@kitsy/cnos 1.10.0 → 1.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/build/index.cjs +331 -63
- package/dist/build/index.d.cts +1 -1
- package/dist/build/index.d.ts +1 -1
- package/dist/build/index.js +13 -15
- package/dist/{chunk-A5U7EZCJ.js → chunk-2DMCB3PK.js} +1 -1
- package/dist/{chunk-RTHKUGJV.js → chunk-5JGNRADB.js} +1 -1
- package/dist/{chunk-3EZGPQCE.js → chunk-DPC2BV3S.js} +1 -1
- package/dist/{chunk-FHXLOWAB.js → chunk-KJ57PF47.js} +1 -1
- package/dist/{chunk-ESBHCFC6.js → chunk-NU25VFA2.js} +1 -1
- package/dist/{chunk-UGLATJJD.js → chunk-RNTTPI5S.js} +1 -1
- package/dist/{chunk-UKNL2Y4N.js → chunk-T3E57MSQ.js} +1 -1
- package/dist/{chunk-CSA4L64V.js → chunk-V3USPV5U.js} +8 -8
- package/dist/{chunk-MQ4WG3K6.js → chunk-WPB4HB2K.js} +320 -49
- package/dist/{chunk-EIK7OUFP.js → chunk-X4PBPUKL.js} +157 -37
- package/dist/configure/index.cjs +329 -59
- package/dist/configure/index.d.cts +3 -3
- package/dist/configure/index.d.ts +3 -3
- package/dist/configure/index.js +8 -8
- package/dist/{core-Ud1o2MBn.d.cts → core-CGJObpyy.d.cts} +40 -2
- package/dist/{core-Ud1o2MBn.d.ts → core-CGJObpyy.d.ts} +40 -2
- package/dist/{envNaming-DxxqiGKN.d.cts → envNaming-DIaBgT6E.d.cts} +1 -1
- package/dist/{envNaming-CPwXl4I6.d.ts → envNaming-_WD9sLZI.d.ts} +1 -1
- package/dist/index.cjs +480 -91
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -10
- package/dist/internal.cjs +89 -23
- package/dist/internal.d.cts +3 -3
- package/dist/internal.d.ts +3 -3
- package/dist/internal.js +2 -2
- package/dist/plugin/basic-schema.cjs +4 -1
- package/dist/plugin/basic-schema.d.cts +1 -1
- package/dist/plugin/basic-schema.d.ts +1 -1
- package/dist/plugin/basic-schema.js +2 -2
- package/dist/plugin/cli-args.cjs +4 -1
- package/dist/plugin/cli-args.d.cts +1 -1
- package/dist/plugin/cli-args.d.ts +1 -1
- package/dist/plugin/cli-args.js +2 -2
- package/dist/plugin/dotenv.cjs +6 -3
- package/dist/plugin/dotenv.d.cts +2 -2
- package/dist/plugin/dotenv.d.ts +2 -2
- package/dist/plugin/dotenv.js +2 -2
- package/dist/plugin/env-export.cjs +5 -2
- package/dist/plugin/env-export.d.cts +2 -2
- package/dist/plugin/env-export.d.ts +2 -2
- package/dist/plugin/env-export.js +2 -2
- package/dist/plugin/filesystem.cjs +13 -10
- package/dist/plugin/filesystem.d.cts +1 -1
- package/dist/plugin/filesystem.d.ts +1 -1
- package/dist/plugin/filesystem.js +2 -2
- package/dist/plugin/process-env.cjs +4 -1
- package/dist/plugin/process-env.d.cts +2 -2
- package/dist/plugin/process-env.d.ts +2 -2
- package/dist/plugin/process-env.js +2 -2
- package/dist/runtime/index.cjs +480 -91
- package/dist/runtime/index.d.cts +13 -6
- package/dist/runtime/index.d.ts +13 -6
- package/dist/runtime/index.js +10 -10
- package/dist/{toPublicEnv-fUZMRUOz.d.cts → toPublicEnv-C3A8aLjo.d.cts} +1 -1
- package/dist/{toPublicEnv-C9wPSpRo.d.ts → toPublicEnv-DLNNcEso.d.ts} +1 -1
- package/package.json +1 -1
package/dist/configure/index.js
CHANGED
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createCnos,
|
|
3
3
|
defaultPlugins
|
|
4
|
-
} from "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
7
|
-
import "../chunk-
|
|
8
|
-
import "../chunk-
|
|
9
|
-
import "../chunk-
|
|
10
|
-
import "../chunk-
|
|
4
|
+
} from "../chunk-V3USPV5U.js";
|
|
5
|
+
import "../chunk-DPC2BV3S.js";
|
|
6
|
+
import "../chunk-5JGNRADB.js";
|
|
7
|
+
import "../chunk-NU25VFA2.js";
|
|
8
|
+
import "../chunk-RNTTPI5S.js";
|
|
9
|
+
import "../chunk-2DMCB3PK.js";
|
|
10
|
+
import "../chunk-KJ57PF47.js";
|
|
11
11
|
import {
|
|
12
12
|
planDump,
|
|
13
13
|
toEnv,
|
|
14
14
|
toPublicEnv,
|
|
15
15
|
writeDump
|
|
16
|
-
} from "../chunk-
|
|
16
|
+
} from "../chunk-WPB4HB2K.js";
|
|
17
17
|
export {
|
|
18
18
|
createCnos,
|
|
19
19
|
defaultPlugins,
|
|
@@ -87,6 +87,11 @@ interface VaultAuthDefinition {
|
|
|
87
87
|
token?: VaultAuthSourceConfig;
|
|
88
88
|
config?: Record<string, unknown>;
|
|
89
89
|
}
|
|
90
|
+
interface VaultFallbackDefinition {
|
|
91
|
+
provider: VaultProviderName;
|
|
92
|
+
auth?: VaultAuthDefinition;
|
|
93
|
+
mapping?: Record<string, string>;
|
|
94
|
+
}
|
|
90
95
|
interface NamespaceDefinition {
|
|
91
96
|
kind: NamespaceKind;
|
|
92
97
|
shareable: boolean;
|
|
@@ -98,6 +103,7 @@ interface VaultDefinition {
|
|
|
98
103
|
provider: VaultProviderName;
|
|
99
104
|
auth?: VaultAuthDefinition;
|
|
100
105
|
mapping?: Record<string, string>;
|
|
106
|
+
fallback?: VaultFallbackDefinition[];
|
|
101
107
|
}
|
|
102
108
|
interface ManifestFile {
|
|
103
109
|
version?: number;
|
|
@@ -280,10 +286,28 @@ interface ExporterPlugin extends CnosPlugin {
|
|
|
280
286
|
}
|
|
281
287
|
|
|
282
288
|
interface SecretReference {
|
|
283
|
-
provider
|
|
289
|
+
provider?: string;
|
|
284
290
|
ref: string;
|
|
285
291
|
vault?: string;
|
|
286
292
|
}
|
|
293
|
+
/** Auth metadata safe to serialize into server projections. */
|
|
294
|
+
interface ProjectedVaultAuthDefinition {
|
|
295
|
+
method?: VaultAuthConfig['method'];
|
|
296
|
+
passphrase?: {
|
|
297
|
+
from: string[];
|
|
298
|
+
};
|
|
299
|
+
token?: {
|
|
300
|
+
from: string[];
|
|
301
|
+
};
|
|
302
|
+
config?: Record<string, unknown>;
|
|
303
|
+
}
|
|
304
|
+
/** Vault metadata required by runtimes to hydrate projected secret refs. */
|
|
305
|
+
interface ProjectedVaultDefinition {
|
|
306
|
+
provider: string;
|
|
307
|
+
auth?: ProjectedVaultAuthDefinition;
|
|
308
|
+
mapping?: Record<string, string>;
|
|
309
|
+
fallback?: ProjectedVaultDefinition[];
|
|
310
|
+
}
|
|
287
311
|
interface VaultAuthConfig {
|
|
288
312
|
passphrase?: string;
|
|
289
313
|
token?: string;
|
|
@@ -302,6 +326,17 @@ interface SecretVaultProvider {
|
|
|
302
326
|
delete(ref: string): Promise<void>;
|
|
303
327
|
list(): Promise<string[]>;
|
|
304
328
|
}
|
|
329
|
+
/** Factory used by runtimes and provider packages to construct vault clients. */
|
|
330
|
+
interface SecretVaultProviderFactory {
|
|
331
|
+
readonly provider: string;
|
|
332
|
+
create(vaultId: string, definition: VaultDefinition, processEnv?: Record<string, string | undefined>): SecretVaultProvider;
|
|
333
|
+
}
|
|
334
|
+
interface RemoteSecretVaultProvider extends SecretVaultProvider {
|
|
335
|
+
healthCheck(): Promise<{
|
|
336
|
+
ok: boolean;
|
|
337
|
+
message?: string;
|
|
338
|
+
}>;
|
|
339
|
+
}
|
|
305
340
|
|
|
306
341
|
type LogicalKey = string;
|
|
307
342
|
type NamespaceName = string;
|
|
@@ -413,6 +448,8 @@ interface CnosCreateOptions {
|
|
|
413
448
|
plugins?: CnosPlugin[];
|
|
414
449
|
cliArgs?: string[];
|
|
415
450
|
processEnv?: Record<string, string | undefined>;
|
|
451
|
+
/** Additional secret vault provider factories, usually supplied by provider packages. */
|
|
452
|
+
secretVaultProviders?: SecretVaultProviderFactory[];
|
|
416
453
|
}
|
|
417
454
|
interface ToEnvOptions {
|
|
418
455
|
includeSecrets?: boolean;
|
|
@@ -477,6 +514,7 @@ interface ServerProjection {
|
|
|
477
514
|
secretRefs: Record<string, SecretReference & {
|
|
478
515
|
envVar?: string;
|
|
479
516
|
}>;
|
|
517
|
+
vaults?: Record<string, ProjectedVaultDefinition>;
|
|
480
518
|
publicKeys: string[];
|
|
481
519
|
runtimeNamespaces: string[];
|
|
482
520
|
meta: {
|
|
@@ -487,4 +525,4 @@ interface ServerProjection {
|
|
|
487
525
|
};
|
|
488
526
|
}
|
|
489
527
|
|
|
490
|
-
export type { CnosCreateOptions as C, DumpPlanOptions as D, ExporterPlugin as E, InspectResult as I, LoaderPlugin as L, ManifestFile as M, NormalizedManifest as N, ParsedDerivation as P, ResolvedGraph as R, ServerProjection as S, ToEnvOptions as T, ValidatorPlugin as V, WorkspaceRoot as W, ConfigEntry as a, LogicalKey as b, ToPublicEnvOptions as c, DumpPlan as d, DumpOptions as e, DumpResult as f, CnosRuntime as g, CnosPlugin as h, DerivedFormula as i, DerivedValue as j, ExprNode as k, RuntimeProvider as l, NamespaceName as m, LoadManifestOptions as n, LoadedManifest as o, NamespaceDefinition as p, VaultDefinition as q, VaultAuthConfig as r,
|
|
528
|
+
export type { RemoteSecretVaultProvider as A, CnosCreateOptions as C, DumpPlanOptions as D, ExporterPlugin as E, InspectResult as I, LoaderPlugin as L, ManifestFile as M, NormalizedManifest as N, ParsedDerivation as P, ResolvedGraph as R, ServerProjection as S, ToEnvOptions as T, ValidatorPlugin as V, WorkspaceRoot as W, ConfigEntry as a, LogicalKey as b, ToPublicEnvOptions as c, DumpPlan as d, DumpOptions as e, DumpResult as f, CnosRuntime as g, CnosPlugin as h, DerivedFormula as i, DerivedValue as j, ExprNode as k, RuntimeProvider as l, NamespaceName as m, LoadManifestOptions as n, LoadedManifest as o, NamespaceDefinition as p, VaultDefinition as q, VaultAuthConfig as r, SecretVaultProviderFactory as s, SecretVaultProvider as t, ResolvedRoot as u, RootResolution as v, SecretReference as w, ValidationSummary as x, ValidationIssue as y, WorkspaceFile as z };
|
|
@@ -87,6 +87,11 @@ interface VaultAuthDefinition {
|
|
|
87
87
|
token?: VaultAuthSourceConfig;
|
|
88
88
|
config?: Record<string, unknown>;
|
|
89
89
|
}
|
|
90
|
+
interface VaultFallbackDefinition {
|
|
91
|
+
provider: VaultProviderName;
|
|
92
|
+
auth?: VaultAuthDefinition;
|
|
93
|
+
mapping?: Record<string, string>;
|
|
94
|
+
}
|
|
90
95
|
interface NamespaceDefinition {
|
|
91
96
|
kind: NamespaceKind;
|
|
92
97
|
shareable: boolean;
|
|
@@ -98,6 +103,7 @@ interface VaultDefinition {
|
|
|
98
103
|
provider: VaultProviderName;
|
|
99
104
|
auth?: VaultAuthDefinition;
|
|
100
105
|
mapping?: Record<string, string>;
|
|
106
|
+
fallback?: VaultFallbackDefinition[];
|
|
101
107
|
}
|
|
102
108
|
interface ManifestFile {
|
|
103
109
|
version?: number;
|
|
@@ -280,10 +286,28 @@ interface ExporterPlugin extends CnosPlugin {
|
|
|
280
286
|
}
|
|
281
287
|
|
|
282
288
|
interface SecretReference {
|
|
283
|
-
provider
|
|
289
|
+
provider?: string;
|
|
284
290
|
ref: string;
|
|
285
291
|
vault?: string;
|
|
286
292
|
}
|
|
293
|
+
/** Auth metadata safe to serialize into server projections. */
|
|
294
|
+
interface ProjectedVaultAuthDefinition {
|
|
295
|
+
method?: VaultAuthConfig['method'];
|
|
296
|
+
passphrase?: {
|
|
297
|
+
from: string[];
|
|
298
|
+
};
|
|
299
|
+
token?: {
|
|
300
|
+
from: string[];
|
|
301
|
+
};
|
|
302
|
+
config?: Record<string, unknown>;
|
|
303
|
+
}
|
|
304
|
+
/** Vault metadata required by runtimes to hydrate projected secret refs. */
|
|
305
|
+
interface ProjectedVaultDefinition {
|
|
306
|
+
provider: string;
|
|
307
|
+
auth?: ProjectedVaultAuthDefinition;
|
|
308
|
+
mapping?: Record<string, string>;
|
|
309
|
+
fallback?: ProjectedVaultDefinition[];
|
|
310
|
+
}
|
|
287
311
|
interface VaultAuthConfig {
|
|
288
312
|
passphrase?: string;
|
|
289
313
|
token?: string;
|
|
@@ -302,6 +326,17 @@ interface SecretVaultProvider {
|
|
|
302
326
|
delete(ref: string): Promise<void>;
|
|
303
327
|
list(): Promise<string[]>;
|
|
304
328
|
}
|
|
329
|
+
/** Factory used by runtimes and provider packages to construct vault clients. */
|
|
330
|
+
interface SecretVaultProviderFactory {
|
|
331
|
+
readonly provider: string;
|
|
332
|
+
create(vaultId: string, definition: VaultDefinition, processEnv?: Record<string, string | undefined>): SecretVaultProvider;
|
|
333
|
+
}
|
|
334
|
+
interface RemoteSecretVaultProvider extends SecretVaultProvider {
|
|
335
|
+
healthCheck(): Promise<{
|
|
336
|
+
ok: boolean;
|
|
337
|
+
message?: string;
|
|
338
|
+
}>;
|
|
339
|
+
}
|
|
305
340
|
|
|
306
341
|
type LogicalKey = string;
|
|
307
342
|
type NamespaceName = string;
|
|
@@ -413,6 +448,8 @@ interface CnosCreateOptions {
|
|
|
413
448
|
plugins?: CnosPlugin[];
|
|
414
449
|
cliArgs?: string[];
|
|
415
450
|
processEnv?: Record<string, string | undefined>;
|
|
451
|
+
/** Additional secret vault provider factories, usually supplied by provider packages. */
|
|
452
|
+
secretVaultProviders?: SecretVaultProviderFactory[];
|
|
416
453
|
}
|
|
417
454
|
interface ToEnvOptions {
|
|
418
455
|
includeSecrets?: boolean;
|
|
@@ -477,6 +514,7 @@ interface ServerProjection {
|
|
|
477
514
|
secretRefs: Record<string, SecretReference & {
|
|
478
515
|
envVar?: string;
|
|
479
516
|
}>;
|
|
517
|
+
vaults?: Record<string, ProjectedVaultDefinition>;
|
|
480
518
|
publicKeys: string[];
|
|
481
519
|
runtimeNamespaces: string[];
|
|
482
520
|
meta: {
|
|
@@ -487,4 +525,4 @@ interface ServerProjection {
|
|
|
487
525
|
};
|
|
488
526
|
}
|
|
489
527
|
|
|
490
|
-
export type { CnosCreateOptions as C, DumpPlanOptions as D, ExporterPlugin as E, InspectResult as I, LoaderPlugin as L, ManifestFile as M, NormalizedManifest as N, ParsedDerivation as P, ResolvedGraph as R, ServerProjection as S, ToEnvOptions as T, ValidatorPlugin as V, WorkspaceRoot as W, ConfigEntry as a, LogicalKey as b, ToPublicEnvOptions as c, DumpPlan as d, DumpOptions as e, DumpResult as f, CnosRuntime as g, CnosPlugin as h, DerivedFormula as i, DerivedValue as j, ExprNode as k, RuntimeProvider as l, NamespaceName as m, LoadManifestOptions as n, LoadedManifest as o, NamespaceDefinition as p, VaultDefinition as q, VaultAuthConfig as r,
|
|
528
|
+
export type { RemoteSecretVaultProvider as A, CnosCreateOptions as C, DumpPlanOptions as D, ExporterPlugin as E, InspectResult as I, LoaderPlugin as L, ManifestFile as M, NormalizedManifest as N, ParsedDerivation as P, ResolvedGraph as R, ServerProjection as S, ToEnvOptions as T, ValidatorPlugin as V, WorkspaceRoot as W, ConfigEntry as a, LogicalKey as b, ToPublicEnvOptions as c, DumpPlan as d, DumpOptions as e, DumpResult as f, CnosRuntime as g, CnosPlugin as h, DerivedFormula as i, DerivedValue as j, ExprNode as k, RuntimeProvider as l, NamespaceName as m, LoadManifestOptions as n, LoadedManifest as o, NamespaceDefinition as p, VaultDefinition as q, VaultAuthConfig as r, SecretVaultProviderFactory as s, SecretVaultProvider as t, ResolvedRoot as u, RootResolution as v, SecretReference as w, ValidationSummary as x, ValidationIssue as y, WorkspaceFile as z };
|