pepr 0.28.3 → 0.28.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +18 -0
- package/dist/cli.js +72 -102
- package/dist/controller.js +1 -1
- package/dist/lib/filter.d.ts.map +1 -1
- package/dist/lib/queue.d.ts.map +1 -1
- package/dist/lib/watch-processor.d.ts.map +1 -1
- package/dist/lib.js +24 -25
- package/dist/lib.js.map +3 -3
- package/package.json +6 -6
- package/src/lib/assets/pods.ts +7 -11
- package/src/lib/assets/yaml.ts +2 -2
- package/src/lib/controller/index.ts +1 -1
- package/src/lib/filter.ts +6 -5
- package/src/lib/queue.ts +12 -3
- package/src/lib/watch-processor.ts +0 -14
package/dist/controller.js
CHANGED
|
@@ -49,7 +49,7 @@ if (process.env.LOG_LEVEL) {
|
|
|
49
49
|
var logger_default = Log;
|
|
50
50
|
|
|
51
51
|
// src/templates/data.json
|
|
52
|
-
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.28.
|
|
52
|
+
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.28.5", main: "dist/lib.js", types: "dist/lib.d.ts", scripts: { "gen-data-json": "node hack/build-template-data.js", prebuild: "rm -fr dist/* && npm run gen-data-json", build: "tsc && node build.mjs", test: "npm run test:unit && npm run test:journey", "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage", "test:journey": "npm run test:journey:k3d && npm run test:journey:build && npm run test:journey:image && npm run test:journey:run", "test:journey:prep": "if [ ! -d ./pepr-upgrade-test ]; then git clone https://github.com/defenseunicorns/pepr-upgrade-test.git ; fi", "test:journey-wasm": "npm run test:journey:k3d && npm run test:journey:build && npm run test:journey:image && npm run test:journey:run-wasm", "test:journey:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0' --wait && kubectl rollout status deployment -n kube-system", "test:journey:build": "npm run build && npm pack", "test:journey:image": "docker buildx build --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev", "test:journey:run": "jest --detectOpenHandles journey/entrypoint.test.ts && npm run test:journey:prep && npm run test:journey:upgrade", "test:journey:run-wasm": "jest --detectOpenHandles journey/entrypoint-wasm.test.ts", "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts", "format:check": "eslint src && prettier src --check", "format:fix": "eslint src --fix && prettier src --write" }, dependencies: { "@types/ramda": "0.29.11", express: "4.19.1", "fast-json-patch": "3.1.1", "kubernetes-fluent-client": "2.3.0", pino: "8.19.0", "pino-pretty": "11.0.0", "prom-client": "15.1.0", ramda: "0.29.1" }, devDependencies: { "@commitlint/cli": "19.2.1", "@commitlint/config-conventional": "19.1.0", "@jest/globals": "29.7.0", "@types/eslint": "8.56.6", "@types/express": "4.17.21", "@types/node": "18.x.x", "@types/node-forge": "1.3.11", "@types/prompts": "2.4.9", "@types/uuid": "9.0.8", jest: "29.7.0", nock: "13.5.4", "ts-jest": "29.1.2" }, peerDependencies: { "@typescript-eslint/eslint-plugin": "6.15.0", "@typescript-eslint/parser": "6.15.0", commander: "11.1.0", esbuild: "0.19.10", eslint: "8.56.0", "node-forge": "1.3.1", prettier: "3.1.1", prompts: "2.4.2", typescript: "5.3.3", uuid: "9.0.1" } };
|
|
53
53
|
|
|
54
54
|
// src/lib/k8s.ts
|
|
55
55
|
var import_kubernetes_fluent_client = require("kubernetes-fluent-client");
|
package/dist/lib/filter.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAa,MAAM,OAAO,CAAC;AAEpD,OAAO,EAAE,OAAO,EAAS,MAAM,SAAS,CAAC;AAEzC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAa,MAAM,OAAO,CAAC;AAEpD,OAAO,EAAE,OAAO,EAAS,MAAM,SAAS,CAAC;AAEzC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,EAAE,WA+FxG"}
|
package/dist/lib/queue.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queue.d.ts","sourceRoot":"","sources":["../../src/lib/queue.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAS3D;;GAEG;AACH,qBAAa,KAAK,CAAC,CAAC,SAAS,gBAAgB;;;IAS3C,YAAY,CAAC,SAAS,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC;IAG7D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"queue.d.ts","sourceRoot":"","sources":["../../src/lib/queue.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAS3D;;GAEG;AACH,qBAAa,KAAK,CAAC,CAAC,SAAS,gBAAgB;;;IAS3C,YAAY,CAAC,SAAS,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC;IAG7D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,CAAC;CAoDhB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"watch-processor.d.ts","sourceRoot":"","sources":["../../src/lib/watch-processor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"watch-processor.d.ts","sourceRoot":"","sources":["../../src/lib/watch-processor.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAO1C,wBAAgB,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,QAMpD"}
|
package/dist/lib.js
CHANGED
|
@@ -190,6 +190,7 @@ function shouldSkipRequest(binding, req, capabilityNamespaces) {
|
|
|
190
190
|
const { group, kind: kind3, version } = binding.kind || {};
|
|
191
191
|
const { namespaces, labels, annotations, name } = binding.filters || {};
|
|
192
192
|
const operation = req.operation.toUpperCase();
|
|
193
|
+
const uid = req.uid;
|
|
193
194
|
const srcObject = operation === "DELETE" /* DELETE */ ? req.oldObject : req.object;
|
|
194
195
|
const { metadata } = srcObject || {};
|
|
195
196
|
const combinedNamespaces = [...namespaces, ...capabilityNamespaces];
|
|
@@ -221,28 +222,28 @@ function shouldSkipRequest(binding, req, capabilityNamespaces) {
|
|
|
221
222
|
type = "Watch";
|
|
222
223
|
label = binding.watchCallback.name;
|
|
223
224
|
}
|
|
224
|
-
logger_default.debug(`${type} binding (${label}) does not match request namespace "${req.namespace}"`);
|
|
225
|
+
logger_default.debug({ uid }, `${type} binding (${label}) does not match request namespace "${req.namespace}"`);
|
|
225
226
|
return true;
|
|
226
227
|
}
|
|
227
228
|
for (const [key, value] of Object.entries(labels)) {
|
|
228
229
|
const testKey = metadata?.labels?.[key];
|
|
229
230
|
if (!testKey) {
|
|
230
|
-
logger_default.debug(`Label ${key} does not exist`);
|
|
231
|
+
logger_default.debug({ uid }, `Label ${key} does not exist`);
|
|
231
232
|
return true;
|
|
232
233
|
}
|
|
233
234
|
if (value && testKey !== value) {
|
|
234
|
-
logger_default.debug(`${testKey} does not match ${value}`);
|
|
235
|
+
logger_default.debug({ uid }, `${testKey} does not match ${value}`);
|
|
235
236
|
return true;
|
|
236
237
|
}
|
|
237
238
|
}
|
|
238
239
|
for (const [key, value] of Object.entries(annotations)) {
|
|
239
240
|
const testKey = metadata?.annotations?.[key];
|
|
240
241
|
if (!testKey) {
|
|
241
|
-
logger_default.debug(`Annotation ${key} does not exist`);
|
|
242
|
+
logger_default.debug({ uid }, `Annotation ${key} does not exist`);
|
|
242
243
|
return true;
|
|
243
244
|
}
|
|
244
245
|
if (value && testKey !== value) {
|
|
245
|
-
logger_default.debug(`${testKey} does not match ${value}`);
|
|
246
|
+
logger_default.debug({ uid }, `${testKey} does not match ${value}`);
|
|
246
247
|
return true;
|
|
247
248
|
}
|
|
248
249
|
}
|
|
@@ -646,9 +647,9 @@ var PeprControllerStore = class {
|
|
|
646
647
|
}
|
|
647
648
|
} else {
|
|
648
649
|
for (const { name: name2, registerStore } of capabilities) {
|
|
649
|
-
const { store
|
|
650
|
-
|
|
651
|
-
this.#stores[name2] =
|
|
650
|
+
const { store } = registerStore();
|
|
651
|
+
store.registerSender(this.#send(name2));
|
|
652
|
+
this.#stores[name2] = store;
|
|
652
653
|
}
|
|
653
654
|
}
|
|
654
655
|
setTimeout(
|
|
@@ -660,10 +661,10 @@ var PeprControllerStore = class {
|
|
|
660
661
|
const watcher = (0, import_kubernetes_fluent_client2.K8s)(PeprStore, { name: this.#name, namespace }).Watch(this.#receive);
|
|
661
662
|
watcher.start().catch((e) => logger_default.error(e, "Error starting Pepr store watch"));
|
|
662
663
|
};
|
|
663
|
-
#receive = (
|
|
664
|
-
logger_default.debug(
|
|
664
|
+
#receive = (store) => {
|
|
665
|
+
logger_default.debug(store, "Pepr Store update");
|
|
665
666
|
const debounced = () => {
|
|
666
|
-
const data =
|
|
667
|
+
const data = store.data || {};
|
|
667
668
|
for (const name of Object.keys(this.#stores)) {
|
|
668
669
|
const offset = `${name}-`.length;
|
|
669
670
|
const filtered = {};
|
|
@@ -903,7 +904,7 @@ var Controller = class _Controller {
|
|
|
903
904
|
const responseList = Array.isArray(response) ? response : [response];
|
|
904
905
|
responseList.map((res2) => {
|
|
905
906
|
this.#afterHook && this.#afterHook(res2);
|
|
906
|
-
logger_default.
|
|
907
|
+
logger_default.info({ ...reqMetadata, res: res2 }, "Check response");
|
|
907
908
|
});
|
|
908
909
|
let kubeAdmissionResponse;
|
|
909
910
|
if (admissionKind === "Mutate") {
|
|
@@ -980,7 +981,6 @@ var Controller = class _Controller {
|
|
|
980
981
|
};
|
|
981
982
|
|
|
982
983
|
// src/lib/watch-processor.ts
|
|
983
|
-
var import_crypto = require("crypto");
|
|
984
984
|
var import_kubernetes_fluent_client4 = require("kubernetes-fluent-client");
|
|
985
985
|
var import_types2 = require("kubernetes-fluent-client/dist/fluent/types");
|
|
986
986
|
|
|
@@ -1015,20 +1015,27 @@ var Queue = class {
|
|
|
1015
1015
|
* @returns A promise that resolves when the webapp is reconciled
|
|
1016
1016
|
*/
|
|
1017
1017
|
async #dequeue() {
|
|
1018
|
-
if (this.#pendingPromise)
|
|
1018
|
+
if (this.#pendingPromise) {
|
|
1019
|
+
logger_default.debug("Pending promise, not dequeuing");
|
|
1019
1020
|
return false;
|
|
1021
|
+
}
|
|
1020
1022
|
const element = this.#queue.shift();
|
|
1021
|
-
if (!element)
|
|
1023
|
+
if (!element) {
|
|
1024
|
+
logger_default.debug("No element, not dequeuing");
|
|
1022
1025
|
return false;
|
|
1026
|
+
}
|
|
1023
1027
|
try {
|
|
1024
1028
|
this.#pendingPromise = true;
|
|
1025
1029
|
if (this.#reconcile) {
|
|
1030
|
+
logger_default.debug(`Reconciling ${element.item.metadata.name}`);
|
|
1026
1031
|
await this.#reconcile(element.item);
|
|
1027
1032
|
}
|
|
1028
1033
|
element.resolve();
|
|
1029
1034
|
} catch (e) {
|
|
1035
|
+
logger_default.debug(`Error reconciling ${element.item.metadata.name}`, { error: e });
|
|
1030
1036
|
element.reject(e);
|
|
1031
1037
|
} finally {
|
|
1038
|
+
logger_default.debug("Resetting pending promise and dequeuing");
|
|
1032
1039
|
this.#pendingPromise = false;
|
|
1033
1040
|
await this.#dequeue();
|
|
1034
1041
|
}
|
|
@@ -1090,7 +1097,6 @@ var filterMatcher = (binding, obj, capabilityNamespaces) => {
|
|
|
1090
1097
|
};
|
|
1091
1098
|
|
|
1092
1099
|
// src/lib/watch-processor.ts
|
|
1093
|
-
var store = {};
|
|
1094
1100
|
function setupWatch(capabilities) {
|
|
1095
1101
|
capabilities.map(
|
|
1096
1102
|
(capability) => capability.bindings.filter((binding) => binding.isWatch).forEach((bindingElement) => runBinding(bindingElement, capability.namespaces))
|
|
@@ -1145,18 +1151,11 @@ async function runBinding(binding, capabilityNamespaces) {
|
|
|
1145
1151
|
}
|
|
1146
1152
|
}, watchCfg);
|
|
1147
1153
|
}
|
|
1148
|
-
const cacheSuffix = (0, import_crypto.createHash)("sha224").update(binding.watchCallback.toString()).digest("hex").substring(0, 5);
|
|
1149
|
-
const cacheID = [watcher.getCacheID(), cacheSuffix].join("-");
|
|
1150
1154
|
watcher.events.on(import_kubernetes_fluent_client4.WatchEvent.GIVE_UP, (err) => {
|
|
1151
1155
|
logger_default.error(err, "Watch failed after 5 attempts, giving up");
|
|
1152
1156
|
process.exit(1);
|
|
1153
1157
|
});
|
|
1154
1158
|
try {
|
|
1155
|
-
const resourceVersion = store[cacheID];
|
|
1156
|
-
if (resourceVersion) {
|
|
1157
|
-
logger_default.debug(`Starting watch ${binding.model.name} from version ${resourceVersion}`);
|
|
1158
|
-
watcher.resourceVersion = resourceVersion;
|
|
1159
|
-
}
|
|
1160
1159
|
await watcher.start();
|
|
1161
1160
|
} catch (err) {
|
|
1162
1161
|
logger_default.error(err, "Error starting watch");
|
|
@@ -1354,8 +1353,8 @@ var OnSchedule = class {
|
|
|
1354
1353
|
this.startTime = schedule?.startTime;
|
|
1355
1354
|
this.completions = schedule?.completions;
|
|
1356
1355
|
}
|
|
1357
|
-
setStore(
|
|
1358
|
-
this.store =
|
|
1356
|
+
setStore(store) {
|
|
1357
|
+
this.store = store;
|
|
1359
1358
|
this.startInterval();
|
|
1360
1359
|
}
|
|
1361
1360
|
startInterval() {
|