pepr 0.47.0 → 0.48.1

package/dist/lib.js

@@ -31,22 +31,22 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var lib_exports = {};
 __export(lib_exports, {
   Capability: () => Capability,
-  K8s: () => import_kubernetes_fluent_client8.K8s,
+  K8s: () => import_kubernetes_fluent_client9.K8s,
   Log: () => logger_default,
   PeprModule: () => PeprModule,
   PeprMutateRequest: () => PeprMutateRequest,
   PeprUtils: () => utils_exports,
   PeprValidateRequest: () => PeprValidateRequest,
   R: () => R,
-  RegisterKind: () => import_kubernetes_fluent_client8.RegisterKind,
-  a: () => import_kubernetes_fluent_client8.kind,
-  fetch: () => import_kubernetes_fluent_client8.fetch,
-  fetchStatus: () => import_kubernetes_fluent_client8.fetchStatus,
-  kind: () => import_kubernetes_fluent_client8.kind,
+  RegisterKind: () => import_kubernetes_fluent_client9.RegisterKind,
+  a: () => import_kubernetes_fluent_client9.kind,
+  fetch: () => import_kubernetes_fluent_client9.fetch,
+  fetchStatus: () => import_kubernetes_fluent_client9.fetchStatus,
+  kind: () => import_kubernetes_fluent_client9.kind,
   sdk: () => sdk_exports
 });
 module.exports = __toCommonJS(lib_exports);
-var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client9 = require("kubernetes-fluent-client");
 var R = __toESM(require("ramda"));
 
 // src/lib/core/capability.ts
@@ -735,7 +735,7 @@ var Capability = class {
 };
 
 // src/lib/core/module.ts
-var import_ramda13 = require("ramda");
+var import_ramda14 = require("ramda");
 
 // src/lib/controller/index.ts
 var import_express = __toESM(require("express"));
@@ -1621,9 +1621,10 @@ var PeprValidateRequest = class {
    *
    * @returns The validation response.
    */
-  Approve = () => {
+  Approve = (warnings) => {
     return {
-      allowed: true
+      allowed: true,
+      warnings
     };
   };
   /**
@@ -1633,11 +1634,12 @@ var PeprValidateRequest = class {
    * @param statusCode Optional status code to return to the user.
    * @returns The validation response.
    */
-  Deny = (statusMessage, statusCode) => {
+  Deny = (statusMessage, statusCode, warnings) => {
     return {
       allowed: false,
       statusCode,
-      statusMessage
+      statusMessage,
+      warnings
     };
   };
 };
@@ -1660,6 +1662,9 @@ async function processRequest2(binding, actionMetadata, peprValidateRequest) {
         message: callbackResp.statusMessage || `Validation failed for ${name}`
       };
     }
+    if (callbackResp.warnings && callbackResp.warnings.length > 0) {
+      valResp.warnings = callbackResp.warnings;
+    }
     logger_default.info(
       actionMetadata,
       `Validation action complete (${label}): ${callbackResp.allowed ? "allowed" : "denied"}`
@@ -1709,8 +1714,8 @@ async function validateProcessor(config, capabilities, req, reqMetadata) {
 }
 
 // src/lib/controller/store.ts
-var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
-var import_ramda12 = require("ramda");
+var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
+var import_ramda13 = require("ramda");
 
 // src/lib/k8s.ts
 var import_kubernetes_fluent_client3 = require("kubernetes-fluent-client");
@@ -1772,6 +1777,41 @@ function updateCacheID(payload) {
   return payload;
 }
 
+// src/lib/controller/migrateStore.ts
+var import_ramda12 = require("ramda");
+var import_kubernetes_fluent_client5 = require("kubernetes-fluent-client");
+async function migrateAndSetupWatch(storeData) {
+  const { store, namespace: namespace2, name: name2, stores, setupWatch: setupWatch2 } = storeData;
+  logger_default.debug(redactedStore(store), "Pepr Store migration");
+  await (0, import_kubernetes_fluent_client5.K8s)(Store, { namespace: namespace2, name: name2 }).Patch([
+    {
+      op: "add",
+      path: "/metadata/labels/pepr.dev-cacheID",
+      value: `${Date.now()}`
+    }
+  ]);
+  const data = store.data;
+  let storeCache = {};
+  for (const name3 of Object.keys(stores)) {
+    const offset = `${name3}-`.length;
+    for (const key of Object.keys(data)) {
+      if ((0, import_ramda12.startsWith)(name3, key) && !(0, import_ramda12.startsWith)(`${name3}-v2`, key)) {
+        storeCache = fillStoreCache(storeCache, name3, "remove", {
+          key: [key.slice(offset)],
+          value: data[key]
+        });
+        storeCache = fillStoreCache(storeCache, name3, "add", {
+          key: [key.slice(offset)],
+          value: data[key],
+          version: "v2"
+        });
+      }
+    }
+  }
+  storeCache = await sendUpdatesAndFlushCache(storeCache, namespace2, name2);
+  setupWatch2();
+}
+
 // src/lib/controller/store.ts
 var namespace = "pepr-system";
 var debounceBackoffReceive = 1e3;
@@ -1801,45 +1841,23 @@ var StoreController = class {
       }
     }
     setTimeout(
-      () => (0, import_kubernetes_fluent_client5.K8s)(Store).InNamespace(namespace).Get(this.#name).then(async (store) => await this.#migrateAndSetupWatch(store)).catch(this.#createStoreResource),
+      () => (0, import_kubernetes_fluent_client6.K8s)(Store).InNamespace(namespace).Get(this.#name).then(
+        async (store) => await migrateAndSetupWatch({
+          name: name2,
+          namespace,
+          store,
+          stores: this.#stores,
+          setupWatch: this.#setupWatch
+        })
+      ).catch(this.#createStoreResource),
       Math.random() * 3e3
       // Add a jitter to the Store creation to avoid collisions
     );
   }
   #setupWatch = () => {
-    const watcher = (0, import_kubernetes_fluent_client5.K8s)(Store, { name: this.#name, namespace }).Watch(this.#receive);
+    const watcher = (0, import_kubernetes_fluent_client6.K8s)(Store, { name: this.#name, namespace }).Watch(this.#receive);
     watcher.start().catch((e) => logger_default.error(e, "Error starting Pepr store watch"));
   };
-  #migrateAndSetupWatch = async (store) => {
-    logger_default.debug(redactedStore(store), "Pepr Store migration");
-    await (0, import_kubernetes_fluent_client5.K8s)(Store, { namespace, name: this.#name }).Patch([
-      {
-        op: "add",
-        path: "/metadata/labels/pepr.dev-cacheID",
-        value: `${Date.now()}`
-      }
-    ]);
-    const data = store.data || {};
-    let storeCache = {};
-    for (const name2 of Object.keys(this.#stores)) {
-      const offset = `${name2}-`.length;
-      for (const key of Object.keys(data)) {
-        if ((0, import_ramda12.startsWith)(name2, key) && !(0, import_ramda12.startsWith)(`${name2}-v2`, key)) {
-          storeCache = fillStoreCache(storeCache, name2, "remove", {
-            key: [key.slice(offset)],
-            value: data[key]
-          });
-          storeCache = fillStoreCache(storeCache, name2, "add", {
-            key: [key.slice(offset)],
-            value: data[key],
-            version: "v2"
-          });
-        }
-      }
-    }
-    storeCache = await sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
-    this.#setupWatch();
-  };
   #receive = (store) => {
     logger_default.debug(redactedStore(store), "Pepr Store update");
     const debounced = () => {
@@ -1848,7 +1866,7 @@ var StoreController = class {
         const offset = `${name2}-`.length;
         const filtered = {};
         for (const key of Object.keys(data)) {
-          if ((0, import_ramda12.startsWith)(name2, key)) {
+          if ((0, import_ramda13.startsWith)(name2, key)) {
             filtered[key.slice(offset)] = data[key];
           }
         }
@@ -1879,7 +1897,7 @@ var StoreController = class {
     logger_default.info(`Pepr store not found, creating...`);
     logger_default.debug(e);
     try {
-      await (0, import_kubernetes_fluent_client5.K8s)(Store).Apply({
+      await (0, import_kubernetes_fluent_client6.K8s)(Store).Apply({
         metadata: {
           name: this.#name,
           namespace,
@@ -1909,17 +1927,25 @@ function karForMutate(mr) {
 }
 function karForValidate(ar, vr) {
   const isAllowed = vr.filter((r) => !r.allowed).length === 0;
+  const warnings = vr.reduce((acc, curr) => {
+    if (curr.warnings && curr.warnings.length > 0) {
+      return [...acc, ...curr.warnings];
+    }
+    return acc;
+  }, []);
   const resp = vr.length === 0 ? {
     uid: ar.uid,
     allowed: true,
-    status: { code: 200, message: "no in-scope validations -- allowed!" }
+    status: { code: 200, message: "no in-scope validations -- allowed!" },
+    warnings: warnings.length > 0 ? warnings : void 0
   } : {
     uid: vr[0].uid,
     allowed: isAllowed,
     status: {
       code: isAllowed ? 200 : 422,
       message: vr.filter((rl) => !rl.allowed).map((curr) => curr.status?.message).join("; ")
-    }
+    },
+    warnings: warnings.length > 0 ? warnings : void 0
   };
   return {
     apiVersion: "admission.k8s.io/v1",
@@ -2151,7 +2177,7 @@ function ValidateError(error = "") {
 }
 
 // src/lib/processors/watch-processor.ts
-var import_kubernetes_fluent_client6 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
 
 // src/lib/core/queue.ts
 var import_node_crypto = require("node:crypto");
@@ -2281,11 +2307,11 @@ var eventToPhaseMap = {
   ["*" /* ANY */]: [import_types.WatchPhase.Added, import_types.WatchPhase.Modified, import_types.WatchPhase.Deleted]
 };
 function setupWatch(capabilities, ignoredNamespaces) {
-  capabilities.map(
-    (capability) => capability.bindings.filter((binding) => binding.isWatch).forEach(
-      (bindingElement) => runBinding(bindingElement, capability.namespaces, ignoredNamespaces)
-    )
-  );
+  for (const capability of capabilities) {
+    for (const binding of capability.bindings.filter((b) => b.isWatch)) {
+      runBinding(binding, capability.namespaces, ignoredNamespaces);
+    }
+  }
 }
 async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
   const phaseMatch = eventToPhaseMap[binding.event] || eventToPhaseMap["*" /* ANY */];
@@ -2334,7 +2360,7 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
       }
     }
   };
-  const watcher = (0, import_kubernetes_fluent_client6.K8s)(binding.model, { ...binding.filters, kindOverride: binding.kind }).Watch(
+  const watcher = (0, import_kubernetes_fluent_client7.K8s)(binding.model, { ...binding.filters, kindOverride: binding.kind }).Watch(
     async (obj, phase) => {
       logger_default.debug(obj, `Watch event ${phase} received`);
       if (binding.isQueue) {
@@ -2346,12 +2372,18 @@ async function runBinding(binding, capabilityNamespaces, ignoredNamespaces) {
     },
     watchCfg
   );
-  registerWatchEventHandlers(watcher, logEvent, metricsCollector);
+  try {
+    registerWatchEventHandlers(watcher, logEvent, metricsCollector);
+  } catch (err) {
+    throw new Error(
+      "WatchEventHandler Registration Error: Unable to register event watch handler.",
+      { cause: err }
+    );
+  }
   try {
     await watcher.start();
   } catch (err) {
-    logger_default.error(err, "Error starting watch");
-    process.exit(1);
+    throw new Error("WatchStart Error: Unable to start watch.", { cause: err });
   }
 }
 function logEvent(event, message = "", obj) {
@@ -2364,26 +2396,29 @@ function logEvent(event, message = "", obj) {
 }
 function registerWatchEventHandlers(watcher, logEvent2, metricsCollector2) {
   const eventHandlers = {
-    [import_kubernetes_fluent_client6.WatchEvent.DATA]: () => null,
-    [import_kubernetes_fluent_client6.WatchEvent.GIVE_UP]: (err) => {
-      logEvent2(import_kubernetes_fluent_client6.WatchEvent.GIVE_UP, err.message);
-      process.exit(1);
+    [import_kubernetes_fluent_client7.WatchEvent.DATA]: () => null,
+    [import_kubernetes_fluent_client7.WatchEvent.GIVE_UP]: (err) => {
+      logEvent2(import_kubernetes_fluent_client7.WatchEvent.GIVE_UP, err.message);
+      throw new Error(
+        "WatchEvent GiveUp Error: The watch has failed to start after several attempts.",
+        { cause: err }
+      );
     },
-    [import_kubernetes_fluent_client6.WatchEvent.CONNECT]: (url) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.CONNECT, url),
-    [import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.DATA_ERROR, err.message),
-    [import_kubernetes_fluent_client6.WatchEvent.RECONNECT]: (retryCount) => logEvent2(
-      import_kubernetes_fluent_client6.WatchEvent.RECONNECT,
+    [import_kubernetes_fluent_client7.WatchEvent.CONNECT]: (url) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.CONNECT, url),
+    [import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.DATA_ERROR, err.message),
+    [import_kubernetes_fluent_client7.WatchEvent.RECONNECT]: (retryCount) => logEvent2(
+      import_kubernetes_fluent_client7.WatchEvent.RECONNECT,
       `Reconnecting after ${retryCount} attempt${retryCount === 1 ? "" : "s"}`
     ),
-    [import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING]: () => logEvent2(import_kubernetes_fluent_client6.WatchEvent.RECONNECT_PENDING),
-    [import_kubernetes_fluent_client6.WatchEvent.ABORT]: (err) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.ABORT, err.message),
-    [import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION]: (errMessage) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.OLD_RESOURCE_VERSION, errMessage),
-    [import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.NETWORK_ERROR, err.message),
-    [import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.LIST_ERROR, err.message),
-    [import_kubernetes_fluent_client6.WatchEvent.LIST]: (list) => logEvent2(import_kubernetes_fluent_client6.WatchEvent.LIST, JSON.stringify(list, void 0, 2)),
-    [import_kubernetes_fluent_client6.WatchEvent.CACHE_MISS]: (windowName) => metricsCollector2.incCacheMiss(windowName),
-    [import_kubernetes_fluent_client6.WatchEvent.INIT_CACHE_MISS]: (windowName) => metricsCollector2.initCacheMissWindow(windowName),
-    [import_kubernetes_fluent_client6.WatchEvent.INC_RESYNC_FAILURE_COUNT]: (retryCount) => metricsCollector2.incRetryCount(retryCount)
+    [import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING]: () => logEvent2(import_kubernetes_fluent_client7.WatchEvent.RECONNECT_PENDING),
+    [import_kubernetes_fluent_client7.WatchEvent.ABORT]: (err) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.ABORT, err.message),
+    [import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION]: (errMessage) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.OLD_RESOURCE_VERSION, errMessage),
+    [import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.NETWORK_ERROR, err.message),
+    [import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR]: (err) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.LIST_ERROR, err.message),
+    [import_kubernetes_fluent_client7.WatchEvent.LIST]: (list) => logEvent2(import_kubernetes_fluent_client7.WatchEvent.LIST, JSON.stringify(list, void 0, 2)),
+    [import_kubernetes_fluent_client7.WatchEvent.CACHE_MISS]: (windowName) => metricsCollector2.incCacheMiss(windowName),
+    [import_kubernetes_fluent_client7.WatchEvent.INIT_CACHE_MISS]: (windowName) => metricsCollector2.initCacheMissWindow(windowName),
+    [import_kubernetes_fluent_client7.WatchEvent.INC_RESYNC_FAILURE_COUNT]: (retryCount) => metricsCollector2.incRetryCount(retryCount)
   };
   Object.entries(eventHandlers).forEach(([event, handler]) => {
     watcher.events.on(event, handler);
@@ -2401,7 +2436,7 @@ var PeprModule = class {
    * @param opts Options for the Pepr runtime
    */
   constructor({ description, pepr }, capabilities = [], opts = {}) {
-    const config = (0, import_ramda13.clone)(pepr);
+    const config = (0, import_ramda14.clone)(pepr);
     config.description = description;
     ValidateError(config.onError);
     if (isBuildMode()) {
@@ -2424,7 +2459,7 @@ var PeprModule = class {
     const controllerHooks = {
       beforeHook: opts.beforeHook,
       afterHook: opts.afterHook,
-      onReady: () => {
+      onReady: async () => {
         if (isWatchMode() || isDevMode()) {
           try {
             setupWatch(capabilities, resolveIgnoreNamespaces(pepr?.alwaysIgnore?.namespaces));
@@ -2460,7 +2495,7 @@ __export(sdk_exports, {
   sanitizeResourceName: () => sanitizeResourceName,
   writeEvent: () => writeEvent
 });
-var import_kubernetes_fluent_client7 = require("kubernetes-fluent-client");
+var import_kubernetes_fluent_client8 = require("kubernetes-fluent-client");
 function containers(request, containerType) {
   const containers2 = request.Raw.spec?.containers || [];
   const initContainers = request.Raw.spec?.initContainers || [];
@@ -2478,7 +2513,7 @@ function containers(request, containerType) {
 }
 async function writeEvent(cr, event, options) {
   const { eventType, eventReason, reportingComponent, reportingInstance } = options;
-  await (0, import_kubernetes_fluent_client7.K8s)(import_kubernetes_fluent_client7.kind.CoreEvent).Create({
+  await (0, import_kubernetes_fluent_client8.K8s)(import_kubernetes_fluent_client8.kind.CoreEvent).Create({
     type: eventType,
     reason: eventReason,
     ...event,