pepr 0.47.0 → 0.48.1

package/package.json

@@ -16,7 +16,7 @@
     "!src/fixtures/**",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.47.0",
+  "version": "0.48.1",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -36,11 +36,11 @@
     "test:journey-wasm": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run-wasm",
     "test:journey-wasm:unicorn": "npm run test:journey:k3d && npm run build && npm run test:journey:image:unicorn && npm run test:journey:run-wasm",
     "test:journey:image": "docker buildx build --output type=docker --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev",
-    "test:journey:image:unicorn": "docker buildx build --output type=docker --tag pepr:dev $(node scripts/read-unicorn-build-args.mjs) . && k3d image import pepr:dev -c pepr-dev",
+    "test:journey:image:unicorn": "npm run build && docker buildx build --output type=docker --tag pepr:dev $(node scripts/read-unicorn-build-args.mjs) . && k3d image import pepr:dev -c pepr-dev",
     "test:journey:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0' --wait && kubectl rollout status deployment -n kube-system",
     "test:journey:run": "jest --detectOpenHandles journey/entrypoint.test.ts && npm run test:journey:upgrade",
     "test:journey:run-wasm": "jest --detectOpenHandles journey/entrypoint-wasm.test.ts",
-    "test:journey:unicorn": "npm run test:journey:k3d && npm run build && npm run test:journey:image:unicorn && npm run test:journey:run",
+    "test:journey:unicorn": "npm run test:journey:k3d && npm run test:journey:image:unicorn && npm run test:journey:run",
     "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts",
     "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage --testPathIgnorePatterns='build-artifact.test.ts'",
     "format:check": "eslint src && prettier --config .prettierrc src --check",
@@ -54,7 +54,7 @@
     "heredoc": "^1.3.1",
     "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
-    "kubernetes-fluent-client": "3.4.6",
+    "kubernetes-fluent-client": "3.4.10",
     "pino": "9.6.0",
     "pino-pretty": "13.0.0",
     "prom-client": "15.1.3",

package/src/cli/init/enums.ts

@@ -7,3 +7,5 @@ export enum OnError {
   IGNORE = "ignore",
   REJECT = "reject",
 }
+
+export const UUID_LENGTH_LIMIT = 36;

package/src/cli/init/index.ts

@@ -23,6 +23,7 @@ import {
 import { createDir, sanitizeName, write } from "./utils";
 import { confirm, PromptOptions, walkthrough } from "./walkthrough";
 import { ErrorList } from "../../lib/errors";
+import { UUID_LENGTH_LIMIT } from "./enums";
 
 export default function (program: RootCmd): void {
   let response = {} as PromptOptions;
@@ -37,11 +38,9 @@ export default function (program: RootCmd): void {
     .option(`--errorBehavior <${ErrorList.join("|")}>`, "Set an errorBehavior.")
     .option(
       "--uuid [string]",
-      "Unique identifier for your module with a max length of 32 characters.",
+      "Unique identifier for your module with a max length of 36 characters.",
       (uuid: string): string => {
-        const uuidLengthLimit = 36;
-        // length of generated uuid
-        if (uuid.length > uuidLengthLimit) {
+        if (uuid.length > UUID_LENGTH_LIMIT) {
           throw new Error("The UUID must be 36 characters or fewer.");
         }
         return uuid.toLocaleLowerCase();

package/src/cli/init/walkthrough.ts

@@ -6,7 +6,7 @@ import prompt, { Answers, PromptObject } from "prompts";
 
 import { eslint, gitignore, prettier, readme, tsConfig } from "./templates";
 import { sanitizeName } from "./utils";
-import { OnError } from "./enums";
+import { OnError, UUID_LENGTH_LIMIT } from "./enums";
 import { ErrorList } from "../../lib/errors";
 
 export type PromptOptions = {
@@ -33,9 +33,9 @@ async function setUUID(uuid?: string): Promise<Answers<string>> {
     name: "uuid",
     message: "Enter a unique identifier for the new Pepr module.\n",
     validate: (val: string) => {
-      const uuidLengthLimit = 36;
       return (
-        val.length <= uuidLengthLimit || `The UUID must be ${uuidLengthLimit} characters or fewer.`
+        val.length <= UUID_LENGTH_LIMIT ||
+        `The UUID must be ${UUID_LENGTH_LIMIT} characters or fewer.`
       );
     },
   };

package/src/lib/common-types.ts

@@ -95,6 +95,7 @@ export type ValidateActionResponse = {
   allowed: boolean;
   statusCode?: number;
   statusMessage?: string;
+  warnings?: string[];
 };
 
 // DeepPartial utility type for deep optional properties

package/src/lib/controller/index.util.ts

@@ -22,12 +22,21 @@ export function karForMutate(mr: MutateResponse): KubeAdmissionReview {
 export function karForValidate(ar: AdmissionRequest, vr: ValidateResponse[]): KubeAdmissionReview {
   const isAllowed = vr.filter(r => !r.allowed).length === 0;
 
+  // Collect all warnings from the ValidateResponse array
+  const warnings = vr.reduce<string[]>((acc, curr) => {
+    if (curr.warnings && curr.warnings.length > 0) {
+      return [...acc, ...curr.warnings];
+    }
+    return acc;
+  }, []);
+
   const resp: ValidateResponse =
     vr.length === 0
       ? {
           uid: ar.uid,
           allowed: true,
           status: { code: 200, message: "no in-scope validations -- allowed!" },
+          warnings: warnings.length > 0 ? warnings : undefined,
         }
       : {
           uid: vr[0].uid,
@@ -39,6 +48,7 @@ export function karForValidate(ar: AdmissionRequest, vr: ValidateResponse[]): Ku
               .map(curr => curr.status?.message)
               .join("; "),
           },
+          warnings: warnings.length > 0 ? warnings : undefined,
         };
   return {
     apiVersion: "admission.k8s.io/v1",

package/src/lib/controller/migrateStore.ts

@@ -0,0 +1,56 @@
+import { DataStore, Storage } from "../core/storage";
+import { startsWith } from "ramda";
+import Log, { redactedStore } from "../telemetry/logger";
+import { K8s } from "kubernetes-fluent-client";
+import { Store } from "../k8s";
+import { Operation } from "fast-json-patch";
+import { fillStoreCache, sendUpdatesAndFlushCache } from "./storeCache";
+
+export interface StoreMigration {
+  name: string;
+  namespace: string;
+  store: Store;
+  stores: Record<string, Storage>;
+  setupWatch: () => void;
+}
+
+export async function migrateAndSetupWatch(storeData: StoreMigration): Promise<void> {
+  const { store, namespace, name, stores, setupWatch } = storeData;
+
+  Log.debug(redactedStore(store), "Pepr Store migration");
+  // Add cacheID label to store
+  await K8s(Store, { namespace, name }).Patch([
+    {
+      op: "add",
+      path: "/metadata/labels/pepr.dev-cacheID",
+      value: `${Date.now()}`,
+    },
+  ]);
+
+  const data: DataStore = store.data;
+  let storeCache: Record<string, Operation> = {};
+
+  for (const name of Object.keys(stores)) {
+    // Get the prefix offset for the keys
+    const offset = `${name}-`.length;
+
+    // Loop over each key in the store
+    for (const key of Object.keys(data)) {
+      // Match on the capability name as a prefix for non v2 keys
+      if (startsWith(name, key) && !startsWith(`${name}-v2`, key)) {
+        // populate migrate cache
+        storeCache = fillStoreCache(storeCache, name, "remove", {
+          key: [key.slice(offset)],
+          value: data[key],
+        });
+        storeCache = fillStoreCache(storeCache, name, "add", {
+          key: [key.slice(offset)],
+          value: data[key],
+          version: "v2",
+        });
+      }
+    }
+  }
+  storeCache = await sendUpdatesAndFlushCache(storeCache, namespace, name);
+  setupWatch();
+}

package/src/lib/controller/store.ts

@@ -10,6 +10,7 @@ import { Store } from "../k8s";
 import Log, { redactedPatch, redactedStore } from "../telemetry/logger";
 import { DataOp, DataSender, DataStore, Storage } from "../core/storage";
 import { fillStoreCache, sendUpdatesAndFlushCache } from "./storeCache";
+import { migrateAndSetupWatch } from "./migrateStore";
 
 const namespace = "pepr-system";
 const debounceBackoffReceive = 1000;
@@ -56,7 +57,16 @@ export class StoreController {
         K8s(Store)
           .InNamespace(namespace)
           .Get(this.#name)
-          .then(async (store: Store) => await this.#migrateAndSetupWatch(store))
+          .then(
+            async (store: Store) =>
+              await migrateAndSetupWatch({
+                name,
+                namespace,
+                store,
+                stores: this.#stores,
+                setupWatch: this.#setupWatch,
+              }),
+          )
           .catch(this.#createStoreResource),
       Math.random() * 3000, // Add a jitter to the Store creation to avoid collisions
     );
@@ -67,45 +77,6 @@ export class StoreController {
     watcher.start().catch(e => Log.error(e, "Error starting Pepr store watch"));
   };
 
-  #migrateAndSetupWatch = async (store: Store): Promise<void> => {
-    Log.debug(redactedStore(store), "Pepr Store migration");
-    // Add cacheID label to store
-    await K8s(Store, { namespace, name: this.#name }).Patch([
-      {
-        op: "add",
-        path: "/metadata/labels/pepr.dev-cacheID",
-        value: `${Date.now()}`,
-      },
-    ]);
-
-    const data: DataStore = store.data || {};
-    let storeCache: Record<string, Operation> = {};
-
-    for (const name of Object.keys(this.#stores)) {
-      // Get the prefix offset for the keys
-      const offset = `${name}-`.length;
-
-      // Loop over each key in the store
-      for (const key of Object.keys(data)) {
-        // Match on the capability name as a prefix for non v2 keys
-        if (startsWith(name, key) && !startsWith(`${name}-v2`, key)) {
-          // populate migrate cache
-          storeCache = fillStoreCache(storeCache, name, "remove", {
-            key: [key.slice(offset)],
-            value: data[key],
-          });
-          storeCache = fillStoreCache(storeCache, name, "add", {
-            key: [key.slice(offset)],
-            value: data[key],
-            version: "v2",
-          });
-        }
-      }
-    }
-    storeCache = await sendUpdatesAndFlushCache(storeCache, namespace, this.#name);
-    this.#setupWatch();
-  };
-
   #receive = (store: Store): void => {
     Log.debug(redactedStore(store), "Pepr Store update");
 

package/src/lib/core/module.ts

@@ -62,7 +62,7 @@ export class PeprModule {
     const controllerHooks: ControllerHooks = {
       beforeHook: opts.beforeHook,
       afterHook: opts.afterHook,
-      onReady: (): void => {
+      onReady: async (): Promise<void> => {
         // Wait for the controller to be ready before setting up watches
         if (isWatchMode() || isDevMode()) {
           try {

package/src/lib/processors/validate-processor.ts

@@ -41,6 +41,11 @@ export async function processRequest(
       };
     }
 
+    // Transfer any warnings from the callback response to the validation response
+    if (callbackResp.warnings && callbackResp.warnings.length > 0) {
+      valResp.warnings = callbackResp.warnings;
+    }
+
     Log.info(
       actionMetadata,
       `Validation action complete (${label}): ${callbackResp.allowed ? "allowed" : "denied"}`,

package/src/lib/processors/watch-processor.ts

@@ -86,13 +86,11 @@ const eventToPhaseMap = {
  * @param capabilities The capabilities to load watches for
  */
 export function setupWatch(capabilities: Capability[], ignoredNamespaces?: string[]): void {
-  capabilities.map(capability =>
-    capability.bindings
-      .filter(binding => binding.isWatch)
-      .forEach(bindingElement =>
-        runBinding(bindingElement, capability.namespaces, ignoredNamespaces),
-      ),
-  );
+  for (const capability of capabilities) {
+    for (const binding of capability.bindings.filter(b => b.isWatch)) {
+      runBinding(binding, capability.namespaces, ignoredNamespaces);
+    }
+  }
 }
 
 /**
@@ -101,7 +99,7 @@ export function setupWatch(capabilities: Capability[], ignoredNamespaces?: strin
  * @param binding the binding to watch
  * @param capabilityNamespaces list of namespaces to filter on
  */
-async function runBinding(
+export async function runBinding(
   binding: Binding,
   capabilityNamespaces: string[],
   ignoredNamespaces?: string[],
@@ -185,14 +183,20 @@ async function runBinding(
   );
 
   // Register event handlers
-  registerWatchEventHandlers(watcher, logEvent, metricsCollector);
+  try {
+    registerWatchEventHandlers(watcher, logEvent, metricsCollector);
+  } catch (err) {
+    throw new Error(
+      "WatchEventHandler Registration Error: Unable to register event watch handler.",
+      { cause: err },
+    );
+  }
 
   // Start the watch
   try {
     await watcher.start();
   } catch (err) {
-    Log.error(err, "Error starting watch");
-    process.exit(1);
+    throw new Error("WatchStart Error: Unable to start watch.", { cause: err });
   }
 }
 
@@ -235,7 +239,10 @@ export function registerWatchEventHandlers(
     [WatchEvent.GIVE_UP]: err => {
       // If failure continues, log and exit
       logEvent(WatchEvent.GIVE_UP, err.message);
-      process.exit(1);
+      throw new Error(
+        "WatchEvent GiveUp Error: The watch has failed to start after several attempts.",
+        { cause: err },
+      );
     },
     [WatchEvent.CONNECT]: url => logEvent(WatchEvent.CONNECT, url),
     [WatchEvent.DATA_ERROR]: err => logEvent(WatchEvent.DATA_ERROR, err.message),

package/src/lib/validate-request.ts

@@ -6,8 +6,8 @@
 import { KubernetesObject } from "kubernetes-fluent-client";
 
 import { clone } from "ramda";
-import { Operation } from "./enums";
 import { AdmissionRequest, ValidateActionResponse } from "./common-types";
+import { Operation } from "./enums";
 
 /**
  * The RequestWrapper class provides methods to modify Kubernetes objects in the context
@@ -79,9 +79,10 @@ export class PeprValidateRequest<T extends KubernetesObject> {
    *
    * @returns The validation response.
    */
-  Approve = (): ValidateActionResponse => {
+  Approve = (warnings?: string[]): ValidateActionResponse => {
     return {
       allowed: true,
+      warnings,
     };
   };
 
@@ -92,11 +93,16 @@ export class PeprValidateRequest<T extends KubernetesObject> {
    * @param statusCode Optional status code to return to the user.
    * @returns The validation response.
    */
-  Deny = (statusMessage?: string, statusCode?: number): ValidateActionResponse => {
+  Deny = (
+    statusMessage?: string,
+    statusCode?: number,
+    warnings?: string[],
+  ): ValidateActionResponse => {
     return {
       allowed: false,
       statusCode,
       statusMessage,
+      warnings,
     };
   };
 }