pepr 0.12.2 → 0.13.0

package/dist/lib/{request.d.ts → mutate-request.d.ts}

@@ -4,7 +4,7 @@ import { DeepPartial } from "./types";
  * The RequestWrapper class provides methods to modify Kubernetes objects in the context
  * of a mutating webhook request.
  */
-export declare class PeprRequest<T extends KubernetesObject> {
+export declare class PeprMutateRequest<T extends KubernetesObject> {
     private _input;
     Raw: T;
     get PermitSideEffects(): boolean;
@@ -24,7 +24,7 @@ export declare class PeprRequest<T extends KubernetesObject> {
      */
     get Request(): Request<T>;
     /**
-     * Creates a new instance of the Action class.
+     * Creates a new instance of the action class.
      * @param input - The request object containing the Kubernetes resource to modify.
      */
     constructor(_input: Request<T>);
@@ -38,14 +38,14 @@ export declare class PeprRequest<T extends KubernetesObject> {
      * Updates a label on the Kubernetes resource.
      * @param key - The key of the label to update.
      * @param value - The value of the label.
-     * @returns The current Action instance for method chaining.
+     * @returns The current action instance for method chaining.
      */
     SetLabel(key: string, value: string): this;
     /**
      * Updates an annotation on the Kubernetes resource.
      * @param key - The key of the annotation to update.
      * @param value - The value of the annotation.
-     * @returns The current Action instance for method chaining.
+     * @returns The current action instance for method chaining.
      */
     SetAnnotation(key: string, value: string): this;
     /**
@@ -75,4 +75,4 @@ export declare class PeprRequest<T extends KubernetesObject> {
      */
     HasAnnotation(key: string): boolean;
 }
-//# sourceMappingURL=request.d.ts.map
+//# sourceMappingURL=mutate-request.d.ts.map

package/dist/lib/mutate-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutate-request.d.ts","sourceRoot":"","sources":["../../src/lib/mutate-request.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAa,OAAO,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC;;;GAGG;AACH,qBAAa,iBAAiB,CAAC,CAAC,SAAS,gBAAgB;IAmC3C,OAAO,CAAC,MAAM;IAlCnB,GAAG,EAAE,CAAC,CAAC;IAEd,IAAI,iBAAiB,YAEpB;IAED;;;OAGG;IACH,IAAI,QAAQ,wBAEX;IAED;;;OAGG;IACH,IAAI,WAAW,kBAEd;IAED;;;OAGG;IACH,IAAI,OAAO,eAEV;IAED;;;OAGG;gBACiB,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IActC;;;;OAIG;IACH,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;IAIzB;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAUnC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAUxC;;;;OAIG;IACH,WAAW,CAAC,GAAG,EAAE,MAAM;IAQvB;;;;OAIG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM;IAQ5B;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM;IAIpB;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM;CAG1B"}

package/dist/lib/types.d.ts

@@ -1,17 +1,10 @@
 import { GroupVersionKind, KubernetesObject, WebhookIgnore } from "./k8s/types";
-import { PeprRequest } from "./request";
+import { PeprMutateRequest } from "./mutate-request";
+import { PeprValidateRequest } from "./validate-request";
 export type PackageJSON = {
     description: string;
     pepr: ModuleConfig;
 };
-/**
- * The behavior of this module when an error occurs.
- */
-export declare enum ErrorBehavior {
-    ignore = "ignore",
-    audit = "audit",
-    reject = "reject"
-}
 /**
  * The phase of the Kubernetes admission webhook that the capability is registered for.
  *
@@ -28,7 +21,7 @@ export type DeepPartial<T> = {
     [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
 };
 /**
- * The type of Kubernetes mutating webhook event that the capability action is registered for.
+ * The type of Kubernetes mutating webhook event that the action is registered for.
  */
 export declare enum Event {
     Create = "CREATE",
@@ -51,13 +44,6 @@ export interface CapabilityCfg {
      * This does not supersede the `alwaysIgnore` global configuration.
      */
     namespaces?: string[];
-    /**
-     * FUTURE USE.
-     *
-     * Declare if this capability should be used for mutation or validation. Currently this is not used
-     * and everything is considered a mutation.
-     */
-    mutateOrValidate?: HookPhase;
 }
 export type ModuleSigning = {
     /**
@@ -86,7 +72,7 @@ export type ModuleConfig = {
     /** A description of the Pepr module and what it does. */
     description?: string;
     /** Reject K8s resource AdmissionRequests on error. */
-    onError: ErrorBehavior | string;
+    onError?: string;
     /** Configure global exclusions that will never be processed by Pepr. */
     alwaysIgnore: WebhookIgnore;
     /**
@@ -99,17 +85,19 @@ export type ModuleConfig = {
 };
 export type GenericClass = abstract new () => any;
 export type WhenSelector<T extends GenericClass> = {
-    /** Register a capability action to be executed when a Kubernetes resource is created or updated. */
+    /** Register an action to be executed when a Kubernetes resource is created or updated. */
     IsCreatedOrUpdated: () => BindingAll<T>;
-    /** Register a capability action to be executed when a Kubernetes resource is created. */
+    /** Register an action to be executed when a Kubernetes resource is created. */
     IsCreated: () => BindingAll<T>;
-    /** Register a capability action to be executed when a Kubernetes resource is updated. */
+    /** Register ann action to be executed when a Kubernetes resource is updated. */
     IsUpdated: () => BindingAll<T>;
-    /** Register a capability action to be executed when a Kubernetes resource is deleted. */
+    /** Register an action to be executed when a Kubernetes resource is deleted. */
     IsDeleted: () => BindingAll<T>;
 };
 export type Binding = {
     event: Event;
+    isMutate?: boolean;
+    isValidate?: boolean;
     readonly kind: GroupVersionKind;
     readonly filters: {
         name: string;
@@ -117,11 +105,12 @@ export type Binding = {
         labels: Record<string, string>;
         annotations: Record<string, string>;
     };
-    readonly callback: CapabilityAction<GenericClass, InstanceType<GenericClass>>;
+    readonly mutateCallback?: MutateAction<GenericClass, InstanceType<GenericClass>>;
+    readonly validateCallback?: ValidateAction<GenericClass, InstanceType<GenericClass>>;
 };
-export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
+export type BindingFilter<T extends GenericClass> = CommonActionChain<T> & {
     /**
-     * Only apply the capability action if the resource has the specified label. If no value is specified, the label must exist.
+     * Only apply the action if the resource has the specified label. If no value is specified, the label must exist.
      * Note multiple calls to this method will result in an AND condition. e.g.
      *
      * ```ts
@@ -129,17 +118,17 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
      *   .IsCreated()
      *   .WithLabel("foo", "bar")
      *   .WithLabel("baz", "qux")
-     *   .Then(...)
+     *   .Mutate(...)
      * ```
      *
-     * Will only apply the capability action if the resource has both the `foo=bar` and `baz=qux` labels.
+     * Will only apply the action if the resource has both the `foo=bar` and `baz=qux` labels.
      *
      * @param key
      * @param value
      */
     WithLabel: (key: string, value?: string) => BindingFilter<T>;
     /**
-     * Only apply the capability action if the resource has the specified annotation. If no value is specified, the annotation must exist.
+     * Only apply the action if the resource has the specified annotation. If no value is specified, the annotation must exist.
      * Note multiple calls to this method will result in an AND condition. e.g.
      *
      * ```ts
@@ -147,10 +136,10 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
      *   .IsCreated()
      *   .WithAnnotation("foo", "bar")
      *   .WithAnnotation("baz", "qux")
-     *   .Then(...)
+     *   .Mutate(...)
      * ```
      *
-     * Will only apply the capability action if the resource has both the `foo=bar` and `baz=qux` annotations.
+     * Will only apply the action if the resource has both the `foo=bar` and `baz=qux` annotations.
      *
      * @param key
      * @param value
@@ -158,38 +147,48 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
     WithAnnotation: (key: string, value?: string) => BindingFilter<T>;
 };
 export type BindingWithName<T extends GenericClass> = BindingFilter<T> & {
-    /** Only apply the capability action if the resource name matches the specified name. */
+    /** Only apply the action if the resource name matches the specified name. */
     WithName: (name: string) => BindingFilter<T>;
 };
 export type BindingAll<T extends GenericClass> = BindingWithName<T> & {
-    /** Only apply the capability action if the resource is in one of the specified namespaces.*/
+    /** Only apply the action if the resource is in one of the specified namespaces.*/
     InNamespace: (...namespaces: string[]) => BindingWithName<T>;
 };
-export type BindToAction<T extends GenericClass> = {
+export type CommonActionChain<T extends GenericClass> = MutateActionChain<T> & {
     /**
-     * Create a new capability action with the specified callback function and previously specified
+     * Create a new MUTATE action with the specified callback function and previously specified
      * filters.
-     * @param action The capability action to be executed when the Kubernetes resource is processed by the AdmissionController.
+     * @param action The action to be executed when the Kubernetes resource is processed by the AdmissionController.
      */
-    Then: (action: CapabilityAction<T, InstanceType<T>>) => BindToAction<T>;
+    Mutate: (action: MutateAction<T, InstanceType<T>>) => MutateActionChain<T>;
 };
-export type BindToActionOrSet<T extends GenericClass> = BindToAction<T> & {
+export type MutateActionChain<T extends GenericClass> = {
     /**
-     * Merge the specified updates into the resource, this can only be used once per binding.
-     * Note this is just a convenience method for `request.Merge(values)`.
-     *
-     * Example change the `minReadySeconds` to 3 of a deployment when it is created:
+     * Create a new VALIDATE action with the specified callback function and previously specified
+     * filters. Return the `request.Approve()` or `Request.Deny()` methods to approve or deny the request:
      *
+     * @example
      * ```ts
      * When(a.Deployment)
      *  .IsCreated()
-     *  .ThenSet({ spec: { minReadySeconds: 3 } });
+     *  .Validate(request => {
+     *    if (request.HasLabel("foo")) {
+     *     return request.Approve();
+     *    }
+     *
+     *   return request.Deny("Deployment must have label foo");
+     * });
      * ```
      *
-     * @param merge
-     * @returns
+     * @param action The action to be executed when the Kubernetes resource is processed by the AdmissionController.
      */
-    ThenSet: (val: DeepPartial<InstanceType<T>>) => BindToAction<T>;
+    Validate: (action: ValidateAction<T, InstanceType<T>>) => void;
+};
+export type MutateAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprMutateRequest<K>) => Promise<void> | void | Promise<PeprMutateRequest<K>> | PeprMutateRequest<K>;
+export type ValidateAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprValidateRequest<K>) => Promise<ValidateResponse> | ValidateResponse;
+export type ValidateResponse = {
+    allowed: boolean;
+    statusCode?: number;
+    statusMessage?: string;
 };
-export type CapabilityAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprRequest<K>) => Promise<void> | void | Promise<PeprRequest<K>> | PeprRequest<K>;
 //# sourceMappingURL=types.d.ts.map

package/dist/lib/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAExC,MAAM,MAAM,WAAW,GAAG;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,oBAAY,aAAa;IACvB,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,MAAM,WAAW;CAClB;AAED;;;;GAIG;AACH,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,QAAQ,aAAa;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI;KAC1B,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAC;AAEF;;GAEG;AAEH,oBAAY,KAAK;IACf,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,cAAc,mBAAmB;IACjC,GAAG,MAAM;CACV;AAED,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,SAAS,CAAC;CAC9B;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,sBAAsB,GAAG,eAAe,GAAG,MAAM,CAAC;IAClE;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAEF,iDAAiD;AACjD,MAAM,MAAM,YAAY,GAAG;IACzB,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yFAAyF;IACzF,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,OAAO,EAAE,aAAa,GAAG,MAAM,CAAC;IAChC,wEAAwE;IACxE,YAAY,EAAE,aAAa,CAAC;IAC5B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB,CAAC;AAGF,MAAM,MAAM,YAAY,GAAG,QAAQ,WAAW,GAAG,CAAC;AAElD,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,IAAI;IACjD,oGAAoG;IACpG,kBAAkB,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IACxC,yFAAyF;IACzF,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,yFAAyF;IACzF,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,yFAAyF;IACzF,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACrC,CAAC;IACF,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;CAC/E,CAAC;AAEF,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,YAAY,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG;IACzE;;;;;;;;;;;;;;;;OAgBG;IACH,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7D;;;;;;;;;;;;;;;;OAgBG;IACH,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,YAAY,IAAI,aAAa,CAAC,CAAC,CAAC,GAAG;IACvE,wFAAwF;IACxF,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,UAAU,CAAC,CAAC,SAAS,YAAY,IAAI,eAAe,CAAC,CAAC,CAAC,GAAG;IACpE,6FAA6F;IAC7F,WAAW,EAAE,CAAC,GAAG,UAAU,EAAE,MAAM,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,CAAC;CAC9D,CAAC;AAEF,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,IAAI;IACjD;;;;OAIG;IACH,IAAI,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC;CACzE,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,YAAY,IAAI,YAAY,CAAC,CAAC,CAAC,GAAG;IACxE;;;;;;;;;;;;;;OAcG;IACH,OAAO,EAAE,CAAC,GAAG,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC;CACjE,CAAC;AAEF,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CACnG,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,KAChB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,MAAM,MAAM,WAAW,GAAG;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF;;;;GAIG;AACH,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,QAAQ,aAAa;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI;KAC1B,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAC;AAEF;;GAEG;AACH,oBAAY,KAAK;IACf,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,cAAc,mBAAmB;IACjC,GAAG,MAAM;CACV;AAED,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,sBAAsB,GAAG,eAAe,GAAG,MAAM,CAAC;IAClE;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAEF,iDAAiD;AACjD,MAAM,MAAM,YAAY,GAAG;IACzB,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yFAAyF;IACzF,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,YAAY,EAAE,aAAa,CAAC;IAC5B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB,CAAC;AAGF,MAAM,MAAM,YAAY,GAAG,QAAQ,WAAW,GAAG,CAAC;AAElD,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,IAAI;IACjD,0FAA0F;IAC1F,kBAAkB,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IACxC,+EAA+E;IAC/E,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,gFAAgF;IAChF,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,+EAA+E;IAC/E,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACrC,CAAC;IACF,QAAQ,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;IACjF,QAAQ,CAAC,gBAAgB,CAAC,EAAE,cAAc,CAAC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;CACtF,CAAC;AAEF,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,YAAY,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG;IACzE;;;;;;;;;;;;;;;;OAgBG;IACH,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7D;;;;;;;;;;;;;;;;OAgBG;IACH,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,YAAY,IAAI,aAAa,CAAC,CAAC,CAAC,GAAG;IACvE,6EAA6E;IAC7E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,UAAU,CAAC,CAAC,SAAS,YAAY,IAAI,eAAe,CAAC,CAAC,CAAC,GAAG;IACpE,kFAAkF;IAClF,WAAW,EAAE,CAAC,GAAG,UAAU,EAAE,MAAM,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,CAAC;CAC9D,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,YAAY,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG;IAC7E;;;;OAIG;IACH,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,iBAAiB,CAAC,CAAC,CAAC,CAAC;CAC5E,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,YAAY,IAAI;IACtD;;;;;;;;;;;;;;;;;;OAkBG;IACH,QAAQ,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;CAChE,CAAC;AAEF,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CAC/F,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAAC,KACtB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;AAEjF,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CACjG,GAAG,EAAE,mBAAmB,CAAC,CAAC,CAAC,KACxB,OAAO,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAAC;AAElD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}

package/dist/lib/validate-processor.d.ts

@@ -0,0 +1,4 @@
+import { Capability } from "./capability";
+import { Request, ValidateResponse } from "./k8s/types";
+export declare function validateProcessor(capabilities: Capability[], req: Request, reqMetadata: Record<string, string>): Promise<ValidateResponse>;
+//# sourceMappingURL=validate-processor.d.ts.map

package/dist/lib/validate-processor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-processor.d.ts","sourceRoot":"","sources":["../../src/lib/validate-processor.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAIxD,wBAAsB,iBAAiB,CACrC,YAAY,EAAE,UAAU,EAAE,EAC1B,GAAG,EAAE,OAAO,EACZ,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,OAAO,CAAC,gBAAgB,CAAC,CAsD3B"}

package/dist/lib/validate-request.d.ts

@@ -0,0 +1,54 @@
+import { KubernetesObject, Request } from "./k8s/types";
+import { ValidateResponse } from "./types";
+/**
+ * The RequestWrapper class provides methods to modify Kubernetes objects in the context
+ * of a mutating webhook request.
+ */
+export declare class PeprValidateRequest<T extends KubernetesObject> {
+    protected _input: Request<T>;
+    Raw: T;
+    /**
+     * Provides access to the old resource in the request if available.
+     * @returns The old Kubernetes resource object or null if not available.
+     */
+    get OldResource(): T | undefined;
+    /**
+     * Provides access to the request object.
+     * @returns The request object containing the Kubernetes resource.
+     */
+    get Request(): Request<T>;
+    /**
+     * Creates a new instance of the Action class.
+     * @param input - The request object containing the Kubernetes resource to modify.
+     */
+    constructor(_input: Request<T>);
+    /**
+     * Check if a label exists on the Kubernetes resource.
+     *
+     * @param key the label key to check
+     * @returns
+     */
+    HasLabel(key: string): boolean;
+    /**
+     * Check if an annotation exists on the Kubernetes resource.
+     *
+     * @param key the annotation key to check
+     * @returns
+     */
+    HasAnnotation(key: string): boolean;
+    /**
+     * Create a validation response that allows the request.
+     *
+     * @returns The validation response.
+     */
+    Approve(): ValidateResponse;
+    /**
+     * Create a validation response that denies the request.
+     *
+     * @param statusMessage Optional status message to return to the user.
+     * @param statusCode Optional status code to return to the user.
+     * @returns The validation response.
+     */
+    Deny(statusMessage?: string, statusCode?: number): ValidateResponse;
+}
+//# sourceMappingURL=validate-request.d.ts.map

package/dist/lib/validate-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-request.d.ts","sourceRoot":"","sources":["../../src/lib/validate-request.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAa,OAAO,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,qBAAa,mBAAmB,CAAC,CAAC,SAAS,gBAAgB;IAuB7C,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAtBjC,GAAG,EAAE,CAAC,CAAC;IAEd;;;OAGG;IACH,IAAI,WAAW,kBAEd;IAED;;;OAGG;IACH,IAAI,OAAO,eAEV;IAED;;;OAGG;gBACmB,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAcxC;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM;IAIpB;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM;IAIzB;;;;OAIG;IACH,OAAO,IAAI,gBAAgB;IAM3B;;;;;;OAMG;IACH,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,gBAAgB;CAOpE"}

package/dist/lib.d.ts

@@ -6,11 +6,12 @@ import { fetch, fetchRaw } from "./lib/fetch";
 import { RegisterKind, a } from "./lib/k8s/index";
 import Log from "./lib/logger";
 import { PeprModule } from "./lib/module";
-import { PeprRequest } from "./lib/request";
+import { PeprMutateRequest } from "./lib/mutate-request";
+import { PeprValidateRequest } from "./lib/validate-request";
 import * as PeprUtils from "./lib/utils";
 import type * as K8sTypes from "@kubernetes/client-node";
 import type * as RTypes from "ramda";
 export { a, 
 /** PeprModule is used to setup a complete Pepr Module: `new PeprModule(cfg, {...capabilities})` */
-PeprModule, PeprRequest, PeprUtils, RegisterKind, Capability, Log, R, fetch, fetchRaw, fetchStatus, k8s, RTypes, K8sTypes, };
+PeprModule, PeprMutateRequest, PeprValidateRequest, PeprUtils, RegisterKind, Capability, Log, R, fetch, fetchRaw, fetchStatus, k8s, RTypes, K8sTypes, };
 //# sourceMappingURL=lib.d.ts.map

package/dist/lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,CAAC,MAAM,OAAO,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAGzC,OAAO,KAAK,KAAK,QAAQ,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,KAAK,MAAM,MAAM,OAAO,CAAC;AAErC,OAAO,EACL,CAAC;AACD,mGAAmG;AACnG,UAAU,EACV,WAAW,EACX,SAAS,EACT,YAAY,EACZ,UAAU,EACV,GAAG,EACH,CAAC,EACD,KAAK,EACL,QAAQ,EACR,WAAW,EACX,GAAG,EAGH,MAAM,EACN,QAAQ,GACT,CAAC"}
+{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,CAAC,MAAM,OAAO,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAGzC,OAAO,KAAK,KAAK,QAAQ,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,KAAK,MAAM,MAAM,OAAO,CAAC;AAErC,OAAO,EACL,CAAC;AACD,mGAAmG;AACnG,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,SAAS,EACT,YAAY,EACZ,UAAU,EACV,GAAG,EACH,CAAC,EACD,KAAK,EACL,QAAQ,EACR,WAAW,EACX,GAAG,EAGH,MAAM,EACN,QAAQ,GACT,CAAC"}