@intentius/chant-lexicon-gcp 0.0.24 → 0.1.0

package/dist/integrity.json

@@ -1,7 +1,7 @@
 {
   "algorithm": "xxhash64",
   "artifacts": {
-    "manifest.json": "1a93f9f8be77c3c6",
+    "manifest.json": "97b97a197e65cc96",
     "meta.json": "4b53e87923a434ef",
     "types/index.d.ts": "c7cc45a739cefe9d",
     "rules/hardcoded-region.ts": "d230565c5cc6b600",
@@ -37,5 +37,5 @@
     "skills/chant-gcp-patterns.md": "6cd0a4a78933323c",
     "skills/chant-gcp-gke.md": "f185f6c0de514ba0"
   },
-  "composite": "2fcb40fd58eb2860"
+  "composite": "9e2d76181eb1fdac"
 }

package/dist/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "gcp",
-  "version": "0.0.24",
+  "version": "0.1.0",
   "chantVersion": ">=0.1.0",
   "namespace": "GCP",
   "intrinsics": [],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intentius/chant-lexicon-gcp",
-  "version": "0.0.24",
+  "version": "0.1.0",
   "description": "Google Cloud lexicon for chant — declarative IaC in TypeScript",
   "license": "Apache-2.0",
   "homepage": "https://intentius.io/chant",
@@ -43,11 +43,14 @@
     "prepack": "bun run generate && bun run bundle && bun run validate"
   },
   "dependencies": {
-    "@intentius/chant": "0.0.22",
     "fflate": "^0.8.2",
     "js-yaml": "^4.1.0"
   },
   "devDependencies": {
+    "@intentius/chant": "0.1.0",
     "typescript": "^5.9.3"
+  },
+  "peerDependencies": {
+    "@intentius/chant": "^0.1.0"
   }
 }

package/src/composites/cloud-sql-instance.ts

@@ -69,6 +69,12 @@ export const CloudSqlInstance = Composite<CloudSqlInstanceProps>((props) => {
     defaults: defs,
   } = props;
 
+  // K8s metadata name must be a valid DNS subdomain (no underscores).
+  // When databaseName differs from the instance name, prefix with instance name
+  // to guarantee uniqueness across instances sharing the same databaseName.
+  const sanitizedDbName = databaseName.replace(/_/g, "-");
+  const databaseK8sName = databaseName === name ? sanitizedDbName : `${name}-${sanitizedDbName}`;
+
   const commonLabels: Record<string, string> = {
     "app.kubernetes.io/name": name,
     "app.kubernetes.io/managed-by": "chant",
@@ -102,15 +108,21 @@ export const CloudSqlInstance = Composite<CloudSqlInstanceProps>((props) => {
 
   const database = new SQLDatabase(mergeDefaults({
     metadata: {
-      name: databaseName,
+      name: databaseK8sName,
       ...(namespace && { namespace }),
       labels: { ...commonLabels, "app.kubernetes.io/component": "database" },
     },
     instanceRef: { name },
+    // resourceID sets the actual Cloud SQL database name when the K8s-safe name differs
+    ...(databaseName !== sanitizedDbName && { resourceID: databaseName }),
   } as Record<string, unknown>, defs?.database));
 
   const user = new SQLUser(mergeDefaults({
     metadata: {
+      // K8s name scoped to the instance for uniqueness (e.g. "mydb-admin").
+      // Without resourceID, Config Connector uses metadata.name as the actual
+      // Cloud SQL username — so the PG username IS the K8s resource name.
+      // Callers can override via defaults.user.resourceID if a shorter name is needed.
       name: `${name}-${userName}`,
       ...(namespace && { namespace }),
       labels: { ...commonLabels, "app.kubernetes.io/component": "database" },

package/src/composites/index.ts

@@ -18,3 +18,5 @@ export { ManagedCertificate } from "./managed-certificate";
 export type { ManagedCertificateProps } from "./managed-certificate";
 export { SecureProject } from "./secure-project";
 export type { SecureProjectProps } from "./secure-project";
+export { MemorystoreRedis } from "./memorystore-redis";
+export type { MemorystoreRedisProps } from "./memorystore-redis";

package/src/composites/memorystore-redis.ts

@@ -0,0 +1,101 @@
+/**
+ * MemorystoreRedis composite — RedisInstance with purpose-driven defaults.
+ */
+
+import { Composite, mergeDefaults } from "@intentius/chant";
+import { RedisInstance } from "../generated";
+
+export interface MemorystoreRedisProps {
+  /** Instance name. */
+  name: string;
+  /**
+   * Purpose drives the maxmemory-policy default:
+   * - "persistent" → "noeviction" (queues, shared_state must not evict)
+   * - "cache"      → "allkeys-lru" (cache/sessions can evict LRU)
+   */
+  purpose: "persistent" | "cache";
+  /** Memorystore tier (e.g. "BASIC", "STANDARD_HA"). */
+  tier: string;
+  /** Memory size in GB. */
+  memorySizeGb: number;
+  /** GCP region. */
+  region: string;
+  /** authorizedNetworkRef.name — the VPC network to authorize. */
+  networkRef: string;
+  /** Redis version (default: "REDIS_7_0"). */
+  redisVersion?: string;
+  /** Enable AUTH (default: true). */
+  authEnabled?: boolean;
+  /** Namespace for all resources. */
+  namespace?: string;
+  /** Additional labels. */
+  labels?: Record<string, string>;
+  /** Per-member defaults for customizing individual resources. */
+  defaults?: {
+    instance?: Partial<Record<string, unknown>>;
+  };
+}
+
+/**
+ * Create a MemorystoreRedis composite.
+ *
+ * @example
+ * ```ts
+ * import { MemorystoreRedis } from "@intentius/chant-lexicon-gcp";
+ *
+ * const { instance } = MemorystoreRedis({
+ *   name: "my-app-persistent",
+ *   purpose: "persistent",
+ *   tier: "STANDARD_HA",
+ *   memorySizeGb: 5,
+ *   region: "us-central1",
+ *   networkRef: "my-vpc",
+ * });
+ * ```
+ */
+export const MemorystoreRedis = Composite<MemorystoreRedisProps>((props) => {
+  const {
+    name,
+    purpose,
+    tier,
+    memorySizeGb,
+    region,
+    networkRef,
+    redisVersion = "REDIS_7_0",
+    authEnabled = true,
+    namespace,
+    labels: extraLabels = {},
+    defaults: defs,
+  } = props;
+
+  const maxmemoryPolicy = purpose === "persistent" ? "noeviction" : "allkeys-lru";
+
+  const commonLabels: Record<string, string> = {
+    "app.kubernetes.io/name": name,
+    "app.kubernetes.io/managed-by": "chant",
+    ...extraLabels,
+  };
+
+  const instance = new RedisInstance(mergeDefaults({
+    metadata: {
+      name,
+      ...(namespace && { namespace }),
+      labels: { ...commonLabels, "app.kubernetes.io/component": "cache" },
+    },
+    region,
+    tier,
+    memorySizeGb,
+    authEnabled,
+    redisVersion,
+    connectMode: "PRIVATE_SERVICE_ACCESS",
+    authorizedNetworkRef: { name: networkRef },
+    // TLS disabled: GitLab's redis-rb client requires either no TLS or a custom CA cert
+    // injected via REDIS_SSL_CA_FILE. AUTH (authEnabled: true) provides access control.
+    transitEncryptionMode: "DISABLED",
+    redisConfigs: {
+      "maxmemory-policy": maxmemoryPolicy,
+    },
+  } as Record<string, unknown>, defs?.instance));
+
+  return { instance };
+}, "MemorystoreRedis");

package/src/composites/vpc-network.ts

@@ -5,6 +5,11 @@
 import { Composite, mergeDefaults } from "@intentius/chant";
 import { VPCNetwork, Subnetwork, Firewall, Router, RouterNAT } from "../generated";
 
+export interface VpcSubnetSecondaryRange {
+  rangeName: string;
+  ipCidrRange: string;
+}
+
 export interface VpcSubnet {
   /** Subnet name suffix. */
   name: string;
@@ -14,6 +19,8 @@ export interface VpcSubnet {
   region: string;
   /** Enable private Google access (default: true). */
   privateIpGoogleAccess?: boolean;
+  /** Secondary IP ranges for VPC-native GKE pods/services. */
+  secondaryIpRanges?: VpcSubnetSecondaryRange[];
 }
 
 export interface VpcNetworkProps {
@@ -104,6 +111,9 @@ export const VpcNetwork = Composite<VpcNetworkProps>((props) => {
       ipCidrRange: sub.ipCidrRange,
       region: sub.region,
       privateIpGoogleAccess: sub.privateIpGoogleAccess ?? true,
+      ...(sub.secondaryIpRanges && sub.secondaryIpRanges.length > 0 && {
+        secondaryIpRange: sub.secondaryIpRanges,
+      }),
     } as Record<string, unknown>);
   }
 

package/src/index.ts

@@ -22,6 +22,7 @@ export * from "./generated/index";
 export {
   GkeCluster, CloudRunServiceComposite, CloudSqlInstance, GcsBucket, VpcNetwork,
   PubSubPipeline, CloudFunctionWithTrigger, PrivateService, ManagedCertificate, SecureProject,
+  MemorystoreRedis,
 } from "./composites/index";
 export type {
   GkeClusterProps,
@@ -34,6 +35,7 @@ export type {
   PrivateServiceProps,
   ManagedCertificateProps,
   SecureProjectProps,
+  MemorystoreRedisProps,
 } from "./composites/index";
 
 // IAM role constants