@intentius/chant-lexicon-k8s 0.0.12

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@intentius/chant-lexicon-k8s",
+  "version": "0.0.12",
+  "license": "Apache-2.0",
+  "type": "module",
+  "files": ["src/", "dist/"],
+  "publishConfig": {
+  "access": "public"
+},
+"exports": {
+  ".": "./src/index.ts",
+  "./*": "./src/*",
+  "./manifest": "./dist/manifest.json",
+  "./meta": "./dist/meta.json",
+  "./types": "./dist/types/index.d.ts"
+},
+"scripts": {
+  "generate": "bun run src/codegen/generate-cli.ts",
+  "bundle": "bun run src/package-cli.ts",
+  "validate": "bun run src/validate-cli.ts",
+  "docs": "bun run src/codegen/docs-cli.ts",
+  "prepack": "bun run generate && bun run bundle && bun run validate"
+},
+"dependencies": {
+  "@intentius/chant": "0.0.11"
+},
+"devDependencies": {
+  "typescript": "^5.9.3"
+}
+}

package/src/actions/actions.test.ts

@@ -0,0 +1,83 @@
+import { describe, test, expect } from "bun:test";
+import * as core from "./core";
+import * as apps from "./apps";
+import * as batch from "./batch";
+import * as networking from "./networking";
+import * as rbac from "./rbac";
+
+const VALID_K8S_VERBS = new Set([
+  "get",
+  "list",
+  "watch",
+  "create",
+  "update",
+  "patch",
+  "delete",
+  "deletecollection",
+  "impersonate",
+]);
+
+const allConstants: Record<string, Record<string, string>> = {
+  StandardVerbs: core.StandardVerbs,
+  PodActions: core.PodActions,
+  ServiceActions: core.ServiceActions,
+  ConfigMapActions: core.ConfigMapActions,
+  SecretActions: core.SecretActions,
+  NamespaceActions: core.NamespaceActions,
+  ServiceAccountActions: core.ServiceAccountActions,
+  PersistentVolumeActions: core.PersistentVolumeActions,
+  PersistentVolumeClaimActions: core.PersistentVolumeClaimActions,
+  NodeActions: core.NodeActions,
+  EventActions: core.EventActions,
+  ResourceQuotaActions: core.ResourceQuotaActions,
+  LimitRangeActions: core.LimitRangeActions,
+  EndpointsActions: core.EndpointsActions,
+  DeploymentActions: apps.DeploymentActions,
+  StatefulSetActions: apps.StatefulSetActions,
+  DaemonSetActions: apps.DaemonSetActions,
+  ReplicaSetActions: apps.ReplicaSetActions,
+  JobActions: batch.JobActions,
+  CronJobActions: batch.CronJobActions,
+  IngressActions: networking.IngressActions,
+  IngressClassActions: networking.IngressClassActions,
+  NetworkPolicyActions: networking.NetworkPolicyActions,
+  RoleActions: rbac.RoleActions,
+  ClusterRoleActions: rbac.ClusterRoleActions,
+  RoleBindingActions: rbac.RoleBindingActions,
+  ClusterRoleBindingActions: rbac.ClusterRoleBindingActions,
+};
+
+describe("action constants", () => {
+  for (const [name, constant] of Object.entries(allConstants)) {
+    test(`${name} is a non-empty object`, () => {
+      expect(typeof constant).toBe("object");
+      expect(Object.keys(constant).length).toBeGreaterThan(0);
+    });
+
+    test(`${name} has valid K8s RBAC verbs`, () => {
+      for (const [key, verb] of Object.entries(constant)) {
+        expect(VALID_K8S_VERBS.has(verb)).toBe(true);
+      }
+    });
+
+    test(`${name} has no duplicate verb values`, () => {
+      const values = Object.values(constant);
+      // Note: duplicate verb values are OK (e.g., exec: "create" reuses "create")
+      // We check for duplicate keys instead
+      const keys = Object.keys(constant);
+      expect(new Set(keys).size).toBe(keys.length);
+    });
+  }
+
+  test("StandardVerbs is a subset of PodActions", () => {
+    for (const key of Object.keys(core.StandardVerbs)) {
+      expect(key in core.PodActions).toBe(true);
+    }
+  });
+
+  test("StandardVerbs is a subset of DeploymentActions", () => {
+    for (const key of Object.keys(core.StandardVerbs)) {
+      expect(key in apps.DeploymentActions).toBe(true);
+    }
+  });
+});

package/src/actions/apps.ts

@@ -0,0 +1,23 @@
+/**
+ * RBAC verb constants for apps API group resources.
+ */
+
+import { StandardVerbs } from "./core";
+
+export const DeploymentActions = {
+  ...StandardVerbs,
+  rollback: "create", // deployments/rollback subresource
+  scale: "update", // deployments/scale subresource
+} as const;
+
+export const StatefulSetActions = {
+  ...StandardVerbs,
+  scale: "update",
+} as const;
+
+export const DaemonSetActions = { ...StandardVerbs } as const;
+
+export const ReplicaSetActions = {
+  ...StandardVerbs,
+  scale: "update",
+} as const;

package/src/actions/batch.ts

@@ -0,0 +1,9 @@
+/**
+ * RBAC verb constants for batch API group resources.
+ */
+
+import { StandardVerbs } from "./core";
+
+export const JobActions = { ...StandardVerbs } as const;
+
+export const CronJobActions = { ...StandardVerbs } as const;

package/src/actions/core.ts

@@ -0,0 +1,62 @@
+/**
+ * RBAC verb constants for core API group resources.
+ */
+
+/** Standard RBAC verbs applicable to most resources. */
+export const StandardVerbs = {
+  get: "get",
+  list: "list",
+  watch: "watch",
+  create: "create",
+  update: "update",
+  patch: "patch",
+  delete: "delete",
+} as const;
+
+export const PodActions = {
+  ...StandardVerbs,
+  exec: "create", // pods/exec subresource
+  portForward: "create", // pods/portforward subresource
+  log: "get", // pods/log subresource
+} as const;
+
+export const ServiceActions = {
+  ...StandardVerbs,
+  proxy: "create",
+} as const;
+
+export const ConfigMapActions = { ...StandardVerbs } as const;
+
+export const SecretActions = { ...StandardVerbs } as const;
+
+export const NamespaceActions = { ...StandardVerbs } as const;
+
+export const ServiceAccountActions = {
+  ...StandardVerbs,
+  impersonate: "impersonate",
+} as const;
+
+export const PersistentVolumeActions = { ...StandardVerbs } as const;
+
+export const PersistentVolumeClaimActions = { ...StandardVerbs } as const;
+
+export const NodeActions = {
+  get: "get",
+  list: "list",
+  watch: "watch",
+  update: "update",
+  patch: "patch",
+} as const;
+
+export const EventActions = {
+  get: "get",
+  list: "list",
+  watch: "watch",
+  create: "create",
+} as const;
+
+export const ResourceQuotaActions = { ...StandardVerbs } as const;
+
+export const LimitRangeActions = { ...StandardVerbs } as const;
+
+export const EndpointsActions = { ...StandardVerbs } as const;

package/src/actions/index.ts

@@ -0,0 +1,50 @@
+/**
+ * Kubernetes RBAC verb constants — organized by API group.
+ */
+
+// Core
+export {
+  StandardVerbs,
+  PodActions,
+  ServiceActions,
+  ConfigMapActions,
+  SecretActions,
+  NamespaceActions,
+  ServiceAccountActions,
+  PersistentVolumeActions,
+  PersistentVolumeClaimActions,
+  NodeActions,
+  EventActions,
+  ResourceQuotaActions,
+  LimitRangeActions,
+  EndpointsActions,
+} from "./core";
+
+// Apps
+export {
+  DeploymentActions,
+  StatefulSetActions,
+  DaemonSetActions,
+  ReplicaSetActions,
+} from "./apps";
+
+// RBAC
+export {
+  RoleActions,
+  ClusterRoleActions,
+  RoleBindingActions,
+  ClusterRoleBindingActions,
+} from "./rbac";
+
+// Batch
+export {
+  JobActions,
+  CronJobActions,
+} from "./batch";
+
+// Networking
+export {
+  IngressActions,
+  IngressClassActions,
+  NetworkPolicyActions,
+} from "./networking";

package/src/actions/networking.ts

@@ -0,0 +1,15 @@
+/**
+ * RBAC verb constants for networking.k8s.io API group resources.
+ */
+
+import { StandardVerbs } from "./core";
+
+export const IngressActions = { ...StandardVerbs } as const;
+
+export const IngressClassActions = {
+  get: "get",
+  list: "list",
+  watch: "watch",
+} as const;
+
+export const NetworkPolicyActions = { ...StandardVerbs } as const;

package/src/actions/rbac.ts

@@ -0,0 +1,13 @@
+/**
+ * RBAC verb constants for rbac.authorization.k8s.io API group.
+ */
+
+import { StandardVerbs } from "./core";
+
+export const RoleActions = { ...StandardVerbs } as const;
+
+export const ClusterRoleActions = { ...StandardVerbs } as const;
+
+export const RoleBindingActions = { ...StandardVerbs } as const;
+
+export const ClusterRoleBindingActions = { ...StandardVerbs } as const;

package/src/codegen/docs-cli.ts

@@ -0,0 +1,3 @@
+import { generateDocs } from "./docs";
+
+await generateDocs({ verbose: true });