@highstate/k8s 0.9.9 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/{chunk-7R2VAXVL.js → chunk-5S4JPM4M.js} +4 -3
  2. package/dist/chunk-5S4JPM4M.js.map +1 -0
  3. package/dist/{chunk-W72HEBHG.js → chunk-6L67WIZW.js} +3 -3
  4. package/dist/{chunk-L6G2IHDP.js → chunk-SARVLQZY.js} +218 -45
  5. package/dist/chunk-SARVLQZY.js.map +1 -0
  6. package/dist/{chunk-WUJ7BFVE.js → chunk-VL7Z5FJQ.js} +3 -3
  7. package/dist/{chunk-OP75IMU7.js → chunk-WEKIQRCZ.js} +43 -17
  8. package/dist/chunk-WEKIQRCZ.js.map +1 -0
  9. package/dist/{chunk-HTQP2NB4.js → chunk-Y3LZSX7I.js} +4 -17
  10. package/dist/chunk-Y3LZSX7I.js.map +1 -0
  11. package/dist/deployment-QTPBNKO5.js +10 -0
  12. package/dist/highstate.manifest.json +8 -8
  13. package/dist/index.js +29 -41
  14. package/dist/index.js.map +1 -1
  15. package/dist/stateful-set-K4GV7ZTK.js +10 -0
  16. package/dist/units/cert-manager/index.js +3 -3
  17. package/dist/units/dns01-issuer/index.js +1 -1
  18. package/dist/units/gateway-api/index.js +1 -1
  19. package/package.json +9 -9
  20. package/src/config-map.ts +180 -0
  21. package/src/container.ts +48 -2
  22. package/src/cron-job.ts +8 -1
  23. package/src/custom.ts +104 -0
  24. package/src/helm.ts +2 -1
  25. package/src/index.ts +1 -2
  26. package/src/job.ts +8 -1
  27. package/src/network-policy.ts +23 -21
  28. package/src/network.ts +6 -6
  29. package/src/scripting/bundle.ts +7 -5
  30. package/src/secret.ts +4 -0
  31. package/src/service.ts +8 -8
  32. package/src/shared.ts +7 -19
  33. package/src/workload.ts +50 -28
  34. package/dist/chunk-7R2VAXVL.js.map +0 -1
  35. package/dist/chunk-HTQP2NB4.js.map +0 -1
  36. package/dist/chunk-L6G2IHDP.js.map +0 -1
  37. package/dist/chunk-OP75IMU7.js.map +0 -1
  38. package/dist/deployment-A26RVQ73.js +0 -10
  39. package/dist/stateful-set-S5BHTDJY.js +0 -10
  40. /package/dist/{chunk-W72HEBHG.js.map → chunk-6L67WIZW.js.map} +0 -0
  41. /package/dist/{chunk-WUJ7BFVE.js.map → chunk-VL7Z5FJQ.js.map} +0 -0
  42. /package/dist/{deployment-A26RVQ73.js.map → deployment-QTPBNKO5.js.map} +0 -0
  43. /package/dist/{stateful-set-S5BHTDJY.js.map → stateful-set-K4GV7ZTK.js.map} +0 -0
package/dist/{chunk-WUJ7BFVE.js → chunk-VL7Z5FJQ.js} RENAMED
@@ -2,13 +2,13 @@ import {
2
2
  ExposableWorkload,
3
3
  exposableWorkloadExtraArgs,
4
4
  getExposableWorkloadComponents
5
- } from "./chunk-L6G2IHDP.js";
5
+ } from "./chunk-SARVLQZY.js";
6
6
  import {
7
7
  getProvider,
8
8
  mapMetadata,
9
9
  resourceIdToString,
10
10
  withPatchName
11
- } from "./chunk-HTQP2NB4.js";
11
+ } from "./chunk-Y3LZSX7I.js";
12
12
 
13
13
  // src/stateful-set.ts
14
14
  import { output } from "@highstate/pulumi";
@@ -190,4 +190,4 @@ var ExternalStatefulSet = class extends StatefulSet {
190
190
  export {
191
191
  StatefulSet
192
192
  };
193
- //# sourceMappingURL=chunk-WUJ7BFVE.js.map
193
+ //# sourceMappingURL=chunk-VL7Z5FJQ.js.map
package/dist/{chunk-OP75IMU7.js → chunk-WEKIQRCZ.js} RENAMED
@@ -6,7 +6,7 @@ import {
6
6
  mapNamespaceNameToSelector,
7
7
  mapSelectorLikeToSelector,
8
8
  resourceIdToString
9
- } from "./chunk-HTQP2NB4.js";
9
+ } from "./chunk-Y3LZSX7I.js";
10
10
 
11
11
  // src/service.ts
12
12
  import { core } from "@pulumi/kubernetes";
@@ -62,7 +62,7 @@ var Service = class extends ComponentResource {
62
62
  static wrap(name, service, cluster, opts) {
63
63
  return new WrappedService(name, service, cluster, opts);
64
64
  }
65
- static external(name, id, cluster, opts) {
65
+ static get(name, id, cluster, opts) {
66
66
  return new ExternalService(name, id, cluster, opts);
67
67
  }
68
68
  static of(name, entity, cluster, opts) {
@@ -337,6 +337,32 @@ function mapHttpRouteRuleMatch(match) {
337
337
  return match;
338
338
  }
339
339
 
340
+ // src/network.ts
341
+ import { filterEndpoints as filterEndpoints2 } from "@highstate/common";
342
+ function getBestEndpoint(endpoints, cluster) {
343
+ if (!endpoints.length) {
344
+ return void 0;
345
+ }
346
+ if (endpoints.length === 1) {
347
+ return endpoints[0];
348
+ }
349
+ if (!cluster) {
350
+ return filterEndpoints2(endpoints)[0];
351
+ }
352
+ const clusterEndpoint = endpoints.find((endpoint) => isFromCluster(endpoint, cluster));
353
+ if (clusterEndpoint) {
354
+ return clusterEndpoint;
355
+ }
356
+ return filterEndpoints2(endpoints)[0];
357
+ }
358
+ function requireBestEndpoint(endpoints, cluster) {
359
+ const endpoint = getBestEndpoint(endpoints, cluster);
360
+ if (!endpoint) {
361
+ throw new Error(`No best endpoint found for cluster "${cluster.name}" (${cluster.id})`);
362
+ }
363
+ return endpoint;
364
+ }
365
+
340
366
  // src/network-policy.ts
341
367
  import { networking } from "@pulumi/kubernetes";
342
368
  import {
@@ -386,21 +412,13 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
386
412
  args2.ingressRule?.fromEndpoints
387
413
  );
388
414
  const parsedEndpoints = endpoints.map(parseL34Endpoint);
389
- const endpointsByPortsAndNamespaces = groupBy(parsedEndpoints, (endpoint) => {
415
+ const endpointsNamespaces = groupBy(parsedEndpoints, (endpoint) => {
390
416
  const namespace = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.namespace : "";
391
- const port = isFromCluster(endpoint, args2.cluster) ? endpoint.metadata.k8sService.targetPort : endpoint.port;
392
- return `${port ?? "0"}:${namespace}`;
417
+ return namespace;
393
418
  });
394
- const l3OnlyRule = endpointsByPortsAndNamespaces["0:"] ? _NetworkPolicy.getRuleFromEndpoint(
395
- void 0,
396
- endpointsByPortsAndNamespaces["0:"],
397
- args2.cluster
398
- ) : void 0;
399
- const otherRules = Object.entries(endpointsByPortsAndNamespaces).filter(([key]) => key !== "0:").map(([key, endpoints2]) => {
400
- const [port] = key.split(":");
401
- const portNumber = parseInt(port, 10);
402
- const portValue = isNaN(portNumber) ? port : portNumber;
403
- return _NetworkPolicy.getRuleFromEndpoint(portValue, endpoints2, args2.cluster);
419
+ const l3OnlyRule = endpointsNamespaces[""] ? _NetworkPolicy.getRuleFromEndpoint(void 0, endpointsNamespaces[""], args2.cluster) : void 0;
420
+ const otherRules = Object.entries(endpointsNamespaces).filter(([key]) => key !== "").map(([, endpoints2]) => {
421
+ return _NetworkPolicy.getRuleFromEndpoint(void 0, endpoints2, args2.cluster);
404
422
  });
405
423
  return [
406
424
  {
@@ -579,7 +597,7 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
579
597
  static allowEgressToEndpoint(endpoint, namespace, cluster, opts) {
580
598
  const parsedEndpoint = parseL34Endpoint(endpoint);
581
599
  return _NetworkPolicy.create(
582
- `allow-egress-to-${l34EndpointToString(parsedEndpoint)}`,
600
+ `allow-egress-to-${l34EndpointToString(parsedEndpoint).replace(":", "-")}`,
583
601
  {
584
602
  namespace,
585
603
  cluster,
@@ -589,6 +607,12 @@ var NetworkPolicy = class _NetworkPolicy extends ComponentResource3 {
589
607
  opts
590
608
  );
591
609
  }
610
+ static allowEgressToBestEndpoint(endpoints, namespace, cluster, opts) {
611
+ return output4({ endpoints, cluster }).apply(({ endpoints: endpoints2, cluster: cluster2 }) => {
612
+ const bestEndpoint = requireBestEndpoint(endpoints2.map(parseL34Endpoint), cluster2);
613
+ return _NetworkPolicy.allowEgressToEndpoint(bestEndpoint, namespace, cluster2, opts);
614
+ });
615
+ }
592
616
  static allowIngressFromEndpoint(endpoint, namespace, cluster, opts) {
593
617
  const parsedEndpoint = parseL34Endpoint(endpoint);
594
618
  return _NetworkPolicy.create(
@@ -761,6 +785,8 @@ export {
761
785
  mapServiceToLabelSelector,
762
786
  getServiceType,
763
787
  HttpRoute,
788
+ getBestEndpoint,
789
+ requireBestEndpoint,
764
790
  NetworkPolicy
765
791
  };
766
- //# sourceMappingURL=chunk-OP75IMU7.js.map
792
+ //# sourceMappingURL=chunk-WEKIQRCZ.js.map
package/dist/chunk-WEKIQRCZ.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/service.ts","../src/gateway/http-route.ts","../src/gateway/backend.ts","../src/network.ts","../src/network-policy.ts"],"sourcesContent":["import type { k8s, network } from \"@highstate/library\"\nimport { core, types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n} from \"@highstate/pulumi\"\nimport { omit, uniqueBy } from \"remeda\"\nimport { deepmerge } from \"deepmerge-ts\"\nimport { filterEndpoints, l4EndpointToString, parseL3Endpoint } from \"@highstate/common\"\nimport {\n commonExtraArgs,\n mapMetadata,\n resourceIdToString,\n type CommonArgs,\n type ResourceId,\n type SelectorLike,\n} from \"./shared\"\n\nexport type ServiceArgs = CommonArgs & {\n /**\n * The port to expose the service on.\n */\n port?: Input<types.input.core.v1.ServicePort>\n\n /**\n * Whether the service should be exposed by `NodePort` or `LoadBalancer`.\n *\n * The type of the service will be determined automatically based on the cluster.\n */\n external?: boolean\n} & types.input.core.v1.ServiceSpec\n\nconst serviceExtraArgs = [...commonExtraArgs, \"port\", \"ports\", \"external\"] as const\n\nexport type ServiceEndpointMetadata = {\n clusterId: string\n name: string\n namespace: string\n selector: SelectorLike\n targetPort: string | number\n}\n\n/**\n * Checks if the endpoint has service metadata.\n *\n * Alters the type of the endpoint to include the service metadata if it exists.\n *\n * @param endpoint The endpoint to check.\n * @returns True if the endpoint has service metadata, false otherwise.\n */\nexport function hasServiceMetadata(\n endpoint: network.L3Endpoint,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return endpoint.metadata?.k8sService !== undefined\n}\n\n/**\n * Returns the service metadata of the endpoint.\n *\n * @param endpoint The endpoint to get the service metadata from.\n * @returns The service metadata of the endpoint, or undefined if it doesn't exist.\n */\nexport function getServiceMetadata(\n endpoint: network.L3Endpoint,\n): ServiceEndpointMetadata | undefined {\n return endpoint.metadata?.k8sService as ServiceEndpointMetadata\n}\n\n/**\n * Adds service metadata to the endpoint.\n *\n * @param endpoint The endpoint to add the metadata to.\n * @param metadata The metadata to add.\n * @returns The endpoint with the added metadata.\n */\nexport function withServiceMetadata<TEdnpoint extends network.L34Endpoint>(\n endpoint: TEdnpoint,\n metadata: ServiceEndpointMetadata,\n): TEdnpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return {\n ...endpoint,\n metadata: {\n ...endpoint.metadata,\n k8sService: metadata,\n },\n }\n}\n\n/**\n * Checks if the endpoint is from the given cluster.\n *\n * @param endpoint The endpoint to check.\n * @param cluster The cluster to check against.\n * @returns True if the endpoint is from the cluster, false otherwise.\n */\nexport function isFromCluster(\n endpoint: network.L3Endpoint,\n cluster: k8s.Cluster,\n): endpoint is network.L3Endpoint & { metadata: { k8sService: ServiceEndpointMetadata } } {\n return getServiceMetadata(endpoint)?.clusterId === cluster.id\n}\n\nexport abstract class Service extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster info associated with the service.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /**\n * The metadata of the underlying Kubernetes service.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes service.\n */\n readonly spec: Output<types.output.core.v1.ServiceSpec>,\n\n /**\n * The status of the underlying Kubernetes service.\n */\n readonly status: Output<types.output.core.v1.ServiceStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * The Highstate service entity.\n */\n get entity(): Output<k8s.Service> {\n return output({\n type: \"k8s.service\",\n clusterId: this.cluster.id,\n metadata: this.metadata,\n endpoints: this.endpoints,\n })\n }\n\n static create(name: string, args: ServiceArgs, opts: ComponentResourceOptions): Service {\n return new CreatedService(name, args, opts)\n }\n\n static wrap(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new WrappedService(name, service, cluster, opts)\n }\n\n static get(\n name: string,\n id: ResourceId,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new ExternalService(name, id, cluster, opts)\n }\n\n static of(\n name: string,\n entity: Input<k8s.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Service {\n return new ExternalService(\n name,\n output(entity).metadata,\n output({ cluster, entity }).apply(({ cluster, entity }) => {\n if (cluster.id !== entity.clusterId) {\n throw new Error(\n `Cluster mismatch when wrapping service \"${name}\": \"${cluster.id}\" != \"${entity.clusterId}\"`,\n )\n }\n\n return cluster\n }),\n opts,\n )\n }\n\n /**\n * Returns the endpoints of the service applying the given filter.\n *\n * If no filter is specified, the default behavior of `filterEndpoints` is used.\n *\n * @param filter If specified, the endpoints are filtered based on the given filter.\n * @returns The endpoints of the service.\n */\n filterEndpoints(filter?: network.EndpointFilter): Output<network.L4Endpoint[]> {\n return output({ endpoints: this.endpoints }).apply(({ endpoints }) => {\n return filterEndpoints(endpoints, filter)\n })\n }\n\n /**\n * Returns the endpoints of the service including both internal and external endpoints.\n */\n get endpoints(): Output<network.L4Endpoint[]> {\n return output({\n cluster: this.cluster,\n metadata: this.metadata,\n spec: this.spec,\n status: this.status,\n }).apply(({ cluster, metadata, spec, status }) => {\n const endpointMetadata = {\n k8sService: {\n clusterId: cluster.id,\n name: metadata.name,\n namespace: metadata.namespace,\n selector: spec.selector,\n targetPort: spec.ports[0].targetPort ?? spec.ports[0].port,\n } satisfies ServiceEndpointMetadata,\n }\n\n const clusterIpEndpoints = spec.clusterIPs?.map(ip => ({\n ...parseL3Endpoint(ip),\n visibility: \"internal\" as network.EndpointVisibility,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n\n if (clusterIpEndpoints.length > 0) {\n clusterIpEndpoints.unshift({\n type: \"hostname\",\n visibility: \"internal\",\n hostname: `${metadata.name}.${metadata.namespace}.svc.cluster.local`,\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n })\n }\n\n const nodePortEndpoints =\n spec.type === \"NodePort\"\n ? cluster.endpoints.map(endpoint => ({\n ...(endpoint as network.L3Endpoint),\n port: spec.ports[0].nodePort,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n const loadBalancerEndpoints =\n spec.type === \"LoadBalancer\"\n ? status.loadBalancer?.ingress?.map(endpoint => ({\n ...parseL3Endpoint(endpoint.ip ?? endpoint.hostname),\n port: spec.ports[0].port,\n protocol: spec.ports[0].protocol?.toLowerCase() as network.L4Protocol,\n metadata: endpointMetadata,\n }))\n : []\n\n return uniqueBy(\n [\n ...(clusterIpEndpoints ?? []),\n ...(loadBalancerEndpoints ?? []),\n ...(nodePortEndpoints ?? []),\n ],\n endpoint => l4EndpointToString(endpoint),\n )\n })\n }\n}\n\nclass CreatedService extends Service {\n constructor(name: string, args: ServiceArgs, opts?: ComponentResourceOptions) {\n const service = output(args).apply(args => {\n return new core.v1.Service(\n name,\n {\n metadata: mapMetadata(args, name),\n spec: deepmerge(\n {\n ports: normalize(args.port, args.ports),\n\n externalIPs: args.external\n ? (args.externalIPs ?? args.cluster.externalIps)\n : args.cluster.externalIps,\n\n type: getServiceType(args, args.cluster),\n },\n omit(args, serviceExtraArgs),\n ),\n },\n { parent: this, ...opts },\n )\n })\n\n super(\n \"highstate:k8s:Service\",\n name,\n args,\n opts,\n\n output(args.cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nclass WrappedService extends Service {\n constructor(\n name: string,\n service: Input<core.v1.Service>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n super(\n \"highstate:k8s:WrappedService\",\n name,\n { service, clusterInfo: cluster },\n opts,\n\n output(cluster),\n output(service).metadata,\n output(service).spec,\n output(service).status,\n )\n }\n}\n\nclass ExternalService extends Service {\n constructor(\n name: string,\n id: Input<ResourceId>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const service = output(id).apply(id => {\n return core.v1.Service.get(\n //\n name,\n resourceIdToString(id),\n { ...opts, parent: this },\n )\n })\n\n super(\n \"highstate:k8s:ExternalService\",\n name,\n { id, cluster },\n opts,\n\n output(cluster),\n service.metadata,\n service.spec,\n service.status,\n )\n }\n}\n\nexport function mapContainerPortToServicePort(\n port: types.input.core.v1.ContainerPort,\n): types.input.core.v1.ServicePort {\n return {\n name: port.name,\n port: port.containerPort,\n targetPort: port.containerPort,\n protocol: port.protocol,\n }\n}\n\nexport function mapServiceToLabelSelector(\n service: core.v1.Service,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: service.spec.selector,\n }\n}\n\nexport function getServiceType(\n service: Pick<ServiceArgs, \"type\" | \"external\"> | undefined,\n cluster: k8s.Cluster,\n): Input<string> {\n if (service?.type) {\n return service.type\n }\n\n if (!service?.external) {\n return \"ClusterIP\"\n }\n\n return cluster.quirks?.externalServiceType === \"LoadBalancer\" ? \"LoadBalancer\" : \"NodePort\"\n}\n","import {\n ComponentResource,\n normalize,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type InputArray,\n} from \"@highstate/pulumi\"\nimport { gateway, types } from \"@highstate/gateway-api\"\nimport { map, pipe } from \"remeda\"\nimport { getProvider, mapMetadata, type CommonArgs } from \"../shared\"\nimport { resolveBackendRef, type BackendRef } from \"./backend\"\n\nexport type HttpRouteArgs = Omit<CommonArgs, \"namespace\"> & {\n /**\n * The gateway to associate with the route.\n */\n gateway: Input<gateway.v1.Gateway>\n\n /**\n * The alias for `hostnames: [hostname]`.\n */\n hostname?: Input<string>\n\n /**\n * The rule of the route.\n */\n rule?: Input<HttpRouteRuleArgs>\n\n /**\n * The rules of the route.\n */\n rules?: InputArray<HttpRouteRuleArgs>\n} & Omit<Partial<types.input.gateway.v1.HTTPRouteSpec>, \"rules\">\n\nexport type HttpRouteRuleArgs = Omit<\n types.input.gateway.v1.HTTPRouteSpecRules,\n \"matches\" | \"filters\" | \"backendRefs\"\n> & {\n /**\n * The conditions of the rule.\n * Can be specified as string to match on the path.\n */\n matches?: InputArray<HttpRouteRuleMatchOptions>\n\n /**\n * The condition of the rule.\n * Can be specified as string to match on the path.\n */\n match?: Input<HttpRouteRuleMatchOptions>\n\n /**\n * The filters of the rule.\n */\n filters?: InputArray<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The filter of the rule.\n */\n filter?: Input<types.input.gateway.v1.HTTPRouteSpecRulesFilters>\n\n /**\n * The service to route to.\n */\n backend?: Input<BackendRef>\n}\n\nexport type HttpRouteRuleMatchOptions = types.input.gateway.v1.HTTPRouteSpecRulesMatches | string\n\nexport class HttpRoute extends ComponentResource {\n /**\n * The underlying Kubernetes resource.\n */\n public readonly route: Output<gateway.v1.HTTPRoute>\n\n constructor(name: string, args: HttpRouteArgs, opts?: ComponentResourceOptions) {\n super(\"highstate:k8s:HttpRoute\", name, args, opts)\n\n this.route = output({\n args,\n gatewayNamespace: output(args.gateway).metadata.namespace,\n }).apply(async ({ args, gatewayNamespace }) => {\n return new gateway.v1.HTTPRoute(\n name,\n {\n metadata: mapMetadata(\n {\n ...args,\n namespace: gatewayNamespace as string,\n },\n name,\n ),\n spec: {\n hostnames: normalize(args.hostname, args.hostnames),\n\n parentRefs: [\n {\n name: args.gateway.metadata.name as Output<string>,\n },\n ],\n\n rules: normalize(args.rule, args.rules).map(rule => ({\n timeouts: rule.timeouts,\n\n matches: pipe(\n normalize(rule.match, rule.matches),\n map(mapHttpRouteRuleMatch),\n addDefaultPathMatch,\n ),\n\n filters: normalize(rule.filter, rule.filters),\n backendRefs: rule.backend ? [resolveBackendRef(rule.backend)] : undefined,\n })),\n } satisfies types.input.gateway.v1.HTTPRouteSpec,\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n }\n}\n\nfunction addDefaultPathMatch(\n matches: types.input.gateway.v1.HTTPRouteSpecRulesMatches[],\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches[] {\n return matches.length ? matches : [{ path: { type: \"PathPrefix\", value: \"/\" } }]\n}\n\nexport function mapHttpRouteRuleMatch(\n match: HttpRouteRuleMatchOptions,\n): types.input.gateway.v1.HTTPRouteSpecRulesMatches {\n if (typeof match === \"string\") {\n return { path: { type: \"PathPrefix\", value: match } }\n }\n\n return match\n}\n","import { core } from \"@pulumi/kubernetes\"\nimport { type Input, output, Output, type Unwrap } from \"@highstate/pulumi\"\nimport { Service } from \"../service\"\n\nexport interface FullBackendRef {\n /**\n * The name of the resource being referenced.\n */\n name: Input<string>\n\n /**\n * The namespace of the resource being referenced.\n * May be undefined if the resource is not in a namespace.\n */\n namespace?: Input<string | undefined>\n\n /**\n * The port of the resource being referenced.\n */\n port: Input<number>\n}\n\nexport interface ServiceBackendRef {\n /**\n * The name of the service being referenced.\n */\n service: Input<core.v1.Service>\n\n /**\n * The port of the service being referenced.\n */\n port: Input<number>\n}\n\nexport type BackendRef = FullBackendRef | ServiceBackendRef | Service\n\nexport function resolveBackendRef(ref: BackendRef): Output<Unwrap<FullBackendRef>> {\n if (Service.isInstance(ref)) {\n return output({\n name: ref.metadata.name,\n namespace: ref.metadata.namespace,\n port: ref.spec.ports[0].port,\n })\n }\n\n if (\"service\" in ref) {\n const service = output(ref.service)\n\n return output({\n name: service.metadata.name,\n namespace: service.metadata.namespace,\n port: ref.port,\n })\n }\n\n return output({\n name: ref.name,\n namespace: ref.namespace,\n port: ref.port,\n })\n}\n","import type { k8s, network } from \"@highstate/library\"\nimport { filterEndpoints } from \"@highstate/common\"\nimport { isFromCluster } from \"./service\"\n\nexport function getBestEndpoint<TEndpoint extends network.L34Endpoint>(\n endpoints: TEndpoint[],\n cluster?: k8s.Cluster,\n): TEndpoint | undefined {\n if (!endpoints.length) {\n return undefined\n }\n\n if (endpoints.length === 1) {\n return endpoints[0]\n }\n\n if (!cluster) {\n return filterEndpoints(endpoints)[0]\n }\n\n const clusterEndpoint = endpoints.find(endpoint => isFromCluster(endpoint, cluster))\n\n if (clusterEndpoint) {\n return clusterEndpoint\n }\n\n return filterEndpoints(endpoints)[0]\n}\n\nexport function requireBestEndpoint<TEndpoint extends network.L34Endpoint>(\n endpoints: TEndpoint[],\n cluster: k8s.Cluster,\n): TEndpoint {\n const endpoint = getBestEndpoint(endpoints, cluster)\n\n if (!endpoint) {\n throw new Error(`No best endpoint found for cluster \"${cluster.name}\" (${cluster.id})`)\n }\n\n return endpoint\n}\n","import { networking, types, type core } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n interpolate,\n normalize,\n output,\n type Input,\n type InputArray,\n type Output,\n type Resource,\n type ResourceOptions,\n type Unwrap,\n} from \"@highstate/pulumi\"\nimport { capitalize, flat, groupBy, merge, mergeDeep, uniqueBy } from \"remeda\"\nimport { k8s, network } from \"@highstate/library\"\nimport {\n l34EndpointToString,\n l3EndpointToCidr,\n parseL34Endpoint,\n type InputL34Endpoint,\n} from \"@highstate/common\"\nimport {\n getProvider,\n mapMetadata,\n mapNamespaceLikeToNamespaceName,\n mapNamespaceNameToSelector,\n mapSelectorLikeToSelector,\n type CommonArgs,\n type NamespaceLike,\n type SelectorLike,\n} from \"./shared\"\nimport { getServiceMetadata, isFromCluster, mapServiceToLabelSelector } from \"./service\"\nimport { requireBestEndpoint } from \"./network\"\n\nexport type NetworkPolicyPort = {\n /**\n * The protocol to match.\n *\n * If not provided, \"TCP\" will be used.\n */\n protocol?: string\n} & (\n | {\n /**\n * The single port to match.\n */\n port: number | string\n }\n | {\n /**\n * The range of ports to match.\n */\n range: [start: number, end: number]\n }\n)\n\nexport type IngressRuleArgs = {\n /**\n * Whether to allow all incoming traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n fromAll?: Input<boolean>\n\n /**\n * The allowed cidr for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromCidrs?: InputArray<string>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for incoming traffic.\n *\n * Just a syntactic sugar for `fromFqdn` and `fromService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n fromEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic from.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for incoming traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n fromServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic from.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for incoming traffic.\n *\n * If provided with `fromSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n fromNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for incoming traffic.\n *\n * If provided with `fromNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods in all namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and namespaces).\n */\n fromSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow incoming traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for incoming traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type EgressRuleArgs = {\n /**\n * Whether to allow all outgoing traffic.\n *\n * If set to `true`, all other rules will be ignored for matched traffic.\n */\n toAll?: Input<boolean>\n\n /**\n * The allowed cidr for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidr?: Input<string>\n\n /**\n * The list of allowed cidrs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toCidrs?: InputArray<string>\n\n /**\n * The FQDN to allow outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdn?: Input<string>\n\n /**\n * The list of allowed FQDNs for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toFqdns?: InputArray<string>\n\n /**\n * The L3 or L4 endpoint to allow outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoint?: Input<InputL34Endpoint>\n\n /**\n * The list of allowed L3 or L4 endpoints for outgoing traffic.\n *\n * Just a syntactic sugar for `toFqdn`, `toCidr` and `toService` for cases when the endpoint can be one of them + optional port/protocol.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n *\n * If a single endpoint also has a port/protocol/service metadata,\n * it will produce separate rule for it with them and ORed with the rest of the rules.\n */\n toEndpoints?: InputArray<InputL34Endpoint>\n\n /**\n * The service to allow traffic to.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toService?: Input<core.v1.Service>\n\n /**\n * The list of allowed services for outgoing traffic.\n *\n * Will be ORed with other conditions inside the same rule (except ports).\n */\n toServices?: InputArray<core.v1.Service>\n\n /**\n * The namespace to allow traffic to.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespace.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespace?: Input<NamespaceLike>\n\n /**\n * The list of allowed namespaces for outgoing traffic.\n *\n * If provided with `toSelector(s)`, it will be ANDed with them.\n * Otherwise, it will match all pods in the namespaces.\n *\n * Will be ORed with other conditions inside the same rule (except ports and selectors).\n */\n toNamespaces?: InputArray<NamespaceLike>\n\n /**\n * The selector for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDe with them.\n *\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelector?: Input<SelectorLike>\n\n /**\n * The list of selectors for outgoing traffic.\n *\n * If provided with `toNamespace(s)`, it will be ANDed with them.\n * Otherwise, it will match pods only in all namespaces.\n */\n toSelectors?: InputArray<SelectorLike>\n\n /**\n * The port to allow outgoing traffic on.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPort?: Input<NetworkPolicyPort>\n\n /**\n * The list of allowed ports for outgoing traffic.\n *\n * Will be ANDed with all conditions inside the same rule.\n */\n toPorts?: InputArray<NetworkPolicyPort>\n}\n\nexport type NetworkPolicyArgs = CommonArgs & {\n /**\n * The description of this network policy.\n */\n description?: Input<string>\n\n /**\n * The pod selector for this network policy.\n * If not provided, it will select all pods in the namespace.\n */\n selector?: SelectorLike\n\n /**\n * The rule for incoming traffic.\n */\n ingressRule?: Input<IngressRuleArgs>\n\n /**\n * The rules for incoming traffic.\n */\n ingressRules?: InputArray<IngressRuleArgs>\n\n /**\n * The rule for outgoing traffic.\n */\n egressRule?: Input<EgressRuleArgs>\n\n /**\n * The rules for outgoing traffic.\n */\n egressRules?: InputArray<EgressRuleArgs>\n\n /**\n * Enable the isolation of ingress traffic, so that only matched traffic can ingress.\n */\n isolateIngress?: Input<boolean>\n\n /**\n * Enable the isolation of egress traffic, so that only matched traffic can egress.\n */\n isolateEgress?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the API server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeApiServer?: Input<boolean>\n\n /**\n * Allow the eggress traffic to the DNS server of the cluster.\n *\n * By default, `false`.\n */\n allowKubeDns?: Input<boolean>\n\n /**\n * The cluster to create the network policy in.\n */\n cluster: Input<k8s.Cluster>\n}\n\nexport type NormalizedRuleArgs = {\n all: boolean\n cidrs: string[]\n fqdns: string[]\n services: core.v1.Service[]\n namespaces: NamespaceLike[]\n selectors: SelectorLike[]\n ports: NetworkPolicyPort[]\n}\n\nexport type NormalizedNetworkPolicyArgs = Omit<\n Unwrap<NetworkPolicyArgs>,\n | \"podSelector\"\n | \"ingressRule\"\n | \"ingressRules\"\n | \"egressRule\"\n | \"egressRules\"\n | \"isolateIngress\"\n | \"isolateEgress\"\n | \"allowKubeApiServer\"\n | \"allowKubeDNS\"\n> & {\n podSelector: Unwrap<types.input.meta.v1.LabelSelector>\n\n isolateIngress: boolean\n isolateEgress: boolean\n\n allowKubeApiServer: boolean\n\n ingressRules: NormalizedRuleArgs[]\n egressRules: NormalizedRuleArgs[]\n}\n\n/**\n * The abstract resource for creating network policies.\n * Will use different resources depending on the environment.\n *\n * Note: In the worst case, it will create native `NetworkPolicy` resources and ignore some features like L7 rules.\n */\nexport abstract class NetworkPolicy extends ComponentResource {\n /**\n * The underlying network policy resource.\n */\n public readonly networkPolicy: Output<Resource>\n\n protected constructor(name: string, args: Unwrap<NetworkPolicyArgs>, opts?: ResourceOptions) {\n super(\"k8s:network-policy\", name, args, opts)\n\n const normalizedArgs = output(args).apply(args => {\n const ingressRules = normalize(args.ingressRule, args.ingressRules)\n const egressRules = normalize(args.egressRule, args.egressRules)\n\n const extraEgressRules: NormalizedRuleArgs[] = []\n\n if (args.allowKubeDns) {\n extraEgressRules.push({\n namespaces: [\"kube-system\"],\n selectors: [{ matchLabels: { \"k8s-app\": \"kube-dns\" } }],\n ports: [{ port: 53, protocol: \"UDP\" }],\n all: false,\n cidrs: [],\n fqdns: [],\n services: [],\n })\n }\n\n return {\n ...args,\n\n podSelector: args.selector ? mapSelectorLikeToSelector(args.selector) : {},\n\n isolateEgress: args.isolateEgress ?? false,\n isolateIngress: args.isolateIngress ?? false,\n\n allowKubeApiServer: args.allowKubeApiServer ?? false,\n\n ingressRules: ingressRules.flatMap(rule => {\n const endpoints = normalize(\n args.ingressRule?.fromEndpoint,\n args.ingressRule?.fromEndpoints,\n )\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n return namespace\n })\n\n const l3OnlyRule = endpointsNamespaces[\"\"]\n ? NetworkPolicy.getRuleFromEndpoint(undefined, endpointsNamespaces[\"\"], args.cluster)\n : undefined\n\n const otherRules = Object.entries(endpointsNamespaces)\n .filter(([key]) => key !== \"\")\n .map(([, endpoints]) => {\n return NetworkPolicy.getRuleFromEndpoint(undefined, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.fromAll ?? false,\n cidrs: normalize(rule.fromCidr, rule.fromCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: [],\n services: normalize(rule.fromService, rule.fromServices),\n namespaces: normalize(rule.fromNamespace, rule.fromNamespaces),\n selectors: normalize(rule.fromSelector, rule.fromSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n }),\n\n egressRules: egressRules\n .flatMap(rule => {\n const endpoints = normalize(args.egressRule?.toEndpoint, args.egressRule?.toEndpoints)\n const parsedEndpoints = endpoints.map(parseL34Endpoint)\n\n const endpointsByPortsAnsNamespaces = groupBy(parsedEndpoints, endpoint => {\n const namespace = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.namespace\n : \"\"\n\n const port = isFromCluster(endpoint, args.cluster)\n ? endpoint.metadata.k8sService.targetPort\n : endpoint.port\n\n return `${port ?? \"0\"}:${namespace}`\n })\n\n const l3OnlyRule = endpointsByPortsAnsNamespaces[\"0:\"]\n ? NetworkPolicy.getRuleFromEndpoint(\n undefined,\n endpointsByPortsAnsNamespaces[\"0:\"],\n args.cluster,\n )\n : undefined\n\n const otherRules = Object.entries(endpointsByPortsAnsNamespaces)\n .filter(([key]) => key !== \"0:\")\n .map(([key, endpoints]) => {\n const [port] = key.split(\":\")\n const portNumber = parseInt(port, 10)\n const portValue = isNaN(portNumber) ? port : portNumber\n\n return NetworkPolicy.getRuleFromEndpoint(portValue, endpoints, args.cluster)\n })\n\n return [\n {\n all: rule.toAll ?? false,\n cidrs: normalize(rule.toCidr, rule.toCidrs).concat(l3OnlyRule?.cidrs ?? []),\n fqdns: normalize(rule.toFqdn, rule.toFqdns).concat(l3OnlyRule?.fqdns ?? []),\n services: normalize(rule.toService, rule.toServices),\n namespaces: normalize(rule.toNamespace, rule.toNamespaces),\n selectors: normalize(rule.toSelector, rule.toSelectors),\n ports: normalize(rule.toPort, rule.toPorts),\n } as NormalizedRuleArgs,\n\n ...otherRules,\n ].filter(rule => !NetworkPolicy.isEmptyRule(rule))\n })\n .concat(extraEgressRules),\n }\n })\n\n this.networkPolicy = output(\n normalizedArgs.apply(async args => {\n return output(\n this.create(name, args as NormalizedNetworkPolicyArgs, {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n }),\n )\n }),\n )\n }\n\n private static mapCidrFromEndpoint(\n this: void,\n result: network.L3Endpoint & { type: \"ipv4\" | \"ipv6\" },\n ): string {\n if (result.type === \"ipv4\") {\n return `${result.address}/32`\n }\n\n return `${result.address}/128`\n }\n\n private static getRuleFromEndpoint(\n port: number | string | undefined,\n endpoints: network.L34Endpoint[],\n cluster: k8s.Cluster,\n ): NormalizedRuleArgs {\n const ports: NetworkPolicyPort[] = port\n ? [{ port, protocol: endpoints[0].protocol?.toUpperCase() }]\n : []\n\n const cidrs = endpoints\n .filter(endpoint => !isFromCluster(endpoint, cluster))\n .filter(endpoint => endpoint.type === \"ipv4\" || endpoint.type === \"ipv6\")\n .map(NetworkPolicy.mapCidrFromEndpoint)\n\n const fqdns = endpoints\n .filter(endpoint => endpoint.type === \"hostname\")\n .map(endpoint => endpoint.hostname)\n\n const selectors = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => endpoint.metadata.k8sService.selector)\n\n const namespace = endpoints\n .filter(endpoint => isFromCluster(endpoint, cluster))\n .map(endpoint => getServiceMetadata(endpoint)?.namespace)[0]\n\n return {\n all: false,\n cidrs,\n fqdns,\n services: [],\n namespaces: namespace ? [namespace] : [],\n selectors,\n ports,\n }\n }\n\n private static isEmptyRule(rule: NormalizedRuleArgs): boolean {\n return (\n !rule.all &&\n rule.cidrs.length === 0 &&\n rule.fqdns.length === 0 &&\n rule.services.length === 0 &&\n rule.namespaces.length === 0 &&\n rule.selectors.length === 0 &&\n rule.ports.length === 0\n )\n }\n\n protected abstract create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Input<Resource>\n\n static create(\n name: string,\n args: NetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return output(args).apply(async args => {\n const cni = args.cluster.cni\n\n if (cni === \"other\") {\n return new NativeNetworkPolicy(name, args, opts)\n }\n\n const implName = `${capitalize(cni)}NetworkPolicy`\n const implModule = (await import(`@highstate/${cni}`)) as Record<string, unknown>\n\n type NetworkPolicyFactory = new (\n name: string,\n args: Unwrap<NetworkPolicyArgs>,\n opts?: ResourceOptions,\n ) => NetworkPolicy\n\n const implClass = implModule[implName] as NetworkPolicyFactory | undefined\n if (!implClass) {\n throw new Error(`No implementation found for ${cni}`)\n }\n\n return new implClass(name, args, opts)\n })\n }\n\n static isolate(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ) {\n return NetworkPolicy.create(\n \"isolate\",\n {\n namespace,\n cluster,\n\n description: \"By default, deny all traffic to/from the namespace.\",\n\n isolateEgress: true,\n isolateIngress: true,\n },\n opts,\n )\n }\n\n static allowInsideNamespace(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-inside-namespace\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic inside the namespace.\",\n selector: {},\n\n ingressRule: { fromNamespace: namespace },\n egressRule: { toNamespace: namespace },\n },\n opts,\n )\n }\n\n static allowKubeApiServer(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-api-server\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes API server from the namespace.\",\n\n allowKubeApiServer: true,\n },\n opts,\n )\n }\n\n static allowKubeDns(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-kube-dns\",\n {\n namespace,\n cluster,\n\n description: \"Allow all traffic to the Kubernetes DNS server from the namespace.\",\n\n allowKubeDns: true,\n },\n opts,\n )\n }\n\n static allowAllEgress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-egress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all egress traffic from the namespace.\",\n\n egressRule: { toAll: true },\n },\n opts,\n )\n }\n\n static allowAllIngress(\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return NetworkPolicy.create(\n \"allow-all-ingress\",\n {\n namespace,\n cluster,\n\n description: \"Allow all ingress traffic to the namespace.\",\n\n ingressRule: { fromAll: true },\n },\n opts,\n )\n }\n\n static allowEgressToEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-egress-to-${l34EndpointToString(parsedEndpoint).replace(\":\", \"-\")}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow egress traffic to \"${l34EndpointToString(parsedEndpoint)}\" from the namespace.`,\n\n egressRule: { toEndpoint: endpoint },\n },\n opts,\n )\n }\n\n static allowEgressToBestEndpoint(\n endpoints: InputArray<InputL34Endpoint>,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n return output({ endpoints, cluster }).apply(({ endpoints, cluster }) => {\n const bestEndpoint = requireBestEndpoint(endpoints.map(parseL34Endpoint), cluster)\n\n return NetworkPolicy.allowEgressToEndpoint(bestEndpoint, namespace, cluster, opts)\n })\n }\n\n static allowIngressFromEndpoint(\n endpoint: InputL34Endpoint,\n namespace: Input<NamespaceLike>,\n cluster: Input<k8s.Cluster>,\n opts?: ResourceOptions,\n ): Output<NetworkPolicy> {\n const parsedEndpoint = parseL34Endpoint(endpoint)\n\n return NetworkPolicy.create(\n `allow-ingress-from-${l34EndpointToString(parsedEndpoint)}`,\n {\n namespace,\n cluster,\n\n description: interpolate`Allow ingress traffic from \"${l34EndpointToString(parsedEndpoint)}\" to the namespace.`,\n\n ingressRule: { fromEndpoint: endpoint },\n },\n opts,\n )\n }\n}\n\nexport class NativeNetworkPolicy extends NetworkPolicy {\n protected create(\n name: string,\n args: NormalizedNetworkPolicyArgs,\n opts?: ResourceOptions,\n ): Resource {\n const ingress = NativeNetworkPolicy.createIngressRules(args)\n const egress = NativeNetworkPolicy.createEgressRules(args)\n\n const policyTypes: string[] = []\n\n if (ingress.length > 0 || args.isolateIngress) {\n policyTypes.push(\"Ingress\")\n }\n\n if (egress.length > 0 || args.isolateEgress) {\n policyTypes.push(\"Egress\")\n }\n\n return new networking.v1.NetworkPolicy(\n name,\n {\n metadata: mergeDeep(mapMetadata(args, name), {\n annotations: args.description\n ? { \"kubernetes.io/description\": args.description }\n : undefined,\n }),\n spec: {\n podSelector: args.podSelector,\n ingress,\n egress,\n policyTypes,\n },\n },\n opts,\n )\n }\n\n private static fallbackIpBlock: types.input.networking.v1.IPBlock = {\n cidr: \"0.0.0.0/0\",\n except: [\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"],\n }\n\n private static fallbackDnsRule: types.input.networking.v1.NetworkPolicyEgressRule = {\n to: [\n {\n namespaceSelector: { matchLabels: { \"kubernetes.io/metadata.name\": \"kube-system\" } },\n podSelector: { matchLabels: { \"k8s-app\": \"kube-dns\" } },\n },\n ],\n ports: [{ port: 53, protocol: \"UDP\" }],\n }\n\n private static createIngressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyIngressRule[] {\n return uniqueBy(\n args.ingressRules.map(rule => ({\n from: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n })),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createEgressRules(\n args: NormalizedNetworkPolicyArgs,\n ): types.input.networking.v1.NetworkPolicyEgressRule[] {\n const extraRules: types.input.networking.v1.NetworkPolicyEgressRule[] = []\n\n const needKubeDns = args.egressRules.some(rule => rule.fqdns.length > 0)\n if (needKubeDns) {\n extraRules.push(NativeNetworkPolicy.fallbackDnsRule)\n }\n\n // the native resource does not support FQDNs\n // to provide compatibility, we need to fallback to all except private CIDRs\n const needFallback = args.egressRules.some(rule =>\n rule.fqdns.some(fqdn => !fqdn.endsWith(\".cluster.local\")),\n )\n if (needFallback) {\n extraRules.push({ to: [{ ipBlock: NativeNetworkPolicy.fallbackIpBlock }] })\n }\n\n // apply fallback rules for kube-apiserver\n if (args.allowKubeApiServer) {\n const { quirks, apiEndpoints } = args.cluster\n\n if (quirks?.fallbackKubeApiAccess) {\n extraRules.push({\n to: [{ ipBlock: { cidr: `${quirks?.fallbackKubeApiAccess.serverIp}/32` } }],\n ports: [{ port: quirks?.fallbackKubeApiAccess.serverPort, protocol: \"TCP\" }],\n })\n } else {\n const rules = apiEndpoints\n .filter(endpoint => endpoint.type !== \"hostname\")\n .map(endpoint => ({\n to: [{ ipBlock: { cidr: l3EndpointToCidr(endpoint) } }],\n ports: [{ port: endpoint.port, protocol: \"TCP\" }],\n }))\n\n extraRules.push(...rules)\n }\n }\n\n return uniqueBy(\n args.egressRules\n .map(rule => {\n return {\n to: rule.all ? [] : NativeNetworkPolicy.createRulePeers(rule),\n ports: NativeNetworkPolicy.mapPorts(rule.ports),\n } as types.input.networking.v1.NetworkPolicyEgressRule\n })\n .filter(rule => rule.to !== undefined)\n .concat(extraRules),\n rule => JSON.stringify(rule),\n )\n }\n\n private static createRulePeers(\n this: void,\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] | undefined {\n const peers = uniqueBy(\n [\n ...NativeNetworkPolicy.createCidrPeers(args),\n ...NativeNetworkPolicy.createServicePeers(args),\n ...NativeNetworkPolicy.createSelectorPeers(args),\n ],\n peer => JSON.stringify(peer),\n )\n\n return peers.length > 0 ? peers : undefined\n }\n\n private static createCidrPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.cidrs.map(cidr => ({ ipBlock: { cidr } }))\n }\n\n private static createServicePeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n return args.services.map(service => {\n const selector = mapServiceToLabelSelector(service)\n\n return {\n namespaceSelector: mapNamespaceNameToSelector(service.metadata.namespace),\n podSelector: selector,\n }\n })\n }\n\n private static createSelectorPeers(\n args: NormalizedRuleArgs,\n ): types.input.networking.v1.NetworkPolicyPeer[] {\n const selectorPeers = args.selectors.map(selector => ({\n podSelector: mapSelectorLikeToSelector(selector),\n }))\n\n const namespacePeers = args.namespaces.map(NativeNetworkPolicy.createNamespacePeer)\n\n if (namespacePeers.length === 0) {\n // if there are no namespaces, we can just return selector peers\n return selectorPeers\n }\n\n if (selectorPeers.length === 0) {\n // if there are no selectors, we can just return namespace peers\n return namespacePeers\n }\n\n // if there are both, we need to create a cartesian product\n return flat(\n selectorPeers.map(selectorPeer => {\n return namespacePeers.map(namespacePeer => merge(selectorPeer, namespacePeer))\n }),\n )\n }\n\n private static createNamespacePeer(\n this: void,\n namespace: NamespaceLike,\n ): types.input.networking.v1.NetworkPolicyPeer {\n const namespaceName = mapNamespaceLikeToNamespaceName(namespace)\n const namespaceSelector = mapNamespaceNameToSelector(namespaceName)\n\n return { namespaceSelector }\n }\n\n private static mapPorts(\n ports: NetworkPolicyPort[],\n ): types.input.networking.v1.NetworkPolicyPort[] {\n return ports.map(port => {\n if (\"port\" in port) {\n return {\n port: port.port,\n protocol: port.protocol ?? \"TCP\",\n }\n }\n\n return {\n port: port.range[0],\n endPort: port.range[1],\n protocol: port.protocol ?? \"TCP\",\n }\n })\n }\n}\n"],"mappings":";;;;;;;;;;;AACA,SAAS,YAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAKK;AACP,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB,oBAAoB,uBAAuB;AAwBrE,IAAM,mBAAmB,CAAC,GAAG,iBAAiB,QAAQ,SAAS,UAAU;AAkBlE,SAAS,mBACd,UACwF;AACxF,SAAO,SAAS,UAAU,eAAe;AAC3C;AAQO,SAAS,mBACd,UACqC;AACrC,SAAO,SAAS,UAAU;AAC5B;AASO,SAAS,oBACd,UACA,UACmE;AACnE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ,YAAY;AAAA,IACd;AAAA,EACF;AACF;AASO,SAAS,cACd,UACA,SACwF;AACxF,SAAO,mBAAmB,QAAQ,GAAG,cAAc,QAAQ;AAC7D;AAEO,IAAe,UAAf,cAA+B,kBAAkB;AAAA,EAC5C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,SAA8B;AAChC,WAAO,OAAO;AAAA,MACZ,MAAM;AAAA,MACN,WAAW,KAAK,QAAQ;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,OAAO,MAAc,MAAmB,MAAyC;AACtF,WAAO,IAAI,eAAe,MAAM,MAAM,IAAI;AAAA,EAC5C;AAAA,EAEA,OAAO,KACL,MACA,SACA,SACA,MACS;AACT,WAAO,IAAI,eAAe,MAAM,SAAS,SAAS,IAAI;AAAA,EACxD;AAAA,EAEA,OAAO,IACL,MACA,IACA,SACA,MACS;AACT,WAAO,IAAI,gBAAgB,MAAM,IAAI,SAAS,IAAI;AAAA,EACpD;AAAA,EAEA,OAAO,GACL,MACA,QACA,SACA,MACS;AACT,WAAO,IAAI;AAAA,MACT;AAAA,MACA,OAAO,MAAM,EAAE;AAAA,MACf,OAAO,EAAE,SAAS,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,SAAAA,UAAS,QAAAC,QAAO,MAAM;AACzD,YAAID,SAAQ,OAAOC,QAAO,WAAW;AACnC,gBAAM,IAAI;AAAA,YACR,2CAA2C,IAAI,OAAOD,SAAQ,EAAE,SAASC,QAAO,SAAS;AAAA,UAC3F;AAAA,QACF;AAEA,eAAOD;AAAA,MACT,CAAC;AAAA,MACD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,gBAAgB,QAA+D;AAC7E,WAAO,OAAO,EAAE,WAAW,KAAK,UAAU,CAAC,EAAE,MAAM,CAAC,EAAE,UAAU,MAAM;AACpE,aAAO,gBAAgB,WAAW,MAAM;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,YAA0C;AAC5C,WAAO,OAAO;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,UAAU,KAAK;AAAA,MACf,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACf,CAAC,EAAE,MAAM,CAAC,EAAE,SAAS,UAAU,MAAM,OAAO,MAAM;AAChD,YAAM,mBAAmB;AAAA,QACvB,YAAY;AAAA,UACV,WAAW,QAAQ;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,WAAW,SAAS;AAAA,UACpB,UAAU,KAAK;AAAA,UACf,YAAY,KAAK,MAAM,CAAC,EAAE,cAAc,KAAK,MAAM,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,YAAY,IAAI,SAAO;AAAA,QACrD,GAAG,gBAAgB,EAAE;AAAA,QACrB,YAAY;AAAA,QACZ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE;AAEF,UAAI,mBAAmB,SAAS,GAAG;AACjC,2BAAmB,QAAQ;AAAA,UACzB,MAAM;AAAA,UACN,YAAY;AAAA,UACZ,UAAU,GAAG,SAAS,IAAI,IAAI,SAAS,SAAS;AAAA,UAChD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,UACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,UAC9C,UAAU;AAAA,QACZ,CAAC;AAAA,MACH;AAEA,YAAM,oBACJ,KAAK,SAAS,aACV,QAAQ,UAAU,IAAI,eAAa;AAAA,QACjC,GAAI;AAAA,QACJ,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,YAAM,wBACJ,KAAK,SAAS,iBACV,OAAO,cAAc,SAAS,IAAI,eAAa;AAAA,QAC7C,GAAG,gBAAgB,SAAS,MAAM,SAAS,QAAQ;AAAA,QACnD,MAAM,KAAK,MAAM,CAAC,EAAE;AAAA,QACpB,UAAU,KAAK,MAAM,CAAC,EAAE,UAAU,YAAY;AAAA,QAC9C,UAAU;AAAA,MACZ,EAAE,IACF,CAAC;AAEP,aAAO;AAAA,QACL;AAAA,UACE,GAAI,sBAAsB,CAAC;AAAA,UAC3B,GAAI,yBAAyB,CAAC;AAAA,UAC9B,GAAI,qBAAqB,CAAC;AAAA,QAC5B;AAAA,QACA,cAAY,mBAAmB,QAAQ;AAAA,MACzC;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YAAY,MAAc,MAAmB,MAAiC;AAC5E,UAAM,UAAU,OAAO,IAAI,EAAE,MAAM,CAAAE,UAAQ;AACzC,aAAO,IAAI,KAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,YAAYA,OAAM,IAAI;AAAA,UAChC,MAAM;AAAA,YACJ;AAAA,cACE,OAAO,UAAUA,MAAK,MAAMA,MAAK,KAAK;AAAA,cAEtC,aAAaA,MAAK,WACbA,MAAK,eAAeA,MAAK,QAAQ,cAClCA,MAAK,QAAQ;AAAA,cAEjB,MAAM,eAAeA,OAAMA,MAAK,OAAO;AAAA,YACzC;AAAA,YACA,KAAKA,OAAM,gBAAgB;AAAA,UAC7B;AAAA,QACF;AAAA,QACA,EAAE,QAAQ,MAAM,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,OAAO,KAAK,OAAO;AAAA,MACnB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,QAAQ;AAAA,EACnC,YACE,MACA,SACA,SACA,MACA;AACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,SAAS,aAAa,QAAQ;AAAA,MAChC;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,MAChB,OAAO,OAAO,EAAE;AAAA,IAClB;AAAA,EACF;AACF;AAEA,IAAM,kBAAN,cAA8B,QAAQ;AAAA,EACpC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,UAAU,OAAO,EAAE,EAAE,MAAM,CAAAC,QAAM;AACrC,aAAO,KAAK,GAAG,QAAQ;AAAA;AAAA,QAErB;AAAA,QACA,mBAAmBA,GAAE;AAAA,QACrB,EAAE,GAAG,MAAM,QAAQ,KAAK;AAAA,MAC1B;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MAEA,OAAO,OAAO;AAAA,MACd,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAEO,SAAS,8BACd,MACiC;AACjC,SAAO;AAAA,IACL,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,YAAY,KAAK;AAAA,IACjB,UAAU,KAAK;AAAA,EACjB;AACF;AAEO,SAAS,0BACd,SACmC;AACnC,SAAO;AAAA,IACL,aAAa,QAAQ,KAAK;AAAA,EAC5B;AACF;AAEO,SAAS,eACd,SACA,SACe;AACf,MAAI,SAAS,MAAM;AACjB,WAAO,QAAQ;AAAA,EACjB;AAEA,MAAI,CAAC,SAAS,UAAU;AACtB,WAAO;AAAA,EACT;AAEA,SAAO,QAAQ,QAAQ,wBAAwB,iBAAiB,iBAAiB;AACnF;;;AC/YA;AAAA,EACE,qBAAAC;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAKK;AACP,SAAS,eAAsB;AAC/B,SAAS,KAAK,YAAY;;;ACV1B,OAAqB;AACrB,SAAqB,UAAAC,eAAmC;AAmCjD,SAAS,kBAAkB,KAAiD;AACjF,MAAI,QAAQ,WAAW,GAAG,GAAG;AAC3B,WAAOC,QAAO;AAAA,MACZ,MAAM,IAAI,SAAS;AAAA,MACnB,WAAW,IAAI,SAAS;AAAA,MACxB,MAAM,IAAI,KAAK,MAAM,CAAC,EAAE;AAAA,IAC1B,CAAC;AAAA,EACH;AAEA,MAAI,aAAa,KAAK;AACpB,UAAM,UAAUA,QAAO,IAAI,OAAO;AAElC,WAAOA,QAAO;AAAA,MACZ,MAAM,QAAQ,SAAS;AAAA,MACvB,WAAW,QAAQ,SAAS;AAAA,MAC5B,MAAM,IAAI;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,SAAOA,QAAO;AAAA,IACZ,MAAM,IAAI;AAAA,IACV,WAAW,IAAI;AAAA,IACf,MAAM,IAAI;AAAA,EACZ,CAAC;AACH;;;ADUO,IAAM,YAAN,cAAwBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI/B;AAAA,EAEhB,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,2BAA2B,MAAM,MAAM,IAAI;AAEjD,SAAK,QAAQC,QAAO;AAAA,MAClB;AAAA,MACA,kBAAkBA,QAAO,KAAK,OAAO,EAAE,SAAS;AAAA,IAClD,CAAC,EAAE,MAAM,OAAO,EAAE,MAAAC,OAAM,iBAAiB,MAAM;AAC7C,aAAO,IAAI,QAAQ,GAAG;AAAA,QACpB;AAAA,QACA;AAAA,UACE,UAAU;AAAA,YACR;AAAA,cACE,GAAGA;AAAA,cACH,WAAW;AAAA,YACb;AAAA,YACA;AAAA,UACF;AAAA,UACA,MAAM;AAAA,YACJ,WAAWC,WAAUD,MAAK,UAAUA,MAAK,SAAS;AAAA,YAElD,YAAY;AAAA,cACV;AAAA,gBACE,MAAMA,MAAK,QAAQ,SAAS;AAAA,cAC9B;AAAA,YACF;AAAA,YAEA,OAAOC,WAAUD,MAAK,MAAMA,MAAK,KAAK,EAAE,IAAI,WAAS;AAAA,cACnD,UAAU,KAAK;AAAA,cAEf,SAAS;AAAA,gBACPC,WAAU,KAAK,OAAO,KAAK,OAAO;AAAA,gBAClC,IAAI,qBAAqB;AAAA,gBACzB;AAAA,cACF;AAAA,cAEA,SAASA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,cAC5C,aAAa,KAAK,UAAU,CAAC,kBAAkB,KAAK,OAAO,CAAC,IAAI;AAAA,YAClE,EAAE;AAAA,UACJ;AAAA,QACF;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYD,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,SAAS,oBACP,SACoD;AACpD,SAAO,QAAQ,SAAS,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,IAAI,EAAE,CAAC;AACjF;AAEO,SAAS,sBACd,OACkD;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,EAAE,MAAM,EAAE,MAAM,cAAc,OAAO,MAAM,EAAE;AAAA,EACtD;AAEA,SAAO;AACT;;;AE3IA,SAAS,mBAAAE,wBAAuB;AAGzB,SAAS,gBACd,WACA,SACuB;AACvB,MAAI,CAAC,UAAU,QAAQ;AACrB,WAAO;AAAA,EACT;AAEA,MAAI,UAAU,WAAW,GAAG;AAC1B,WAAO,UAAU,CAAC;AAAA,EACpB;AAEA,MAAI,CAAC,SAAS;AACZ,WAAOC,iBAAgB,SAAS,EAAE,CAAC;AAAA,EACrC;AAEA,QAAM,kBAAkB,UAAU,KAAK,cAAY,cAAc,UAAU,OAAO,CAAC;AAEnF,MAAI,iBAAiB;AACnB,WAAO;AAAA,EACT;AAEA,SAAOA,iBAAgB,SAAS,EAAE,CAAC;AACrC;AAEO,SAAS,oBACd,WACA,SACW;AACX,QAAM,WAAW,gBAAgB,WAAW,OAAO;AAEnD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,MAAM,uCAAuC,QAAQ,IAAI,MAAM,QAAQ,EAAE,GAAG;AAAA,EACxF;AAEA,SAAO;AACT;;;ACxCA,SAAS,kBAAoC;AAC7C;AAAA,EACE,qBAAAC;AAAA,EACA;AAAA,EACA,aAAAC;AAAA,EACA,UAAAC;AAAA,OAOK;AACP,SAAS,YAAY,MAAM,SAAS,OAAO,WAAW,YAAAC,iBAAgB;AACtE,OAA6B;AAC7B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AA0XA,IAAe,gBAAf,MAAe,uBAAsBC,mBAAkB;AAAA;AAAA;AAAA;AAAA,EAI5C;AAAA,EAEN,YAAY,MAAc,MAAiC,MAAwB;AAC3F,UAAM,sBAAsB,MAAM,MAAM,IAAI;AAE5C,UAAM,iBAAiBC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AAChD,YAAM,eAAeC,WAAUD,MAAK,aAAaA,MAAK,YAAY;AAClE,YAAM,cAAcC,WAAUD,MAAK,YAAYA,MAAK,WAAW;AAE/D,YAAM,mBAAyC,CAAC;AAEhD,UAAIA,MAAK,cAAc;AACrB,yBAAiB,KAAK;AAAA,UACpB,YAAY,CAAC,aAAa;AAAA,UAC1B,WAAW,CAAC,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,UACrC,KAAK;AAAA,UACL,OAAO,CAAC;AAAA,UACR,OAAO,CAAC;AAAA,UACR,UAAU,CAAC;AAAA,QACb,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,GAAGA;AAAA,QAEH,aAAaA,MAAK,WAAW,0BAA0BA,MAAK,QAAQ,IAAI,CAAC;AAAA,QAEzE,eAAeA,MAAK,iBAAiB;AAAA,QACrC,gBAAgBA,MAAK,kBAAkB;AAAA,QAEvC,oBAAoBA,MAAK,sBAAsB;AAAA,QAE/C,cAAc,aAAa,QAAQ,UAAQ;AACzC,gBAAM,YAAYC;AAAA,YAChBD,MAAK,aAAa;AAAA,YAClBA,MAAK,aAAa;AAAA,UACpB;AACA,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,sBAAsB,QAAQ,iBAAiB,cAAY;AAC/D,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,mBAAO;AAAA,UACT,CAAC;AAED,gBAAM,aAAa,oBAAoB,EAAE,IACrC,eAAc,oBAAoB,QAAW,oBAAoB,EAAE,GAAGA,MAAK,OAAO,IAClF;AAEJ,gBAAM,aAAa,OAAO,QAAQ,mBAAmB,EAClD,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,EAAE,EAC5B,IAAI,CAAC,CAAC,EAAEE,UAAS,MAAM;AACtB,mBAAO,eAAc,oBAAoB,QAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,WAAW;AAAA,cACrB,OAAOC,WAAU,KAAK,UAAU,KAAK,SAAS,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC9E,OAAO,CAAC;AAAA,cACR,UAAUA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACvD,YAAYA,WAAU,KAAK,eAAe,KAAK,cAAc;AAAA,cAC7D,WAAWA,WAAU,KAAK,cAAc,KAAK,aAAa;AAAA,cAC1D,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC;AAAA,QAED,aAAa,YACV,QAAQ,UAAQ;AACf,gBAAM,YAAYF,WAAUD,MAAK,YAAY,YAAYA,MAAK,YAAY,WAAW;AACrF,gBAAM,kBAAkB,UAAU,IAAI,gBAAgB;AAEtD,gBAAM,gCAAgC,QAAQ,iBAAiB,cAAY;AACzE,kBAAM,YAAY,cAAc,UAAUA,MAAK,OAAO,IAClD,SAAS,SAAS,WAAW,YAC7B;AAEJ,kBAAM,OAAO,cAAc,UAAUA,MAAK,OAAO,IAC7C,SAAS,SAAS,WAAW,aAC7B,SAAS;AAEb,mBAAO,GAAG,QAAQ,GAAG,IAAI,SAAS;AAAA,UACpC,CAAC;AAED,gBAAM,aAAa,8BAA8B,IAAI,IACjD,eAAc;AAAA,YACZ;AAAA,YACA,8BAA8B,IAAI;AAAA,YAClCA,MAAK;AAAA,UACP,IACA;AAEJ,gBAAM,aAAa,OAAO,QAAQ,6BAA6B,EAC5D,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,IAAI,EAC9B,IAAI,CAAC,CAAC,KAAKE,UAAS,MAAM;AACzB,kBAAM,CAAC,IAAI,IAAI,IAAI,MAAM,GAAG;AAC5B,kBAAM,aAAa,SAAS,MAAM,EAAE;AACpC,kBAAM,YAAY,MAAM,UAAU,IAAI,OAAO;AAE7C,mBAAO,eAAc,oBAAoB,WAAWA,YAAWF,MAAK,OAAO;AAAA,UAC7E,CAAC;AAEH,iBAAO;AAAA,YACL;AAAA,cACE,KAAK,KAAK,SAAS;AAAA,cACnB,OAAOC,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO,EAAE,OAAO,YAAY,SAAS,CAAC,CAAC;AAAA,cAC1E,UAAUA,WAAU,KAAK,WAAW,KAAK,UAAU;AAAA,cACnD,YAAYA,WAAU,KAAK,aAAa,KAAK,YAAY;AAAA,cACzD,WAAWA,WAAU,KAAK,YAAY,KAAK,WAAW;AAAA,cACtD,OAAOA,WAAU,KAAK,QAAQ,KAAK,OAAO;AAAA,YAC5C;AAAA,YAEA,GAAG;AAAA,UACL,EAAE,OAAO,CAAAE,UAAQ,CAAC,eAAc,YAAYA,KAAI,CAAC;AAAA,QACnD,CAAC,EACA,OAAO,gBAAgB;AAAA,MAC5B;AAAA,IACF,CAAC;AAED,SAAK,gBAAgBJ;AAAA,MACnB,eAAe,MAAM,OAAMC,UAAQ;AACjC,eAAOD;AAAA,UACL,KAAK,OAAO,MAAMC,OAAqC;AAAA,YACrD,GAAG;AAAA,YACH,QAAQ;AAAA,YACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,UAC1C,CAAC;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,QACQ;AACR,QAAI,OAAO,SAAS,QAAQ;AAC1B,aAAO,GAAG,OAAO,OAAO;AAAA,IAC1B;AAEA,WAAO,GAAG,OAAO,OAAO;AAAA,EAC1B;AAAA,EAEA,OAAe,oBACb,MACA,WACA,SACoB;AACpB,UAAM,QAA6B,OAC/B,CAAC,EAAE,MAAM,UAAU,UAAU,CAAC,EAAE,UAAU,YAAY,EAAE,CAAC,IACzD,CAAC;AAEL,UAAM,QAAQ,UACX,OAAO,cAAY,CAAC,cAAc,UAAU,OAAO,CAAC,EACpD,OAAO,cAAY,SAAS,SAAS,UAAU,SAAS,SAAS,MAAM,EACvE,IAAI,eAAc,mBAAmB;AAExC,UAAM,QAAQ,UACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,cAAY,SAAS,QAAQ;AAEpC,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,SAAS,SAAS,WAAW,QAAQ;AAExD,UAAM,YAAY,UACf,OAAO,cAAY,cAAc,UAAU,OAAO,CAAC,EACnD,IAAI,cAAY,mBAAmB,QAAQ,GAAG,SAAS,EAAE,CAAC;AAE7D,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA;AAAA,MACA,UAAU,CAAC;AAAA,MACX,YAAY,YAAY,CAAC,SAAS,IAAI,CAAC;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,MAAmC;AAC5D,WACE,CAAC,KAAK,OACN,KAAK,MAAM,WAAW,KACtB,KAAK,MAAM,WAAW,KACtB,KAAK,SAAS,WAAW,KACzB,KAAK,WAAW,WAAW,KAC3B,KAAK,UAAU,WAAW,KAC1B,KAAK,MAAM,WAAW;AAAA,EAE1B;AAAA,EAQA,OAAO,OACL,MACA,MACA,MACuB;AACvB,WAAOD,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACtC,YAAM,MAAMA,MAAK,QAAQ;AAEzB,UAAI,QAAQ,SAAS;AACnB,eAAO,IAAI,oBAAoB,MAAMA,OAAM,IAAI;AAAA,MACjD;AAEA,YAAM,WAAW,GAAG,WAAW,GAAG,CAAC;AACnC,YAAM,aAAc,MAAM,OAAO,cAAc,GAAG;AAQlD,YAAM,YAAY,WAAW,QAAQ;AACrC,UAAI,CAAC,WAAW;AACd,cAAM,IAAI,MAAM,+BAA+B,GAAG,EAAE;AAAA,MACtD;AAEA,aAAO,IAAI,UAAU,MAAMA,OAAM,IAAI;AAAA,IACvC,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,QACL,WACA,SACA,MACA;AACA,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,eAAe;AAAA,QACf,gBAAgB;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,qBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QACb,UAAU,CAAC;AAAA,QAEX,aAAa,EAAE,eAAe,UAAU;AAAA,QACxC,YAAY,EAAE,aAAa,UAAU;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,mBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,oBAAoB;AAAA,MACtB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,aACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,cAAc;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,YAAY,EAAE,OAAO,KAAK;AAAA,MAC5B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,gBACL,WACA,SACA,MACuB;AACvB,WAAO,eAAc;AAAA,MACnB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa;AAAA,QAEb,aAAa,EAAE,SAAS,KAAK;AAAA,MAC/B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,sBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,mBAAmB,oBAAoB,cAAc,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,MACxE;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,uCAAuC,oBAAoB,cAAc,CAAC;AAAA,QAEvF,YAAY,EAAE,YAAY,SAAS;AAAA,MACrC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,0BACL,WACA,WACA,SACA,MACuB;AACvB,WAAOD,QAAO,EAAE,WAAW,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,WAAAG,YAAW,SAAAE,SAAQ,MAAM;AACtE,YAAM,eAAe,oBAAoBF,WAAU,IAAI,gBAAgB,GAAGE,QAAO;AAEjF,aAAO,eAAc,sBAAsB,cAAc,WAAWA,UAAS,IAAI;AAAA,IACnF,CAAC;AAAA,EACH;AAAA,EAEA,OAAO,yBACL,UACA,WACA,SACA,MACuB;AACvB,UAAM,iBAAiB,iBAAiB,QAAQ;AAEhD,WAAO,eAAc;AAAA,MACnB,sBAAsB,oBAAoB,cAAc,CAAC;AAAA,MACzD;AAAA,QACE;AAAA,QACA;AAAA,QAEA,aAAa,0CAA0C,oBAAoB,cAAc,CAAC;AAAA,QAE1F,aAAa,EAAE,cAAc,SAAS;AAAA,MACxC;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,sBAAN,MAAM,6BAA4B,cAAc;AAAA,EAC3C,OACR,MACA,MACA,MACU;AACV,UAAM,UAAU,qBAAoB,mBAAmB,IAAI;AAC3D,UAAM,SAAS,qBAAoB,kBAAkB,IAAI;AAEzD,UAAM,cAAwB,CAAC;AAE/B,QAAI,QAAQ,SAAS,KAAK,KAAK,gBAAgB;AAC7C,kBAAY,KAAK,SAAS;AAAA,IAC5B;AAEA,QAAI,OAAO,SAAS,KAAK,KAAK,eAAe;AAC3C,kBAAY,KAAK,QAAQ;AAAA,IAC3B;AAEA,WAAO,IAAI,WAAW,GAAG;AAAA,MACvB;AAAA,MACA;AAAA,QACE,UAAU,UAAU,YAAY,MAAM,IAAI,GAAG;AAAA,UAC3C,aAAa,KAAK,cACd,EAAE,6BAA6B,KAAK,YAAY,IAChD;AAAA,QACN,CAAC;AAAA,QACD,MAAM;AAAA,UACJ,aAAa,KAAK;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,kBAAqD;AAAA,IAClE,MAAM;AAAA,IACN,QAAQ,CAAC,cAAc,iBAAiB,gBAAgB;AAAA,EAC1D;AAAA,EAEA,OAAe,kBAAqE;AAAA,IAClF,IAAI;AAAA,MACF;AAAA,QACE,mBAAmB,EAAE,aAAa,EAAE,+BAA+B,cAAc,EAAE;AAAA,QACnF,aAAa,EAAE,aAAa,EAAE,WAAW,WAAW,EAAE;AAAA,MACxD;AAAA,IACF;AAAA,IACA,OAAO,CAAC,EAAE,MAAM,IAAI,UAAU,MAAM,CAAC;AAAA,EACvC;AAAA,EAEA,OAAe,mBACb,MACsD;AACtD,WAAOC;AAAA,MACL,KAAK,aAAa,IAAI,WAAS;AAAA,QAC7B,MAAM,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,QAC9D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,MAChD,EAAE;AAAA,MACF,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,kBACb,MACqD;AACrD,UAAM,aAAkE,CAAC;AAEzE,UAAM,cAAc,KAAK,YAAY,KAAK,UAAQ,KAAK,MAAM,SAAS,CAAC;AACvE,QAAI,aAAa;AACf,iBAAW,KAAK,qBAAoB,eAAe;AAAA,IACrD;AAIA,UAAM,eAAe,KAAK,YAAY;AAAA,MAAK,UACzC,KAAK,MAAM,KAAK,UAAQ,CAAC,KAAK,SAAS,gBAAgB,CAAC;AAAA,IAC1D;AACA,QAAI,cAAc;AAChB,iBAAW,KAAK,EAAE,IAAI,CAAC,EAAE,SAAS,qBAAoB,gBAAgB,CAAC,EAAE,CAAC;AAAA,IAC5E;AAGA,QAAI,KAAK,oBAAoB;AAC3B,YAAM,EAAE,QAAQ,aAAa,IAAI,KAAK;AAEtC,UAAI,QAAQ,uBAAuB;AACjC,mBAAW,KAAK;AAAA,UACd,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,QAAQ,sBAAsB,QAAQ,MAAM,EAAE,CAAC;AAAA,UAC1E,OAAO,CAAC,EAAE,MAAM,QAAQ,sBAAsB,YAAY,UAAU,MAAM,CAAC;AAAA,QAC7E,CAAC;AAAA,MACH,OAAO;AACL,cAAM,QAAQ,aACX,OAAO,cAAY,SAAS,SAAS,UAAU,EAC/C,IAAI,eAAa;AAAA,UAChB,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,QAAQ,EAAE,EAAE,CAAC;AAAA,UACtD,OAAO,CAAC,EAAE,MAAM,SAAS,MAAM,UAAU,MAAM,CAAC;AAAA,QAClD,EAAE;AAEJ,mBAAW,KAAK,GAAG,KAAK;AAAA,MAC1B;AAAA,IACF;AAEA,WAAOA;AAAA,MACL,KAAK,YACF,IAAI,UAAQ;AACX,eAAO;AAAA,UACL,IAAI,KAAK,MAAM,CAAC,IAAI,qBAAoB,gBAAgB,IAAI;AAAA,UAC5D,OAAO,qBAAoB,SAAS,KAAK,KAAK;AAAA,QAChD;AAAA,MACF,CAAC,EACA,OAAO,UAAQ,KAAK,OAAO,MAAS,EACpC,OAAO,UAAU;AAAA,MACpB,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,OAAe,gBAEb,MAC2D;AAC3D,UAAM,QAAQA;AAAA,MACZ;AAAA,QACE,GAAG,qBAAoB,gBAAgB,IAAI;AAAA,QAC3C,GAAG,qBAAoB,mBAAmB,IAAI;AAAA,QAC9C,GAAG,qBAAoB,oBAAoB,IAAI;AAAA,MACjD;AAAA,MACA,UAAQ,KAAK,UAAU,IAAI;AAAA,IAC7B;AAEA,WAAO,MAAM,SAAS,IAAI,QAAQ;AAAA,EACpC;AAAA,EAEA,OAAe,gBACb,MAC+C;AAC/C,WAAO,KAAK,MAAM,IAAI,WAAS,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE;AAAA,EACvD;AAAA,EAEA,OAAe,mBACb,MAC+C;AAC/C,WAAO,KAAK,SAAS,IAAI,aAAW;AAClC,YAAM,WAAW,0BAA0B,OAAO;AAElD,aAAO;AAAA,QACL,mBAAmB,2BAA2B,QAAQ,SAAS,SAAS;AAAA,QACxE,aAAa;AAAA,MACf;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,OAAe,oBACb,MAC+C;AAC/C,UAAM,gBAAgB,KAAK,UAAU,IAAI,eAAa;AAAA,MACpD,aAAa,0BAA0B,QAAQ;AAAA,IACjD,EAAE;AAEF,UAAM,iBAAiB,KAAK,WAAW,IAAI,qBAAoB,mBAAmB;AAElF,QAAI,eAAe,WAAW,GAAG;AAE/B,aAAO;AAAA,IACT;AAEA,QAAI,cAAc,WAAW,GAAG;AAE9B,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,MACL,cAAc,IAAI,kBAAgB;AAChC,eAAO,eAAe,IAAI,mBAAiB,MAAM,cAAc,aAAa,CAAC;AAAA,MAC/E,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,OAAe,oBAEb,WAC6C;AAC7C,UAAM,gBAAgB,gCAAgC,SAAS;AAC/D,UAAM,oBAAoB,2BAA2B,aAAa;AAElE,WAAO,EAAE,kBAAkB;AAAA,EAC7B;AAAA,EAEA,OAAe,SACb,OAC+C;AAC/C,WAAO,MAAM,IAAI,UAAQ;AACvB,UAAI,UAAU,MAAM;AAClB,eAAO;AAAA,UACL,MAAM,KAAK;AAAA,UACX,UAAU,KAAK,YAAY;AAAA,QAC7B;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM,KAAK,MAAM,CAAC;AAAA,QAClB,SAAS,KAAK,MAAM,CAAC;AAAA,QACrB,UAAU,KAAK,YAAY;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":["cluster","entity","args","id","ComponentResource","normalize","output","output","output","ComponentResource","output","args","normalize","filterEndpoints","filterEndpoints","ComponentResource","normalize","output","uniqueBy","ComponentResource","output","args","normalize","endpoints","rule","cluster","uniqueBy"]}
package/dist/{chunk-HTQP2NB4.js → chunk-Y3LZSX7I.js} RENAMED
@@ -6,7 +6,7 @@ import {
6
6
  } from "@pulumi/pulumi";
7
7
 
8
8
  // src/shared.ts
9
- import { output, toPromise } from "@highstate/pulumi";
9
+ import { interpolate, output, toPromise } from "@highstate/pulumi";
10
10
  import { core, Provider } from "@pulumi/kubernetes";
11
11
  var providers = /* @__PURE__ */ new Map();
12
12
  function getProvider(cluster) {
@@ -57,21 +57,10 @@ function mapNamespaceNameToSelector(namespace) {
57
57
  }
58
58
  function resourceIdToString(id) {
59
59
  return output(id).apply((metadata) => {
60
- return metadata.namespace ? `${metadata.namespace}/${metadata.name}` : metadata.name;
60
+ const namespaceName = metadata.namespace ? mapNamespaceLikeToNamespaceName(metadata.namespace) : void 0;
61
+ return output(namespaceName ? interpolate`${namespaceName}/${metadata.name}` : metadata.name);
61
62
  });
62
63
  }
63
- function getAppName(resourceId) {
64
- if (resourceId.namespace !== resourceId.name) {
65
- return `${resourceId.namespace ?? "default"}-${resourceId.name}`;
66
- }
67
- return resourceId.name;
68
- }
69
- function getAppDisplayName(resourceId) {
70
- if (resourceId.namespace !== resourceId.name) {
71
- return `${resourceId.namespace ?? "default"}/${resourceId.name}`;
72
- }
73
- return resourceId.name;
74
- }
75
64
  function withPatchName(resourceType, resource, cluster) {
76
65
  return output({ resource, cluster }).apply(({ resource: resource2, cluster: cluster2 }) => {
77
66
  if (resource2.clusterId !== cluster2.id) {
@@ -260,8 +249,6 @@ export {
260
249
  mapNamespaceLikeToNamespaceName,
261
250
  mapNamespaceNameToSelector,
262
251
  resourceIdToString,
263
- getAppName,
264
- getAppDisplayName,
265
252
  withPatchName
266
253
  };
267
- //# sourceMappingURL=chunk-HTQP2NB4.js.map
254
+ //# sourceMappingURL=chunk-Y3LZSX7I.js.map
package/dist/chunk-Y3LZSX7I.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/namespace.ts","../src/shared.ts"],"sourcesContent":["import type { k8s } from \"@highstate/library\"\nimport { core, type types } from \"@pulumi/kubernetes\"\nimport {\n ComponentResource,\n output,\n Output,\n type ComponentResourceOptions,\n type Input,\n type Inputs,\n type Unwrap,\n} from \"@pulumi/pulumi\"\nimport { getProvider, mapMetadata, type CommonArgs } from \"./shared\"\n\nexport type NamespaceArgs = Omit<CommonArgs, \"namespace\"> & {\n /**\n * Whether to apply \"pod-security.kubernetes.io/enforce=privileged\" label to the namespace.\n */\n privileged?: boolean\n}\n\nexport type CreateOrPatchNamespaceArgs = NamespaceArgs & {\n /**\n * The resource to use to determine the name of the namespace.\n *\n * If not provided, the namespace will be created, otherwise it will be retrieved/patched.\n */\n resource: Input<k8s.Resource> | undefined\n}\n\nexport abstract class Namespace extends ComponentResource {\n protected constructor(\n type: string,\n name: string,\n args: Inputs,\n opts: ComponentResourceOptions | undefined,\n\n /**\n * The cluster where the namespace is created.\n */\n readonly cluster: Output<k8s.Cluster>,\n\n /*\n * The metadata of the underlying Kubernetes namespace.\n */\n readonly metadata: Output<types.output.meta.v1.ObjectMeta>,\n\n /**\n * The spec of the underlying Kubernetes namespace.\n */\n readonly spec: Output<types.output.core.v1.NamespaceSpec>,\n\n /**\n * The status of the underlying Kubernetes namespace.\n */\n readonly status: Output<types.output.core.v1.NamespaceStatus>,\n ) {\n super(type, name, args, opts)\n }\n\n /**\n * Creates a new namespace.\n */\n static create(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new CreatedNamespace(name, args, opts)\n }\n\n /**\n * Creates a new namespace or patches an existing one.\n *\n * Will throw an error if the namespace does not exist when `args.resource` is provided.\n */\n static createOrPatch(\n name: string,\n args: CreateOrPatchNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n if (!args.resource) {\n return new CreatedNamespace(name, args, opts)\n }\n\n return new NamespacePatch(\n name,\n {\n ...args,\n name: output(args).apply(args => {\n if (args.resource!.clusterId !== args.cluster.id) {\n throw new Error(\n `Cluster mismatch when patching namespace \"${name}\": \"${args.resource!.clusterId}\" != \"${args.cluster.id}\"`,\n )\n }\n\n return args.resource!.metadata.namespace\n }),\n },\n opts,\n )\n }\n\n /**\n * Creates a new namespace or gets an existing one.\n *\n * Will throw an error if the namespace does not exist when `args.resource` is provided.\n */\n static createOrGet(\n name: string,\n args: CreateOrPatchNamespaceArgs,\n opts?: ComponentResourceOptions,\n ): Namespace {\n if (!args.resource) {\n return new CreatedNamespace(name, args, opts)\n }\n\n return new ExternalNamespace(\n name,\n output(args).apply(args => {\n if (args.resource!.clusterId !== args.cluster.id) {\n throw new Error(\n `Cluster mismatch when receiving namespace \"${name}\": \"${args.resource!.clusterId}\" != \"${args.cluster.id}\"`,\n )\n }\n\n return args.resource!.metadata.namespace\n }),\n args.cluster,\n opts,\n )\n }\n\n /**\n * Patches an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n */\n static patch(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions): Namespace {\n return new NamespacePatch(name, args, opts)\n }\n\n /**\n * Gets an existing namespace.\n *\n * Will throw an error if the namespace does not exist.\n */\n static get(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ): Namespace {\n return new ExternalNamespace(name, id, cluster, opts)\n }\n}\n\nfunction mapNamespaceMetadata(\n args: Unwrap<NamespaceArgs>,\n name: string,\n): types.input.meta.v1.ObjectMeta {\n const labels: Record<string, string> = args.metadata?.labels ?? {}\n\n if (args.privileged) {\n labels[\"pod-security.kubernetes.io/enforce\"] = \"privileged\"\n }\n\n return { ...mapMetadata(args, name), labels }\n}\n\nclass CreatedNamespace extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args).apply(async args => {\n return new core.v1.Namespace(\n name,\n {\n metadata: mapNamespaceMetadata(args, name),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:Namespace\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nclass NamespacePatch extends Namespace {\n constructor(name: string, args: NamespaceArgs, opts?: ComponentResourceOptions) {\n const namespace = output(args).apply(async args => {\n return new core.v1.NamespacePatch(\n name,\n {\n metadata: mapNamespaceMetadata(args, name),\n },\n {\n ...opts,\n parent: this,\n provider: await getProvider(args.cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:NamespacePatch\",\n name,\n args,\n opts,\n output(args.cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n\nclass ExternalNamespace extends Namespace {\n constructor(\n name: string,\n id: Input<string>,\n cluster: Input<k8s.Cluster>,\n opts?: ComponentResourceOptions,\n ) {\n const namespace = output(id).apply(async realName => {\n return core.v1.Namespace.get(\n //\n name,\n realName,\n {\n ...opts,\n parent: this,\n provider: await getProvider(cluster),\n },\n )\n })\n\n super(\n \"highstate:k8s:ExternalNamespace\",\n name,\n { id, cluster },\n opts,\n output(cluster),\n namespace.metadata,\n namespace.spec,\n namespace.status,\n )\n }\n}\n","import type { PartialKeys } from \"@highstate/contract\"\nimport type { k8s } from \"@highstate/library\"\nimport { interpolate, Output, output, toPromise, type Input, type Unwrap } from \"@highstate/pulumi\"\nimport { core, Provider, types } from \"@pulumi/kubernetes\"\nimport { Namespace } from \"./namespace\"\n\nconst providers = new Map<string, Provider>()\n\nexport function getProvider(cluster: Input<k8s.Cluster>): Promise<Provider> {\n const provider = output(cluster).apply(cluster => {\n const existingProvider = providers.get(cluster.id)\n if (existingProvider) {\n return existingProvider\n }\n\n const provider = new Provider(`${cluster.name}-${cluster.id}`, {\n kubeconfig: cluster.kubeconfig,\n })\n providers.set(cluster.id, provider)\n\n return provider\n })\n\n return toPromise(provider)\n}\n\nexport type NamespaceLike = core.v1.Namespace | Namespace | string\n\nexport type CommonArgs = {\n /**\n * The name of the resource.\n */\n name?: Input<string>\n\n /**\n * The namespace to create the resource in.\n */\n namespace: Input<NamespaceLike | undefined>\n\n /**\n * The cluster to create the resource in.\n */\n cluster: Input<k8s.Cluster>\n\n /**\n * The metadata to apply to the resource.\n */\n metadata?: Input<types.input.meta.v1.ObjectMeta>\n}\n\nexport const commonExtraArgs = [\"name\", \"namespace\", \"cluster\", \"metadata\"] as const\n\nexport function mapMetadata(\n args: PartialKeys<Unwrap<CommonArgs>, \"namespace\" | \"cluster\">,\n fallbackName?: string,\n): types.input.meta.v1.ObjectMeta {\n return {\n ...args.metadata,\n name: args.name ?? args.metadata?.name ?? fallbackName,\n namespace: args.namespace ? mapNamespaceLikeToNamespaceName(args.namespace) : undefined,\n }\n}\n\nexport type SelectorLike = types.input.meta.v1.LabelSelector | Record<string, Input<string>>\n\nexport function mapSelectorLikeToSelector(\n selector: SelectorLike,\n): types.input.meta.v1.LabelSelector {\n if (\"matchLabels\" in selector || \"matchExpressions\" in selector) {\n return selector\n }\n\n return {\n matchLabels: selector as Record<string, Input<string>>,\n }\n}\n\nexport function mapNamespaceLikeToNamespaceName(namespace: NamespaceLike): Output<string> {\n if (Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n if (core.v1.Namespace.isInstance(namespace)) {\n return namespace.metadata.name\n }\n\n return output(namespace)\n}\n\nexport function mapNamespaceNameToSelector(\n namespace: Input<string>,\n): types.input.meta.v1.LabelSelector {\n return {\n matchLabels: {\n \"kubernetes.io/metadata.name\": namespace,\n },\n }\n}\n\nexport type ResourceId = {\n name: Input<string>\n namespace?: Input<NamespaceLike | undefined>\n}\n\nexport function resourceIdToString(id: Input<ResourceId>): Output<string> {\n return output(id).apply(metadata => {\n const namespaceName = metadata.namespace\n ? mapNamespaceLikeToNamespaceName(metadata.namespace)\n : undefined\n\n return output(namespaceName ? interpolate`${namespaceName}/${metadata.name}` : metadata.name)\n })\n}\n\nexport function withPatchName(\n resourceType: string,\n resource: Input<k8s.Resource>,\n cluster: Input<k8s.Cluster>,\n): Output<string> {\n return output({ resource, cluster }).apply(({ resource, cluster }) => {\n if (resource.clusterId !== cluster.id) {\n throw new Error(\n `Cluster mismatch when patching ${resourceType} \"${resource.metadata.name}\": \"${resource.clusterId}\" != \"${cluster.id}\"`,\n )\n }\n\n return resource.metadata.name\n })\n}\n"],"mappings":";AACA,SAAS,QAAAA,aAAwB;AACjC;AAAA,EACE;AAAA,EACA,UAAAC;AAAA,OAMK;;;ACRP,SAAS,aAAqB,QAAQ,iBAA0C;AAChF,SAAS,MAAM,gBAAuB;AAGtC,IAAM,YAAY,oBAAI,IAAsB;AAErC,SAAS,YAAY,SAAgD;AAC1E,QAAM,WAAW,OAAO,OAAO,EAAE,MAAM,CAAAC,aAAW;AAChD,UAAM,mBAAmB,UAAU,IAAIA,SAAQ,EAAE;AACjD,QAAI,kBAAkB;AACpB,aAAO;AAAA,IACT;AAEA,UAAMC,YAAW,IAAI,SAAS,GAAGD,SAAQ,IAAI,IAAIA,SAAQ,EAAE,IAAI;AAAA,MAC7D,YAAYA,SAAQ;AAAA,IACtB,CAAC;AACD,cAAU,IAAIA,SAAQ,IAAIC,SAAQ;AAElC,WAAOA;AAAA,EACT,CAAC;AAED,SAAO,UAAU,QAAQ;AAC3B;AA0BO,IAAM,kBAAkB,CAAC,QAAQ,aAAa,WAAW,UAAU;AAEnE,SAAS,YACd,MACA,cACgC;AAChC,SAAO;AAAA,IACL,GAAG,KAAK;AAAA,IACR,MAAM,KAAK,QAAQ,KAAK,UAAU,QAAQ;AAAA,IAC1C,WAAW,KAAK,YAAY,gCAAgC,KAAK,SAAS,IAAI;AAAA,EAChF;AACF;AAIO,SAAS,0BACd,UACmC;AACnC,MAAI,iBAAiB,YAAY,sBAAsB,UAAU;AAC/D,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,aAAa;AAAA,EACf;AACF;AAEO,SAAS,gCAAgC,WAA0C;AACxF,MAAI,UAAU,WAAW,SAAS,GAAG;AACnC,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,MAAI,KAAK,GAAG,UAAU,WAAW,SAAS,GAAG;AAC3C,WAAO,UAAU,SAAS;AAAA,EAC5B;AAEA,SAAO,OAAO,SAAS;AACzB;AAEO,SAAS,2BACd,WACmC;AACnC,SAAO;AAAA,IACL,aAAa;AAAA,MACX,+BAA+B;AAAA,IACjC;AAAA,EACF;AACF;AAOO,SAAS,mBAAmB,IAAuC;AACxE,SAAO,OAAO,EAAE,EAAE,MAAM,cAAY;AAClC,UAAM,gBAAgB,SAAS,YAC3B,gCAAgC,SAAS,SAAS,IAClD;AAEJ,WAAO,OAAO,gBAAgB,cAAc,aAAa,IAAI,SAAS,IAAI,KAAK,SAAS,IAAI;AAAA,EAC9F,CAAC;AACH;AAEO,SAAS,cACd,cACA,UACA,SACgB;AAChB,SAAO,OAAO,EAAE,UAAU,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,UAAAC,WAAU,SAAAF,SAAQ,MAAM;AACpE,QAAIE,UAAS,cAAcF,SAAQ,IAAI;AACrC,YAAM,IAAI;AAAA,QACR,kCAAkC,YAAY,KAAKE,UAAS,SAAS,IAAI,OAAOA,UAAS,SAAS,SAASF,SAAQ,EAAE;AAAA,MACvH;AAAA,IACF;AAEA,WAAOE,UAAS,SAAS;AAAA,EAC3B,CAAC;AACH;;;ADnGO,IAAe,YAAf,cAAiC,kBAAkB;AAAA,EAC9C,YACR,MACA,MACA,MACA,MAKS,SAKA,UAKA,MAKA,QACT;AACA,UAAM,MAAM,MAAM,MAAM,IAAI;AAjBnB;AAKA;AAKA;AAKA;AAAA,EAGX;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,OAAO,MAAc,MAAqB,MAA4C;AAC3F,WAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,QACE,GAAG;AAAA,QACH,MAAMC,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AAC/B,cAAIA,MAAK,SAAU,cAAcA,MAAK,QAAQ,IAAI;AAChD,kBAAM,IAAI;AAAA,cACR,6CAA6C,IAAI,OAAOA,MAAK,SAAU,SAAS,SAASA,MAAK,QAAQ,EAAE;AAAA,YAC1G;AAAA,UACF;AAEA,iBAAOA,MAAK,SAAU,SAAS;AAAA,QACjC,CAAC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YACL,MACA,MACA,MACW;AACX,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,IAAI,iBAAiB,MAAM,MAAM,IAAI;AAAA,IAC9C;AAEA,WAAO,IAAI;AAAA,MACT;AAAA,MACAD,QAAO,IAAI,EAAE,MAAM,CAAAC,UAAQ;AACzB,YAAIA,MAAK,SAAU,cAAcA,MAAK,QAAQ,IAAI;AAChD,gBAAM,IAAI;AAAA,YACR,8CAA8C,IAAI,OAAOA,MAAK,SAAU,SAAS,SAASA,MAAK,QAAQ,EAAE;AAAA,UAC3G;AAAA,QACF;AAEA,eAAOA,MAAK,SAAU,SAAS;AAAA,MACjC,CAAC;AAAA,MACD,KAAK;AAAA,MACL;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,MAAM,MAAc,MAAqB,MAA4C;AAC1F,WAAO,IAAI,eAAe,MAAM,MAAM,IAAI;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,IACL,MACA,IACA,SACA,MACW;AACX,WAAO,IAAI,kBAAkB,MAAM,IAAI,SAAS,IAAI;AAAA,EACtD;AACF;AAEA,SAAS,qBACP,MACA,MACgC;AAChC,QAAM,SAAiC,KAAK,UAAU,UAAU,CAAC;AAEjE,MAAI,KAAK,YAAY;AACnB,WAAO,oCAAoC,IAAI;AAAA,EACjD;AAEA,SAAO,EAAE,GAAG,YAAY,MAAM,IAAI,GAAG,OAAO;AAC9C;AAEA,IAAM,mBAAN,cAA+B,UAAU;AAAA,EACvC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYD,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,qBAAqBD,OAAM,IAAI;AAAA,QAC3C;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,iBAAN,cAA6B,UAAU;AAAA,EACrC,YAAY,MAAc,MAAqB,MAAiC;AAC9E,UAAM,YAAYA,QAAO,IAAI,EAAE,MAAM,OAAMC,UAAQ;AACjD,aAAO,IAAIC,MAAK,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,UACE,UAAU,qBAAqBD,OAAM,IAAI;AAAA,QAC3C;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAYA,MAAK,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACAD,QAAO,KAAK,OAAO;AAAA,MACnB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,oBAAN,cAAgC,UAAU;AAAA,EACxC,YACE,MACA,IACA,SACA,MACA;AACA,UAAM,YAAYA,QAAO,EAAE,EAAE,MAAM,OAAM,aAAY;AACnD,aAAOE,MAAK,GAAG,UAAU;AAAA;AAAA,QAEvB;AAAA,QACA;AAAA,QACA;AAAA,UACE,GAAG;AAAA,UACH,QAAQ;AAAA,UACR,UAAU,MAAM,YAAY,OAAO;AAAA,QACrC;AAAA,MACF;AAAA,IACF,CAAC;AAED;AAAA,MACE;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ;AAAA,MACd;AAAA,MACAF,QAAO,OAAO;AAAA,MACd,UAAU;AAAA,MACV,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;","names":["core","output","cluster","provider","resource","output","args","core"]}
package/dist/deployment-QTPBNKO5.js ADDED
@@ -0,0 +1,10 @@
1
+ import {
2
+ Deployment
3
+ } from "./chunk-6L67WIZW.js";
4
+ import "./chunk-SARVLQZY.js";
5
+ import "./chunk-WEKIQRCZ.js";
6
+ import "./chunk-Y3LZSX7I.js";
7
+ export {
8
+ Deployment
9
+ };
10
+ //# sourceMappingURL=deployment-QTPBNKO5.js.map
package/dist/highstate.manifest.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "sourceHashes": {
3
- "./dist/index.js": "652929ffa4d52acf30f62a458a40520a6505d540e35dadc3744e0a2b71dadf28",
4
- "./dist/units/access-point/index.js": "adc060cfb60e26a6b96877e065200298a98ce1e1afd190dac1eb3b44be640365",
5
- "./dist/units/cert-manager/index.js": "1699a82c59429ec1894b711201edc5a816910c58627432afb0cc97b9325b22b5",
6
- "./dist/units/cluster-patch/index.js": "d79793e56de024ec6ada88d6ca3ffc2db65063dff375266c5ce35adf4bb7b49d",
7
- "./dist/units/cluster-dns/index.js": "5c0d911743c2d6302ab931a64de0098e13445d4e532acfeca8a1f1466b52d032",
8
- "./dist/units/dns01-issuer/index.js": "5cf83bddc2cc1f1a6b19940be20e883399471044df678cd275547237e23adf5e",
9
- "./dist/units/existing-cluster/index.js": "52e0187ce02fe2505b325f68147782939aa53d252de3baab4255034486669dd6",
10
- "./dist/units/gateway-api/index.js": "dfc16161f24ddd542fa3be44aacdde13c732b73c13068c4bcc6f58d21c98bfaa"
3
+ "./dist/index.js": "970451f680aca1ef09581bd21c5c827e862e27005886492d1f16f10fd178aad2",
4
+ "./dist/units/access-point/index.js": "cefaf27d66fb9ea0a570c40ce32c85a78a55782f80d296d8c68783615e900509",
5
+ "./dist/units/cert-manager/index.js": "3bcc4761c02c4ab877afcdc6623a5c0fe271fb5af2646a459447a1f91e5e402f",
6
+ "./dist/units/cluster-patch/index.js": "bd4ef28700dfad9cffb3412387b33ee34b10d4a4ec5a21653884763626589d6c",
7
+ "./dist/units/cluster-dns/index.js": "fc97254083f04224ecdb8208c16104d9ab1148ca63f15971ddb681a09f28142a",
8
+ "./dist/units/dns01-issuer/index.js": "cbdb00147c3a22501633dd4ced40bdcee77ec91d5e19126ab688eb9a2442fb92",
9
+ "./dist/units/existing-cluster/index.js": "c8e44f3c4525ddc6b4cda00629560df539c81fe9c32913ac87fc78f112ac0ca3",
10
+ "./dist/units/gateway-api/index.js": "31e16cf11559bdd2fcc7275d7a82aea0d029192ee93eb4002b0c7b4aab4652a9"
11
11
  }
12
12
  }
package/dist/index.js CHANGED
@@ -1,34 +1,37 @@
1
1
  import {
2
2
  StatefulSet
3
- } from "./chunk-WUJ7BFVE.js";
3
+ } from "./chunk-VL7Z5FJQ.js";
4
4
  import {
5
5
  Deployment
6
- } from "./chunk-W72HEBHG.js";
6
+ } from "./chunk-6L67WIZW.js";
7
7
  import {
8
+ ConfigMap,
8
9
  ExposableWorkload,
9
10
  PersistentVolumeClaim,
10
11
  Secret,
11
12
  Workload,
12
13
  getWorkloadComponents
13
- } from "./chunk-L6G2IHDP.js";
14
+ } from "./chunk-SARVLQZY.js";
14
15
  import {
15
16
  Chart,
16
17
  RenderedChart,
17
18
  getChartService,
18
19
  getChartServiceOutput,
19
20
  resolveHelmChart
20
- } from "./chunk-7R2VAXVL.js";
21
+ } from "./chunk-5S4JPM4M.js";
21
22
  import {
22
23
  HttpRoute,
23
24
  NetworkPolicy,
24
25
  Service,
26
+ getBestEndpoint,
25
27
  getServiceMetadata,
26
28
  hasServiceMetadata,
27
29
  isFromCluster,
28
30
  mapContainerPortToServicePort,
29
31
  mapServiceToLabelSelector,
32
+ requireBestEndpoint,
30
33
  withServiceMetadata
31
- } from "./chunk-OP75IMU7.js";
34
+ } from "./chunk-WEKIQRCZ.js";
32
35
  import {
33
36
  createK8sTerminal,
34
37
  detectExternalIps
@@ -36,14 +39,12 @@ import {
36
39
  import {
37
40
  Namespace,
38
41
  commonExtraArgs,
39
- getAppDisplayName,
40
- getAppName,
41
42
  getProvider,
42
43
  mapMetadata,
43
44
  mapNamespaceLikeToNamespaceName,
44
45
  mapNamespaceNameToSelector,
45
46
  mapSelectorLikeToSelector
46
- } from "./chunk-HTQP2NB4.js";
47
+ } from "./chunk-Y3LZSX7I.js";
47
48
 
48
49
  // src/access-point.ts
49
50
  import { DnsRecordSet, filterEndpoints, l3EndpointToString } from "@highstate/common";
@@ -164,7 +165,6 @@ function createGateway(args) {
164
165
  }
165
166
 
166
167
  // src/scripting/bundle.ts
167
- import { core } from "@pulumi/kubernetes";
168
168
  import { apply, normalize as normalize2 } from "@highstate/pulumi";
169
169
  import {
170
170
  ComponentResource,
@@ -277,10 +277,11 @@ var ScriptBundle = class extends ComponentResource {
277
277
  }
278
278
  );
279
279
  this.configMap = output2({ scriptEnvironment, args }).apply(({ scriptEnvironment: scriptEnvironment2, args: args2 }) => {
280
- return new core.v1.ConfigMap(
280
+ return ConfigMap.create(
281
281
  name,
282
282
  {
283
- metadata: mapMetadata(args2, name),
283
+ cluster: args2.cluster,
284
+ namespace: args2.namespace,
284
285
  data: createScriptData(this.distribution, scriptEnvironment2)
285
286
  },
286
287
  { ...opts, parent: this }
@@ -514,7 +515,14 @@ var Job = class extends ComponentResource2 {
514
515
  metadata: mapMetadata(args2, name),
515
516
  spec: mergeDeep(
516
517
  {
517
- template: podTemplate2
518
+ template: mergeDeep(
519
+ {
520
+ spec: {
521
+ restartPolicy: "Never"
522
+ }
523
+ },
524
+ podTemplate2
525
+ )
518
526
  },
519
527
  omit(args2, jobExtraArgs)
520
528
  )
@@ -551,7 +559,14 @@ var CronJob = class extends ComponentResource3 {
551
559
  {
552
560
  jobTemplate: {
553
561
  spec: {
554
- template: podTemplate2
562
+ template: mergeDeep2(
563
+ {
564
+ spec: {
565
+ restartPolicy: "Never"
566
+ }
567
+ },
568
+ podTemplate2
569
+ )
555
570
  }
556
571
  },
557
572
  schedule: args2.schedule
@@ -568,34 +583,9 @@ var CronJob = class extends ComponentResource3 {
568
583
  });
569
584
  }
570
585
  };
571
-
572
- // src/network.ts
573
- import { filterEndpoints as filterEndpoints2 } from "@highstate/common";
574
- function getBestEndpoint(endpoints, cluster) {
575
- if (!endpoints.length) {
576
- return void 0;
577
- }
578
- if (endpoints.length === 1) {
579
- return endpoints[0];
580
- }
581
- if (!cluster) {
582
- return filterEndpoints2(endpoints)[0];
583
- }
584
- const clusterEndpoint = endpoints.find((endpoint) => isFromCluster(endpoint, cluster));
585
- if (clusterEndpoint) {
586
- return clusterEndpoint;
587
- }
588
- return filterEndpoints2(endpoints)[0];
589
- }
590
- function requireBestEndpoint(endpoints, cluster) {
591
- const endpoint = getBestEndpoint(endpoints, cluster);
592
- if (!endpoint) {
593
- throw new Error(`No best endpoint found for cluster "${cluster.name}" (${cluster.id})`);
594
- }
595
- return endpoint;
596
- }
597
586
  export {
598
587
  Chart,
588
+ ConfigMap,
599
589
  CronJob,
600
590
  Deployment,
601
591
  ExposableWorkload,
@@ -613,8 +603,6 @@ export {
613
603
  createK8sTerminal,
614
604
  createScriptContainer,
615
605
  detectExternalIps,
616
- getAppDisplayName,
617
- getAppName,
618
606
  getBestEndpoint,
619
607
  getChartService,
620
608
  getChartServiceOutput,