pepr 0.32.1 → 0.32.3

package/dist/controller.js

@@ -0,0 +1,164 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/runtime/controller.ts
+var import_child_process = require("child_process");
+var import_crypto = __toESM(require("crypto"));
+var import_fs = __toESM(require("fs"));
+var import_zlib = require("zlib");
+var import_kubernetes_fluent_client4 = require("kubernetes-fluent-client");
+
+// src/lib/logger.ts
+var import_pino = require("pino");
+var isPrettyLog = process.env.PEPR_PRETTY_LOGS === "true";
+var pretty = {
+  target: "pino-pretty",
+  options: {
+    colorize: true
+  }
+};
+var transport = isPrettyLog ? pretty : void 0;
+var pinoTimeFunction = process.env.PINO_TIME_STAMP === "iso" ? () => import_pino.stdTimeFunctions.isoTime() : () => import_pino.stdTimeFunctions.epochTime();
+var Log = (0, import_pino.pino)({
+  transport,
+  timestamp: pinoTimeFunction
+});
+if (process.env.LOG_LEVEL) {
+  Log.level = process.env.LOG_LEVEL;
+}
+var logger_default = Log;
+
+// src/templates/data.json
+var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.32.3", main: "dist/lib.js", types: "dist/lib.d.ts", scripts: { "gen-data-json": "node hack/build-template-data.js", prebuild: "rm -fr dist/* && npm run gen-data-json", build: "tsc && node build.mjs", "build:image": "npm run build && docker buildx build --tag pepr:dev .", test: "npm run test:unit && npm run test:journey", "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage", "test:journey": "npm run test:journey:k3d && npm run test:journey:build && npm run test:journey:image && npm run test:journey:run", "test:journey:prep": "if [ ! -d ./pepr-upgrade-test ]; then git clone https://github.com/defenseunicorns/pepr-upgrade-test.git ; fi", "test:journey-wasm": "npm run test:journey:k3d && npm run test:journey:build && npm run test:journey:image && npm run test:journey:run-wasm", "test:journey:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0' --wait && kubectl rollout status deployment -n kube-system", "test:journey:build": "npm run build && npm pack", "test:journey:image": "docker buildx build --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev", "test:journey:run": "jest --detectOpenHandles journey/entrypoint.test.ts && npm run test:journey:prep && npm run test:journey:upgrade", "test:journey:run-wasm": "jest --detectOpenHandles journey/entrypoint-wasm.test.ts", "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts", "format:check": "eslint src && prettier src --check", "format:fix": "eslint src --fix && prettier src --write" }, dependencies: { "@types/ramda": "0.30.0", express: "4.19.2", "fast-json-patch": "3.1.1", "kubernetes-fluent-client": "2.6.2", pino: "9.2.0", "pino-pretty": "11.2.1", "prom-client": "15.1.2", ramda: "0.30.1" }, devDependencies: { "@commitlint/cli": "19.3.0", "@commitlint/config-conventional": "19.2.2", "@jest/globals": "29.7.0", "@types/eslint": "8.56.10", "@types/express": "4.17.21", "@types/node": "18.x.x", "@types/node-forge": "1.3.11", "@types/prompts": "2.4.9", "@types/uuid": "9.0.8", jest: "29.7.0", nock: "13.5.4", "ts-jest": "29.1.5" }, peerDependencies: { "@typescript-eslint/eslint-plugin": "6.15.0", "@typescript-eslint/parser": "6.15.0", commander: "11.1.0", esbuild: "0.19.10", eslint: "8.56.0", "node-forge": "1.3.1", prettier: "3.1.1", prompts: "2.4.2", typescript: "5.3.3", uuid: "9.0.1" } };
+
+// src/lib/k8s.ts
+var import_kubernetes_fluent_client = require("kubernetes-fluent-client");
+var PeprStore = class extends import_kubernetes_fluent_client.GenericKind {
+};
+var peprStoreGVK = {
+  kind: "PeprStore",
+  version: "v1",
+  group: "pepr.dev"
+};
+(0, import_kubernetes_fluent_client.RegisterKind)(PeprStore, peprStoreGVK);
+
+// src/lib/assets/store.ts
+var { group, version, kind } = peprStoreGVK;
+var singular = kind.toLocaleLowerCase();
+var plural = `${singular}s`;
+var name = `${plural}.${group}`;
+var peprStoreCRD = {
+  apiVersion: "apiextensions.k8s.io/v1",
+  kind: "CustomResourceDefinition",
+  metadata: {
+    name
+  },
+  spec: {
+    group,
+    versions: [
+      {
+        // typescript doesn't know this is really already set, which is kind of annoying
+        name: version || "v1",
+        served: true,
+        storage: true,
+        schema: {
+          openAPIV3Schema: {
+            type: "object",
+            properties: {
+              data: {
+                type: "object",
+                additionalProperties: {
+                  type: "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    ],
+    scope: "Namespaced",
+    names: {
+      plural,
+      singular,
+      kind
+    }
+  }
+};
+
+// src/lib/helpers.ts
+var import_kubernetes_fluent_client3 = require("kubernetes-fluent-client");
+
+// src/sdk/sdk.ts
+var import_kubernetes_fluent_client2 = require("kubernetes-fluent-client");
+
+// src/lib/helpers.ts
+var ValidationError = class extends Error {
+};
+function validateHash(expectedHash) {
+  const sha256Regex = /^[a-f0-9]{64}$/i;
+  if (!expectedHash || !sha256Regex.test(expectedHash)) {
+    logger_default.error(`Invalid hash. Expected a valid SHA-256 hash, got ${expectedHash}`);
+    throw new ValidationError("Invalid hash");
+  }
+}
+
+// src/runtime/controller.ts
+var { version: version2 } = packageJSON;
+function runModule(expectedHash) {
+  const gzPath = `/app/load/module-${expectedHash}.js.gz`;
+  const jsPath = `/app/module-${expectedHash}.js`;
+  logger_default.level = "info";
+  if (!import_fs.default.existsSync(gzPath)) {
+    throw new Error(`File not found: ${gzPath}`);
+  }
+  try {
+    logger_default.info(`Loading module ${gzPath}`);
+    const codeGZ = import_fs.default.readFileSync(gzPath);
+    const code = (0, import_zlib.gunzipSync)(codeGZ);
+    const actualHash = import_crypto.default.createHash("sha256").update(code).digest("hex");
+    if (!import_crypto.default.timingSafeEqual(Buffer.from(expectedHash, "hex"), Buffer.from(actualHash, "hex"))) {
+      throw new Error(`File hash does not match, expected ${expectedHash} but got ${actualHash}`);
+    }
+    logger_default.info(`File hash matches, running module`);
+    import_fs.default.writeFileSync(jsPath, code);
+    (0, import_child_process.fork)(jsPath);
+  } catch (e) {
+    throw new Error(`Failed to decompress module: ${e}`);
+  }
+}
+logger_default.info(`Pepr Controller (v${version2})`);
+var hash = process.argv[2];
+var startup = async () => {
+  try {
+    logger_default.info("Applying the Pepr Store CRD if it doesn't exist");
+    await (0, import_kubernetes_fluent_client4.K8s)(import_kubernetes_fluent_client4.kind.CustomResourceDefinition).Apply(peprStoreCRD, { force: true });
+    validateHash(hash);
+    runModule(hash);
+  } catch (err) {
+    logger_default.error(err, `Error starting Pepr Store CRD`);
+    process.exit(1);
+  }
+};
+startup().catch((err) => logger_default.error(err, `Error starting Pepr Controller`));

package/dist/lib/assets/deploy.d.ts

@@ -0,0 +1,3 @@
+import { Assets } from ".";
+export declare function deploy(assets: Assets, force: boolean, webhookTimeout?: number): Promise<void>;
+//# sourceMappingURL=deploy.d.ts.map

package/dist/lib/assets/deploy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/deploy.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC;AAS3B,wBAAsB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,CAAC,EAAE,MAAM,iBA8CnF"}

package/dist/lib/assets/destroy.d.ts

@@ -0,0 +1,2 @@
+export declare function destroyModule(name: string): Promise<void>;
+//# sourceMappingURL=destroy.d.ts.map

package/dist/lib/assets/destroy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"destroy.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/destroy.ts"],"names":[],"mappings":"AAQA,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,iBAwB/C"}

package/dist/lib/assets/helm.d.ts

@@ -0,0 +1,5 @@
+export declare function nsTemplate(): string;
+export declare function chartYaml(name: string, description?: string): string;
+export declare function watcherDeployTemplate(buildTimestamp: string): string;
+export declare function admissionDeployTemplate(buildTimestamp: string): string;
+//# sourceMappingURL=helm.d.ts.map

package/dist/lib/assets/helm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helm.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/helm.ts"],"names":[],"mappings":"AAGA,wBAAgB,UAAU,WAezB;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,UA2B3D;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,UAiF3D;AAED,wBAAgB,uBAAuB,CAAC,cAAc,EAAE,MAAM,UAsF7D"}

package/dist/lib/assets/index.d.ts

@@ -0,0 +1,25 @@
+import { ModuleConfig } from "../module";
+import { TLSOut } from "../tls";
+import { CapabilityExport } from "../types";
+import { WebhookIgnore } from "../k8s";
+export declare class Assets {
+    readonly config: ModuleConfig;
+    readonly path: string;
+    readonly host?: string | undefined;
+    readonly name: string;
+    readonly tls: TLSOut;
+    readonly apiToken: string;
+    readonly alwaysIgnore: WebhookIgnore;
+    capabilities: CapabilityExport[];
+    image: string;
+    buildTimestamp: string;
+    hash: string;
+    constructor(config: ModuleConfig, path: string, host?: string | undefined);
+    setHash: (hash: string) => void;
+    deploy: (force: boolean, webhookTimeout?: number) => Promise<void>;
+    zarfYaml: (path: string) => string;
+    zarfYamlChart: (path: string) => string;
+    allYaml: (rbacMode: string) => Promise<string>;
+    generateHelmChart: (basePath: string) => Promise<void>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/assets/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,MAAM,EAAU,MAAM,QAAQ,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAcvC,qBAAa,MAAM;IAYf,QAAQ,CAAC,MAAM,EAAE,YAAY;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM;IACrB,QAAQ,CAAC,IAAI,CAAC;IAbhB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAG,aAAa,CAAC;IACtC,YAAY,EAAG,gBAAgB,EAAE,CAAC;IAElC,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;gBAGF,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,oBAAQ;IAcxB,OAAO,SAAU,MAAM,UAErB;IAEF,MAAM,UAAiB,OAAO,mBAAmB,MAAM,mBAGrD;IAEF,QAAQ,SAAU,MAAM,YAA0B;IAElD,aAAa,SAAU,MAAM,YAA+B;IAE5D,OAAO,aAAoB,MAAM,qBAQ/B;IAEF,iBAAiB,aAAoB,MAAM,mBAoGzC;CACH"}

package/dist/lib/assets/loader.d.ts

@@ -0,0 +1,8 @@
+import { CapabilityExport } from "../types";
+/**
+ * Read the capabilities from the module by running it in build mode
+ * @param path
+ * @returns
+ */
+export declare function loadCapabilities(path: string): Promise<CapabilityExport[]>;
+//# sourceMappingURL=loader.d.ts.map

package/dist/lib/assets/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/loader.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA4B1E"}

package/dist/lib/assets/networking.d.ts

@@ -0,0 +1,7 @@
+import { kind } from "kubernetes-fluent-client";
+import { TLSOut } from "../tls";
+export declare function apiTokenSecret(name: string, apiToken: string): kind.Secret;
+export declare function tlsSecret(name: string, tls: TLSOut): kind.Secret;
+export declare function service(name: string): kind.Service;
+export declare function watcherService(name: string): kind.Service;
+//# sourceMappingURL=networking.d.ts.map

package/dist/lib/assets/networking.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"networking.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/networking.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAa1E;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAchE;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,OAAO,CAwBlD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,OAAO,CAwBzD"}

package/dist/lib/assets/pods.d.ts

@@ -0,0 +1,126 @@
+/// <reference types="node" />
+import { V1EnvVar } from "@kubernetes/client-node";
+import { kind } from "kubernetes-fluent-client";
+import { Assets } from ".";
+/** Generate the pepr-system namespace */
+export declare function namespace(namespaceLabels?: Record<string, string>): {
+    apiVersion: string;
+    kind: string;
+    metadata: {
+        name: string;
+        labels: Record<string, string>;
+    };
+} | {
+    apiVersion: string;
+    kind: string;
+    metadata: {
+        name: string;
+        labels?: undefined;
+    };
+};
+export declare function watcher(assets: Assets, hash: string, buildTimestamp: string): {
+    apiVersion: string;
+    kind: string;
+    metadata: {
+        name: string;
+        namespace: string;
+        annotations: {
+            "pepr.dev/description": string;
+        };
+        labels: {
+            app: string;
+            "pepr.dev/controller": string;
+            "pepr.dev/uuid": string;
+        };
+    };
+    spec: {
+        replicas: number;
+        strategy: {
+            type: string;
+        };
+        selector: {
+            matchLabels: {
+                app: string;
+                "pepr.dev/controller": string;
+            };
+        };
+        template: {
+            metadata: {
+                annotations: {
+                    buildTimestamp: string;
+                };
+                labels: {
+                    app: string;
+                    "pepr.dev/controller": string;
+                };
+            };
+            spec: {
+                terminationGracePeriodSeconds: number;
+                serviceAccountName: string;
+                securityContext: {
+                    runAsUser: number;
+                    runAsGroup: number;
+                    runAsNonRoot: boolean;
+                    fsGroup: number;
+                };
+                containers: {
+                    name: string;
+                    image: string;
+                    imagePullPolicy: string;
+                    command: string[];
+                    readinessProbe: {
+                        httpGet: {
+                            path: string;
+                            port: number;
+                            scheme: string;
+                        };
+                    };
+                    livenessProbe: {
+                        httpGet: {
+                            path: string;
+                            port: number;
+                            scheme: string;
+                        };
+                    };
+                    ports: {
+                        containerPort: number;
+                    }[];
+                    resources: {
+                        requests: {
+                            memory: string;
+                            cpu: string;
+                        };
+                        limits: {
+                            memory: string;
+                            cpu: string;
+                        };
+                    };
+                    securityContext: {
+                        runAsUser: number;
+                        runAsGroup: number;
+                        runAsNonRoot: boolean;
+                        allowPrivilegeEscalation: boolean;
+                        capabilities: {
+                            drop: string[];
+                        };
+                    };
+                    volumeMounts: {
+                        name: string;
+                        mountPath: string;
+                        readOnly: boolean;
+                    }[];
+                    env: V1EnvVar[];
+                }[];
+                volumes: {
+                    name: string;
+                    secret: {
+                        secretName: string;
+                    };
+                }[];
+            };
+        };
+    };
+} | null;
+export declare function deployment(assets: Assets, hash: string, buildTimestamp: string): kind.Deployment;
+export declare function moduleSecret(name: string, data: Buffer, hash: string): kind.Secret;
+//# sourceMappingURL=pods.d.ts.map

package/dist/lib/assets/pods.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pods.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/pods.ts"],"names":[],"mappings":";AAGA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGhD,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC;AAI3B,yCAAyC;AACzC,wBAAgB,SAAS,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;;;;;;;;;;;;;;EAmBjE;AAED,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAiJ3E;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU,CAuIhG;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAuBlF"}

package/dist/lib/assets/rbac.d.ts

@@ -0,0 +1,14 @@
+import { kind } from "kubernetes-fluent-client";
+import { CapabilityExport } from "../types";
+/**
+ * Grants the controller access to cluster resources beyond the mutating webhook.
+ *
+ * @todo: should dynamically generate this based on resources used by the module. will also need to explore how this should work for multiple modules.
+ * @returns
+ */
+export declare function clusterRole(name: string, capabilities: CapabilityExport[], rbacMode?: string): kind.ClusterRole;
+export declare function clusterRoleBinding(name: string): kind.ClusterRoleBinding;
+export declare function serviceAccount(name: string): kind.ServiceAccount;
+export declare function storeRole(name: string): kind.Role;
+export declare function storeRoleBinding(name: string): kind.RoleBinding;
+//# sourceMappingURL=rbac.d.ts.map

package/dist/lib/assets/rbac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/rbac.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,EAAE,QAAQ,GAAE,MAAW,GAAG,IAAI,CAAC,WAAW,CA6BnH;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAkBxE;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,cAAc,CAShE;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,IAAI,CAejD;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,WAAW,CAmB/D"}

package/dist/lib/assets/store.d.ts

@@ -0,0 +1,7 @@
+import { kind as k } from "kubernetes-fluent-client";
+export declare const group: string, version: string, kind: string;
+export declare const singular: string;
+export declare const plural: string;
+export declare const name: string;
+export declare const peprStoreCRD: k.CustomResourceDefinition;
+//# sourceMappingURL=store.d.ts.map

package/dist/lib/assets/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/store.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,IAAI,CAAC,EAAE,MAAM,0BAA0B,CAAC;AAIrD,eAAO,MAAQ,KAAK,UAAE,OAAO,UAAE,IAAI,QAAiB,CAAC;AACrD,eAAO,MAAM,QAAQ,QAA2B,CAAC;AACjD,eAAO,MAAM,MAAM,QAAiB,CAAC;AACrC,eAAO,MAAM,IAAI,QAAuB,CAAC;AAEzC,eAAO,MAAM,YAAY,EAAE,CAAC,CAAC,wBAoC5B,CAAC"}

package/dist/lib/assets/webhooks.d.ts

@@ -0,0 +1,6 @@
+import { V1RuleWithOperations } from "@kubernetes/client-node";
+import { kind } from "kubernetes-fluent-client";
+import { Assets } from ".";
+export declare function generateWebhookRules(assets: Assets, isMutateWebhook: boolean): Promise<V1RuleWithOperations[]>;
+export declare function webhookConfig(assets: Assets, mutateOrValidate: "mutate" | "validate", timeoutSeconds?: number): Promise<kind.MutatingWebhookConfiguration | kind.ValidatingWebhookConfiguration | null>;
+//# sourceMappingURL=webhooks.d.ts.map

package/dist/lib/assets/webhooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/webhooks.ts"],"names":[],"mappings":"AAGA,OAAO,EAGL,oBAAoB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGhD,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC;AAW3B,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,mCAoDlF;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,QAAQ,GAAG,UAAU,EACvC,cAAc,SAAK,GAClB,OAAO,CAAC,IAAI,CAAC,4BAA4B,GAAG,IAAI,CAAC,8BAA8B,GAAG,IAAI,CAAC,CAkEzF"}

package/dist/lib/assets/yaml.d.ts

@@ -0,0 +1,6 @@
+import { Assets } from ".";
+export declare function overridesFile({ hash, name, image, config, apiToken }: Assets, path: string): Promise<void>;
+export declare function zarfYaml({ name, image, config }: Assets, path: string): string;
+export declare function zarfYamlChart({ name, image, config }: Assets, path: string): string;
+export declare function allYaml(assets: Assets, rbacMode: string): Promise<string>;
+//# sourceMappingURL=yaml.d.ts.map

package/dist/lib/assets/yaml.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yaml.d.ts","sourceRoot":"","sources":["../../../src/lib/assets/yaml.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC;AAO3B,wBAAsB,aAAa,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,iBAwHhG;AACD,wBAAgB,QAAQ,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,UA0BrE;AAED,wBAAgB,aAAa,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,UA2B1E;AAED,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,mBAyC7D"}

package/dist/lib/capability.d.ts

@@ -0,0 +1,66 @@
+import { GenericClass, GroupVersionKind } from "kubernetes-fluent-client";
+import { PeprStore, Storage } from "./storage";
+import { Schedule } from "./schedule";
+import { Binding, CapabilityCfg, CapabilityExport, WhenSelector } from "./types";
+/**
+ * A capability is a unit of functionality that can be registered with the Pepr runtime.
+ */
+export declare class Capability implements CapabilityExport {
+    #private;
+    hasSchedule: boolean;
+    /**
+     * Run code on a schedule with the capability.
+     *
+     * @param schedule The schedule to run the code on
+     * @returns
+     */
+    OnSchedule: (schedule: Schedule) => void;
+    /**
+     * Store is a key-value data store that can be used to persist data that should be shared
+     * between requests. Each capability has its own store, and the data is persisted in Kubernetes
+     * in the `pepr-system` namespace.
+     *
+     * Note: You should only access the store from within an action.
+     */
+    Store: PeprStore;
+    /**
+     * ScheduleStore is a key-value data store used to persist schedule data that should be shared
+     * between intervals. Each Schedule shares store, and the data is persisted in Kubernetes
+     * in the `pepr-system` namespace.
+     *
+     * Note: There is no direct access to schedule store
+     */
+    ScheduleStore: PeprStore;
+    get bindings(): Binding[];
+    get name(): string;
+    get description(): string;
+    get namespaces(): string[];
+    constructor(cfg: CapabilityCfg);
+    /**
+     * Register the store with the capability. This is called automatically by the Pepr controller.
+     *
+     * @param store
+     */
+    registerScheduleStore: () => {
+        scheduleStore: Storage;
+    };
+    /**
+     * Register the store with the capability. This is called automatically by the Pepr controller.
+     *
+     * @param store
+     */
+    registerStore: () => {
+        store: Storage;
+    };
+    /**
+     * The When method is used to register a action to be executed when a Kubernetes resource is
+     * processed by Pepr. The action will be executed if the resource matches the specified kind and any
+     * filters that are applied.
+     *
+     * @param model the KubernetesObject model to match
+     * @param kind if using a custom KubernetesObject not available in `a.*`, specify the GroupVersionKind
+     * @returns
+     */
+    When: <T extends GenericClass>(model: T, kind?: GroupVersionKind) => WhenSelector<T>;
+}
+//# sourceMappingURL=capability.d.ts.map

package/dist/lib/capability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability.d.ts","sourceRoot":"","sources":["../../src/lib/capability.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAA2B,MAAM,0BAA0B,CAAC;AAMnG,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAc,QAAQ,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,OAAO,EAGP,aAAa,EACb,gBAAgB,EAMhB,YAAY,EACb,MAAM,SAAS,CAAC;AAKjB;;GAEG;AACH,qBAAa,UAAW,YAAW,gBAAgB;;IASjD,WAAW,EAAE,OAAO,CAAC;IAErB;;;;;OAKG;IACH,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAqBtC;IAEF;;;;;;OAMG;IACH,KAAK,EAAE,SAAS,CASd;IAEF;;;;;;OAMG;IACH,aAAa,EAAE,SAAS,CAStB;IAEF,IAAI,QAAQ,cAEX;IAED,IAAI,IAAI,WAEP;IAED,IAAI,WAAW,WAEd;IAED,IAAI,UAAU,aAEb;gBAEW,GAAG,EAAE,aAAa;IAU9B;;;;OAIG;IACH,qBAAqB;;MAanB;IAEF;;;;OAIG;IACH,aAAa;;MAaX;IAEF;;;;;;;;OAQG;IACH,IAAI,4CAA6C,gBAAgB,qBAkI/D;CACH"}

package/dist/lib/controller/index.d.ts

@@ -0,0 +1,10 @@
+import { Capability } from "../capability";
+import { MutateResponse, AdmissionRequest, ValidateResponse } from "../k8s";
+import { ModuleConfig } from "../module";
+export declare class Controller {
+    #private;
+    constructor(config: ModuleConfig, capabilities: Capability[], beforeHook?: (req: AdmissionRequest) => void, afterHook?: (res: MutateResponse | ValidateResponse) => void, onReady?: () => void);
+    /** Start the webhook server */
+    startServer: (port: number) => void;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/controller/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/controller/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAG5E,OAAO,EAAE,YAAY,EAAe,MAAM,WAAW,CAAC;AAMtD,qBAAa,UAAU;;gBAoBnB,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE,UAAU,EAAE,EAC1B,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,IAAI,EAC5C,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,GAAG,gBAAgB,KAAK,IAAI,EAC5D,OAAO,CAAC,EAAE,MAAM,IAAI;IAiCtB,+BAA+B;IAC/B,WAAW,SAAU,MAAM,UAqDzB;CAqMH"}

package/dist/lib/controller/store.d.ts

@@ -0,0 +1,7 @@
+import { Capability } from "../capability";
+export declare const debounceBackoff = 5000;
+export declare class PeprControllerStore {
+    #private;
+    constructor(capabilities: Capability[], name: string, onReady?: () => void);
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/lib/controller/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../../src/lib/controller/store.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAM3C,eAAO,MAAM,eAAe,OAAO,CAAC;AAEpC,qBAAa,mBAAmB;;gBAMlB,YAAY,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,IAAI;CAqM3E"}

package/dist/lib/errors.d.ts

@@ -0,0 +1,12 @@
+export declare const Errors: {
+    audit: string;
+    ignore: string;
+    reject: string;
+};
+export declare const ErrorList: string[];
+/**
+ * Validate the error or throw an error
+ * @param error
+ */
+export declare function ValidateError(error?: string): void;
+//# sourceMappingURL=errors.d.ts.map

package/dist/lib/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/lib/errors.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,MAAM;;;;CAIlB,CAAC;AAEF,eAAO,MAAM,SAAS,UAAwB,CAAC;AAE/C;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,SAAK,QAIvC"}

package/dist/lib/filter.d.ts

@@ -0,0 +1,11 @@
+import { AdmissionRequest } from "./k8s";
+import { Binding } from "./types";
+/**
+ * shouldSkipRequest determines if a request should be skipped based on the binding filters.
+ *
+ * @param binding the action binding
+ * @param req the incoming request
+ * @returns
+ */
+export declare function shouldSkipRequest(binding: Binding, req: AdmissionRequest, capabilityNamespaces: string[]): boolean;
+//# sourceMappingURL=filter.d.ts.map

package/dist/lib/filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAa,MAAM,OAAO,CAAC;AAEpD,OAAO,EAAE,OAAO,EAAS,MAAM,SAAS,CAAC;AAEzC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,EAAE,WA+FxG"}

package/dist/lib/helpers.d.ts

@@ -0,0 +1,34 @@
+import { KubernetesObject } from "kubernetes-fluent-client";
+import { Binding, CapabilityExport } from "./types";
+export declare class ValidationError extends Error {
+}
+export declare function validateCapabilityNames(capabilities: CapabilityExport[] | undefined): void;
+export declare function validateHash(expectedHash: string): void;
+type RBACMap = {
+    [key: string]: {
+        verbs: string[];
+        plural: string;
+    };
+};
+export declare function checkOverlap(bindingFilters: Record<string, string>, objectFilters: Record<string, string>): boolean;
+/**
+ * Decide to run callback after the event comes back from API Server
+ **/
+export declare function filterNoMatchReason(binding: Partial<Binding>, obj: Partial<KubernetesObject>, capabilityNamespaces: string[]): string;
+export declare function addVerbIfNotExists(verbs: string[], verb: string): void;
+export declare function createRBACMap(capabilities: CapabilityExport[]): RBACMap;
+export declare function createDirectoryIfNotExists(path: string): Promise<void>;
+export declare function hasEveryOverlap<T>(array1: T[], array2: T[]): boolean;
+export declare function hasAnyOverlap<T>(array1: T[], array2: T[]): boolean;
+export declare function ignoredNamespaceConflict(ignoreNamespaces: string[], bindingNamespaces: string[]): boolean;
+export declare function bindingAndCapabilityNSConflict(bindingNamespaces: string[], capabilityNamespaces: string[]): boolean;
+export declare function generateWatchNamespaceError(ignoredNamespaces: string[], bindingNamespaces: string[], capabilityNamespaces: string[]): string;
+export declare function namespaceComplianceValidator(capability: CapabilityExport, ignoredNamespaces?: string[]): void;
+export declare function checkDeploymentStatus(namespace: string): Promise<boolean>;
+export declare function namespaceDeploymentsReady(namespace?: string): Promise<true | undefined>;
+export declare function secretOverLimit(str: string): boolean;
+export declare const parseTimeout: (value: string, previous: unknown) => number;
+export declare function dedent(file: string): string;
+export declare function replaceString(str: string, stringA: string, stringB: string): string;
+export {};
+//# sourceMappingURL=helpers.d.ts.map

package/dist/lib/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../src/lib/helpers.ts"],"names":[],"mappings":"AAIA,OAAO,EAAO,gBAAgB,EAAQ,MAAM,0BAA0B,CAAC;AAEvE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAGpD,qBAAa,eAAgB,SAAQ,KAAK;CAAG;AAE7C,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,gBAAgB,EAAE,GAAG,SAAS,GAAG,IAAI,CAQ1F;AAED,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAOvD;AAED,KAAK,OAAO,GAAG;IACb,CAAC,GAAG,EAAE,MAAM,GAAG;QACb,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAGF,wBAAgB,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CA2BnH;AAED;;IAEI;AACJ,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EACzB,GAAG,EAAE,OAAO,CAAC,gBAAgB,CAAC,EAC9B,oBAAoB,EAAE,MAAM,EAAE,GAC7B,MAAM,CAiER;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,QAI/D;AAED,wBAAgB,aAAa,CAAC,YAAY,EAAE,gBAAgB,EAAE,GAAG,OAAO,CAyBvE;AAED,wBAAsB,0BAA0B,CAAC,IAAI,EAAE,MAAM,iBAU5D;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAMpE;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAMlE;AAED,wBAAgB,wBAAwB,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAE/F;AAED,wBAAgB,8BAA8B,CAAC,iBAAiB,EAAE,MAAM,EAAE,EAAE,oBAAoB,EAAE,MAAM,EAAE,WAKzG;AAED,wBAAgB,2BAA2B,CACzC,iBAAiB,EAAE,MAAM,EAAE,EAC3B,iBAAiB,EAAE,MAAM,EAAE,EAC3B,oBAAoB,EAAE,MAAM,EAAE,UAoB/B;AAGD,wBAAgB,4BAA4B,CAAC,UAAU,EAAE,gBAAgB,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,QActG;AAID,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,oBAsB5D;AAGD,wBAAsB,yBAAyB,CAAC,SAAS,GAAE,MAAsB,6BAWhF;AAGD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAMpD;AAGD,eAAO,MAAM,YAAY,UAAW,MAAM,YAAY,OAAO,KAAG,MAW/D,CAAC;AAGF,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,UAelC;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,UAK1E"}

package/dist/lib/included-files.d.ts

@@ -0,0 +1,2 @@
+export declare function createDockerfile(version: string, description: string, includedFiles: string[]): Promise<void>;
+//# sourceMappingURL=included-files.d.ts.map

package/dist/lib/included-files.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"included-files.d.ts","sourceRoot":"","sources":["../../src/lib/included-files.ts"],"names":[],"mappings":"AAKA,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,iBAanG"}