pepr 0.51.0 → 0.51.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cli/dev.d.ts.map +1 -1
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.d.ts.map +1 -1
- package/dist/cli/update/index.d.ts.map +1 -1
- package/dist/cli.js +22 -17
- package/dist/controller.js +1 -1
- package/dist/lib/core/capability.d.ts.map +1 -1
- package/dist/lib.js +15 -13
- package/dist/lib.js.map +2 -2
- package/package.json +5 -5
- package/src/cli/build.ts +1 -1
- package/src/cli/dev.ts +6 -3
- package/src/cli/init/templates.ts +1 -1
- package/src/cli/update/index.ts +3 -2
- package/src/lib/assets/pods.ts +4 -4
- package/src/lib/assets/yaml/overridesFile.ts +4 -4
- package/src/lib/core/capability.ts +15 -13
- package/src/templates/README.md +1 -1
package/package.json
CHANGED
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"!dist/**/*.test.d.ts*",
|
|
18
18
|
"!src/cli/docs/**"
|
|
19
19
|
],
|
|
20
|
-
"version": "0.51.
|
|
20
|
+
"version": "0.51.2",
|
|
21
21
|
"main": "dist/lib.js",
|
|
22
22
|
"types": "dist/lib.d.ts",
|
|
23
23
|
"scripts": {
|
|
@@ -45,18 +45,19 @@
|
|
|
45
45
|
"test:journey:unicorn": "npm run test:journey:k3d && npm run test:journey:image:unicorn && npm run test:journey:run",
|
|
46
46
|
"test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts",
|
|
47
47
|
"test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage --testPathIgnorePatterns=\"build-artifact.test.ts|src/cli/docs/.*\\.test\\.ts\"",
|
|
48
|
-
"format:check": "eslint --ignore-pattern src/templates/eslint.config.mjs src && prettier --config .prettierrc src --check",
|
|
49
|
-
"format:fix": "eslint --fix --ignore-pattern src/templates/eslint.config.mjs src && prettier --config .prettierrc src --write",
|
|
48
|
+
"format:check": "eslint --ignore-pattern src/templates/eslint.config.mjs src && prettier --config .prettierrc src --check && npx -y markdownlint-cli --ignore adr --ignore integration/testroot --ignore pepr-test-module --ignore pepr-upgrade-test --ignore node_modules \"**/*.md\"",
|
|
49
|
+
"format:fix": "eslint --fix --ignore-pattern src/templates/eslint.config.mjs src && prettier --config .prettierrc src --write && npx -y markdownlint-cli --fix --ignore adr --ignore integration/testroot --ignore pepr-test-module --ignore pepr-upgrade-test --ignore node_modules \"**/*.md\"",
|
|
50
50
|
"prepare": "if [ \"$NODE_ENV\" != 'production' ]; then husky; fi"
|
|
51
51
|
},
|
|
52
52
|
"dependencies": {
|
|
53
53
|
"@types/ramda": "0.30.2",
|
|
54
|
+
"commander": "14.0.0",
|
|
54
55
|
"express": "5.1.0",
|
|
55
56
|
"fast-json-patch": "3.1.1",
|
|
56
57
|
"heredoc": "^1.3.1",
|
|
57
58
|
"http-status-codes": "^2.3.0",
|
|
58
59
|
"json-pointer": "^0.6.2",
|
|
59
|
-
"kubernetes-fluent-client": "3.5.
|
|
60
|
+
"kubernetes-fluent-client": "3.5.6",
|
|
60
61
|
"pino": "9.7.0",
|
|
61
62
|
"pino-pretty": "13.0.0",
|
|
62
63
|
"prom-client": "15.1.3",
|
|
@@ -91,7 +92,6 @@
|
|
|
91
92
|
"@types/prompts": "2.4.9",
|
|
92
93
|
"@typescript-eslint/eslint-plugin": "8.32.1",
|
|
93
94
|
"@typescript-eslint/parser": "8.32.1",
|
|
94
|
-
"commander": "14.0.0",
|
|
95
95
|
"esbuild": "0.25.0",
|
|
96
96
|
"eslint": "^9.26.0",
|
|
97
97
|
"node-forge": "1.3.1",
|
package/src/cli/build.ts
CHANGED
|
@@ -82,7 +82,7 @@ export default function (program: RootCmd): void {
|
|
|
82
82
|
.addOption(
|
|
83
83
|
new Option(
|
|
84
84
|
"-r, --registry-info [<registry>/<username>]",
|
|
85
|
-
"Provide the image registry and username for building and pushing a custom WASM container. Requires authentication. Builds and pushes 'registry/username/custom-pepr-controller:<current-version>'
|
|
85
|
+
"Provide the image registry and username for building and pushing a custom WASM container. Requires authentication. Builds and pushes `'registry/username/custom-pepr-controller:<current-version>'`.",
|
|
86
86
|
).conflicts(["customImage", "registry"]),
|
|
87
87
|
)
|
|
88
88
|
|
package/src/cli/dev.ts
CHANGED
|
@@ -29,7 +29,8 @@ export default function (program: RootCmd): void {
|
|
|
29
29
|
|
|
30
30
|
// Exit if the user doesn't confirm
|
|
31
31
|
if (!confirm.confirm) {
|
|
32
|
-
process.
|
|
32
|
+
process.exitCode = 0;
|
|
33
|
+
return;
|
|
33
34
|
}
|
|
34
35
|
}
|
|
35
36
|
|
|
@@ -67,8 +68,10 @@ export default function (program: RootCmd): void {
|
|
|
67
68
|
try {
|
|
68
69
|
// wait for capabilities to be loaded and test names
|
|
69
70
|
validateCapabilityNames(webhook.capabilities);
|
|
70
|
-
} catch (
|
|
71
|
-
console.error(
|
|
71
|
+
} catch (error) {
|
|
72
|
+
console.error(
|
|
73
|
+
`CapabilityValidation Error - Unable to valide capability name(s) in: '${webhook.capabilities.map(item => item.name)}'\n${error}`,
|
|
74
|
+
);
|
|
72
75
|
process.exit(1);
|
|
73
76
|
}
|
|
74
77
|
|
|
@@ -68,7 +68,7 @@ export function genPkgJSON(opts: InitOptions, pgkVerOverride?: string): peprPack
|
|
|
68
68
|
description: opts.description,
|
|
69
69
|
keywords: ["pepr", "k8s", "policy-engine", "pepr-module", "security"],
|
|
70
70
|
engines: {
|
|
71
|
-
node: ">=
|
|
71
|
+
node: ">=20.0.0",
|
|
72
72
|
},
|
|
73
73
|
pepr: {
|
|
74
74
|
uuid: pgkVerOverride ? "static-test" : uuid,
|
package/src/cli/update/index.ts
CHANGED
|
@@ -56,7 +56,7 @@ export default function (program: RootCmd): void {
|
|
|
56
56
|
console.log(`✅ Module updated successfully`);
|
|
57
57
|
} catch (e) {
|
|
58
58
|
console.error(`Error updating Pepr module:`, e);
|
|
59
|
-
process.
|
|
59
|
+
process.exitCode = 1;
|
|
60
60
|
}
|
|
61
61
|
});
|
|
62
62
|
|
|
@@ -87,9 +87,10 @@ export default function (program: RootCmd): void {
|
|
|
87
87
|
await write(tsPath, helloPepr.data);
|
|
88
88
|
}
|
|
89
89
|
}
|
|
90
|
+
throw new Error("another error, for testing");
|
|
90
91
|
} catch (e) {
|
|
91
92
|
console.error(`Error updating template files:`, e);
|
|
92
|
-
process.
|
|
93
|
+
process.exitCode = 1;
|
|
93
94
|
}
|
|
94
95
|
});
|
|
95
96
|
}
|
package/src/lib/assets/pods.ts
CHANGED
|
@@ -99,7 +99,7 @@ export function getWatcher(
|
|
|
99
99
|
terminationGracePeriodSeconds: 5,
|
|
100
100
|
serviceAccountName: name,
|
|
101
101
|
securityContext: {
|
|
102
|
-
runAsUser: 65532,
|
|
102
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
103
103
|
runAsGroup: 65532,
|
|
104
104
|
runAsNonRoot: true,
|
|
105
105
|
fsGroup: 65532,
|
|
@@ -142,7 +142,7 @@ export function getWatcher(
|
|
|
142
142
|
},
|
|
143
143
|
},
|
|
144
144
|
securityContext: {
|
|
145
|
-
runAsUser: 65532,
|
|
145
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
146
146
|
runAsGroup: 65532,
|
|
147
147
|
runAsNonRoot: true,
|
|
148
148
|
allowPrivilegeEscalation: false,
|
|
@@ -238,7 +238,7 @@ export function getDeployment(
|
|
|
238
238
|
priorityClassName: "system-node-critical",
|
|
239
239
|
serviceAccountName: name,
|
|
240
240
|
securityContext: {
|
|
241
|
-
runAsUser: 65532,
|
|
241
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
242
242
|
runAsGroup: 65532,
|
|
243
243
|
runAsNonRoot: true,
|
|
244
244
|
fsGroup: 65532,
|
|
@@ -282,7 +282,7 @@ export function getDeployment(
|
|
|
282
282
|
},
|
|
283
283
|
env: genEnv(config),
|
|
284
284
|
securityContext: {
|
|
285
|
-
runAsUser: 65532,
|
|
285
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
286
286
|
runAsGroup: 65532,
|
|
287
287
|
runAsNonRoot: true,
|
|
288
288
|
allowPrivilegeEscalation: false,
|
|
@@ -57,7 +57,7 @@ export async function overridesFile(
|
|
|
57
57
|
"pepr.dev/uuid": config.uuid,
|
|
58
58
|
},
|
|
59
59
|
securityContext: {
|
|
60
|
-
runAsUser: 65532,
|
|
60
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
61
61
|
runAsGroup: 65532,
|
|
62
62
|
runAsNonRoot: true,
|
|
63
63
|
fsGroup: 65532,
|
|
@@ -89,7 +89,7 @@ export async function overridesFile(
|
|
|
89
89
|
},
|
|
90
90
|
},
|
|
91
91
|
containerSecurityContext: {
|
|
92
|
-
runAsUser: 65532,
|
|
92
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
93
93
|
runAsGroup: 65532,
|
|
94
94
|
runAsNonRoot: true,
|
|
95
95
|
allowPrivilegeEscalation: false,
|
|
@@ -123,7 +123,7 @@ export async function overridesFile(
|
|
|
123
123
|
"pepr.dev/uuid": config.uuid,
|
|
124
124
|
},
|
|
125
125
|
securityContext: {
|
|
126
|
-
runAsUser: 65532,
|
|
126
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
127
127
|
runAsGroup: 65532,
|
|
128
128
|
runAsNonRoot: true,
|
|
129
129
|
fsGroup: 65532,
|
|
@@ -155,7 +155,7 @@ export async function overridesFile(
|
|
|
155
155
|
},
|
|
156
156
|
},
|
|
157
157
|
containerSecurityContext: {
|
|
158
|
-
runAsUser: 65532,
|
|
158
|
+
runAsUser: image.includes("private") ? 1000 : 65532,
|
|
159
159
|
runAsGroup: 65532,
|
|
160
160
|
runAsNonRoot: true,
|
|
161
161
|
allowPrivilegeEscalation: false,
|
|
@@ -249,9 +249,9 @@ export class Capability implements CapabilityExport {
|
|
|
249
249
|
...binding,
|
|
250
250
|
isValidate: true,
|
|
251
251
|
validateCallback: async (req, logger = aliasLogger) => {
|
|
252
|
-
|
|
253
|
-
`Executing validate action with alias: ${binding.alias
|
|
254
|
-
|
|
252
|
+
if (binding.alias) {
|
|
253
|
+
Log.info(`Executing validate action with alias: ${binding.alias}`);
|
|
254
|
+
}
|
|
255
255
|
return await validateCallback(req, logger);
|
|
256
256
|
},
|
|
257
257
|
});
|
|
@@ -273,9 +273,9 @@ export class Capability implements CapabilityExport {
|
|
|
273
273
|
...binding,
|
|
274
274
|
isMutate: true,
|
|
275
275
|
mutateCallback: async (req, logger = aliasLogger) => {
|
|
276
|
-
|
|
277
|
-
`Executing mutation action with alias: ${binding.alias
|
|
278
|
-
|
|
276
|
+
if (binding.alias) {
|
|
277
|
+
Log.info(`Executing mutation action with alias: ${binding.alias}`);
|
|
278
|
+
}
|
|
279
279
|
await mutateCallback(req, logger);
|
|
280
280
|
},
|
|
281
281
|
});
|
|
@@ -300,7 +300,9 @@ export class Capability implements CapabilityExport {
|
|
|
300
300
|
...binding,
|
|
301
301
|
isWatch: true,
|
|
302
302
|
watchCallback: async (update, phase, logger = aliasLogger) => {
|
|
303
|
-
|
|
303
|
+
if (binding.alias) {
|
|
304
|
+
Log.info(`Executing watch action with alias: ${binding.alias}`);
|
|
305
|
+
}
|
|
304
306
|
await watchCallback(update, phase, logger);
|
|
305
307
|
},
|
|
306
308
|
});
|
|
@@ -324,9 +326,9 @@ export class Capability implements CapabilityExport {
|
|
|
324
326
|
isWatch: true,
|
|
325
327
|
isQueue: true,
|
|
326
328
|
watchCallback: async (update, phase, logger = aliasLogger) => {
|
|
327
|
-
|
|
328
|
-
`Executing reconcile action with alias: ${binding.alias
|
|
329
|
-
|
|
329
|
+
if (binding.alias) {
|
|
330
|
+
Log.info(`Executing reconcile action with alias: ${binding.alias}`);
|
|
331
|
+
}
|
|
330
332
|
await reconcileCallback(update, phase, logger);
|
|
331
333
|
},
|
|
332
334
|
});
|
|
@@ -363,9 +365,9 @@ export class Capability implements CapabilityExport {
|
|
|
363
365
|
update: InstanceType<T>,
|
|
364
366
|
logger = aliasLogger,
|
|
365
367
|
): Promise<boolean | void> => {
|
|
366
|
-
|
|
367
|
-
`Executing finalize action with alias: ${binding.alias
|
|
368
|
-
|
|
368
|
+
if (binding.alias) {
|
|
369
|
+
Log.info(`Executing finalize action with alias: ${binding.alias}`);
|
|
370
|
+
}
|
|
369
371
|
return await finalizeCallback(update, logger);
|
|
370
372
|
},
|
|
371
373
|
};
|