pepr 0.3.0-rc0 → 0.3.1

package/README.md

@@ -9,7 +9,7 @@ Pepr is on a mission to save Kubernetes from the tyranny of YAML, intimidating g
 - Zero-config K8s webhook mutations and [validations soon](https://github.com/defenseunicorns/pepr/issues/73).
 - Human-readable fluent API for generating [Pepr Capabilities](#capability)
 - Generate new K8s resources based off of cluster resource changes
-- Perform other exec/API calls based off of cluster resources changes or any other abitrary schedule
+- Perform other exec/API calls based off of cluster resources changes or any other arbitrary schedule
 - Out of the box airgap support with [Zarf](https://zarf.dev)
 - Entire NPM ecosystem available for advanced operations
 - Realtime K8s debugging system for testing/reacting to cluster changes
@@ -76,7 +76,7 @@ https://user-images.githubusercontent.com/882485/230895880-c5623077-f811-4870-bb
 
 ### Module
 
-A module is the top-level collection of capabilities. It is a single, complete TypeScript project that includes an entry point to load all the configuration and capabilities, along with their CapabilityActions. During the Pepr build process, each module produces a unique Kubernetes MutatingWebhookConfiguration and ValidatingWebhookConfiguration, along with a secret containing the transpiled and compressed TypeScript code. The webhooks and secret are deployed into the Kubernetes cluster for processing by a common Pepr controller.
+A module is the top-level collection of capabilities. It is a single, complete TypeScript project that includes an entry point to load all the configuration and capabilities, along with their CapabilityActions. During the Pepr build process, each module produces a unique Kubernetes MutatingWebhookConfiguration and ValidatingWebhookConfiguration, along with a secret containing the transpiled and compressed TypeScript code. The webhooks and secret are deployed into the Kubernetes cluster with their own isolated controller.
 
 See [Module](./docs/module.md) for more details.
 
@@ -95,50 +95,7 @@ For example, a CapabilityAction could be responsible for adding a specific label
 See [CapabilityActions](./docs/actions.md) for more details.
 
 ## Logical Pepr Flow
-
-```mermaid
-graph LR
-
-subgraph "Module 3 (Validate Only)"
-    direction LR
-    Q[entrypoint 3] --> R[Validate Webhook];
-    R --> S[Capability a <br><i>- action 1<br>- action 2</i>];
-    S --> T[Capability b <br><i>- action 1<br>- action 2</i>];
-end
-
-subgraph "Module 2 (Mutate Only)"
-    direction LR
-    K[entrypoint 2] --> L[Mutate Webhook];
-    L --> M[Capability a <br><i>- action 1<br>- action 2</i>];
-    M --> N[Capability b <br><i>- action 1<br>- action 2<br>- action 3</i>];
-    N --> O[Capability c <br><i>- action 1</i>];
-end
-
-subgraph "Module 1 (Mutate & Validate)"
-    direction LR
-    A[entrypoint 1] --> B[Mutate Webhook];
-    A --> C[Validate Webhook];
-    B --> D[Capability a <br><i>- action 1</i>];
-    D --> E[Capability b <br><i>- action 1<br>- action 2</i>];
-    E --> F[Capability c <br><i>- action 1<br>- action 2</i>];
-    C --> G[Capability d <br><i>- action 1<br>- action 2</i>];
-    G --> H[Capability e <br><i>- action 1</i>];
-    H --> I[Capability f <br><i>- action 1<br>- action 2<br>- action 3</i>];
-end
-
-
-
-%% Defining node styles
-classDef Validate fill:#66ff66,color:#000;
-classDef Mutate fill:#5786ea,color:#000;
-
-
-class L,M,N,O Mutate;
-class B,D,E,F Mutate;
-
-class R,S,T Validate;
-class C,G,H,I Validate;
-```
+![Module Diagram](./.images/modules.svg)
 
 ## TypeScript
 

package/dist/package.json

@@ -9,15 +9,16 @@
     "engines": {
         "node": ">=18.0.0"
     },
-    "version": "0.3.0-rc0",
-    "main": "dist/index.js",
+    "version": "0.3.1",
+    "main": "dist/src/lib/index.js",
     "scripts": {
         "prebuild": "rm -fr dist/* && node hack/build-template-data.js",
         "build": "tsc",
+        "test": "npm run test:unit && npm run test:e2e",
         "test:unit": "npm run build && ava dist/**/*.test.js",
         "test:e2e": "npm run test:e2e:k3d && npm run test:e2e:build && npm run test:e2e:image && npm run test:e2e:run",
         "test:e2e:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0'",
-        "test:e2e:build": "npm run build && npm uninstall pepr -g && npm install -g . && pepr",
+        "test:e2e:build": "npm run build && npm pack && npm uninstall pepr -g && npm install -g pepr-0.0.0-development.tgz && pepr",
         "test:e2e:image": "docker buildx build --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev",
         "test:e2e:run": "ava hack/e2e.test.js --sequential --timeout=2m",
         "format:check": "eslint src && prettier src --check",
@@ -28,7 +29,7 @@
         "express": "4.18.2",
         "fast-json-patch": "3.1.1",
         "http-status-codes": "2.2.0",
-        "node-fetch": "2.6.9",
+        "node-fetch": "2.6.10",
         "ramda": "0.29.0"
     },
     "devDependencies": {
@@ -38,8 +39,8 @@
         "@types/prompts": "2.4.4",
         "@types/ramda": "0.29.1",
         "@types/uuid": "9.0.1",
-        "@typescript-eslint/eslint-plugin": "5.59.2",
-        "@typescript-eslint/parser": "5.59.2",
+        "@typescript-eslint/eslint-plugin": "5.59.5",
+        "@typescript-eslint/parser": "5.59.5",
         "ava": "5.2.0",
         "eslint": "8.40.0",
         "nock": "13.3.1",
@@ -54,6 +55,7 @@
         "node-forge": "1.3.1",
         "prompts": "2.4.2",
         "rollup": "3.21.5",
+        "ts-node": "10.9.1",
         "typescript": "5.0.4",
         "uuid": "9.0.0"
     },

package/dist/src/cli/build.js

@@ -65,7 +65,7 @@ async function buildModule() {
         const { uuid } = cfg.pepr;
         const name = `pepr-${uuid}.js`;
         // Read the module's version from the package.json file
-        if (cfg.dependencies.pepr && cfg.dependencies.pepr !== "file:../") {
+        if (cfg.dependencies.pepr && !cfg.dependencies.pepr.includes("file:")) {
             const versionMatch = /(\d+\.\d+\.\d+)/.exec(cfg.dependencies.pepr);
             if (!versionMatch || versionMatch.length < 2) {
                 throw new Error("Could not find the Pepr version in package.json");

package/dist/src/cli/dev.js

@@ -91,9 +91,12 @@ function default_1(program) {
 exports.default = default_1;
 async function runDev() {
     try {
-        const { path } = await (0, build_1.buildModule)();
+        const path = (0, path_1.resolve)(".", "pepr.ts");
         logger_1.default.info(`Running module ${path}`);
         const program = (0, child_process_1.fork)(path, {
+            // Register ts-node
+            execArgv: ["-r", "ts-node/register"],
+            // Pass the environment variables
             env: {
                 ...process.env,
                 LOG_LEVEL: "debug",

package/dist/src/cli/init/index.js

@@ -23,7 +23,7 @@ function default_1(program) {
         // Overrides for testing. @todo: don't be so gross with Node CLI testing
         if (process.env.TEST_MODE === "true") {
             prompts_1.default.inject(["pepr-test-module", "A test module for Pepr", "ignore", "y"]);
-            pkgOverride = "file:../";
+            pkgOverride = "file:../pepr-0.0.0-development.tgz";
         }
         const response = await (0, walkthrough_1.walkthrough)();
         const dirName = (0, utils_1.sanitizeName)(response.name);

package/dist/src/lib/capability.d.ts

@@ -0,0 +1,29 @@
+import { GroupVersionKind } from "./k8s";
+import { Binding, CapabilityCfg, GenericClass, HookPhase, WhenSelector } from "./types";
+/**
+ * A capability is a unit of functionality that can be registered with the Pepr runtime.
+ */
+export declare class Capability implements CapabilityCfg {
+    private _name;
+    private _description;
+    private _namespaces?;
+    private _mutateOrValidate;
+    private _bindings;
+    get bindings(): Binding[];
+    get name(): string;
+    get description(): string;
+    get namespaces(): string[];
+    get mutateOrValidate(): HookPhase;
+    constructor(cfg: CapabilityCfg);
+    /**
+     * The When method is used to register a capability action to be executed when a Kubernetes resource is
+     * processed by Pepr. The action will be executed if the resource matches the specified kind and any
+     * filters that are applied.
+     *
+     * @param model the KubernetesObject model to match
+     * @param kind if using a custom KubernetesObject not available in `a.*`, specify the GroupVersionKind
+     * @returns
+     */
+    When: <T extends GenericClass>(model: T, kind?: GroupVersionKind) => WhenSelector<T>;
+}
+//# sourceMappingURL=capability.d.ts.map

package/dist/src/lib/capability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability.d.ts","sourceRoot":"","sources":["../../../src/lib/capability.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,OAAO,CAAC;AAElE,OAAO,EAEL,OAAO,EAIP,aAAa,EAGb,YAAY,EACZ,SAAS,EACT,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,qBAAa,UAAW,YAAW,aAAa;IAC9C,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAC,CAAuB;IAG3C,OAAO,CAAC,iBAAiB,CAAoB;IAE7C,OAAO,CAAC,SAAS,CAAiB;IAElC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAExB;IAED,IAAI,IAAI,WAEP;IAED,IAAI,WAAW,WAEd;IAED,IAAI,UAAU,aAEb;IAED,IAAI,gBAAgB,cAEnB;gBAEW,GAAG,EAAE,aAAa;IAQ9B;;;;;;;;OAQG;IACH,IAAI,4CAA6C,gBAAgB,qBAuF/D;CACH"}

package/dist/src/lib/controller.d.ts

@@ -0,0 +1,18 @@
+import { Capability } from "./capability";
+import { Request, Response } from "./k8s/types";
+import { ModuleConfig } from "./types";
+export declare class Controller {
+    private readonly config;
+    private readonly capabilities;
+    private readonly beforeHook?;
+    private readonly afterHook?;
+    private readonly app;
+    private running;
+    constructor(config: ModuleConfig, capabilities: Capability[], beforeHook?: ((req: Request) => void) | undefined, afterHook?: ((res: Response) => void) | undefined);
+    /** Start the webhook server */
+    startServer: (port: number) => void;
+    private logger;
+    private healthz;
+    private mutate;
+}
+//# sourceMappingURL=controller.d.ts.map

package/dist/src/lib/controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../src/lib/controller.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAQvC,qBAAa,UAAU;IAKnB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IAC5B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;IAP7B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAa;IACjC,OAAO,CAAC,OAAO,CAAS;gBAGL,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE,UAAU,EAAE,EAC1B,UAAU,CAAC,SAAQ,OAAO,KAAK,IAAI,aAAA,EACnC,SAAS,CAAC,SAAQ,QAAQ,KAAK,IAAI,aAAA;IAuBtD,+BAA+B;IACxB,WAAW,SAAU,MAAM,UAoBhC;IAEF,OAAO,CAAC,MAAM,CAYZ;IAEF,OAAO,CAAC,OAAO,CAOb;IAEF,OAAO,CAAC,MAAM,CA+BZ;CACH"}

package/dist/src/lib/fetch.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="node" />
+import f, { RequestInfo, RequestInit } from "node-fetch";
+export { f as fetchRaw };
+export type FetchResponse<T> = {
+    data: T;
+    ok: boolean;
+    status: number;
+    statusText: string;
+};
+/**
+ * Perform an async HTTP call and return the parsed JSON response, optionally
+ * as a specific type.
+ *
+ * @example
+ * ```ts
+ * fetch<string[]>("https://example.com/api/foo");
+ * ```
+ *
+ * @param url The URL or Request object to fetch
+ * @param init Additional options for the request
+ * @returns
+ */
+export declare function fetch<T>(url: URL | RequestInfo, init?: RequestInit): Promise<FetchResponse<T>>;
+//# sourceMappingURL=fetch.d.ts.map

package/dist/src/lib/fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/lib/fetch.ts"],"names":[],"mappings":";AAIA,OAAO,CAAC,EAAE,EAAc,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAErE,OAAO,EAAE,CAAC,IAAI,QAAQ,EAAE,CAAC;AAEzB,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI;IAC7B,IAAI,EAAE,CAAC,CAAC;IACR,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,wBAAsB,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CA8CpG"}

package/dist/src/lib/filter.d.ts

@@ -0,0 +1,11 @@
+import { Request } from "./k8s";
+import { Binding } from "./types";
+/**
+ * shouldSkipRequest determines if a request should be skipped based on the binding filters.
+ *
+ * @param binding the capability action binding
+ * @param req the incoming request
+ * @returns
+ */
+export declare function shouldSkipRequest(binding: Binding, req: Request): boolean;
+//# sourceMappingURL=filter.d.ts.map

package/dist/src/lib/filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAEhC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,WAwE/D"}

package/dist/src/lib/index.d.ts

@@ -0,0 +1,15 @@
+import k8s from "@kubernetes/client-node";
+import { StatusCodes as fetchStatus } from "http-status-codes";
+import utils from "ramda";
+import { Capability } from "./capability";
+import { fetch, fetchRaw } from "./fetch";
+import { RegisterKind, a } from "./k8s";
+import Log from "./logger";
+import { PeprModule } from "./module";
+import { PeprRequest } from "./request";
+import type * as KubernetesClientNode from "@kubernetes/client-node";
+import type * as RamdaUtils from "ramda";
+export { a, 
+/** PeprModule is used to setup a complete Pepr Module: `new PeprModule(cfg, {...capabilities})` */
+PeprModule, PeprRequest, RegisterKind, Capability, Log, utils, fetch, fetchRaw, fetchStatus, k8s, RamdaUtils, KubernetesClientNode, };
+//# sourceMappingURL=index.d.ts.map

package/dist/src/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,yBAAyB,CAAC;AAC1C,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,MAAM,OAAO,CAAC;AACxC,OAAO,GAAG,MAAM,UAAU,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAGxC,OAAO,KAAK,KAAK,oBAAoB,MAAM,yBAAyB,CAAC;AACrE,OAAO,KAAK,KAAK,UAAU,MAAM,OAAO,CAAC;AAEzC,OAAO,EACL,CAAC;AACD,mGAAmG;AACnG,UAAU,EACV,WAAW,EACX,YAAY,EACZ,UAAU,EACV,GAAG,EACH,KAAK,EACL,KAAK,EACL,QAAQ,EACR,WAAW,EACX,GAAG,EAGH,UAAU,EACV,oBAAoB,GACrB,CAAC"}

package/dist/{index.js → src/lib/index.js}

@@ -10,17 +10,17 @@ const http_status_codes_1 = require("http-status-codes");
 Object.defineProperty(exports, "fetchStatus", { enumerable: true, get: function () { return http_status_codes_1.StatusCodes; } });
 const ramda_1 = __importDefault(require("ramda"));
 exports.utils = ramda_1.default;
-const capability_1 = require("./src/lib/capability");
+const capability_1 = require("./capability");
 Object.defineProperty(exports, "Capability", { enumerable: true, get: function () { return capability_1.Capability; } });
-const fetch_1 = require("./src/lib/fetch");
+const fetch_1 = require("./fetch");
 Object.defineProperty(exports, "fetch", { enumerable: true, get: function () { return fetch_1.fetch; } });
 Object.defineProperty(exports, "fetchRaw", { enumerable: true, get: function () { return fetch_1.fetchRaw; } });
-const k8s_1 = require("./src/lib/k8s");
+const k8s_1 = require("./k8s");
 Object.defineProperty(exports, "RegisterKind", { enumerable: true, get: function () { return k8s_1.RegisterKind; } });
 Object.defineProperty(exports, "a", { enumerable: true, get: function () { return k8s_1.a; } });
-const logger_1 = __importDefault(require("./src/lib/logger"));
+const logger_1 = __importDefault(require("./logger"));
 exports.Log = logger_1.default;
-const module_1 = require("./src/lib/module");
+const module_1 = require("./module");
 Object.defineProperty(exports, "PeprModule", { enumerable: true, get: function () { return module_1.PeprModule; } });
-const request_1 = require("./src/lib/request");
+const request_1 = require("./request");
 Object.defineProperty(exports, "PeprRequest", { enumerable: true, get: function () { return request_1.PeprRequest; } });

package/dist/src/lib/k8s/index.d.ts

@@ -0,0 +1,6 @@
+import * as kind from "./upstream";
+/** a is a collection of K8s types to be used within a CapabilityAction: `When(a.Configmap)` */
+export { kind as a };
+export { modelToGroupVersionKind, gvkMap, RegisterKind } from "./kinds";
+export * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/lib/k8s/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,IAAI,MAAM,YAAY,CAAC;AACnC,+FAA+F;AAC/F,OAAO,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC;AAErB,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAExE,cAAc,SAAS,CAAC"}

package/dist/src/lib/k8s/kinds.d.ts

@@ -0,0 +1,12 @@
+import { GenericClass } from "../types";
+import { GroupVersionKind } from "./types";
+export declare const gvkMap: Record<string, GroupVersionKind>;
+export declare function modelToGroupVersionKind(key: string): GroupVersionKind;
+/**
+ * Registers a new model and GroupVersionKind with Pepr for use with `When(a.<Kind>)`
+ *
+ * @param model Used to match the GroupVersionKind and define the type-data for the request
+ * @param groupVersionKind Contains the match parameters to determine the request should be handled
+ */
+export declare const RegisterKind: (model: GenericClass, groupVersionKind: GroupVersionKind) => void;
+//# sourceMappingURL=kinds.d.ts.map

package/dist/src/lib/k8s/kinds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/kinds.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CA4cnD,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAErE;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,UAAW,YAAY,oBAAoB,gBAAgB,SAUnF,CAAC"}

package/dist/src/lib/k8s/tls.d.ts

@@ -0,0 +1,18 @@
+export interface TLSOut {
+    ca: string;
+    crt: string;
+    key: string;
+    pem: {
+        ca: string;
+        crt: string;
+        key: string;
+    };
+}
+/**
+ * Generates a self-signed CA and server certificate with Subject Alternative Names (SANs) for the K8s webhook.
+ *
+ * @param {string} name - The name to use for the server certificate's Common Name and SAN DNS entry.
+ * @returns {TLSOut} - An object containing the Base64-encoded CA, server certificate, and server private key.
+ */
+export declare function genTLS(name: string): TLSOut;
+//# sourceMappingURL=tls.d.ts.map

package/dist/src/lib/k8s/tls.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/tls.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE;QACH,EAAE,EAAE,MAAM,CAAC;QACX,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAED;;;;;GAKG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAyC3C"}

package/dist/src/lib/k8s/types.d.ts

@@ -0,0 +1,148 @@
+import { V1ListMeta, V1ObjectMeta } from "@kubernetes/client-node";
+export declare enum Operation {
+    CREATE = "CREATE",
+    UPDATE = "UPDATE",
+    DELETE = "DELETE",
+    CONNECT = "CONNECT"
+}
+export interface KubernetesObject {
+    apiVersion?: string;
+    kind?: string;
+    metadata?: V1ObjectMeta;
+}
+export interface KubernetesListObject<T extends KubernetesObject> {
+    apiVersion?: string;
+    kind?: string;
+    metadata?: V1ListMeta;
+    items: T[];
+}
+/**
+ * GenericKind is a generic Kubernetes object that can be used to represent any Kubernetes object
+ * that is not explicitly supported by Pepr. This can be used on its own or as a base class for
+ * other types. See the examples in `HelloPepr.ts` for more information.
+ */
+export declare class GenericKind {
+    apiVersion?: string;
+    kind?: string;
+    metadata?: V1ObjectMeta;
+    [key: string]: any;
+}
+/**
+ * GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
+ * to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
+ **/
+export interface GroupVersionKind {
+    /** The K8s resource kind, e..g "Pod". */
+    readonly kind: string;
+    readonly group: string;
+    readonly version?: string;
+}
+/**
+ * GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
+ * to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
+ */
+export interface GroupVersionResource {
+    readonly group: string;
+    readonly version: string;
+    readonly resource: string;
+}
+/**
+ * A Kubernetes admission request to be processed by a capability.
+ */
+export interface Request<T = KubernetesObject> {
+    /** UID is an identifier for the individual request/response. */
+    readonly uid: string;
+    /** Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) */
+    readonly kind: GroupVersionKind;
+    /** Resource is the fully-qualified resource being requested (for example, v1.pods) */
+    readonly resource: GroupVersionResource;
+    /** SubResource is the sub-resource being requested, if any (for example, "status" or "scale") */
+    readonly subResource?: string;
+    /** RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). */
+    readonly requestKind?: GroupVersionKind;
+    /** RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). */
+    readonly requestResource?: GroupVersionResource;
+    /** RequestSubResource is the sub-resource of the original API request, if any (for example, "status" or "scale"). */
+    readonly requestSubResource?: string;
+    /**
+     * Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
+     * rely on the server to generate the name. If that is the case, this method will return the empty string.
+     */
+    readonly name: string;
+    /** Namespace is the namespace associated with the request (if any). */
+    readonly namespace?: string;
+    /**
+     * Operation is the operation being performed. This may be different than the operation
+     * requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
+     */
+    readonly operation: Operation;
+    /** UserInfo is information about the requesting user */
+    readonly userInfo: {
+        /** The name that uniquely identifies this user among all active users. */
+        username?: string;
+        /**
+         * A unique value that identifies this user across time. If this user is deleted
+         * and another user by the same name is added, they will have different UIDs.
+         */
+        uid?: string;
+        /** The names of groups this user is a part of. */
+        groups?: string[];
+        /** Any additional information provided by the authenticator. */
+        extra?: {
+            [key: string]: string[];
+        };
+    };
+    /** Object is the object from the incoming request prior to default values being applied */
+    readonly object: T;
+    /** OldObject is the existing object. Only populated for UPDATE requests. */
+    readonly oldObject?: T;
+    /** DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. */
+    readonly dryRun?: boolean;
+    /**
+     * Options contains the options for the operation being performed.
+     * e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
+     * different than the options the caller provided. e.g. for a patch request the performed
+     * Operation might be a CREATE, in which case the Options will a
+     * `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
+     */
+    readonly options?: any;
+}
+export interface Response {
+    /** UID is an identifier for the individual request/response. This must be copied over from the corresponding AdmissionRequest. */
+    uid: string;
+    /** Allowed indicates whether or not the admission request was permitted. */
+    allowed: boolean;
+    /** Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if "Allowed" is "true". */
+    result?: string;
+    /** The patch body. Currently we only support "JSONPatch" which implements RFC 6902. */
+    patch?: string;
+    /** The type of Patch. Currently we only allow "JSONPatch". */
+    patchType?: "JSONPatch";
+    /** AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). */
+    auditAnnotations?: {
+        [key: string]: string;
+    };
+    /** warnings is a list of warning messages to return to the requesting API client. */
+    warnings?: string[];
+}
+export type WebhookIgnore = {
+    /**
+     * List of Kubernetes namespaces to always ignore.
+     * Any resources in these namespaces will be ignored by Pepr.
+     *
+     * Note: `kube-system` and `pepr-system` are always ignored.
+     */
+    namespaces?: string[];
+    /**
+     * List of Kubernetes labels to always ignore.
+     * Any resources with these labels will be ignored by Pepr.
+     *
+     * The example below will ignore any resources with the label `my-label=ulta-secret`:
+     * ```
+     * alwaysIgnore:
+     *   labels: [{ "my-label": "ultra-secret" }]
+     * ```
+     */
+    labels?: Record<string, string>[];
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/src/lib/k8s/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEnE,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;CACzB;AACD,MAAM,WAAW,oBAAoB,CAAC,CAAC,SAAS,gBAAgB;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,KAAK,EAAE,CAAC,EAAE,CAAC;CACZ;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;IAExB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;;IAGI;AACJ,MAAM,WAAW,gBAAgB;IAC/B,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,OAAO,CAAC,CAAC,GAAG,gBAAgB;IAC3C,gEAAgE;IAChE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB,+GAA+G;IAC/G,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAEhC,sFAAsF;IACtF,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IAExC,iGAAiG;IACjG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,yHAAyH;IACzH,QAAQ,CAAC,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAExC,0GAA0G;IAC1G,QAAQ,CAAC,eAAe,CAAC,EAAE,oBAAoB,CAAC;IAEhD,qHAAqH;IACrH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAErC;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,uEAAuE;IACvE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B,wDAAwD;IACxD,QAAQ,CAAC,QAAQ,EAAE;QACjB,0EAA0E;QAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB;;;WAGG;QACH,GAAG,CAAC,EAAE,MAAM,CAAC;QAEb,kDAAkD;QAClD,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAElB,gEAAgE;QAChE,KAAK,CAAC,EAAE;YACN,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;SACzB,CAAC;KACH,CAAC;IAEF,2FAA2F;IAC3F,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAEnB,4EAA4E;IAC5E,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAEvB,gHAAgH;IAChH,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAE1B;;;;;;OAMG;IAEH,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,kIAAkI;IAClI,GAAG,EAAE,MAAM,CAAC;IAEZ,4EAA4E;IAC5E,OAAO,EAAE,OAAO,CAAC;IAEjB,6IAA6I;IAC7I,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,uFAAuF;IACvF,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,8DAA8D;IAC9D,SAAS,CAAC,EAAE,WAAW,CAAC;IAExB,2HAA2H;IAC3H,gBAAgB,CAAC,EAAE;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;KACvB,CAAC;IAEF,qFAAqF;IACrF,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;CACnC,CAAC"}

package/dist/src/lib/k8s/upstream.d.ts

@@ -0,0 +1,4 @@
+/** a is a colleciton of K8s types to be used within a CapabilityAction: `When(a.Configmap)` */
+export { V1APIService as APIService, V1CertificateSigningRequest as CertificateSigningRequest, V1ConfigMap as ConfigMap, V1ControllerRevision as ControllerRevision, V1CronJob as CronJob, V1CSIDriver as CSIDriver, V1CSIStorageCapacity as CSIStorageCapacity, V1CustomResourceDefinition as CustomResourceDefinition, V1DaemonSet as DaemonSet, V1Deployment as Deployment, V1EndpointSlice as EndpointSlice, V1HorizontalPodAutoscaler as HorizontalPodAutoscaler, V1Ingress as Ingress, V1IngressClass as IngressClass, V1Job as Job, V1LimitRange as LimitRange, V1LocalSubjectAccessReview as LocalSubjectAccessReview, V1MutatingWebhookConfiguration as MutatingWebhookConfiguration, V1Namespace as Namespace, V1NetworkPolicy as NetworkPolicy, V1Node as Node, V1PersistentVolume as PersistentVolume, V1PersistentVolumeClaim as PersistentVolumeClaim, V1Pod as Pod, V1PodDisruptionBudget as PodDisruptionBudget, V1PodTemplate as PodTemplate, V1ReplicaSet as ReplicaSet, V1ReplicationController as ReplicationController, V1ResourceQuota as ResourceQuota, V1RuntimeClass as RuntimeClass, V1Secret as Secret, V1SelfSubjectAccessReview as SelfSubjectAccessReview, V1SelfSubjectRulesReview as SelfSubjectRulesReview, V1Service as Service, V1ServiceAccount as ServiceAccount, V1StatefulSet as StatefulSet, V1StorageClass as StorageClass, V1SubjectAccessReview as SubjectAccessReview, V1TokenReview as TokenReview, V1ValidatingWebhookConfiguration as ValidatingWebhookConfiguration, V1VolumeAttachment as VolumeAttachment, } from "@kubernetes/client-node/dist";
+export { GenericKind } from "./types";
+//# sourceMappingURL=upstream.d.ts.map

package/dist/src/lib/k8s/upstream.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upstream.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/upstream.ts"],"names":[],"mappings":"AAGA,+FAA+F;AAC/F,OAAO,EACL,YAAY,IAAI,UAAU,EAC1B,2BAA2B,IAAI,yBAAyB,EACxD,WAAW,IAAI,SAAS,EACxB,oBAAoB,IAAI,kBAAkB,EAC1C,SAAS,IAAI,OAAO,EACpB,WAAW,IAAI,SAAS,EACxB,oBAAoB,IAAI,kBAAkB,EAC1C,0BAA0B,IAAI,wBAAwB,EACtD,WAAW,IAAI,SAAS,EACxB,YAAY,IAAI,UAAU,EAC1B,eAAe,IAAI,aAAa,EAChC,yBAAyB,IAAI,uBAAuB,EACpD,SAAS,IAAI,OAAO,EACpB,cAAc,IAAI,YAAY,EAC9B,KAAK,IAAI,GAAG,EACZ,YAAY,IAAI,UAAU,EAC1B,0BAA0B,IAAI,wBAAwB,EACtD,8BAA8B,IAAI,4BAA4B,EAC9D,WAAW,IAAI,SAAS,EACxB,eAAe,IAAI,aAAa,EAChC,MAAM,IAAI,IAAI,EACd,kBAAkB,IAAI,gBAAgB,EACtC,uBAAuB,IAAI,qBAAqB,EAChD,KAAK,IAAI,GAAG,EACZ,qBAAqB,IAAI,mBAAmB,EAC5C,aAAa,IAAI,WAAW,EAC5B,YAAY,IAAI,UAAU,EAC1B,uBAAuB,IAAI,qBAAqB,EAChD,eAAe,IAAI,aAAa,EAChC,cAAc,IAAI,YAAY,EAC9B,QAAQ,IAAI,MAAM,EAClB,yBAAyB,IAAI,uBAAuB,EACpD,wBAAwB,IAAI,sBAAsB,EAClD,SAAS,IAAI,OAAO,EACpB,gBAAgB,IAAI,cAAc,EAClC,aAAa,IAAI,WAAW,EAC5B,cAAc,IAAI,YAAY,EAC9B,qBAAqB,IAAI,mBAAmB,EAC5C,aAAa,IAAI,WAAW,EAC5B,gCAAgC,IAAI,8BAA8B,EAClE,kBAAkB,IAAI,gBAAgB,GACvC,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC"}

package/dist/src/lib/k8s/webhook.d.ts

@@ -0,0 +1,35 @@
+/// <reference types="node" />
+import { V1ClusterRole, V1ClusterRoleBinding, V1Deployment, V1MutatingWebhookConfiguration, V1Namespace, V1NetworkPolicy, V1Secret, V1Service, V1ServiceAccount } from "@kubernetes/client-node";
+import { ModuleConfig } from "../types";
+import { TLSOut } from "./tls";
+export declare class Webhook {
+    private readonly config;
+    private readonly host?;
+    private name;
+    private _tls;
+    image: string;
+    get tls(): TLSOut;
+    constructor(config: ModuleConfig, host?: string | undefined);
+    /** Generate the pepr-system namespace */
+    namespace(): V1Namespace;
+    /**
+     * Grants the controller access to cluster resources beyond the mutating webhook.
+     *
+     * @todo: should dynamically generate this based on resources used by the module. will also need to explore how this should work for multiple modules.
+     * @returns
+     */
+    clusterRole(): V1ClusterRole;
+    clusterRoleBinding(): V1ClusterRoleBinding;
+    serviceAccount(): V1ServiceAccount;
+    tlsSecret(): V1Secret;
+    mutatingWebhook(): V1MutatingWebhookConfiguration;
+    deployment(hash: string): V1Deployment;
+    /** Only permit the kube-system ns ingress access to the controller */
+    networkPolicy(): V1NetworkPolicy;
+    service(): V1Service;
+    moduleSecret(data: Buffer, hash: string): V1Secret;
+    zarfYaml(path: string): string;
+    allYaml(code: Buffer): string;
+    deploy(code: Buffer): Promise<void>;
+}
+//# sourceMappingURL=webhook.d.ts.map

package/dist/src/lib/k8s/webhook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.d.ts","sourceRoot":"","sources":["../../../../src/lib/k8s/webhook.ts"],"names":[],"mappings":";AAGA,OAAO,EASL,aAAa,EACb,oBAAoB,EACpB,YAAY,EAEZ,8BAA8B,EAC9B,WAAW,EACX,eAAe,EACf,QAAQ,EACR,SAAS,EACT,gBAAgB,EAEjB,MAAM,yBAAyB,CAAC;AAIjC,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,MAAM,EAAU,MAAM,OAAO,CAAC;AAQvC,qBAAa,OAAO;IAUN,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAgB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;IATzE,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,IAAI,CAAS;IAEd,KAAK,EAAE,MAAM,CAAC;IAErB,IAAW,GAAG,IAAI,MAAM,CAEvB;gBAE4B,MAAM,EAAE,YAAY,EAAmB,IAAI,CAAC,oBAAQ;IASjF,yCAAyC;IACzC,SAAS,IAAI,WAAW;IAQxB;;;;;OAKG;IACH,WAAW,IAAI,aAAa;IAgB5B,kBAAkB,IAAI,oBAAoB;IAqB1C,cAAc,IAAI,gBAAgB;IAWlC,SAAS,IAAI,QAAQ;IAgBrB,eAAe,IAAI,8BAA8B;IA+DjD,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY;IAyFtC,sEAAsE;IACtE,aAAa,IAAI,eAAe;IAsChC,OAAO,IAAI,SAAS;IAsBpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,QAAQ;IAkBlD,QAAQ,CAAC,IAAI,EAAE,MAAM;IA2BrB,OAAO,CAAC,IAAI,EAAE,MAAM;IAqBd,MAAM,CAAC,IAAI,EAAE,MAAM;CAqI1B"}

package/dist/src/lib/logger.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Enumeration representing different logging levels.
+ */
+export declare enum LogLevel {
+    debug = 0,
+    info = 1,
+    warn = 2,
+    error = 3
+}
+/**
+ * Simple logger class that logs messages at different log levels.
+ */
+export declare class Logger {
+    private _logLevel;
+    /**
+     * Create a new logger instance.
+     * @param logLevel - The minimum log level to log messages for.
+     */
+    constructor(logLevel: LogLevel);
+    /**
+     * Change the log level of the logger.
+     * @param logLevel - The log level to log the message at.
+     */
+    SetLogLevel(logLevel: string): void;
+    /**
+     * Log a debug message.
+     * @param message - The message to log.
+     */
+    debug<T>(message: T, prefix?: string): void;
+    /**
+     * Log an info message.
+     * @param message - The message to log.
+     */
+    info<T>(message: T, prefix?: string): void;
+    /**
+     * Log a warning message.
+     * @param message - The message to log.
+     */
+    warn<T>(message: T, prefix?: string): void;
+    /**
+     * Log an error message.
+     * @param message - The message to log.
+     */
+    error<T>(message: T, prefix?: string): void;
+    /**
+     * Log a message at the specified log level.
+     * @param logLevel - The log level of the message.
+     * @param message - The message to log.
+     */
+    private log;
+    private colorize;
+}
+/** Log is an instance of Logger used to generate log entries. */
+declare const Log: Logger;
+export default Log;
+//# sourceMappingURL=logger.d.ts.map

package/dist/src/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../src/lib/logger.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,oBAAY,QAAQ;IAClB,KAAK,IAAI;IACT,IAAI,IAAI;IACR,IAAI,IAAI;IACR,KAAK,IAAI;CACV;AA8BD;;GAEG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,SAAS,CAAW;IAE5B;;;OAGG;gBACS,QAAQ,EAAE,QAAQ;IAI9B;;;OAGG;IACI,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAK1C;;;OAGG;IACI,KAAK,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAIlD;;;OAGG;IACI,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAIjD;;;OAGG;IACI,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAIjD;;;OAGG;IACI,KAAK,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAIlD;;;;OAIG;IACH,OAAO,CAAC,GAAG;IAwBX,OAAO,CAAC,QAAQ;CAGjB;AAED,iEAAiE;AACjE,QAAA,MAAM,GAAG,QAA4B,CAAC;AAItC,eAAe,GAAG,CAAC"}