npm - pepr - Versions diffs - 0.1.25 → 0.1.27 - Mend

pepr 0.1.25 → 0.1.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/src/lib/module.ts DELETED Viewed

@@ -1,57 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import R from "ramda";
-import { Capability } from "./capability";
-import { GroupVersionKind, Request, Response } from "./k8s";
-import logger from "./logger";
-import { processor } from "./processor";
-import { ModuleConfig } from "./types";
-const alwaysIgnore = {
-  namespaces: ["kube-system", "pepr-system"],
-  labels: [{ "pepr.dev": "ignore" }],
-};
-export type PackageJSON = {
-  description: string;
-  pepr: ModuleConfig;
-};
-export class PeprModule {
-  private _config: ModuleConfig;
-  private _state: Capability[] = [];
-  private _kinds: GroupVersionKind[] = [];
-  get kinds(): GroupVersionKind[] {
-    return this._kinds;
-  }
-  get UUID(): string {
-    return this._config.uuid;
-  }
-  /**
-   * Create a new Pepr runtime
-   *
-   * @param config The configuration for the Pepr runtime
-   */
-  constructor({ description, pepr }: PackageJSON) {
-    pepr.description = description;
-    this._config = R.mergeDeepWith(R.concat, pepr, alwaysIgnore);
-  }
-  Register = (capability: Capability) => {
-    logger.info(`Registering capability ${capability.name}`);
-    // Add the kinds to the list of kinds (ignoring duplicates for now)
-    this._kinds = capability.bindings.map(({ kind }) => kind);
-    // Add the capability to the state
-    this._state.push(capability);
-  };
-  ProcessRequest = (req: Request): Response => {
-    return processor(this._config, this._state, req);
-  };
-}

package/src/lib/processor.ts DELETED Viewed

@@ -1,83 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import { compare } from "fast-json-patch";
-import { Capability } from "./capability";
-import { shouldSkipRequest } from "./filter";
-import { Request, Response } from "./k8s/types";
-import logger from "./logger";
-import { RequestWrapper } from "./request";
-import { ModuleConfig } from "./types";
-export function processor(config: ModuleConfig, capabilities: Capability[], req: Request): Response {
-  const wrapped = new RequestWrapper(req);
-  const response: Response = {
-    uid: req.uid,
-    patchType: "JSONPatch",
-    warnings: [],
-    allowed: false,
-  };
-  logger.info(`Processing '${req.uid}' for '${req.kind.kind}' '${req.name}'`);
-  for (const { name, bindings } of capabilities) {
-    const prefix = `${req.uid} ${req.name}: ${name}`;
-    logger.info(`Processing capability ${name}`, prefix);
-    for (const action of bindings) {
-      // Continue to the next action without doing anything if this one should be skipped
-      if (shouldSkipRequest(action, req)) {
-        continue;
-      }
-      logger.info(`Processing matched action ${action.kind.kind}`, prefix);
-      // Add annotations to the request to indicate that the capability started processing
-      // this will allow tracking of failed mutations that were permitted to continue
-      const { metadata } = wrapped.Raw;
-      const identifier = `pepr.dev/${config.uuid}/${name}`;
-      metadata.annotations = metadata.annotations || {};
-      metadata.annotations[identifier] = "started";
-      try {
-        // Run the action
-        action.callback(wrapped);
-        // Add annotations to the request to indicate that the capability succeeded
-        metadata.annotations[identifier] = "succeeded";
-      } catch (e) {
-        response.warnings.push(`Action failed: ${e}`);
-        // If errors are not allowed, note the failure in the Reponse
-        if (config.onError) {
-          logger.error(`Action failed: ${e}`, prefix);
-          response.result = "Pepr module configured to reject on error";
-          return response;
-        } else {
-          logger.warn(`Action failed: ${e}`, prefix);
-          metadata.annotations[identifier] = "warning";
-        }
-      }
-    }
-  }
-  // If we've made it this far, the request is allowed
-  response.allowed = true;
-  // Compare the original request to the modified request to get the patches
-  const patches = compare(req.object, wrapped.Raw);
-  // Only add the patch if there are patches to apply
-  if (patches.length > 0) {
-    response.patch = JSON.stringify(patches);
-  }
-  // Remove the warnings array if it's empty
-  if (response.warnings.length < 1) {
-    delete response.warnings;
-  }
-  logger.debug(patches);
-  return response;
-}

package/src/lib/request.ts DELETED Viewed

@@ -1,140 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import * as R from "ramda";
-import { KubernetesObject, Request } from "./k8s";
-import { DeepPartial } from "./types";
-/**
- * The RequestWrapper class provides methods to modify Kubernetes objects in the context
- * of a mutating webhook request.
- */
-export class RequestWrapper<T extends KubernetesObject> {
-  private _input: Request<T>;
-  public Raw: T;
-  get PermitSideEffects() {
-    return !this._input.dryRun;
-  }
-  /**
-   * Indicates whether the request is a dry run.
-   * @returns true if the request is a dry run, false otherwise.
-   */
-  get IsDryRun() {
-    return this._input.dryRun;
-  }
-  /**
-   * Provides access to the old resource in the request if available.
-   * @returns The old Kubernetes resource object or null if not available.
-   */
-  get OldResource() {
-    return this._input.oldObject;
-  }
-  /**
-   * Provides access to the request object.
-   * @returns The request object containing the Kubernetes resource.
-   */
-  get Request() {
-    return this._input;
-  }
-  /**
-   * Creates a new instance of the Action class.
-   * @param input - The request object containing the Kubernetes resource to modify.
-   */
-  constructor(input: Request<T>) {
-    // Deep clone the object to prevent mutation of the original object
-    this.Raw = R.clone(input.object);
-    // Store the input
-    this._input = input;
-  }
-  /**
-   * Deep merges the provided object with the current resource.
-   *
-   * @param obj - The object to merge with the current resource.
-   */
-  Merge(obj: DeepPartial<T>) {
-    this.Raw = R.mergeDeepRight(this.Raw, obj) as T;
-  }
-  /**
-   * Updates a label on the Kubernetes resource.
-   * @param key - The key of the label to update.
-   * @param value - The value of the label.
-   * @returns The current Action instance for method chaining.
-   */
-  SetLabel(key: string, value: string) {
-    const ref = this.Raw;
-    ref.metadata = ref.metadata ?? {};
-    ref.metadata.labels = ref.metadata.labels ?? {};
-    ref.metadata.labels[key] = value;
-    return this;
-  }
-  /**
-   * Updates an annotation on the Kubernetes resource.
-   * @param key - The key of the annotation to update.
-   * @param value - The value of the annotation.
-   * @returns The current Action instance for method chaining.
-   */
-  SetAnnotation(key: string, value: string) {
-    const ref = this.Raw;
-    ref.metadata = ref.metadata ?? {};
-    ref.metadata.annotations = ref.metadata.annotations ?? {};
-    ref.metadata.annotations[key] = value;
-    return this;
-  }
-  /**
-   * Removes a label from the Kubernetes resource.
-   * @param key - The key of the label to remove.
-   * @returns The current Action instance for method chaining.
-   */
-  RemoveLabel(key: string) {
-    if (this.Raw.metadata?.labels?.[key]) {
-      delete this.Raw.metadata.labels[key];
-    }
-    return this;
-  }
-  /**
-   * Removes an annotation from the Kubernetes resource.
-   * @param key - The key of the annotation to remove.
-   * @returns The current Action instance for method chaining.
-   */
-  RemoveAnnotation(key: string) {
-    if (this.Raw.metadata?.annotations?.[key]) {
-      delete this.Raw.metadata.annotations[key];
-    }
-    return this;
-  }
-  /**
-   * Check if a label exists on the Kubernetes resource.
-   *
-   * @param key the label key to check
-   * @returns
-   */
-  HasLabel(key: string) {
-    return this.Raw?.metadata?.labels?.[key] !== undefined;
-  }
-  /**
-   * Check if an annotation exists on the Kubernetes resource.
-   *
-   * @param key the annotation key to check
-   * @returns
-   */
-  HasAnnotation(key: string) {
-    return this.Raw?.metadata?.annotations?.[key] !== undefined;
-  }
-}

package/src/lib/types.ts DELETED Viewed

@@ -1,211 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import { GroupVersionKind, KubernetesObject, WebhookIgnore } from "./k8s";
-import { RequestWrapper } from "./request";
-/**
- * The behavior of this module when an error occurs.
- */
-export enum ErrorBehavior {
-  ignore = "ignore",
-  audit = "audit",
-  reject = "reject",
-}
-/**
- * The phase of the Kubernetes admission webhook that the capability is registered for.
- *
- * Currently only `mutate` is supported.
- */
-export enum HookPhase {
-  mutate = "mutate",
-  valdiate = "validate",
-}
-/**
- * Recursively make all properties in T optional.
- */
-export type DeepPartial<T> = {
-  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
-};
-/**
- * The type of Kubernetes mutating webhook event ethat the capability action is registered for.
- */
-export enum Event {
-  Create = "create",
-  Update = "update",
-  Delete = "delete",
-  CreateOrUpdate = "createOrUpdate",
-}
-export interface CapabilityCfg {
-  /**
-   * The name of the capability. This should be unique.
-   */
-  name: string;
-  /**
-   * A description of the capability and what it does.
-   */
-  description: string;
-  /**
-   * List of namespaces that this capability applies to, if empty, applies to all namespaces (cluster-wide).
-   * This does not supersede the `alwaysIgnore` global configuration.
-   */
-  namespaces?: string[];
-  /**
-   * FUTURE USE.
-   *
-   * Declare if this capability should be used for mutation or validation. Currently this is not used
-   * and everything is considered a mutation.
-   */
-  mutateOrValidate?: HookPhase;
-}
-export type ModuleSigning = {
-  /**
-   * Specifies the signing policy.
-   * "requireAuthorizedKey" - only authorized keys are accepted.
-   * "requireAnyKey" - any key is accepted, as long as it's valid.
-   * "none" - no signing required.
-   */
-  signingPolicy?: "requireAuthorizedKey" | "requireAnyKey" | "none";
-  /**
-   * List of authorized keys for the "requireAuthorizedKey" policy.
-   * These keys are allowed to sign Pepr capabilities.
-   */
-  authorizedKeys?: string[];
-};
-/** Global configuration for the Pepr runtime. */
-export type ModuleConfig = {
-  /** The user-defined name for the module */
-  name: string;
-  /** The version of Pepr that the module was originally generated with */
-  version: string;
-  /** A unique identifier for this Pepr module. This is automatically generated by Pepr. */
-  uuid: string;
-  /** A description of the Pepr module and what it does. */
-  description?: string;
-  /** Reject K8s resource AdmissionRequests on error. */
-  onError: ErrorBehavior | string;
-  /** Configure global exclusions that will never be processed by Pepr. */
-  alwaysIgnore: WebhookIgnore;
-  /**
-   * FUTURE USE.
-   *
-   * Configure the signing policy for Pepr capabilities.
-   * This setting determines the requirements for signing keys in Pepr.
-   */
-  signing?: ModuleSigning;
-};
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export type GenericClass = abstract new () => any;
-export type WhenSelector<T extends GenericClass> = {
-  /** Register a capability action to be executed when a Kubernetes resource is created or updated. */
-  IsCreatedOrUpdated: () => BindingAll<T>;
-  /** Register a capability action to be executed when a Kubernetes resource is created. */
-  IsCreated: () => BindingAll<T>;
-  /** Register a capability action to be executed when a Kubernetes resource is updated. */
-  IsUpdated: () => BindingAll<T>;
-  /** Register a capability action to be executed when a Kubernetes resource is deleted. */
-  IsDeleted: () => BindingAll<T>;
-};
-export type Binding = {
-  event?: Event;
-  readonly kind: GroupVersionKind;
-  readonly filters: {
-    name: string;
-    namespaces: string[];
-    labels: Record<string, string>;
-    annotations: Record<string, string>;
-  };
-  readonly callback: CapabilityAction<GenericClass, InstanceType<GenericClass>>;
-};
-export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
-  /**
-   * Only apply the capability action if the resource has the specified label. If no value is specified, the label must exist.
-   * Note multiple calls to this method will result in an AND condition. e.g.
-   *
-   * ```ts
-   * When(a.Deployment)
-   *   .IsCreated()
-   *   .WithLabel("foo", "bar")
-   *   .WithLabel("baz", "qux")
-   *   .Then(...)
-   * ```
-   *
-   * Will only apply the capability action if the resource has both the `foo=bar` and `baz=qux` labels.
-   *
-   * @param key
-   * @param value
-   */
-  WithLabel: (key: string, value?: string) => BindingFilter<T>;
-  /**
-   * Only apply the capability action if the resource has the specified annotation. If no value is specified, the annotation must exist.
-   * Note multiple calls to this method will result in an AND condition. e.g.
-   *
-   * ```ts
-   * When(a.Deployment)
-   *   .IsCreated()
-   *   .WithAnnotation("foo", "bar")
-   *   .WithAnnotation("baz", "qux")
-   *   .Then(...)
-   * ```
-   *
-   * Will only apply the capability action if the resource has both the `foo=bar` and `baz=qux` annotations.
-   *
-   * @param key
-   * @param value
-   */
-  WithAnnotation: (key: string, value?: string) => BindingFilter<T>;
-};
-export type BindingWithName<T extends GenericClass> = BindingFilter<T> & {
-  /** Only apply the capability action if the resource name matches the specified name. */
-  WithName: (name: string) => BindingFilter<T>;
-};
-export type BindingAll<T extends GenericClass> = BindingWithName<T> & {
-  /** Only apply the cabability action if the resource is in one of the specified namespaces.*/
-  InNamespace: (...namespaces: string[]) => BindingFilter<T>;
-};
-export type BindToAction<T extends GenericClass> = {
-  /**
-   * Create a new capability action with the specified callback function and previously specified
-   * filters.
-   * @param action The capability action to be executed when the Kubernetes resource is processed by the AdmissionController.
-   */
-  Then: (action: CapabilityAction<T, InstanceType<T>>) => BindToAction<T>;
-};
-export type BindToActionOrSet<T extends GenericClass> = BindToAction<T> & {
-  /**
-   * Merge the specified updates into the resource, this can only be used once per binding.
-   * Note this is just a convenience method for `request.Merge(values)`.
-   *
-   * Example change the `minReadySeconds` to 3 of a deployment when it is created:
-   *
-   * ```ts
-   * When(a.Deployment)
-   *  .IsCreated()
-   *  .ThenSet({ spec: { minReadySeconds: 3 } });
-   * ```
-   *
-   * @param merge
-   * @returns
-   */
-  ThenSet: (val: DeepPartial<InstanceType<T>>) => BindToAction<T>;
-};
-export type CapabilityAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (
-  req: RequestWrapper<K>
-) => void;