npm - @highstate/k8s - Versions diffs - 0.9.13 → 0.9.15 - Mend

@highstate/k8s 0.9.13 → 0.9.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist/{chunk-QLQ3QVGT.js → chunk-KBWGED2C.js} +15 -10
package/dist/chunk-KBWGED2C.js.map +1 -0
package/dist/{chunk-5S4JPM4M.js → chunk-MKFBWTVZ.js} +36 -4
package/dist/chunk-MKFBWTVZ.js.map +1 -0
package/dist/chunk-P2UABKGA.js +1664 -0
package/dist/chunk-P2UABKGA.js.map +1 -0
package/dist/chunk-PZ5AY32C.js +10 -0
package/dist/{chunk-VL7Z5FJQ.js → chunk-QMWFPJQB.js} +23 -3
package/dist/chunk-QMWFPJQB.js.map +1 -0
package/dist/{chunk-6L67WIZW.js → chunk-YRC7EI6X.js} +23 -3
package/dist/chunk-YRC7EI6X.js.map +1 -0
package/dist/{chunk-Y3LZSX7I.js → chunk-YUMBUWA4.js} +23 -1
package/dist/chunk-YUMBUWA4.js.map +1 -0
package/dist/deployment-KOZNZXJA.js +10 -0
package/dist/highstate.manifest.json +8 -8
package/dist/index.js +17 -18
package/dist/index.js.map +1 -1
package/dist/stateful-set-H5BR3H5D.js +10 -0
package/dist/stateful-set-H5BR3H5D.js.map +1 -0
package/dist/units/access-point/index.js +2 -0
package/dist/units/access-point/index.js.map +1 -1
package/dist/units/cert-manager/index.js +6 -3
package/dist/units/cert-manager/index.js.map +1 -1
package/dist/units/cluster-dns/index.js +2 -0
package/dist/units/cluster-dns/index.js.map +1 -1
package/dist/units/cluster-patch/index.js +2 -0
package/dist/units/cluster-patch/index.js.map +1 -1
package/dist/units/dns01-issuer/index.js +2 -1
package/dist/units/dns01-issuer/index.js.map +1 -1
package/dist/units/existing-cluster/index.js +3 -1
package/dist/units/existing-cluster/index.js.map +1 -1
package/dist/units/gateway-api/index.js +2 -1
package/dist/units/gateway-api/index.js.map +1 -1
package/package.json +10 -9
package/src/cluster.ts +14 -9
package/src/deployment.ts +34 -0
package/src/helm.ts +38 -2
package/src/network-policy.ts +2 -5
package/src/shared.ts +3 -0
package/src/stateful-set.ts +34 -0
package/src/workload.ts +22 -3
package/dist/chunk-5S4JPM4M.js.map +0 -1
package/dist/chunk-6L67WIZW.js.map +0 -1
package/dist/chunk-QLQ3QVGT.js.map +0 -1
package/dist/chunk-SARVLQZY.js +0 -876
package/dist/chunk-SARVLQZY.js.map +0 -1
package/dist/chunk-VL7Z5FJQ.js.map +0 -1
package/dist/chunk-WEKIQRCZ.js +0 -792
package/dist/chunk-WEKIQRCZ.js.map +0 -1
package/dist/chunk-Y3LZSX7I.js.map +0 -1
package/dist/deployment-QTPBNKO5.js +0 -10
package/dist/stateful-set-K4GV7ZTK.js +0 -10
package/src/custom.ts +0 -104
/package/dist/{deployment-QTPBNKO5.js.map → chunk-PZ5AY32C.js.map} +0 -0
/package/dist/{stateful-set-K4GV7ZTK.js.map → deployment-KOZNZXJA.js.map} +0 -0

package/dist/chunk-WEKIQRCZ.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/service.ts","../src/gateway/http-route.ts","../src/gateway/backend.ts","../src/network.ts","../src/network-policy.ts"],"sourcesContent":["import type { k8s, network } from \"@highstate/library\"\nimport { core, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@highstate/pulumi\"\nimport { omit, uniqueBy } from \"remeda\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { filterEndpoints, l4EndpointToString, parseL3Endpoint } from \"@highstate/common\"\nimport {\n commonExtraArgs,\n mapMetadata,\n resourceIdToString,\n type CommonArgs,\n type ResourceId,\n type SelectorLike,\n} from \"./shared\"\n\nexport type ServiceArgs = CommonArgs & {\n /**\n * The port to expose the service on.\n */\n port?: Input<types.input.core.v1.ServicePort>\n\n /**\n * Whether the service should be exposed by `NodePort` or `LoadBalancer`.\n *\n * The type of the service will be determined automatically based on the cluster.\n */\n external?: boolean\n} & types.input.core.v1.ServiceSpec\n\nconst serviceExtraArgs = [...commonExtraArgs, \"port\", \"ports\", \"external\"] as const\n\nexport type ServiceEndpointMetadata = {\n clusterId: string\n name: string\n namespace: string\n selector: SelectorLike\n targetPort: string | number\n}\n\n/**\n * Checks if the endpoint has service metadata.\n *\n * Alters the type of the endpoint to include the service metadata if it exists.\n *\n * @param endpoint The endpoint to check.\n * @returns True if the endpoint has service metadata, false otherwise.\n */\nexport function hasServiceMetadata(\n endpoint: network.L3Endpoint,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return endpoint.metadata?.k8sService !== undefined\n}\n\n/**\n * Returns the service metadata of the endpoint.\n *\n * @param endpoint The endpoint to get the service metadata from.\n * @returns The service metadata of the endpoint, or undefined if it doesn't exist.\n */\nexport function getServiceMetadata(\n endpoint: network.L3Endpoint,\n): ServiceEndpointMetadata | undefined {\n return endpoint.metadata?.k8sService as ServiceEndpointMetadata\n}\n\n/**\n * Adds service metadata to the endpoint.\n *\n * @param endpoint The endpoint to add the metadata to.\n * @param metadata The metadata to add.\n * @returns The endpoint with the added metadata.\n */\nexport function withServiceMetadata<TEdnpoint extends network.L34Endpoint>(\n endpoint: TEdnpoint,\n metadata: ServiceEndpointMetadata,\n): TEdnpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return {\n ...endpoint,\n metadata: {\n ...endpoint.metadata,\n k8sService: metadata,\n },\n }\n}\n\n/**\n * Checks if the endpoint is from the given cluster.\n *\n * @param endpoint The endpoint to check.\n * @param cluster The cluster to check against.\n * @returns True if the endpoint is from the cluster, false otherwise.\n */\nexport function isFromCluster(\n endpoint: network.L3Endpoint,\n cluster: k8s.Cluster,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return getServiceMetadata(endpoint)?.clusterId === cluster.id\n}\n\nexport abstract class Service extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster info associated with the service.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes service.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes service.\n */\n readonly spec: Output<types.output.core.v1.ServiceSpec>,\n\n /**\n * The status of the underlying Kubernetes service.\n */\n readonly status: Output<types.output.core.v1.ServiceStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Highstate service entity.\n */\n get entity(): Output<k8s.Service> {\n return output({\n type: \"k8s.service\",\n clusterId: this.cluster.id,\n metadata: this.metadata,\n endpoints: this.endpoints,\n })\n }\n\n static create(name: string, args: ServiceArgs, opts: ComponentResourceOptions): Service {\n return new CreatedService(name, args, opts)\n }\n\n static wrap(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new WrappedService(name, service, cluster, opts)\n }\n\n static get(\n name: string,\n id: ResourceId,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new ExternalService(name, id, cluster, opts)\n }\n\n static of(\n name: string,\n entity: Input<k8s.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new ExternalService(\n name,\n output(entity).metadata,\n output({ cluster, entity }).apply(({ cluster, entity }) => {\n if (cluster.id !== entity.clusterId) {\n throw new Error(\n `Cluster mismatch when wrapping service \"${name}\": \"${cluster.id}\" != \"${entity.clusterId}\"`,\n )\n }\n\n return cluster\n }),\n opts,\n )\n }\n\n /**\n * Returns the endpoints of the service applying the given filter.\n *\n * If no filter is specified, the default behavior of `filterEndpoints` is used.\n *\n * @param filter If specified, the endpoints are filtered based on the given filter.\n * @returns The endpoints of the service.\n */\n filterEndpoints(filter?: network.EndpointFilter): Output<network.L4Endpoint[]> {\n return output({ endpoints: this.endpoints }).apply(({ endpoints }) => {\n return filterEndpoints(endpoints, filter)\n })\n }\n\n /**\n * Returns the endpoints of the service including both internal and external endpoints.\n */\n get endpoints(): Output<network.L4Endpoint[]> {\n return output({\n cluster: this.cluster,\n metadata: this.metadata,\n spec: this.spec,\n status: this.status,\n }).apply(({ cluster, metadata, spec, status }) => {\n const endpointMetadata = {\n k8sService: {\n clusterId: cluster.id,\n name: metadata.name,\n namespace: metadata.namespace,\n selector: spec.selector,\n targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,\n } satisfies ServiceEndpointMetadata,\n }\n\n const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({\n ...parseL3Endpoint(ip),\n visibility: \"internal\" as network.EndpointVisibility,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n\n if (clusterIpEndpoints.length > 0) {\n clusterIpEndpoints.unshift({\n type: \"hostname\",\n visibility: \"internal\",\n hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n })\n }\n\n const nodePortEndpoints =\n spec.type === \"NodePort\"\n ? cluster.endpoints.map(endpoint => ({\n ...(endpoint as network.L3Endpoint),\n port: spec.ports[0].nodePort,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n const loadBalancerEndpoints =\n spec.type === \"LoadBalancer\"\n ? status.loadBalancer?.ingress?.map(endpoint => ({\n ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n return uniqueBy(\n [\n ...(clusterIpEndpoints ?? []),\n ...(loadBalancerEndpoints ?? []),\n ...(nodePortEndpoints ?? []),\n ],\n endpoint => l4EndpointToString(endpoint),\n )\n })\n }\n}\n\nclass CreatedService extends Service {\n constructor(name: string, args: ServiceArgs, opts?: ComponentResourceOptions) {\n const service = output(args).apply(args => {\n return new core.v1.Service(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: deepmerge(\n {\n ports: normalize(args.port, args.ports),\n\n externalIPs: args.external\n ? (args.externalIPs ?? args.cluster.externalIps)\n : args.cluster.externalIps,\n\n type: getServiceType(args, args.cluster),\n },\n omit(args, serviceExtraArgs),\n ),\n },\n { parent: this, ...opts },\n )\n })\n\n super(\n \"highstate:k8s:Service\",\n name,\n args,\n opts,\n\n output(args.cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nclass WrappedService extends Service {\n constructor(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n super(\n \"highstate:k8s:WrappedService\",\n name,\n { service, clusterInfo: cluster },\n opts,\n\n output(cluster),\n output(service).metadata,\n output(service).spec,\n output(service).status,\n )\n }\n}\n\nclass ExternalService extends Service {\n constructor(\n name: string,\n id: Input<ResourceId>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const service = output(id).apply(id => {\n return core.v1.Service.get(\n //\n name,\n resourceIdToString(id),\n { ...opts, parent: this },\n )\n })\n\n super(\n \"highstate:k8s:ExternalService\",\n name,\n { id, cluster },\n opts,\n\n output(cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nexport function mapContainerPortToServicePort(\n port: types.input.core.v1.ContainerPort,\n): types.input.core.v1.ServicePort {\n return {\n name: port.name,\n port: port.containerPort,\n targetPort: port.containerPort,\n protocol: port.protocol,\n }\n}\n\nexport function mapServiceToLabelSelector(\n service: core.v1.Service,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: service.spec.selector,\n }\n}\n\nexport function getServiceType(\n service: Pick<ServiceArgs, \"type\" | \"external\"> | undefined,\n cluster: k8s.Cluster,\n): Input<string> {\n if (service?.type) {\n return service.type\n }\n\n if (!service?.external) {\n return \"ClusterIP\"\n }\n\n return cluster.quirks?.externalServiceType === \"LoadBalancer\" ? \"LoadBalancer\" : \"NodePort\"\n}\n","import {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type InputArray,\n} from \"@highstate/pulumi\"\nimport { gateway, types } from \"@highstate/gateway-api\"\nimport { map, pipe } from \"remeda\"\nimport { getProvider, mapMetadata, type CommonArgs } from \"../shared\"\nimport { resolveBackendRef, type BackendRef } from \"./backend\"\n\nexport type HttpRouteArgs = Omit<CommonArgs, \"namespace\"> & {\n /**\n * The gateway to associate with the route.\n */\n gateway: Input<gateway.v1.Gateway>\n\n /**\n * The alias for `hostnames: [hostname]`.\n */\n hostname?: Input<string>\n\n /**\n * The rule of the route.\n */\n rule?: Input<HttpRouteRuleArgs>\n\n /**\n * The rules of the route.\n */\n rules?: InputArray<HttpRouteRuleArgs>\n} & Omit<Partial<types.input.gateway.v1.HTTPRouteSpec>, \"rules\">\n\nexport type HttpRouteRuleArgs = Omit<\n types.input.gateway.v1.HTTPRouteSpecRules,\n \"matches\" | \"filters\" | \"backendRefs\"\n> & {\n /**\n * The conditions of the rule.\n * Can be specified as string to match on the path.\n */\n matches?: InputArray<HttpRouteRuleMatchOptions>\n\n /**\n * The condition of the rule.\n * Can be specified as string to match on the path.\n */\n match?: Input<HttpRouteRuleMatchOptions>\n\n /**\n * The filters of the rule.\n */\n filters?: InputArray<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The filter of the rule.\n */\n filter?: Input<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The service to route to.\n */\n backend?: Input<BackendRef>\n}\n\nexport type HttpRouteRuleMatchOptions = types.input.gateway.v1.HTTPRouteSpecRulesMatches | string\n\nexport class HttpRoute extends ComponentResource {\n /**\n * The underlying Kubernetes resource.\n */\n public readonly route: Output<gateway.v1.HTTPRoute>\n\n constructor(name: string, args: HttpRouteArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:HttpRoute\", name, args, opts)\n\n this.route = output({\n args,\n gatewayNamespace: output(args.gateway).metadata.namespace,\n }).apply(async ({ args, gatewayNamespace }) => {\n return new gateway.v1.HTTPRoute(\n name,\n {\n metadata: mapMetadata(\n {\n ...args,\n namespace: gatewayNamespace as string,\n },\n name,\n ),\n spec: {\n hostnames: normalize(args.hostname, args.hostnames),\n\n parentRefs: [\n {\n name: args.gateway.metadata.name as Output<string>,\n },\n ],\n\n rules: normalize(args.rule, args.rules).map(rule => ({\n timeouts: rule.timeouts,\n\n matches: pipe(\n normalize(rule.match, rule.matches),\n map(mapHttpRouteRuleMatch),\n addDefaultPathMatch,\n ),\n\n filters: normalize(rule.filter, rule.filters),\n backendRefs: rule.backend ? [resolveBackendRef(rule.backend)] : undefined,\n })),\n } satisfies types.input.gateway.v1.HTTPRouteSpec,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n }\n}\n\nfunction addDefaultPathMatch(\n matches: types.input.gateway.v1.HTTPRouteSpecRulesMatches[],\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches[] {\n return matches.length ? matches : [{ path: { type: \"PathPrefix\", value: \"/\" } }]\n}\n\nexport function mapHttpRouteRuleMatch(\n match: HttpRouteRuleMatchOptions,\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches {\n if (typeof match === \"string\") {\n return { path: { type: \"PathPrefix\", value: match } }\n }\n\n return match\n}\n","import { core } from \"@pulumi/kubernetes\"\nimport { type Input, output, Output, type Unwrap } from \"@highstate/pulumi\"\nimport { Service } from \"../service\"\n\nexport interface FullBackendRef {\n /**\n * The name of the resource being referenced.\n */\n name: Input<string>\n\n /**\n * The namespace of the resource being referenced.\n * May be undefined if the resource is not in a namespace.\n */\n namespace?: Input<string | undefined>\n\n /**\n * The port of the resource being referenced.\n */\n port: Input<number>\n}\n\nexport interface ServiceBackendRef {\n /**\n * The name of the service being referenced.\n */\n service: Input<core.v1.Service>\n\n /**\n * The port of the service being referenced.\n */\n port: Input<number>\n}\n\nexport type BackendRef = FullBackendRef | ServiceBackendRef | Service\n\nexport function resolveBackendRef(ref: BackendRef): Output<Unwrap<FullBackendRef>> {\n if (Service.isInstance(ref)) {\n return output({\n name: ref.metadata.name,\n namespace: ref.metadata.namespace,\n port: ref.spec.ports[0].port,\n })\n }\n\n if (\"service\" in ref) {\n const service = output(ref.service)\n\n return output({\n name: service.metadata.name,\n namespace: service.metadata.namespace,\n port: ref.port,\n })\n }\n\n return output({\n name: ref.name,\n namespace: ref.namespace,\n port: ref.port,\n })\n}\n","import type { k8s, network } from \"@highstate/library\"\nimport { filterEndpoints } from \"@highstate/common\"\nimport { isFromCluster } from \"./service\"\n\nexport function getBestEndpoint<TEndpoint extends network.L34Endpoint>(\n endpoints: TEndpoint[],\n cluster?: k8s.Cluster,\n): TEndpoint | undefined {\n if (!endpoints.length) {\n return undefined\n }\n\n if (endpoints.length === 1) {\n return endpoints[0]\n }\n\n if (!cluster) {\n return filterEndpoints(endpoints)[0]\n }\n\n const clusterEndpoint = endpoints.find(endpoint => isFromCluster(endpoint, cluster))\n\n if (clusterEndpoint) {\n return clusterEndpoint\n }\n\n return filterEndpoints(endpoints)[0]\n}\n\nexport function requireBestEndpoint<TEndpoint extends network.L34Endpoint>(\n endpoints: TEndpoint[],\n cluster: k8s.Cluster,\n): TEndpoint {\n const endpoint = getBestEndpoint(endpoints, cluster)\n\n if (!endpoint) {\n throw new Error(`No best endpoint found for cluster \"${cluster.name}\" (${cluster.id})`)\n }\n\n return endpoint\n}\n","import { networking, types, type core } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n interpolate,\n normalize,\n output,\n type Input,\n type InputArray,\n type Output,\n type Resource,\n type ResourceOptions,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { capitalize, flat, groupBy, merge, mergeDeep, uniqueBy } from \"remeda\"\nimport { k8s, network } from \"@highstate/library\"\nimport {\n l34EndpointToString,\n l3EndpointToCidr,\n parseL34Endpoint,\n type InputL34Endpoint,\n} from \"@highstate/common\"\nimport {\n getProvider,\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapNamespaceNameToSelector,\n mapSelectorLikeToSelector,\n type CommonArgs,\n type NamespaceLike,\n type SelectorLike,\n} from \"./shared\"\nimport { getServiceMetadata, isFromCluster, mapServiceToLabelSelector } from \"./service\"\nimport { requireBestEndpoint } from \"./network\"\n\nexport type NetworkPolicyPort = {\n /**\n * The protocol to match.\n *\n * If not provided, \"TCP\" will be used.\n */\n protocol?: string\n} & (\n | {\n /**\n * The single port to match.\n */\n port: number | string\n }\n | {\n /**\n * The range of ports to match.\n */\n range: [start: number, end: number]\n }\n)\n\nexport type IngressRuleArgs = {\n /**\n * Whether to allow all incoming traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n fromAll?: Input<boolean>\n\n /**\n * The allowed cidr for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidrs?: InputArray<string>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for incoming traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic from.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic from.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for incoming traffic.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow incoming traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for incoming traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type EgressRuleArgs = {\n /**\n * Whether to allow all outgoing traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n toAll?: Input<boolean>\n\n /**\n * The allowed cidr for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidrs?: InputArray<string>\n\n /**\n * The FQDN to allow outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdn?: Input<string>\n\n /**\n * The list of allowed FQDNs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdns?: InputArray<string>\n\n /**\n * The L3 or L4 endpoint to allow outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic to.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic to.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for outgoing traffic.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDe with them.\n *\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow outgoing traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for outgoing traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type NetworkPolicyArgs = CommonArgs & {\n /**\n * The description of this network policy.\n */\n description?: Input<string>\n\n /**\n * The pod selector for this network policy.\n * If not provided, it will select all pods in the namespace.\n */\n selector?: SelectorLike\n\n /**\n * The rule for incoming traffic.\n */\n ingressRule?: Input<IngressRuleArgs>\n\n /**\n * The rules for incoming traffic.\n */\n ingressRules?: InputArray<IngressRuleArgs>\n\n /**\n * The rule for outgoing traffic.\n */\n egressRule?: Input<EgressRuleArgs>\n\n /**\n * The rules for outgoing traffic.\n */\n egressRules?: InputArray<EgressRuleArgs>\n\n /**\n * Enable the isolation of ingress traffic, so that only matched traffic can ingress.\n */\n isolateIngress?: Input<boolean>\n\n /**\n * Enable the isolation of egress traffic, so that only matched traffic can egress.\n */\n isolateEgress?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the API server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeApiServer?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the DNS server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeDns?: Input<boolean>\n\n /**\n * The cluster to create the network policy in.\n */\n cluster: Input<k8s.Cluster>\n}\n\nexport type NormalizedRuleArgs = {\n all: boolean\n cidrs: string[]\n fqdns: string[]\n services: core.v1.Service[]\n namespaces: NamespaceLike[]\n selectors: SelectorLike[]\n ports: NetworkPolicyPort[]\n}\n\nexport type NormalizedNetworkPolicyArgs = Omit<\n Unwrap<NetworkPolicyArgs>,\n | \"podSelector\"\n | \"ingressRule\"\n | \"ingressRules\"\n | \"egressRule\"\n | \"egressRules\"\n | \"isolateIngress\"\n | \"isolateEgress\"\n | \"allowKubeApiServer\"\n | \"allowKubeDNS\"\n> & {\n podSelector: Unwrap<types.input.meta.v1.LabelSelector>\n\n isolateIngress: boolean\n isolateEgress: boolean\n\n allowKubeApiServer: boolean\n\n ingressRules: NormalizedRuleArgs[]\n egressRules: NormalizedRuleArgs[]\n}\n\n/**\n * The abstract resource for creating network policies.\n * Will use different resources depending on the environment.\n *\n * Note: In the worst case, it will create native `NetworkPolicy` resources and ignore some features like L7 rules.\n */\nexport abstract class NetworkPolicy extends ComponentResource {\n /**\n * The underlying network policy resource.\n */\n public readonly networkPolicy: Output<Resource>\n\n protected constructor(name: string, args: Unwrap<NetworkPolicyArgs>, opts?: ResourceOptions) {\n super(\"k8s:network-policy\", name, args, opts)\n\n const normalizedArgs = output(args).apply(args => {\n const ingressRules = normalize(args.ingressRule, args.ingressRules)\n const egressRules = normalize(args.egressRule, args.egressRules)\n\n const extraEgressRules: NormalizedRuleArgs[] = []\n\n if (args.allowKubeDns) {\n extraEgressRules.push({\n namespaces: [\"kube-system\"],\n selectors: [{ matchLabels: { \"k8s-app\": \"kube-dns\" } }],\n ports: [{ port: 53, protocol: \"UDP\" }],\n all: false,\n cidrs: [],\n fqdns: [],\n services: [],\n })\n }\n\n return {\n ...args,\n\n podSelector: args.selector ? mapSelectorLikeToSelector(args.selector) : {},\n\n isolateEgress: args.isolateEgress ?? false,\n isolateIngress: args.isolateIngress ?? false,\n\n allowKubeApiServer: args.allowKubeApiServer ?? false,\n\n ingressRules: ingressRules.flatMap(rule => {\n const endpoints = normalize(\n args.ingressRule?.fromEndpoint,\n args.ingressRule?.fromEndpoints,\n )\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n return namespace\n })\n\n const l3OnlyRule = endpointsNamespaces[\"\"]\n ? NetworkPolicy.getRuleFromEndpoint(undefined, endpointsNamespaces[\"\"], args.cluster)\n : undefined\n\n const otherRules = Object.entries(endpointsNamespaces)\n .filter(([key]) => key !== \"\")\n .map(([, endpoints]) => {\n return NetworkPolicy.getRuleFromEndpoint(undefined, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.fromAll ?? false,\n cidrs: normalize(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: [],\n services: normalize(rule.fromService, rule.fromServices),\n namespaces: normalize(rule.fromNamespace, rule.fromNamespaces),\n selectors: normalize(rule.fromSelector, rule.fromSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n }),\n\n egressRules: egressRules\n .flatMap(rule => {\n const endpoints = normalize(args.egressRule?.toEndpoint, args.egressRule?.toEndpoints)\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n const port = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.targetPort\n : endpoint.port\n\n return `${port ?? \"0\"}:${namespace}`\n })\n\n const l3OnlyRule = endpointsByPortsAnsNamespaces[\"0:\"]\n ? NetworkPolicy.getRuleFromEndpoint(\n undefined,\n endpointsByPortsAnsNamespaces[\"0:\"],\n args.cluster,\n )\n : undefined\n\n const otherRules = Object.entries(endpointsByPortsAnsNamespaces)\n .filter(([key]) => key !== \"0:\")\n .map(([key, endpoints]) => {\n const [port] = key.split(\":\")\n const portNumber = parseInt(port, 10)\n const portValue = isNaN(portNumber) ? port : portNumber\n\n return NetworkPolicy.getRuleFromEndpoint(portValue, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.toAll ?? false,\n cidrs: normalize(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: normalize(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),\n services: normalize(rule.toService, rule.toServices),\n namespaces: normalize(rule.toNamespace, rule.toNamespaces),\n selectors: normalize(rule.toSelector, rule.toSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n })\n .concat(extraEgressRules),\n }\n })\n\n this.networkPolicy = output(\n normalizedArgs.apply(async args => {\n return output(\n this.create(name, args as NormalizedNetworkPolicyArgs, {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n }),\n )\n }),\n )\n }\n\n private static mapCidrFromEndpoint(\n this: void,\n result: network.L3Endpoint & { type: \"ipv4\" | \"ipv6\" },\n ): string {\n if (result.type === \"ipv4\") {\n return `${result.address}/32`\n }\n\n return `${result.address}/128`\n }\n\n private static getRuleFromEndpoint(\n port: number | string | undefined,\n endpoints: network.L34Endpoint[],\n cluster: k8s.Cluster,\n ): NormalizedRuleArgs {\n const ports: NetworkPolicyPort[] = port\n ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }]\n : []\n\n const cidrs = endpoints\n .filter(endpoint => !isFromCluster(endpoint, cluster))\n .filter(endpoint => endpoint.type === \"ipv4\" || endpoint.type === \"ipv6\")\n .map(NetworkPolicy.mapCidrFromEndpoint)\n\n const fqdns = endpoints\n .filter(endpoint => endpoint.type === \"hostname\")\n .map(endpoint => endpoint.hostname)\n\n const selectors = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => endpoint.metadata.k8sService.selector)\n\n const namespace = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => getServiceMetadata(endpoint)?.namespace)[0]\n\n return {\n all: false,\n cidrs,\n fqdns,\n services: [],\n namespaces: namespace ? [namespace] : [],\n selectors,\n ports,\n }\n }\n\n private static isEmptyRule(rule: NormalizedRuleArgs): boolean {\n return (\n !rule.all &&\n rule.cidrs.length === 0 &&\n rule.fqdns.length === 0 &&\n rule.services.length === 0 &&\n rule.namespaces.length === 0 &&\n rule.selectors.length === 0 &&\n rule.ports.length === 0\n )\n }\n\n protected abstract create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Input<Resource>\n\n static create(\n name: string,\n args: NetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return output(args).apply(async args => {\n const cni = args.cluster.cni\n\n if (cni === \"other\") {\n return new NativeNetworkPolicy(name, args, opts)\n }\n\n const implName = `${capitalize(cni)}NetworkPolicy`\n const implModule = (await import(`@highstate/${cni}`)) as Record<string, unknown>\n\n type NetworkPolicyFactory = new (\n name: string,\n args: Unwrap<NetworkPolicyArgs>,\n opts?: ResourceOptions,\n ) => NetworkPolicy\n\n const implClass = implModule[implName] as NetworkPolicyFactory | undefined\n if (!implClass) {\n throw new Error(`No implementation found for ${cni}`)\n }\n\n return new implClass(name, args, opts)\n })\n }\n\n static isolate(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ) {\n return NetworkPolicy.create(\n \"isolate\",\n {\n namespace,\n cluster,\n\n description: \"By default, deny all traffic to/from the namespace.\",\n\n isolateEgress: true,\n isolateIngress: true,\n },\n opts,\n )\n }\n\n static allowInsideNamespace(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-inside-namespace\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic inside the namespace.\",\n selector: {},\n\n ingressRule: { fromNamespace: namespace },\n egressRule: { toNamespace: namespace },\n },\n opts,\n )\n }\n\n static allowKubeApiServer(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-api-server\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes API server from the namespace.\",\n\n allowKubeApiServer: true,\n },\n opts,\n )\n }\n\n static allowKubeDns(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-dns\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes DNS server from the namespace.\",\n\n allowKubeDns: true,\n },\n opts,\n )\n }\n\n static allowAllEgress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-egress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all egress traffic from the namespace.\",\n\n egressRule: { toAll: true },\n },\n opts,\n )\n }\n\n static allowAllIngress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-ingress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all ingress traffic to the namespace.\",\n\n ingressRule: { fromAll: true },\n },\n opts,\n )\n }\n\n static allowEgressToEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-egress-to-${l34EndpointToString(parsedEndpoint).replace(\":\", \"-\")}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow egress traffic to \"${l34EndpointToString(parsedEndpoint)}\" from the namespace.`,\n\n egressRule: { toEndpoint: endpoint },\n },\n opts,\n )\n }\n\n static allowEgressToBestEndpoint(\n endpoints: InputArray<InputL34Endpoint>,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return output({ endpoints, cluster }).apply(({ endpoints, cluster }) => {\n const bestEndpoint = requireBestEndpoint(endpoints.map(parseL34Endpoint), cluster)\n\n return NetworkPolicy.allowEgressToEndpoint(bestEndpoint, namespace, cluster, opts)\n })\n }\n\n static allowIngressFromEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow ingress traffic from \"${l34EndpointToString(parsedEndpoint)}\" to the namespace.`,\n\n ingressRule: { fromEndpoint: endpoint },\n },\n opts,\n )\n }\n}\n\nexport class NativeNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n const ingress = NativeNetworkPolicy.createIngressRules(args)\n const egress = NativeNetworkPolicy.createEgressRules(args)\n\n const policyTypes: string[] = []\n\n if (ingress.length > 0 || args.isolateIngress) {\n policyTypes.push(\"Ingress\")\n }\n\n if (egress.length > 0 || args.isolateEgress) {\n policyTypes.push(\"Egress\")\n }\n\n return new networking.v1.NetworkPolicy(\n name,\n {\n metadata: mergeDeep(mapMetadata(args, name), {\n annotations: args.description\n ? { \"kubernetes.io/description\": args.description }\n : undefined,\n }),\n spec: {\n podSelector: args.podSelector,\n ingress,\n egress,\n policyTypes,\n },\n },\n opts,\n )\n }\n\n private static fallbackIpBlock: types.input.networking.v1.IPBlock = {\n cidr: \"0.0.0.0/0\",\n except: [\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n }\n\n private static fallbackDnsRule: types.input.networking.v1.NetworkPolicyEgressRule = {\n to: [\n {\n namespaceSelector: { matchLabels: { \"kubernetes.io/metadata.name\": \"kube-system\" } },\n podSelector: { matchLabels: { \"k8s-app\": \"kube-dns\" } },\n },\n ],\n ports: [{ port: 53, protocol: \"UDP\" }],\n }\n\n private static createIngressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyIngressRule[] {\n return uniqueBy(\n args.ingressRules.map(rule => ({\n from: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n })),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyEgressRule[] {\n const extraRules: types.input.networking.v1.NetworkPolicyEgressRule[] = []\n\n const needKubeDns = args.egressRules.some(rule => rule.fqdns.length > 0)\n if (needKubeDns) {\n extraRules.push(NativeNetworkPolicy.fallbackDnsRule)\n }\n\n // the native resource does not support FQDNs\n // to provide compatibility, we need to fallback to all except private CIDRs\n const needFallback = args.egressRules.some(rule =>\n rule.fqdns.some(fqdn => !fqdn.endsWith(\".cluster.local\")),\n )\n if (needFallback) {\n extraRules.push({ to: [{ ipBlock: NativeNetworkPolicy.fallbackIpBlock }] })\n }\n\n // apply fallback rules for kube-apiserver\n if (args.allowKubeApiServer) {\n const { quirks, apiEndpoints } = args.cluster\n\n if (quirks?.fallbackKubeApiAccess) {\n extraRules.push({\n to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],\n ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: \"TCP\" }],\n })\n } else {\n const rules = apiEndpoints\n .filter(endpoint => endpoint.type !== \"hostname\")\n .map(endpoint => ({\n to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],\n ports: [{ port: endpoint.port, protocol: \"TCP\" }],\n }))\n\n extraRules.push(...rules)\n }\n }\n\n return uniqueBy(\n args.egressRules\n .map(rule => {\n return {\n to: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n } as types.input.networking.v1.NetworkPolicyEgressRule\n })\n .filter(rule => rule.to !== undefined)\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRulePeers(\n this: void,\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] | undefined {\n const peers = uniqueBy(\n [\n ...NativeNetworkPolicy.createCidrPeers(args),\n ...NativeNetworkPolicy.createServicePeers(args),\n ...NativeNetworkPolicy.createSelectorPeers(args),\n ],\n peer => JSON.stringify(peer),\n )\n\n return peers.length > 0 ? peers : undefined\n }\n\n private static createCidrPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.cidrs.map(cidr => ({ ipBlock: { cidr } }))\n }\n\n private static createServicePeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return {\n namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),\n podSelector: selector,\n }\n })\n }\n\n private static createSelectorPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n const selectorPeers = args.selectors.map(selector => ({\n podSelector: mapSelectorLikeToSelector(selector),\n }))\n\n const namespacePeers = args.namespaces.map(NativeNetworkPolicy.createNamespacePeer)\n\n if (namespacePeers.length === 0) {\n // if there are no namespaces, we can just return selector peers\n return selectorPeers\n }\n\n if (selectorPeers.length === 0) {\n // if there are no selectors, we can just return namespace peers\n return namespacePeers\n }\n\n // if there are both, we need to create a cartesian product\n return flat(\n selectorPeers.map(selectorPeer => {\n return namespacePeers.map(namespacePeer => merge(selectorPeer, namespacePeer))\n }),\n )\n }\n\n private static createNamespacePeer(\n this: void,\n namespace: NamespaceLike,\n ): types.input.networking.v1.NetworkPolicyPeer {\n const namespaceName = mapNamespaceLikeToNamespaceName(namespace)\n const namespaceSelector = mapNamespaceNameToSelector(namespaceName)\n\n return { namespaceSelector }\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.networking.v1.NetworkPolicyPort[] {\n return ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port,\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0],\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n })\n }\n}\n"],"mappings":";;;;;;;;;;;AACA,SAAS,YAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAKK;AACP,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB,oBAAoB,uBAAuB;AAwBrE,IAAM,mBAAmB,CAAC,GAAG,iBAAiB,QAAQ,SAAS,UAAU;AAkBlE,SAAS,mBACd,UACwF;AACxF,SAAO,SAAS,UAAU,eAAe;AAC3C;AAQO,SAAS,mBACd,UACqC;AACrC,SAAO,SAAS,UAAU;AAC5B;AASO,SAAS,oBACd,UACA,UACmE;AACnE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ,YAAY;AAAA,IACd;AAAA,EACF;AACF;AASO,SAAS,cACd,UACA,SACwF;AACxF,SAAO,mBAAmB,QAAQ,GAAG,cAAc,QAAQ;AAC7D;AAEO,IAAe,UAAf,cAA+B,kBAAkB;AAAA,EAC5C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAA8B;AAChC,WAAO,OAAO;AAAA,MACZ,MAAM;AAAA,MACN,WAAW,KAAK,QAAQ;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OAAO,MAAc,MAAmB,MAAyC;AACtF,WAAO,IAAI,eAAe,MAAM,MAAM,IAAI;AAAA,EAC5C;AAAA,EAEA,OAAO,KACL,MACA,SACA,SACA,MACS;AACT,WAAO,IAAI,eAAe,MAAM,SAAS,SAAS,IAAI;AAAA,EACxD;AAAA,EAEA,OAAO,IACL,MACA,IACA,SACA,MACS;AACT,WAAO,IAAI,gBAAgB,MAAM,IAAI,SAAS,IAAI;AAAA,EACpD;AAAA,EAEA,OAAO,GACL,MACA,QACA,SACA,MACS;AACT,WAAO,IAAI;AAAA,MACT;AAAA,MACA,OAAO,MAAM,EAAE;AAAA,MACf,OAAO,EAAE,SAAS,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,SAAAA,UAAS,QAAAC,QAAO,MAAM;AACzD,YAAID,SAAQ,OAAOC,QAAO,WAAW;AACnC,gBAAM,IAAI;AAAA,YACR,2CAA2C,IAAI,OAAOD,SAAQ,EAAE,SAASC,QAAO,SAAS;AAAA,UAC3F;AAAA,QACF;AAEA,eAAOD;AAAA,MACT,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,gBAAgB,QAA+D;AAC7E,WAAO,OAAO,EAAE,WAAW,KAAK,UAAU,CAAC,EAAE,MAAM,CAAC,EAAE,UAAU,MAAM;AACpE,aAAO,gBAAgB,WAAW,MAAM;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,YAA0C;AAC5C,WAAO,OAAO;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,UAAU,KAAK;AAAA,MACf,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACf,CAAC,EAAE,MAAM,CAAC,EAAE,SAAS,UAAU,MAAM,OAAO,MAAM;AAChD,YAAM,mBAAmB;AAAA,QACvB,YAAY;AAAA,UACV,WAAW,QAAQ;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,WAAW,SAAS;AAAA,UACpB,UAAU,KAAK;AAAA,UACf,YAAY,KAAK,MAAM,CAAC,EAAE,cAAc,KAAK,MAAM,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,YAAY,IAAI,SAAO;AAAA,QACrD,GAAG,gBAAgB,EAAE;AAAA,QACrB,YAAY;AAAA,QACZ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE;AAEF,UAAI,mBAAmB,SAAS,GAAG;AACjC,2BAAmB,QAAQ;AAAA,UACzB,MAAM;AAAA,UACN,YAAY;AAAA,UACZ,UAAU,GAAG,SAAS,IAAI,IAAI,SAAS,SAAS;AAAA,UAChD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,UACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,UAC9C,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAEA,YAAM,oBACJ,KAAK,SAAS,aACV,QAAQ,UAAU,IAAI,eAAa;AAAA,QACjC,GAAI;AAAA,QACJ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,YAAM,wBACJ,KAAK,SAAS,iBACV,OAAO,cAAc,SAAS,IAAI,eAAa;AAAA,QAC7C,GAAG,gBAAgB,SAAS,MAAM,SAAS,QAAQ;AAAA,QACnD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,aAAO;AAAA,QACL;AAAA,UACE,GAAI,sBAAsB,CAAC;AAAA,UAC3B,GAAI,yBAAyB,CAAC;AAAA,UAC9B,GAAI,qBAAqB,CAAC;AAAA,QAC5B;AAAA,QACA,cAAY,mBAAmB,QAAQ;AAAA,MACzC;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YAAY,MAAc,MAAmB,MAAiC;AAC5E,UAAM,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAE,UAAQ;AACzC,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYA,OAAM,IAAI;AAAA,UAChC,MAAM;AAAA,YACJ;AAAA,cACE,OAAO,UAAUA,MAAK,MAAMA,MAAK,KAAK;AAAA,cAEtC,aAAaA,MAAK,WACbA,MAAK,eAAeA,MAAK,QAAQ,cAClCA,MAAK,QAAQ;AAAA,cAEjB,MAAM,eAAeA,OAAMA,MAAK,OAAO;AAAA,YACzC;AAAA,YACA,KAAKA,OAAM,gBAAgB;AAAA,UAC7B;AAAA,QACF;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,OAAO,KAAK,OAAO;AAAA,MACnB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YACE,MACA,SACA,SACA,MACA;AACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,SAAS,aAAa,QAAQ;AAAA,MAChC;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,IAClB;AAAA,EACF;AACF;AAEA,IAAM,kBAAN,cAA8B,QAAQ;AAAA,EACpC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,UAAU,OAAO,EAAE,EAAE,MAAM,CAAAC,QAAM;AACrC,aAAO,KAAK,GAAG,QAAQ;AAAA;AAAA,QAErB;AAAA,QACA,mBAAmBA,GAAE;AAAA,QACrB,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEO,SAAS,8BACd,MACiC;AACjC,SAAO;AAAA,IACL,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,YAAY,KAAK;AAAA,IACjB,UAAU,KAAK;AAAA,EACjB;AACF;AAEO,SAAS,0BACd,SACmC;AACnC,SAAO;AAAA,IACL,aAAa,QAAQ,KAAK;AAAA,EAC5B;AACF;AAEO,SAAS,eACd,SACA,SACe;AACf,MAAI,SAAS,MAAM;AACjB,WAAO,QAAQ;AAAA,EACjB;AAEA,MAAI,CAAC,SAAS,UAAU;AACtB,WAAO;AAAA,EACT;AAEA,SAAO,QAAQ,QAAQ,wBAAwB,iBAAiB,iBAAiB;AACnF;;;AC/YA;AAAA,EACE,qBAAAC;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AACP,SAAS,eAAsB;AAC/B,SAAS,KAAK,YAAY;;;ACV1B,OAAqB;AACrB,SAAqB,UAAAC,eAAmC;AAmCjD,SAAS,kBAAkB,KAAiD;AACjF,MAAI,QAAQ,WAAW,GAAG,GAAG;AAC3B,WAAOC,QAAO;AAAA,MACZ,MAAM,IAAI,SAAS;AAAA,MACnB,WAAW,IAAI,SAAS;AAAA,MACxB,MAAM,IAAI,KAAK,MAAM,CAAC,EAAE;AAAA,IAC1B,CAAC;AAAA,EACH;AAEA,MAAI,aAAa,KAAK;AACpB,UAAM,UAAUA,QAAO,IAAI,OAAO;AAElC,WAAOA,QAAO;AAAA,MACZ,MAAM,QAAQ,SAAS;AAAA,MACvB,WAAW,QAAQ,SAAS;AAAA,MAC5B,MAAM,IAAI;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAOA,QAAO;AAAA,IACZ,MAAM,IAAI;AAAA,IACV,WAAW,IAAI;AAAA,IACf,MAAM,IAAI;AAAA,EACZ,CAAC;AACH;;;ADUO,IAAM,YAAN,cAAwBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI/B;AAAA,EAEhB,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,2BAA2B,MAAM,MAAM,IAAI;AAEjD,SAAK,QAAQC,QAAO;AAAA,MAClB;AAAA,MACA,kBAAkBA,QAAO,KAAK,OAAO,EAAE,SAAS;AAAA,IAClD,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,iBAAiB,MAAM;AAC7C,aAAO,IAAI,QAAQ,GAAG;AAAA,QACpB;AAAA,QACA;AAAA,UACE,UAAU;AAAA,YACR;AAAA,cACE,GAAGA;AAAA,cACH,WAAW;AAAA,YACb;AAAA,YACA;AAAA,UACF;AAAA,UACA,MAAM;AAAA,YACJ,WAAWC,WAAUD,MAAK,UAAUA,MAAK,SAAS;AAAA,YAElD,YAAY;AAAA,cACV;AAAA,gBACE,MAAMA,MAAK,QAAQ,SAAS;AAAA,cAC9B;AAAA,YACF;AAAA,YAEA,OAAOC,WAAUD,MAAK,MAAMA,MAAK,KAAK,EAAE,IAAI,WAAS;AAAA,cACnD,UAAU,KAAK;AAAA,cAEf,SAAS;AAAA,gBACPC,WAAU,KAAK,OAAO,KAAK,OAAO;AAAA,gBAClC,IAAI,qBAAqB;AAAA,gBACzB;AAAA,cACF;AAAA,cAEA,SAASA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,cAC5C,aAAa,KAAK,UAAU,CAAC,kBAAkB,KAAK,OAAO,CAAC,IAAI;AAAA,YAClE,EAAE;AAAA,UACJ;AAAA,QACF;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYD,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,SAAS,oBACP,SACoD;AACpD,SAAO,QAAQ,SAAS,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,IAAI,EAAE,CAAC;AACjF;AAEO,SAAS,sBACd,OACkD;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,MAAM,EAAE;AAAA,EACtD;AAEA,SAAO;AACT;;;AE3IA,SAAS,mBAAAE,wBAAuB;AAGzB,SAAS,gBACd,WACA,SACuB;AACvB,MAAI,CAAC,UAAU,QAAQ;AACrB,WAAO;AAAA,EACT;AAEA,MAAI,UAAU,WAAW,GAAG;AAC1B,WAAO,UAAU,CAAC;AAAA,EACpB;AAEA,MAAI,CAAC,SAAS;AACZ,WAAOC,iBAAgB,SAAS,EAAE,CAAC;AAAA,EACrC;AAEA,QAAM,kBAAkB,UAAU,KAAK,cAAY,cAAc,UAAU,OAAO,CAAC;AAEnF,MAAI,iBAAiB;AACnB,WAAO;AAAA,EACT;AAEA,SAAOA,iBAAgB,SAAS,EAAE,CAAC;AACrC;AAEO,SAAS,oBACd,WACA,SACW;AACX,QAAM,WAAW,gBAAgB,WAAW,OAAO;AAEnD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,MAAM,uCAAuC,QAAQ,IAAI,MAAM,QAAQ,EAAE,GAAG;AAAA,EACxF;AAEA,SAAO;AACT;;;ACxCA,SAAS,kBAAoC;AAC7C;AAAA,EACE,qBAAAC;AAAA,EACA;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAOK;AACP,SAAS,YAAY,MAAM,SAAS,OAAO,WAAW,YAAAC,iBAAgB;AACtE,OAA6B;AAC7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AA0XA,IAAe,gBAAf,MAAe,uBAAsBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI5C;AAAA,EAEN,YAAY,MAAc,MAAiC,MAAwB;AAC3F,UAAM,sBAAsB,MAAM,MAAM,IAAI;AAE5C,UAAM,iBAAiBC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AAChD,YAAM,eAAeC,WAAUD,MAAK,aAAaA,MAAK,YAAY;AAClE,YAAM,cAAcC,WAAUD,MAAK,YAAYA,MAAK,WAAW;AAE/D,YAAM,mBAAyC,CAAC;AAEhD,UAAIA,MAAK,cAAc;AACrB,yBAAiB,KAAK;AAAA,UACpB,YAAY,CAAC,aAAa;AAAA,UAC1B,WAAW,CAAC,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,UACrC,KAAK;AAAA,UACL,OAAO,CAAC;AAAA,UACR,OAAO,CAAC;AAAA,UACR,UAAU,CAAC;AAAA,QACb,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,GAAGA;AAAA,QAEH,aAAaA,MAAK,WAAW,0BAA0BA,MAAK,QAAQ,IAAI,CAAC;AAAA,QAEzE,eAAeA,MAAK,iBAAiB;AAAA,QACrC,gBAAgBA,MAAK,kBAAkB;AAAA,QAEvC,oBAAoBA,MAAK,sBAAsB;AAAA,QAE/C,cAAc,aAAa,QAAQ,UAAQ;AACzC,gBAAM,YAAYC;AAAA,YAChBD,MAAK,aAAa;AAAA,YAClBA,MAAK,aAAa;AAAA,UACpB;AACA,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,sBAAsB,QAAQ,iBAAiB,cAAY;AAC/D,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,mBAAO;AAAA,UACT,CAAC;AAED,gBAAM,aAAa,oBAAoB,EAAE,IACrC,eAAc,oBAAoB,QAAW,oBAAoB,EAAE,GAAGA,MAAK,OAAO,IAClF;AAEJ,gBAAM,aAAa,OAAO,QAAQ,mBAAmB,EAClD,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,EAAE,EAC5B,IAAI,CAAC,CAAC,EAAEE,UAAS,MAAM;AACtB,mBAAO,eAAc,oBAAoB,QAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,WAAW;AAAA,cACrB,OAAOC,WAAU,KAAK,UAAU,KAAK,SAAS,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC9E,OAAO,CAAC;AAAA,cACR,UAAUA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACvD,YAAYA,WAAU,KAAK,eAAe,KAAK,cAAc;AAAA,cAC7D,WAAWA,WAAU,KAAK,cAAc,KAAK,aAAa;AAAA,cAC1D,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC;AAAA,QAED,aAAa,YACV,QAAQ,UAAQ;AACf,gBAAM,YAAYF,WAAUD,MAAK,YAAY,YAAYA,MAAK,YAAY,WAAW;AACrF,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,gCAAgC,QAAQ,iBAAiB,cAAY;AACzE,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,kBAAM,OAAO,cAAc,UAAUA,MAAK,OAAO,IAC7C,SAAS,SAAS,WAAW,aAC7B,SAAS;AAEb,mBAAO,GAAG,QAAQ,GAAG,IAAI,SAAS;AAAA,UACpC,CAAC;AAED,gBAAM,aAAa,8BAA8B,IAAI,IACjD,eAAc;AAAA,YACZ;AAAA,YACA,8BAA8B,IAAI;AAAA,YAClCA,MAAK;AAAA,UACP,IACA;AAEJ,gBAAM,aAAa,OAAO,QAAQ,6BAA6B,EAC5D,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,IAAI,EAC9B,IAAI,CAAC,CAAC,KAAKE,UAAS,MAAM;AACzB,kBAAM,CAAC,IAAI,IAAI,IAAI,MAAM,GAAG;AAC5B,kBAAM,aAAa,SAAS,MAAM,EAAE;AACpC,kBAAM,YAAY,MAAM,UAAU,IAAI,OAAO;AAE7C,mBAAO,eAAc,oBAAoB,WAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,SAAS;AAAA,cACnB,OAAOC,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,UAAUA,WAAU,KAAK,WAAW,KAAK,UAAU;AAAA,cACnD,YAAYA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACzD,WAAWA,WAAU,KAAK,YAAY,KAAK,WAAW;AAAA,cACtD,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC,EACA,OAAO,gBAAgB;AAAA,MAC5B;AAAA,IACF,CAAC;AAED,SAAK,gBAAgBJ;AAAA,MACnB,eAAe,MAAM,OAAMC,UAAQ;AACjC,eAAOD;AAAA,UACL,KAAK,OAAO,MAAMC,OAAqC;AAAA,YACrD,GAAG;AAAA,YACH,QAAQ;AAAA,YACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,UAC1C,CAAC;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,QACQ;AACR,QAAI,OAAO,SAAS,QAAQ;AAC1B,aAAO,GAAG,OAAO,OAAO;AAAA,IAC1B;AAEA,WAAO,GAAG,OAAO,OAAO;AAAA,EAC1B;AAAA,EAEA,OAAe,oBACb,MACA,WACA,SACoB;AACpB,UAAM,QAA6B,OAC/B,CAAC,EAAE,MAAM,UAAU,UAAU,CAAC,EAAE,UAAU,YAAY,EAAE,CAAC,IACzD,CAAC;AAEL,UAAM,QAAQ,UACX,OAAO,cAAY,CAAC,cAAc,UAAU,OAAO,CAAC,EACpD,OAAO,cAAY,SAAS,SAAS,UAAU,SAAS,SAAS,MAAM,EACvE,IAAI,eAAc,mBAAmB;AAExC,UAAM,QAAQ,UACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,cAAY,SAAS,QAAQ;AAEpC,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,SAAS,SAAS,WAAW,QAAQ;AAExD,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,mBAAmB,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7D,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA;AAAA,MACA,UAAU,CAAC;AAAA,MACX,YAAY,YAAY,CAAC,SAAS,IAAI,CAAC;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,MAAmC;AAC5D,WACE,CAAC,KAAK,OACN,KAAK,MAAM,WAAW,KACtB,KAAK,MAAM,WAAW,KACtB,KAAK,SAAS,WAAW,KACzB,KAAK,WAAW,WAAW,KAC3B,KAAK,UAAU,WAAW,KAC1B,KAAK,MAAM,WAAW;AAAA,EAE1B;AAAA,EAQA,OAAO,OACL,MACA,MACA,MACuB;AACvB,WAAOD,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACtC,YAAM,MAAMA,MAAK,QAAQ;AAEzB,UAAI,QAAQ,SAAS;AACnB,eAAO,IAAI,oBAAoB,MAAMA,OAAM,IAAI;AAAA,MACjD;AAEA,YAAM,WAAW,GAAG,WAAW,GAAG,CAAC;AACnC,YAAM,aAAc,MAAM,OAAO,cAAc,GAAG;AAQlD,YAAM,YAAY,WAAW,QAAQ;AACrC,UAAI,CAAC,WAAW;AACd,cAAM,IAAI,MAAM,+BAA+B,GAAG,EAAE;AAAA,MACtD;AAEA,aAAO,IAAI,UAAU,MAAMA,OAAM,IAAI;AAAA,IACvC,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,QACL,WACA,SACA,MACA;AACA,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,eAAe;AAAA,QACf,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,qBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QACb,UAAU,CAAC;AAAA,QAEX,aAAa,EAAE,eAAe,UAAU;AAAA,QACxC,YAAY,EAAE,aAAa,UAAU;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,mBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,oBAAoB;AAAA,MACtB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,aACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,cAAc;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,YAAY,EAAE,OAAO,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,gBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,aAAa,EAAE,SAAS,KAAK;AAAA,MAC/B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,sBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,mBAAmB,oBAAoB,cAAc,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,MACxE;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,uCAAuC,oBAAoB,cAAc,CAAC;AAAA,QAEvF,YAAY,EAAE,YAAY,SAAS;AAAA,MACrC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,0BACL,WACA,WACA,SACA,MACuB;AACvB,WAAOD,QAAO,EAAE,WAAW,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,WAAAG,YAAW,SAAAE,SAAQ,MAAM;AACtE,YAAM,eAAe,oBAAoBF,WAAU,IAAI,gBAAgB,GAAGE,QAAO;AAEjF,aAAO,eAAc,sBAAsB,cAAc,WAAWA,UAAS,IAAI;AAAA,IACnF,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,yBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,sBAAsB,oBAAoB,cAAc,CAAC;AAAA,MACzD;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,0CAA0C,oBAAoB,cAAc,CAAC;AAAA,QAE1F,aAAa,EAAE,cAAc,SAAS;AAAA,MACxC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,UAAM,UAAU,qBAAoB,mBAAmB,IAAI;AAC3D,UAAM,SAAS,qBAAoB,kBAAkB,IAAI;AAEzD,UAAM,cAAwB,CAAC;AAE/B,QAAI,QAAQ,SAAS,KAAK,KAAK,gBAAgB;AAC7C,kBAAY,KAAK,SAAS;AAAA,IAC5B;AAEA,QAAI,OAAO,SAAS,KAAK,KAAK,eAAe;AAC3C,kBAAY,KAAK,QAAQ;AAAA,IAC3B;AAEA,WAAO,IAAI,WAAW,GAAG;AAAA,MACvB;AAAA,MACA;AAAA,QACE,UAAU,UAAU,YAAY,MAAM,IAAI,GAAG;AAAA,UAC3C,aAAa,KAAK,cACd,EAAE,6BAA6B,KAAK,YAAY,IAChD;AAAA,QACN,CAAC;AAAA,QACD,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,kBAAqD;AAAA,IAClE,MAAM;AAAA,IACN,QAAQ,CAAC,cAAc,iBAAiB,gBAAgB;AAAA,EAC1D;AAAA,EAEA,OAAe,kBAAqE;AAAA,IAClF,IAAI;AAAA,MACF;AAAA,QACE,mBAAmB,EAAE,aAAa,EAAE,+BAA+B,cAAc,EAAE;AAAA,QACnF,aAAa,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE;AAAA,MACxD;AAAA,IACF;AAAA,IACA,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,EACvC;AAAA,EAEA,OAAe,mBACb,MACsD;AACtD,WAAOC;AAAA,MACL,KAAK,aAAa,IAAI,WAAS;AAAA,QAC7B,MAAM,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,QAC9D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,MAChD,EAAE;AAAA,MACF,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBACb,MACqD;AACrD,UAAM,aAAkE,CAAC;AAEzE,UAAM,cAAc,KAAK,YAAY,KAAK,UAAQ,KAAK,MAAM,SAAS,CAAC;AACvE,QAAI,aAAa;AACf,iBAAW,KAAK,qBAAoB,eAAe;AAAA,IACrD;AAIA,UAAM,eAAe,KAAK,YAAY;AAAA,MAAK,UACzC,KAAK,MAAM,KAAK,UAAQ,CAAC,KAAK,SAAS,gBAAgB,CAAC;AAAA,IAC1D;AACA,QAAI,cAAc;AAChB,iBAAW,KAAK,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAoB,gBAAgB,CAAC,EAAE,CAAC;AAAA,IAC5E;AAGA,QAAI,KAAK,oBAAoB;AAC3B,YAAM,EAAE,QAAQ,aAAa,IAAI,KAAK;AAEtC,UAAI,QAAQ,uBAAuB;AACjC,mBAAW,KAAK;AAAA,UACd,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,QAAQ,sBAAsB,QAAQ,MAAM,EAAE,CAAC;AAAA,UAC1E,OAAO,CAAC,EAAE,MAAM,QAAQ,sBAAsB,YAAY,UAAU,MAAM,CAAC;AAAA,QAC7E,CAAC;AAAA,MACH,OAAO;AACL,cAAM,QAAQ,aACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,eAAa;AAAA,UAChB,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,QAAQ,EAAE,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,SAAS,MAAM,UAAU,MAAM,CAAC;AAAA,QAClD,EAAE;AAEJ,mBAAW,KAAK,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF;AAEA,WAAOA;AAAA,MACL,KAAK,YACF,IAAI,UAAQ;AACX,eAAO;AAAA,UACL,IAAI,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,UAC5D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,QAChD;AAAA,MACF,CAAC,EACA,OAAO,UAAQ,KAAK,OAAO,MAAS,EACpC,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,gBAEb,MAC2D;AAC3D,UAAM,QAAQA;AAAA,MACZ;AAAA,QACE,GAAG,qBAAoB,gBAAgB,IAAI;AAAA,QAC3C,GAAG,qBAAoB,mBAAmB,IAAI;AAAA,QAC9C,GAAG,qBAAoB,oBAAoB,IAAI;AAAA,MACjD;AAAA,MACA,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAEA,WAAO,MAAM,SAAS,IAAI,QAAQ;AAAA,EACpC;AAAA,EAEA,OAAe,gBACb,MAC+C;AAC/C,WAAO,KAAK,MAAM,IAAI,WAAS,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,OAAe,mBACb,MAC+C;AAC/C,WAAO,KAAK,SAAS,IAAI,aAAW;AAClC,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO;AAAA,QACL,mBAAmB,2BAA2B,QAAQ,SAAS,SAAS;AAAA,QACxE,aAAa;AAAA,MACf;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,OAAe,oBACb,MAC+C;AAC/C,UAAM,gBAAgB,KAAK,UAAU,IAAI,eAAa;AAAA,MACpD,aAAa,0BAA0B,QAAQ;AAAA,IACjD,EAAE;AAEF,UAAM,iBAAiB,KAAK,WAAW,IAAI,qBAAoB,mBAAmB;AAElF,QAAI,eAAe,WAAW,GAAG;AAE/B,aAAO;AAAA,IACT;AAEA,QAAI,cAAc,WAAW,GAAG;AAE9B,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,MACL,cAAc,IAAI,kBAAgB;AAChC,eAAO,eAAe,IAAI,mBAAiB,MAAM,cAAc,aAAa,CAAC;AAAA,MAC/E,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,WAC6C;AAC7C,UAAM,gBAAgB,gCAAgC,SAAS;AAC/D,UAAM,oBAAoB,2BAA2B,aAAa;AAElE,WAAO,EAAE,kBAAkB;AAAA,EAC7B;AAAA,EAEA,OAAe,SACb,OAC+C;AAC/C,WAAO,MAAM,IAAI,UAAQ;AACvB,UAAI,UAAU,MAAM;AAClB,eAAO;AAAA,UACL,MAAM,KAAK;AAAA,UACX,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM,KAAK,MAAM,CAAC;AAAA,QAClB,SAAS,KAAK,MAAM,CAAC;AAAA,QACrB,UAAU,KAAK,YAAY;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":["cluster","entity","args","id","ComponentResource","normalize","output","output","output","ComponentResource","output","args","normalize","filterEndpoints","filterEndpoints","ComponentResource","normalize","output","uniqueBy","ComponentResource","output","args","normalize","endpoints","rule","cluster","uniqueBy"]}

package/dist/chunk-Y3LZSX7I.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/namespace.ts","../src/shared.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n type Unwrap,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, type CommonArgs } from \"./shared\"\n\nexport type NamespaceArgs = Omit<CommonArgs, \"namespace\"> & {\n /**\n * Whether to apply \"pod-security.kubernetes.io/enforce=privileged\" label to the namespace.\n */\n privileged?: boolean\n}\n\nexport type CreateOrPatchNamespaceArgs = NamespaceArgs & {\n /**\n * The resource to use to determine the name of the namespace.\n *\n * If not provided, the namespace will be created, otherwise it will be retrieved/patched.\n */\n resource: Input<k8s.Resource> | undefined\n}\n\nexport abstract class Namespace extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the namespace is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /*\n * The metadata of the underlying Kubernetes namespace.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes namespace.\n */\n readonly spec: Output<types.output.core.v1.NamespaceSpec>,\n\n /**\n * The status of the underlying Kubernetes namespace.\n */\n readonly status: Output<types.output.core.v1.NamespaceStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new namespace.\n */\n static create(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new CreatedNamespace(name, args, opts)\n }\n\n /**\n * Creates a new namespace or patches an existing one.\n *\n * Will throw an error if the namespace does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n if (!args.resource) {\n return new CreatedNamespace(name, args, opts)\n }\n\n return new NamespacePatch(\n name,\n {\n ...args,\n name: output(args).apply(args => {\n if (args.resource!.clusterId !== args.cluster.id) {\n throw new Error(\n `Cluster mismatch when patching namespace \"${name}\": \"${args.resource!.clusterId}\" != \"${args.cluster.id}\"`,\n )\n }\n\n return args.resource!.metadata.namespace\n }),\n },\n opts,\n )\n }\n\n /**\n * Creates a new namespace or gets an existing one.\n *\n * Will throw an error if the namespace does not exist when `args.resource` is provided.\n */\n static createOrGet(\n name: string,\n args: CreateOrPatchNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n if (!args.resource) {\n return new CreatedNamespace(name, args, opts)\n }\n\n return new ExternalNamespace(\n name,\n output(args).apply(args => {\n if (args.resource!.clusterId !== args.cluster.id) {\n throw new Error(\n `Cluster mismatch when receiving namespace \"${name}\": \"${args.resource!.clusterId}\" != \"${args.cluster.id}\"`,\n )\n }\n\n return args.resource!.metadata.namespace\n }),\n args.cluster,\n opts,\n )\n }\n\n /**\n * Patches an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n */\n static patch(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new NamespacePatch(name, args, opts)\n }\n\n /**\n * Gets an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Namespace {\n return new ExternalNamespace(name, id, cluster, opts)\n }\n}\n\nfunction mapNamespaceMetadata(\n args: Unwrap<NamespaceArgs>,\n name: string,\n): types.input.meta.v1.ObjectMeta {\n const labels: Record<string, string> = args.metadata?.labels ?? {}\n\n if (args.privileged) {\n labels[\"pod-security.kubernetes.io/enforce\"] = \"privileged\"\n }\n\n return { ...mapMetadata(args, name), labels }\n}\n\nclass CreatedNamespace extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args).apply(async args => {\n return new core.v1.Namespace(\n name,\n {\n metadata: mapNamespaceMetadata(args, name),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:Namespace\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nclass NamespacePatch extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args).apply(async args => {\n return new core.v1.NamespacePatch(\n name,\n {\n metadata: mapNamespaceMetadata(args, name),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:NamespacePatch\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nclass ExternalNamespace extends Namespace {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const namespace = output(id).apply(async realName => {\n return core.v1.Namespace.get(\n //\n name,\n realName,\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalNamespace\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n","import type { PartialKeys } from \"@highstate/contract\"\nimport type { k8s } from \"@highstate/library\"\nimport { interpolate, Output, output, toPromise, type Input, type Unwrap } from \"@highstate/pulumi\"\nimport { core, Provider, types } from \"@pulumi/kubernetes\"\nimport { Namespace } from \"./namespace\"\n\nconst providers = new Map<string, Provider>()\n\nexport function getProvider(cluster: Input<k8s.Cluster>): Promise<Provider> {\n const provider = output(cluster).apply(cluster => {\n const existingProvider = providers.get(cluster.id)\n if (existingProvider) {\n return existingProvider\n }\n\n const provider = new Provider(`${cluster.name}-${cluster.id}`, {\n kubeconfig: cluster.kubeconfig,\n })\n providers.set(cluster.id, provider)\n\n return provider\n })\n\n return toPromise(provider)\n}\n\nexport type NamespaceLike = core.v1.Namespace | Namespace | string\n\nexport type CommonArgs = {\n /**\n * The name of the resource.\n */\n name?: Input<string>\n\n /**\n * The namespace to create the resource in.\n */\n namespace: Input<NamespaceLike | undefined>\n\n /**\n * The cluster to create the resource in.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The metadata to apply to the resource.\n */\n metadata?: Input<types.input.meta.v1.ObjectMeta>\n}\n\nexport const commonExtraArgs = [\"name\", \"namespace\", \"cluster\", \"metadata\"] as const\n\nexport function mapMetadata(\n args: PartialKeys<Unwrap<CommonArgs>, \"namespace\" | \"cluster\">,\n fallbackName?: string,\n): types.input.meta.v1.ObjectMeta {\n return {\n ...args.metadata,\n name: args.name ?? args.metadata?.name ?? fallbackName,\n namespace: args.namespace ? mapNamespaceLikeToNamespaceName(args.namespace) : undefined,\n }\n}\n\nexport type SelectorLike = types.input.meta.v1.LabelSelector | Record<string, Input<string>>\n\nexport function mapSelectorLikeToSelector(\n selector: SelectorLike,\n): types.input.meta.v1.LabelSelector {\n if (\"matchLabels\" in selector || \"matchExpressions\" in selector) {\n return selector\n }\n\n return {\n matchLabels: selector as Record<string, Input<string>>,\n }\n}\n\nexport function mapNamespaceLikeToNamespaceName(namespace: NamespaceLike): Output<string> {\n if (Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n if (core.v1.Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n return output(namespace)\n}\n\nexport function mapNamespaceNameToSelector(\n namespace: Input<string>,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: {\n \"kubernetes.io/metadata.name\": namespace,\n },\n }\n}\n\nexport type ResourceId = {\n name: Input<string>\n namespace?: Input<NamespaceLike | undefined>\n}\n\nexport function resourceIdToString(id: Input<ResourceId>): Output<string> {\n return output(id).apply(metadata => {\n const namespaceName = metadata.namespace\n ? mapNamespaceLikeToNamespaceName(metadata.namespace)\n : undefined\n\n return output(namespaceName ? interpolate`${namespaceName}/${metadata.name}` : metadata.name)\n })\n}\n\nexport function withPatchName(\n resourceType: string,\n resource: Input<k8s.Resource>,\n cluster: Input<k8s.Cluster>,\n): Output<string> {\n return output({ resource, cluster }).apply(({ resource, cluster }) => {\n if (resource.clusterId !== cluster.id) {\n throw new Error(\n `Cluster mismatch when patching ${resourceType} \"${resource.metadata.name}\": \"${resource.clusterId}\" != \"${cluster.id}\"`,\n )\n }\n\n return resource.metadata.name\n })\n}\n"],"mappings":";AACA,SAAS,QAAAA,aAAwB;AACjC;AAAA,EACE;AAAA,EACA,UAAAC;AAAA,OAMK;;;ACRP,SAAS,aAAqB,QAAQ,iBAA0C;AAChF,SAAS,MAAM,gBAAuB;AAGtC,IAAM,YAAY,oBAAI,IAAsB;AAErC,SAAS,YAAY,SAAgD;AAC1E,QAAM,WAAW,OAAO,OAAO,EAAE,MAAM,CAAAC,aAAW;AAChD,UAAM,mBAAmB,UAAU,IAAIA,SAAQ,EAAE;AACjD,QAAI,kBAAkB;AACpB,aAAO;AAAA,IACT;AAEA,UAAMC,YAAW,IAAI,SAAS,GAAGD,SAAQ,IAAI,IAAIA,SAAQ,EAAE,IAAI;AAAA,MAC7D,YAAYA,SAAQ;AAAA,IACtB,CAAC;AACD,cAAU,IAAIA,SAAQ,IAAIC,SAAQ;AAElC,WAAOA;AAAA,EACT,CAAC;AAED,SAAO,UAAU,QAAQ;AAC3B;AA0BO,IAAM,kBAAkB,CAAC,QAAQ,aAAa,WAAW,UAAU;AAEnE,SAAS,YACd,MACA,cACgC;AAChC,SAAO;AAAA,IACL,GAAG,KAAK;AAAA,IACR,MAAM,KAAK,QAAQ,KAAK,UAAU,QAAQ;AAAA,IAC1C,WAAW,KAAK,YAAY,gCAAgC,KAAK,SAAS,IAAI;AAAA,EAChF;AACF;AAIO,SAAS,0BACd,UACmC;AACnC,MAAI,iBAAiB,YAAY,sBAAsB,UAAU;AAC/D,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,aAAa;AAAA,EACf;AACF;AAEO,SAAS,gCAAgC,WAA0C;AACxF,MAAI,UAAU,WAAW,SAAS,GAAG;AACnC,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,MAAI,KAAK,GAAG,UAAU,WAAW,SAAS,GAAG;AAC3C,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,SAAO,OAAO,SAAS;AACzB;AAEO,SAAS,2BACd,WACmC;AACnC,SAAO;AAAA,IACL,aAAa;AAAA,MACX,+BAA+B;AAAA,IACjC;AAAA,EACF;AACF;AAOO,SAAS,mBAAmB,IAAuC;AACxE,SAAO,OAAO,EAAE,EAAE,MAAM,cAAY;AAClC,UAAM,gBAAgB,SAAS,YAC3B,gCAAgC,SAAS,SAAS,IAClD;AAEJ,WAAO,OAAO,gBAAgB,cAAc,aAAa,IAAI,SAAS,IAAI,KAAK,SAAS,IAAI;AAAA,EAC9F,CAAC;AACH;AAEO,SAAS,cACd,cACA,UACA,SACgB;AAChB,SAAO,OAAO,EAAE,UAAU,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,UAAAC,WAAU,SAAAF,SAAQ,MAAM;AACpE,QAAIE,UAAS,cAAcF,SAAQ,IAAI;AACrC,YAAM,IAAI;AAAA,QACR,kCAAkC,YAAY,KAAKE,UAAS,SAAS,IAAI,OAAOA,UAAS,SAAS,SAASF,SAAQ,EAAE;AAAA,MACvH;AAAA,IACF;AAEA,WAAOE,UAAS,SAAS;AAAA,EAC3B,CAAC;AACH;;;ADnGO,IAAe,YAAf,cAAiC,kBAAkB;AAAA,EAC9C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAqB,MAA4C;AAC3F,WAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAMC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AAC/B,cAAIA,MAAK,SAAU,cAAcA,MAAK,QAAQ,IAAI;AAChD,kBAAM,IAAI;AAAA,cACR,6CAA6C,IAAI,OAAOA,MAAK,SAAU,SAAS,SAASA,MAAK,QAAQ,EAAE;AAAA,YAC1G;AAAA,UACF;AAEA,iBAAOA,MAAK,SAAU,SAAS;AAAA,QACjC,CAAC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACAD,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AACzB,YAAIA,MAAK,SAAU,cAAcA,MAAK,QAAQ,IAAI;AAChD,gBAAM,IAAI;AAAA,YACR,8CAA8C,IAAI,OAAOA,MAAK,SAAU,SAAS,SAASA,MAAK,QAAQ,EAAE;AAAA,UAC3G;AAAA,QACF;AAEA,eAAOA,MAAK,SAAU,SAAS;AAAA,MACjC,CAAC;AAAA,MACD,KAAK;AAAA,MACL;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,MAAM,MAAc,MAAqB,MAA4C;AAC1F,WAAO,IAAI,eAAe,MAAM,MAAM,IAAI;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACW;AACX,WAAO,IAAI,kBAAkB,MAAM,IAAI,SAAS,IAAI;AAAA,EACtD;AACF;AAEA,SAAS,qBACP,MACA,MACgC;AAChC,QAAM,SAAiC,KAAK,UAAU,UAAU,CAAC;AAEjE,MAAI,KAAK,YAAY;AACnB,WAAO,oCAAoC,IAAI;AAAA,EACjD;AAEA,SAAO,EAAE,GAAG,YAAY,MAAM,IAAI,GAAG,OAAO;AAC9C;AAEA,IAAM,mBAAN,cAA+B,UAAU;AAAA,EACvC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYD,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,qBAAqBD,OAAM,IAAI;AAAA,QAC3C;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,UAAU;AAAA,EACrC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,qBAAqBD,OAAM,IAAI;AAAA,QAC3C;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,oBAAN,cAAgC,UAAU;AAAA,EACxC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,YAAYA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AACnD,aAAOE,MAAK,GAAG,UAAU;AAAA;AAAA,QAEvB;AAAA,QACA;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;","names":["core","output","cluster","provider","resource","output","args","core"]}

package/dist/deployment-QTPBNKO5.js DELETED Viewed

@@ -1,10 +0,0 @@
-import {
-  Deployment
-} from "./chunk-6L67WIZW.js";
-import "./chunk-SARVLQZY.js";
-import "./chunk-WEKIQRCZ.js";
-import "./chunk-Y3LZSX7I.js";
-export {
-  Deployment
-};
-//# sourceMappingURL=deployment-QTPBNKO5.js.map

package/dist/stateful-set-K4GV7ZTK.js DELETED Viewed

@@ -1,10 +0,0 @@
-import {
-  StatefulSet
-} from "./chunk-VL7Z5FJQ.js";
-import "./chunk-SARVLQZY.js";
-import "./chunk-WEKIQRCZ.js";
-import "./chunk-Y3LZSX7I.js";
-export {
-  StatefulSet
-};
-//# sourceMappingURL=stateful-set-K4GV7ZTK.js.map

package/src/custom.ts DELETED Viewed

@@ -1,104 +0,0 @@
-import type { k8s } from "@highstate/library"
-import { dynamic, interpolate, Output, type Input } from "@pulumi/pulumi"
-import { KubeConfig } from "@kubernetes/client-node"
-import { toPromise } from "@highstate/pulumi"
-type CustomOperationInputs = {
-  /**
-   * The cluster to perform the operation on.
-   */
-  cluster: Input<k8s.Cluster>
-}
-type WorkloadReloadInputs = CustomOperationInputs & {
-  /**
-   * The type of workload to reload.
-   */
-  workloadType: Input<"Deployment" | "StatefulSet" | "DaemonSet">
-  /**
-   * The namespace of the workload to reload.
-   */
-  namespace: Input<string>
-  /**
-   * The name of the workload to reload.
-   */
-  name: Input<string>
-}
-abstract class CustomOperation<
-    TInputs extends CustomOperationInputs = CustomOperationInputs,
-    TOutputs extends CustomOperationInputs = CustomOperationInputs,
-  >
-  extends dynamic.Resource
-  implements dynamic.ResourceProvider<TInputs, TOutputs>
-{
-  async create(inputs: TInputs): Promise<dynamic.CreateResult<TOutputs>> {
-    const kubeconfig = await this.createKubeConfig(inputs.cluster)
-    return {
-      id: this.getId(inputs),
-      outs: await this.onCreate(kubeconfig, inputs),
-    }
-  }
-  async update(
-    _id: string,
-    outputs: TOutputs,
-    inputs: TInputs,
-  ): Promise<dynamic.UpdateResult<TOutputs>> {
-    const kubeconfig = await this.createKubeConfig(inputs.cluster)
-    if (this.onUpdate) {
-      return {
-        outs: await this.onUpdate(kubeconfig, inputs, outputs),
-      }
-    }
-    return { outs: outputs }
-  }
-  async delete(_id: string, outputs: TOutputs): Promise<void> {
-    const kubeconfig = await this.createKubeConfig(outputs.cluster)
-    if (this.onDelete) {
-      await this.onDelete(kubeconfig, outputs)
-    }
-  }
-  private async createKubeConfig(cluster: Input<k8s.Cluster>): Promise<KubeConfig> {
-    const clusterConfig = await toPromise(cluster)
-    const kubeconfig = new KubeConfig()
-    kubeconfig.loadFromString(clusterConfig.kubeconfig)
-    return kubeconfig
-  }
-  abstract getId(inputs: TInputs): Input<string>
-  abstract onCreate(kubeconfig: KubeConfig, inputs: TInputs): Promise<Omit<TOutputs, "cluster">>
-  onUpdate?(
-    kubeconfig: KubeConfig,
-    inputs: TInputs,
-    outputs: TOutputs,
-  ): Promise<Omit<TOutputs, "cluster">>
-  onDelete?(kubeconfig: KubeConfig, outputs: TOutputs): Promise<void>
-}
-export class WorkloadReload extends CustomOperation<WorkloadReloadInputs> {
-  override getId(inputs: WorkloadReloadInputs): Output<string> {
-    return interpolate`highstate:k8s:workload-reload:${inputs.workloadType}:${inputs.namespace}:${inputs.name}`
-  }
-  override async onCreate(kubeconfig: KubeConfig, inputs: WorkloadReloadInputs) {
-    const apps = kubeconfig.makeApiClient(SchedulingV1Api)
-    apps.res
-    return {}
-  }
-}

/package/dist/{deployment-QTPBNKO5.js.map → chunk-PZ5AY32C.js.map} RENAMED Viewed

File without changes

/package/dist/{stateful-set-K4GV7ZTK.js.map → deployment-KOZNZXJA.js.map} RENAMED Viewed

File without changes