pepr 0.40.1 → 0.42.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -5
- package/dist/cli/build.d.ts.map +1 -1
- package/dist/cli/deploy.d.ts.map +1 -1
- package/dist/cli/init/templates.d.ts +2 -2
- package/dist/cli.js +228 -179
- package/dist/controller.js +52 -27
- package/dist/lib/assets/index.d.ts.map +1 -1
- package/dist/lib/capability.d.ts.map +1 -1
- package/dist/lib/controller/index.d.ts.map +1 -1
- package/dist/lib/controller/index.util.d.ts +10 -0
- package/dist/lib/controller/index.util.d.ts.map +1 -0
- package/dist/lib/controller/store.d.ts +1 -1
- package/dist/lib/deploymentChecks.d.ts +3 -0
- package/dist/lib/deploymentChecks.d.ts.map +1 -0
- package/dist/lib/enums.d.ts +5 -5
- package/dist/lib/enums.d.ts.map +1 -1
- package/dist/lib/filesystemService.d.ts +2 -0
- package/dist/lib/filesystemService.d.ts.map +1 -0
- package/dist/lib/filter/adjudicators/adjudicators.d.ts +73 -0
- package/dist/lib/filter/adjudicators/adjudicators.d.ts.map +1 -0
- package/dist/lib/filter/adjudicators/defaultTestObjects.d.ts +7 -0
- package/dist/lib/filter/adjudicators/defaultTestObjects.d.ts.map +1 -0
- package/dist/lib/helpers.d.ts +1 -4
- package/dist/lib/helpers.d.ts.map +1 -1
- package/dist/lib/schedule.d.ts.map +1 -1
- package/dist/lib/storage.d.ts +1 -1
- package/dist/lib/storage.d.ts.map +1 -1
- package/dist/lib/{logger.d.ts → telemetry/logger.d.ts} +1 -1
- package/dist/lib/telemetry/logger.d.ts.map +1 -0
- package/dist/lib/{metrics.d.ts → telemetry/metrics.d.ts} +3 -1
- package/dist/lib/telemetry/metrics.d.ts.map +1 -0
- package/dist/lib/types.d.ts +10 -9
- package/dist/lib/types.d.ts.map +1 -1
- package/dist/lib.d.ts +1 -1
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +151 -126
- package/dist/lib.js.map +4 -4
- package/dist/sdk/sdk.d.ts +3 -4
- package/dist/sdk/sdk.d.ts.map +1 -1
- package/package.json +5 -5
- package/src/cli/build.ts +2 -1
- package/src/cli/deploy.ts +2 -1
- package/src/cli/init/templates.ts +1 -1
- package/src/lib/assets/deploy.ts +1 -1
- package/src/lib/assets/destroy.ts +1 -1
- package/src/lib/assets/index.ts +102 -81
- package/src/lib/assets/webhooks.ts +2 -2
- package/src/lib/capability.ts +8 -9
- package/src/lib/controller/index.ts +32 -62
- package/src/lib/controller/index.util.ts +47 -0
- package/src/lib/controller/store.ts +2 -2
- package/src/lib/controller/storeCache.ts +1 -1
- package/src/lib/deploymentChecks.ts +43 -0
- package/src/lib/enums.ts +5 -5
- package/src/lib/filesystemService.ts +16 -0
- package/src/lib/filter/{adjudicators.ts → adjudicators/adjudicators.ts} +67 -35
- package/src/lib/filter/adjudicators/defaultTestObjects.ts +46 -0
- package/src/lib/filter/filter.ts +1 -1
- package/src/lib/finalizer.ts +1 -1
- package/src/lib/helpers.ts +31 -88
- package/src/lib/mutate-processor.ts +1 -1
- package/src/lib/queue.ts +1 -1
- package/src/lib/schedule.ts +8 -8
- package/src/lib/storage.ts +17 -17
- package/src/lib/{logger.ts → telemetry/logger.ts} +1 -1
- package/src/lib/{metrics.ts → telemetry/metrics.ts} +18 -17
- package/src/lib/types.ts +12 -9
- package/src/lib/utils.ts +1 -1
- package/src/lib/validate-processor.ts +1 -1
- package/src/lib/watch-processor.ts +8 -8
- package/src/lib.ts +1 -1
- package/src/runtime/controller.ts +1 -1
- package/src/sdk/sdk.ts +6 -9
- package/src/templates/capabilities/hello-pepr.ts +19 -9
- package/dist/lib/filter/adjudicators.d.ts +0 -69
- package/dist/lib/filter/adjudicators.d.ts.map +0 -1
- package/dist/lib/logger.d.ts.map +0 -1
- package/dist/lib/metrics.d.ts.map +0 -1
package/dist/lib.js
CHANGED
|
@@ -31,29 +31,29 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
31
31
|
var lib_exports = {};
|
|
32
32
|
__export(lib_exports, {
|
|
33
33
|
Capability: () => Capability,
|
|
34
|
-
K8s: () =>
|
|
34
|
+
K8s: () => import_kubernetes_fluent_client8.K8s,
|
|
35
35
|
Log: () => logger_default,
|
|
36
36
|
PeprModule: () => PeprModule,
|
|
37
37
|
PeprMutateRequest: () => PeprMutateRequest,
|
|
38
38
|
PeprUtils: () => utils_exports,
|
|
39
39
|
PeprValidateRequest: () => PeprValidateRequest,
|
|
40
40
|
R: () => R,
|
|
41
|
-
RegisterKind: () =>
|
|
42
|
-
a: () =>
|
|
43
|
-
fetch: () =>
|
|
44
|
-
fetchStatus: () =>
|
|
45
|
-
kind: () =>
|
|
41
|
+
RegisterKind: () => import_kubernetes_fluent_client8.RegisterKind,
|
|
42
|
+
a: () => import_kubernetes_fluent_client8.kind,
|
|
43
|
+
fetch: () => import_kubernetes_fluent_client8.fetch,
|
|
44
|
+
fetchStatus: () => import_kubernetes_fluent_client8.fetchStatus,
|
|
45
|
+
kind: () => import_kubernetes_fluent_client8.kind,
|
|
46
46
|
sdk: () => sdk_exports
|
|
47
47
|
});
|
|
48
48
|
module.exports = __toCommonJS(lib_exports);
|
|
49
|
-
var
|
|
49
|
+
var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
|
|
50
50
|
var R = __toESM(require("ramda"));
|
|
51
51
|
|
|
52
52
|
// src/lib/capability.ts
|
|
53
|
-
var
|
|
53
|
+
var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
|
|
54
54
|
var import_ramda7 = require("ramda");
|
|
55
55
|
|
|
56
|
-
// src/lib/logger.ts
|
|
56
|
+
// src/lib/telemetry/logger.ts
|
|
57
57
|
var import_pino = require("pino");
|
|
58
58
|
var isPrettyLog = process.env.PEPR_PRETTY_LOGS === "true";
|
|
59
59
|
var redactedValue = "**redacted**";
|
|
@@ -109,7 +109,7 @@ var import_express = __toESM(require("express"));
|
|
|
109
109
|
var import_fs = __toESM(require("fs"));
|
|
110
110
|
var import_https = __toESM(require("https"));
|
|
111
111
|
|
|
112
|
-
// src/lib/metrics.ts
|
|
112
|
+
// src/lib/telemetry/metrics.ts
|
|
113
113
|
var import_perf_hooks = require("perf_hooks");
|
|
114
114
|
var import_prom_client = __toESM(require("prom-client"));
|
|
115
115
|
var loggingPrefix = "MetricsCollector";
|
|
@@ -254,7 +254,7 @@ function ValidateError(error = "") {
|
|
|
254
254
|
}
|
|
255
255
|
}
|
|
256
256
|
|
|
257
|
-
// src/lib/filter/adjudicators.ts
|
|
257
|
+
// src/lib/filter/adjudicators/adjudicators.ts
|
|
258
258
|
var import_ramda = require("ramda");
|
|
259
259
|
var declaredOperation = (0, import_ramda.pipe)(
|
|
260
260
|
(request) => request?.operation,
|
|
@@ -278,23 +278,49 @@ var carriesDeletionTimestamp = (0, import_ramda.pipe)(
|
|
|
278
278
|
(0, import_ramda.defaultTo)(false)
|
|
279
279
|
);
|
|
280
280
|
var missingDeletionTimestamp = (0, import_ramda.complement)(carriesDeletionTimestamp);
|
|
281
|
-
var carriedKind = (0, import_ramda.pipe)(
|
|
282
|
-
|
|
283
|
-
|
|
281
|
+
var carriedKind = (0, import_ramda.pipe)(
|
|
282
|
+
(kubernetesObject) => kubernetesObject?.kind,
|
|
283
|
+
(0, import_ramda.defaultTo)("not set")
|
|
284
|
+
);
|
|
285
|
+
var carriedVersion = (0, import_ramda.pipe)(
|
|
286
|
+
(kubernetesObject) => kubernetesObject?.metadata?.resourceVersion,
|
|
287
|
+
(0, import_ramda.defaultTo)("not set")
|
|
288
|
+
);
|
|
289
|
+
var carriedName = (0, import_ramda.pipe)(
|
|
290
|
+
(kubernetesObject) => kubernetesObject?.metadata?.name,
|
|
291
|
+
(0, import_ramda.defaultTo)("")
|
|
292
|
+
);
|
|
284
293
|
var carriesName = (0, import_ramda.pipe)(carriedName, (0, import_ramda.equals)(""), import_ramda.not);
|
|
285
294
|
var missingName = (0, import_ramda.complement)(carriesName);
|
|
286
|
-
var carriedNamespace = (0, import_ramda.pipe)(
|
|
295
|
+
var carriedNamespace = (0, import_ramda.pipe)(
|
|
296
|
+
(kubernetesObject) => kubernetesObject?.metadata?.namespace,
|
|
297
|
+
(0, import_ramda.defaultTo)("")
|
|
298
|
+
);
|
|
287
299
|
var carriesNamespace = (0, import_ramda.pipe)(carriedNamespace, (0, import_ramda.equals)(""), import_ramda.not);
|
|
288
|
-
var carriedAnnotations = (0, import_ramda.pipe)(
|
|
300
|
+
var carriedAnnotations = (0, import_ramda.pipe)(
|
|
301
|
+
(kubernetesObject) => kubernetesObject?.metadata?.annotations,
|
|
302
|
+
(0, import_ramda.defaultTo)({})
|
|
303
|
+
);
|
|
289
304
|
var carriesAnnotations = (0, import_ramda.pipe)(carriedAnnotations, (0, import_ramda.equals)({}), import_ramda.not);
|
|
290
|
-
var carriedLabels = (0, import_ramda.pipe)(
|
|
305
|
+
var carriedLabels = (0, import_ramda.pipe)(
|
|
306
|
+
(kubernetesObject) => kubernetesObject?.metadata?.labels,
|
|
307
|
+
(0, import_ramda.defaultTo)({})
|
|
308
|
+
);
|
|
291
309
|
var carriesLabels = (0, import_ramda.pipe)(carriedLabels, (0, import_ramda.equals)({}), import_ramda.not);
|
|
292
|
-
var definesDeletionTimestamp = (0, import_ramda.pipe)(
|
|
310
|
+
var definesDeletionTimestamp = (0, import_ramda.pipe)(
|
|
311
|
+
(binding) => binding?.filters?.deletionTimestamp ?? false,
|
|
312
|
+
(0, import_ramda.defaultTo)(false)
|
|
313
|
+
);
|
|
293
314
|
var ignoresDeletionTimestamp = (0, import_ramda.complement)(definesDeletionTimestamp);
|
|
294
|
-
var definedName = (0, import_ramda.pipe)((binding) =>
|
|
315
|
+
var definedName = (0, import_ramda.pipe)((binding) => {
|
|
316
|
+
return binding.filters.name;
|
|
317
|
+
}, (0, import_ramda.defaultTo)(""));
|
|
295
318
|
var definesName = (0, import_ramda.pipe)(definedName, (0, import_ramda.equals)(""), import_ramda.not);
|
|
296
319
|
var ignoresName = (0, import_ramda.complement)(definesName);
|
|
297
|
-
var definedNameRegex = (0, import_ramda.pipe)(
|
|
320
|
+
var definedNameRegex = (0, import_ramda.pipe)(
|
|
321
|
+
(binding) => binding.filters?.regexName,
|
|
322
|
+
(0, import_ramda.defaultTo)("")
|
|
323
|
+
);
|
|
298
324
|
var definesNameRegex = (0, import_ramda.pipe)(definedNameRegex, (0, import_ramda.equals)(""), import_ramda.not);
|
|
299
325
|
var definedNamespaces = (0, import_ramda.pipe)((binding) => binding?.filters?.namespaces, (0, import_ramda.defaultTo)([]));
|
|
300
326
|
var definesNamespaces = (0, import_ramda.pipe)(definedNamespaces, (0, import_ramda.equals)([]), import_ramda.not);
|
|
@@ -304,20 +330,22 @@ var definedAnnotations = (0, import_ramda.pipe)((binding) => binding?.filters?.a
|
|
|
304
330
|
var definesAnnotations = (0, import_ramda.pipe)(definedAnnotations, (0, import_ramda.equals)({}), import_ramda.not);
|
|
305
331
|
var definedLabels = (0, import_ramda.pipe)((binding) => binding?.filters?.labels, (0, import_ramda.defaultTo)({}));
|
|
306
332
|
var definesLabels = (0, import_ramda.pipe)(definedLabels, (0, import_ramda.equals)({}), import_ramda.not);
|
|
307
|
-
var definedEvent = (
|
|
333
|
+
var definedEvent = (binding) => {
|
|
334
|
+
return binding.event;
|
|
335
|
+
};
|
|
308
336
|
var definesDelete = (0, import_ramda.pipe)(definedEvent, (0, import_ramda.equals)("DELETE" /* DELETE */));
|
|
309
337
|
var definedGroup = (0, import_ramda.pipe)((binding) => binding?.kind?.group, (0, import_ramda.defaultTo)(""));
|
|
310
338
|
var definesGroup = (0, import_ramda.pipe)(definedGroup, (0, import_ramda.equals)(""), import_ramda.not);
|
|
311
|
-
var definedVersion = (0, import_ramda.pipe)(
|
|
339
|
+
var definedVersion = (0, import_ramda.pipe)(
|
|
340
|
+
(binding) => binding?.kind?.version,
|
|
341
|
+
(0, import_ramda.defaultTo)("")
|
|
342
|
+
);
|
|
312
343
|
var definesVersion = (0, import_ramda.pipe)(definedVersion, (0, import_ramda.equals)(""), import_ramda.not);
|
|
313
344
|
var definedKind = (0, import_ramda.pipe)((binding) => binding?.kind?.kind, (0, import_ramda.defaultTo)(""));
|
|
314
345
|
var definesKind = (0, import_ramda.pipe)(definedKind, (0, import_ramda.equals)(""), import_ramda.not);
|
|
315
|
-
var
|
|
316
|
-
return binding.isFinalize ? "Finalize" : binding.isWatch ? "Watch" : binding.isMutate ? "Mutate" : binding.isValidate ? "Validate" : "";
|
|
317
|
-
});
|
|
318
|
-
var definedCallback = (0, import_ramda.pipe)((binding) => {
|
|
346
|
+
var definedCallback = (binding) => {
|
|
319
347
|
return binding.isFinalize ? binding.finalizeCallback : binding.isWatch ? binding.watchCallback : binding.isMutate ? binding.mutateCallback : binding.isValidate ? binding.validateCallback : null;
|
|
320
|
-
}
|
|
348
|
+
};
|
|
321
349
|
var definedCallbackName = (0, import_ramda.pipe)(definedCallback, (0, import_ramda.defaultTo)({ name: "" }), (callback) => callback.name);
|
|
322
350
|
var mismatchedDeletionTimestamp = (0, import_ramda.allPass)([
|
|
323
351
|
(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definesDeletionTimestamp),
|
|
@@ -332,7 +360,7 @@ var mismatchedNameRegex = (0, import_ramda.allPass)([
|
|
|
332
360
|
(0, import_ramda.pipe)((binding, kubernetesObject) => new RegExp(definedNameRegex(binding)).test(carriedName(kubernetesObject)), import_ramda.not)
|
|
333
361
|
]);
|
|
334
362
|
var bindsToKind = (0, import_ramda.curry)(
|
|
335
|
-
(0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((binding,
|
|
363
|
+
(0, import_ramda.allPass)([(0, import_ramda.pipe)((0, import_ramda.nthArg)(0), definedKind, (0, import_ramda.equals)(""), import_ramda.not), (0, import_ramda.pipe)((binding, kind3) => definedKind(binding) === kind3)])
|
|
336
364
|
);
|
|
337
365
|
var bindsToNamespace = (0, import_ramda.curry)((0, import_ramda.pipe)(bindsToKind(import_ramda.__, "Namespace")));
|
|
338
366
|
var misboundNamespace = (0, import_ramda.allPass)([bindsToNamespace, definesNamespaces]);
|
|
@@ -399,8 +427,8 @@ var unbindableNamespaces = (0, import_ramda.allPass)([
|
|
|
399
427
|
]);
|
|
400
428
|
var misboundDeleteWithDeletionTimestamp = (0, import_ramda.allPass)([definesDelete, definesDeletionTimestamp]);
|
|
401
429
|
var operationMatchesEvent = (0, import_ramda.anyPass)([
|
|
402
|
-
(0, import_ramda.pipe)((0, import_ramda.nthArg)(1), (0, import_ramda.equals)("*" /*
|
|
403
|
-
(0, import_ramda.pipe)((operation, event) => operation === event),
|
|
430
|
+
(0, import_ramda.pipe)((0, import_ramda.nthArg)(1), (0, import_ramda.equals)("*" /* ANY */)),
|
|
431
|
+
(0, import_ramda.pipe)((operation, event) => operation.valueOf() === event.valueOf()),
|
|
404
432
|
(0, import_ramda.pipe)((operation, event) => operation ? event.includes(operation) : false)
|
|
405
433
|
]);
|
|
406
434
|
var mismatchedEvent = (0, import_ramda.pipe)(
|
|
@@ -819,7 +847,7 @@ var fillStoreCache = (cache, capabilityName, op, cacheItem) => {
|
|
|
819
847
|
|
|
820
848
|
// src/lib/controller/store.ts
|
|
821
849
|
var namespace = "pepr-system";
|
|
822
|
-
var debounceBackoff =
|
|
850
|
+
var debounceBackoff = 1e3;
|
|
823
851
|
var StoreController = class {
|
|
824
852
|
#name;
|
|
825
853
|
#stores = {};
|
|
@@ -933,6 +961,35 @@ var StoreController = class {
|
|
|
933
961
|
};
|
|
934
962
|
};
|
|
935
963
|
|
|
964
|
+
// src/lib/controller/index.util.ts
|
|
965
|
+
function karForMutate(mr) {
|
|
966
|
+
return {
|
|
967
|
+
apiVersion: "admission.k8s.io/v1",
|
|
968
|
+
kind: "AdmissionReview",
|
|
969
|
+
response: mr
|
|
970
|
+
};
|
|
971
|
+
}
|
|
972
|
+
function karForValidate(ar, vr) {
|
|
973
|
+
const isAllowed = vr.filter((r) => !r.allowed).length === 0;
|
|
974
|
+
const resp = vr.length === 0 ? {
|
|
975
|
+
uid: ar.uid,
|
|
976
|
+
allowed: true,
|
|
977
|
+
status: { code: 200, message: "no in-scope validations -- allowed!" }
|
|
978
|
+
} : {
|
|
979
|
+
uid: vr[0].uid,
|
|
980
|
+
allowed: isAllowed,
|
|
981
|
+
status: {
|
|
982
|
+
code: isAllowed ? 200 : 422,
|
|
983
|
+
message: vr.filter((rl) => !rl.allowed).map((curr) => curr.status?.message).join("; ")
|
|
984
|
+
}
|
|
985
|
+
};
|
|
986
|
+
return {
|
|
987
|
+
apiVersion: "admission.k8s.io/v1",
|
|
988
|
+
kind: "AdmissionReview",
|
|
989
|
+
response: resp
|
|
990
|
+
};
|
|
991
|
+
}
|
|
992
|
+
|
|
936
993
|
// src/lib/controller/index.ts
|
|
937
994
|
if (!process.env.PEPR_NODE_WARNINGS) {
|
|
938
995
|
process.removeAllListeners("warning");
|
|
@@ -1050,6 +1107,7 @@ var Controller = class _Controller {
|
|
|
1050
1107
|
*/
|
|
1051
1108
|
#metrics = async (req, res) => {
|
|
1052
1109
|
try {
|
|
1110
|
+
res.set("Content-Type", "text/plain; version=0.0.4");
|
|
1053
1111
|
res.send(await this.#metricsCollector.getMetrics());
|
|
1054
1112
|
} catch (err) {
|
|
1055
1113
|
logger_default.error(err, `Error getting metrics`);
|
|
@@ -1067,56 +1125,23 @@ var Controller = class _Controller {
|
|
|
1067
1125
|
const startTime = MetricsCollector.observeStart();
|
|
1068
1126
|
try {
|
|
1069
1127
|
const request = req.body?.request || {};
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
const reqMetadata = {
|
|
1075
|
-
uid: request.uid,
|
|
1076
|
-
namespace: namespace2,
|
|
1077
|
-
name
|
|
1128
|
+
const { name, namespace: namespace2, gvk } = {
|
|
1129
|
+
name: request?.name ? `/${request.name}` : "",
|
|
1130
|
+
namespace: request?.namespace || "",
|
|
1131
|
+
gvk: request?.kind || { group: "", version: "", kind: "" }
|
|
1078
1132
|
};
|
|
1133
|
+
const reqMetadata = { uid: request.uid, namespace: namespace2, name };
|
|
1079
1134
|
logger_default.info({ ...reqMetadata, gvk, operation: request.operation, admissionKind }, "Incoming request");
|
|
1080
1135
|
logger_default.debug({ ...reqMetadata, request }, "Incoming request body");
|
|
1081
|
-
|
|
1082
|
-
|
|
1083
|
-
|
|
1084
|
-
} else {
|
|
1085
|
-
response = await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
|
|
1086
|
-
}
|
|
1087
|
-
const responseList = Array.isArray(response) ? response : [response];
|
|
1088
|
-
responseList.map((res2) => {
|
|
1136
|
+
this.#beforeHook && this.#beforeHook(request || {});
|
|
1137
|
+
const response = admissionKind === "Mutate" ? await mutateProcessor(this.#config, this.#capabilities, request, reqMetadata) : await validateProcessor(this.#config, this.#capabilities, request, reqMetadata);
|
|
1138
|
+
[response].flat().map((res2) => {
|
|
1089
1139
|
this.#afterHook && this.#afterHook(res2);
|
|
1090
1140
|
logger_default.info({ ...reqMetadata, res: res2 }, "Check response");
|
|
1091
1141
|
});
|
|
1092
|
-
|
|
1093
|
-
|
|
1094
|
-
|
|
1095
|
-
logger_default.debug({ ...reqMetadata, response }, "Outgoing response");
|
|
1096
|
-
res.send({
|
|
1097
|
-
apiVersion: "admission.k8s.io/v1",
|
|
1098
|
-
kind: "AdmissionReview",
|
|
1099
|
-
response: kubeAdmissionResponse
|
|
1100
|
-
});
|
|
1101
|
-
} else {
|
|
1102
|
-
kubeAdmissionResponse = responseList.length === 0 ? {
|
|
1103
|
-
uid: request.uid,
|
|
1104
|
-
allowed: true,
|
|
1105
|
-
status: { message: "no in-scope validations -- allowed!" }
|
|
1106
|
-
} : {
|
|
1107
|
-
uid: responseList[0].uid,
|
|
1108
|
-
allowed: responseList.filter((r) => !r.allowed).length === 0,
|
|
1109
|
-
status: {
|
|
1110
|
-
message: responseList.filter((rl) => !rl.allowed).map((curr) => curr.status?.message).join("; ")
|
|
1111
|
-
}
|
|
1112
|
-
};
|
|
1113
|
-
res.send({
|
|
1114
|
-
apiVersion: "admission.k8s.io/v1",
|
|
1115
|
-
kind: "AdmissionReview",
|
|
1116
|
-
response: kubeAdmissionResponse
|
|
1117
|
-
});
|
|
1118
|
-
}
|
|
1119
|
-
logger_default.debug({ ...reqMetadata, kubeAdmissionResponse }, "Outgoing response");
|
|
1142
|
+
const kar = admissionKind === "Mutate" ? karForMutate(response) : karForValidate(request, response);
|
|
1143
|
+
logger_default.debug({ ...reqMetadata, kubeAdmissionResponse: kar.response }, "Outgoing response");
|
|
1144
|
+
res.send(kar);
|
|
1120
1145
|
this.#metricsCollector.observeEnd(startTime, admissionKind);
|
|
1121
1146
|
} catch (err) {
|
|
1122
1147
|
logger_default.error(err, `Error processing ${admissionKind} request`);
|
|
@@ -1135,6 +1160,10 @@ var Controller = class _Controller {
|
|
|
1135
1160
|
static #logger(req, res, next) {
|
|
1136
1161
|
const startTime = Date.now();
|
|
1137
1162
|
res.on("finish", () => {
|
|
1163
|
+
const excludedRoutes = ["/healthz", "/metrics"];
|
|
1164
|
+
if (excludedRoutes.includes(req.originalUrl)) {
|
|
1165
|
+
return;
|
|
1166
|
+
}
|
|
1138
1167
|
const elapsedTime = Date.now() - startTime;
|
|
1139
1168
|
const message = {
|
|
1140
1169
|
uid: req.body?.request?.uid,
|
|
@@ -1164,12 +1193,9 @@ var Controller = class _Controller {
|
|
|
1164
1193
|
};
|
|
1165
1194
|
|
|
1166
1195
|
// src/lib/watch-processor.ts
|
|
1167
|
-
var
|
|
1196
|
+
var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
|
|
1168
1197
|
var import_types = require("kubernetes-fluent-client/dist/fluent/types");
|
|
1169
1198
|
|
|
1170
|
-
// src/lib/helpers.ts
|
|
1171
|
-
var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
|
|
1172
|
-
|
|
1173
1199
|
// src/sdk/sdk.ts
|
|
1174
1200
|
var sdk_exports = {};
|
|
1175
1201
|
__export(sdk_exports, {
|
|
@@ -1195,7 +1221,6 @@ function containers(request, containerType) {
|
|
|
1195
1221
|
return [...containers2, ...initContainers, ...ephemeralContainers];
|
|
1196
1222
|
}
|
|
1197
1223
|
async function writeEvent(cr, event, eventType, eventReason, reportingComponent, reportingInstance) {
|
|
1198
|
-
logger_default.debug(cr.metadata, `Writing event: ${event.message}`);
|
|
1199
1224
|
await (0, import_kubernetes_fluent_client4.K8s)(import_kubernetes_fluent_client4.kind.CoreEvent).Create({
|
|
1200
1225
|
type: eventType,
|
|
1201
1226
|
reason: eventReason,
|
|
@@ -1218,12 +1243,12 @@ async function writeEvent(cr, event, eventType, eventReason, reportingComponent,
|
|
|
1218
1243
|
});
|
|
1219
1244
|
}
|
|
1220
1245
|
function getOwnerRefFrom(customResource, blockOwnerDeletion, controller) {
|
|
1221
|
-
const { apiVersion, kind:
|
|
1246
|
+
const { apiVersion, kind: kind3, metadata } = customResource;
|
|
1222
1247
|
const { name, uid } = metadata;
|
|
1223
1248
|
return [
|
|
1224
1249
|
{
|
|
1225
1250
|
apiVersion,
|
|
1226
|
-
kind:
|
|
1251
|
+
kind: kind3,
|
|
1227
1252
|
uid,
|
|
1228
1253
|
name,
|
|
1229
1254
|
...blockOwnerDeletion !== void 0 && { blockOwnerDeletion },
|
|
@@ -1236,13 +1261,13 @@ function sanitizeResourceName(name) {
|
|
|
1236
1261
|
}
|
|
1237
1262
|
|
|
1238
1263
|
// src/lib/helpers.ts
|
|
1239
|
-
function filterNoMatchReason(binding,
|
|
1264
|
+
function filterNoMatchReason(binding, kubernetesObject, capabilityNamespaces, ignoredNamespaces) {
|
|
1240
1265
|
const prefix = "Ignoring Watch Callback:";
|
|
1241
|
-
return mismatchedDeletionTimestamp(binding,
|
|
1266
|
+
return mismatchedDeletionTimestamp(binding, kubernetesObject) ? `${prefix} Binding defines deletionTimestamp but Object does not carry it.` : mismatchedName(binding, kubernetesObject) ? `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(kubernetesObject)}'.` : misboundNamespace(binding) ? `${prefix} Cannot use namespace filter on a namespace object.` : mismatchedLabels(binding, kubernetesObject) ? `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(kubernetesObject))}'.` : mismatchedAnnotations(binding, kubernetesObject) ? `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(kubernetesObject))}'.` : uncarryableNamespace(capabilityNamespaces, kubernetesObject) ? `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : unbindableNamespaces(capabilityNamespaces, binding) ? `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : mismatchedNamespace(binding, kubernetesObject) ? `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(kubernetesObject)}'.` : mismatchedNamespaceRegex(binding, kubernetesObject) ? `${prefix} Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(kubernetesObject)}'.` : mismatchedNameRegex(binding, kubernetesObject) ? `${prefix} Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(kubernetesObject)}'.` : carriesIgnoredNamespace(ignoredNamespaces, kubernetesObject) ? `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.` : missingCarriableNamespace(capabilityNamespaces, kubernetesObject) ? `${prefix} Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.` : "";
|
|
1242
1267
|
}
|
|
1243
1268
|
|
|
1244
1269
|
// src/lib/finalizer.ts
|
|
1245
|
-
var
|
|
1270
|
+
var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
|
|
1246
1271
|
function addFinalizer(request) {
|
|
1247
1272
|
if (request.Request.operation === "DELETE" /* DELETE */) {
|
|
1248
1273
|
return;
|
|
@@ -1262,18 +1287,18 @@ async function removeFinalizer(binding, obj) {
|
|
|
1262
1287
|
const meta = obj.metadata;
|
|
1263
1288
|
const resource = `${meta.namespace || "ClusterScoped"}/${meta.name}`;
|
|
1264
1289
|
logger_default.debug({ obj }, `Removing finalizer '${peprFinal}' from '${resource}'`);
|
|
1265
|
-
const { model, kind:
|
|
1290
|
+
const { model, kind: kind3 } = binding;
|
|
1266
1291
|
try {
|
|
1267
|
-
(0,
|
|
1292
|
+
(0, import_kubernetes_fluent_client5.RegisterKind)(model, kind3);
|
|
1268
1293
|
} catch (e) {
|
|
1269
1294
|
const expected = e.message === `GVK ${model.name} already registered`;
|
|
1270
1295
|
if (!expected) {
|
|
1271
|
-
logger_default.error({ model, kind:
|
|
1296
|
+
logger_default.error({ model, kind: kind3, error: e }, `Error registering "${kind3}" during finalization.`);
|
|
1272
1297
|
return;
|
|
1273
1298
|
}
|
|
1274
1299
|
}
|
|
1275
1300
|
const finalizers = meta.finalizers?.filter((f) => f !== peprFinal) || [];
|
|
1276
|
-
obj = await (0,
|
|
1301
|
+
obj = await (0, import_kubernetes_fluent_client5.K8s)(model, meta).Patch([
|
|
1277
1302
|
{
|
|
1278
1303
|
op: "replace",
|
|
1279
1304
|
path: `/metadata/finalizers`,
|
|
@@ -1379,12 +1404,12 @@ function queueKey(obj) {
|
|
|
1379
1404
|
let strat = process.env.PEPR_RECONCILE_STRATEGY || d3fault;
|
|
1380
1405
|
strat = options.includes(strat) ? strat : d3fault;
|
|
1381
1406
|
const ns = obj.metadata?.namespace ?? "cluster-scoped";
|
|
1382
|
-
const
|
|
1407
|
+
const kind3 = obj.kind ?? "UnknownKind";
|
|
1383
1408
|
const name = obj.metadata?.name ?? "Unnamed";
|
|
1384
1409
|
const lookup = {
|
|
1385
|
-
kind: `${
|
|
1386
|
-
kindNs: `${
|
|
1387
|
-
kindNsName: `${
|
|
1410
|
+
kind: `${kind3}`,
|
|
1411
|
+
kindNs: `${kind3}/${ns}`,
|
|
1412
|
+
kindNsName: `${kind3}/${ns}/${name}`,
|
|
1388
1413
|
global: "global"
|
|
1389
1414
|
};
|
|
1390
1415
|
return lookup[strat];
|
|
@@ -1403,11 +1428,11 @@ var watchCfg = {
|
|
|
1403
1428
|
relistIntervalSec: process.env.PEPR_RELIST_INTERVAL_SECONDS ? parseInt(process.env.PEPR_RELIST_INTERVAL_SECONDS, 10) : 600
|
|
1404
1429
|
};
|
|
1405
1430
|
var eventToPhaseMap = {
|
|
1406
|
-
["CREATE" /*
|
|
1407
|
-
["UPDATE" /*
|
|
1408
|
-
["CREATEORUPDATE" /*
|
|
1409
|
-
["DELETE" /*
|
|
1410
|
-
["*" /*
|
|
1431
|
+
["CREATE" /* CREATE */]: [import_types.WatchPhase.Added],
|
|
1432
|
+
["UPDATE" /* UPDATE */]: [import_types.WatchPhase.Modified],
|
|
1433
|
+
["CREATEORUPDATE" /* CREATE_OR_UPDATE */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified],
|
|
1434
|
+
["DELETE" /* DELETE */]: [import_types.WatchPhase.Deleted],
|
|
1435
|
+
["*" /* ANY */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified, import_types.WatchPhase.Deleted]
|
|
1411
1436
|
};
|
|
1412
1437
|
function setupWatch(capabilities, ignoredNamespaces) {
|
|
1413
1438
|
capabilities.map(
|
|
@@ -1415,7 +1440,7 @@ function setupWatch(capabilities, ignoredNamespaces) {
|
|
|
1415
1440
|
);
|
|
1416
1441
|
}
|
|
1417
1442
|
async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
|
|
1418
|
-
const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /*
|
|
1443
|
+
const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /* ANY */];
|
|
1419
1444
|
logger_default.debug({ watchCfg }, "Effective WatchConfig");
|
|
1420
1445
|
const watchCallback = async (kubernetesObject, phase) => {
|
|
1421
1446
|
if (phaseMatch.includes(phase)) {
|
|
@@ -1449,7 +1474,7 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
|
|
|
1449
1474
|
shouldRemoveFinalizer === false ? logger_default.debug({ obj: kubernetesObject }, `Skipping removal of finalizer '${peprFinal}' from '${resource}'`) : await removeFinalizer(binding, kubernetesObject);
|
|
1450
1475
|
}
|
|
1451
1476
|
};
|
|
1452
|
-
const watcher = (0,
|
|
1477
|
+
const watcher = (0, import_kubernetes_fluent_client6.K8s)(binding.model, binding.filters).Watch(async (obj, phase) => {
|
|
1453
1478
|
logger_default.debug(obj, `Watch event ${phase} received`);
|
|
1454
1479
|
if (binding.isQueue) {
|
|
1455
1480
|
const queue = getOrCreateQueue(obj);
|
|
@@ -1458,30 +1483,30 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
|
|
|
1458
1483
|
await watchCallback(obj, phase);
|
|
1459
1484
|
}
|
|
1460
1485
|
}, watchCfg);
|
|
1461
|
-
watcher.events.on(
|
|
1486
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => {
|
|
1462
1487
|
logger_default.error(err, "Watch failed after 5 attempts, giving up");
|
|
1463
1488
|
process.exit(1);
|
|
1464
1489
|
});
|
|
1465
|
-
watcher.events.on(
|
|
1466
|
-
watcher.events.on(
|
|
1490
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CONNECT, (url) => logEvent(import_kubernetes_fluent_client6.WatchEvent.CONNECT, url));
|
|
1491
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, err.message));
|
|
1467
1492
|
watcher.events.on(
|
|
1468
|
-
|
|
1469
|
-
(retryCount) => logEvent(
|
|
1493
|
+
import_kubernetes_fluent_client6.WatchEvent.RECONNECT,
|
|
1494
|
+
(retryCount) => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT, `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`)
|
|
1470
1495
|
);
|
|
1471
|
-
watcher.events.on(
|
|
1472
|
-
watcher.events.on(
|
|
1473
|
-
watcher.events.on(
|
|
1474
|
-
watcher.events.on(
|
|
1475
|
-
watcher.events.on(
|
|
1476
|
-
watcher.events.on(
|
|
1477
|
-
watcher.events.on(
|
|
1478
|
-
watcher.events.on(
|
|
1496
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING, () => logEvent(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING));
|
|
1497
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, err.message));
|
|
1498
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.ABORT, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.ABORT, err.message));
|
|
1499
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, err));
|
|
1500
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, err.message));
|
|
1501
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, (err) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, err.message));
|
|
1502
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.LIST, (list) => logEvent(import_kubernetes_fluent_client6.WatchEvent.LIST, JSON.stringify(list, void 0, 2)));
|
|
1503
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.CACHE_MISS, (windowName) => {
|
|
1479
1504
|
metricsCollector.incCacheMiss(windowName);
|
|
1480
1505
|
});
|
|
1481
|
-
watcher.events.on(
|
|
1506
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INIT_CACHE_MISS, (windowName) => {
|
|
1482
1507
|
metricsCollector.initCacheMissWindow(windowName);
|
|
1483
1508
|
});
|
|
1484
|
-
watcher.events.on(
|
|
1509
|
+
watcher.events.on(import_kubernetes_fluent_client6.WatchEvent.INC_RESYNC_FAILURE_COUNT, (retryCount) => {
|
|
1485
1510
|
metricsCollector.incRetryCount(retryCount);
|
|
1486
1511
|
});
|
|
1487
1512
|
try {
|
|
@@ -1938,16 +1963,16 @@ var Capability = class {
|
|
|
1938
1963
|
* @param kind if using a custom KubernetesObject not available in `a.*`, specify the GroupVersionKind
|
|
1939
1964
|
* @returns
|
|
1940
1965
|
*/
|
|
1941
|
-
When = (model,
|
|
1942
|
-
const matchedKind = (0,
|
|
1943
|
-
if (!matchedKind && !
|
|
1966
|
+
When = (model, kind3) => {
|
|
1967
|
+
const matchedKind = (0, import_kubernetes_fluent_client7.modelToGroupVersionKind)(model.name);
|
|
1968
|
+
if (!matchedKind && !kind3) {
|
|
1944
1969
|
throw new Error(`Kind not specified for ${model.name}`);
|
|
1945
1970
|
}
|
|
1946
1971
|
const binding = {
|
|
1947
1972
|
model,
|
|
1948
1973
|
// If the kind is not specified, use the matched kind from the model
|
|
1949
|
-
kind:
|
|
1950
|
-
event: "*" /*
|
|
1974
|
+
kind: kind3 || matchedKind,
|
|
1975
|
+
event: "*" /* ANY */,
|
|
1951
1976
|
filters: {
|
|
1952
1977
|
name: "",
|
|
1953
1978
|
namespaces: [],
|
|
@@ -2037,7 +2062,7 @@ var Capability = class {
|
|
|
2037
2062
|
...binding,
|
|
2038
2063
|
isMutate: true,
|
|
2039
2064
|
isFinalize: true,
|
|
2040
|
-
event: "*" /*
|
|
2065
|
+
event: "*" /* ANY */,
|
|
2041
2066
|
mutateCallback: addFinalizer
|
|
2042
2067
|
};
|
|
2043
2068
|
bindings.push(mutateBinding);
|
|
@@ -2047,7 +2072,7 @@ var Capability = class {
|
|
|
2047
2072
|
...binding,
|
|
2048
2073
|
isWatch: true,
|
|
2049
2074
|
isFinalize: true,
|
|
2050
|
-
event: "UPDATE" /*
|
|
2075
|
+
event: "UPDATE" /* UPDATE */,
|
|
2051
2076
|
finalizeCallback: async (update, logger = aliasLogger) => {
|
|
2052
2077
|
logger_default.info(`Executing finalize action with alias: ${binding.alias || "no alias provided"}`);
|
|
2053
2078
|
return await finalizeCallback(update, logger);
|
|
@@ -2109,10 +2134,10 @@ var Capability = class {
|
|
|
2109
2134
|
};
|
|
2110
2135
|
}
|
|
2111
2136
|
return {
|
|
2112
|
-
IsCreatedOrUpdated: () => bindEvent("CREATEORUPDATE" /*
|
|
2113
|
-
IsCreated: () => bindEvent("CREATE" /*
|
|
2114
|
-
IsUpdated: () => bindEvent("UPDATE" /*
|
|
2115
|
-
IsDeleted: () => bindEvent("DELETE" /*
|
|
2137
|
+
IsCreatedOrUpdated: () => bindEvent("CREATEORUPDATE" /* CREATE_OR_UPDATE */),
|
|
2138
|
+
IsCreated: () => bindEvent("CREATE" /* CREATE */),
|
|
2139
|
+
IsUpdated: () => bindEvent("UPDATE" /* UPDATE */),
|
|
2140
|
+
IsDeleted: () => bindEvent("DELETE" /* DELETE */)
|
|
2116
2141
|
};
|
|
2117
2142
|
};
|
|
2118
2143
|
};
|