pepr 0.51.6-nightly.1 → 0.51.6-nightly.10

package/src/cli/dev.ts

@@ -5,30 +5,30 @@ import prompt from "prompts";
 import { Assets } from "../lib/assets/assets";
 import { ChildProcess, fork } from "child_process";
 import { K8s, kind } from "kubernetes-fluent-client";
-import { RootCmd } from "./root";
+import { Command } from "commander";
 import { Store } from "../lib/k8s";
 import { buildModule, loadModule } from "./build";
 import { deployWebhook } from "../lib/assets/deploy";
 import { promises as fs } from "fs";
 import { validateCapabilityNames } from "../lib/helpers";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("dev")
     .description("Setup a local webhook development environment")
-    .option("-h, --host [host]", "Host to listen on", "host.k3d.internal")
-    .option("--confirm", "Skip confirmation prompt")
+    .option("-H, --host <host>", "Host to listen on", "host.k3d.internal")
+    .option("-y, --yes", "Skip confirmation prompt")
     .action(async opts => {
-      // Prompt the user to confirm if they didn't pass the --confirm flag
-      if (!opts.confirm) {
+      // Prompt the user to confirm if they didn't pass the --yes flag
+      if (!opts.yes) {
         const confirm = await prompt({
           type: "confirm",
-          name: "confirm",
+          name: "yes",
           message: "This will remove and redeploy the module. Continue?",
         });
 
         // Exit if the user doesn't confirm
-        if (!confirm.confirm) {
+        if (!confirm.yes) {
           process.exitCode = 0;
           return;
         }

package/src/cli/format/index.ts

@@ -4,9 +4,9 @@
 import { ESLint } from "eslint";
 import { formatWithPrettier } from "./format.helpers";
 
-import { RootCmd } from "../root";
+import { Command } from "commander";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("format")
     .description("Lint and format this Pepr module")
@@ -55,7 +55,7 @@ export async function peprFormat(validateOnly: boolean): Promise<boolean> {
         await ESLint.outputFixes(results);
       }
 
-      hasFailure = await formatWithPrettier(results, validateOnly);
+      hasFailure = hasFailure || (await formatWithPrettier(results, validateOnly));
 
       return !hasFailure;
     } catch (e) {

package/src/cli/init/index.ts

@@ -5,7 +5,7 @@ import { execSync } from "child_process";
 import { resolve } from "path";
 import prompts from "prompts";
 
-import { RootCmd } from "../root";
+import { Command } from "commander";
 import {
   codeSettings,
   eslint,
@@ -24,20 +24,22 @@ import { createDir, sanitizeName, write } from "./utils";
 import { confirm, PromptOptions, walkthrough } from "./walkthrough";
 import { ErrorList } from "../../lib/errors";
 import { UUID_LENGTH_LIMIT } from "./enums";
+import { Option } from "commander";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   let response = {} as PromptOptions;
   let pkgOverride = "";
   program
     .command("init")
     .description("Initialize a new Pepr Module")
-    .option("--confirm", "Skip verification prompt when creating a new module.")
-    .option("--description <string>", "Explain the purpose of the new module.")
-    .option("--name <string>", "Set the name of the new module.")
-    .option("--skip-post-init", "Skip npm install, git init, and VSCode launch.")
-    .option(`--errorBehavior <${ErrorList.join("|")}>`, "Set an errorBehavior.")
+    .option("-d, --description <string>", "Explain the purpose of the new module.")
+    .addOption(
+      new Option("-e, --error-behavior <behavior>", "Set an error behavior.").choices(ErrorList),
+    )
+    .option("-n, --name <string>", "Set the name of the new module.")
+    .option("-s, --skip-post-init", "Skip npm install, git init, and VSCode launch.")
     .option(
-      "--uuid [string]",
+      "-u, --uuid <string>",
       "Unique identifier for your module with a max length of 36 characters.",
       (uuid: string): string => {
         if (uuid.length > UUID_LENGTH_LIMIT) {
@@ -46,6 +48,7 @@ export default function (program: RootCmd): void {
         return uuid.toLocaleLowerCase();
       },
     )
+    .option("-y, --yes", "Skip verification prompt when creating a new module.")
     .hook("preAction", async thisCommand => {
       // TODO: Overrides for testing. Don't be so gross with Node CLI testing
       // TODO: See pepr/#1140
@@ -68,7 +71,7 @@ export default function (program: RootCmd): void {
       const dirName = sanitizeName(response.name);
       const packageJSON = genPkgJSON(response, pkgOverride);
 
-      const confirmed = await confirm(dirName, packageJSON, peprTSTemplate.path, opts.confirm);
+      const confirmed = await confirm(dirName, packageJSON, peprTSTemplate.path, opts.yes);
 
       if (confirmed) {
         console.log("Creating new Pepr module...");

package/src/cli/init/walkthrough.ts

@@ -137,7 +137,7 @@ export async function confirm(
 ): Promise<boolean> {
   const confirmationPrompt: PromptObject = {
     type: "confirm",
-    name: "confirm",
+    name: "yes",
     message: "Create the new Pepr module?",
   };
   const confirmationMessage = `To be generated:
@@ -162,9 +162,7 @@ ${packageJSON.print.replace(/^/gm, "    │   ")}
     console.log(confirmationMessage);
     const confirm = await prompt([confirmationPrompt]);
     const shouldCreateModule =
-      confirm.confirm === "y" || confirm.confirm === "yes" || confirm.confirm === true
-        ? true
-        : false;
+      confirm.yes === "y" || confirm.yes === "yes" || confirm.yes === true ? true : false;
     return shouldCreateModule;
   }
 }

package/src/cli/kfc.ts

@@ -4,9 +4,9 @@
 import { execSync } from "child_process";
 import prompt from "prompts";
 
-import { RootCmd } from "./root";
+import { Command } from "commander";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("kfc [args...]")
     .description("Execute Kubernetes Fluent Client commands")

package/src/cli/monitor.ts

@@ -5,7 +5,7 @@ import { Log as K8sLog, KubeConfig, KubernetesListObject } from "@kubernetes/cli
 import { K8s, kind } from "kubernetes-fluent-client";
 import stream from "stream";
 import { ResponseItem } from "../lib/types";
-import { RootCmd } from "./root";
+import { Command } from "commander";
 
 interface LogPayload {
   namespace: string;
@@ -22,7 +22,7 @@ interface LogPayload {
   };
 }
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("monitor [module-uuid]")
     .description("Monitor a Pepr Module")

package/src/cli/update/index.ts

@@ -15,13 +15,13 @@ import {
   tsConfig,
 } from "../init/templates";
 import { write } from "../init/utils";
-import { RootCmd } from "../root";
+import { Command } from "commander";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("update")
     .description("Update this Pepr module. Not recommended for prod as it may change files.")
-    .option("--skip-template-update", "Skip updating the template files")
+    .option("-s, --skip-template-update", "Do not update template files")
     .action(async opts => {
       if (!opts.skipTemplateUpdate) {
         const { confirm } = await prompt({
@@ -87,7 +87,6 @@ export default function (program: RootCmd): void {
             await write(tsPath, helloPepr.data);
           }
         }
-        throw new Error("another error, for testing");
       } catch (e) {
         console.error(`Error updating template files:`, e);
         process.exitCode = 1;

package/src/cli/uuid.ts

@@ -3,9 +3,9 @@
 
 import { KubernetesListObject } from "@kubernetes/client-node";
 import { K8s, kind } from "kubernetes-fluent-client";
-import { RootCmd } from "./root";
+import { Command } from "commander";
 
-export default function (program: RootCmd): void {
+export default function (program: Command): void {
   program
     .command("uuid [uuid]")
     .description("Module UUID(s) currently deployed in the cluster")

package/src/cli.ts

@@ -12,7 +12,7 @@ import monitor from "./cli/monitor";
 import init from "./cli/init/index";
 import uuid from "./cli/uuid";
 import { version } from "./cli/init/templates";
-import { RootCmd } from "./cli/root";
+import { Command } from "commander";
 import update from "./cli/update";
 import kfc from "./cli/kfc";
 import crd from "./cli/crd";
@@ -21,7 +21,7 @@ if (process.env.npm_lifecycle_event !== "npx") {
   console.info("Pepr should be run via `npx pepr <command>` instead of `pepr <command>`.");
 }
 
-const program = new RootCmd();
+const program = new Command();
 if (!process.env.PEPR_NODE_WARNINGS) {
   process.removeAllListeners("warning");
 }

package/src/lib/assets/assets.ts

@@ -8,6 +8,7 @@ import {
   namespaceTemplate,
   clusterRoleTemplate,
   admissionDeployTemplate,
+  serviceTemplate,
   serviceMonitorTemplate,
   watcherDeployTemplate,
 } from "./helm";
@@ -23,10 +24,39 @@ import { loadCapabilities } from "./loader";
 import { namespaceComplianceValidator, dedent } from "../helpers";
 import { promises as fs } from "fs";
 import { storeRole, storeRoleBinding, clusterRoleBinding, serviceAccount } from "./rbac";
-import { watcherService, service, tlsSecret, apiPathSecret } from "./networking";
+import { tlsSecret, apiPathSecret } from "./networking";
 import { WebhookType } from "../enums";
 import { kind } from "kubernetes-fluent-client";
 
+export function norWatchOrAdmission(capabilities: CapabilityExport[]): boolean {
+  return !isAdmission(capabilities) && !isWatcher(capabilities);
+}
+export function isAdmission(capabilities: CapabilityExport[]): boolean {
+  for (const capability of capabilities) {
+    const admissionBindings = capability.bindings.filter(
+      binding => binding.isFinalize || binding.isMutate || binding.isValidate,
+    );
+    if (admissionBindings.length > 0) {
+      return true;
+    }
+  }
+  return false;
+}
+export function isWatcher(capabilities: CapabilityExport[]): boolean {
+  for (const capability of capabilities) {
+    if (capability.hasSchedule) {
+      return true;
+    }
+    const watcherBindings = capability.bindings.filter(
+      binding => binding.isFinalize || binding.isWatch || binding.isQueue,
+    );
+    if (watcherBindings.length > 0) {
+      return true;
+    }
+  }
+  return false;
+}
+
 export class Assets {
   readonly name: string;
   readonly tls: TLSOut;
@@ -82,20 +112,25 @@ export class Assets {
   allYaml = async (
     yamlGenerationFunction: (
       assets: Assets,
-      deployments: { default: V1Deployment; watch: V1Deployment | null },
+      deployments: { admission: V1Deployment | null; watch: V1Deployment | null },
+      services: { admission: kind.Service | null; watch: kind.Service | null },
     ) => Promise<string>,
-    getDeploymentFunction: (
-      assets: Assets,
-      hash: string,
-      buildTimestamp: string,
-      imagePullSecret?: string,
-    ) => kind.Deployment,
-    getWatcherFunction: (
-      assets: Assets,
-      hash: string,
-      buildTimestamp: string,
-      imagePullSecret?: string,
-    ) => kind.Deployment | null,
+    getControllerManifests: {
+      getDeploymentFunction: (
+        assets: Assets,
+        hash: string,
+        buildTimestamp: string,
+        imagePullSecret?: string,
+      ) => kind.Deployment | null;
+      getWatcherFunction: (
+        assets: Assets,
+        hash: string,
+        buildTimestamp: string,
+        imagePullSecret?: string,
+      ) => kind.Deployment | null;
+      getServiceFunction: (name: string, assets: Assets) => kind.Service | null;
+      getWatcherServiceFunction: (name: string, assets: Assets) => kind.Service | null;
+    },
     imagePullSecret?: string,
   ): Promise<string> => {
     this.capabilities = await loadCapabilities(this.path);
@@ -116,11 +151,26 @@ export class Assets {
     const moduleHash = crypto.createHash("sha256").update(code).digest("hex");
 
     const deployments = {
-      default: getDeploymentFunction(this, moduleHash, this.buildTimestamp, imagePullSecret),
-      watch: getWatcherFunction(this, moduleHash, this.buildTimestamp, imagePullSecret),
+      admission: getControllerManifests.getDeploymentFunction(
+        this,
+        moduleHash,
+        this.buildTimestamp,
+        imagePullSecret,
+      ),
+      watch: getControllerManifests.getWatcherFunction(
+        this,
+        moduleHash,
+        this.buildTimestamp,
+        imagePullSecret,
+      ),
     };
 
-    return yamlGenerationFunction(this, deployments);
+    const services = {
+      admission: getControllerManifests.getServiceFunction(this.name, this),
+      watch: getControllerManifests.getWatcherServiceFunction(this.name, this),
+    };
+
+    return yamlGenerationFunction(this, deployments, services);
   };
 
   writeWebhookFiles = async (
@@ -131,7 +181,7 @@ export class Assets {
     if (validateWebhook || mutateWebhook) {
       await fs.writeFile(
         helm.files.admissionDeploymentYaml,
-        dedent(admissionDeployTemplate(this.buildTimestamp)),
+        dedent(admissionDeployTemplate(this.buildTimestamp, "admission")),
       );
       await fs.writeFile(
         helm.files.admissionServiceMonitorYaml,
@@ -194,8 +244,14 @@ export class Assets {
           (): string => dedent(chartYaml(this.config.uuid, this.config.description || "")),
         ],
         [helm.files.namespaceYaml, (): string => dedent(namespaceTemplate())],
-        [helm.files.watcherServiceYaml, (): string => toYaml(watcherService(this.name))],
-        [helm.files.admissionServiceYaml, (): string => toYaml(service(this.name))],
+        [
+          helm.files.watcherServiceYaml,
+          (): string => dedent(serviceTemplate(this.name, "watcher")),
+        ],
+        [
+          helm.files.admissionServiceYaml,
+          (): string => dedent(serviceTemplate(this.name, "admission")),
+        ],
         [helm.files.tlsSecretYaml, (): string => toYaml(tlsSecret(this.name, this.tls))],
         [
           helm.files.apiPathSecretYaml,
@@ -221,7 +277,10 @@ export class Assets {
         apiPath: this.apiPath,
         capabilities: this.capabilities,
       };
-      await overridesFile(overrideData, helm.files.valuesYaml, this.imagePullSecrets);
+      await overridesFile(overrideData, helm.files.valuesYaml, this.imagePullSecrets, {
+        admission: isAdmission(this.capabilities) || norWatchOrAdmission(this.capabilities),
+        watcher: isWatcher(this.capabilities),
+      });
 
       const webhooks = {
         mutate: await webhookGeneratorFunction(
@@ -242,7 +301,7 @@ export class Assets {
       if (watchDeployment) {
         await fs.writeFile(
           helm.files.watcherDeploymentYaml,
-          dedent(watcherDeployTemplate(this.buildTimestamp)),
+          dedent(watcherDeployTemplate(this.buildTimestamp, "watcher")),
         );
         await fs.writeFile(
           helm.files.watcherServiceMonitorYaml,

package/src/lib/assets/deploy.ts

@@ -6,10 +6,17 @@ import { promises as fs } from "fs";
 import { K8s, kind } from "kubernetes-fluent-client";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
 
-import { Assets } from "./assets";
+import { Assets, isAdmission, norWatchOrAdmission } from "./assets";
 import Log from "../telemetry/logger";
-import { apiPathSecret, service, tlsSecret, watcherService } from "./networking";
-import { getDeployment, getModuleSecret, getNamespace, getWatcher } from "./pods";
+import { apiPathSecret, tlsSecret } from "./networking";
+import {
+  getDeployment,
+  service,
+  watcherService,
+  getModuleSecret,
+  getNamespace,
+  getWatcher,
+} from "./k8sObjects";
 import {
   clusterRole,
   clusterRoleBinding,
@@ -148,9 +155,19 @@ async function setupController(
   const mod = getModuleSecret(name, code, hash);
   await K8s(kind.Secret).Apply(mod, { force });
 
-  Log.info("Applying controller service");
-  const svc = service(name);
-  await K8s(kind.Service).Apply(svc, { force });
+  if (isAdmission(assets.capabilities) || norWatchOrAdmission(assets.capabilities)) {
+    const svc = service(name, assets);
+    if (svc) {
+      Log.info("Applying controller service");
+      await K8s(kind.Service).Apply(svc, { force });
+    }
+
+    const dep = getDeployment(assets, hash, assets.buildTimestamp);
+    if (dep) {
+      Log.info("Applying deployment");
+      await K8s(kind.Deployment).Apply(dep, { force });
+    }
+  }
 
   Log.info("Applying TLS secret");
   const tls = tlsSecret(name, assets.tls);
@@ -159,10 +176,6 @@ async function setupController(
   Log.info("Applying API path secret");
   const apiPath = apiPathSecret(name, assets.apiPath);
   await K8s(kind.Secret).Apply(apiPath, { force });
-
-  Log.info("Applying deployment");
-  const dep = getDeployment(assets, hash, assets.buildTimestamp);
-  await K8s(kind.Deployment).Apply(dep, { force });
 }
 
 // Setup the watcher deployment and service
@@ -172,9 +185,10 @@ async function setupWatcher(assets: Assets, hash: string, force: boolean): Promi
   if (watchDeployment) {
     Log.info("Applying watcher deployment");
     await K8s(kind.Deployment).Apply(watchDeployment, { force });
-
+  }
+  const watchSvc = watcherService(assets.name, assets);
+  if (watchSvc) {
     Log.info("Applying watcher service");
-    const watchSvc = watcherService(assets.name);
     await K8s(kind.Service).Apply(watchSvc, { force });
   }
 }

package/src/lib/assets/helm.ts

@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
+type ControllerType = "admission" | "watcher";
+
 export function clusterRoleTemplate(): string {
   return `
     apiVersion: rbac.authorization.k8s.io/v1
@@ -61,8 +63,9 @@ export function chartYaml(name: string, description?: string): string {
 `;
 }
 
-export function watcherDeployTemplate(buildTimestamp: string): string {
+export function watcherDeployTemplate(buildTimestamp: string, type: ControllerType): string {
   return `
+      {{- if .Values.${type}.enabled }}
       apiVersion: apps/v1
       kind: Deployment
       metadata:
@@ -154,11 +157,13 @@ export function watcherDeployTemplate(buildTimestamp: string): string {
               {{- if .Values.watcher.extraVolumes }}
               {{- toYaml .Values.watcher.extraVolumes | nindent 8 }}
               {{- end }}
+      {{- end }}
     `;
 }
 
-export function admissionDeployTemplate(buildTimestamp: string): string {
+export function admissionDeployTemplate(buildTimestamp: string, type: ControllerType): string {
   return `
+      {{- if .Values.${type}.enabled }}
       apiVersion: apps/v1
       kind: Deployment
       metadata:
@@ -270,9 +275,10 @@ export function admissionDeployTemplate(buildTimestamp: string): string {
               {{- if .Values.admission.extraVolumes }}
               {{- toYaml .Values.admission.extraVolumes | nindent 8 }}
               {{- end }}
+      {{- end }}
     `;
 }
-type ControllerType = "admission" | "watcher";
+
 export function serviceMonitorTemplate(name: string, type: ControllerType): string {
   return `
       {{- if .Values.${type}.serviceMonitor.enabled }}
@@ -300,3 +306,25 @@ export function serviceMonitorTemplate(name: string, type: ControllerType): stri
       {{- end }}
     `;
 }
+
+export function serviceTemplate(name: string, type: ControllerType): string {
+  const svcName = type === "admission" ? name : `${name}-${type}`;
+  return `
+      {{- if .Values.${type}.enabled }}
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: ${svcName}
+        namespace: pepr-system
+        labels:
+          pepr.dev/controller: ${type}
+      spec:
+        selector:
+          app: ${svcName}
+          pepr.dev/controller: ${type}
+        ports:
+        - port: 443
+          targetPort: 3000
+      {{- end }}
+    `;
+}

package/src/lib/assets/{pods.ts → k8sObjects.ts}

@@ -5,9 +5,8 @@ import { KubernetesObject } from "@kubernetes/client-node";
 import { kind } from "kubernetes-fluent-client";
 import { gzipSync } from "zlib";
 import { secretOverLimit } from "../helpers";
-import { Assets } from "./assets";
-import { Binding } from "../types";
-import { genEnv } from "./envrionment";
+import { Assets, isAdmission, isWatcher, norWatchOrAdmission } from "./assets";
+import { genEnv } from "./environment";
 
 /** Generate the pepr-system namespace */
 export function getNamespace(namespaceLabels?: Record<string, string>): KubernetesObject {
@@ -37,27 +36,13 @@ export function getWatcher(
   buildTimestamp: string,
   imagePullSecret?: string,
 ): kind.Deployment | null {
-  const { name, image, capabilities, config } = assets;
-
-  let hasSchedule = false;
-
-  // Append the watcher suffix
-  const app = `${name}-watcher`;
-  const bindings: Binding[] = [];
-
-  // Loop through the capabilities and find any Watch Actions
-  for (const capability of capabilities) {
-    if (capability.hasSchedule) {
-      hasSchedule = true;
-    }
-    const watchers = capability.bindings.filter(binding => binding.isWatch);
-    bindings.push(...watchers);
-  }
+  const { name, image, config } = assets;
 
-  // If there are no watchers, don't deploy the watcher
-  if (bindings.length < 1 && !hasSchedule) {
+  if (!isWatcher(assets.capabilities)) {
     return null;
   }
+  // Append the watcher suffix
+  const app = `${name}-watcher`;
 
   const deploy: kind.Deployment = {
     apiVersion: "apps/v1",
@@ -196,10 +181,14 @@ export function getDeployment(
   hash: string,
   buildTimestamp: string,
   imagePullSecret?: string,
-): kind.Deployment {
+): kind.Deployment | null {
   const { name, image, config } = assets;
   const app = name;
 
+  if (!isAdmission(assets.capabilities) && !norWatchOrAdmission(assets.capabilities)) {
+    return null;
+  }
+
   const deploy: kind.Deployment = {
     apiVersion: "apps/v1",
     kind: "Deployment",
@@ -364,3 +353,61 @@ export function getModuleSecret(name: string, data: Buffer, hash: string): kind.
     };
   }
 }
+
+export function service(name: string, assets: Assets): kind.Service | null {
+  if (!isAdmission(assets.capabilities) && !norWatchOrAdmission(assets.capabilities)) {
+    return null;
+  }
+  return {
+    apiVersion: "v1",
+    kind: "Service",
+    metadata: {
+      name,
+      namespace: "pepr-system",
+      labels: {
+        "pepr.dev/controller": "admission",
+      },
+    },
+    spec: {
+      selector: {
+        app: name,
+        "pepr.dev/controller": "admission",
+      },
+      ports: [
+        {
+          port: 443,
+          targetPort: 3000,
+        },
+      ],
+    },
+  };
+}
+
+export function watcherService(name: string, assets: Assets): kind.Service | null {
+  if (!isWatcher(assets.capabilities)) {
+    return null;
+  }
+  return {
+    apiVersion: "v1",
+    kind: "Service",
+    metadata: {
+      name: `${name}-watcher`,
+      namespace: "pepr-system",
+      labels: {
+        "pepr.dev/controller": "watcher",
+      },
+    },
+    spec: {
+      selector: {
+        app: `${name}-watcher`,
+        "pepr.dev/controller": "watcher",
+      },
+      ports: [
+        {
+          port: 443,
+          targetPort: 3000,
+        },
+      ],
+    },
+  };
+}