pepr 0.28.5 → 0.28.7

package/package.json

@@ -9,7 +9,7 @@
   "engines": {
     "node": ">=18.0.0"
   },
-  "version": "0.28.5",
+  "version": "0.28.7",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -32,12 +32,12 @@
   },
   "dependencies": {
     "@types/ramda": "0.29.11",
-    "express": "4.19.1",
+    "express": "4.19.2",
     "fast-json-patch": "3.1.1",
     "kubernetes-fluent-client": "2.3.0",
     "pino": "8.19.0",
     "pino-pretty": "11.0.0",
-    "prom-client": "15.1.0",
+    "prom-client": "15.1.1",
     "ramda": "0.29.1"
   },
   "devDependencies": {

package/src/lib/helpers.ts

@@ -1,11 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
+import { promises as fs } from "fs";
 import { K8s, KubernetesObject, kind } from "kubernetes-fluent-client";
 import Log from "./logger";
-import { CapabilityExport } from "./types";
-import { promises as fs } from "fs";
-import { Binding } from "./types";
+import { Binding, CapabilityExport } from "./types";
 
 type RBACMap = {
   [key: string]: {
@@ -47,11 +46,11 @@ export function checkOverlap(bindingFilters: Record<string, string>, objectFilte
 /**
  * Decide to run callback after the event comes back from API Server
  **/
-export const filterMatcher = (
+export function filterNoMatchReason(
   binding: Partial<Binding>,
   obj: Partial<KubernetesObject>,
   capabilityNamespaces: string[],
-): string => {
+): string {
   // binding kind is namespace with a InNamespace filter
   if (binding.kind && binding.kind.kind === "Namespace" && binding.filters && binding.filters.namespaces.length !== 0) {
     return `Ignoring Watch Callback: Cannot use a namespace filter in a namespace object.`;
@@ -116,14 +115,15 @@ export const filterMatcher = (
 
   // no problems
   return "";
-};
-export const addVerbIfNotExists = (verbs: string[], verb: string) => {
+}
+
+export function addVerbIfNotExists(verbs: string[], verb: string) {
   if (!verbs.includes(verb)) {
     verbs.push(verb);
   }
-};
+}
 
-export const createRBACMap = (capabilities: CapabilityExport[]): RBACMap => {
+export function createRBACMap(capabilities: CapabilityExport[]): RBACMap {
   return capabilities.reduce((acc: RBACMap, capability: CapabilityExport) => {
     capability.bindings.forEach(binding => {
       const key = `${binding.kind.group}/${binding.kind.version}/${binding.kind.kind}`;
@@ -148,7 +148,7 @@ export const createRBACMap = (capabilities: CapabilityExport[]): RBACMap => {
 
     return acc;
   }, {});
-};
+}
 
 export async function createDirectoryIfNotExists(path: string) {
   try {

package/src/lib/queue.ts

@@ -1,10 +1,12 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 import { KubernetesObject } from "@kubernetes/client-node";
+import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
 import Log from "./logger";
 
 type QueueItem<K extends KubernetesObject> = {
   item: K;
+  type: WatchPhase;
   resolve: (value: void | PromiseLike<void>) => void;
   reject: (reason?: string) => void;
 };
@@ -15,15 +17,16 @@ type QueueItem<K extends KubernetesObject> = {
 export class Queue<K extends KubernetesObject> {
   #queue: QueueItem<K>[] = [];
   #pendingPromise = false;
-  #reconcile?: (...args: unknown[]) => Promise<void>;
+  #reconcile?: (obj: KubernetesObject, type: WatchPhase) => Promise<void>;
 
   constructor() {
     this.#reconcile = async () => await new Promise(resolve => resolve());
   }
 
-  setReconcile(reconcile: (...args: unknown[]) => Promise<void>) {
+  setReconcile(reconcile: (obj: KubernetesObject, type: WatchPhase) => Promise<void>) {
     this.#reconcile = reconcile;
   }
+
   /**
    * Enqueue adds an item to the queue and returns a promise that resolves when the item is
    * reconciled.
@@ -31,10 +34,10 @@ export class Queue<K extends KubernetesObject> {
    * @param item The object to reconcile
    * @returns A promise that resolves when the object is reconciled
    */
-  enqueue(item: K) {
+  enqueue(item: K, type: WatchPhase) {
     Log.debug(`Enqueueing ${item.metadata!.namespace}/${item.metadata!.name}`);
     return new Promise<void>((resolve, reject) => {
-      this.#queue.push({ item, resolve, reject });
+      this.#queue.push({ item, type, resolve, reject });
       return this.#dequeue();
     });
   }
@@ -67,7 +70,7 @@ export class Queue<K extends KubernetesObject> {
       // Reconcile the element
       if (this.#reconcile) {
         Log.debug(`Reconciling ${element.item.metadata!.name}`);
-        await this.#reconcile(element.item);
+        await this.#reconcile(element.item, element.type);
       }
 
       element.resolve();

package/src/lib/watch-processor.ts

@@ -1,15 +1,33 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import { K8s, WatchCfg, WatchEvent } from "kubernetes-fluent-client";
+import { K8s, KubernetesObject, WatchCfg, WatchEvent } from "kubernetes-fluent-client";
 import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
-import { Queue } from "./queue";
 import { Capability } from "./capability";
+import { filterNoMatchReason } from "./helpers";
 import Log from "./logger";
+import { Queue } from "./queue";
 import { Binding, Event } from "./types";
-import { Watcher } from "kubernetes-fluent-client/dist/fluent/watch";
-import { GenericClass } from "kubernetes-fluent-client";
-import { filterMatcher } from "./helpers";
 
+// Watch configuration
+const watchCfg: WatchCfg = {
+  retryMax: 5,
+  retryDelaySec: 5,
+};
+
+// Map the event to the watch phase
+const eventToPhaseMap = {
+  [Event.Create]: [WatchPhase.Added],
+  [Event.Update]: [WatchPhase.Modified],
+  [Event.CreateOrUpdate]: [WatchPhase.Added, WatchPhase.Modified],
+  [Event.Delete]: [WatchPhase.Deleted],
+  [Event.Any]: [WatchPhase.Added, WatchPhase.Modified, WatchPhase.Deleted],
+};
+
+/**
+ * Entrypoint for setting up watches for all capabilities
+ *
+ * @param capabilities The capabilities to load watches for
+ */
 export function setupWatch(capabilities: Capability[]) {
   capabilities.map(capability =>
     capability.bindings
@@ -18,69 +36,50 @@ export function setupWatch(capabilities: Capability[]) {
   );
 }
 
+/**
+ * Setup a watch for a binding
+ *
+ * @param binding the binding to watch
+ * @param capabilityNamespaces list of namespaces to filter on
+ */
 async function runBinding(binding: Binding, capabilityNamespaces: string[]) {
-  // Map the event to the watch phase
-  const eventToPhaseMap = {
-    [Event.Create]: [WatchPhase.Added],
-    [Event.Update]: [WatchPhase.Modified],
-    [Event.CreateOrUpdate]: [WatchPhase.Added, WatchPhase.Modified],
-    [Event.Delete]: [WatchPhase.Deleted],
-    [Event.Any]: [WatchPhase.Added, WatchPhase.Modified, WatchPhase.Deleted],
-  };
-
-  // Get the phases to match, default to any
+  // Get the phases to match, fallback to any
   const phaseMatch: WatchPhase[] = eventToPhaseMap[binding.event] || eventToPhaseMap[Event.Any];
 
-  const watchCfg: WatchCfg = {
-    retryMax: 5,
-    retryDelaySec: 5,
+  // The watch callback is run when an object is received or dequeued
+  const watchCallback = async (obj: KubernetesObject, type: WatchPhase) => {
+    // First, filter the object based on the phase
+    if (phaseMatch.includes(type)) {
+      try {
+        // Then, check if the object matches the filter
+        const filterMatch = filterNoMatchReason(binding, obj, capabilityNamespaces);
+        if (filterMatch === "") {
+          await binding.watchCallback?.(obj, type);
+        } else {
+          Log.debug(filterMatch);
+        }
+      } catch (e) {
+        // Errors in the watch callback should not crash the controller
+        Log.error(e, "Error executing watch callback");
+      }
+    }
   };
 
-  let watcher: Watcher<GenericClass>;
-  if (binding.isQueue) {
-    const queue = new Queue();
-    // Watch the resource
-    watcher = K8s(binding.model, binding.filters).Watch(async (obj, type) => {
-      Log.debug(obj, `Watch event ${type} received`);
+  const queue = new Queue();
+  queue.setReconcile(watchCallback);
 
-      // If the type matches the phase, call the watch callback
-      if (phaseMatch.includes(type)) {
-        try {
-          const filterMatch = filterMatcher(binding, obj, capabilityNamespaces);
-          if (filterMatch === "") {
-            queue.setReconcile(async () => await binding.watchCallback?.(obj, type));
-            // Enqueue the object for reconciliation through callback
-            await queue.enqueue(obj);
-          } else {
-            Log.debug(filterMatch);
-          }
-        } catch (e) {
-          // Errors in the watch callback should not crash the controller
-          Log.error(e, "Error executing watch callback");
-        }
-      }
-    }, watchCfg);
-  } else {
-    // Watch the resource
-    watcher = K8s(binding.model, binding.filters).Watch(async (obj, type) => {
-      Log.debug(obj, `Watch event ${type} received`);
+  // Setup the resource watch
+  const watcher = K8s(binding.model, binding.filters).Watch(async (obj, type) => {
+    Log.debug(obj, `Watch event ${type} received`);
 
-      // If the type matches the phase, call the watch callback
-      if (phaseMatch.includes(type)) {
-        try {
-          const filterMatch = filterMatcher(binding, obj, capabilityNamespaces);
-          if (filterMatch === "") {
-            await binding.watchCallback?.(obj, type);
-          } else {
-            Log.debug(filterMatch);
-          }
-        } catch (e) {
-          // Errors in the watch callback should not crash the controller
-          Log.error(e, "Error executing watch callback");
-        }
-      }
-    }, watchCfg);
-  }
+    // If the binding is a queue, enqueue the object
+    if (binding.isQueue) {
+      await queue.enqueue(obj, type);
+    } else {
+      // Otherwise, run the watch callback directly
+      await watchCallback(obj, type);
+    }
+  }, watchCfg);
 
   // If failure continues, log and exit
   watcher.events.on(WatchEvent.GIVE_UP, err => {