pepr 0.26.2 → 0.28.0

package/src/lib/helpers.ts

@@ -1,11 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { K8s, kind } from "kubernetes-fluent-client";
+import { K8s, KubernetesObject, kind } from "kubernetes-fluent-client";
 import Log from "./logger";
 import { CapabilityExport } from "./types";
 import { promises as fs } from "fs";
-import commander from "commander";
+import { Binding } from "./types";
 
 type RBACMap = {
   [key: string]: {
@@ -14,6 +14,96 @@ type RBACMap = {
   };
 };
 
+// check for overlap with labels and annotations between bindings and kubernetes objects
+export function checkOverlap(record1: Record<string, string>, record2: Record<string, string>) {
+  if (Object.keys(record1).length === 0) {
+    return true;
+  }
+  for (const key in record1) {
+    if (
+      Object.prototype.hasOwnProperty.call(record1, key) &&
+      Object.prototype.hasOwnProperty.call(record2, key) &&
+      record1[key] === record2[key]
+    ) {
+      return true;
+    }
+  }
+  return false;
+}
+
+/**
+ * Decide to run callback after the event comes back from API Server
+ **/
+export const filterMatcher = (
+  binding: Partial<Binding>,
+  obj: Partial<KubernetesObject>,
+  capabilityNamespaces: string[],
+): string => {
+  // binding kind is namespace with a InNamespace filter
+  if (binding.kind && binding.kind.kind === "Namespace" && binding.filters && binding.filters.namespaces.length !== 0) {
+    return `Ignoring Watch Callback: Cannot use a namespace filter in a namespace object.`;
+  }
+
+  if (typeof obj === "object" && obj !== null && "metadata" in obj && obj.metadata !== undefined && binding.filters) {
+    // binding labels and object labels dont match
+    if (obj.metadata.labels && !checkOverlap(binding.filters.labels, obj.metadata.labels)) {
+      return `Ignoring Watch Callback: No overlap between binding and object labels. Binding labels ${JSON.stringify(
+        binding.filters.labels,
+      )}, Object Labels ${JSON.stringify(obj.metadata.labels)}.`;
+    }
+
+    // binding annotations and object annotations dont match
+    if (obj.metadata.annotations && !checkOverlap(binding.filters.annotations, obj.metadata.annotations)) {
+      return `Ignoring Watch Callback: No overlap between binding and object annotations. Binding annotations ${JSON.stringify(
+        binding.filters.annotations,
+      )}, Object annotations ${JSON.stringify(obj.metadata.annotations)}.`;
+    }
+  }
+
+  // Check object is in the capability namespace
+  if (
+    Array.isArray(capabilityNamespaces) &&
+    capabilityNamespaces.length > 0 &&
+    obj.metadata &&
+    obj.metadata.namespace &&
+    !capabilityNamespaces.includes(obj.metadata.namespace)
+  ) {
+    return `Ignoring Watch Callback: Object is not in the capability namespace. Capability namespaces: ${capabilityNamespaces.join(
+      ", ",
+    )}, Object namespace: ${obj.metadata.namespace}.`;
+  }
+
+  // chceck every filter namespace is a capability namespace
+  if (
+    Array.isArray(capabilityNamespaces) &&
+    capabilityNamespaces.length > 0 &&
+    binding.filters &&
+    Array.isArray(binding.filters.namespaces) &&
+    binding.filters.namespaces.length > 0 &&
+    !binding.filters.namespaces.every(ns => capabilityNamespaces.includes(ns))
+  ) {
+    return `Ignoring Watch Callback: Binding namespace is not part of capability namespaces. Capability namespaces: ${capabilityNamespaces.join(
+      ", ",
+    )}, Binding namespaces: ${binding.filters.namespaces.join(", ")}.`;
+  }
+
+  // filter namespace is not the same of object namespace
+  if (
+    binding.filters &&
+    Array.isArray(binding.filters.namespaces) &&
+    binding.filters.namespaces.length > 0 &&
+    obj.metadata &&
+    obj.metadata.namespace &&
+    !binding.filters.namespaces.includes(obj.metadata.namespace)
+  ) {
+    return `Ignoring Watch Callback: Binding namespace and object namespace are not the same. Binding namespaces: ${binding.filters.namespaces.join(
+      ", ",
+    )}, Object namespace: ${obj.metadata.namespace}.`;
+  }
+
+  // no problems
+  return "";
+};
 export const addVerbIfNotExists = (verbs: string[], verb: string) => {
   if (!verbs.includes(verb)) {
     verbs.push(verb);
@@ -177,11 +267,36 @@ export const parseTimeout = (value: string, previous: unknown): number => {
   const parsedValue = parseInt(value, 10);
   const floatValue = parseFloat(value);
   if (isNaN(parsedValue)) {
-    throw new commander.InvalidArgumentError("Not a number.");
+    throw new Error("Not a number.");
   } else if (parsedValue !== floatValue) {
-    throw new commander.InvalidArgumentError("Value must be an integer.");
+    throw new Error("Value must be an integer.");
   } else if (parsedValue < 1 || parsedValue > 30) {
-    throw new commander.InvalidArgumentError("Number must be between 1 and 30.");
+    throw new Error("Number must be between 1 and 30.");
   }
   return parsedValue;
 };
+
+// Remove leading whitespace while keeping format of file
+export function dedent(file: string) {
+  // Check if the first line is empty and remove it
+  const lines = file.split("\n");
+  if (lines[0].trim() === "") {
+    lines.shift(); // Remove the first line if it's empty
+    file = lines.join("\n"); // Rejoin the remaining lines back into a single string
+  }
+
+  const match = file.match(/^[ \t]*(?=\S)/gm);
+  const indent = match && Math.min(...match.map(el => el.length));
+  if (indent && indent > 0) {
+    const re = new RegExp(`^[ \\t]{${indent}}`, "gm");
+    return file.replace(re, "");
+  }
+  return file;
+}
+
+export function replaceString(str: string, stringA: string, stringB: string) {
+  //eslint-disable-next-line
+  const escapedStringA = stringA.replace(/[-\/\\^$*+?.()|[\]{}]/g, "\\$&");
+  const regExp = new RegExp(escapedStringA, "g");
+  return str.replace(regExp, stringB);
+}

package/src/lib/k8s.ts

@@ -166,15 +166,4 @@ export type WebhookIgnore = {
    * Note: `kube-system` and `pepr-system` are always ignored.
    */
   namespaces?: string[];
-  /**
-   * List of Kubernetes labels to always ignore.
-   * Any resources with these labels will be ignored by Pepr.
-   *
-   * The example below will ignore any resources with the label `my-label=ulta-secret`:
-   * ```
-   * alwaysIgnore:
-   *   labels: [{ "my-label": "ultra-secret" }]
-   * ```
-   */
-  labels?: Record<string, string>[];
 };

package/src/lib/module.ts

@@ -15,8 +15,6 @@ export interface CustomLabels {
 }
 /** Global configuration for the Pepr runtime. */
 export type ModuleConfig = {
-  /** The user-defined name for the module */
-  name: string;
   /** The Pepr version this module uses */
   peprVersion?: string;
   /** The user-defined version of the module */

package/src/lib/watch-processor.ts

@@ -11,6 +11,7 @@ import Log from "./logger";
 import { Binding, Event } from "./types";
 import { Watcher } from "kubernetes-fluent-client/dist/fluent/watch";
 import { GenericClass } from "kubernetes-fluent-client";
+import { filterMatcher } from "./helpers";
 
 // Track if the store has been updated
 let storeUpdates = false;
@@ -58,13 +59,14 @@ export async function setupStore(uuid: string) {
 export async function setupWatch(uuid: string, capabilities: Capability[]) {
   await setupStore(uuid);
 
-  capabilities
-    .flatMap(c => c.bindings)
-    .filter(binding => binding.isWatch)
-    .forEach(runBinding);
+  capabilities.map(capability =>
+    capability.bindings
+      .filter(binding => binding.isWatch)
+      .forEach(bindingElement => runBinding(bindingElement, capability.namespaces)),
+  );
 }
 
-async function runBinding(binding: Binding) {
+async function runBinding(binding: Binding, capabilityNamespaces: string[]) {
   // Map the event to the watch phase
   const eventToPhaseMap = {
     [Event.Create]: [WatchPhase.Added],
@@ -92,9 +94,14 @@ async function runBinding(binding: Binding) {
       // If the type matches the phase, call the watch callback
       if (phaseMatch.includes(type)) {
         try {
-          queue.setReconcile(async () => await binding.watchCallback?.(obj, type));
-          // Enqueue the object for reconciliation through callback
-          await queue.enqueue(obj);
+          const filterMatch = filterMatcher(binding, obj, capabilityNamespaces);
+          if (filterMatch === "") {
+            queue.setReconcile(async () => await binding.watchCallback?.(obj, type));
+            // Enqueue the object for reconciliation through callback
+            await queue.enqueue(obj);
+          } else {
+            Log.debug(filterMatch);
+          }
         } catch (e) {
           // Errors in the watch callback should not crash the controller
           Log.error(e, "Error executing watch callback");
@@ -109,8 +116,12 @@ async function runBinding(binding: Binding) {
       // If the type matches the phase, call the watch callback
       if (phaseMatch.includes(type)) {
         try {
-          // Perform the watch callback
-          await binding.watchCallback?.(obj, type);
+          const filterMatch = filterMatcher(binding, obj, capabilityNamespaces);
+          if (filterMatch === "") {
+            await binding.watchCallback?.(obj, type);
+          } else {
+            Log.debug(filterMatch);
+          }
         } catch (e) {
           // Errors in the watch callback should not crash the controller
           Log.error(e, "Error executing watch callback");

package/src/templates/package.json

@@ -8,11 +8,12 @@
     "onError": "reject",
     "logLevel": "debug",
     "customLabels": {
-      "namespace": {}
+      "namespace": {
+        "pepr.dev": ""
+      }
     },
     "alwaysIgnore": {
-      "namespaces": [],
-      "labels": []
+      "namespaces": []
     },
     "includedFiles": []
   }