pepr 0.46.3-nightly.6 → 0.46.3-nightly.8

package/package.json

@@ -16,7 +16,7 @@
     "!src/fixtures/**",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.46.3-nightly.6",
+  "version": "0.46.3-nightly.8",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {

package/src/cli/build.helpers.ts

@@ -11,6 +11,7 @@ import { promises as fs } from "fs";
 import { generateAllYaml } from "../lib/assets/yaml/generateAllYaml";
 import { webhookConfigGenerator } from "../lib/assets/webhooks";
 import { generateZarfYamlGeneric } from "../lib/assets/yaml/generateZarfYaml";
+import { getDeployment, getModuleSecret, getWatcher } from "../lib/assets/pods";
 
 interface ImageOptions {
   customImage?: string;
@@ -191,7 +192,7 @@ export async function generateYamlAndWriteToDisk(obj: {
   const yamlFile = `pepr-module-${uuid}.yaml`;
   const chartPath = `${uuid}-chart`;
   const yamlPath = resolve(outputDir, yamlFile);
-  const yaml = await assets.allYaml(generateAllYaml, imagePullSecret);
+  const yaml = await assets.allYaml(generateAllYaml, getDeployment, getWatcher, imagePullSecret);
   const zarfPath = resolve(outputDir, "zarf.yaml");
 
   let localZarf = "";
@@ -203,6 +204,6 @@ export async function generateYamlAndWriteToDisk(obj: {
   await fs.writeFile(yamlPath, yaml);
   await fs.writeFile(zarfPath, localZarf);
 
-  await assets.generateHelmChart(webhookConfigGenerator, outputDir);
+  await assets.generateHelmChart(webhookConfigGenerator, getWatcher, getModuleSecret, outputDir);
   console.info(`✅ K8s resource for the module saved to ${yamlPath}`);
 }

package/src/cli/init/templates.ts

@@ -3,7 +3,7 @@
 
 import { dumpYaml } from "@kubernetes/client-node";
 import { inspect } from "util";
-import { v4 as uuidv4, v5 as uuidv5 } from "uuid";
+import { v4 as uuidv4 } from "uuid";
 
 import eslintJSON from "../../templates/.eslintrc.template.json";
 import peprSnippetsJSON from "../../templates/pepr.code-snippets.json";
@@ -48,7 +48,7 @@ export type peprPackageJSON = {
 
 export function genPkgJSON(opts: InitOptions, pgkVerOverride?: string): peprPackageJSON {
   // Generate a random UUID for the module based on the module name if it is not provided
-  const uuid = !opts.uuid ? uuidv5(opts.name, uuidv4()) : opts.uuid;
+  const uuid = !opts.uuid ? uuidv4() : opts.uuid;
   // Generate a name for the module based on the module name
   const name = sanitizeName(opts.name);
   // Make typescript a dev dependency

package/src/lib/assets/assets.ts

@@ -18,7 +18,6 @@ import {
 } from "@kubernetes/client-node/dist/gen";
 import { createDirectoryIfNotExists } from "../filesystemService";
 import { overridesFile } from "./yaml/overridesFile";
-import { getDeployment, getModuleSecret, getWatcher } from "./pods";
 import { helmLayout, createWebhookYaml, toYaml } from "./index";
 import { loadCapabilities } from "./loader";
 import { namespaceComplianceValidator, dedent } from "../helpers";
@@ -26,6 +25,7 @@ import { promises as fs } from "fs";
 import { storeRole, storeRoleBinding, clusterRoleBinding, serviceAccount } from "./rbac";
 import { watcherService, service, tlsSecret, apiPathSecret } from "./networking";
 import { WebhookType } from "../enums";
+import { kind } from "kubernetes-fluent-client";
 
 export class Assets {
   readonly name: string;
@@ -84,6 +84,18 @@ export class Assets {
       assets: Assets,
       deployments: { default: V1Deployment; watch: V1Deployment | null },
     ) => Promise<string>,
+    getDeploymentFunction: (
+      assets: Assets,
+      hash: string,
+      buildTimestamp: string,
+      imagePullSecret?: string,
+    ) => kind.Deployment,
+    getWatcherFunction: (
+      assets: Assets,
+      hash: string,
+      buildTimestamp: string,
+      imagePullSecret?: string,
+    ) => kind.Deployment | null,
     imagePullSecret?: string,
   ): Promise<string> => {
     this.capabilities = await loadCapabilities(this.path);
@@ -97,8 +109,8 @@ export class Assets {
     const moduleHash = crypto.createHash("sha256").update(code).digest("hex");
 
     const deployments = {
-      default: getDeployment(this, moduleHash, this.buildTimestamp, imagePullSecret),
-      watch: getWatcher(this, moduleHash, this.buildTimestamp, imagePullSecret),
+      default: getDeploymentFunction(this, moduleHash, this.buildTimestamp, imagePullSecret),
+      watch: getWatcherFunction(this, moduleHash, this.buildTimestamp, imagePullSecret),
     };
 
     return yamlGenerationFunction(this, deployments);
@@ -141,6 +153,13 @@ export class Assets {
       mutateOrValidate: WebhookType,
       timeoutSeconds: number | undefined,
     ) => Promise<V1MutatingWebhookConfiguration | V1ValidatingWebhookConfiguration | null>,
+    getWatcherFunction: (
+      assets: Assets,
+      hash: string,
+      buildTimestamp: string,
+      imagePullSecret?: string,
+    ) => kind.Deployment | null,
+    getModuleSecretFunction: (name: string, data: Buffer, hash: string) => kind.Secret,
     basePath: string,
   ): Promise<void> => {
     const helm = helmLayout(basePath, this.config.uuid);
@@ -175,7 +194,7 @@ export class Assets {
         [helm.files.serviceAccountYaml, (): string => toYaml(serviceAccount(this.name))],
         [
           helm.files.moduleSecretYaml,
-          (): string => toYaml(getModuleSecret(this.name, code, moduleHash)),
+          (): string => toYaml(getModuleSecretFunction(this.name, code, moduleHash)),
         ],
       ];
       await Promise.all(pairs.map(async ([file, content]) => await fs.writeFile(file, content())));
@@ -205,7 +224,7 @@ export class Assets {
 
       await this.writeWebhookFiles(webhooks.validate, webhooks.mutate, helm);
 
-      const watchDeployment = getWatcher(this, moduleHash, this.buildTimestamp);
+      const watchDeployment = getWatcherFunction(this, moduleHash, this.buildTimestamp);
       if (watchDeployment) {
         await fs.writeFile(
           helm.files.watcherDeploymentYaml,

package/src/lib/assets/envrionment.ts

@@ -0,0 +1,26 @@
+import { V1EnvVar } from "@kubernetes/client-node";
+import { ModuleConfig } from "../types";
+
+export function genEnv(
+  config: ModuleConfig,
+  watchMode = false,
+  ignoreWatchMode = false,
+): V1EnvVar[] {
+  const noWatchDef = {
+    PEPR_PRETTY_LOG: "false",
+    LOG_LEVEL: config.logLevel || "info",
+  };
+
+  const def = {
+    PEPR_WATCH_MODE: watchMode ? "true" : "false",
+    ...noWatchDef,
+  };
+
+  if (config.env && config.env["PEPR_WATCH_MODE"]) {
+    delete config.env["PEPR_WATCH_MODE"];
+  }
+  const cfg = config.env || {};
+  return ignoreWatchMode
+    ? Object.entries({ ...noWatchDef, ...cfg }).map(([name, value]) => ({ name, value }))
+    : Object.entries({ ...def, ...cfg }).map(([name, value]) => ({ name, value }));
+}

package/src/lib/assets/pods.ts

@@ -1,13 +1,13 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { KubernetesObject, V1EnvVar } from "@kubernetes/client-node";
+import { KubernetesObject } from "@kubernetes/client-node";
 import { kind } from "kubernetes-fluent-client";
 import { gzipSync } from "zlib";
 import { secretOverLimit } from "../helpers";
 import { Assets } from "./assets";
-import { ModuleConfig } from "../types";
 import { Binding } from "../types";
+import { genEnv } from "./envrionment";
 
 /** Generate the pepr-system namespace */
 export function getNamespace(namespaceLabels?: Record<string, string>): KubernetesObject {
@@ -365,27 +365,3 @@ export function getModuleSecret(name: string, data: Buffer, hash: string): kind.
     };
   }
 }
-
-export function genEnv(
-  config: ModuleConfig,
-  watchMode = false,
-  ignoreWatchMode = false,
-): V1EnvVar[] {
-  const noWatchDef = {
-    PEPR_PRETTY_LOG: "false",
-    LOG_LEVEL: config.logLevel || "info",
-  };
-
-  const def = {
-    PEPR_WATCH_MODE: watchMode ? "true" : "false",
-    ...noWatchDef,
-  };
-
-  if (config.env && config.env["PEPR_WATCH_MODE"]) {
-    delete config.env["PEPR_WATCH_MODE"];
-  }
-  const cfg = config.env || {};
-  return ignoreWatchMode
-    ? Object.entries({ ...noWatchDef, ...cfg }).map(([name, value]) => ({ name, value }))
-    : Object.entries({ ...def, ...cfg }).map(([name, value]) => ({ name, value }));
-}

package/src/lib/assets/yaml/overridesFile.ts

@@ -1,6 +1,5 @@
-import { genEnv } from "../pods";
-import { ModuleConfig } from "../../types";
-import { CapabilityExport } from "../../types";
+import { genEnv } from "../envrionment";
+import { CapabilityExport, ModuleConfig } from "../../types";
 import { dumpYaml } from "@kubernetes/client-node";
 import { clusterRole } from "../rbac";
 import { promises as fs } from "fs";

package/src/lib/filter/adjudication.ts

@@ -0,0 +1,196 @@
+import { KubernetesObject } from "kubernetes-fluent-client";
+import { AdmissionRequest } from "../common-types";
+import { Binding } from "../types";
+import {
+  declaredOperation,
+  declaredGroup,
+  declaredVersion,
+  declaredKind,
+} from "./adjudicators/admissionRequest";
+import {
+  definedEvent,
+  definedName,
+  definedGroup,
+  definedVersion,
+  definedKind,
+  definedNamespaces,
+  definedLabels,
+  definedAnnotations,
+  definedNamespaceRegexes,
+  definedNameRegex,
+} from "./adjudicators/binding";
+import {
+  carriedName,
+  carriedNamespace,
+  carriedLabels,
+  carriedAnnotations,
+} from "./adjudicators/kubernetesObject";
+import {
+  mismatchedDeletionTimestamp,
+  mismatchedEvent,
+  mismatchedName,
+  mismatchedGroup,
+  mismatchedVersion,
+  mismatchedKind,
+  mismatchedNamespace,
+  mismatchedLabels,
+  mismatchedAnnotations,
+  mismatchedNamespaceRegex,
+  mismatchedNameRegex,
+} from "./adjudicators/mismatch";
+import {
+  misboundNamespace,
+  misboundDeleteWithDeletionTimestamp,
+  unbindableNamespaces,
+  uncarryableNamespace,
+  carriesIgnoredNamespace,
+  missingCarriableNamespace,
+} from "./adjudicators/postCollection";
+import { AdjudicationResult } from "../types";
+
+export function adjudicateMisboundNamespace(binding: Binding): AdjudicationResult {
+  return misboundNamespace(binding) ? "Cannot use namespace filter on a namespace object." : null;
+}
+
+export function adjudicateMisboundDeleteWithDeletionTimestamp(
+  binding: Binding,
+): AdjudicationResult {
+  return misboundDeleteWithDeletionTimestamp(binding)
+    ? "Cannot use deletionTimestamp filter on a DELETE operation."
+    : null;
+}
+
+export function adjudicateMismatchedDeletionTimestamp(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedDeletionTimestamp(binding, obj)
+    ? "Binding defines deletionTimestamp but Object does not carry it."
+    : null;
+}
+
+export function adjudicateMismatchedEvent(
+  binding: Binding,
+  req: AdmissionRequest,
+): AdjudicationResult {
+  return mismatchedEvent(binding, req)
+    ? `Binding defines event '${definedEvent(binding)}' but Request declares '${declaredOperation(req)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedName(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedName(binding, obj)
+    ? `Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedGroup(
+  binding: Binding,
+  req: AdmissionRequest,
+): AdjudicationResult {
+  return mismatchedGroup(binding, req)
+    ? `Binding defines group '${definedGroup(binding)}' but Request declares '${declaredGroup(req)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedVersion(
+  binding: Binding,
+  req: AdmissionRequest,
+): AdjudicationResult {
+  return mismatchedVersion(binding, req)
+    ? `Binding defines version '${definedVersion(binding)}' but Request declares '${declaredVersion(req)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedKind(
+  binding: Binding,
+  req: AdmissionRequest,
+): AdjudicationResult {
+  return mismatchedKind(binding, req)
+    ? `Binding defines kind '${definedKind(binding)}' but Request declares '${declaredKind(req)}'.`
+    : null;
+}
+
+export function adjudicateUnbindableNamespaces(
+  capabilityNamespaces: string[],
+  binding: Binding,
+): AdjudicationResult {
+  return unbindableNamespaces(capabilityNamespaces, binding)
+    ? `Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
+}
+
+export function adjudicateUncarryableNamespace(
+  capabilityNamespaces: string[],
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return uncarryableNamespace(capabilityNamespaces, obj)
+    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedNamespace(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedNamespace(binding, obj)
+    ? `Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(obj)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedLabels(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedLabels(binding, obj)
+    ? `Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(obj))}'.`
+    : null;
+}
+
+export function adjudicateMismatchedAnnotations(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedAnnotations(binding, obj)
+    ? `Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.`
+    : null;
+}
+
+export function adjudicateMismatchedNamespaceRegex(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedNamespaceRegex(binding, obj)
+    ? `Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(obj)}'.`
+    : null;
+}
+
+export function adjudicateMismatchedNameRegex(
+  binding: Binding,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return mismatchedNameRegex(binding, obj)
+    ? `Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(obj)}'.`
+    : null;
+}
+
+export function adjudicateCarriesIgnoredNamespace(
+  ignoredNamespaces: string[] | undefined,
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return carriesIgnoredNamespace(ignoredNamespaces, obj)
+    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
+    : null;
+}
+
+export function adjudicateMissingCarriableNamespace(
+  capabilityNamespaces: string[],
+  obj: KubernetesObject,
+): AdjudicationResult {
+  return missingCarriableNamespace(capabilityNamespaces, obj)
+    ? `Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+    : null;
+}

package/src/lib/filter/filter.ts

@@ -1,57 +1,30 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { Binding } from "../types";
+import { AdjudicationResult, Binding } from "../types";
 import { Operation } from "../enums";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import {
-  carriesIgnoredNamespace,
-  misboundDeleteWithDeletionTimestamp,
-  misboundNamespace,
-  missingCarriableNamespace,
-  unbindableNamespaces,
-  uncarryableNamespace,
-} from "./adjudicators/postCollection";
-import {
-  declaredOperation,
-  declaredGroup,
-  declaredVersion,
-  declaredKind,
-} from "./adjudicators/admissionRequest";
-import {
-  definedEvent,
-  definedName,
-  definedGroup,
-  definedVersion,
-  definedKind,
-  definedNamespaces,
-  definedLabels,
-  definedAnnotations,
-  definedNamespaceRegexes,
-  definedNameRegex,
-} from "./adjudicators/binding";
-import {
-  carriedName,
-  carriedNamespace,
-  carriedLabels,
-  carriedAnnotations,
-} from "./adjudicators/kubernetesObject";
-import {
-  mismatchedDeletionTimestamp,
-  mismatchedEvent,
-  mismatchedName,
-  mismatchedGroup,
-  mismatchedVersion,
-  mismatchedKind,
-  mismatchedNamespace,
-  mismatchedLabels,
-  mismatchedAnnotations,
-  mismatchedNamespaceRegex,
-  mismatchedNameRegex,
-} from "./adjudicators/mismatch";
 import { AdmissionRequest } from "../common-types";
+import {
+  adjudicateMisboundDeleteWithDeletionTimestamp,
+  adjudicateMismatchedDeletionTimestamp,
+  adjudicateMismatchedEvent,
+  adjudicateMismatchedName,
+  adjudicateMismatchedGroup,
+  adjudicateMismatchedVersion,
+  adjudicateMismatchedKind,
+  adjudicateUnbindableNamespaces,
+  adjudicateUncarryableNamespace,
+  adjudicateMismatchedNamespace,
+  adjudicateMismatchedLabels,
+  adjudicateMismatchedAnnotations,
+  adjudicateMismatchedNamespaceRegex,
+  adjudicateMismatchedNameRegex,
+  adjudicateCarriesIgnoredNamespace,
+  adjudicateMissingCarriableNamespace,
+  adjudicateMisboundNamespace,
+} from "./adjudication";
 
-type AdjudicationResult = string | null;
 type Adjudicator = () => AdjudicationResult;
 
 /**
@@ -142,150 +115,3 @@ export function filterNoMatchReason(
 
   return "";
 }
-
-export function adjudicateMisboundNamespace(binding: Binding): AdjudicationResult {
-  return misboundNamespace(binding) ? "Cannot use namespace filter on a namespace object." : null;
-}
-
-export function adjudicateMisboundDeleteWithDeletionTimestamp(
-  binding: Binding,
-): AdjudicationResult {
-  return misboundDeleteWithDeletionTimestamp(binding)
-    ? "Cannot use deletionTimestamp filter on a DELETE operation."
-    : null;
-}
-
-export function adjudicateMismatchedDeletionTimestamp(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedDeletionTimestamp(binding, obj)
-    ? "Binding defines deletionTimestamp but Object does not carry it."
-    : null;
-}
-
-export function adjudicateMismatchedEvent(
-  binding: Binding,
-  req: AdmissionRequest,
-): AdjudicationResult {
-  return mismatchedEvent(binding, req)
-    ? `Binding defines event '${definedEvent(binding)}' but Request declares '${declaredOperation(req)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedName(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedName(binding, obj)
-    ? `Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedGroup(
-  binding: Binding,
-  req: AdmissionRequest,
-): AdjudicationResult {
-  return mismatchedGroup(binding, req)
-    ? `Binding defines group '${definedGroup(binding)}' but Request declares '${declaredGroup(req)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedVersion(
-  binding: Binding,
-  req: AdmissionRequest,
-): AdjudicationResult {
-  return mismatchedVersion(binding, req)
-    ? `Binding defines version '${definedVersion(binding)}' but Request declares '${declaredVersion(req)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedKind(
-  binding: Binding,
-  req: AdmissionRequest,
-): AdjudicationResult {
-  return mismatchedKind(binding, req)
-    ? `Binding defines kind '${definedKind(binding)}' but Request declares '${declaredKind(req)}'.`
-    : null;
-}
-
-export function adjudicateUnbindableNamespaces(
-  capabilityNamespaces: string[],
-  binding: Binding,
-): AdjudicationResult {
-  return unbindableNamespaces(capabilityNamespaces, binding)
-    ? `Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-    : null;
-}
-
-export function adjudicateUncarryableNamespace(
-  capabilityNamespaces: string[],
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return uncarryableNamespace(capabilityNamespaces, obj)
-    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedNamespace(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedNamespace(binding, obj)
-    ? `Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' but Object carries '${carriedNamespace(obj)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedLabels(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedLabels(binding, obj)
-    ? `Binding defines labels '${JSON.stringify(definedLabels(binding))}' but Object carries '${JSON.stringify(carriedLabels(obj))}'.`
-    : null;
-}
-
-export function adjudicateMismatchedAnnotations(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedAnnotations(binding, obj)
-    ? `Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.`
-    : null;
-}
-
-export function adjudicateMismatchedNamespaceRegex(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedNamespaceRegex(binding, obj)
-    ? `Binding defines namespace regexes '${JSON.stringify(definedNamespaceRegexes(binding))}' but Object carries '${carriedNamespace(obj)}'.`
-    : null;
-}
-
-export function adjudicateMismatchedNameRegex(
-  binding: Binding,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return mismatchedNameRegex(binding, obj)
-    ? `Binding defines name regex '${definedNameRegex(binding)}' but Object carries '${carriedName(obj)}'.`
-    : null;
-}
-
-export function adjudicateCarriesIgnoredNamespace(
-  ignoredNamespaces: string[] | undefined,
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return carriesIgnoredNamespace(ignoredNamespaces, obj)
-    ? `Object carries namespace '${obj.kind && obj.kind === "Namespace" ? obj.metadata?.name : carriedNamespace(obj)}' but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
-    : null;
-}
-
-export function adjudicateMissingCarriableNamespace(
-  capabilityNamespaces: string[],
-  obj: KubernetesObject,
-): AdjudicationResult {
-  return missingCarriableNamespace(capabilityNamespaces, obj)
-    ? `Object does not carry a namespace but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
-    : null;
-}

package/src/lib/types.ts

@@ -308,3 +308,4 @@ export type PeprModuleOptions = {
   /** A user-defined callback to post-process or intercept a Pepr response just before it is returned to K8s */
   afterHook?: (res: MutateResponse | ValidateResponse) => void;
 }; // Track if this is a watch mode controller
+export type AdjudicationResult = string | null;