npm - pepr - Versions diffs - 0.42.1 → 0.42.2 - Mend

pepr 0.42.1 → 0.42.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/dist/cli/deploy.d.ts +15 -0
package/dist/cli/deploy.d.ts.map +1 -1
package/dist/cli/dev.d.ts.map +1 -1
package/dist/cli/format.d.ts.map +1 -1
package/dist/cli/format.helpers.d.ts +3 -0
package/dist/cli/format.helpers.d.ts.map +1 -0
package/dist/cli/init/enums.d.ts +10 -0
package/dist/cli/init/enums.d.ts.map +1 -0
package/dist/cli/init/index.d.ts.map +1 -1
package/dist/cli/init/templates.d.ts +15 -11
package/dist/cli/init/templates.d.ts.map +1 -1
package/dist/cli/init/utils.d.ts.map +1 -1
package/dist/cli/init/walkthrough.d.ts +3 -2
package/dist/cli/init/walkthrough.d.ts.map +1 -1
package/dist/cli/kfc.d.ts.map +1 -1
package/dist/cli/root.d.ts.map +1 -1
package/dist/cli/update.d.ts.map +1 -1
package/dist/cli/uuid.d.ts.map +1 -1
package/dist/cli.js +145 -306
package/dist/controller.js +1 -195
package/dist/fixtures/loader.d.ts.map +1 -1
package/dist/lib/assets/deploy.d.ts.map +1 -1
package/dist/lib/assets/index.d.ts +1 -1
package/dist/lib/assets/index.d.ts.map +1 -1
package/dist/lib/assets/pods.d.ts +1 -3
package/dist/lib/assets/pods.d.ts.map +1 -1
package/dist/lib/assets/rbac.d.ts.map +1 -1
package/dist/lib/assets/webhooks.d.ts.map +1 -1
package/dist/lib/controller/index.d.ts +2 -2
package/dist/lib/controller/index.d.ts.map +1 -1
package/dist/lib/controller/store.d.ts +1 -1
package/dist/lib/controller/store.d.ts.map +1 -1
package/dist/lib/controller/storeCache.d.ts +1 -1
package/dist/lib/controller/storeCache.d.ts.map +1 -1
package/dist/lib/{capability.d.ts → core/capability.d.ts} +1 -1
package/dist/lib/core/capability.d.ts.map +1 -0
package/dist/lib/{module.d.ts → core/module.d.ts} +2 -2
package/dist/lib/core/module.d.ts.map +1 -0
package/dist/lib/core/queue.d.ts.map +1 -0
package/dist/lib/{schedule.d.ts → core/schedule.d.ts} +0 -1
package/dist/lib/core/schedule.d.ts.map +1 -0
package/dist/lib/core/storage.d.ts.map +1 -0
package/dist/lib/deploymentChecks.d.ts.map +1 -1
package/dist/lib/errors.d.ts +0 -5
package/dist/lib/errors.d.ts.map +1 -1
package/dist/lib/filesystemService.d.ts.map +1 -1
package/dist/lib/filter/adjudicators/adjudicators.d.ts +5 -4
package/dist/lib/filter/adjudicators/adjudicators.d.ts.map +1 -1
package/dist/lib/filter/filter.d.ts +33 -1
package/dist/lib/filter/filter.d.ts.map +1 -1
package/dist/lib/finalizer.d.ts.map +1 -1
package/dist/lib/helpers.d.ts +4 -9
package/dist/lib/helpers.d.ts.map +1 -1
package/dist/lib/included-files.d.ts.map +1 -1
package/dist/lib/mutate-request.d.ts.map +1 -1
package/dist/lib/processors/mutate-processor.d.ts +28 -0
package/dist/lib/processors/mutate-processor.d.ts.map +1 -0
package/dist/lib/{validate-processor.d.ts → processors/validate-processor.d.ts} +5 -5
package/dist/lib/processors/validate-processor.d.ts.map +1 -0
package/dist/lib/{watch-processor.d.ts → processors/watch-processor.d.ts} +2 -2
package/dist/lib/processors/watch-processor.d.ts.map +1 -0
package/dist/lib/telemetry/logger.d.ts.map +1 -1
package/dist/lib/telemetry/metrics.d.ts.map +1 -1
package/dist/lib/validate-request.d.ts +2 -2
package/dist/lib/validate-request.d.ts.map +1 -1
package/dist/lib.d.ts +2 -2
package/dist/lib.d.ts.map +1 -1
package/dist/lib.js +383 -243
package/dist/lib.js.map +4 -4
package/dist/sdk/heredoc.d.ts.map +1 -1
package/package.json +9 -9
package/src/cli/deploy.ts +113 -74
package/src/cli/dev.ts +2 -2
package/src/cli/format.helpers.ts +27 -0
package/src/cli/format.ts +4 -18
package/src/cli/init/enums.ts +9 -0
package/src/cli/init/index.ts +4 -3
package/src/cli/init/templates.ts +30 -2
package/src/cli/init/utils.ts +3 -3
package/src/cli/init/walkthrough.ts +7 -8
package/src/cli/kfc.ts +1 -1
package/src/cli/root.ts +1 -1
package/src/cli/update.ts +1 -1
package/src/cli/uuid.ts +1 -1
package/src/fixtures/loader.ts +2 -2
package/src/lib/assets/deploy.ts +5 -5
package/src/lib/assets/index.ts +1 -1
package/src/lib/assets/pods.ts +1 -1
package/src/lib/assets/webhooks.ts +30 -45
package/src/lib/controller/index.ts +4 -4
package/src/lib/controller/store.ts +2 -2
package/src/lib/controller/storeCache.ts +6 -2
package/src/lib/{capability.ts → core/capability.ts} +4 -4
package/src/lib/{module.ts → core/module.ts} +10 -10
package/src/lib/{queue.ts → core/queue.ts} +1 -1
package/src/lib/deploymentChecks.ts +2 -2
package/src/lib/errors.ts +3 -8
package/src/lib/filesystemService.ts +1 -1
package/src/lib/filter/adjudicators/adjudicators.ts +40 -9
package/src/lib/filter/filter.ts +204 -111
package/src/lib/finalizer.ts +2 -2
package/src/lib/helpers.ts +20 -133
package/src/lib/included-files.ts +1 -1
package/src/lib/processors/mutate-processor.ts +225 -0
package/src/lib/{validate-processor.ts → processors/validate-processor.ts} +8 -8
package/src/lib/{watch-processor.ts → processors/watch-processor.ts} +8 -8
package/src/lib/telemetry/logger.ts +3 -1
package/src/lib/tls.ts +5 -1
package/src/lib/validate-request.ts +4 -4
package/src/lib.ts +2 -2
package/src/runtime/controller.ts +2 -2
package/src/sdk/heredoc.ts +1 -1
package/dist/lib/capability.d.ts.map +0 -1
package/dist/lib/module.d.ts.map +0 -1
package/dist/lib/mutate-processor.d.ts +0 -6
package/dist/lib/mutate-processor.d.ts.map +0 -1
package/dist/lib/queue.d.ts.map +0 -1
package/dist/lib/schedule.d.ts.map +0 -1
package/dist/lib/storage.d.ts.map +0 -1
package/dist/lib/validate-processor.d.ts.map +0 -1
package/dist/lib/watch-processor.d.ts.map +0 -1
package/src/lib/mutate-processor.ts +0 -165
/package/dist/lib/{queue.d.ts → core/queue.d.ts} +0 -0
/package/dist/lib/{storage.d.ts → core/storage.d.ts} +0 -0
/package/src/lib/{schedule.ts → core/schedule.ts} +0 -0
/package/src/lib/{storage.ts → core/storage.ts} +0 -0

package/src/lib/filter/filter.ts CHANGED Viewed

@@ -3,48 +3,55 @@
 import { AdmissionRequest, Binding } from "../types";
 import { Operation } from "../enums";
+import { KubernetesObject } from "kubernetes-fluent-client";
 import {
-  carriesIgnoredNamespace,
+  carriedAnnotations,
+  carriedLabels,
   carriedName,
-  definedEvent,
-  declaredOperation,
-  definedName,
-  definedGroup,
+  carriedNamespace,
+  carriesIgnoredNamespace,
   declaredGroup,
-  definedVersion,
+  declaredKind,
+  declaredOperation,
   declaredVersion,
+  definedAnnotations,
+  definedEvent,
+  definedGroup,
   definedKind,
-  declaredKind,
-  definedNamespaces,
-  carriedNamespace,
   definedLabels,
-  carriedLabels,
-  definedAnnotations,
-  carriedAnnotations,
-  definedNamespaceRegexes,
+  definedName,
   definedNameRegex,
+  definedNamespaceRegexes,
+  definedNamespaces,
+  definedVersion,
   misboundDeleteWithDeletionTimestamp,
-  mismatchedDeletionTimestamp,
+  misboundNamespace,
   mismatchedAnnotations,
+  mismatchedDeletionTimestamp,
+  mismatchedEvent,
+  mismatchedGroup,
+  mismatchedKind,
   mismatchedLabels,
   mismatchedName,
   mismatchedNameRegex,
   mismatchedNamespace,
   mismatchedNamespaceRegex,
-  mismatchedEvent,
-  mismatchedGroup,
   mismatchedVersion,
-  mismatchedKind,
   missingCarriableNamespace,
   unbindableNamespaces,
   uncarryableNamespace,
 } from "./adjudicators/adjudicators";
+type AdjudicationResult = string | null;
+type Adjudicator = () => AdjudicationResult;
 /**
- * shouldSkipRequest determines if a request should be skipped based on the binding filters.
+ * shouldSkipRequest determines if an admission request should be skipped based on the binding filters.
  *
  * @param binding the action binding
  * @param req the incoming request
+ * @param capabilityNamespaces the namespaces allowed by capability
+ * @param ignoredNamespaces the namespaces ignored by module config
  * @returns
  */
 export function shouldSkipRequest(
@@ -53,99 +60,185 @@ export function shouldSkipRequest(
   capabilityNamespaces: string[],
   ignoredNamespaces?: string[],
 ): string {
-  const prefix = "Ignoring Admission Callback:";
   const obj = (req.operation === Operation.DELETE ? req.oldObject : req.object)!;
+  const prefix = "Ignoring Admission Callback:";
-  // prettier-ignore
-  return (
-    misboundDeleteWithDeletionTimestamp(binding) ?
-      `${prefix} Cannot use deletionTimestamp filter on a DELETE operation.` :
-    mismatchedDeletionTimestamp(binding, obj) ?
-      `${prefix} Binding defines deletionTimestamp but Object does not carry it.` :
-    mismatchedEvent(binding, req) ?
-      (
-        `${prefix} Binding defines event '${definedEvent(binding)}' but ` +
-        `Request declares '${declaredOperation(req)}'.`
-      ) :
-    mismatchedName(binding, obj) ?
-      `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.` :
-    mismatchedGroup(binding, req) ?
-      (
-        `${prefix} Binding defines group '${definedGroup(binding)}' but ` +
-        `Request declares '${declaredGroup(req)}'.`
-      ) :
-    mismatchedVersion(binding, req) ?
-      (
-        `${prefix} Binding defines version '${definedVersion(binding)}' but ` +
-        `Request declares '${declaredVersion(req)}'.`
-      ) :
-    mismatchedKind(binding, req) ?
-      (
-        `${prefix} Binding defines kind '${definedKind(binding)}' but ` +
-        `Request declares '${declaredKind(req)}'.`
-      ) :
-    unbindableNamespaces(capabilityNamespaces, binding) ?
-      (
-        `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    uncarryableNamespace(capabilityNamespaces, obj) ?
-      (
-        `${prefix} Object carries namespace '${carriedNamespace(obj)}' ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    mismatchedNamespace(binding, obj) ?
-      (
-        `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' ` +
-        `but Object carries '${carriedNamespace(obj)}'.`
-      ) :
-    mismatchedLabels(binding, obj) ?
-      (
-        `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' ` +
-        `but Object carries '${JSON.stringify(carriedLabels(obj))}'.`
-      ) :
-    mismatchedAnnotations(binding, obj) ?
-      (
-        `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' ` +
-        `but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.`
-      ) :
-    mismatchedNamespaceRegex(binding, obj) ?
-      (
-        `${prefix} Binding defines namespace regexes ` +
-        `'${JSON.stringify(definedNamespaceRegexes(binding))}' ` +
-        `but Object carries '${carriedNamespace(obj)}'.`
-      ) :
-    mismatchedNameRegex(binding, obj) ?
-      (
-        `${prefix} Binding defines name regex '${definedNameRegex(binding)}' ` +
-        `but Object carries '${carriedName(obj)}'.`
-      ) :
-    carriesIgnoredNamespace(ignoredNamespaces, obj) ?
-      (
-        `${prefix} Object carries namespace '${carriedNamespace(obj)}' ` +
-        `but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
-      ) :
-    missingCarriableNamespace(capabilityNamespaces, obj) ?
-      (
-        `${prefix} Object does not carry a namespace ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    ""
-  );
+  const adjudicators: Adjudicator[] = [
+    (): AdjudicationResult => adjudicateMisboundDeleteWithDeletionTimestamp(binding),
+    (): AdjudicationResult => adjudicateMismatchedDeletionTimestamp(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedEvent(binding, req),
+    (): AdjudicationResult => adjudicateMismatchedName(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedGroup(binding, req),
+    (): AdjudicationResult => adjudicateMismatchedVersion(binding, req),
+    (): AdjudicationResult => adjudicateMismatchedKind(binding, req),
+    (): AdjudicationResult => adjudicateUnbindableNamespaces(capabilityNamespaces, binding),
+    (): AdjudicationResult => adjudicateUncarryableNamespace(capabilityNamespaces, obj),
+    (): AdjudicationResult => adjudicateMismatchedNamespace(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedLabels(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedAnnotations(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedNamespaceRegex(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedNameRegex(binding, obj),
+    (): AdjudicationResult => adjudicateCarriesIgnoredNamespace(ignoredNamespaces, obj),
+    (): AdjudicationResult => adjudicateMissingCarriableNamespace(capabilityNamespaces, obj),
+  ];
+  for (const adjudicator of adjudicators) {
+    const result = adjudicator();
+    if (result) {
+      return `${prefix} ${result}`;
+    }
+  }
+  return "";
+}
+/**
+ * filterNoMatchReason determines whether a callback should be skipped after
+ *  receiving an update event from the API server, based on the binding filters.
+ *
+ * @param binding the action binding
+ * @param kubernetesObject the incoming kubernetes object
+ * @param capabilityNamespaces the namespaces allowed by capability
+ * @param ignoredNamespaces the namespaces ignored by module config
+ */
+export function filterNoMatchReason(
+  binding: Binding,
+  obj: Partial<KubernetesObject>,
+  capabilityNamespaces: string[],
+  ignoredNamespaces?: string[],
+): string {
+  const prefix = "Ignoring Watch Callback:";
+  const adjudicators: Adjudicator[] = [
+    (): AdjudicationResult => adjudicateMismatchedDeletionTimestamp(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedName(binding, obj),
+    (): AdjudicationResult => adjudicateMisboundNamespace(binding),
+    (): AdjudicationResult => adjudicateMismatchedLabels(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedAnnotations(binding, obj),
+    (): AdjudicationResult => adjudicateUncarryableNamespace(capabilityNamespaces, obj),
+    (): AdjudicationResult => adjudicateUnbindableNamespaces(capabilityNamespaces, binding),
+    (): AdjudicationResult => adjudicateMismatchedNamespace(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedNamespaceRegex(binding, obj),
+    (): AdjudicationResult => adjudicateMismatchedNameRegex(binding, obj),
+    (): AdjudicationResult => adjudicateCarriesIgnoredNamespace(ignoredNamespaces, obj),
+    (): AdjudicationResult => adjudicateMissingCarriableNamespace(capabilityNamespaces, obj),
+  ];
+  for (const adjudicator of adjudicators) {
+    const result = adjudicator();
+    if (result) {
+      return `${prefix} ${result}`;
+    }
+  }
+  return "";
+}
+export function adjudicateMisboundNamespace(binding: Binding): AdjudicationResult {
+  return misboundNamespace(binding) ? "Cannot use namespace filter on a namespace object." : null;
+}
+export function adjudicateMisboundDeleteWithDeletionTimestamp(binding: Binding): AdjudicationResult {
+  return misboundDeleteWithDeletionTimestamp(binding)
+    ? "Cannot use deletionTimestamp filter on a DELETE operation."
+    : null;
+}
+export function adjudicateMismatchedDeletionTimestamp(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedDeletionTimestamp(binding, obj)
+    ? "Binding defines deletionTimestamp but Object does not carry it."
+    : null;
+}
+export function adjudicateMismatchedEvent(binding: Binding, req: AdmissionRequest): AdjudicationResult {
+  return mismatchedEvent(binding, req)
+    ? `Binding defines event '${definedEvent(binding)}' but Request declares '${declaredOperation(req)}'.`
+    : null;
+}
+export function adjudicateMismatchedName(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedName(binding, obj)
+    ? `Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.`
+    : null;
+}
+export function adjudicateMismatchedGroup(binding: Binding, req: AdmissionRequest): AdjudicationResult {
+  return mismatchedGroup(binding, req)
+    ? `Binding defines group '${definedGroup(binding)}' but Request declares '${declaredGroup(req)}'.`
+    : null;
+}
+export function adjudicateMismatchedVersion(binding: Binding, req: AdmissionRequest): AdjudicationResult {
+  return mismatchedVersion(binding, req)
+    ? `Binding defines version '${definedVersion(binding)}' but Request declares '${declaredVersion(req)}'.`
+    : null;
+}
+export function adjudicateMismatchedKind(binding: Binding, req: AdmissionRequest): AdjudicationResult {
+  return mismatchedKind(binding, req)
+    ? `Binding defines kind '${definedKind(binding)}' but Request declares '${declaredKind(req)}'.`
+    : null;
+}
+export function adjudicateUnbindableNamespaces(capabilityNamespaces: string[], binding: Binding): AdjudicationResult {
+  return unbindableNamespaces(capabilityNamespaces, binding)
+    ? `Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
+}
+export function adjudicateUncarryableNamespace(
+  capabilityNamespaces: string[],
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return uncarryableNamespace(capabilityNamespaces, obj)
+    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
+}
+export function adjudicateMismatchedNamespace(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedNamespace(binding, obj)
+    ? `Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(obj)}'.`
+    : null;
+}
+export function adjudicateMismatchedLabels(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedLabels(binding, obj)
+    ? `Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(obj))}'.`
+    : null;
+}
+export function adjudicateMismatchedAnnotations(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedAnnotations(binding, obj)
+    ? `Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.`
+    : null;
+}
+export function adjudicateMismatchedNamespaceRegex(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedNamespaceRegex(binding, obj)
+    ? `Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(obj)}'.`
+    : null;
+}
+export function adjudicateMismatchedNameRegex(binding: Binding, obj: KubernetesObject): AdjudicationResult {
+  return mismatchedNameRegex(binding, obj)
+    ? `Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(obj)}'.`
+    : null;
+}
+export function adjudicateCarriesIgnoredNamespace(
+  ignoredNamespaces: string[] | undefined,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return carriesIgnoredNamespace(ignoredNamespaces, obj)
+    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
+    : null;
+}
+export function adjudicateMissingCarriableNamespace(
+  capabilityNamespaces: string[],
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return missingCarriableNamespace(capabilityNamespaces, obj)
+    ? `Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
 }

package/src/lib/finalizer.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { Binding, DeepPartial } from "./types";
 import { Operation } from "./enums";
 import { PeprMutateRequest } from "./mutate-request";
-export function addFinalizer<K extends KubernetesObject>(request: PeprMutateRequest<K>) {
+export function addFinalizer<K extends KubernetesObject>(request: PeprMutateRequest<K>): void {
   // if a DELETE is being processed, don't add a finalizer
   if (request.Request.operation === Operation.DELETE) {
     return;
@@ -28,7 +28,7 @@ export function addFinalizer<K extends KubernetesObject>(request: PeprMutateRequ
   request.Merge({ metadata: { finalizers } } as DeepPartial<K>);
 }
-export async function removeFinalizer(binding: Binding, obj: KubernetesObject) {
+export async function removeFinalizer(binding: Binding, obj: KubernetesObject): Promise<void> {
   const peprFinal = "pepr.dev/finalizer";
   const meta = obj.metadata!;
   const resource = `${meta.namespace || "ClusterScoped"}/${meta.name}`;

package/src/lib/helpers.ts CHANGED Viewed

@@ -1,34 +1,9 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import { KubernetesObject } from "kubernetes-fluent-client";
 import Log from "./telemetry/logger";
 import { Binding, CapabilityExport } from "./types";
 import { sanitizeResourceName } from "../sdk/sdk";
-import {
-  carriedAnnotations,
-  carriedLabels,
-  carriedName,
-  carriedNamespace,
-  carriesIgnoredNamespace,
-  definedAnnotations,
-  definedLabels,
-  definedName,
-  definedNameRegex,
-  definedNamespaces,
-  definedNamespaceRegexes,
-  misboundNamespace,
-  mismatchedAnnotations,
-  mismatchedDeletionTimestamp,
-  mismatchedLabels,
-  mismatchedName,
-  mismatchedNameRegex,
-  mismatchedNamespace,
-  mismatchedNamespaceRegex,
-  missingCarriableNamespace,
-  unbindableNamespaces,
-  uncarryableNamespace,
-} from "./filter/adjudicators/adjudicators";
 export function matchesRegex(pattern: string, testString: string): boolean {
   return new RegExp(pattern).test(testString);
@@ -55,100 +30,13 @@ export function validateHash(expectedHash: string): void {
   }
 }
-export type RBACMap = {
+type RBACMap = {
   [key: string]: {
     verbs: string[];
     plural: string;
   };
 };
-/**
- * Decide to run callback after the event comes back from API Server
- **/
-export function filterNoMatchReason(
-  binding: Binding,
-  kubernetesObject: Partial<KubernetesObject>,
-  capabilityNamespaces: string[],
-  ignoredNamespaces?: string[],
-): string {
-  const prefix = "Ignoring Watch Callback:";
-  // prettier-ignore
-  return (
-    mismatchedDeletionTimestamp(binding, kubernetesObject) ?
-      `${prefix} Binding defines deletionTimestamp but Object does not carry it.` :
-    mismatchedName(binding, kubernetesObject) ?
-      `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(kubernetesObject)}'.` :
-    misboundNamespace(binding) ?
-      `${prefix} Cannot use namespace filter on a namespace object.` :
-    mismatchedLabels(binding, kubernetesObject) ?
-      (
-        `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' ` +
-        `but Object carries '${JSON.stringify(carriedLabels(kubernetesObject))}'.`
-      ) :
-    mismatchedAnnotations(binding, kubernetesObject) ?
-      (
-        `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' ` +
-        `but Object carries '${JSON.stringify(carriedAnnotations(kubernetesObject))}'.`
-      ) :
-    uncarryableNamespace(capabilityNamespaces, kubernetesObject) ?
-      (
-        `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    unbindableNamespaces(capabilityNamespaces, binding) ?
-      (
-        `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    mismatchedNamespace(binding, kubernetesObject) ?
-      (
-        `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' ` +
-        `but Object carries '${carriedNamespace(kubernetesObject)}'.`
-      ) :
-    mismatchedNamespaceRegex(binding, kubernetesObject) ?
-      (
-        `${prefix} Binding defines namespace regexes ` +
-        `'${JSON.stringify(definedNamespaceRegexes(binding))}' ` +
-        `but Object carries '${carriedNamespace(kubernetesObject)}'.`
-      ) :
-    mismatchedNameRegex(binding, kubernetesObject) ?
-      (
-        `${prefix} Binding defines name regex '${definedNameRegex(binding)}' ` +
-        `but Object carries '${carriedName(kubernetesObject)}'.`
-      ) :
-    carriesIgnoredNamespace(ignoredNamespaces, kubernetesObject) ?
-      (
-        `${prefix} Object carries namespace '${carriedNamespace(kubernetesObject)}' ` +
-        `but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
-      ) :
-    missingCarriableNamespace(capabilityNamespaces, kubernetesObject) ?
-      (
-        `${prefix} Object does not carry a namespace ` +
-        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-      ) :
-    ""
-  );
-}
-export function addVerbIfNotExists(verbs: string[], verb: string) {
-  if (!verbs.includes(verb)) {
-    verbs.push(verb);
-  }
-}
 export function createRBACMap(capabilities: CapabilityExport[]): RBACMap {
   return capabilities.reduce((acc: RBACMap, capability: CapabilityExport) => {
     capability.bindings.forEach(binding => {
@@ -200,11 +88,11 @@ export function hasAnyOverlap<T>(array1: T[], array2: T[]): boolean {
   return array1.some(element => array2.includes(element));
 }
-export function ignoredNamespaceConflict(ignoreNamespaces: string[], bindingNamespaces: string[]) {
+export function ignoredNamespaceConflict(ignoreNamespaces: string[], bindingNamespaces: string[]): boolean {
   return hasAnyOverlap(bindingNamespaces, ignoreNamespaces);
 }
-export function bindingAndCapabilityNSConflict(bindingNamespaces: string[], capabilityNamespaces: string[]) {
+export function bindingAndCapabilityNSConflict(bindingNamespaces: string[], capabilityNamespaces: string[]): boolean {
   if (!capabilityNamespaces) {
     return false;
   }
@@ -215,7 +103,7 @@ export function generateWatchNamespaceError(
   ignoredNamespaces: string[],
   bindingNamespaces: string[],
   capabilityNamespaces: string[],
-) {
+): string {
   let err = "";
   // check if binding uses an ignored namespace
@@ -237,7 +125,7 @@ export function generateWatchNamespaceError(
 }
 // namespaceComplianceValidator ensures that capability bindings respect ignored and capability namespaces
-export function namespaceComplianceValidator(capability: CapabilityExport, ignoredNamespaces?: string[]) {
+export function namespaceComplianceValidator(capability: CapabilityExport, ignoredNamespaces?: string[]): void {
   const { namespaces: capabilityNamespaces, bindings, name } = capability;
   const bindingNamespaces: string[] = bindings.flatMap((binding: Binding) => binding.filters.namespaces);
   const bindingRegexNamespaces: string[] = bindings.flatMap(
@@ -256,13 +144,16 @@ export function namespaceComplianceValidator(capability: CapabilityExport, ignor
   }
   // Ensure that each regexNamespace matches a capabilityNamespace
+  matchRegexToCapababilityNamespace(bindingRegexNamespaces, capabilityNamespaces);
+  // ensure regexNamespaces do not match ignored ns
+  checkRegexNamespaces(bindingRegexNamespaces, ignoredNamespaces);
+}
-  if (
-    bindingRegexNamespaces &&
-    bindingRegexNamespaces.length > 0 &&
-    capabilityNamespaces &&
-    capabilityNamespaces.length > 0
-  ) {
+const matchRegexToCapababilityNamespace = (
+  bindingRegexNamespaces: string[],
+  capabilityNamespaces: string[] | undefined,
+): void => {
+  if (bindingRegexNamespaces.length > 0 && capabilityNamespaces && capabilityNamespaces.length > 0) {
     for (const regexNamespace of bindingRegexNamespaces) {
       let matches = false;
       matches =
@@ -275,13 +166,10 @@ export function namespaceComplianceValidator(capability: CapabilityExport, ignor
       }
     }
   }
-  // ensure regexNamespaces do not match ignored ns
-  if (
-    bindingRegexNamespaces &&
-    bindingRegexNamespaces.length > 0 &&
-    ignoredNamespaces &&
-    ignoredNamespaces.length > 0
-  ) {
+};
+const checkRegexNamespaces = (bindingRegexNamespaces: string[], ignoredNamespaces: string[] | undefined): void => {
+  if (bindingRegexNamespaces.length > 0 && ignoredNamespaces && ignoredNamespaces.length > 0) {
     for (const regexNamespace of bindingRegexNamespaces) {
       const matchedNS = ignoredNamespaces.find(ignoredNS => matchesRegex(regexNamespace, ignoredNS));
       if (matchedNS) {
@@ -291,7 +179,7 @@ export function namespaceComplianceValidator(capability: CapabilityExport, ignor
       }
     }
   }
-}
+};
 // check if secret is over the size limit
 export function secretOverLimit(str: string): boolean {
@@ -302,8 +190,7 @@ export function secretOverLimit(str: string): boolean {
   return sizeInBytes > oneMiBInBytes;
 }
-/* eslint-disable @typescript-eslint/no-unused-vars */
-export const parseTimeout = (value: string, previous: unknown): number => {
+export const parseTimeout = (value: string): number => {
   const parsedValue = parseInt(value, 10);
   const floatValue = parseFloat(value);
   if (isNaN(parsedValue)) {

package/src/lib/included-files.ts CHANGED Viewed

@@ -3,7 +3,7 @@
 import { promises as fs } from "fs";
-export async function createDockerfile(version: string, description: string, includedFiles: string[]) {
+export async function createDockerfile(version: string, description: string, includedFiles: string[]): Promise<void> {
   const file = `
     # Use an official Node.js runtime as the base image
     FROM ghcr.io/defenseunicorns/pepr/controller:v${version}