.kubeconfig.content.type !== \"embedded-secret\") {\n throw new Error(\"Only embedded secrets are supported for cluster kubeconfig for now\")\n }\n\n const provider = new Provider(name, {\n kubeconfig: secret(cluster.kubeconfig.content.value.value),\n })\n providers.set(name, provider)\n\n return provider\n}\n\nexport async function getProviderAsync(cluster: Input<k8s.Cluster>): Promise<Provider> {\n const resolvedCluster = await toPromise(cluster)\n\n return getProvider(resolvedCluster)\n}\n\nexport function getEmbeddedSecretFileContent(file: Input<common.File>): Output<string> {\n return output(file).apply(file => {\n if (file.content.type !== \"embedded-secret\") {\n throw new Error(\"Only embedded-secret file contents are supported for kubeconfig for now\")\n }\n\n return file.content.value.value\n })\n}\n\nexport function getClusterKubeconfigContent(cluster: Input<k8s.Cluster>): Output<string> {\n return output(cluster).apply(cluster => {\n if (cluster.kubeconfig.content.type !== \"embedded-secret\") {\n throw new Error(\n \"Only embedded-secret file contents are supported for cluster kubeconfig for now\",\n )\n }\n\n return cluster.kubeconfig.content.value.value\n })\n}\n\nexport type NamespaceLike = core.v1.Namespace | Namespace | string\n\nexport type ScopedResourceArgs = {\n /**\n * The name of the resource.\n */\n name?: Input<string>\n\n /**\n * The namespace to create the resource in.\n */\n namespace: Input<Namespace>\n\n /**\n * The metadata to apply to the resource.\n */\n metadata?: Input<types.input.meta.v1.ObjectMeta>\n}\n\nexport const commonExtraArgs = [\"name\", \"namespace\", \"metadata\"] as const\n\nexport function mapMetadata(\n args: PartialKeys<ScopedResourceArgs, \"namespace\">,\n fallbackName?: string,\n): Output<Unwrap<types.input.meta.v1.ObjectMeta>> {\n return output(args.metadata).apply(metadata =>\n output({\n ...metadata,\n name: args.name ?? metadata?.name ?? fallbackName,\n namespace:\n metadata?.namespace ?? (args.namespace ? output(args.namespace).metadata.name : undefined),\n }),\n )\n}\n\nexport type SelectorLike = types.input.meta.v1.LabelSelector | Record<string, Input<string>>\n\nexport function mapSelectorLikeToSelector(\n selector: SelectorLike,\n): types.input.meta.v1.LabelSelector {\n if (\"matchLabels\" in selector || \"matchExpressions\" in selector) {\n return selector\n }\n\n return {\n matchLabels: selector as Record<string, Input<string>>,\n }\n}\n\nexport function getNamespaceName(namespace: NamespaceLike): Output<string> {\n if (Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n if (core.v1.Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n return output(namespace)\n}\n\nexport function mapNamespaceNameToSelector(\n namespace: Input<string>,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: {\n \"kubernetes.io/metadata.name\": namespace,\n },\n }\n}\n\nexport function validateCluster(\n entity: Input<k8s.Resource>,\n cluster: Input<k8s.Cluster>,\n): Input<k8s.Cluster> {\n return output({ entity, cluster }).apply(({ entity, cluster }) => {\n if (entity.clusterId !== cluster.id) {\n throw new Error(\n `Cluster mismatch for ${entity.kind} \"${entity.metadata.name}\": \"${entity.clusterId}\" != \"${cluster.id}\"`,\n )\n }\n\n return cluster\n })\n}\n\nexport { images }\n\n/**\n * Base class for all Kubernetes resources.\n *\n * Provides common functionality for resources that have a cluster and entity.\n */\nexport abstract class Resource extends ComponentResource {\n /**\n * The Kubernetes API version (e.g., \"v1\", \"apps/v1\", \"batch/v1\").\n */\n static readonly apiVersion: string\n\n /**\n * The Kubernetes kind (e.g., \"ConfigMap\", \"Deployment\", \"CronJob\").\n */\n static readonly kind: string\n\n /**\n * Whether the resource is namespaced.\n */\n static readonly isNamespaced: boolean = false\n\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the resource is located.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes resource.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Kubernetes API version (e.g., \"v1\", \"apps/v1\", \"batch/v1\").\n */\n get apiVersion() {\n return (this.constructor as typeof Resource).apiVersion\n }\n\n /**\n * The Kubernetes kind (e.g., \"ConfigMap\", \"Deployment\", \"CronJob\").\n */\n get kind() {\n return (this.constructor as typeof Resource).kind\n }\n\n get isNamespaced() {\n return (this.constructor as typeof Resource).isNamespaced\n }\n\n protected get entityBase() {\n return {\n clusterId: this.cluster.id,\n clusterName: this.cluster.name,\n apiVersion: this.apiVersion,\n kind: this.kind,\n isNamespaced: false,\n metadata: this.metadata,\n }\n }\n}\n\n/**\n * Base class for all Kubernetes namespaced resources.\n *\n * Provides common functionality for resources that have a cluster, namespace, metadata, and entity.\n */\nexport abstract class NamespacedResource extends Resource {\n static readonly isNamespaced = true\n\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The namespace where the resource is located.\n */\n readonly namespace: Output<Namespace>,\n ) {\n super(type, name, args, opts, namespace.cluster, metadata)\n }\n\n /**\n * The Highstate resource entity.\n */\n abstract get entity(): Output<k8s.NamespacedResource>\n\n protected get entityBase() {\n return {\n clusterId: this.cluster.id,\n clusterName: this.cluster.name,\n apiVersion: this.apiVersion,\n kind: this.kind,\n isNamespaced: true,\n metadata: this.metadata,\n } as const\n }\n}\n","import type { Namespace } from \"./namespace\"\nimport { common, type k8s } from \"@highstate/library\"\nimport {\n ComponentResource,\n type ComponentResourceOptions,\n type Input,\n type InputArray,\n interpolate,\n makeEntity,\n normalizeInputs,\n type Output,\n output,\n toPromise,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { KubeConfig } from \"@kubernetes/client-node\"\nimport { core, rbac, type types } from \"@pulumi/kubernetes\"\nimport { map, unique } from \"remeda\"\nimport { Secret } from \"./secret\"\nimport {\n getNamespaceName,\n getProvider,\n NamespacedResource,\n type NamespaceLike,\n type Resource,\n} from \"./shared\"\n\nexport type ClusterAccessScopeArgs = {\n /**\n * The namespace to create the ServiceAccount in.\n */\n namespace: Input<Namespace>\n\n /**\n * The RBAC rule to apply to the `ServiceAccount`.\n *\n * It will be used to create ClusterRole.\n */\n rule?: Input<types.input.rbac.v1.PolicyRule>\n\n /**\n * The RBAC rules to apply to the `ServiceAccount`.\n *\n * It will be used to create `ClusterRole`.\n */\n rules?: InputArray<types.input.rbac.v1.PolicyRule>\n\n /**\n * Whether to allow the `ServiceAccount` to access resources in the namespace where it is created.\n *\n * By default, it is set to `true`.\n */\n allowOriginNamespace?: boolean\n\n /**\n * The extra namespaces to bind to the `ClusterRole` and allow `ServiceAccount` to access them\n * with specified `rules`.\n */\n extraNamespaces?: InputArray<NamespaceLike>\n\n /**\n * Whether to create `ClusterRoleBinding` instead of `RoleBinding` to allow cluster-wide access.\n *\n * This will allow the `ServiceAccount` to access all namespaces and cluster resources.\n */\n clusterWide?: boolean\n\n /**\n * The extra resources to merge into passed rules.\n *\n * Resources will be merged into rule `resourceNames` if they exactly match rule's `apiGroups` and `resources`.\n * If rule specifies multiple apiGroups or resources, resources will not be merged into it.\n */\n resources?: InputArray<Resource | k8s.Resource>\n}\n\nexport class ClusterAccessScope extends ComponentResource {\n /**\n * The cluster entity with the reduced access.\n */\n readonly cluster: Output<k8s.Cluster>\n\n constructor(name: string, args: ClusterAccessScopeArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:ClusterAccessScope\", name, args, opts)\n\n const { serviceAccount, kubeconfig } = output(args.namespace).cluster.apply(cluster => {\n const provider = getProvider(cluster)\n const namespaceName = output(args.namespace).metadata.name\n\n const serviceAccount = new core.v1.ServiceAccount(\n name,\n {\n metadata: {\n name,\n namespace: namespaceName,\n },\n },\n { provider },\n )\n\n const clusterRole = new rbac.v1.ClusterRole(\n name,\n {\n metadata: {\n name: interpolate`hs.${namespaceName}.${name}`,\n annotations: {\n \"kubernetes.io/description\": interpolate`Created by Highstate for the ServiceAccount \"${name}\" in the namespace \"${namespaceName}\".`,\n },\n },\n rules: output({\n rules: normalizeInputs(args.rule, args.rules),\n resources: args.resources ?? [],\n }).apply(({ rules, resources }) => mergeResources(rules, resources)),\n },\n { provider },\n )\n\n const createRoleBinding = (namespace: Input<string>) => {\n return new rbac.v1.RoleBinding(\n name,\n {\n metadata: { name, namespace },\n roleRef: {\n kind: \"ClusterRole\",\n name: clusterRole.metadata.name,\n apiGroup: \"rbac.authorization.k8s.io\",\n },\n subjects: [\n {\n kind: \"ServiceAccount\",\n name: serviceAccount.metadata.name,\n namespace: namespaceName,\n },\n ],\n },\n { provider },\n )\n }\n\n if (args.clusterWide) {\n new rbac.v1.ClusterRoleBinding(\n name,\n {\n metadata: { name },\n roleRef: {\n kind: \"ClusterRole\",\n name: clusterRole.metadata.name,\n apiGroup: \"rbac.authorization.k8s.io\",\n },\n subjects: [\n {\n kind: \"ServiceAccount\",\n name: serviceAccount.metadata.name,\n namespace: namespaceName,\n },\n ],\n },\n { provider },\n )\n } else {\n if (args.allowOriginNamespace !== false) {\n createRoleBinding(namespaceName)\n }\n\n output(args.extraNamespaces ?? [])\n .apply(map(getNamespaceName))\n .apply(map(createRoleBinding))\n }\n\n return { serviceAccount, kubeconfig: cluster.kubeconfig }\n })\n\n const accessTokenSecret = Secret.create(`${name}-token`, {\n namespace: args.namespace,\n type: \"kubernetes.io/service-account-token\",\n metadata: {\n annotations: {\n \"kubernetes.io/service-account.name\": serviceAccount.metadata.name,\n },\n },\n })\n\n this.cluster = output({\n cluster: output(args.namespace).cluster,\n kubeconfig,\n newToken: accessTokenSecret.getValue(\"token\"),\n serviceAccount: serviceAccount.metadata.name,\n serviceAccountId: serviceAccount.metadata.uid,\n }).apply(({ cluster, kubeconfig, newToken, serviceAccount, serviceAccountId }) => {\n if (kubeconfig.content.type !== \"embedded-secret\") {\n throw new Error(\"Only embedded secrets are supported for cluster kubeconfig for now\")\n }\n\n const config = new KubeConfig()\n config.loadFromString(kubeconfig.content.value.value)\n\n // clear all existing contexts and users\n config.users = []\n config.contexts = []\n\n config.addUser({ name: serviceAccount, token: newToken })\n\n config.addContext({\n name: config.clusters[0].name,\n cluster: config.clusters[0].name,\n user: serviceAccount,\n })\n\n config.setCurrentContext(config.clusters[0].name)\n\n return {\n ...cluster,\n connectionId: serviceAccountId,\n kubeconfig: makeEntity({\n entity: common.fileEntity,\n identity: `${serviceAccountId}:kubeconfig`,\n meta: {\n title: `kubeconfig for SA ${serviceAccount}`,\n },\n value: {\n content: {\n type: \"embedded-secret\",\n value: config.exportConfig(),\n },\n meta: {\n name: \"kubeconfig\",\n contentType: \"text/yaml\",\n mode: 0o600,\n },\n },\n }),\n }\n })\n }\n}\n\nasync function mergeResources(\n rules: Unwrap<types.input.rbac.v1.PolicyRule>[],\n resources: (Resource | k8s.Resource)[],\n): Promise<types.input.rbac.v1.PolicyRule[]> {\n for (const resource of resources) {\n const entity = await toPromise(\n resource instanceof NamespacedResource ? resource.entity : resource,\n )\n\n const apiGroup = entity.apiVersion.includes(\"/\") // e.g., \"apps/v1\"\n ? entity.apiVersion.split(\"/\")[0]\n : \"\"\n\n const resourceCollection = `${entity.kind.toLowerCase()}s`\n\n const matchingRule = rules.find(rule => {\n const apiGroupsMatch = rule.apiGroups?.length === 1 && rule.apiGroups[0] === apiGroup\n const resourcesMatch =\n rule.resources?.length === 1 && rule.resources[0] === resourceCollection\n\n return apiGroupsMatch && resourcesMatch\n })\n\n if (!matchingRule) {\n continue\n }\n\n matchingRule.resourceNames = await toPromise(\n unique([\n //\n ...(matchingRule.resourceNames ?? []),\n entity.metadata.name,\n ]),\n )\n }\n\n return rules\n}\n","import { getOrCreate } from \"@highstate/contract\"\nimport { k8s } from \"@highstate/library\"\nimport { makeEntityOutput, toPromise } from \"@highstate/pulumi\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n type Output,\n output,\n type Unwrap,\n} from \"@pulumi/pulumi\"\nimport { ClusterAccessScope } from \"./rbac\"\nimport {\n getProvider,\n mapMetadata,\n Resource,\n type ScopedResourceArgs,\n validateCluster,\n} from \"./shared\"\n\nexport type NamespaceArgs = Omit<ScopedResourceArgs, \"namespace\"> & {\n /**\n * The cluster where the namespace is located.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * Whether to apply \"pod-security.kubernetes.io/enforce=privileged\" label to the namespace.\n */\n privileged?: boolean\n}\n\nexport type CreateOrGetNamespaceArgs = NamespaceArgs & {\n /**\n * The resource to use to determine the name of the namespace.\n *\n * If not provided, the namespace will be created, otherwise it will be retrieved/patched.\n */\n resource?: Input<k8s.NamespacedResource>\n\n /**\n * The namespace entity to patch/retrieve.\n */\n existing?: Input<k8s.Namespace> | undefined\n}\n\nexport abstract class Namespace extends Resource {\n static readonly apiVersion = \"v1\"\n static readonly kind = \"Namespace\"\n\n /**\n * The cluster entity authorized to port-forward into the namespace.\n *\n * Only created for namespaces created with `create` or `createOrGet` methods, not for wrapped or external namespaces.\n */\n portForwardCluster?: Output<k8s.Cluster>\n\n constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n cluster: Output<k8s.Cluster>,\n metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes namespace.\n */\n readonly spec: Output<types.output.core.v1.NamespaceSpec>,\n\n /**\n * The status of the underlying Kubernetes namespace.\n */\n readonly status: Output<types.output.core.v1.NamespaceStatus>,\n ) {\n super(type, name, args, opts, cluster, metadata)\n }\n\n /**\n * The Highstate namespace entity.\n */\n get entity(): Output<k8s.Namespace> {\n return makeEntityOutput({\n entity: k8s.namespaceEntity,\n identity: this.metadata.uid,\n meta: {\n title: this.metadata.name,\n },\n value: {\n ...this.entityBase,\n },\n })\n }\n\n /**\n * Creates a new namespace.\n */\n static create(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new CreatedNamespace(name, args, opts)\n }\n\n /**\n * Wraps an existing Kubernetes namespace.\n */\n static wrap(\n name: string,\n args: WrappedNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n return new WrappedNamespace(name, args, opts)\n }\n\n /**\n * Creates a new namespace or gets an existing one.\n *\n * @param name The name of the resource. May not be the same as the namespace name. Will not be used when existing namespace is retrieved.\n * @param args The arguments to create or get the namespace with.\n * @param opts Optional resource options.\n */\n static async createOrGet(\n name: string,\n args: CreateOrGetNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Promise<Namespace> {\n if (args.resource) {\n return await Namespace.forResourceAsync(args.resource, args.cluster)\n }\n\n if (args.existing) {\n return await Namespace.forAsync(args.existing, args.cluster)\n }\n\n return new CreatedNamespace(name, args, opts)\n }\n\n /**\n * Creates a new namespace or patches an existing one.\n *\n * @param name The name of the resource. May not be the same as the namespace name.\n * @param args The arguments to create or patch the namespace with.\n * @param opts Optional resource options.\n */\n static createOrPatch(\n name: string,\n args: CreateOrGetNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n if (args.resource) {\n return new NamespacePatch(name, {\n ...args,\n name: output(args.resource).metadata.namespace,\n cluster: validateCluster(args.resource, args.cluster),\n })\n }\n\n if (args.existing) {\n return new NamespacePatch(name, {\n ...args,\n name: output(args.existing).metadata.name,\n cluster: validateCluster(args.existing, args.cluster),\n })\n }\n\n return new CreatedNamespace(name, args, opts)\n }\n\n /**\n * Patches an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n *\n * @param name The name of the resource. May not be the same as the namespace name.\n * @param args The arguments to patch the namespace with.\n * @param opts Optional resource options.\n */\n static patch(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new NamespacePatch(name, args, opts)\n }\n\n /**\n * Gets an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n *\n * @param name The name of the resource. May not be the same as the namespace name.\n * @param args The arguments to get the namespace with.\n * @param opts Optional resource options.\n */\n static get(\n name: string,\n args: ExternalNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n return new ExternalNamespace(name, args, opts)\n }\n\n private static readonly namespaceCache = new Map<string, Namespace>()\n\n /**\n * Gets an existing namespace for a given entity.\n * Prefer this method over `get` when possible.\n *\n * It automatically names the resource with the following format: `{clusterName}.{namespace}.{clusterId}`.\n *\n * This method it idempotent and will return the same instance for the same entity.\n *\n * @param entity The entity to get the namespace for.\n * @param cluster The cluster where the namespace is located.\n */\n static for(entity: k8s.Namespace, cluster: Input<k8s.Cluster>): Namespace {\n return getOrCreate(\n Namespace.namespaceCache,\n `${entity.clusterName}.${entity.metadata.name}.${entity.clusterId}`,\n name => {\n return Namespace.get(name, {\n name: entity.metadata.name,\n cluster: validateCluster(entity, cluster),\n })\n },\n )\n }\n\n /**\n * Gets an existing namespace for a given entity.\n * Prefer this method over `get` when possible.\n *\n * @param entity The entity to get the namespace for.\n * @param cluster The cluster where the namespace is located.\n */\n static async forAsync(\n entity: Input<k8s.Namespace>,\n cluster: Input<k8s.Cluster>,\n ): Promise<Namespace> {\n const resolvedEntity = await toPromise(entity)\n\n return Namespace.for(resolvedEntity, cluster)\n }\n\n /**\n * Gets an existing namespace where the provided resource is located.\n * Prefer this method over `get` when possible.\n *\n * It automatically names the resource with the following format: `{clusterName}.{namespace}.{clusterId}`.\n *\n * This method it idempotent and will return the same instance for the same resource.\n *\n * @param resource The resource to get the namespace for.\n * @param cluster The cluster where the namespace is located.\n */\n static forResource(resource: k8s.NamespacedResource, cluster: Input<k8s.Cluster>): Namespace {\n return getOrCreate(\n Namespace.namespaceCache,\n `${resource.clusterName}.${resource.metadata.namespace}.${resource.clusterId}`,\n name => {\n return Namespace.get(name, {\n name: resource.metadata.namespace,\n cluster: validateCluster(resource, cluster),\n })\n },\n )\n }\n\n /**\n * Gets an existing namespace for a given entity.\n * Prefer this method over `get` when possible.\n *\n * @param resource The resource to get the namespace for.\n * @param cluster The cluster where the namespace is located.\n */\n static async forResourceAsync(\n resource: Input<k8s.NamespacedResource>,\n cluster: Input<k8s.Cluster>,\n ): Promise<Namespace> {\n const resolvedResource = await toPromise(resource)\n\n return Namespace.forResource(resolvedResource, cluster)\n }\n}\n\nfunction mapNamespaceMetadata(\n args: NamespaceArgs,\n fallbackName: string,\n): Output<Unwrap<types.input.meta.v1.ObjectMeta>> {\n return mapMetadata(args, fallbackName).apply(metadata => {\n if (args.privileged) {\n metadata.labels = {\n ...metadata.labels,\n \"pod-security.kubernetes.io/enforce\": \"privileged\",\n }\n }\n\n return metadata\n })\n}\n\nclass CreatedNamespace extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args.cluster).apply(cluster => {\n return new core.v1.Namespace(\n name,\n { metadata: mapNamespaceMetadata(args, name) },\n { ...opts, parent: this, provider: getProvider(cluster) },\n )\n })\n\n super(\n \"highstate:k8s:Namespace\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n\n const scope = new ClusterAccessScope(\n `${name}-port-forward`,\n {\n namespace: this,\n rules: [\n {\n apiGroups: [\"\"],\n resources: [\"services\"],\n verbs: [\"get\"],\n },\n {\n apiGroups: [\"\"],\n resources: [\"pods\"],\n verbs: [\"get\", \"list\"],\n },\n {\n apiGroups: [\"\"],\n resources: [\"pods/portforward\"],\n verbs: [\"create\"],\n },\n ],\n },\n { parent: this },\n )\n\n this.portForwardCluster = scope.cluster\n }\n}\n\nclass NamespacePatch extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args.cluster).apply(cluster => {\n return new core.v1.NamespacePatch(\n name,\n { metadata: mapNamespaceMetadata(args, name) },\n { ...opts, parent: this, provider: getProvider(cluster) },\n )\n })\n\n super(\n \"highstate:k8s:NamespacePatch\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nexport type WrappedNamespaceArgs = {\n /**\n * The underlying Kubernetes namespace to wrap.\n */\n namespace: Input<core.v1.Namespace>\n\n /**\n * The cluster where the namespace is located.\n */\n cluster: Input<k8s.Cluster>\n}\n\nexport type ExternalNamespaceArgs = {\n /**\n * The real name of the namespace in the cluster.\n */\n name: Input<string>\n\n /**\n * The cluster where the namespace is located.\n */\n cluster: Input<k8s.Cluster>\n}\n\nclass ExternalNamespace extends Namespace {\n constructor(name: string, args: ExternalNamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args.cluster).apply(cluster => {\n return core.v1.Namespace.get(name, args.name, {\n ...opts,\n parent: this,\n provider: getProvider(cluster),\n })\n })\n\n super(\n \"highstate:k8s:ExternalNamespace\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nclass WrappedNamespace extends Namespace {\n constructor(name: string, args: WrappedNamespaceArgs, opts?: ComponentResourceOptions) {\n super(\n \"highstate:k8s:WrappedNamespace\",\n name,\n args,\n opts,\n\n output(args.cluster),\n output(args.namespace).metadata,\n output(args.namespace).spec,\n output(args.namespace).status,\n )\n }\n}\n","import { getOrCreate } from \"@highstate/contract\"\nimport { k8s } from \"@highstate/library\"\nimport {\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n interpolate,\n makeEntityOutput,\n type Output,\n output,\n toPromise,\n} from \"@highstate/pulumi\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport { Namespace } from \"./namespace\"\nimport { getProvider, mapMetadata, NamespacedResource, type ScopedResourceArgs } from \"./shared\"\n\nexport type SecretArgs = ScopedResourceArgs &\n Omit<types.input.core.v1.Secret, \"kind\" | \"metadata\" | \"apiVersion\">\n\nexport type CreateOrGetSecretArgs = SecretArgs & {\n /**\n * The secret entity to patch/retrieve.\n */\n existing: Input<k8s.NamespacedResource> | undefined\n}\n\n/**\n * Represents a Kubernetes Secret resource with metadata and data.\n */\nexport abstract class Secret extends NamespacedResource {\n static apiVersion = \"v1\"\n static kind = \"Secret\"\n\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n metadata: Output<types.output.meta.v1.ObjectMeta>,\n namespace: Output<Namespace>,\n\n /**\n * The data of the underlying Kubernetes secret.\n */\n readonly data: Output<Record<string, string>>,\n\n /**\n * The stringData of the underlying Kubernetes secret.\n */\n readonly stringData: Output<Record<string, string>>,\n ) {\n super(type, name, args, opts, metadata, namespace)\n }\n\n /**\n * The Highstate secret entity.\n */\n get entity(): Output<k8s.Secret> {\n return makeEntityOutput({\n entity: k8s.secretEntity,\n identity: this.metadata.uid,\n meta: {\n title: this.metadata.name,\n },\n value: {\n ...this.entityBase,\n },\n })\n }\n\n /**\n * Gets the value of the secret field by the given key in `data`.\n *\n * Automatically decodes the base64 value.\n *\n * @param key The key of the secret.\n * @returns The value of the secret.\n */\n getValue(key: string): Output<string> {\n return this.data[key].apply(value => Buffer.from(value, \"base64\").toString())\n }\n\n /**\n * Creates a new secret.\n */\n static create(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {\n return new CreatedSecret(name, args, opts)\n }\n\n /**\n * Creates a new secret or patches an existing one.\n *\n * @param name The name of the resource. May not be the same as the secret name.\n * @param args The arguments to create or patch the secret with.\n * @param opts Optional resource options.\n */\n static createOrPatch(\n name: string,\n args: CreateOrGetSecretArgs,\n opts?: ComponentResourceOptions,\n ): Secret {\n if (args.existing) {\n return new SecretPatch(name, {\n ...args,\n name: output(args.existing).metadata.name,\n })\n }\n\n return new CreatedSecret(name, args, opts)\n }\n\n /**\n * Creates a new secret or gets an existing one.\n *\n * @param name The name of the resource. May not be the same as the secret name. Will not be used when existing secret is retrieved.\n * @param args The arguments to create or get the secret with.\n * @param opts Optional resource options.\n */\n static async createOrGet(\n name: string,\n args: CreateOrGetSecretArgs,\n opts?: ComponentResourceOptions,\n ): Promise<Secret> {\n if (args.existing) {\n return await Secret.forAsync(args.existing, output(args.namespace).cluster)\n }\n\n return new CreatedSecret(name, args, opts)\n }\n\n /**\n * Patches an existing secret.\n *\n * Will throw an error if the secret does not exist.\n *\n * @param name The name of the resource. May not be the same as the secret name.\n * @param args The arguments to patch the secret with.\n * @param opts Optional resource options.\n */\n static patch(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {\n return new SecretPatch(name, args, opts)\n }\n\n /**\n * Wraps an existing Kubernetes secret.\n */\n static wrap(name: string, args: WrappedSecretArgs, opts?: ComponentResourceOptions): Secret {\n return new WrappedSecret(name, args, opts)\n }\n\n /**\n * Gets an existing secret.\n *\n * Will throw an error if the secret does not exist.\n */\n static get(name: string, args: ExternalSecretArgs, opts?: ComponentResourceOptions): Secret {\n return new ExternalSecret(name, args, opts)\n }\n\n private static readonly secretCache = new Map<string, Secret>()\n\n /**\n * Gets an existing secret for a given entity.\n * Prefer this method over `get` when possible.\n *\n * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.\n *\n * This method is idempotent and will return the same instance for the same entity.\n *\n * @param entity The entity to get the secret for.\n * @param cluster The cluster where the secret is located.\n */\n static for(entity: k8s.NamespacedResource, cluster: Input<k8s.Cluster>): Secret {\n return getOrCreate(\n Secret.secretCache,\n `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,\n name => {\n return Secret.get(name, {\n name: entity.metadata.name,\n namespace: Namespace.forResource(entity, cluster),\n })\n },\n )\n }\n\n /**\n * Gets an existing secret for a given entity.\n * Prefer this method over `get` when possible.\n *\n * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.\n *\n * This method is idempotent and will return the same instance for the same entity.\n *\n * @param entity The entity to get the secret for.\n * @param cluster The cluster where the secret is located.\n */\n static async forAsync(\n entity: Input<k8s.NamespacedResource>,\n cluster: Input<k8s.Cluster>,\n ): Promise<Secret> {\n const resolvedEntity = await toPromise(entity)\n return Secret.for(resolvedEntity, cluster)\n }\n}\n\nclass CreatedSecret extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args.namespace).cluster.apply(cluster => {\n return new core.v1.Secret(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:Secret\",\n name,\n args,\n opts,\n secret.metadata,\n output(args.namespace),\n secret.data,\n secret.stringData,\n )\n }\n}\n\nclass SecretPatch extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args.namespace).cluster.apply(cluster => {\n return new core.v1.SecretPatch(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:SecretPatch\",\n name,\n args,\n opts,\n secret.metadata,\n output(args.namespace),\n secret.data,\n secret.stringData,\n )\n }\n}\n\nexport type WrappedSecretArgs = {\n /**\n * The underlying Kubernetes secret to wrap.\n */\n secret: Input<core.v1.Secret>\n\n /**\n * The namespace where the secret is located.\n */\n namespace: Input<Namespace>\n}\n\nclass WrappedSecret extends Secret {\n constructor(name: string, args: WrappedSecretArgs, opts?: ComponentResourceOptions) {\n super(\n \"highstate:k8s:WrappedSecret\",\n name,\n args,\n opts,\n output(args.secret).metadata,\n output(args.namespace),\n output(args.secret).data,\n output(args.secret).stringData,\n )\n }\n}\n\nexport type ExternalSecretArgs = {\n /**\n * The name of the secret to get.\n */\n name: Input<string>\n\n /**\n * The namespace where the secret is located.\n */\n namespace: Input<Namespace>\n}\n\nclass ExternalSecret extends Secret {\n constructor(name: string, args: ExternalSecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args.namespace).cluster.apply(async cluster => {\n const secret = core.v1.Secret.get(\n name,\n interpolate`${output(args.namespace).metadata.name}/${args.name}`,\n { ...opts, parent: this, provider: getProvider(cluster) },\n )\n\n // TODO: investigate why this needed\n const namespace = await toPromise(output(args.namespace).metadata.name)\n const resolvedName = await toPromise(args.name)\n const metadata = await toPromise(secret.metadata)\n if (!metadata) {\n throw new Error(`Secret ${resolvedName} in namespace ${namespace} not found`)\n }\n\n return secret\n })\n\n super(\n \"highstate:k8s:ExternalSecret\",\n name,\n args,\n opts,\n secret.metadata,\n output(args.namespace),\n secret.data,\n secret.stringData,\n )\n }\n}\n"]}

package/dist/chunk-TVKT3ZYX.js DELETED Viewed

@@ -1,423 +0,0 @@
-import { Deployment } from './chunk-BTAEFJ5N.js';
-import { StatefulSet } from './chunk-S77TE7UC.js';
-import { NetworkPolicy } from './chunk-SZKOAHNX.js';
-import { createServiceSpec, Service } from './chunk-OG2OPX7B.js';
-import { getNamespaceName, getProvider } from './chunk-TOLFVF4S.js';
-import { mkdir, unlink, readFile } from 'node:fs/promises';
-import { resolve } from 'node:path';
-import { AccessPointRoute } from '@highstate/common';
-import { toPromise, normalizeInputs, normalize } from '@highstate/pulumi';
-import { local } from '@pulumi/command';
-import { helm, apps, core } from '@pulumi/kubernetes';
-import { ComponentResource, output } from '@pulumi/pulumi';
-import { sha256 } from 'crypto-hash';
-import { glob } from 'glob';
-import spawn from 'nano-spawn';
-import { omit, isNonNullish } from 'remeda';
-var Chart = class extends ComponentResource {
-  constructor(name, args, opts) {
-    super("highstate:k8s:Chart", name, args, opts);
-    this.name = name;
-    this.args = args;
-    this.opts = opts;
-    const namespace = output(args.namespace).apply(
-      (namespace2) => output(namespace2 ? getNamespaceName(namespace2) : "default")
-    );
-    this.chart = output(args.namespace).cluster.apply((cluster) => {
-      return new helm.v4.Chart(
-        name,
-        omit(
-          {
-            ...args,
-            chart: resolveHelmChart(args.chart),
-            namespace
-          },
-          ["route", "routes"]
-        ),
-        {
-          ...opts,
-          parent: this,
-          provider: getProvider(cluster),
-          transforms: [
-            ...opts?.transforms ?? [],
-            async (resourceArgs) => {
-              const namespace2 = await toPromise(output(args.namespace).metadata.name);
-              const serviceName = args.serviceName ?? name;
-              const expectedName = `${name}:${namespace2}/${serviceName}`;
-              if (resourceArgs.type === "kubernetes:core/v1:Service" && resourceArgs.name === expectedName) {
-                const spec = await toPromise(
-                  resourceArgs.props.spec
-                );
-                const serviceSpec = await toPromise(createServiceSpec(args.service ?? {}, cluster));
-                return {
-                  props: {
-                    ...resourceArgs.props,
-                    spec: {
-                      ...spec,
-                      ...serviceSpec.ports?.length !== 0 ? serviceSpec : omit(serviceSpec, ["ports"])
-                    }
-                  },
-                  opts: resourceArgs.opts
-                };
-              }
-              return void 0;
-            }
-          ]
-        }
-      );
-    });
-    this.routes = output(
-      normalizeInputs(
-        args.route ? { name: "default", route: args.route } : void 0,
-        args.routes ? Object.entries(args.routes).map(([name2, route]) => ({ name: name2, route })) : void 0
-      )
-    ).apply(async (routes) => {
-      if (routes.length === 0) {
-        return [];
-      }
-      return await Promise.all(
-        routes.map(async ({ name: routeName, route }) => {
-          const { serviceName: _serviceName, rules: _rules, ...baseRoute } = route;
-          const accessPoint = route.accessPoint ?? args.accessPoint;
-          if (!accessPoint) {
-            throw new Error(
-              `Access point is required for chart route "${name}-${routeName}". Set it on the route or on Chart args.accessPoint`
-            );
-          }
-          const namespace2 = await toPromise(args.namespace);
-          const routeRules = await toPromise(route.rules);
-          const routeRuleValues = Object.values(routeRules ?? {});
-          const defaultServiceName = route.serviceName ?? args.serviceName ?? name;
-          const defaultServicePort = route.servicePort ?? args.servicePort;
-          const needsDefaultBackend = routeRuleValues.length === 0;
-          const defaultService = needsDefaultBackend ? await this.getService(defaultServiceName) : void 0;
-          const defaultServiceEndpoints = needsDefaultBackend && defaultService ? await this.resolveServiceEndpoints(
-            defaultService,
-            defaultServiceName,
-            defaultServicePort,
-            `${name}-${routeName}`
-          ) : void 0;
-          const resolvedRules = routeRules ? await Promise.all(
-            Object.entries(routeRules).map(async ([ruleName, rule]) => {
-              const ruleServiceName = rule.serviceName ?? defaultServiceName;
-              const ruleService = await this.getService(ruleServiceName);
-              const ruleServicePort = rule.servicePort ?? route.servicePort ?? args.servicePort;
-              const ruleServiceEndpoints = await this.resolveServiceEndpoints(
-                ruleService,
-                ruleServiceName,
-                ruleServicePort,
-                `${name}-${routeName}:${ruleName}`
-              );
-              return [
-                ruleName,
-                [
-                  {
-                    ...omit(rule, ["serviceName", "servicePort"]),
-                    backend: {
-                      endpoints: ruleServiceEndpoints
-                    }
-                  }
-                ]
-              ];
-            })
-          ) : void 0;
-          const resolvedRulesInput = resolvedRules ? Object.fromEntries(resolvedRules) : void 0;
-          return new AccessPointRoute(
-            `${name}-${routeName}`,
-            {
-              ...baseRoute,
-              accessPoint,
-              ...defaultService ? {
-                backend: {
-                  endpoints: defaultServiceEndpoints
-                }
-              } : {},
-              rules: resolvedRulesInput,
-              metadata: {
-                ...route.metadata ?? {},
-                "k8s.namespace": namespace2
-              }
-            },
-            { ...opts, parent: this }
-          );
-        })
-      );
-    });
-    this.networkPolicies = output(args).apply((args2) => {
-      const policies = normalize(args2.networkPolicy, args2.networkPolicies);
-      return output(
-        policies.map((policy) => {
-          return new NetworkPolicy(
-            name,
-            {
-              ...policy,
-              namespace: args2.namespace,
-              description: `Network policy for Helm chart "${name}"`
-            },
-            { ...opts, parent: this }
-          );
-        })
-      );
-    });
-    this.workloads = output(this.chart).apply((chart) => {
-      return output(
-        chart.resources.apply((resources) => {
-          return resources.map((resource) => {
-            if (apps.v1.Deployment.isInstance(resource)) {
-              return resource.metadata.name.apply((name2) => {
-                return Deployment.wrap(
-                  name2,
-                  { namespace: args.namespace, deployment: resource, terminal: args.terminal },
-                  this.opts
-                );
-              });
-            }
-            if (apps.v1.StatefulSet.isInstance(resource)) {
-              return resource.metadata.name.apply((name2) => {
-                return StatefulSet.wrap(
-                  name2,
-                  {
-                    namespace: args.namespace,
-                    statefulSet: resource,
-                    service: this.getServiceOutput(name2),
-                    terminal: args.terminal
-                  },
-                  this.opts
-                );
-              });
-            }
-            return void 0;
-          }).filter(isNonNullish);
-        })
-      );
-    });
-  }
-  /**
-   * The underlying Helm chart.
-   */
-  chart;
-  /**
-   * The access point routes created for the chart.
-   */
-  routes;
-  /**
-   * The network policies applied to the chart.
-   */
-  networkPolicies;
-  /**
-   * All workloads created by the chart.
-   */
-  workloads;
-  set service(_value) {
-  }
-  set terminals(_value) {
-  }
-  get service() {
-    return this.getServiceOutput(void 0);
-  }
-  get deployment() {
-    return this.getDeploymentOutput(this.name);
-  }
-  get statefulSet() {
-    return this.getStatefulSetOutput(this.name);
-  }
-  get terminals() {
-    return this.workloads.apply((workloads) => {
-      const terminalsByWorkload = workloads.map(
-        (workload) => output({ terminals: workload.terminals, workloadName: workload.metadata.name })
-      );
-      return output(terminalsByWorkload).apply((workloadTerminals) => {
-        const hasMultipleWorkloads = workloadTerminals.length > 1;
-        return workloadTerminals.flatMap(({ terminals, workloadName }) => {
-          if (!hasMultipleWorkloads) {
-            return terminals;
-          }
-          return terminals.map((terminal) => ({
-            ...terminal,
-            meta: {
-              ...terminal.meta,
-              title: `${terminal.meta.title} | ${workloadName}`
-            }
-          }));
-        });
-      });
-    });
-  }
-  services = /* @__PURE__ */ new Map();
-  async resolveServiceEndpoints(service, serviceName, servicePort, routeName) {
-    const endpoints = await toPromise(service.endpoints);
-    const servicePorts = await toPromise(service.spec.ports);
-    if (endpoints.length === 0) {
-      throw new Error(
-        `No endpoints found for service "${serviceName}" in chart route "${routeName}"`
-      );
-    }
-    let resolvedServicePort;
-    if (servicePort != null) {
-      const requestedServicePort = await toPromise(servicePort);
-      if (typeof requestedServicePort === "string") {
-        const namedPort = servicePorts?.find((port) => port.name === requestedServicePort);
-        if (!namedPort) {
-          throw new Error(
-            `Named port "${requestedServicePort}" not found for service "${serviceName}" in chart route "${routeName}"`
-          );
-        }
-        resolvedServicePort = namedPort.port;
-      } else {
-        resolvedServicePort = requestedServicePort;
-      }
-    } else {
-      resolvedServicePort = endpoints[0]?.port;
-    }
-    if (resolvedServicePort == null) {
-      throw new Error(
-        `Unable to resolve service port for service "${serviceName}" in chart route "${routeName}"`
-      );
-    }
-    const filteredEndpoints = endpoints.filter((endpoint) => endpoint.port === resolvedServicePort);
-    if (filteredEndpoints.length === 0) {
-      throw new Error(
-        `No endpoints with port ${resolvedServicePort} found for service "${serviceName}" in chart route "${routeName}"`
-      );
-    }
-    return filteredEndpoints;
-  }
-  getServiceOutput(name) {
-    return output({ args: this.args, chart: this.chart }).apply(({ args, chart }) => {
-      const resolvedName = name ?? args.serviceName ?? this.name;
-      const existingService = this.services.get(resolvedName);
-      if (existingService) {
-        return existingService;
-      }
-      const service = getChartServiceOutput(chart, resolvedName);
-      const wrappedService = Service.wrap(
-        resolvedName,
-        { namespace: args.namespace, service },
-        { ...this.opts, parent: this }
-      );
-      this.services.set(resolvedName, wrappedService);
-      return wrappedService;
-    });
-  }
-  getWorkloadOutput(name) {
-    return this.workloads.apply(async (workloads) => {
-      const workloadsWithNames = await toPromise(
-        workloads.map((workload) => output({ workload, name: workload.metadata.name }))
-      );
-      const item = workloadsWithNames.find((w) => w.name === name);
-      if (!item) {
-        throw new Error(`Workload with name '${name}' not found in the chart workloads`);
-      }
-      return item.workload;
-    });
-  }
-  getDeploymentOutput(name) {
-    return this.getWorkloadOutput(name).apply((workload) => {
-      if (workload instanceof Deployment) {
-        return workload;
-      }
-      throw new Error(`Workload with name '${name}' is not a Deployment`);
-    });
-  }
-  getStatefulSetOutput(name) {
-    return this.getWorkloadOutput(name).apply((workload) => {
-      if (workload instanceof StatefulSet) {
-        return workload;
-      }
-      throw new Error(`Workload with name '${name}' is not a StatefulSet`);
-    });
-  }
-  getService(name) {
-    return toPromise(this.getServiceOutput(name));
-  }
-  getWorkload(name) {
-    return toPromise(this.getWorkloadOutput(name));
-  }
-  getDeployment(name) {
-    return toPromise(this.getDeploymentOutput(name));
-  }
-  getStatefulSet(name) {
-    return toPromise(this.getStatefulSetOutput(name));
-  }
-};
-var RenderedChart = class extends ComponentResource {
-  /**
-   * The rendered manifest of the Helm chart.
-   */
-  manifest;
-  /**
-   * The underlying command used to render the chart.
-   */
-  command;
-  constructor(name, args, opts) {
-    super("highstate:k8s:RenderedChart", name, args, opts);
-    this.command = output(args).apply((args2) => {
-      const values = args2.values ? Object.entries(args2.values).flatMap(([key, value]) => ["--set", `${key}="${value}"`]) : [];
-      return new local.Command(
-        name,
-        {
-          create: output([
-            "helm",
-            "template",
-            resolveHelmChart(args2.chart),
-            ...args2.namespace ? ["--namespace", getNamespaceName(args2.namespace)] : [],
-            ...values
-          ]).apply((command) => command.join(" ")),
-          logging: "stderr"
-        },
-        { parent: this, ...opts }
-      );
-    });
-    this.manifest = this.command.stdout;
-    this.registerOutputs({ manifest: this.manifest, command: this.command });
-  }
-};
-async function resolveHelmChart(manifest) {
-  if (!process.env.HIGHSTATE_CACHE_DIR) {
-    throw new Error("Environment variable HIGHSTATE_CACHE_DIR is not set");
-  }
-  const chartsDir = resolve(process.env.HIGHSTATE_CACHE_DIR, "charts");
-  await mkdir(chartsDir, { recursive: true });
-  const globPattern = `${manifest.name}-*.tgz`;
-  const targetFileName = `${manifest.name}-${manifest.version}.tgz`;
-  const files = await glob(globPattern, { cwd: chartsDir });
-  if (files.includes(targetFileName)) {
-    return resolve(chartsDir, targetFileName);
-  }
-  for (const file of files) {
-    await unlink(resolve(chartsDir, file));
-  }
-  const isOci = manifest.repo.startsWith("oci://");
-  const chartRef = isOci ? `${manifest.repo.replace(/\/$/, "")}/${manifest.name}` : manifest.name;
-  const pullArgs = ["pull", chartRef, "--version", manifest.version, "--destination", chartsDir];
-  if (!isOci) {
-    pullArgs.push("--repo", manifest.repo);
-  }
-  await spawn("helm", pullArgs);
-  const content = await readFile(resolve(chartsDir, targetFileName));
-  const actualSha256 = await sha256(content);
-  if (actualSha256 !== manifest.sha256) {
-    throw new Error(`SHA256 mismatch for chart '${manifest.name}'`);
-  }
-  return resolve(chartsDir, targetFileName);
-}
-function getChartServiceOutput(chart, name) {
-  const services = chart.resources.apply((resources) => {
-    return resources.filter((r) => core.v1.Service.isInstance(r)).map((service) => ({ name: service.metadata.name, service }));
-  });
-  return output(services).apply((services2) => {
-    const service = services2.find((s) => s.name === name)?.service;
-    if (!service) {
-      throw new Error(`Service with name '${name}' not found in the chart resources`);
-    }
-    return service;
-  });
-}
-function getChartService(chart, name) {
-  return toPromise(getChartServiceOutput(chart, name));
-}
-export { Chart, RenderedChart, getChartService, getChartServiceOutput, resolveHelmChart };
-//# sourceMappingURL=chunk-TVKT3ZYX.js.map
-//# sourceMappingURL=chunk-TVKT3ZYX.js.map