@layr-labs/ecloud-sdk 1.0.0-devep5 → 1.0.0-devep6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/VERSION +2 -2
  2. package/dist/browser.cjs +1 -1
  3. package/dist/browser.js +1 -1
  4. package/dist/compute.cjs +21 -61
  5. package/dist/compute.cjs.map +1 -1
  6. package/dist/compute.js +21 -61
  7. package/dist/compute.js.map +1 -1
  8. package/dist/index.cjs +21 -61
  9. package/dist/index.cjs.map +1 -1
  10. package/dist/index.js +21 -61
  11. package/dist/index.js.map +1 -1
  12. package/package.json +1 -1
package/VERSION CHANGED
@@ -1,2 +1,2 @@
1
- version=1.0.0-devep5
2
- commit=8c8210ee1e833160b553cf2c9549908f55a0a88c
1
+ version=1.0.0-devep6
2
+ commit=c4598644993dd4f7eac47847d2ffb1f699240dbc
package/dist/browser.cjs CHANGED
@@ -749,7 +749,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
749
749
  var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
750
750
  var CanUpdateAppProfilePermission = "0x036fef61";
751
751
  function getDefaultClientId() {
752
- const version = true ? "1.0.0-devep5" : "0.0.0";
752
+ const version = true ? "1.0.0-devep6" : "0.0.0";
753
753
  return `ecloud-sdk/v${version}`;
754
754
  }
755
755
  var UserApiClient = class {
package/dist/browser.js CHANGED
@@ -638,7 +638,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
638
638
  var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
639
639
  var CanUpdateAppProfilePermission = "0x036fef61";
640
640
  function getDefaultClientId() {
641
- const version = true ? "1.0.0-devep5" : "0.0.0";
641
+ const version = true ? "1.0.0-devep6" : "0.0.0";
642
642
  return `ecloud-sdk/v${version}`;
643
643
  }
644
644
  var UserApiClient = class {
package/dist/compute.cjs CHANGED
@@ -627,45 +627,6 @@ else
627
627
  exit 1
628
628
  fi
629
629
 
630
- # dns_points_here returns 0 if $1 resolves (A record) to our external
631
- # IPv4. Used to gate ACME on DNS being wired before we start burning
632
- # Let's Encrypt's 5-cert-per-domain-per-week rate limit. Returns 1 on
633
- # any failure (tool missing, lookup error, mismatch) so callers treat
634
- # "I can't tell" the same as "not ready yet".
635
- dns_points_here() {
636
- local host="$1"
637
- local external_ip
638
- # GCE metadata is always reachable from a VM on GCE. The
639
- # alternative (dig OPT CHAOS to an upstream) adds a dependency;
640
- # the metadata server is already a hard prereq for KMS auth above.
641
- external_ip="$(curl -fsS -H 'Metadata-Flavor: Google' \\
642
- 'http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip' 2>/dev/null || true)"
643
- if [ -z "$external_ip" ]; then
644
- echo "compute-source-env.sh: DNS precheck for $host skipped: no external IP from metadata"
645
- return 1
646
- fi
647
- local resolved
648
- if command -v getent >/dev/null 2>&1; then
649
- resolved="$(getent ahostsv4 "$host" 2>/dev/null | awk 'NR==1{print $1}')"
650
- elif command -v host >/dev/null 2>&1; then
651
- resolved="$(host -t A "$host" 2>/dev/null | awk '/has address/{print $4; exit}')"
652
- elif command -v dig >/dev/null 2>&1; then
653
- resolved="$(dig +short A "$host" 2>/dev/null | awk 'NR==1{print}')"
654
- else
655
- echo "compute-source-env.sh: DNS precheck for $host skipped: no resolver tool available"
656
- return 1
657
- fi
658
- if [ -z "$resolved" ]; then
659
- echo "compute-source-env.sh: DNS precheck: $host has no A record yet"
660
- return 1
661
- fi
662
- if [ "$resolved" != "$external_ip" ]; then
663
- echo "compute-source-env.sh: DNS precheck: $host resolves to $resolved but this VM is $external_ip"
664
- return 1
665
- fi
666
- return 0
667
- }
668
-
669
630
  # issue_cert_for runs tls-keygen for a single hostname and copies the
670
631
  # produced fullchain/privkey into $1's output directory ($2). Returns
671
632
  # 0 on success, non-zero on any failure (caller decides whether that's
@@ -697,9 +658,16 @@ issue_cert_for() {
697
658
  # - ECLOUD_PLATFORM_HOST (platform-routed <addr>.<env>.eigencloud.xyz),
698
659
  # when the CLI/platform has set it
699
660
  # - DOMAIN (user-supplied custom domain), when set and non-localhost
700
- # Both hostnames are gated on DNS already pointing at this VM so we
701
- # don't burn Let's Encrypt rate limits on apps whose routing isn't
702
- # wired up yet (prewarm/migration window).
661
+ #
662
+ # No client-side DNS precheck. Earlier versions tried to gate ACME on
663
+ # "does this hostname resolve to my external IP" but that's wrong for
664
+ # the platform-routing model (DNS points at the shared nginx NLB, not
665
+ # the VM) and was preventing cert issuance on the production path.
666
+ # tls-client (eigencompute-containers/tls-client) does its own DNS
667
+ # poll before calling ACME and surfaces a clear error when challenges
668
+ # can't reach the VM, which is the right place for that check \u2014
669
+ # attempting it here from inside the VM cannot tell platform-routed
670
+ # from compute-tee-routed apps.
703
671
  setup_tls() {
704
672
  # If tls-keygen isn't present, TLS wasn't configured during build
705
673
  if [ ! -x /usr/local/bin/tls-keygen ]; then
@@ -758,30 +726,22 @@ setup_tls() {
758
726
  local certs_issued=0
759
727
 
760
728
  if [ -n "$platform_host" ]; then
761
- if dns_points_here "$platform_host"; then
762
- if issue_cert_for "$platform_host" "/run/tls/platform" "$mnemonic" "$challenge" "$staging_flag"; then
763
- certs_issued=$((certs_issued + 1))
764
- else
765
- echo "compute-source-env.sh: ERROR - failed to issue cert for platform host $platform_host"
766
- echo "ECLOUD_FAIL tls_setup"
767
- exit 1
768
- fi
729
+ if issue_cert_for "$platform_host" "/run/tls/platform" "$mnemonic" "$challenge" "$staging_flag"; then
730
+ certs_issued=$((certs_issued + 1))
769
731
  else
770
- echo "compute-source-env.sh: skipping platform cert for $platform_host \u2014 DNS not pointing here yet"
732
+ echo "compute-source-env.sh: ERROR - failed to issue cert for platform host $platform_host"
733
+ echo "ECLOUD_FAIL tls_setup"
734
+ exit 1
771
735
  fi
772
736
  fi
773
737
 
774
738
  if [ -n "$user_domain" ]; then
775
- if dns_points_here "$user_domain"; then
776
- if issue_cert_for "$user_domain" "/run/tls/domain" "$mnemonic" "$challenge" "$staging_flag"; then
777
- certs_issued=$((certs_issued + 1))
778
- else
779
- echo "compute-source-env.sh: ERROR - failed to issue cert for user domain $user_domain"
780
- echo "ECLOUD_FAIL tls_setup"
781
- exit 1
782
- fi
739
+ if issue_cert_for "$user_domain" "/run/tls/domain" "$mnemonic" "$challenge" "$staging_flag"; then
740
+ certs_issued=$((certs_issued + 1))
783
741
  else
784
- echo "compute-source-env.sh: skipping user-domain cert for $user_domain \u2014 DNS not pointing here yet"
742
+ echo "compute-source-env.sh: ERROR - failed to issue cert for user domain $user_domain"
743
+ echo "ECLOUD_FAIL tls_setup"
744
+ exit 1
785
745
  fi
786
746
  fi
787
747
 
@@ -5234,7 +5194,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
5234
5194
  var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
5235
5195
  var CanUpdateAppProfilePermission = "0x036fef61";
5236
5196
  function getDefaultClientId() {
5237
- const version = true ? "1.0.0-devep5" : "0.0.0";
5197
+ const version = true ? "1.0.0-devep6" : "0.0.0";
5238
5198
  return `ecloud-sdk/v${version}`;
5239
5199
  }
5240
5200
  var UserApiClient = class {