pepr 0.31.1 → 0.32.1

package/package.json

@@ -9,7 +9,7 @@
   "engines": {
     "node": ">=18.0.0"
   },
-  "version": "0.31.1",
+  "version": "0.32.1",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -35,11 +35,11 @@
     "@types/ramda": "0.30.0",
     "express": "4.19.2",
     "fast-json-patch": "3.1.1",
-    "kubernetes-fluent-client": "2.6.0",
-    "pino": "9.1.0",
-    "pino-pretty": "11.0.0",
+    "kubernetes-fluent-client": "2.6.1",
+    "pino": "9.2.0",
+    "pino-pretty": "11.2.1",
     "prom-client": "15.1.2",
-    "ramda": "0.30.0"
+    "ramda": "0.30.1"
   },
   "devDependencies": {
     "@commitlint/cli": "19.3.0",
@@ -53,7 +53,7 @@
     "@types/uuid": "9.0.8",
     "jest": "29.7.0",
     "nock": "13.5.4",
-    "ts-jest": "29.1.3"
+    "ts-jest": "29.1.4"
   },
   "peerDependencies": {
     "@typescript-eslint/eslint-plugin": "6.15.0",

package/src/lib/assets/helm.ts

@@ -70,6 +70,9 @@ export function watcherDeployTemplate(buildTimestamp: string) {
           metadata:
             annotations: 
               buildTimestamp: "${buildTimestamp}"
+              {{- if .Values.watcher.podAnnotations }}
+              {{- toYaml .Values.watcher.podAnnotations | nindent 8 }}
+              {{- end }}
             labels:
               app: {{ .Values.uuid }}-watcher
               pepr.dev/controller: watcher
@@ -111,6 +114,9 @@ export function watcherDeployTemplate(buildTimestamp: string) {
                   - name: module
                     mountPath: /app/load
                     readOnly: true
+                  {{- if .Values.watcher.extraVolumeMounts }}
+                  {{- toYaml .Values.watcher.extraVolumeMounts | nindent 12 }}
+                  {{- end }}
             volumes:
               - name: tls-certs
                 secret:
@@ -118,6 +124,9 @@ export function watcherDeployTemplate(buildTimestamp: string) {
               - name: module
                 secret:
                   secretName: {{ .Values.uuid }}-module
+              {{- if .Values.watcher.extraVolumes }}
+              {{- toYaml .Values.watcher.extraVolumes | nindent 8 }}
+              {{- end }}
     `;
 }
 
@@ -142,6 +151,9 @@ export function admissionDeployTemplate(buildTimestamp: string) {
           metadata:
             annotations:
               buildTimestamp: "${buildTimestamp}"
+              {{- if .Values.admission.podAnnotations }}
+              {{- toYaml .Values.admission.podAnnotations | nindent 8 }}
+              {{- end }}
             labels:
               app: {{ .Values.uuid }}
               pepr.dev/controller: admission
@@ -187,6 +199,9 @@ export function admissionDeployTemplate(buildTimestamp: string) {
                   - name: module
                     mountPath: /app/load
                     readOnly: true
+                  {{- if .Values.admission.extraVolumeMounts }}
+                  {{- toYaml .Values.admission.extraVolumeMounts | nindent 12 }}
+                  {{- end }}
             volumes:
               - name: tls-certs
                 secret:
@@ -197,5 +212,8 @@ export function admissionDeployTemplate(buildTimestamp: string) {
               - name: module
                 secret:
                   secretName: {{ .Values.uuid }}-module  
+              {{- if .Values.admission.extraVolumes }}
+              {{- toYaml .Values.admission.extraVolumes | nindent 8 }}
+              {{- end }}
     `;
 }

package/src/lib/assets/index.ts

@@ -9,7 +9,7 @@ import { CapabilityExport } from "../types";
 import { WebhookIgnore } from "../k8s";
 import { deploy } from "./deploy";
 import { loadCapabilities } from "./loader";
-import { allYaml, zarfYaml, overridesFile } from "./yaml";
+import { allYaml, zarfYaml, overridesFile, zarfYamlChart } from "./yaml";
 import { namespaceComplianceValidator, replaceString } from "../helpers";
 import { createDirectoryIfNotExists, dedent } from "../helpers";
 import { resolve } from "path";
@@ -59,6 +59,8 @@ export class Assets {
 
   zarfYaml = (path: string) => zarfYaml(this, path);
 
+  zarfYamlChart = (path: string) => zarfYamlChart(this, path);
+
   allYaml = async (rbacMode: string) => {
     this.capabilities = await loadCapabilities(this.path);
     // give error if namespaces are not respected

package/src/lib/assets/yaml.ts

@@ -68,8 +68,11 @@ export async function overridesFile({ hash, name, image, config, apiToken }: Ass
           drop: ["ALL"],
         },
       },
+      podAnnotations: {},
       nodeSelector: {},
       tolerations: [],
+      extraVolumeMounts: [],
+      extraVolumes: [],
       affinity: {},
     },
     watcher: {
@@ -115,7 +118,10 @@ export async function overridesFile({ hash, name, image, config, apiToken }: Ass
       },
       nodeSelector: {},
       tolerations: [],
+      extraVolumeMounts: [],
+      extraVolumes: [],
       affinity: {},
+      podAnnotations: {},
     },
   };
   if (process.env.PEPR_MODE === "dev") {
@@ -155,6 +161,35 @@ export function zarfYaml({ name, image, config }: Assets, path: string) {
   return dumpYaml(zarfCfg, { noRefs: true });
 }
 
+export function zarfYamlChart({ name, image, config }: Assets, path: string) {
+  const zarfCfg = {
+    kind: "ZarfPackageConfig",
+    metadata: {
+      name,
+      description: `Pepr Module: ${config.description}`,
+      url: "https://github.com/defenseunicorns/pepr",
+      version: `${config.appVersion || "0.0.1"}`,
+    },
+    components: [
+      {
+        name: "module",
+        required: true,
+        charts: [
+          {
+            name: "module",
+            namespace: "pepr-system",
+            version: `${config.appVersion || "0.0.1"}`,
+            localPath: path,
+          },
+        ],
+        images: [image],
+      },
+    ],
+  };
+
+  return dumpYaml(zarfCfg, { noRefs: true });
+}
+
 export async function allYaml(assets: Assets, rbacMode: string) {
   const { name, tls, apiToken, path } = assets;
 

package/src/lib/controller/index.ts

@@ -182,7 +182,7 @@ export class Controller {
     try {
       res.send(await this.#metricsCollector.getMetrics());
     } catch (err) {
-      Log.error(err);
+      Log.error(err, `Error getting metrics`);
       res.status(500).send("Internal Server Error");
     }
   };
@@ -277,7 +277,7 @@ export class Controller {
 
         this.#metricsCollector.observeEnd(startTime, admissionKind);
       } catch (err) {
-        Log.error(err);
+        Log.error(err, `Error processing ${admissionKind} request`);
         res.status(500).send("Internal Server Error");
         this.#metricsCollector.error();
       }
@@ -319,7 +319,7 @@ export class Controller {
     try {
       res.send("OK");
     } catch (err) {
-      Log.error(err);
+      Log.error(err, `Error processing health check`);
       res.status(500).send("Internal Server Error");
     }
   }

package/src/lib/controller/store.ts

@@ -167,9 +167,13 @@ export class PeprControllerStore {
       } catch (err) {
         Log.error(err, "Pepr store update failure");
 
-        // On failure to update, re-add the operations to the cache to be retried
-        for (const idx of indexes) {
-          sendCache[idx] = payload[Number(idx)];
+        if (err.status === 422) {
+          Object.keys(sendCache).forEach(key => delete sendCache[key]);
+        } else {
+          // On failure to update, re-add the operations to the cache to be retried
+          for (const idx of indexes) {
+            sendCache[idx] = payload[Number(idx)];
+          }
         }
       }
     };

package/src/lib/mutate-processor.ts

@@ -84,22 +84,33 @@ export async function mutateProcessor(
         // Add annotations to the request to indicate that the capability succeeded
         updateStatus("succeeded");
       } catch (e) {
-        Log.warn(actionMetadata, `Action failed: ${e}`);
         updateStatus("warning");
-
-        // Annoying ts false positive
         response.warnings = response.warnings || [];
-        response.warnings.push(`Action failed: ${e}`);
+
+        let errorMessage = "";
+
+        try {
+          if (e.message && e.message !== "[object Object]") {
+            errorMessage = e.message;
+          } else {
+            throw new Error("An error occurred in the mutate action.");
+          }
+        } catch (e) {
+          errorMessage = "An error occurred with the mutate action.";
+        }
+
+        Log.error(actionMetadata, `Action failed: ${errorMessage}`);
+        response.warnings.push(`Action failed: ${errorMessage}`);
 
         switch (config.onError) {
           case Errors.reject:
-            Log.error(actionMetadata, `Action failed: ${e}`);
+            Log.error(actionMetadata, `Action failed: ${errorMessage}`);
             response.result = "Pepr module configured to reject on error";
             return response;
 
           case Errors.audit:
             response.auditAnnotations = response.auditAnnotations || {};
-            response.auditAnnotations[Date.now()] = e;
+            response.auditAnnotations[Date.now()] = `Action failed: ${errorMessage}`;
             break;
         }
       }

package/src/runtime/controller.ts

@@ -67,9 +67,9 @@ const startup = async () => {
     validateHash(hash);
     runModule(hash);
   } catch (err) {
-    Log.error(err);
+    Log.error(err, `Error starting Pepr Store CRD`);
     process.exit(1);
   }
 };
 
-startup().catch(err => Log.error(err));
+startup().catch(err => Log.error(err, `Error starting Pepr Controller`));

package/dist/cli.d.ts

@@ -1,3 +0,0 @@
-#!/usr/bin/env node
-export {};
-//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}