@highstate/k8s 0.9.18 → 0.9.19

package/src/scripting/bundle.ts

@@ -1,6 +1,6 @@
 import type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from "../container"
 import type { network } from "@highstate/library"
-import { apply, normalize, type InputArray } from "@highstate/pulumi"
+import { normalize, type InputArray } from "@highstate/pulumi"
 import {
   ComponentResource,
   output,
@@ -9,13 +9,13 @@ import {
   type Output,
   type Unwrap,
 } from "@pulumi/pulumi"
-import { mapValues, omitBy, pipe } from "remeda"
+import { mapValues, omitBy } from "remeda"
 import { deepmerge } from "deepmerge-ts"
 import { readPackageJSON } from "pkg-types"
 import { text, trimIndentation } from "@highstate/contract"
 import { parseL34Endpoint } from "@highstate/common"
 import { serializeFunction } from "@pulumi/pulumi/runtime/index.js"
-import { type CommonArgs } from "../shared"
+import type { ScopedResourceArgs } from "../shared"
 import { ConfigMap } from "../config-map"
 import {
   emptyScriptEnvironment,
@@ -25,7 +25,7 @@ import {
   type ScriptEnvironment,
 } from "./environment"
 
-export type ScriptBundleArgs = CommonArgs & {
+export type ScriptBundleArgs = ScopedResourceArgs & {
   /**
    * The environment to bundle the scripts from.
    */
@@ -81,11 +81,11 @@ export class ScriptBundle extends ComponentResource {
   constructor(name: string, args: ScriptBundleArgs, opts?: ComponentResourceOptions) {
     super("highstate:k8s:ScriptBundle", name, args, opts)
 
-    const scriptEnvironment = pipe(
-      output(args),
-      apply(args => normalize(args.environment, args.environments)),
-      apply(args => deepmerge(emptyScriptEnvironment, ...args)),
-    ) as Output<Unwrap<ResolvedScriptEnvironment>>
+    const scriptEnvironment = output(args)
+      .apply(args => normalize(args.environment, args.environments))
+      .apply(args => deepmerge(emptyScriptEnvironment, ...args)) as Output<
+      Unwrap<ResolvedScriptEnvironment>
+    >
 
     const hasFunctionScripts = scriptEnvironment.apply(scriptEnvironment => {
       return Object.values(scriptEnvironment.files).some(file => typeof file === "function")
@@ -121,7 +121,6 @@ export class ScriptBundle extends ComponentResource {
       return ConfigMap.create(
         name,
         {
-          cluster: args.cluster,
           namespace: args.namespace,
 
           data: createScriptData(this.distribution, scriptEnvironment),
@@ -162,16 +161,6 @@ export class ScriptBundle extends ComponentResource {
           : []),
       ]
     })
-
-    this.registerOutputs({
-      configMap: this.configMap,
-      volumes: this.volumes,
-      volumeMounts: this.volumeMounts,
-      environment: this.environment,
-      distribution: this.distribution,
-      allowedEndpoints: this.allowedEndpoints,
-      image: this.image,
-    })
   }
 }
 

package/src/scripting/container.ts

@@ -1,7 +1,7 @@
 import type { Container } from "../container"
 import type { ScriptBundle } from "./bundle"
 import { merge } from "remeda"
-import { Output, output, type Input } from "@pulumi/pulumi"
+import { type Output, output, type Input } from "@pulumi/pulumi"
 
 export type ScriptContainer = Container & {
   /**

package/src/scripting/environment.ts

@@ -1,4 +1,4 @@
-import type { Input, InputArray, InputMap } from "@highstate/pulumi"
+import type { Input, InputArray, InputRecord } from "@highstate/pulumi"
 import type { ContainerEnvironment, ContainerVolumeMount, WorkloadVolume } from "../container"
 import type { InputL34Endpoint } from "@highstate/common"
 
@@ -21,7 +21,7 @@ export type DistributionEnvironment = {
    * The pre-install scripts that should be run before installing packages.
    * Typically, these scripts are used to install additional repositories.
    */
-  preInstallScripts?: InputMap<string>
+  preInstallScripts?: InputRecord<string>
 
   /**
    * The packages that are available in the environment.
@@ -46,17 +46,17 @@ export type ScriptEnvironment = {
   /**
    * The setup scripts that should be run before the script.
    */
-  setupScripts?: InputMap<string>
+  setupScripts?: InputRecord<string>
 
   /**
    * The cleanup scripts that should be run after the script.
    */
-  cleanupScripts?: InputMap<string>
+  cleanupScripts?: InputRecord<string>
 
   /**
    * The arbitrary files available in the environment including scripts.
    */
-  files?: InputMap<string | ScriptProgram>
+  files?: InputRecord<string | ScriptProgram>
 
   /**
    * The volumes that should be defined in the environment.

package/src/secret.ts

@@ -1,43 +1,42 @@
 import type { k8s } from "@highstate/library"
+import { getOrCreate } from "@highstate/contract"
+import { toPromise } from "@highstate/pulumi"
 import { core, type types } from "@pulumi/kubernetes"
 import {
-  ComponentResource,
-  output,
-  Output,
   type ComponentResourceOptions,
   type Input,
   type Inputs,
+  interpolate,
+  type Output,
+  output,
 } from "@pulumi/pulumi"
-import { getProvider, mapMetadata, withPatchName, type CommonArgs } from "./shared"
+import { getProvider, mapMetadata, type ScopedResourceArgs, ScopedResource } from "./shared"
+import { Namespace } from "./namespace"
 
-export type SecretArgs = CommonArgs &
+export type SecretArgs = ScopedResourceArgs &
   Omit<types.input.core.v1.Secret, "kind" | "metadata" | "apiVersion">
 
-export type CreateOrPatchSecretArgs = SecretArgs & {
+export type CreateOrGetSecretArgs = SecretArgs & {
   /**
-   * The resource to use to determine the name of the secret.
-   *
-   * If not provided, the secret will be created, otherwise it will be retrieved/patched.
+   * The secret entity to patch/retrieve.
    */
-  existing: Input<k8s.Resource> | undefined
+  existing: Input<k8s.ScopedResource> | undefined
 }
 
-export abstract class Secret extends ComponentResource {
+/**
+ * Represents a Kubernetes Secret resource with metadata and data.
+ */
+export abstract class Secret extends ScopedResource {
   protected constructor(
     type: string,
     name: string,
     args: Inputs,
     opts: ComponentResourceOptions | undefined,
 
-    /**
-     * The cluster where the secret is created.
-     */
-    readonly cluster: Output<k8s.Cluster>,
-
-    /**
-     * The metadata of the underlying Kubernetes secret.
-     */
-    readonly metadata: Output<types.output.meta.v1.ObjectMeta>,
+    apiVersion: Output<string>,
+    kind: Output<string>,
+    namespace: Output<Namespace>,
+    metadata: Output<types.output.meta.v1.ObjectMeta>,
 
     /**
      * The data of the underlying Kubernetes secret.
@@ -49,7 +48,31 @@ export abstract class Secret extends ComponentResource {
      */
     readonly stringData: Output<Record<string, string>>,
   ) {
-    super(type, name, args, opts)
+    super(type, name, args, opts, apiVersion, kind, namespace, metadata)
+  }
+
+  /**
+   * The Highstate secret entity.
+   */
+  get entity(): Output<k8s.ScopedResource> {
+    return output({
+      type: "secret",
+      clusterId: this.cluster.id,
+      clusterName: this.cluster.name,
+      metadata: this.metadata,
+    })
+  }
+
+  /**
+   * Gets the value of the secret field by the given key in `data`.
+   *
+   * Automatically decodes the base64 value.
+   *
+   * @param key The key of the secret.
+   * @returns The value of the secret.
+   */
+  getValue(key: string): Output<string> {
+    return this.data[key].apply(value => Buffer.from(value, "base64").toString())
   }
 
   /**
@@ -62,26 +85,62 @@ export abstract class Secret extends ComponentResource {
   /**
    * Creates a new secret or patches an existing one.
    *
-   * Will throw an error if the secret does not exist when `args.resource` is provided.
+   * @param name The name of the resource. May not be the same as the secret name.
+   * @param args The arguments to create or patch the secret with.
+   * @param opts Optional resource options.
    */
   static createOrPatch(
     name: string,
-    args: CreateOrPatchSecretArgs,
+    args: CreateOrGetSecretArgs,
     opts?: ComponentResourceOptions,
   ): Secret {
-    if (!args.existing) {
-      return new CreatedSecret(name, args, opts)
+    if (args.existing) {
+      return new SecretPatch(name, {
+        ...args,
+        name: output(args.existing).metadata.name,
+      })
     }
 
-    return new SecretPatch(
-      name,
-      {
-        ...args,
-        name: withPatchName("secret", args.existing, args.cluster),
-        namespace: output(args.existing).metadata.namespace,
-      },
-      opts,
-    )
+    return new CreatedSecret(name, args, opts)
+  }
+
+  /**
+   * Creates a new secret or gets an existing one.
+   *
+   * @param name The name of the resource. May not be the same as the secret name. Will not be used when existing secret is retrieved.
+   * @param args The arguments to create or get the secret with.
+   * @param opts Optional resource options.
+   */
+  static async createOrGet(
+    name: string,
+    args: CreateOrGetSecretArgs,
+    opts?: ComponentResourceOptions,
+  ): Promise<Secret> {
+    if (args.existing) {
+      return await Secret.forAsync(args.existing, output(args.namespace).cluster)
+    }
+
+    return new CreatedSecret(name, args, opts)
+  }
+
+  /**
+   * Patches an existing secret.
+   *
+   * Will throw an error if the secret does not exist.
+   *
+   * @param name The name of the resource. May not be the same as the secret name.
+   * @param args The arguments to patch the secret with.
+   * @param opts Optional resource options.
+   */
+  static patch(name: string, args: SecretArgs, opts?: ComponentResourceOptions): Secret {
+    return new SecretPatch(name, args, opts)
+  }
+
+  /**
+   * Wraps an existing Kubernetes secret.
+   */
+  static wrap(name: string, args: WrappedSecretArgs, opts?: ComponentResourceOptions): Secret {
+    return new WrappedSecret(name, args, opts)
   }
 
   /**
@@ -89,19 +148,59 @@ export abstract class Secret extends ComponentResource {
    *
    * Will throw an error if the secret does not exist.
    */
-  static get(
-    name: string,
-    id: Input<string>,
+  static get(name: string, args: ExternalSecretArgs, opts?: ComponentResourceOptions): Secret {
+    return new ExternalSecret(name, args, opts)
+  }
+
+  private static readonly secretCache = new Map<string, Secret>()
+
+  /**
+   * Gets an existing secret for a given entity.
+   * Prefer this method over `get` when possible.
+   *
+   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.
+   *
+   * This method is idempotent and will return the same instance for the same entity.
+   *
+   * @param entity The entity to get the secret for.
+   * @param cluster The cluster where the secret is located.
+   */
+  static for(entity: k8s.ScopedResource, cluster: Input<k8s.Cluster>): Secret {
+    return getOrCreate(
+      Secret.secretCache,
+      `${entity.clusterName}.${entity.metadata.namespace}.${entity.metadata.name}.${entity.clusterId}`,
+      name => {
+        return Secret.get(name, {
+          name: entity.metadata.name,
+          namespace: Namespace.forResource(entity, cluster),
+        })
+      },
+    )
+  }
+
+  /**
+   * Gets an existing secret for a given entity.
+   * Prefer this method over `get` when possible.
+   *
+   * It automatically names the resource with the following format: `{clusterName}.{namespace}.{name}.{clusterId}`.
+   *
+   * This method is idempotent and will return the same instance for the same entity.
+   *
+   * @param entity The entity to get the secret for.
+   * @param cluster The cluster where the secret is located.
+   */
+  static async forAsync(
+    entity: Input<k8s.ScopedResource>,
     cluster: Input<k8s.Cluster>,
-    opts?: ComponentResourceOptions,
-  ): Secret {
-    return new ExternalSecret(name, id, cluster, opts)
+  ): Promise<Secret> {
+    const resolvedEntity = await toPromise(entity)
+    return Secret.for(resolvedEntity, cluster)
   }
 }
 
 class CreatedSecret extends Secret {
   constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {
-    const secret = output(args).apply(async args => {
+    const secret = output(args.namespace).cluster.apply(cluster => {
       return new core.v1.Secret(
         name,
         {
@@ -114,7 +213,7 @@ class CreatedSecret extends Secret {
         {
           ...opts,
           parent: this,
-          provider: await getProvider(args.cluster),
+          provider: getProvider(cluster),
         },
       )
     })
@@ -124,7 +223,9 @@ class CreatedSecret extends Secret {
       name,
       args,
       opts,
-      output(args.cluster),
+      secret.apiVersion,
+      secret.kind,
+      output(args.namespace),
       secret.metadata,
       secret.data,
       secret.stringData,
@@ -134,7 +235,7 @@ class CreatedSecret extends Secret {
 
 class SecretPatch extends Secret {
   constructor(name: string, args: SecretArgs, opts?: ComponentResourceOptions) {
-    const secret = output(args).apply(async args => {
+    const secret = output(args.namespace).cluster.apply(cluster => {
       return new core.v1.SecretPatch(
         name,
         {
@@ -147,7 +248,7 @@ class SecretPatch extends Secret {
         {
           ...opts,
           parent: this,
-          provider: await getProvider(args.cluster),
+          provider: getProvider(cluster),
         },
       )
     })
@@ -157,7 +258,9 @@ class SecretPatch extends Secret {
       name,
       args,
       opts,
-      output(args.cluster),
+      secret.apiVersion,
+      secret.kind,
+      output(args.namespace),
       secret.metadata,
       secret.data,
       secret.stringData,
@@ -165,32 +268,67 @@ class SecretPatch extends Secret {
   }
 }
 
+export type WrappedSecretArgs = {
+  /**
+   * The underlying Kubernetes secret to wrap.
+   */
+  secret: Input<core.v1.Secret>
+
+  /**
+   * The namespace where the secret is located.
+   */
+  namespace: Input<Namespace>
+}
+
+class WrappedSecret extends Secret {
+  constructor(name: string, args: WrappedSecretArgs, opts?: ComponentResourceOptions) {
+    super(
+      "highstate:k8s:WrappedSecret",
+      name,
+      args,
+      opts,
+
+      output(args.secret).apiVersion,
+      output(args.secret).kind,
+      output(args.namespace),
+      output(args.secret).metadata,
+      output(args.secret).data,
+      output(args.secret).stringData,
+    )
+  }
+}
+
+export type ExternalSecretArgs = {
+  /**
+   * The name of the secret to get.
+   */
+  name: Input<string>
+
+  /**
+   * The namespace where the secret is located.
+   */
+  namespace: Input<Namespace>
+}
+
 class ExternalSecret extends Secret {
-  constructor(
-    name: string,
-    id: Input<string>,
-    cluster: Input<k8s.Cluster>,
-    opts?: ComponentResourceOptions,
-  ) {
-    const secret = output(id).apply(async realName => {
+  constructor(name: string, args: ExternalSecretArgs, opts?: ComponentResourceOptions) {
+    const secret = output(args.namespace).cluster.apply(cluster => {
       return core.v1.Secret.get(
-        //
         name,
-        realName,
-        {
-          ...opts,
-          parent: this,
-          provider: await getProvider(cluster),
-        },
+        interpolate`${output(args.namespace).metadata.name}/${args.name}`,
+        { ...opts, parent: this, provider: getProvider(cluster) },
       )
     })
 
     super(
       "highstate:k8s:ExternalSecret",
       name,
-      { id, cluster },
+      args,
       opts,
-      output(cluster),
+
+      secret.apiVersion,
+      secret.kind,
+      output(args.namespace),
       secret.metadata,
       secret.data,
       secret.stringData,