pepr 0.1.24 → 0.1.26

package/dist/pepr-cli.js

@@ -13,12 +13,12 @@ var zlib = require('zlib');
 var forge = require('node-forge');
 var prompt = require('prompts');
 var child_process = require('child_process');
+var chokidar = require('chokidar');
 var util = require('util');
 var uuid = require('uuid');
 var commander = require('commander');
-var chokidar = require('chokidar');
 
-var version = "0.1.24";
+var version = "0.1.26";
 
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
@@ -806,9 +806,9 @@ function dev (program) {
             process.exit(0);
         }
         // Build the module
-        const { cfg, path } = await buildModule(opts.dir);
+        const { cfg, path: path$1 } = await buildModule(opts.dir);
         // Read the compiled module code
-        const code = await fs.promises.readFile(path, { encoding: "utf-8" });
+        const code = await fs.promises.readFile(path$1, { encoding: "utf-8" });
         // Generate a secret for the module
         const webhook = new Webhook({
             ...cfg.pepr,
@@ -820,6 +820,25 @@ function dev (program) {
         try {
             await webhook.deploy(code);
             types.logger.info(`Module deployed successfully`);
+            const moduleFiles = path.resolve(opts.dir, "**", "*.ts");
+            const watcher = chokidar.watch(moduleFiles);
+            const peprTS = path.resolve(opts.dir, "pepr.ts");
+            let program;
+            // Run the module once to start the server
+            runDev(peprTS);
+            // Watch for changes
+            watcher.on("ready", () => {
+                types.logger.info(`Watching for changes in ${moduleFiles}`);
+                watcher.on("all", async (event, path) => {
+                    types.logger.debug({ event, path }, "File changed");
+                    // Kill the running process
+                    if (program) {
+                        program.kill("SIGKILL");
+                    }
+                    // Start the process again
+                    program = runDev(peprTS);
+                });
+            });
         }
         catch (e) {
             types.logger.error(`Error deploying module: ${e}`);
@@ -827,6 +846,28 @@ function dev (program) {
         }
     });
 }
+function runDev(path) {
+    try {
+        const program = child_process.spawn("./node_modules/.bin/ts-node", [path], {
+            env: {
+                ...process.env,
+                SSL_KEY_PATH: "insecure-tls.key",
+                SSL_CERT_PATH: "insecure-tls.crt",
+            },
+        });
+        program.stdout.on("data", data => console.log(data.toString()));
+        program.stderr.on("data", data => console.error(data.toString()));
+        program.on("close", code => {
+            types.logger.info(`Process exited with code ${code}`);
+        });
+        return program;
+    }
+    catch (e) {
+        types.logger.debug(e);
+        types.logger.error(`Error running module: ${e}`);
+        process.exit(1);
+    }
+}
 
 // SPDX-License-Identifier: Apache-2.0
 /**
@@ -883,28 +924,18 @@ function genPeprTS() {
         path: "pepr.ts",
         data: `import { PeprModule } from "pepr";
 import cfg from "./package.json";
-// import { HelloPepr } from "./capabilities/hello-pepr";
-
-// This initializes the Pepr module with the configuration from package.json
-export const { ProcessRequest, Register } = new PeprModule(cfg);
+import { HelloPepr } from "./capabilities/hello-pepr";
 
 /**
- * Each Pepr Capability is registered with the module using the Register function.
- * This will be automatically generated by the Pepr CLI when creating a new capability:
- * \`pepr new <capability name>\`
- *
- * Example:
- * import { Capability1 } from "./capabilities/capability1";
- * import { Capability2  } from "./capabilities/capability2";
- *
- * Capability1(Register);
- * Capability2(Register);
- *
- * Uncomment the line below and the import above to use the hello-pepr demo capability
+ * This is the main entrypoint for the Pepr module. It is the file that is run when the module is started.
+ * This is where you register your configurations and capabilities with the module.
  */
+new PeprModule(cfg, [
+  // "HelloPepr" is a demo capability that is included with Pepr. You can remove it if you want.
+  HelloPepr,
 
-// HelloPepr(Register);
-    
+  // Your additional capabilities go here
+]);    
 `,
     };
 }
@@ -1009,14 +1040,15 @@ const capabilityHelloPeprTS = {
     path: "hello-pepr.ts",
     data: `import { Capability, a } from "pepr";
 
-const { Register, When } = new Capability({
+export const HelloPepr = new Capability({
   name: "hello-pepr",
   description: "A simple example capability to show how things work.",
   namespaces: ["pepr-demo"],
 });
 
-export { Register as HelloPepr };
-
+// Use the 'When' function to create a new Capability Action
+const { When } = HelloPepr;
+  
 /**
  * This is a single Capability Action. They can be in the same file or put imported from other files.
  * In this exmaple, when a ConfigMap is created with the name \`example-1\`, then add a label and annotation.
@@ -1079,27 +1111,26 @@ When(a.ConfigMap)
 const capabilitySnippet = {
     path: "pepr.code-snippets",
     data: `{
-    "Create a new Pepr capability": {
-      "prefix": "create pepr capability",
-      "body": [
-        "import { Capability, a } from 'pepr';",
-        "",
-        "const { Register, When } = new Capability({",
-        "\tname: '$\{TM_FILENAME_BASE}',",
-        "\tdescription: '$\{1:A brief description of this capability.}',",
-        "\tnamespaces: [$\{2:}],",
-        "});",
-        "",
-        "// Export the capability so it can be imported in the pepr.ts file.",
-        "export { Register as $\{TM_FILENAME_BASE/(.*)/$\{1:/pascalcase}/} };",
-        "",
-        "// When(a.<Kind>).Is<Event>().Then(change => change.<changes>",
-        "When($\{3:})"
-      ],
-      "description": "Creates a new Pepr capability with a specified description, and optional namespaces, and adds a When statement for the specified value."
-    }
+  "Create a new Pepr capability": {
+    "prefix": "create pepr capability",
+    "body": [
+      "import { Capability, a } from 'pepr';",
+      "",
+      "export const $\{TM_FILENAME_BASE/(.*)/$\{1:/pascalcase}/} = new Capability({",
+      "\tname: '$\{TM_FILENAME_BASE}',",
+      "\tdescription: '$\{1:A brief description of this capability.}',",
+      "\tnamespaces: [$\{2:}],",
+      "});",
+      "",
+      "// Use the 'When' function to create a new Capability Action",
+      "const { When } = $\{TM_FILENAME_BASE/(.*)/$\{1:/pascalcase}/};",
+      "",
+      "// When(a.<Kind>).Is<Event>().Then(change => change.<changes>",
+      "When($\{3:})"
+    ],
+    "description": "Creates a new Pepr capability with a specified description, and optional namespaces, and adds a When statement for the specified value."
   }
-  `,
+}`,
 };
 
 // SPDX-License-Identifier: Apache-2.0

package/dist/pepr-core.js

@@ -4,6 +4,9 @@
 var dist = require('@kubernetes/client-node/dist');
 var types = require('./types-1709b44f.js');
 var R = require('ramda');
+var express = require('express');
+var fs = require('fs');
+var https = require('https');
 var fastJsonPatch = require('fast-json-patch');
 
 function _interopNamespaceDefault(e) {
@@ -535,13 +538,6 @@ class Capability {
         // Currently everything is considered a mutation
         this._mutateOrValidate = types.HookPhase.mutate;
         this._bindings = [];
-        /**
-         * The Register method is used to register a capability with the Pepr runtime. This method is
-         * called in the order that the capabilities should be executed.
-         *
-         * @param callback the state register method to call, passing the capability as an argument
-         */
-        this.Register = (register) => register(this);
         /**
          * The When method is used to register a capability action to be executed when a Kubernetes resource is
          * processed by Pepr. The action will be executed if the resource matches the specified kind and any
@@ -640,19 +636,16 @@ function shouldSkipRequest(binding, req) {
     const { namespaces, labels, annotations } = binding.filters;
     const { metadata } = req.object;
     if (kind !== req.kind.kind) {
-        types.logger.debug(`${req.kind.kind} does not match ${kind}`);
         return true;
     }
     if (group && group !== req.kind.group) {
-        types.logger.debug(`${req.kind.group} does not match ${group}`);
         return true;
     }
     if (version && version !== req.kind.version) {
-        types.logger.debug(`${req.kind.version} does not match ${version}`);
         return true;
     }
     if (namespaces.length && !namespaces.includes(req.namespace || "")) {
-        types.logger.debug(`${req.namespace} is not in ${namespaces}`);
+        types.logger.debug("Namespace does not match");
         return true;
     }
     for (const [key, value] of Object.entries(labels)) {
@@ -848,38 +841,106 @@ function processor(config, capabilities, req) {
     return response;
 }
 
+// SPDX-License-Identifier: Apache-2.0
+// Load SSL certificate and key
+const options = {
+    key: fs.readFileSync(process.env.SSL_KEY_PATH || "/etc/certs/tls.key"),
+    cert: fs.readFileSync(process.env.SSL_CERT_PATH || "/etc/certs/tls.crt"),
+};
+class Controller {
+    constructor(config, capabilities) {
+        this.config = config;
+        this.capabilities = capabilities;
+        this.app = express();
+        /** Start the webhook server */
+        this.startServer = (port) => {
+            // Create HTTPS server
+            https.createServer(options, this.app).listen(port, () => {
+                console.log(`Server listening on port ${port}`);
+            });
+        };
+        this.logger = (req, res, next) => {
+            const startTime = Date.now();
+            res.on("finish", () => {
+                const now = new Date().toISOString();
+                const elapsedTime = Date.now() - startTime;
+                const message = `[${now}] ${req.method} ${req.originalUrl} - ${res.statusCode} - ${elapsedTime} ms\n`;
+                res.statusCode >= 400 ? console.error(message) : console.info(message);
+            });
+            next();
+        };
+        this.healthz = (req, res) => {
+            try {
+                res.send("OK");
+            }
+            catch (err) {
+                console.error(err);
+                res.status(500).send("Internal Server Error");
+            }
+        };
+        this.mutate = (req, res) => {
+            try {
+                const name = req.body?.request?.name || "";
+                const namespace = req.body?.request?.namespace || "";
+                const gvk = req.body?.request?.kind || { group: "", version: "", kind: "" };
+                console.log(`Mutate request: ${gvk.group}/${gvk.version}/${gvk.kind}`);
+                name && console.log(`                ${namespace}/${name}\n`);
+                // @todo: make this actually do something
+                const response = processor(this.config, this.capabilities, req.body.request);
+                console.debug(response);
+                // Send a no prob bob response
+                res.send({
+                    apiVersion: "admission.k8s.io/v1",
+                    kind: "AdmissionReview",
+                    response: {
+                        uid: req.body.request.uid,
+                        allowed: true,
+                    },
+                });
+            }
+            catch (err) {
+                console.error(err);
+                res.status(500).send("Internal Server Error");
+            }
+        };
+        // Middleware for logging requests
+        this.app.use(this.logger);
+        // Middleware for parsing JSON
+        this.app.use(express.json());
+        // Health check endpoint
+        this.app.get("/healthz", this.healthz);
+        // Mutate endpoint
+        this.app.post("/mutate", this.mutate);
+    }
+}
+
 // SPDX-License-Identifier: Apache-2.0
 const alwaysIgnore = {
     namespaces: ["kube-system", "pepr-system"],
     labels: [{ "pepr.dev": "ignore" }],
 };
 class PeprModule {
-    get kinds() {
-        return this._kinds;
-    }
-    get UUID() {
-        return this._config.uuid;
-    }
     /**
      * Create a new Pepr runtime
      *
      * @param config The configuration for the Pepr runtime
      */
-    constructor({ description, pepr }) {
-        this._state = [];
-        this._kinds = [];
-        this.Register = (capability) => {
-            types.logger.info(`Registering capability ${capability.name}`);
-            // Add the kinds to the list of kinds (ignoring duplicates for now)
-            this._kinds = capability.bindings.map(({ kind }) => kind);
-            // Add the capability to the state
-            this._state.push(capability);
-        };
-        this.ProcessRequest = (req) => {
-            return processor(this._config, this._state, req);
-        };
-        pepr.description = description;
-        this._config = R.mergeDeepWith(R.concat, pepr, alwaysIgnore);
+    constructor({ description, pepr }, capabilities = [], deferStart = false) {
+        const config = R.mergeDeepWith(R.concat, pepr, alwaysIgnore);
+        config.description = description;
+        this._controller = new Controller(config, capabilities);
+        if (!deferStart) {
+            this.start();
+        }
+    }
+    /**
+     * Start the Pepr runtime manually.
+     * Normally this is called automatically when the Pepr module is instantiated, but can be called manually if `deferStart` is set to `true` in the constructor.
+     *
+     * @param port
+     */
+    start(port = 3000) {
+        this._controller.startServer(port);
     }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pepr",
-  "version": "0.1.24",
+  "version": "0.1.26",
   "description": "Kubernetes application engine",
   "author": "Defense Unicorns",
   "homepage": "https://github.com/defenseunicorns/pepr",
@@ -22,6 +22,7 @@
     }
   },
   "scripts": {
+    "preversion": "npm run prepublishOnly",
     "build": "rollup -c",
     "test": "ava",
     "lint": "npx eslint src",
@@ -40,7 +41,6 @@
     "@rollup/plugin-node-resolve": "^15.0.1",
     "@rollup/plugin-typescript": "^11.0.0",
     "@types/ramda": "^0.28.23",
-    "body-parser": "^1.20.2",
     "chokidar": "^3.5.3",
     "commander": "^10.0.0",
     "express": "^4.18.2",

package/src/lib/capability.ts

@@ -58,14 +58,6 @@ export class Capability implements CapabilityCfg {
     logger.debug(cfg);
   }
 
-  /**
-   * The Register method is used to register a capability with the Pepr runtime. This method is
-   * called in the order that the capabilities should be executed.
-   *
-   * @param callback the state register method to call, passing the capability as an argument
-   */
-  Register = (register: (capability: Capability) => void) => register(this);
-
   /**
    * The When method is used to register a capability action to be executed when a Kubernetes resource is
    * processed by Pepr. The action will be executed if the resource matches the specified kind and any

package/src/lib/controller.ts

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import express from "express";
+import fs from "fs";
+import https from "https";
+import { ModuleConfig } from "./types";
+import { Capability } from "./capability";
+import { processor } from "./processor";
+
+// Load SSL certificate and key
+const options = {
+  key: fs.readFileSync(process.env.SSL_KEY_PATH || "/etc/certs/tls.key"),
+  cert: fs.readFileSync(process.env.SSL_CERT_PATH || "/etc/certs/tls.crt"),
+};
+
+export class Controller {
+  private readonly app = express();
+
+  constructor(private readonly config: ModuleConfig, private readonly capabilities: Capability[]) {
+    // Middleware for logging requests
+    this.app.use(this.logger);
+
+    // Middleware for parsing JSON
+    this.app.use(express.json());
+
+    // Health check endpoint
+    this.app.get("/healthz", this.healthz);
+
+    // Mutate endpoint
+    this.app.post("/mutate", this.mutate);
+  }
+
+  /** Start the webhook server */
+  public startServer = (port: number) => {
+    // Create HTTPS server
+    https.createServer(options, this.app).listen(port, () => {
+      console.log(`Server listening on port ${port}`);
+    });
+  };
+
+  private logger = (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const startTime = Date.now();
+
+    res.on("finish", () => {
+      const now = new Date().toISOString();
+      const elapsedTime = Date.now() - startTime;
+      const message = `[${now}] ${req.method} ${req.originalUrl} - ${res.statusCode} - ${elapsedTime} ms\n`;
+
+      res.statusCode >= 400 ? console.error(message) : console.info(message);
+    });
+
+    next();
+  };
+
+  private healthz = (req: express.Request, res: express.Response) => {
+    try {
+      res.send("OK");
+    } catch (err) {
+      console.error(err);
+      res.status(500).send("Internal Server Error");
+    }
+  };
+
+  private mutate = (req: express.Request, res: express.Response) => {
+    try {
+      const name = req.body?.request?.name || "";
+      const namespace = req.body?.request?.namespace || "";
+      const gvk = req.body?.request?.kind || { group: "", version: "", kind: "" };
+
+      console.log(`Mutate request: ${gvk.group}/${gvk.version}/${gvk.kind}`);
+      name && console.log(`                ${namespace}/${name}\n`);
+
+      // @todo: make this actually do something
+      const response = processor(this.config, this.capabilities, req.body.request);
+      console.debug(response);
+
+      // Send a no prob bob response
+      res.send({
+        apiVersion: "admission.k8s.io/v1",
+        kind: "AdmissionReview",
+        response: {
+          uid: req.body.request.uid,
+          allowed: true,
+        },
+      });
+    } catch (err) {
+      console.error(err);
+      res.status(500).send("Internal Server Error");
+    }
+  };
+}

package/src/lib/filter.ts

@@ -18,22 +18,19 @@ export function shouldSkipRequest(binding: Binding, req: Request) {
   const { metadata } = req.object;
 
   if (kind !== req.kind.kind) {
-    logger.debug(`${req.kind.kind} does not match ${kind}`);
     return true;
   }
 
   if (group && group !== req.kind.group) {
-    logger.debug(`${req.kind.group} does not match ${group}`);
     return true;
   }
 
   if (version && version !== req.kind.version) {
-    logger.debug(`${req.kind.version} does not match ${version}`);
     return true;
   }
 
   if (namespaces.length && !namespaces.includes(req.namespace || "")) {
-    logger.debug(`${req.namespace} is not in ${namespaces}`);
+    logger.debug("Namespace does not match");
     return true;
   }
 

package/src/lib/module.ts

@@ -3,9 +3,7 @@
 
 import R from "ramda";
 import { Capability } from "./capability";
-import { GroupVersionKind, Request, Response } from "./k8s";
-import logger from "./logger";
-import { processor } from "./processor";
+import { Controller } from "./controller";
 import { ModuleConfig } from "./types";
 
 const alwaysIgnore = {
@@ -19,39 +17,31 @@ export type PackageJSON = {
 };
 
 export class PeprModule {
-  private _config: ModuleConfig;
-  private _state: Capability[] = [];
-  private _kinds: GroupVersionKind[] = [];
-
-  get kinds(): GroupVersionKind[] {
-    return this._kinds;
-  }
-
-  get UUID(): string {
-    return this._config.uuid;
-  }
+  private _controller: Controller;
 
   /**
    * Create a new Pepr runtime
    *
    * @param config The configuration for the Pepr runtime
    */
-  constructor({ description, pepr }: PackageJSON) {
-    pepr.description = description;
-    this._config = R.mergeDeepWith(R.concat, pepr, alwaysIgnore);
-  }
-
-  Register = (capability: Capability) => {
-    logger.info(`Registering capability ${capability.name}`);
+  constructor({ description, pepr }: PackageJSON, capabilities: Capability[] = [], deferStart = false) {
+    const config: ModuleConfig = R.mergeDeepWith(R.concat, pepr, alwaysIgnore);
+    config.description = description;
 
-    // Add the kinds to the list of kinds (ignoring duplicates for now)
-    this._kinds = capability.bindings.map(({ kind }) => kind);
+    this._controller = new Controller(config, capabilities);
 
-    // Add the capability to the state
-    this._state.push(capability);
-  };
+    if (!deferStart) {
+      this.start();
+    }
+  }
 
-  ProcessRequest = (req: Request): Response => {
-    return processor(this._config, this._state, req);
-  };
+  /**
+   * Start the Pepr runtime manually.
+   * Normally this is called automatically when the Pepr module is instantiated, but can be called manually if `deferStart` is set to `true` in the constructor.
+   *
+   * @param port
+   */
+  start(port = 3000) {
+    this._controller.startServer(port);
+  }
 }