@highstate/k8s 0.9.10 → 0.9.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/dist/{chunk-7R2VAXVL.js → chunk-5S4JPM4M.js} +4 -3
  2. package/dist/chunk-5S4JPM4M.js.map +1 -0
  3. package/dist/{chunk-3B5DTLGG.js → chunk-6L67WIZW.js} +3 -3
  4. package/dist/{chunk-R43VRICF.js → chunk-SARVLQZY.js} +63 -25
  5. package/dist/chunk-SARVLQZY.js.map +1 -0
  6. package/dist/{chunk-FF3GFWG3.js → chunk-VL7Z5FJQ.js} +3 -3
  7. package/dist/{chunk-OP75IMU7.js → chunk-WEKIQRCZ.js} +43 -17
  8. package/dist/chunk-WEKIQRCZ.js.map +1 -0
  9. package/dist/{chunk-HTQP2NB4.js → chunk-Y3LZSX7I.js} +4 -17
  10. package/dist/chunk-Y3LZSX7I.js.map +1 -0
  11. package/dist/deployment-QTPBNKO5.js +10 -0
  12. package/dist/highstate.manifest.json +8 -8
  13. package/dist/index.js +8 -36
  14. package/dist/index.js.map +1 -1
  15. package/dist/stateful-set-K4GV7ZTK.js +10 -0
  16. package/dist/units/cert-manager/index.js +3 -3
  17. package/dist/units/dns01-issuer/index.js +1 -1
  18. package/dist/units/gateway-api/index.js +1 -1
  19. package/package.json +9 -9
  20. package/src/container.ts +36 -1
  21. package/src/custom.ts +104 -0
  22. package/src/helm.ts +2 -1
  23. package/src/index.ts +0 -2
  24. package/src/network-policy.ts +23 -21
  25. package/src/network.ts +6 -6
  26. package/src/service.ts +8 -8
  27. package/src/shared.ts +7 -19
  28. package/src/workload.ts +50 -28
  29. package/dist/chunk-7R2VAXVL.js.map +0 -1
  30. package/dist/chunk-HTQP2NB4.js.map +0 -1
  31. package/dist/chunk-OP75IMU7.js.map +0 -1
  32. package/dist/chunk-R43VRICF.js.map +0 -1
  33. package/dist/deployment-E3ZTF2IS.js +0 -10
  34. package/dist/stateful-set-NTU7QKC7.js +0 -10
  35. /package/dist/{chunk-3B5DTLGG.js.map → chunk-6L67WIZW.js.map} +0 -0
  36. /package/dist/{chunk-FF3GFWG3.js.map → chunk-VL7Z5FJQ.js.map} +0 -0
  37. /package/dist/{deployment-E3ZTF2IS.js.map → deployment-QTPBNKO5.js.map} +0 -0
  38. /package/dist/{stateful-set-NTU7QKC7.js.map → stateful-set-K4GV7ZTK.js.map} +0 -0
package/dist/{chunk-7R2VAXVL.js → chunk-5S4JPM4M.js} RENAMED
@@ -3,11 +3,11 @@ import {
3
3
  NetworkPolicy,
4
4
  Service,
5
5
  getServiceType
6
- } from "./chunk-OP75IMU7.js";
6
+ } from "./chunk-WEKIQRCZ.js";
7
7
  import {
8
8
  getProvider,
9
9
  mapNamespaceLikeToNamespaceName
10
- } from "./chunk-HTQP2NB4.js";
10
+ } from "./chunk-Y3LZSX7I.js";
11
11
 
12
12
  // src/helm.ts
13
13
  import { resolve } from "node:path";
@@ -81,6 +81,7 @@ var Chart = class extends ComponentResource {
81
81
  name,
82
82
  {
83
83
  ...httpRoute,
84
+ cluster: args.cluster,
84
85
  rule: {
85
86
  backend: this.service
86
87
  }
@@ -231,4 +232,4 @@ export {
231
232
  getChartServiceOutput,
232
233
  getChartService
233
234
  };
234
- //# sourceMappingURL=chunk-7R2VAXVL.js.map
235
+ //# sourceMappingURL=chunk-5S4JPM4M.js.map
package/dist/chunk-5S4JPM4M.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/helm.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { resolve } from \"node:path\"\nimport { mkdir, readFile, unlink } from \"node:fs/promises\"\nimport { normalize, toPromise, type InputMap } from \"@highstate/pulumi\"\nimport { core, helm, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n type ComponentResourceOptions,\n type Input,\n type Output,\n} from \"@pulumi/pulumi\"\nimport spawn from \"nano-spawn\"\nimport { sha256 } from \"crypto-hash\"\nimport { omit } from \"remeda\"\nimport { local } from \"@pulumi/command\"\nimport { glob } from \"glob\"\nimport { NetworkPolicy, type NetworkPolicyArgs } from \"./network-policy\"\nimport { HttpRoute, type HttpRouteArgs } from \"./gateway\"\nimport { getProvider, mapNamespaceLikeToNamespaceName, type NamespaceLike } from \"./shared\"\nimport { getServiceType, Service, type ServiceArgs } from \"./service\"\n\nexport type ChartArgs = Omit<\n helm.v4.ChartArgs,\n \"chart\" | \"version\" | \"repositoryOpts\" | \"namespace\"\n> & {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The custom name of the primary service exposed by the chart.\n *\n * By default, it is the same as the chart name.\n */\n serviceName?: string\n\n /**\n * The extra args to pass to the main service of the chart.\n *\n * Will be patched via transformations.\n */\n service?: Partial<ServiceArgs>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The cluster to create the resource in.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The http route args to bind the service to.\n */\n httpRoute?: Input<Omit<HttpRouteArgs, \"cluster\">>\n\n /**\n * The network policy to apply to the chart.\n */\n networkPolicy?: Input<Omit<NetworkPolicyArgs, \"selector\" | \"cluster\" | \"namespace\">>\n\n /**\n * The network policies to apply to the chart.\n */\n networkPolicies?: Input<NetworkPolicyArgs[]>\n}\n\nexport class Chart extends ComponentResource {\n /**\n * The underlying Helm chart.\n */\n public readonly chart: Output<helm.v4.Chart>\n\n /**\n * The HTTP route associated with the deployment.\n */\n public readonly httpRoute: Output<HttpRoute | undefined>\n\n /**\n * The network policies applied to the chart.\n */\n public readonly networkPolicies: Output<NetworkPolicy[]>\n\n constructor(\n private readonly name: string,\n private readonly args: ChartArgs,\n private readonly opts?: ComponentResourceOptions,\n ) {\n super(\"highstate:k8s:Chart\", name, args, opts)\n\n const namespace = output(args.namespace).apply(namespace =>\n output(namespace ? mapNamespaceLikeToNamespaceName(namespace) : \"default\"),\n )\n\n this.chart = output({ args, namespace }).apply(async ({ args, namespace }) => {\n return new helm.v4.Chart(\n name,\n omit(\n {\n ...args,\n chart: resolveHelmChart(args.chart),\n namespace,\n },\n [\"httpRoute\"],\n ),\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n\n transforms: [\n ...(opts?.transforms ?? []),\n\n resourceArgs => {\n const serviceName = args.serviceName ?? name\n const expectedName = `${name}:${namespace}/${serviceName}`\n\n if (\n resourceArgs.type === \"kubernetes:core/v1:Service\" &&\n resourceArgs.name === expectedName\n ) {\n const spec = resourceArgs.props.spec as types.input.core.v1.ServiceSpec\n\n return {\n props: {\n ...resourceArgs.props,\n spec: {\n ...spec,\n ...(args.service ?? {}),\n\n type: getServiceType(args.service, args.cluster),\n\n externalIPs:\n args.service?.externalIPs ?? args.cluster.externalIps ?? spec.externalIPs,\n },\n },\n opts: resourceArgs.opts,\n }\n }\n\n return undefined\n },\n ],\n },\n )\n })\n\n this.httpRoute = output(args.httpRoute).apply(httpRoute => {\n if (!httpRoute) {\n return undefined\n }\n\n return new HttpRoute(\n name,\n {\n ...httpRoute,\n cluster: args.cluster,\n rule: {\n backend: this.service,\n },\n },\n { ...opts, parent: this },\n )\n })\n\n this.networkPolicies = output(args).apply(args => {\n const policies = normalize(args.networkPolicy, args.networkPolicies)\n\n return output(\n policies.map(policy => {\n return NetworkPolicy.create(\n name,\n {\n ...policy,\n\n cluster: args.cluster,\n namespace: args.namespace,\n },\n { ...opts, parent: this },\n )\n }),\n )\n })\n }\n\n get service(): Output<Service> {\n return this.getServiceOutput(undefined)\n }\n\n private readonly services = new Map<string, Service>()\n\n getServiceOutput(name: string | undefined): Output<Service> {\n return output({ args: this.args, chart: this.chart }).apply(({ args, chart }) => {\n const resolvedName = name ?? args.serviceName ?? this.name\n const existingService = this.services.get(resolvedName)\n\n if (existingService) {\n return existingService\n }\n\n const service = getChartServiceOutput(chart, resolvedName)\n\n const wrappedService = Service.wrap(\n //\n resolvedName,\n service,\n args.cluster,\n { ...this.opts, parent: this },\n )\n\n this.services.set(resolvedName, wrappedService)\n return wrappedService\n })\n }\n\n getService(name?: string): Promise<Service> {\n return toPromise(this.getServiceOutput(name))\n }\n}\n\nexport type RenderedChartArgs = {\n /**\n * The namespace to deploy the chart into.\n */\n namespace?: Input<NamespaceLike>\n\n /**\n * The manifest of the chart to resolve.\n */\n chart: ChartManifest\n\n /**\n * The values to pass to the chart.\n */\n values?: InputMap<string>\n}\n\nexport class RenderedChart extends ComponentResource {\n /**\n * The rendered manifest of the Helm chart.\n */\n public readonly manifest: Output<string>\n\n /**\n * The underlying command used to render the chart.\n */\n public readonly command: Output<local.Command>\n\n constructor(name: string, args: RenderedChartArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:RenderedChart\", name, args, opts)\n\n this.command = output(args).apply(args => {\n const values = args.values\n ? Object.entries(args.values).flatMap(([key, value]) => [\"--set\", `${key}=\"${value}\"`])\n : []\n\n return new local.Command(\n name,\n {\n create: output([\n \"helm\",\n \"template\",\n resolveHelmChart(args.chart),\n\n ...(args.namespace\n ? [\"--namespace\", mapNamespaceLikeToNamespaceName(args.namespace)]\n : []),\n\n ...values,\n ]).apply(command => command.join(\" \")),\n\n logging: \"stderr\",\n },\n { parent: this, ...opts },\n )\n })\n\n this.manifest = this.command.stdout\n\n this.registerOutputs({ manifest: this.manifest, command: this.command })\n }\n}\n\nexport type ChartManifest = {\n repo: string\n name: string\n version: string\n sha256: string\n}\n\n/**\n * Downloads or reuses the Helm chart according to the charts.json file.\n * Returns the full path to the chart's .tgz file.\n *\n * @param manifest The manifest of the Helm chart.\n */\nexport async function resolveHelmChart(manifest: ChartManifest): Promise<string> {\n if (!process.env.HIGHSTATE_CACHE_DIR) {\n throw new Error(\"Environment variable HIGHSTATE_CACHE_DIR is not set\")\n }\n\n const chartsDir = resolve(process.env.HIGHSTATE_CACHE_DIR, \"charts\")\n await mkdir(chartsDir, { recursive: true })\n\n const globPattern = `${manifest.name}-*.tgz`\n const targetFileName = `${manifest.name}-${manifest.version}.tgz`\n\n // find all matching files\n const files = await glob(globPattern, { cwd: chartsDir })\n\n if (files.includes(targetFileName)) {\n return resolve(chartsDir, targetFileName)\n }\n\n // delete old versions\n for (const file of files) {\n await unlink(resolve(chartsDir, file))\n }\n\n // download the chart\n await spawn(\"helm\", [\n \"pull\",\n manifest.name,\n \"--version\",\n manifest.version,\n \"--repo\",\n manifest.repo,\n \"--destination\",\n chartsDir,\n ])\n\n // check the SHA256\n const content = await readFile(resolve(chartsDir, targetFileName))\n const actualSha256 = await sha256(content)\n\n if (actualSha256 !== manifest.sha256) {\n throw new Error(`SHA256 mismatch for chart '${manifest.name}'`)\n }\n\n return resolve(chartsDir, targetFileName)\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartServiceOutput(chart: helm.v4.Chart, name: string): Output<core.v1.Service> {\n const services = chart.resources.apply(resources => {\n return resources\n .filter(r => core.v1.Service.isInstance(r))\n .map(service => ({ name: service.metadata.name, service }))\n })\n\n return output(services).apply(services => {\n const service = services.find(s => s.name === name)?.service\n\n if (!service) {\n throw new Error(`Service with name '${name}' not found in the chart resources`)\n }\n\n return service\n })\n}\n\n/**\n * Extracts the service with the given name from the chart resources.\n * Throws an error if the service is not found.\n *\n * @param chart The Helm chart.\n * @param name The name of the service.\n */\nexport function getChartService(chart: helm.v4.Chart, name: string): Promise<core.v1.Service> {\n return toPromise(getChartServiceOutput(chart, name))\n}\n"],"mappings":";;;;;;;;;;;;AACA,SAAS,eAAe;AACxB,SAAS,OAAO,UAAU,cAAc;AACxC,SAAS,WAAW,iBAAgC;AACpD,SAAS,MAAM,YAAmB;AAClC;AAAA,EACE;AAAA,EACA;AAAA,OAIK;AACP,OAAO,WAAW;AAClB,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,aAAa;AACtB,SAAS,YAAY;AAuDd,IAAM,QAAN,cAAoB,kBAAkB;AAAA,EAgB3C,YACmB,MACA,MACA,MACjB;AACA,UAAM,uBAAuB,MAAM,MAAM,IAAI;AAJ5B;AACA;AACA;AAIjB,UAAM,YAAY,OAAO,KAAK,SAAS,EAAE;AAAA,MAAM,CAAAA,eAC7C,OAAOA,aAAY,gCAAgCA,UAAS,IAAI,SAAS;AAAA,IAC3E;AAEA,SAAK,QAAQ,OAAO,EAAE,MAAM,UAAU,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,WAAAD,WAAU,MAAM;AAC5E,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE;AAAA,YACE,GAAGC;AAAA,YACH,OAAO,iBAAiBA,MAAK,KAAK;AAAA,YAClC,WAAAD;AAAA,UACF;AAAA,UACA,CAAC,WAAW;AAAA,QACd;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYC,MAAK,OAAO;AAAA,UAExC,YAAY;AAAA,YACV,GAAI,MAAM,cAAc,CAAC;AAAA,YAEzB,kBAAgB;AACd,oBAAM,cAAcA,MAAK,eAAe;AACxC,oBAAM,eAAe,GAAG,IAAI,IAAID,UAAS,IAAI,WAAW;AAExD,kBACE,aAAa,SAAS,gCACtB,aAAa,SAAS,cACtB;AACA,sBAAM,OAAO,aAAa,MAAM;AAEhC,uBAAO;AAAA,kBACL,OAAO;AAAA,oBACL,GAAG,aAAa;AAAA,oBAChB,MAAM;AAAA,sBACJ,GAAG;AAAA,sBACH,GAAIC,MAAK,WAAW,CAAC;AAAA,sBAErB,MAAM,eAAeA,MAAK,SAASA,MAAK,OAAO;AAAA,sBAE/C,aACEA,MAAK,SAAS,eAAeA,MAAK,QAAQ,eAAe,KAAK;AAAA,oBAClE;AAAA,kBACF;AAAA,kBACA,MAAM,aAAa;AAAA,gBACrB;AAAA,cACF;AAEA,qBAAO;AAAA,YACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,SAAK,YAAY,OAAO,KAAK,SAAS,EAAE,MAAM,eAAa;AACzD,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAEA,aAAO,IAAI;AAAA,QACT;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,SAAS,KAAK;AAAA,UACd,MAAM;AAAA,YACJ,SAAS,KAAK;AAAA,UAChB;AAAA,QACF;AAAA,QACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,kBAAkB,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AAChD,YAAM,WAAW,UAAUA,MAAK,eAAeA,MAAK,eAAe;AAEnE,aAAO;AAAA,QACL,SAAS,IAAI,YAAU;AACrB,iBAAO,cAAc;AAAA,YACnB;AAAA,YACA;AAAA,cACE,GAAG;AAAA,cAEH,SAASA,MAAK;AAAA,cACd,WAAWA,MAAK;AAAA,YAClB;AAAA,YACA,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,UAC1B;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAhHgB;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAwGhB,IAAI,UAA2B;AAC7B,WAAO,KAAK,iBAAiB,MAAS;AAAA,EACxC;AAAA,EAEiB,WAAW,oBAAI,IAAqB;AAAA,EAErD,iBAAiB,MAA2C;AAC1D,WAAO,OAAO,EAAE,MAAM,KAAK,MAAM,OAAO,KAAK,MAAM,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAM;AAC/E,YAAM,eAAe,QAAQ,KAAK,eAAe,KAAK;AACtD,YAAM,kBAAkB,KAAK,SAAS,IAAI,YAAY;AAEtD,UAAI,iBAAiB;AACnB,eAAO;AAAA,MACT;AAEA,YAAM,UAAU,sBAAsB,OAAO,YAAY;AAEzD,YAAM,iBAAiB,QAAQ;AAAA;AAAA,QAE7B;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,EAAE,GAAG,KAAK,MAAM,QAAQ,KAAK;AAAA,MAC/B;AAEA,WAAK,SAAS,IAAI,cAAc,cAAc;AAC9C,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,WAAW,MAAiC;AAC1C,WAAO,UAAU,KAAK,iBAAiB,IAAI,CAAC;AAAA,EAC9C;AACF;AAmBO,IAAM,gBAAN,cAA4B,kBAAkB;AAAA;AAAA;AAAA;AAAA,EAInC;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEhB,YAAY,MAAc,MAAyB,MAAiC;AAClF,UAAM,+BAA+B,MAAM,MAAM,IAAI;AAErD,SAAK,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAA,UAAQ;AACxC,YAAM,SAASA,MAAK,SAChB,OAAO,QAAQA,MAAK,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,SAAS,GAAG,GAAG,KAAK,KAAK,GAAG,CAAC,IACpF,CAAC;AAEL,aAAO,IAAI,MAAM;AAAA,QACf;AAAA,QACA;AAAA,UACE,QAAQ,OAAO;AAAA,YACb;AAAA,YACA;AAAA,YACA,iBAAiBA,MAAK,KAAK;AAAA,YAE3B,GAAIA,MAAK,YACL,CAAC,eAAe,gCAAgCA,MAAK,SAAS,CAAC,IAC/D,CAAC;AAAA,YAEL,GAAG;AAAA,UACL,CAAC,EAAE,MAAM,aAAW,QAAQ,KAAK,GAAG,CAAC;AAAA,UAErC,SAAS;AAAA,QACX;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED,SAAK,WAAW,KAAK,QAAQ;AAE7B,SAAK,gBAAgB,EAAE,UAAU,KAAK,UAAU,SAAS,KAAK,QAAQ,CAAC;AAAA,EACzE;AACF;AAeA,eAAsB,iBAAiB,UAA0C;AAC/E,MAAI,CAAC,QAAQ,IAAI,qBAAqB;AACpC,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,QAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,QAAQ;AACnE,QAAM,MAAM,WAAW,EAAE,WAAW,KAAK,CAAC;AAE1C,QAAM,cAAc,GAAG,SAAS,IAAI;AACpC,QAAM,iBAAiB,GAAG,SAAS,IAAI,IAAI,SAAS,OAAO;AAG3D,QAAM,QAAQ,MAAM,KAAK,aAAa,EAAE,KAAK,UAAU,CAAC;AAExD,MAAI,MAAM,SAAS,cAAc,GAAG;AAClC,WAAO,QAAQ,WAAW,cAAc;AAAA,EAC1C;AAGA,aAAW,QAAQ,OAAO;AACxB,UAAM,OAAO,QAAQ,WAAW,IAAI,CAAC;AAAA,EACvC;AAGA,QAAM,MAAM,QAAQ;AAAA,IAClB;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF,CAAC;AAGD,QAAM,UAAU,MAAM,SAAS,QAAQ,WAAW,cAAc,CAAC;AACjE,QAAM,eAAe,MAAM,OAAO,OAAO;AAEzC,MAAI,iBAAiB,SAAS,QAAQ;AACpC,UAAM,IAAI,MAAM,8BAA8B,SAAS,IAAI,GAAG;AAAA,EAChE;AAEA,SAAO,QAAQ,WAAW,cAAc;AAC1C;AASO,SAAS,sBAAsB,OAAsB,MAAuC;AACjG,QAAM,WAAW,MAAM,UAAU,MAAM,eAAa;AAClD,WAAO,UACJ,OAAO,OAAK,KAAK,GAAG,QAAQ,WAAW,CAAC,CAAC,EACzC,IAAI,cAAY,EAAE,MAAM,QAAQ,SAAS,MAAM,QAAQ,EAAE;AAAA,EAC9D,CAAC;AAED,SAAO,OAAO,QAAQ,EAAE,MAAM,CAAAC,cAAY;AACxC,UAAM,UAAUA,UAAS,KAAK,OAAK,EAAE,SAAS,IAAI,GAAG;AAErD,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB,IAAI,oCAAoC;AAAA,IAChF;AAEA,WAAO;AAAA,EACT,CAAC;AACH;AASO,SAAS,gBAAgB,OAAsB,MAAwC;AAC5F,SAAO,UAAU,sBAAsB,OAAO,IAAI,CAAC;AACrD;","names":["namespace","args","services"]}
package/dist/{chunk-3B5DTLGG.js → chunk-6L67WIZW.js} RENAMED
@@ -2,13 +2,13 @@ import {
2
2
  ExposableWorkload,
3
3
  exposableWorkloadExtraArgs,
4
4
  getExposableWorkloadComponents
5
- } from "./chunk-R43VRICF.js";
5
+ } from "./chunk-SARVLQZY.js";
6
6
  import {
7
7
  getProvider,
8
8
  mapMetadata,
9
9
  resourceIdToString,
10
10
  withPatchName
11
- } from "./chunk-HTQP2NB4.js";
11
+ } from "./chunk-Y3LZSX7I.js";
12
12
 
13
13
  // src/deployment.ts
14
14
  import { output } from "@highstate/pulumi";
@@ -180,4 +180,4 @@ var ExternalDeployment = class extends Deployment {
180
180
  export {
181
181
  Deployment
182
182
  };
183
- //# sourceMappingURL=chunk-3B5DTLGG.js.map
183
+ //# sourceMappingURL=chunk-6L67WIZW.js.map
package/dist/{chunk-R43VRICF.js → chunk-SARVLQZY.js} RENAMED
@@ -3,14 +3,14 @@ import {
3
3
  NetworkPolicy,
4
4
  Service,
5
5
  mapContainerPortToServicePort
6
- } from "./chunk-OP75IMU7.js";
6
+ } from "./chunk-WEKIQRCZ.js";
7
7
  import {
8
8
  commonExtraArgs,
9
9
  getProvider,
10
10
  mapMetadata,
11
11
  resourceIdToString,
12
12
  withPatchName
13
- } from "./chunk-HTQP2NB4.js";
13
+ } from "./chunk-Y3LZSX7I.js";
14
14
 
15
15
  // src/pvc.ts
16
16
  import { core } from "@pulumi/kubernetes";
@@ -383,7 +383,10 @@ var ExternalConfigMap = class extends ConfigMap {
383
383
 
384
384
  // src/container.ts
385
385
  import { core as core4 } from "@pulumi/kubernetes";
386
- import { normalize, output as output4 } from "@highstate/pulumi";
386
+ import {
387
+ normalize,
388
+ output as output4
389
+ } from "@highstate/pulumi";
387
390
  import { concat, map, omit as omit2 } from "remeda";
388
391
  var containerExtraArgs = [
389
392
  "port",
@@ -552,6 +555,27 @@ function mapWorkloadVolume(volume) {
552
555
  }
553
556
  return volume;
554
557
  }
558
+ function getWorkloadVolumeResourceUuid(volume) {
559
+ if (volume instanceof PersistentVolumeClaim) {
560
+ return volume.metadata.uid;
561
+ }
562
+ if (volume instanceof Secret) {
563
+ return volume.metadata.uid;
564
+ }
565
+ if (volume instanceof ConfigMap) {
566
+ return volume.metadata.uid;
567
+ }
568
+ if (core4.v1.PersistentVolumeClaim.isInstance(volume)) {
569
+ return volume.metadata.uid;
570
+ }
571
+ if (core4.v1.ConfigMap.isInstance(volume)) {
572
+ return volume.metadata.uid;
573
+ }
574
+ if (core4.v1.Secret.isInstance(volume)) {
575
+ return volume.metadata.uid;
576
+ }
577
+ return output4(void 0);
578
+ }
555
579
 
556
580
  // src/workload.ts
557
581
  import {
@@ -562,8 +586,9 @@ import {
562
586
  interpolate,
563
587
  output as output5
564
588
  } from "@pulumi/pulumi";
565
- import { uniqueBy } from "remeda";
589
+ import { filter, isNonNullish, unique, uniqueBy } from "remeda";
566
590
  import { deepmerge as deepmerge2 } from "deepmerge-ts";
591
+ import { sha256 } from "crypto-hash";
567
592
 
568
593
  // src/pod.ts
569
594
  var podSpecDefaults = {
@@ -578,16 +603,19 @@ function getWorkloadComponents(name, args, parent, opts) {
578
603
  "app.kubernetes.io/name": name
579
604
  };
580
605
  const containers = output5(args).apply((args2) => normalize2(args2.container, args2.containers));
581
- const volumes = containers.apply((containers2) => {
582
- const containerVolumes = containers2.flatMap((container) => normalize2(container.volume, container.volumes)).map(mapWorkloadVolume);
606
+ const rawVolumes = containers.apply((containers2) => {
607
+ const containerVolumes = containers2.flatMap(
608
+ (container) => normalize2(container.volume, container.volumes)
609
+ );
583
610
  const containerVolumeMounts = containers2.flatMap((container) => {
584
611
  return normalize2(container.volumeMount, container.volumeMounts).map((volumeMount) => {
585
612
  return "volume" in volumeMount ? volumeMount.volume : void 0;
586
613
  }).filter(Boolean);
587
- }).map(mapWorkloadVolume);
588
- return output5([...containerVolumes, ...containerVolumeMounts]).apply(
589
- uniqueBy((volume) => volume.name)
590
- );
614
+ });
615
+ return output5([...containerVolumes, ...containerVolumeMounts]);
616
+ });
617
+ const volumes = rawVolumes.apply((rawVolumes2) => {
618
+ return output5(rawVolumes2.map(mapWorkloadVolume)).apply(uniqueBy((volume) => volume.name));
591
619
  });
592
620
  const podSpec = output5({ args, containers, volumes }).apply(({ args: args2, containers: containers2, volumes: volumes2 }) => {
593
621
  const spec = {
@@ -608,26 +636,36 @@ function getWorkloadComponents(name, args, parent, opts) {
608
636
  }
609
637
  return spec;
610
638
  });
611
- const podTemplate = podSpec.apply((podSpec2) => {
639
+ const dependencyHash = rawVolumes.apply((rawVolumes2) => {
640
+ return output5(rawVolumes2.map(getWorkloadVolumeResourceUuid)).apply(filter(isNonNullish)).apply(unique()).apply((ids) => sha256(ids.join(",")));
641
+ });
642
+ const podTemplate = output5({ podSpec, dependencyHash }).apply(({ podSpec: podSpec2, dependencyHash: dependencyHash2 }) => {
612
643
  return {
613
- metadata: { labels },
644
+ metadata: {
645
+ labels,
646
+ annotations: {
647
+ "highstate.io/dependency-hash": dependencyHash2
648
+ }
649
+ },
614
650
  spec: podSpec2
615
651
  };
616
652
  });
617
- const networkPolicy = containers.apply((containers2) => {
653
+ const networkPolicy = output5({ args, containers }).apply(({ args: args2, containers: containers2 }) => {
618
654
  const allowedEndpoints = containers2.flatMap((container) => container.allowedEndpoints ?? []);
619
- if (allowedEndpoints.length === 0) {
620
- return void 0;
655
+ if (allowedEndpoints.length === 0 && !args2.networkPolicy) {
656
+ return output5(void 0);
621
657
  }
622
658
  return NetworkPolicy.create(
623
659
  name,
624
660
  {
625
- cluster: args.cluster,
626
- namespace: args.namespace,
661
+ cluster: args2.cluster,
662
+ namespace: args2.namespace,
627
663
  selector: labels,
628
- egressRule: {
629
- toEndpoints: allowedEndpoints
630
- }
664
+ ...args2.networkPolicy,
665
+ egressRules: [
666
+ ...args2.networkPolicy?.egressRules ?? [],
667
+ ...allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []
668
+ ]
631
669
  },
632
670
  { ...opts, parent: parent() }
633
671
  );
@@ -789,7 +827,7 @@ var ExposableWorkload = class extends Workload {
789
827
  static createOrPatchGeneric(name, args, opts) {
790
828
  return output5(args).apply(async (args2) => {
791
829
  if (args2.existing?.type === "k8s.deployment") {
792
- const { Deployment } = await import("./deployment-E3ZTF2IS.js");
830
+ const { Deployment } = await import("./deployment-QTPBNKO5.js");
793
831
  return Deployment.patch(
794
832
  name,
795
833
  {
@@ -801,7 +839,7 @@ var ExposableWorkload = class extends Workload {
801
839
  );
802
840
  }
803
841
  if (args2.existing?.type === "k8s.stateful-set") {
804
- const { StatefulSet } = await import("./stateful-set-NTU7QKC7.js");
842
+ const { StatefulSet } = await import("./stateful-set-K4GV7ZTK.js");
805
843
  return StatefulSet.patch(
806
844
  name,
807
845
  {
@@ -813,11 +851,11 @@ var ExposableWorkload = class extends Workload {
813
851
  );
814
852
  }
815
853
  if (args2.type === "Deployment") {
816
- const { Deployment } = await import("./deployment-E3ZTF2IS.js");
854
+ const { Deployment } = await import("./deployment-QTPBNKO5.js");
817
855
  return Deployment.create(name, deepmerge2(args2, args2.deployment), opts);
818
856
  }
819
857
  if (args2.type === "StatefulSet") {
820
- const { StatefulSet } = await import("./stateful-set-NTU7QKC7.js");
858
+ const { StatefulSet } = await import("./stateful-set-K4GV7ZTK.js");
821
859
  return StatefulSet.create(name, deepmerge2(args2, args2.statefulSet), opts);
822
860
  }
823
861
  throw new Error(`Unknown workload type: ${args2.type}`);
@@ -835,4 +873,4 @@ export {
835
873
  Workload,
836
874
  ExposableWorkload
837
875
  };
838
- //# sourceMappingURL=chunk-R43VRICF.js.map
876
+ //# sourceMappingURL=chunk-SARVLQZY.js.map
package/dist/chunk-SARVLQZY.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/pvc.ts","../src/secret.ts","../src/config-map.ts","../src/container.ts","../src/workload.ts","../src/pod.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n Output,\n output,\n type ComponentResourceOptions,\n type CustomResourceOptions,\n type Input,\n type Inputs,\n} from \"@highstate/pulumi\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { omit } from \"remeda\"\nimport {\n commonExtraArgs,\n getProvider,\n mapMetadata,\n resourceIdToString,\n type CommonArgs,\n type ResourceId,\n} from \"./shared\"\n\nexport type PersistentVolumeClaimArgs = CommonArgs &\n types.input.core.v1.PersistentVolumeClaimSpec & {\n /**\n * The size of the volume to request.\n *\n * By default, the size is set to \"100Mi\".\n */\n size?: string\n }\n\nexport type CreateOrGetPersistentVolumeClaimArgs = PersistentVolumeClaimArgs & {\n existing: Input<k8s.PersistentVolumeClaim> | undefined\n}\n\nconst extraPersistentVolumeClaimArgs = [...commonExtraArgs, \"size\"] as const\n\nexport abstract class PersistentVolumeClaim extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions,\n\n /**\n * The cluster where the PVC is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes PVC.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes PVC.\n */\n readonly spec: Output<types.output.core.v1.PersistentVolumeClaimSpec>,\n\n /**\n * The status of the underlying Kubernetes PVC.\n */\n readonly status: Output<types.output.core.v1.PersistentVolumeClaimStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Highstate PVC entity.\n */\n get entity(): Output<k8s.PersistentVolumeClaim> {\n return output({\n type: \"k8s.persistent-volume-claim\",\n clusterId: this.cluster.id,\n metadata: this.metadata,\n })\n }\n\n static create(\n name: string,\n args: PersistentVolumeClaimArgs,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n return new CreatedPersistentVolumeClaim(name, args, opts)\n }\n\n static of(\n name: string,\n entity: Input<k8s.PersistentVolumeClaim>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n return new ExternalPersistentVolumeClaim(name, output(entity).metadata, cluster, opts)\n }\n\n static createOrGet(\n name: string,\n args: CreateOrGetPersistentVolumeClaimArgs,\n opts: ComponentResourceOptions,\n ): PersistentVolumeClaim {\n if (!args.existing) {\n return new CreatedPersistentVolumeClaim(name, args, opts)\n }\n\n return new ExternalPersistentVolumeClaim(\n name,\n output(args.existing).metadata,\n args.cluster,\n opts,\n )\n }\n}\n\nexport class CreatedPersistentVolumeClaim extends PersistentVolumeClaim {\n constructor(name: string, args: PersistentVolumeClaimArgs, opts: CustomResourceOptions) {\n const pvc = output(args).apply(async args => {\n return new core.v1.PersistentVolumeClaim(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: deepmerge(\n {\n accessModes: [\"ReadWriteOnce\"],\n resources: {\n requests: {\n storage: args.size ?? \"100Mi\",\n },\n },\n } satisfies types.input.core.v1.PersistentVolumeClaimSpec,\n omit(args, extraPersistentVolumeClaimArgs),\n ),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"k8s:PersistentVolumeClaim\",\n name,\n args,\n opts,\n\n output(args.cluster),\n pvc.metadata,\n pvc.spec,\n pvc.status,\n )\n }\n}\n\nexport class ExternalPersistentVolumeClaim extends PersistentVolumeClaim {\n constructor(\n name: string,\n id: Input<ResourceId>,\n cluster: Input<k8s.Cluster>,\n opts: ComponentResourceOptions,\n ) {\n const pvc = output(id).apply(async id => {\n return core.v1.PersistentVolumeClaim.get(\n //\n name,\n resourceIdToString(id),\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalPersistentVolumeClaim\",\n name,\n { id, cluster },\n opts,\n\n output(cluster),\n pvc.metadata,\n pvc.spec,\n pvc.status,\n )\n }\n}\n\nexport function getAutoVolumeName(workloadName: string, index: number): string {\n if (index === 0) {\n return `${workloadName}-data`\n }\n\n return `${workloadName}-data-${index}`\n}\n","import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, withPatchName, type CommonArgs } from \"./shared\"\n\nexport type SecretArgs = CommonArgs &\n Omit<types.input.core.v1.Secret, \"kind\" | \"metadata\" | \"apiVersion\">\n\nexport type CreateOrPatchSecretArgs = SecretArgs & {\n /**\n * The resource to use to determine the name of the secret.\n *\n * If not provided, the secret will be created, otherwise it will be retrieved/patched.\n */\n existing: Input<k8s.Resource> | undefined\n}\n\nexport abstract class Secret extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the secret is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes secret.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The data of the underlying Kubernetes secret.\n */\n readonly data: Output<Record<string, string>>,\n\n /**\n * The stringData of the underlying Kubernetes secret.\n */\n readonly stringData: Output<Record<string, string>>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new secret.\n */\n static create(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {\n return new CreatedSecret(name, args, opts)\n }\n\n /**\n * Creates a new secret or patches an existing one.\n *\n * Will throw an error if the secret does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchSecretArgs,\n opts?: ComponentResourceOptions,\n ): Secret {\n if (!args.existing) {\n return new CreatedSecret(name, args, opts)\n }\n\n return new SecretPatch(\n name,\n {\n ...args,\n name: withPatchName(\"secret\", args.existing, args.cluster),\n namespace: output(args.existing).metadata.namespace,\n },\n opts,\n )\n }\n\n /**\n * Gets an existing secret.\n *\n * Will throw an error if the secret does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Secret {\n return new ExternalSecret(name, id, cluster, opts)\n }\n}\n\nclass CreatedSecret extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args).apply(async args => {\n return new core.v1.Secret(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:Secret\",\n name,\n args,\n opts,\n output(args.cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n\nclass SecretPatch extends Secret {\n constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {\n const secret = output(args).apply(async args => {\n return new core.v1.SecretPatch(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n stringData: args.stringData,\n type: args.type,\n immutable: args.immutable,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:SecretPatch\",\n name,\n args,\n opts,\n output(args.cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n\nclass ExternalSecret extends Secret {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const secret = output(id).apply(async realName => {\n return core.v1.Secret.get(\n //\n name,\n realName,\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalSecret\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n secret.metadata,\n secret.data,\n secret.stringData,\n )\n }\n}\n","import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, withPatchName, type CommonArgs } from \"./shared\"\n\nexport type ConfigMapArgs = CommonArgs &\n Omit<types.input.core.v1.ConfigMap, \"kind\" | \"metadata\" | \"apiVersion\">\n\nexport type CreateOrPatchConfigMapArgs = ConfigMapArgs & {\n /**\n * The resource to use to determine the name of the config map.\n *\n * If not provided, the config map will be created, otherwise it will be retrieved/patched.\n */\n existing: Input<k8s.Resource> | undefined\n}\n\nexport abstract class ConfigMap extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the config map is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes config map.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The data of the underlying Kubernetes config map.\n */\n readonly data: Output<Record<string, string>>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new config map.\n */\n static create(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions): ConfigMap {\n return new CreatedConfigMap(name, args, opts)\n }\n\n /**\n * Creates a new config map or patches an existing one.\n *\n * Will throw an error if the config map does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchConfigMapArgs,\n opts?: ComponentResourceOptions,\n ): ConfigMap {\n if (!args.existing) {\n return new CreatedConfigMap(name, args, opts)\n }\n\n return new ConfigMapPatch(\n name,\n {\n ...args,\n name: withPatchName(\"configmap\", args.existing, args.cluster),\n namespace: output(args.existing).metadata.namespace,\n },\n opts,\n )\n }\n\n /**\n * Gets an existing config map.\n *\n * Will throw an error if the config map does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): ConfigMap {\n return new ExternalConfigMap(name, id, cluster, opts)\n }\n}\n\nclass CreatedConfigMap extends ConfigMap {\n constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {\n const configMap = output(args).apply(async args => {\n return new core.v1.ConfigMap(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ConfigMap\",\n name,\n args,\n opts,\n output(args.cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n\nclass ConfigMapPatch extends ConfigMap {\n constructor(name: string, args: ConfigMapArgs, opts?: ComponentResourceOptions) {\n const configMap = output(args).apply(async args => {\n return new core.v1.ConfigMapPatch(\n name,\n {\n metadata: mapMetadata(args, name),\n data: args.data,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ConfigMapPatch\",\n name,\n args,\n opts,\n output(args.cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n\nclass ExternalConfigMap extends ConfigMap {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const configMap = output(id).apply(async realName => {\n return core.v1.ConfigMap.get(name, realName, {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n })\n })\n\n super(\n \"highstate:k8s:ExternalConfigMap\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n configMap.metadata,\n configMap.data,\n )\n }\n}\n","import type { PartialKeys } from \"@highstate/contract\"\nimport type { k8s, network } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n normalize,\n Output,\n output,\n type Input,\n type InputArray,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { concat, map, omit } from \"remeda\"\nimport { PersistentVolumeClaim } from \"./pvc\"\nimport { Secret } from \"./secret\"\nimport { ConfigMap } from \"./config-map\"\n\nexport type Container = Omit<PartialKeys<types.input.core.v1.Container, \"name\">, \"volumeMounts\"> & {\n /**\n * The single port to add to the container.\n */\n port?: Input<types.input.core.v1.ContainerPort>\n\n /**\n * The volume mount to attach to the container.\n */\n volumeMount?: Input<ContainerVolumeMount>\n\n /**\n * The volume mounts to attach to the container.\n */\n volumeMounts?: InputArray<ContainerVolumeMount>\n\n /**\n * The volume to include in the parent workload.\n * It is like the `volumes` property, but defined at the container level.\n * It will be defined as a volume mount in the parent workload automatically.\n */\n volume?: Input<WorkloadVolume>\n\n /**\n * The volumes to include in the parent workload.\n * It is like the `volumes` property, but defined at the container level.\n * It will be defined as a volume mount in the parent workload automatically.\n */\n volumes?: InputArray<WorkloadVolume>\n\n /**\n * The map of environment variables to set in the container.\n * It is like the `env` property, but more convenient to use.\n */\n environment?: Input<ContainerEnvironment>\n\n /**\n * The source of environment variables to set in the container.\n * It is like the `envFrom` property, but more convenient to use.\n */\n environmentSource?: Input<ContainerEnvironmentSource>\n\n /**\n * The sources of environment variables to set in the container.\n * It is like the `envFrom` property, but more convenient to use.\n */\n environmentSources?: InputArray<ContainerEnvironmentSource>\n\n /**\n * The list of endpoints that the container is allowed to access.\n *\n * This is used to generate a network policy.\n */\n allowedEndpoints?: InputArray<network.L34Endpoint>\n\n /**\n * Enable the TUN device in the container.\n *\n * All necessary security context settings will be applied to the container.\n */\n enableTun?: Input<boolean>\n}\n\nconst containerExtraArgs = [\n \"port\",\n \"volumeMount\",\n \"volume\",\n \"environment\",\n \"environmentSource\",\n \"environmentSources\",\n] as const\n\nexport type ContainerEnvironment = Record<\n string,\n Input<string | undefined | null | ContainerEnvironmentVariable>\n>\n\nexport type ContainerEnvironmentVariable =\n | types.input.core.v1.EnvVarSource\n | {\n /**\n * The secret to select from.\n */\n secret: Input<core.v1.Secret | Secret>\n\n /**\n * The key of the secret to select from.\n */\n key: string\n }\n | {\n /**\n * The config map to select from.\n */\n configMap: Input<core.v1.ConfigMap>\n\n /**\n * The key of the config map to select from.\n */\n key: string\n }\n\nexport type ContainerEnvironmentSource =\n | types.input.core.v1.EnvFromSource\n | core.v1.ConfigMap\n | core.v1.Secret\n\nexport type ContainerVolumeMount =\n | types.input.core.v1.VolumeMount\n | (Omit<types.input.core.v1.VolumeMount, \"name\"> & {\n /**\n * The volume to mount.\n */\n volume: Input<WorkloadVolume>\n })\n\nexport type WorkloadVolume =\n | types.input.core.v1.Volume\n | core.v1.PersistentVolumeClaim\n | PersistentVolumeClaim\n | core.v1.ConfigMap\n | ConfigMap\n | core.v1.Secret\n | Secret\n\nexport function mapContainerToRaw(\n container: Unwrap<Container>,\n cluster: k8s.Cluster,\n fallbackName: string,\n): types.input.core.v1.Container {\n const containerName = container.name ?? fallbackName\n\n const spec = {\n ...omit(container, containerExtraArgs),\n\n name: containerName,\n ports: normalize(container.port, container.ports),\n\n volumeMounts: map(normalize(container.volumeMount, container.volumeMounts), mapVolumeMount),\n\n env: concat(\n container.environment ? mapContainerEnvironment(container.environment) : [],\n container.env ?? [],\n ),\n\n envFrom: concat(\n map(\n normalize(container.environmentSource, container.environmentSources),\n mapEnvironmentSource,\n ),\n container.envFrom ?? [],\n ),\n } as Unwrap<types.input.core.v1.Container>\n\n if (container.enableTun) {\n spec.securityContext ??= {}\n spec.securityContext.capabilities ??= {}\n spec.securityContext.capabilities.add = [\"NET_ADMIN\"]\n\n if (cluster.quirks?.tunDevicePolicy?.type === \"plugin\") {\n spec.resources ??= {}\n spec.resources.limits ??= {}\n spec.resources.limits[cluster.quirks.tunDevicePolicy.resourceName] =\n cluster.quirks.tunDevicePolicy.resourceValue\n } else {\n spec.volumeMounts ??= []\n spec.volumeMounts.push({\n name: \"tun-device\",\n mountPath: \"/dev/net/tun\",\n readOnly: false,\n })\n }\n }\n\n return spec\n}\n\nexport function mapContainerEnvironment(\n environment: Unwrap<ContainerEnvironment>,\n): types.input.core.v1.EnvVar[] {\n const envVars: types.input.core.v1.EnvVar[] = []\n\n for (const [name, value] of Object.entries(environment)) {\n if (!value) {\n continue\n }\n\n if (typeof value === \"string\") {\n envVars.push({ name, value })\n continue\n }\n\n if (\"secret\" in value) {\n envVars.push({\n name,\n valueFrom: {\n secretKeyRef: {\n name: value.secret.metadata.name,\n key: value.key,\n },\n },\n })\n continue\n }\n\n if (\"configMap\" in value) {\n envVars.push({\n name,\n valueFrom: {\n configMapKeyRef: {\n name: value.configMap.metadata.name,\n key: value.key,\n },\n },\n })\n continue\n }\n\n envVars.push({ name, valueFrom: value })\n }\n\n return envVars\n}\n\nexport function mapVolumeMount(volumeMount: ContainerVolumeMount): types.input.core.v1.VolumeMount {\n if (\"volume\" in volumeMount) {\n return omit(\n {\n ...volumeMount,\n name: output(volumeMount.volume)\n .apply(mapWorkloadVolume)\n .apply(volume => output(volume.name)),\n },\n [\"volume\"],\n )\n }\n\n return {\n ...volumeMount,\n name: volumeMount.name,\n }\n}\n\nexport function mapEnvironmentSource(\n envFrom: ContainerEnvironmentSource,\n): types.input.core.v1.EnvFromSource {\n if (envFrom instanceof core.v1.ConfigMap) {\n return {\n configMapRef: {\n name: envFrom.metadata.name,\n },\n }\n }\n\n if (envFrom instanceof core.v1.Secret) {\n return {\n secretRef: {\n name: envFrom.metadata.name,\n },\n }\n }\n\n return envFrom\n}\n\nexport function mapWorkloadVolume(volume: WorkloadVolume) {\n if (volume instanceof PersistentVolumeClaim) {\n return {\n name: volume.metadata.name,\n persistentVolumeClaim: {\n claimName: volume.metadata.name,\n },\n }\n }\n\n if (volume instanceof Secret) {\n return {\n name: volume.metadata.name,\n secret: {\n secretName: volume.metadata.name,\n },\n }\n }\n\n if (volume instanceof ConfigMap) {\n return {\n name: volume.metadata.name,\n configMap: {\n name: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.PersistentVolumeClaim.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n persistentVolumeClaim: {\n claimName: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.ConfigMap.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n configMap: {\n name: volume.metadata.name,\n },\n }\n }\n\n if (core.v1.Secret.isInstance(volume)) {\n return {\n name: volume.metadata.name,\n secret: {\n secretName: volume.metadata.name,\n },\n }\n }\n\n return volume\n}\n\nexport function getWorkloadVolumeResourceUuid(volume: WorkloadVolume): Output<string | undefined> {\n if (volume instanceof PersistentVolumeClaim) {\n return volume.metadata.uid\n }\n\n if (volume instanceof Secret) {\n return volume.metadata.uid\n }\n\n if (volume instanceof ConfigMap) {\n return volume.metadata.uid\n }\n\n if (core.v1.PersistentVolumeClaim.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n if (core.v1.ConfigMap.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n if (core.v1.Secret.isInstance(volume)) {\n return volume.metadata.uid\n }\n\n return output(undefined)\n}\n","import type { k8s } from \"@highstate/library\"\nimport type { DeploymentArgs } from \"./deployment\"\nimport type { StatefulSetArgs } from \"./stateful-set\"\nimport type { types } from \"@pulumi/kubernetes\"\nimport {\n normalize,\n type ComponentResourceOptions,\n type InputArray,\n type InstanceTerminal,\n} from \"@highstate/pulumi\"\nimport {\n ComponentResource,\n interpolate,\n Output,\n output,\n type CustomResourceOptions,\n type Input,\n} from \"@pulumi/pulumi\"\nimport { filter, isNonNullish, unique, uniqueBy } from \"remeda\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { sha256 } from \"crypto-hash\"\nimport { commonExtraArgs, getProvider, type CommonArgs } from \"./shared\"\nimport { mapContainerPortToServicePort, Service, type ServiceArgs } from \"./service\"\nimport { HttpRoute, type HttpRouteArgs } from \"./gateway\"\nimport {\n getWorkloadVolumeResourceUuid,\n mapContainerToRaw,\n mapWorkloadVolume,\n type Container,\n type WorkloadVolume,\n} from \"./container\"\nimport { NetworkPolicy, type NetworkPolicyArgs } from \"./network-policy\"\nimport { podSpecDefaults } from \"./pod\"\n\nexport type WorkloadArgs = CommonArgs & {\n container?: Input<Container>\n containers?: InputArray<Container>\n\n /**\n * The shell to use in the terminal.\n *\n * By default, `bash` is used.\n */\n terminalShell?: string\n\n /**\n * The network policy to apply to the deployment.\n */\n networkPolicy?: Input<Omit<NetworkPolicyArgs, \"selector\" | \"cluster\" | \"namespace\">>\n}\n\nexport const workloadExtraArgs = [...commonExtraArgs, \"container\", \"containers\"] as const\n\nexport type ExposableWorkloadArgs = WorkloadArgs & {\n service?: Input<Omit<ServiceArgs, \"cluster\" | \"namespace\">>\n httpRoute?: Input<Omit<HttpRouteArgs, \"cluster\" | \"namespace\">>\n\n /**\n * The existing workload to patch.\n */\n existing?: Input<k8s.ExposableWorkload>\n}\n\nexport const exposableWorkloadExtraArgs = [...workloadExtraArgs, \"service\", \"httpRoute\"] as const\n\nexport type ExposableWorkloadType = \"Deployment\" | \"StatefulSet\"\n\nexport type GenericExposableWorkloadArgs = Omit<ExposableWorkloadArgs, \"existing\"> & {\n /**\n * The type of workload to create.\n *\n * Will be ignored if the `existing` argument is provided.\n */\n type: ExposableWorkloadType\n\n /**\n * The existing workload to patch.\n */\n existing: Input<k8s.ExposableWorkload | undefined>\n\n /**\n * The args specific to the \"Deployment\" workload type.\n *\n * Will be ignored for other workload types.\n */\n deployment?: Input<DeploymentArgs>\n\n /**\n * The args specific to the \"StatefulSet\" workload type.\n *\n * Will be ignored for other workload types.\n */\n statefulSet?: Input<StatefulSetArgs>\n}\n\nexport function getWorkloadComponents(\n name: string,\n args: WorkloadArgs,\n parent: () => ComponentResource,\n opts: ComponentResourceOptions | undefined,\n) {\n const labels = {\n \"app.kubernetes.io/name\": name,\n }\n\n const containers = output(args).apply(args => normalize(args.container, args.containers))\n\n const rawVolumes = containers.apply(containers => {\n const containerVolumes = containers.flatMap(container =>\n normalize(container.volume, container.volumes),\n )\n\n const containerVolumeMounts = containers.flatMap(container => {\n return normalize(container.volumeMount, container.volumeMounts)\n .map(volumeMount => {\n return \"volume\" in volumeMount ? volumeMount.volume : undefined\n })\n .filter(Boolean) as WorkloadVolume[]\n })\n\n return output([...containerVolumes, ...containerVolumeMounts])\n })\n\n const volumes = rawVolumes.apply(rawVolumes => {\n return output(rawVolumes.map(mapWorkloadVolume)).apply(uniqueBy(volume => volume.name))\n })\n\n const podSpec = output({ args, containers, volumes }).apply(({ args, containers, volumes }) => {\n const spec = {\n volumes,\n containers: containers.map(container => mapContainerToRaw(container, args.cluster, name)),\n ...podSpecDefaults,\n } satisfies types.input.core.v1.PodSpec\n\n if (\n containers.some(container => container.enableTun) &&\n args.cluster.quirks?.tunDevicePolicy?.type !== \"plugin\"\n ) {\n spec.volumes = output(spec.volumes).apply(volumes => [\n ...(volumes ?? []),\n {\n name: \"tun-device\",\n hostPath: {\n path: \"/dev/net/tun\",\n },\n },\n ])\n }\n\n return spec\n })\n\n const dependencyHash = rawVolumes.apply(rawVolumes => {\n return output(rawVolumes.map(getWorkloadVolumeResourceUuid))\n .apply(filter(isNonNullish))\n .apply(unique())\n .apply(ids => sha256(ids.join(\",\")))\n })\n\n const podTemplate = output({ podSpec, dependencyHash }).apply(({ podSpec, dependencyHash }) => {\n return {\n metadata: {\n labels,\n annotations: {\n \"highstate.io/dependency-hash\": dependencyHash,\n },\n },\n spec: podSpec,\n } satisfies types.input.core.v1.PodTemplateSpec\n })\n\n const networkPolicy = output({ args, containers }).apply(({ args, containers }) => {\n const allowedEndpoints = containers.flatMap(container => container.allowedEndpoints ?? [])\n\n if (allowedEndpoints.length === 0 && !args.networkPolicy) {\n return output(undefined)\n }\n\n return NetworkPolicy.create(\n name,\n {\n cluster: args.cluster,\n namespace: args.namespace,\n selector: labels,\n\n ...args.networkPolicy,\n\n egressRules: [\n ...(args.networkPolicy?.egressRules ?? []),\n ...(allowedEndpoints.length > 0 ? [{ toEndpoints: allowedEndpoints }] : []),\n ],\n },\n { ...opts, parent: parent() },\n )\n })\n\n return { labels, containers, volumes, podSpec, podTemplate, networkPolicy }\n}\n\nexport function getExposableWorkloadComponents(\n name: string,\n args: ExposableWorkloadArgs,\n parent: () => ComponentResource,\n opts: ComponentResourceOptions | undefined,\n) {\n const { labels, containers, volumes, podSpec, podTemplate, networkPolicy } =\n getWorkloadComponents(name, args, parent, opts)\n\n const service = output({ args, containers }).apply(async ({ args, containers }) => {\n if (!args.service && !args.httpRoute) {\n return undefined\n }\n\n if (args.existing?.service) {\n return Service.of(name, args.existing.service, args.cluster, { ...opts, parent: parent() })\n }\n\n if (args.existing) {\n return undefined\n }\n\n const ports = containers.flatMap(container => normalize(container.port, container.ports))\n\n return Service.create(\n name,\n {\n ...args.service,\n selector: labels,\n cluster: args.cluster,\n namespace: args.namespace,\n\n ports:\n // allow to completely override the ports\n !args.service?.port && !args.service?.ports\n ? ports.map(mapContainerPortToServicePort)\n : args.service?.ports,\n },\n {\n ...opts,\n parent: parent(),\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n const httpRoute = output({\n args,\n service,\n }).apply(async ({ args, service }) => {\n if (!args.httpRoute || !service) {\n return undefined\n }\n\n if (args.existing) {\n return undefined\n }\n\n return new HttpRoute(\n name,\n {\n ...args.httpRoute,\n cluster: args.cluster,\n rule: {\n backend: service,\n },\n },\n {\n ...opts,\n parent: parent(),\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n return { labels, containers, volumes, podSpec, podTemplate, networkPolicy, service, httpRoute }\n}\n\nexport abstract class Workload extends ComponentResource {\n protected constructor(\n type: string,\n protected readonly name: string,\n private readonly args: WorkloadArgs,\n opts: ComponentResourceOptions | undefined,\n\n protected readonly resourceType: string,\n\n /**\n * The cluster where the workload is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes workload.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The network policy associated with the workload.\n *\n * Will be created if one or more containers have `allowedEndpoints` defined.\n */\n readonly networkPolicy: Output<NetworkPolicy | undefined>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The instance terminal to interact with the deployment.\n */\n get terminal(): Output<InstanceTerminal> {\n const containerName = output(this.args).apply(args => {\n const containers = normalize(args.container, args.containers)\n\n return containers[0]?.name ?? this.name\n })\n\n return output({\n name: this.metadata.name,\n title: this.metadata.name,\n image: \"ghcr.io/exeteres/highstate/terminal-kubectl\",\n command: [\n \"exec\",\n \"kubectl\",\n \"exec\",\n \"-it\",\n \"-n\",\n this.metadata.namespace,\n interpolate`${this.resourceType}/${this.metadata.name}`,\n \"-c\",\n containerName,\n \"--\",\n this.args.terminalShell ?? \"bash\",\n ],\n files: {\n \"/kubeconfig\": this.cluster.kubeconfig,\n },\n env: {\n KUBECONFIG: \"/kubeconfig\",\n },\n })\n }\n}\n\nexport abstract class ExposableWorkload extends Workload {\n protected constructor(\n type: string,\n protected readonly name: string,\n args: ExposableWorkloadArgs,\n opts: ComponentResourceOptions | undefined,\n\n resourceType: string,\n cluster: Output<k8s.Cluster>,\n metadata: Output<types.output.meta.v1.ObjectMeta>,\n networkPolicy: Output<NetworkPolicy | undefined>,\n\n protected readonly _service: Output<Service | undefined>,\n protected readonly _httpRoute: Output<HttpRoute | undefined>,\n ) {\n super(type, name, args, opts, resourceType, cluster, metadata, networkPolicy)\n }\n\n /**\n * The service associated with the workload.\n */\n get optionalService(): Output<Service | undefined> {\n return this._service\n }\n\n /**\n * The HTTP route associated with the workload.\n */\n get optionalHttpRoute(): Output<HttpRoute | undefined> {\n return this._httpRoute\n }\n\n /**\n * The service associated with the workload.\n *\n * Will throw an error if the service is not available.\n */\n get service(): Output<Service> {\n return this._service.apply(service => {\n if (!service) {\n throw new Error(`The service of the workload \"${this.name}\" is not available.`)\n }\n\n return service\n })\n }\n\n /**\n * The HTTP route associated with the workload.\n *\n * Will throw an error if the HTTP route is not available.\n */\n get httpRoute(): Output<HttpRoute> {\n return this._httpRoute.apply(httpRoute => {\n if (!httpRoute) {\n throw new Error(`The HTTP route of the workload \"${this.name}\" is not available.`)\n }\n\n return httpRoute\n })\n }\n\n /**\n * The entity of the workload.\n */\n abstract get entity(): Output<k8s.ExposableWorkload>\n\n /**\n * The sped of the underlying Kubernetes workload.\n */\n abstract get spec(): Output<\n types.output.apps.v1.DeploymentSpec | types.output.apps.v1.StatefulSetSpec\n >\n\n /**\n * Creates a generic workload or patches the existing one.\n */\n static createOrPatchGeneric(\n name: string,\n args: GenericExposableWorkloadArgs,\n opts?: CustomResourceOptions,\n ): Output<ExposableWorkload> {\n return output(args).apply(async args => {\n if (args.existing?.type === \"k8s.deployment\") {\n const { Deployment } = await import(\"./deployment\")\n\n return Deployment.patch(\n name,\n {\n ...deepmerge(args, args.deployment),\n name: args.existing.metadata.name,\n namespace: args.existing.metadata.namespace,\n },\n opts,\n )\n }\n\n if (args.existing?.type === \"k8s.stateful-set\") {\n const { StatefulSet } = await import(\"./stateful-set\")\n\n return StatefulSet.patch(\n name,\n {\n ...deepmerge(args, args.statefulSet),\n name: args.existing.metadata.name,\n namespace: args.existing.metadata.namespace,\n },\n opts,\n )\n }\n\n if (args.type === \"Deployment\") {\n const { Deployment } = await import(\"./deployment\")\n\n return Deployment.create(name, deepmerge(args, args.deployment), opts)\n }\n\n if (args.type === \"StatefulSet\") {\n const { StatefulSet } = await import(\"./stateful-set\")\n\n return StatefulSet.create(name, deepmerge(args, args.statefulSet), opts)\n }\n\n throw new Error(`Unknown workload type: ${args.type as string}`)\n })\n }\n}\n","import type { types } from \"@pulumi/kubernetes\"\n\nexport const podSpecDefaults: Partial<types.input.core.v1.PodSpec> = {\n automountServiceAccountToken: false,\n}\n"],"mappings":";;;;;;;;;;;;;;;AACA,SAAS,YAAwB;AACjC;AAAA,EACE;AAAA,EAEA;AAAA,OAKK;AACP,SAAS,iBAAiB;AAC1B,SAAS,YAAY;AAwBrB,IAAM,iCAAiC,CAAC,GAAG,iBAAiB,MAAM;AAE3D,IAAe,wBAAf,cAA6C,kBAAkB;AAAA,EAC1D,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAA4C;AAC9C,WAAO,OAAO;AAAA,MACZ,MAAM;AAAA,MACN,WAAW,KAAK,QAAQ;AAAA,MACxB,UAAU,KAAK;AAAA,IACjB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OACL,MACA,MACA,MACuB;AACvB,WAAO,IAAI,6BAA6B,MAAM,MAAM,IAAI;AAAA,EAC1D;AAAA,EAEA,OAAO,GACL,MACA,QACA,SACA,MACuB;AACvB,WAAO,IAAI,8BAA8B,MAAM,OAAO,MAAM,EAAE,UAAU,SAAS,IAAI;AAAA,EACvF;AAAA,EAEA,OAAO,YACL,MACA,MACA,MACuB;AACvB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,6BAA6B,MAAM,MAAM,IAAI;AAAA,IAC1D;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA,OAAO,KAAK,QAAQ,EAAE;AAAA,MACtB,KAAK;AAAA,MACL;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,+BAAN,cAA2C,sBAAsB;AAAA,EACtE,YAAY,MAAc,MAAiC,MAA6B;AACtF,UAAM,MAAM,OAAO,IAAI,EAAE,MAAM,OAAMA,UAAQ;AAC3C,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYA,OAAM,IAAI;AAAA,UAChC,MAAM;AAAA,YACJ;AAAA,cACE,aAAa,CAAC,eAAe;AAAA,cAC7B,WAAW;AAAA,gBACT,UAAU;AAAA,kBACR,SAASA,MAAK,QAAQ;AAAA,gBACxB;AAAA,cACF;AAAA,YACF;AAAA,YACA,KAAKA,OAAM,8BAA8B;AAAA,UAC3C;AAAA,QACF;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,OAAO,KAAK,OAAO;AAAA,MACnB,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACN;AAAA,EACF;AACF;AAEO,IAAM,gCAAN,cAA4C,sBAAsB;AAAA,EACvE,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,MAAM,OAAO,EAAE,EAAE,MAAM,OAAMC,QAAM;AACvC,aAAO,KAAK,GAAG,sBAAsB;AAAA;AAAA,QAEnC;AAAA,QACA,mBAAmBA,GAAE;AAAA,QACrB;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACN;AAAA,EACF;AACF;;;AC1LA,SAAS,QAAAC,aAAwB;AACjC;AAAA,EACE,qBAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AAeA,IAAe,SAAf,cAA8BC,mBAAkB;AAAA,EAC3C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,YACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAkB,MAAyC;AACrF,WAAO,IAAI,cAAc,MAAM,MAAM,IAAI;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACQ;AACR,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,cAAc,MAAM,MAAM,IAAI;AAAA,IAC3C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAM,cAAc,UAAU,KAAK,UAAU,KAAK,OAAO;AAAA,QACzD,WAAWC,QAAO,KAAK,QAAQ,EAAE,SAAS;AAAA,MAC5C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACQ;AACR,WAAO,IAAI,eAAe,MAAM,IAAI,SAAS,IAAI;AAAA,EACnD;AACF;AAEA,IAAM,gBAAN,cAA4B,OAAO;AAAA,EACjC,YAAY,MAAc,MAAkB,MAAiC;AAC3E,UAAM,SAASA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AAC9C,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,UACX,YAAYA,MAAK;AAAA,UACjB,MAAMA,MAAK;AAAA,UACX,WAAWA,MAAK;AAAA,QAClB;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,IAAM,cAAN,cAA0B,OAAO;AAAA,EAC/B,YAAY,MAAc,MAAkB,MAAiC;AAC3E,UAAM,SAASA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AAC9C,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,UACX,YAAYA,MAAK;AAAA,UACjB,MAAMA,MAAK;AAAA,UACX,WAAWA,MAAK;AAAA,QAClB;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,OAAO;AAAA,EAClC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,SAASA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AAChD,aAAOE,MAAK,GAAG,OAAO;AAAA;AAAA,QAEpB;AAAA,QACA;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrMA,SAAS,QAAAG,aAAwB;AACjC;AAAA,EACE,qBAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AAeA,IAAe,YAAf,cAAiCC,mBAAkB;AAAA,EAC9C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAZnB;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAqB,MAA4C;AAC3F,WAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAM,cAAc,aAAa,KAAK,UAAU,KAAK,OAAO;AAAA,QAC5D,WAAWC,QAAO,KAAK,QAAQ,EAAE,SAAS;AAAA,MAC5C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACW;AACX,WAAO,IAAI,kBAAkB,MAAM,IAAI,SAAS,IAAI;AAAA,EACtD;AACF;AAEA,IAAM,mBAAN,cAA+B,UAAU;AAAA,EACvC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,QACb;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,UAAU;AAAA,EACrC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYD,OAAM,IAAI;AAAA,UAChC,MAAMA,MAAK;AAAA,QACb;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,oBAAN,cAAgC,UAAU;AAAA,EACxC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,YAAYA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AACnD,aAAOE,MAAK,GAAG,UAAU,IAAI,MAAM,UAAU;AAAA,QAC3C,GAAG;AAAA,QACH,QAAQ;AAAA,QACR,UAAU,MAAM,YAAY,OAAO;AAAA,MACrC,CAAC;AAAA,IACH,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;;;ACjLA,SAAS,QAAAG,aAAwB;AACjC;AAAA,EACE;AAAA,EAEA,UAAAC;AAAA,OAIK;AACP,SAAS,QAAQ,KAAK,QAAAC,aAAY;AAoElC,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAuDO,SAAS,kBACd,WACA,SACA,cAC+B;AAC/B,QAAM,gBAAgB,UAAU,QAAQ;AAExC,QAAM,OAAO;AAAA,IACX,GAAGC,MAAK,WAAW,kBAAkB;AAAA,IAErC,MAAM;AAAA,IACN,OAAO,UAAU,UAAU,MAAM,UAAU,KAAK;AAAA,IAEhD,cAAc,IAAI,UAAU,UAAU,aAAa,UAAU,YAAY,GAAG,cAAc;AAAA,IAE1F,KAAK;AAAA,MACH,UAAU,cAAc,wBAAwB,UAAU,WAAW,IAAI,CAAC;AAAA,MAC1E,UAAU,OAAO,CAAC;AAAA,IACpB;AAAA,IAEA,SAAS;AAAA,MACP;AAAA,QACE,UAAU,UAAU,mBAAmB,UAAU,kBAAkB;AAAA,QACnE;AAAA,MACF;AAAA,MACA,UAAU,WAAW,CAAC;AAAA,IACxB;AAAA,EACF;AAEA,MAAI,UAAU,WAAW;AACvB,SAAK,oBAAoB,CAAC;AAC1B,SAAK,gBAAgB,iBAAiB,CAAC;AACvC,SAAK,gBAAgB,aAAa,MAAM,CAAC,WAAW;AAEpD,QAAI,QAAQ,QAAQ,iBAAiB,SAAS,UAAU;AACtD,WAAK,cAAc,CAAC;AACpB,WAAK,UAAU,WAAW,CAAC;AAC3B,WAAK,UAAU,OAAO,QAAQ,OAAO,gBAAgB,YAAY,IAC/D,QAAQ,OAAO,gBAAgB;AAAA,IACnC,OAAO;AACL,WAAK,iBAAiB,CAAC;AACvB,WAAK,aAAa,KAAK;AAAA,QACrB,MAAM;AAAA,QACN,WAAW;AAAA,QACX,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,wBACd,aAC8B;AAC9B,QAAM,UAAwC,CAAC;AAE/C,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,WAAW,GAAG;AACvD,QAAI,CAAC,OAAO;AACV;AAAA,IACF;AAEA,QAAI,OAAO,UAAU,UAAU;AAC7B,cAAQ,KAAK,EAAE,MAAM,MAAM,CAAC;AAC5B;AAAA,IACF;AAEA,QAAI,YAAY,OAAO;AACrB,cAAQ,KAAK;AAAA,QACX;AAAA,QACA,WAAW;AAAA,UACT,cAAc;AAAA,YACZ,MAAM,MAAM,OAAO,SAAS;AAAA,YAC5B,KAAK,MAAM;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AACD;AAAA,IACF;AAEA,QAAI,eAAe,OAAO;AACxB,cAAQ,KAAK;AAAA,QACX;AAAA,QACA,WAAW;AAAA,UACT,iBAAiB;AAAA,YACf,MAAM,MAAM,UAAU,SAAS;AAAA,YAC/B,KAAK,MAAM;AAAA,UACb;AAAA,QACF;AAAA,MACF,CAAC;AACD;AAAA,IACF;AAEA,YAAQ,KAAK,EAAE,MAAM,WAAW,MAAM,CAAC;AAAA,EACzC;AAEA,SAAO;AACT;AAEO,SAAS,eAAe,aAAoE;AACjG,MAAI,YAAY,aAAa;AAC3B,WAAOA;AAAA,MACL;AAAA,QACE,GAAG;AAAA,QACH,MAAMC,QAAO,YAAY,MAAM,EAC5B,MAAM,iBAAiB,EACvB,MAAM,YAAUA,QAAO,OAAO,IAAI,CAAC;AAAA,MACxC;AAAA,MACA,CAAC,QAAQ;AAAA,IACX;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,YAAY;AAAA,EACpB;AACF;AAEO,SAAS,qBACd,SACmC;AACnC,MAAI,mBAAmBC,MAAK,GAAG,WAAW;AACxC,WAAO;AAAA,MACL,cAAc;AAAA,QACZ,MAAM,QAAQ,SAAS;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,MAAI,mBAAmBA,MAAK,GAAG,QAAQ;AACrC,WAAO;AAAA,MACL,WAAW;AAAA,QACT,MAAM,QAAQ,SAAS;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,kBAAkB,QAAwB;AACxD,MAAI,kBAAkB,uBAAuB;AAC3C,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,uBAAuB;AAAA,QACrB,WAAW,OAAO,SAAS;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,MAAI,kBAAkB,QAAQ;AAC5B,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,QAAQ;AAAA,QACN,YAAY,OAAO,SAAS;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,MAAI,kBAAkB,WAAW;AAC/B,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,WAAW;AAAA,QACT,MAAM,OAAO,SAAS;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,sBAAsB,WAAW,MAAM,GAAG;AACpD,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,uBAAuB;AAAA,QACrB,WAAW,OAAO,SAAS;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,UAAU,WAAW,MAAM,GAAG;AACxC,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,WAAW;AAAA,QACT,MAAM,OAAO,SAAS;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,MAAK,GAAG,OAAO,WAAW,MAAM,GAAG;AACrC,WAAO;AAAA,MACL,MAAM,OAAO,SAAS;AAAA,MACtB,QAAQ;AAAA,QACN,YAAY,OAAO,SAAS;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,8BAA8B,QAAoD;AAChG,MAAI,kBAAkB,uBAAuB;AAC3C,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,kBAAkB,QAAQ;AAC5B,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAI,kBAAkB,WAAW;AAC/B,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,sBAAsB,WAAW,MAAM,GAAG;AACpD,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,UAAU,WAAW,MAAM,GAAG;AACxC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,MAAIA,MAAK,GAAG,OAAO,WAAW,MAAM,GAAG;AACrC,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,SAAOD,QAAO,MAAS;AACzB;;;ACzWA;AAAA,EACE,aAAAE;AAAA,OAIK;AACP;AAAA,EACE,qBAAAC;AAAA,EACA;AAAA,EAEA,UAAAC;AAAA,OAGK;AACP,SAAS,QAAQ,cAAc,QAAQ,gBAAgB;AACvD,SAAS,aAAAC,kBAAiB;AAC1B,SAAS,cAAc;;;AClBhB,IAAM,kBAAwD;AAAA,EACnE,8BAA8B;AAChC;;;AD+CO,IAAM,oBAAoB,CAAC,GAAG,iBAAiB,aAAa,YAAY;AAYxE,IAAM,6BAA6B,CAAC,GAAG,mBAAmB,WAAW,WAAW;AAgChF,SAAS,sBACd,MACA,MACA,QACA,MACA;AACA,QAAM,SAAS;AAAA,IACb,0BAA0B;AAAA,EAC5B;AAEA,QAAM,aAAaC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQC,WAAUD,MAAK,WAAWA,MAAK,UAAU,CAAC;AAExF,QAAM,aAAa,WAAW,MAAM,CAAAE,gBAAc;AAChD,UAAM,mBAAmBA,YAAW;AAAA,MAAQ,eAC1CD,WAAU,UAAU,QAAQ,UAAU,OAAO;AAAA,IAC/C;AAEA,UAAM,wBAAwBC,YAAW,QAAQ,eAAa;AAC5D,aAAOD,WAAU,UAAU,aAAa,UAAU,YAAY,EAC3D,IAAI,iBAAe;AAClB,eAAO,YAAY,cAAc,YAAY,SAAS;AAAA,MACxD,CAAC,EACA,OAAO,OAAO;AAAA,IACnB,CAAC;AAED,WAAOF,QAAO,CAAC,GAAG,kBAAkB,GAAG,qBAAqB,CAAC;AAAA,EAC/D,CAAC;AAED,QAAM,UAAU,WAAW,MAAM,CAAAI,gBAAc;AAC7C,WAAOJ,QAAOI,YAAW,IAAI,iBAAiB,CAAC,EAAE,MAAM,SAAS,YAAU,OAAO,IAAI,CAAC;AAAA,EACxF,CAAC;AAED,QAAM,UAAUJ,QAAO,EAAE,MAAM,YAAY,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,MAAAC,OAAM,YAAAE,aAAY,SAAAE,SAAQ,MAAM;AAC7F,UAAM,OAAO;AAAA,MACX,SAAAA;AAAA,MACA,YAAYF,YAAW,IAAI,eAAa,kBAAkB,WAAWF,MAAK,SAAS,IAAI,CAAC;AAAA,MACxF,GAAG;AAAA,IACL;AAEA,QACEE,YAAW,KAAK,eAAa,UAAU,SAAS,KAChDF,MAAK,QAAQ,QAAQ,iBAAiB,SAAS,UAC/C;AACA,WAAK,UAAUD,QAAO,KAAK,OAAO,EAAE,MAAM,CAAAK,aAAW;AAAA,QACnD,GAAIA,YAAW,CAAC;AAAA,QAChB;AAAA,UACE,MAAM;AAAA,UACN,UAAU;AAAA,YACR,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT,CAAC;AAED,QAAM,iBAAiB,WAAW,MAAM,CAAAD,gBAAc;AACpD,WAAOJ,QAAOI,YAAW,IAAI,6BAA6B,CAAC,EACxD,MAAM,OAAO,YAAY,CAAC,EAC1B,MAAM,OAAO,CAAC,EACd,MAAM,SAAO,OAAO,IAAI,KAAK,GAAG,CAAC,CAAC;AAAA,EACvC,CAAC;AAED,QAAM,cAAcJ,QAAO,EAAE,SAAS,eAAe,CAAC,EAAE,MAAM,CAAC,EAAE,SAAAM,UAAS,gBAAAC,gBAAe,MAAM;AAC7F,WAAO;AAAA,MACL,UAAU;AAAA,QACR;AAAA,QACA,aAAa;AAAA,UACX,gCAAgCA;AAAA,QAClC;AAAA,MACF;AAAA,MACA,MAAMD;AAAA,IACR;AAAA,EACF,CAAC;AAED,QAAM,gBAAgBN,QAAO,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM,CAAC,EAAE,MAAAC,OAAM,YAAAE,YAAW,MAAM;AACjF,UAAM,mBAAmBA,YAAW,QAAQ,eAAa,UAAU,oBAAoB,CAAC,CAAC;AAEzF,QAAI,iBAAiB,WAAW,KAAK,CAACF,MAAK,eAAe;AACxD,aAAOD,QAAO,MAAS;AAAA,IACzB;AAEA,WAAO,cAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE,SAASC,MAAK;AAAA,QACd,WAAWA,MAAK;AAAA,QAChB,UAAU;AAAA,QAEV,GAAGA,MAAK;AAAA,QAER,aAAa;AAAA,UACX,GAAIA,MAAK,eAAe,eAAe,CAAC;AAAA,UACxC,GAAI,iBAAiB,SAAS,IAAI,CAAC,EAAE,aAAa,iBAAiB,CAAC,IAAI,CAAC;AAAA,QAC3E;AAAA,MACF;AAAA,MACA,EAAE,GAAG,MAAM,QAAQ,OAAO,EAAE;AAAA,IAC9B;AAAA,EACF,CAAC;AAED,SAAO,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,cAAc;AAC5E;AAEO,SAAS,+BACd,MACA,MACA,QACA,MACA;AACA,QAAM,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,cAAc,IACvE,sBAAsB,MAAM,MAAM,QAAQ,IAAI;AAEhD,QAAM,UAAUD,QAAO,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,YAAAE,YAAW,MAAM;AACjF,QAAI,CAACF,MAAK,WAAW,CAACA,MAAK,WAAW;AACpC,aAAO;AAAA,IACT;AAEA,QAAIA,MAAK,UAAU,SAAS;AAC1B,aAAO,QAAQ,GAAG,MAAMA,MAAK,SAAS,SAASA,MAAK,SAAS,EAAE,GAAG,MAAM,QAAQ,OAAO,EAAE,CAAC;AAAA,IAC5F;AAEA,QAAIA,MAAK,UAAU;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,QAAQE,YAAW,QAAQ,eAAaD,WAAU,UAAU,MAAM,UAAU,KAAK,CAAC;AAExF,WAAO,QAAQ;AAAA,MACb;AAAA,MACA;AAAA,QACE,GAAGD,MAAK;AAAA,QACR,UAAU;AAAA,QACV,SAASA,MAAK;AAAA,QACd,WAAWA,MAAK;AAAA,QAEhB;AAAA;AAAA,UAEE,CAACA,MAAK,SAAS,QAAQ,CAACA,MAAK,SAAS,QAClC,MAAM,IAAI,6BAA6B,IACvCA,MAAK,SAAS;AAAA;AAAA,MACtB;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,QAAQ,OAAO;AAAA,QACf,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,CAAC;AAED,QAAM,YAAYD,QAAO;AAAA,IACvB;AAAA,IACA;AAAA,EACF,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,SAAAO,SAAQ,MAAM;AACpC,QAAI,CAACP,MAAK,aAAa,CAACO,UAAS;AAC/B,aAAO;AAAA,IACT;AAEA,QAAIP,MAAK,UAAU;AACjB,aAAO;AAAA,IACT;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAGA,MAAK;AAAA,QACR,SAASA,MAAK;AAAA,QACd,MAAM;AAAA,UACJ,SAASO;AAAA,QACX;AAAA,MACF;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,QAAQ,OAAO;AAAA,QACf,UAAU,MAAM,YAAYP,MAAK,OAAO;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO,EAAE,QAAQ,YAAY,SAAS,SAAS,aAAa,eAAe,SAAS,UAAU;AAChG;AAEO,IAAe,WAAf,cAAgCQ,mBAAkB;AAAA,EAC7C,YACR,MACmB,MACF,MACjB,MAEmB,cAKV,SAKA,UAOA,eACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAvBT;AACF;AAGE;AAKV;AAKA;AAOA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,WAAqC;AACvC,UAAM,gBAAgBT,QAAO,KAAK,IAAI,EAAE,MAAM,UAAQ;AACpD,YAAM,aAAaE,WAAU,KAAK,WAAW,KAAK,UAAU;AAE5D,aAAO,WAAW,CAAC,GAAG,QAAQ,KAAK;AAAA,IACrC,CAAC;AAED,WAAOF,QAAO;AAAA,MACZ,MAAM,KAAK,SAAS;AAAA,MACpB,OAAO,KAAK,SAAS;AAAA,MACrB,OAAO;AAAA,MACP,SAAS;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,KAAK,SAAS;AAAA,QACd,cAAc,KAAK,YAAY,IAAI,KAAK,SAAS,IAAI;AAAA,QACrD;AAAA,QACA;AAAA,QACA;AAAA,QACA,KAAK,KAAK,iBAAiB;AAAA,MAC7B;AAAA,MACA,OAAO;AAAA,QACL,eAAe,KAAK,QAAQ;AAAA,MAC9B;AAAA,MACA,KAAK;AAAA,QACH,YAAY;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEO,IAAe,oBAAf,cAAyC,SAAS;AAAA,EAC7C,YACR,MACmB,MACnB,MACA,MAEA,cACA,SACA,UACA,eAEmB,UACA,YACnB;AACA,UAAM,MAAM,MAAM,MAAM,MAAM,cAAc,SAAS,UAAU,aAAa;AAZzD;AASA;AACA;AAAA,EAGrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,kBAA+C;AACjD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,oBAAmD;AACrD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,UAA2B;AAC7B,WAAO,KAAK,SAAS,MAAM,aAAW;AACpC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,gCAAgC,KAAK,IAAI,qBAAqB;AAAA,MAChF;AAEA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,YAA+B;AACjC,WAAO,KAAK,WAAW,MAAM,eAAa;AACxC,UAAI,CAAC,WAAW;AACd,cAAM,IAAI,MAAM,mCAAmC,KAAK,IAAI,qBAAqB;AAAA,MACnF;AAEA,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAiBA,OAAO,qBACL,MACA,MACA,MAC2B;AAC3B,WAAOA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACtC,UAAIA,MAAK,UAAU,SAAS,kBAAkB;AAC5C,cAAM,EAAE,WAAW,IAAI,MAAM,OAAO,0BAAc;AAElD,eAAO,WAAW;AAAA,UAChB;AAAA,UACA;AAAA,YACE,GAAGS,WAAUT,OAAMA,MAAK,UAAU;AAAA,YAClC,MAAMA,MAAK,SAAS,SAAS;AAAA,YAC7B,WAAWA,MAAK,SAAS,SAAS;AAAA,UACpC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAIA,MAAK,UAAU,SAAS,oBAAoB;AAC9C,cAAM,EAAE,YAAY,IAAI,MAAM,OAAO,4BAAgB;AAErD,eAAO,YAAY;AAAA,UACjB;AAAA,UACA;AAAA,YACE,GAAGS,WAAUT,OAAMA,MAAK,WAAW;AAAA,YACnC,MAAMA,MAAK,SAAS,SAAS;AAAA,YAC7B,WAAWA,MAAK,SAAS,SAAS;AAAA,UACpC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAIA,MAAK,SAAS,cAAc;AAC9B,cAAM,EAAE,WAAW,IAAI,MAAM,OAAO,0BAAc;AAElD,eAAO,WAAW,OAAO,MAAMS,WAAUT,OAAMA,MAAK,UAAU,GAAG,IAAI;AAAA,MACvE;AAEA,UAAIA,MAAK,SAAS,eAAe;AAC/B,cAAM,EAAE,YAAY,IAAI,MAAM,OAAO,4BAAgB;AAErD,eAAO,YAAY,OAAO,MAAMS,WAAUT,OAAMA,MAAK,WAAW,GAAG,IAAI;AAAA,MACzE;AAEA,YAAM,IAAI,MAAM,0BAA0BA,MAAK,IAAc,EAAE;AAAA,IACjE,CAAC;AAAA,EACH;AACF;","names":["args","id","core","ComponentResource","output","ComponentResource","output","args","core","core","ComponentResource","output","ComponentResource","output","args","core","core","output","omit","omit","output","core","normalize","ComponentResource","output","deepmerge","output","args","normalize","containers","rawVolumes","volumes","podSpec","dependencyHash","service","ComponentResource","deepmerge"]}
package/dist/{chunk-FF3GFWG3.js → chunk-VL7Z5FJQ.js} RENAMED
@@ -2,13 +2,13 @@ import {
2
2
  ExposableWorkload,
3
3
  exposableWorkloadExtraArgs,
4
4
  getExposableWorkloadComponents
5
- } from "./chunk-R43VRICF.js";
5
+ } from "./chunk-SARVLQZY.js";
6
6
  import {
7
7
  getProvider,
8
8
  mapMetadata,
9
9
  resourceIdToString,
10
10
  withPatchName
11
- } from "./chunk-HTQP2NB4.js";
11
+ } from "./chunk-Y3LZSX7I.js";
12
12
 
13
13
  // src/stateful-set.ts
14
14
  import { output } from "@highstate/pulumi";
@@ -190,4 +190,4 @@ var ExternalStatefulSet = class extends StatefulSet {
190
190
  export {
191
191
  StatefulSet
192
192
  };
193
- //# sourceMappingURL=chunk-FF3GFWG3.js.map
193
+ //# sourceMappingURL=chunk-VL7Z5FJQ.js.map
package/dist/{chunk-OP75IMU7.js → chunk-WEKIQRCZ.js} RENAMED
@@ -6,7 +6,7 @@ import {
6
6
  mapNamespaceNameToSelector,
7
7
  mapSelectorLikeToSelector,
8
8
  resourceIdToString
9
- } from "./chunk-HTQP2NB4.js";
9
+ } from "./chunk-Y3LZSX7I.js";
10
10
 
11
11
  // src/service.ts
12
12
  import { core } from "@pulumi/kubernetes";
@@ -62,7 +62,7 @@ var Service = class extends ComponentResource {
62
62
  static wrap(name, service, cluster, opts) {
63
63
  return new WrappedService(name, service, cluster, opts);
64
64
  }
65
- static external(name, id, cluster, opts) {
65
+ static get(name, id, cluster, opts) {
66
66
  return new ExternalService(name, id, cluster, opts);
67
67
  }
68
68
  static of(name, entity, cluster, opts) {
@@ -337,6 +337,32 @@ function mapHttpRouteRuleMatch(match) {
337
337
  return match;
338
338
  }
339
339
 
340
+ // src/network.ts
341
+ import { filterEndpoints as filterEndpoints2 } from "@highstate/common";
342
+ function getBestEndpoint(endpoints, cluster) {
343
+ if (!endpoints.length) {
344
+ return void 0;
345
+ }
346
+ if (endpoints.length === 1) {
347
+ return endpoints[0];
348
+ }
349
+ if (!cluster) {
350
+ return filterEndpoints2(endpoints)[0];
351
+ }
352
+ const clusterEndpoint = endpoints.find((endpoint) => isFromCluster(endpoint, cluster));
353
+ if (clusterEndpoint) {
354
+ return clusterEndpoint;
355
+ }
356
+ return filterEndpoints2(endpoints)[0];
357
+ }
358
+ function requireBestEndpoint(endpoints, cluster) {
359
+ const endpoint = getBestEndpoint(endpoints, cluster);
360
+ if (!endpoint) {
361
+ throw new Error(`No best endpoint found for cluster "${cluster.name}" (${cluster.id})`);
362
+ }
363
+ return endpoint;
364
+ }
365
+
340
366
  // src/network-policy.ts
341
367
  import { networking } from "@pulumi/kubernetes";
342
368
  import {
@@ -386,21 +412,13 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
386
412
  args2.ingressRule?.fromEndpoints
387
413
  );
388
414
  const parsedEndpoints = endpoints.map(parseL34Endpoint);
389
- const endpointsByPortsAndNamespaces = groupBy(parsedEndpoints, (endpoint) => {
415
+ const endpointsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
390
416
  const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
391
- const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
392
- return `${port ?? "0"}:${namespace}`;
417
+ return namespace;
393
418
  });
394
- const l3OnlyRule = endpointsByPortsAndNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
395
- void 0,
396
- endpointsByPortsAndNamespaces["0:"],
397
- args2.cluster
398
- ) : void 0;
399
- const otherRules = Object.entries(endpointsByPortsAndNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
400
- const [port] = key.split(":");
401
- const portNumber = parseInt(port, 10);
402
- const portValue = isNaN(portNumber) ? port : portNumber;
403
- return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
419
+ const l3OnlyRule = endpointsNamespaces[""] ? _NetworkPolicy.getRuleFromEndpoint(void 0, endpointsNamespaces[""], args2.cluster) : void 0;
420
+ const otherRules = Object.entries(endpointsNamespaces).filter(([key]) => key !== "").map(([, endpoints2]) => {
421
+ return _NetworkPolicy.getRuleFromEndpoint(void 0, endpoints2, args2.cluster);
404
422
  });
405
423
  return [
406
424
  {
@@ -579,7 +597,7 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
579
597
  static allowEgressToEndpoint(endpoint, namespace, cluster, opts) {
580
598
  const parsedEndpoint = parseL34Endpoint(endpoint);
581
599
  return _NetworkPolicy.create(
582
- `allow-egress-to-${l34EndpointToString(parsedEndpoint)}`,
600
+ `allow-egress-to-${l34EndpointToString(parsedEndpoint).replace(":", "-")}`,
583
601
  {
584
602
  namespace,
585
603
  cluster,
@@ -589,6 +607,12 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
589
607
  opts
590
608
  );
591
609
  }
610
+ static allowEgressToBestEndpoint(endpoints, namespace, cluster, opts) {
611
+ return output4({ endpoints, cluster }).apply(({ endpoints: endpoints2, cluster: cluster2 }) => {
612
+ const bestEndpoint = requireBestEndpoint(endpoints2.map(parseL34Endpoint), cluster2);
613
+ return _NetworkPolicy.allowEgressToEndpoint(bestEndpoint, namespace, cluster2, opts);
614
+ });
615
+ }
592
616
  static allowIngressFromEndpoint(endpoint, namespace, cluster, opts) {
593
617
  const parsedEndpoint = parseL34Endpoint(endpoint);
594
618
  return _NetworkPolicy.create(
@@ -761,6 +785,8 @@ export {
761
785
  mapServiceToLabelSelector,
762
786
  getServiceType,
763
787
  HttpRoute,
788
+ getBestEndpoint,
789
+ requireBestEndpoint,
764
790
  NetworkPolicy
765
791
  };
766
- //# sourceMappingURL=chunk-OP75IMU7.js.map
792
+ //# sourceMappingURL=chunk-WEKIQRCZ.js.map