pepr 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +138 -85
- package/dist/controller.js +1 -1
- package/dist/lib/capability.d.ts.map +1 -1
- package/dist/lib/controller.d.ts.map +1 -1
- package/dist/lib/filter.d.ts.map +1 -1
- package/dist/lib/k8s/kinds.d.ts.map +1 -1
- package/dist/lib/k8s/types.d.ts +2 -0
- package/dist/lib/k8s/types.d.ts.map +1 -1
- package/dist/lib/k8s/webhook.d.ts +5 -4
- package/dist/lib/k8s/webhook.d.ts.map +1 -1
- package/dist/lib/module.d.ts.map +1 -1
- package/dist/lib/processor.d.ts +1 -1
- package/dist/lib/processor.d.ts.map +1 -1
- package/dist/lib/request.d.ts +0 -6
- package/dist/lib/request.d.ts.map +1 -1
- package/dist/lib/types.d.ts +3 -2
- package/dist/lib/types.d.ts.map +1 -1
- package/dist/lib/utils.d.ts +23 -0
- package/dist/lib/utils.d.ts.map +1 -0
- package/dist/lib.d.ts +2 -1
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +77 -32
- package/dist/lib.js.map +4 -4
- package/package.json +2 -2
- package/src/lib/capability.ts +1 -0
- package/src/lib/controller.ts +21 -16
- package/src/lib/filter.ts +2 -2
- package/src/lib/k8s/kinds.ts +2 -0
- package/src/lib/k8s/types.ts +2 -0
- package/src/lib/k8s/webhook.ts +120 -26
- package/src/lib/module.ts +7 -1
- package/src/lib/processor.ts +40 -14
- package/src/lib/request.ts +0 -20
- package/src/lib/types.ts +2 -1
- package/src/lib/utils.ts +55 -0
- package/src/lib.ts +2 -0
package/dist/cli.js
CHANGED
|
@@ -91,14 +91,17 @@ var banner = `\x1B[107;40m\x1B[38;5;016m \x1B[38;5;016m \x1B[38;5;016m \x1B[38;5
|
|
|
91
91
|
\x1B[0m`;
|
|
92
92
|
|
|
93
93
|
// src/cli/build.ts
|
|
94
|
+
var import_child_process2 = require("child_process");
|
|
94
95
|
var import_esbuild = require("esbuild");
|
|
95
|
-
var
|
|
96
|
+
var import_fs3 = require("fs");
|
|
96
97
|
var import_path = require("path");
|
|
97
|
-
var import_child_process = require("child_process");
|
|
98
98
|
|
|
99
99
|
// src/lib/k8s/webhook.ts
|
|
100
100
|
var import_client_node = require("@kubernetes/client-node");
|
|
101
|
+
var import_child_process = require("child_process");
|
|
101
102
|
var import_crypto = __toESM(require("crypto"));
|
|
103
|
+
var import_fs = require("fs");
|
|
104
|
+
var import_ramda = require("ramda");
|
|
102
105
|
var import_zlib = require("zlib");
|
|
103
106
|
|
|
104
107
|
// src/lib/logger.ts
|
|
@@ -187,6 +190,14 @@ if (process.env.LOG_LEVEL) {
|
|
|
187
190
|
}
|
|
188
191
|
var logger_default = Log;
|
|
189
192
|
|
|
193
|
+
// src/lib/types.ts
|
|
194
|
+
var ErrorBehavior = /* @__PURE__ */ ((ErrorBehavior2) => {
|
|
195
|
+
ErrorBehavior2["ignore"] = "ignore";
|
|
196
|
+
ErrorBehavior2["audit"] = "audit";
|
|
197
|
+
ErrorBehavior2["reject"] = "reject";
|
|
198
|
+
return ErrorBehavior2;
|
|
199
|
+
})(ErrorBehavior || {});
|
|
200
|
+
|
|
190
201
|
// src/lib/k8s/tls.ts
|
|
191
202
|
var import_node_forge = __toESM(require("node-forge"));
|
|
192
203
|
var caName = "Pepr Ephemeral CA";
|
|
@@ -338,7 +349,63 @@ var Webhook = class {
|
|
|
338
349
|
}
|
|
339
350
|
};
|
|
340
351
|
}
|
|
341
|
-
|
|
352
|
+
generateWebhookRules(path) {
|
|
353
|
+
return new Promise((resolve4, reject) => {
|
|
354
|
+
const rules = [];
|
|
355
|
+
const defaultRule = {
|
|
356
|
+
apiGroups: ["*"],
|
|
357
|
+
apiVersions: ["*"],
|
|
358
|
+
operations: ["CREATE", "UPDATE", "DELETE"],
|
|
359
|
+
resources: ["*/*"]
|
|
360
|
+
};
|
|
361
|
+
const program2 = (0, import_child_process.fork)(path, {
|
|
362
|
+
env: {
|
|
363
|
+
...process.env,
|
|
364
|
+
LOG_LEVEL: "warn",
|
|
365
|
+
PEPR_MODE: "build"
|
|
366
|
+
}
|
|
367
|
+
});
|
|
368
|
+
program2.on("message", (message) => {
|
|
369
|
+
const { capabilities } = message.valueOf();
|
|
370
|
+
for (const capability of capabilities) {
|
|
371
|
+
logger_default.info(`Module ${this.config.uuid} has capability: ${capability._name}`);
|
|
372
|
+
const { _bindings } = capability;
|
|
373
|
+
for (const binding of _bindings) {
|
|
374
|
+
const { event, kind } = binding;
|
|
375
|
+
const operations = [];
|
|
376
|
+
if (event === "CREATEORUPDATE" /* CreateOrUpdate */) {
|
|
377
|
+
operations.push("CREATE" /* Create */, "UPDATE" /* Update */);
|
|
378
|
+
} else {
|
|
379
|
+
operations.push(event);
|
|
380
|
+
}
|
|
381
|
+
const resource = kind.plural || `${kind.kind.toLowerCase()}s`;
|
|
382
|
+
rules.push({
|
|
383
|
+
apiGroups: [kind.group],
|
|
384
|
+
apiVersions: [kind.version || "*"],
|
|
385
|
+
operations,
|
|
386
|
+
resources: [resource]
|
|
387
|
+
});
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
});
|
|
391
|
+
program2.on("exit", (code) => {
|
|
392
|
+
if (code !== 0) {
|
|
393
|
+
reject(new Error(`Child process exited with code ${code}`));
|
|
394
|
+
} else {
|
|
395
|
+
if (rules.length < 1) {
|
|
396
|
+
resolve4([defaultRule]);
|
|
397
|
+
} else {
|
|
398
|
+
const reducedRules = (0, import_ramda.uniqWith)(import_ramda.equals, rules);
|
|
399
|
+
resolve4(reducedRules);
|
|
400
|
+
}
|
|
401
|
+
}
|
|
402
|
+
});
|
|
403
|
+
program2.on("error", (error) => {
|
|
404
|
+
reject(error);
|
|
405
|
+
});
|
|
406
|
+
});
|
|
407
|
+
}
|
|
408
|
+
async mutatingWebhook(path, timeoutSeconds = 10) {
|
|
342
409
|
const { name } = this;
|
|
343
410
|
const ignore = [peprIgnore];
|
|
344
411
|
if (this.config.alwaysIgnore.namespaces && this.config.alwaysIgnore.namespaces.length > 0) {
|
|
@@ -360,6 +427,7 @@ var Webhook = class {
|
|
|
360
427
|
path: "/mutate"
|
|
361
428
|
};
|
|
362
429
|
}
|
|
430
|
+
const rules = await this.generateWebhookRules(path);
|
|
363
431
|
return {
|
|
364
432
|
apiVersion: "admissionregistration.k8s.io/v1",
|
|
365
433
|
kind: "MutatingWebhookConfiguration",
|
|
@@ -378,15 +446,7 @@ var Webhook = class {
|
|
|
378
446
|
objectSelector: {
|
|
379
447
|
matchExpressions: ignore
|
|
380
448
|
},
|
|
381
|
-
|
|
382
|
-
rules: [
|
|
383
|
-
{
|
|
384
|
-
apiGroups: ["*"],
|
|
385
|
-
apiVersions: ["*"],
|
|
386
|
-
operations: ["CREATE", "UPDATE", "DELETE"],
|
|
387
|
-
resources: ["*/*"]
|
|
388
|
-
}
|
|
389
|
-
],
|
|
449
|
+
rules,
|
|
390
450
|
// @todo: track side effects state
|
|
391
451
|
sideEffects: "None"
|
|
392
452
|
}
|
|
@@ -581,8 +641,10 @@ var Webhook = class {
|
|
|
581
641
|
};
|
|
582
642
|
return (0, import_client_node.dumpYaml)(zarfCfg, { noRefs: true });
|
|
583
643
|
}
|
|
584
|
-
allYaml(
|
|
644
|
+
async allYaml(path) {
|
|
645
|
+
const code = await import_fs.promises.readFile(path);
|
|
585
646
|
const hash = import_crypto.default.createHash("sha256").update(code).digest("hex");
|
|
647
|
+
const webhook = await this.mutatingWebhook(path);
|
|
586
648
|
const resources = [
|
|
587
649
|
this.namespace(),
|
|
588
650
|
this.networkPolicy(),
|
|
@@ -590,23 +652,20 @@ var Webhook = class {
|
|
|
590
652
|
this.clusterRoleBinding(),
|
|
591
653
|
this.serviceAccount(),
|
|
592
654
|
this.tlsSecret(),
|
|
593
|
-
|
|
655
|
+
webhook,
|
|
594
656
|
this.deployment(hash),
|
|
595
657
|
this.service(),
|
|
596
658
|
this.moduleSecret(code, hash)
|
|
597
659
|
];
|
|
598
660
|
return resources.map((r) => (0, import_client_node.dumpYaml)(r, { noRefs: true })).join("---\n");
|
|
599
661
|
}
|
|
600
|
-
async deploy(
|
|
662
|
+
async deploy(path, webhookTimeout) {
|
|
601
663
|
logger_default.info("Establishing connection to Kubernetes");
|
|
602
664
|
const namespace = "pepr-system";
|
|
603
665
|
const kubeConfig = new import_client_node.KubeConfig();
|
|
604
666
|
kubeConfig.loadFromDefault();
|
|
605
667
|
const coreV1Api = kubeConfig.makeApiClient(import_client_node.CoreV1Api);
|
|
606
|
-
const rbacApi = kubeConfig.makeApiClient(import_client_node.RbacAuthorizationV1Api);
|
|
607
|
-
const appsApi = kubeConfig.makeApiClient(import_client_node.AppsV1Api);
|
|
608
668
|
const admissionApi = kubeConfig.makeApiClient(import_client_node.AdmissionregistrationV1Api);
|
|
609
|
-
const networkApi = kubeConfig.makeApiClient(import_client_node.NetworkingV1Api);
|
|
610
669
|
const ns = this.namespace();
|
|
611
670
|
try {
|
|
612
671
|
logger_default.info("Checking for namespace");
|
|
@@ -616,7 +675,7 @@ var Webhook = class {
|
|
|
616
675
|
logger_default.info("Creating namespace");
|
|
617
676
|
await coreV1Api.createNamespace(ns);
|
|
618
677
|
}
|
|
619
|
-
const wh = this.mutatingWebhook(webhookTimeout);
|
|
678
|
+
const wh = await this.mutatingWebhook(path, webhookTimeout);
|
|
620
679
|
try {
|
|
621
680
|
logger_default.info("Creating mutating webhook");
|
|
622
681
|
await admissionApi.createMutatingWebhookConfiguration(wh);
|
|
@@ -629,18 +688,22 @@ var Webhook = class {
|
|
|
629
688
|
if (this.host) {
|
|
630
689
|
return;
|
|
631
690
|
}
|
|
632
|
-
if (!
|
|
691
|
+
if (!path) {
|
|
633
692
|
throw new Error("No code provided");
|
|
634
693
|
}
|
|
694
|
+
const code = await import_fs.promises.readFile(path);
|
|
635
695
|
const hash = import_crypto.default.createHash("sha256").update(code).digest("hex");
|
|
636
|
-
const
|
|
696
|
+
const appsApi = kubeConfig.makeApiClient(import_client_node.AppsV1Api);
|
|
697
|
+
const rbacApi = kubeConfig.makeApiClient(import_client_node.RbacAuthorizationV1Api);
|
|
698
|
+
const networkApi = kubeConfig.makeApiClient(import_client_node.NetworkingV1Api);
|
|
699
|
+
const networkPolicy = this.networkPolicy();
|
|
637
700
|
try {
|
|
638
701
|
logger_default.info("Checking for network policy");
|
|
639
|
-
await networkApi.readNamespacedNetworkPolicy(
|
|
702
|
+
await networkApi.readNamespacedNetworkPolicy(networkPolicy.metadata?.name ?? "", namespace);
|
|
640
703
|
} catch (e) {
|
|
641
704
|
logger_default.debug(e instanceof import_client_node.HttpError ? e.body : e);
|
|
642
705
|
logger_default.info("Creating network policy");
|
|
643
|
-
await networkApi.createNamespacedNetworkPolicy(namespace,
|
|
706
|
+
await networkApi.createNamespacedNetworkPolicy(namespace, networkPolicy);
|
|
644
707
|
}
|
|
645
708
|
const crb = this.clusterRoleBinding();
|
|
646
709
|
try {
|
|
@@ -783,7 +846,9 @@ var hello_pepr_samples_default = [
|
|
|
783
846
|
namespace: "pepr-demo"
|
|
784
847
|
},
|
|
785
848
|
data: {
|
|
786
|
-
example: "dW5pY29ybiBtYWdpYw=="
|
|
849
|
+
example: "dW5pY29ybiBtYWdpYw==",
|
|
850
|
+
"binary-data": "iCZQUg8xYucNUqD+8lyl2YcKjYYygvTtiDSEV9b9WKUkxSSLFJTgIWMJ9GcFFYs4T9JCdda51u74jfq8yHzRuEASl60EdTS/NfWgIIFTGqcNRfqMw+vgpyTMmCyJVaJEDFq6AA==",
|
|
851
|
+
"ascii-with-white-space": "VGhpcyBpcyBzb21lIHJhbmRvbSB0ZXh0OgoKICAgIC0gd2l0aCBsaW5lIGJyZWFrcwogICAgLSBhbmQgdGFicw=="
|
|
787
852
|
}
|
|
788
853
|
},
|
|
789
854
|
{
|
|
@@ -904,9 +969,9 @@ var hello_pepr_samples_default = [
|
|
|
904
969
|
// src/cli/init/templates/data.json
|
|
905
970
|
var gitIgnore = "# Ignore node_modules and Pepr build artifacts\nnode_modules\ndist\ninsecure*\n";
|
|
906
971
|
var readmeMd = '# Pepr Module\n\nThis is a Pepr Module. [Pepr](https://github.com/defenseunicorns/pepr) is a Kubernetes transformation system\nwritten in Typescript.\n\nThe `capabilities` directory contains all the capabilities for this module. By default,\na capability is a single typescript file in the format of `capability-name.ts` that is\nimported in the root `pepr.ts` file as `import { HelloPepr } from "./capabilities/hello-pepr";`.\nBecause this is typescript, you can organize this however you choose, e.g. creating a sub-folder\nper-capability or common logic in shared files or folders.\n\nExample Structure:\n\n```\nModule Root\n\u251C\u2500\u2500 package.json\n\u251C\u2500\u2500 pepr.ts\n\u2514\u2500\u2500 capabilities\n \u251C\u2500\u2500 example-one.ts\n \u251C\u2500\u2500 example-three.ts\n \u2514\u2500\u2500 example-two.ts\n```\n';
|
|
907
|
-
var peprTS = 'import {
|
|
972
|
+
var peprTS = 'import { PeprModule } from "pepr";\n// cfg loads your pepr configuration from package.json\nimport cfg from "./package.json";\n\n// HelloPepr is a demo capability that is included with Pepr. Comment or delete the line below to remove it.\nimport { HelloPepr } from "./capabilities/hello-pepr";\n\n/**\n * This is the main entrypoint for this Pepr module. It is run when the module is started.\n * This is where you register your Pepr configurations and capabilities.\n */\nnew PeprModule(cfg, [\n // "HelloPepr" is a demo capability that is included with Pepr. Comment or delete the line below to remove it.\n HelloPepr,\n\n // Your additional capabilities go here\n]);\n';
|
|
908
973
|
var helloPeprTS = 'import {\n Capability,\n PeprRequest,\n RegisterKind,\n a,\n fetch,\n fetchStatus,\n} from "pepr";\n\n/**\n * The HelloPepr Capability is an example capability to demonstrate some general concepts of Pepr.\n * To test this capability you can run `pepr dev` or `npm start` and then run the following command:\n * `kubectl apply -f capabilities/hello-pepr.samples.yaml`\n */\nexport const HelloPepr = new Capability({\n name: "hello-pepr",\n description: "A simple example capability to show how things work.",\n namespaces: ["pepr-demo", "pepr-demo-2"],\n});\n\n// Use the \'When\' function to create a new Capability Action\nconst { When } = HelloPepr;\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (Namespace) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This Capability Action removes the label `remove-me` when a Namespace is created.\n * Note we don\'t need to specify the namespace here, because we\'ve already specified\n * it in the Capability definition above.\n */\nWhen(a.Namespace)\n .IsCreated()\n .Then(ns => ns.RemoveLabel("remove-me"));\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 1) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This is a single Capability Action. They can be in the same file or put imported from other files.\n * In this example, when a ConfigMap is created with the name `example-1`, then add a label and annotation.\n *\n * Equivalent to manually running:\n * `kubectl label configmap example-1 pepr=was-here`\n * `kubectl annotate configmap example-1 pepr.dev=annotations-work-too`\n */\nWhen(a.ConfigMap)\n .IsCreated()\n .WithName("example-1")\n .Then(request =>\n request\n .SetLabel("pepr", "was-here")\n .SetAnnotation("pepr.dev", "annotations-work-too")\n );\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 2) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This Capability Action does the exact same changes for example-2, except this time it uses\n * the `.ThenSet()` feature. You can stack multiple `.Then()` calls, but only a single `.ThenSet()`\n */\nWhen(a.ConfigMap)\n .IsCreated()\n .WithName("example-2")\n .ThenSet({\n metadata: {\n labels: {\n pepr: "was-here",\n },\n annotations: {\n "pepr.dev": "annotations-work-too",\n },\n },\n });\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 3) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This Capability Action combines different styles. Unlike the previous actions, this one will look\n * for any ConfigMap in the `pepr-demo` namespace that has the label `change=by-label` during either\n * CREATE or UPDATE. Note that all conditions added such as `WithName()`, `WithLabel()`, `InNamespace()`,\n * are ANDs so all conditions must be true for the request to be processed.\n */\nWhen(a.ConfigMap)\n .IsCreatedOrUpdated()\n .WithLabel("change", "by-label")\n .Then(request => {\n // The K8s object e are going to mutate\n const cm = request.Raw;\n\n // Get the username and uid of the K8s request\n const { username, uid } = request.Request.userInfo;\n\n // Store some data about the request in the configmap\n cm.data["username"] = username;\n cm.data["uid"] = uid;\n\n // You can still mix other ways of making changes too\n request.SetAnnotation("pepr.dev", "making-waves");\n });\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 4) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This Capability Action show how you can use the `Then()` function to make multiple changes to the\n * same object from different functions. This is useful if you want to keep your Capability Actions\n * small and focused on a single task, or if you want to reuse the same function in multiple\n * Capability Actions.\n *\n * Note that the order of the `.Then()` calls matters. The first call will be executed first,\n * then the second, and so on. Also note the functions are not called until the Capability Action\n * is triggered.\n */\nWhen(a.ConfigMap)\n .IsCreated()\n .WithName("example-4")\n .Then(cm => cm.SetLabel("pepr.dev/first", "true"))\n .Then(addSecond)\n .Then(addThird);\n\n//This function uses the complete type definition, but is not required.\nfunction addSecond(cm: PeprRequest<a.ConfigMap>) {\n cm.SetLabel("pepr.dev/second", "true");\n}\n\n// This function has no type definition, so you won\'t have intellisense in the function body.\nfunction addThird(cm) {\n cm.SetLabel("pepr.dev/third", "true");\n}\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 4a) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This is the same as Example 4, except this only operates on a CM in the `pepr-demo-2` namespace.\n * Note because the Capability defines namespaces, the namespace specified here must be one of those.\n * Alternatively, you can remove the namespace from the Capability definition and specify it here.\n */\nWhen(a.ConfigMap)\n .IsCreated()\n .InNamespace("pepr-demo-2")\n .WithName("example-4a")\n .Then(cm => cm.SetLabel("pepr.dev/first", "true"))\n .Then(addSecond)\n .Then(addThird);\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (CM Example 5) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This Capability Action is a bit more complex. It will look for any ConfigMap in the `pepr-demo`\n * namespace that has the label `chuck-norris` during CREATE. When it finds one, it will fetch a\n * random Chuck Norris joke from the API and add it to the ConfigMap. This is a great example of how\n * you can use Pepr to make changes to your K8s objects based on external data.\n *\n * Note the use of the `async` keyword. This is required for any Capability Action that uses `await` or `fetch()`.\n *\n * Also note we are passing a type to the `fetch()` function. This is optional, but it will help you\n * avoid mistakes when working with the data returned from the API. You can also use the `as` keyword to\n * cast the data returned from the API.\n *\n * These are equivalent:\n * ```ts\n * const joke = await fetch<TheChuckNorrisJoke>("https://api.chucknorris.io/jokes/random?category=dev");\n * const joke = await fetch("https://api.chucknorris.io/jokes/random?category=dev") as TheChuckNorrisJoke;\n * ```\n *\n * Alternatively, you can drop the type completely:\n *\n * ```ts\n * fetch("https://api.chucknorris.io/jokes/random?category=dev")\n * ```\n */\ninterface TheChuckNorrisJoke {\n icon_url: string;\n id: string;\n url: string;\n value: string;\n}\n\nWhen(a.ConfigMap)\n .IsCreated()\n .WithLabel("chuck-norris")\n .Then(async change => {\n // Try/catch is not needed as a response object will always be returned\n const response = await fetch<TheChuckNorrisJoke>(\n "https://api.chucknorris.io/jokes/random?category=dev"\n );\n\n // Instead, check the `response.ok` field\n if (response.ok) {\n // Add the Chuck Norris joke to the configmap\n change.Raw.data["chuck-says"] = response.data.value;\n return;\n }\n\n // You can also assert on different HTTP response codes\n if (response.status === fetchStatus.NOT_FOUND) {\n // Do something else\n return;\n }\n });\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (Secret Base64 Handling) *\n * ---------------------------------------------------------------------------------------------------\n *\n * The K8s JS client provides incomplete support for base64 encoding/decoding handling for secrets,\n * unlike the GO client. To make this less painful, Pepr automatically handles base64 encoding/decoding\n * secret data before and after the Capability Action is executed.\n */\nWhen(a.Secret)\n .IsCreated()\n .WithName("secret-1")\n .Then(request => {\n const secret = request.Raw;\n\n // This will be encoded at the end of all processing back to base64: "Y2hhbmdlLXdpdGhvdXQtZW5jb2Rpbmc="\n secret.data.magic = "change-without-encoding";\n\n // You can modify the data directly, and it will be encoded at the end of all processing\n secret.data.example += " - modified by Pepr";\n });\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (Untyped Custom Resource) *\n * ---------------------------------------------------------------------------------------------------\n *\n * Out of the box, Pepr supports all the standard Kubernetes objects. However, you can also create\n * your own types. This is useful if you are working with an Operator that creates custom resources.\n * There are two ways to do this, the first is to use the `When()` function with a `GenericKind`,\n * the second is to create a new class that extends `GenericKind` and use the `RegisterKind()` function.\n *\n * This example shows how to use the `When()` function with a `GenericKind`. Note that you\n * must specify the `group`, `version`, and `kind` of the object (if applicable). This is how Pepr knows\n * if the Capability Action should be triggered or not. Since we are using a `GenericKind`,\n * Pepr will not be able to provide any intellisense for the object, so you will need to refer to the\n * Kubernetes API documentation for the object you are working with.\n *\n * You will need ot wait for the CRD in `hello-pepr.samples.yaml` to be created, then you can apply\n *\n * ```yaml\n * apiVersion: pepr.dev/v1\n * kind: Unicorn\n * metadata:\n * name: example-1\n * namespace: pepr-demo\n * spec:\n * message: replace-me\n * counter: 0\n * ```\n */\nWhen(a.GenericKind, {\n group: "pepr.dev",\n version: "v1",\n kind: "Unicorn",\n})\n .IsCreated()\n .WithName("example-1")\n .ThenSet({\n spec: {\n message: "Hello Pepr without type data!",\n counter: Math.random(),\n },\n });\n\n/**\n * ---------------------------------------------------------------------------------------------------\n * CAPABILITY ACTION (Typed Custom Resource) *\n * ---------------------------------------------------------------------------------------------------\n *\n * This example shows how to use the `RegisterKind()` function to create a new type. This is useful\n * if you are working with an Operator that creates custom resources and you want to have intellisense\n * for the object. Note that you must specify the `group`, `version`, and `kind` of the object (if applicable)\n * as this is how Pepr knows if the Capability Action should be triggered or not.\n *\n * Once you register a new Kind with Pepr, you can use the `When()` function with the new Kind. Ideally,\n * you should register custom Kinds at the top of your Capability file or Pepr Module so they are available\n * to all Capability Actions, but we are putting it here for demonstration purposes.\n *\n * You will need ot wait for the CRD in `hello-pepr.samples.yaml` to be created, then you can apply\n *\n * ```yaml\n * apiVersion: pepr.dev/v1\n * kind: Unicorn\n * metadata:\n * name: example-2\n * namespace: pepr-demo\n * spec:\n * message: replace-me\n * counter: 0\n * ```*\n */\nclass UnicornKind extends a.GenericKind {\n spec: {\n /**\n * JSDoc comments can be added to explain more details about the field.\n *\n * @example\n * ```ts\n * request.Raw.spec.message = "Hello Pepr!";\n * ```\n * */\n message: string;\n counter: number;\n };\n}\n\nRegisterKind(UnicornKind, {\n group: "pepr.dev",\n version: "v1",\n kind: "Unicorn",\n});\n\nWhen(UnicornKind)\n .IsCreated()\n .WithName("example-2")\n .ThenSet({\n spec: {\n message: "Hello Pepr now with type data!",\n counter: Math.random(),\n },\n });\n';
|
|
909
|
-
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.
|
|
974
|
+
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.7.0", main: "dist/lib.js", types: "dist/lib.d.ts", scripts: { prebuild: "rm -fr dist/* && node hack/build-template-data.js", build: "tsc && node build.mjs", test: "npm run test:unit && npm run test:e2e", "test:unit": "npm run build && tsc -p tsconfig.tests.json && ava dist/**/*.test.js", "test:e2e": "npm run test:e2e:k3d && npm run test:e2e:build && npm run test:e2e:image && npm run test:e2e:run", "test:e2e:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0'", "test:e2e:build": "npm run build && npm pack && npm uninstall pepr -g && npm install -g pepr-0.0.0-development.tgz && pepr", "test:e2e:image": "docker buildx build --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev", "test:e2e:run": "ava hack/e2e.test.mjs --sequential --timeout=2m", "format:check": "eslint src && prettier src --check", "format:fix": "eslint src --fix && prettier src --write" }, dependencies: { "@kubernetes/client-node": "0.18.1", express: "4.18.2", "fast-json-patch": "3.1.1", "http-status-codes": "2.2.0", "node-fetch": "2.6.11", ramda: "0.29.0" }, devDependencies: { "@types/eslint": "8.40.0", "@types/express": "4.17.17", "@types/node-fetch": "2.6.4", "@types/node-forge": "1.3.2", "@types/prettier": "2.7.3", "@types/prompts": "2.4.4", "@types/ramda": "0.29.2", "@types/uuid": "9.0.1", ava: "5.3.0", nock: "13.3.1" }, peerDependencies: { "@typescript-eslint/eslint-plugin": "5.59.7", "@typescript-eslint/parser": "5.59.7", commander: "10.0.1", esbuild: "0.17.19", eslint: "8.41.0", "node-forge": "1.3.1", prettier: "2.8.8", prompts: "2.4.2", typescript: "5.0.4", uuid: "9.0.0" }, ava: { failFast: true, verbose: true } };
|
|
910
975
|
|
|
911
976
|
// src/cli/init/templates/pepr.code-snippets.json
|
|
912
977
|
var pepr_code_snippets_default = {
|
|
@@ -953,7 +1018,7 @@ var tsconfig_module_default = {
|
|
|
953
1018
|
};
|
|
954
1019
|
|
|
955
1020
|
// src/cli/init/utils.ts
|
|
956
|
-
var
|
|
1021
|
+
var import_fs2 = require("fs");
|
|
957
1022
|
function sanitizeName(name) {
|
|
958
1023
|
let sanitized = name.toLowerCase().replace(/[^a-z0-9-]+/gi, "-");
|
|
959
1024
|
sanitized = sanitized.replace(/^-+|-+$/g, "");
|
|
@@ -962,7 +1027,7 @@ function sanitizeName(name) {
|
|
|
962
1027
|
}
|
|
963
1028
|
async function createDir(dir) {
|
|
964
1029
|
try {
|
|
965
|
-
await
|
|
1030
|
+
await import_fs2.promises.mkdir(dir);
|
|
966
1031
|
} catch (err) {
|
|
967
1032
|
if (err && err.code === "EEXIST") {
|
|
968
1033
|
throw new Error(`Directory ${dir} already exists`);
|
|
@@ -975,7 +1040,7 @@ function write(path, data) {
|
|
|
975
1040
|
if (typeof data !== "string") {
|
|
976
1041
|
data = JSON.stringify(data, null, 2);
|
|
977
1042
|
}
|
|
978
|
-
return
|
|
1043
|
+
return import_fs2.promises.writeFile(path, data);
|
|
979
1044
|
}
|
|
980
1045
|
|
|
981
1046
|
// src/cli/init/templates.ts
|
|
@@ -1000,12 +1065,10 @@ function genPkgJSON(opts, pgkVerOverride) {
|
|
|
1000
1065
|
},
|
|
1001
1066
|
scripts: {
|
|
1002
1067
|
"k3d-setup": scripts["test:e2e:k3d"],
|
|
1003
|
-
build: "pepr build",
|
|
1004
|
-
deploy: "pepr deploy",
|
|
1005
1068
|
start: "pepr dev"
|
|
1006
1069
|
},
|
|
1007
1070
|
dependencies: {
|
|
1008
|
-
pepr: pgkVerOverride ||
|
|
1071
|
+
pepr: pgkVerOverride || version
|
|
1009
1072
|
},
|
|
1010
1073
|
devDependencies: {
|
|
1011
1074
|
typescript
|
|
@@ -1065,18 +1128,21 @@ function build_default(program2) {
|
|
|
1065
1128
|
peprTS2
|
|
1066
1129
|
).action(async (opts) => {
|
|
1067
1130
|
const { cfg, path, uuid } = await buildModule(void 0, opts.entryPoint);
|
|
1068
|
-
|
|
1131
|
+
if (opts.entryPoint !== peprTS2) {
|
|
1132
|
+
logger_default.info(`Module built successfully at ${path}`);
|
|
1133
|
+
return;
|
|
1134
|
+
}
|
|
1069
1135
|
const webhook = new Webhook({
|
|
1070
1136
|
...cfg.pepr,
|
|
1071
1137
|
description: cfg.description
|
|
1072
1138
|
});
|
|
1073
1139
|
const yamlFile = `pepr-module-${uuid}.yaml`;
|
|
1074
1140
|
const yamlPath = (0, import_path.resolve)("dist", yamlFile);
|
|
1075
|
-
const yaml = webhook.allYaml(
|
|
1141
|
+
const yaml = await webhook.allYaml(path);
|
|
1076
1142
|
const zarfPath = (0, import_path.resolve)("dist", "zarf.yaml");
|
|
1077
1143
|
const zarf = webhook.zarfYaml(yamlFile);
|
|
1078
|
-
await
|
|
1079
|
-
await
|
|
1144
|
+
await import_fs3.promises.writeFile(yamlPath, yaml);
|
|
1145
|
+
await import_fs3.promises.writeFile(zarfPath, zarf);
|
|
1080
1146
|
logger_default.debug(`Module compiled successfully at ${path}`);
|
|
1081
1147
|
logger_default.info(`K8s resource for the module saved to ${yamlPath}`);
|
|
1082
1148
|
});
|
|
@@ -1087,15 +1153,15 @@ async function loadModule(entryPoint = peprTS2) {
|
|
|
1087
1153
|
const cfgPath = (0, import_path.resolve)(".", "package.json");
|
|
1088
1154
|
const input = (0, import_path.resolve)(".", entryPoint);
|
|
1089
1155
|
try {
|
|
1090
|
-
await
|
|
1091
|
-
await
|
|
1156
|
+
await import_fs3.promises.access(cfgPath);
|
|
1157
|
+
await import_fs3.promises.access(input);
|
|
1092
1158
|
} catch (e) {
|
|
1093
1159
|
logger_default.error(
|
|
1094
1160
|
`Could not find ${cfgPath} or ${input} in the current directory. Please run this command from the root of your module's directory.`
|
|
1095
1161
|
);
|
|
1096
1162
|
process.exit(1);
|
|
1097
1163
|
}
|
|
1098
|
-
const moduleText = await
|
|
1164
|
+
const moduleText = await import_fs3.promises.readFile(cfgPath, { encoding: "utf-8" });
|
|
1099
1165
|
const cfg = JSON.parse(moduleText);
|
|
1100
1166
|
const { uuid } = cfg.pepr;
|
|
1101
1167
|
const name = `pepr-${uuid}.js`;
|
|
@@ -1120,9 +1186,8 @@ async function loadModule(entryPoint = peprTS2) {
|
|
|
1120
1186
|
async function buildModule(reloader, entryPoint = peprTS2) {
|
|
1121
1187
|
try {
|
|
1122
1188
|
const { cfg, path, uuid } = await loadModule(entryPoint);
|
|
1123
|
-
(0,
|
|
1124
|
-
const
|
|
1125
|
-
const ctx = await (0, import_esbuild.context)({
|
|
1189
|
+
(0, import_child_process2.execSync)("./node_modules/.bin/tsc", { stdio: "inherit" });
|
|
1190
|
+
const ctxCfg = {
|
|
1126
1191
|
bundle: true,
|
|
1127
1192
|
entryPoints: [entryPoint],
|
|
1128
1193
|
external: externalLibs,
|
|
@@ -1130,11 +1195,8 @@ async function buildModule(reloader, entryPoint = peprTS2) {
|
|
|
1130
1195
|
keepNames: true,
|
|
1131
1196
|
legalComments: "external",
|
|
1132
1197
|
metafile: true,
|
|
1133
|
-
|
|
1134
|
-
minify: !reloader && !customEntryPoint,
|
|
1198
|
+
minify: true,
|
|
1135
1199
|
outfile: path,
|
|
1136
|
-
// Only bundle the NPM packages if we're not using a custom entry point
|
|
1137
|
-
packages: customEntryPoint ? "external" : void 0,
|
|
1138
1200
|
plugins: [
|
|
1139
1201
|
{
|
|
1140
1202
|
name: "reload-server",
|
|
@@ -1144,18 +1206,26 @@ async function buildModule(reloader, entryPoint = peprTS2) {
|
|
|
1144
1206
|
console.log(await (0, import_esbuild.analyzeMetafile)(r.metafile));
|
|
1145
1207
|
}
|
|
1146
1208
|
if (reloader) {
|
|
1147
|
-
reloader(r);
|
|
1209
|
+
await reloader(r);
|
|
1148
1210
|
}
|
|
1149
1211
|
});
|
|
1150
1212
|
}
|
|
1151
1213
|
}
|
|
1152
1214
|
],
|
|
1153
1215
|
platform: "node",
|
|
1154
|
-
|
|
1155
|
-
|
|
1156
|
-
|
|
1157
|
-
|
|
1158
|
-
|
|
1216
|
+
sourcemap: true,
|
|
1217
|
+
treeShaking: true
|
|
1218
|
+
};
|
|
1219
|
+
if (reloader) {
|
|
1220
|
+
ctxCfg.minify = false;
|
|
1221
|
+
}
|
|
1222
|
+
if (entryPoint !== peprTS2) {
|
|
1223
|
+
ctxCfg.minify = false;
|
|
1224
|
+
ctxCfg.outfile = (0, import_path.resolve)("dist", (0, import_path.basename)(entryPoint, (0, import_path.extname)(entryPoint))) + ".js";
|
|
1225
|
+
ctxCfg.packages = "external";
|
|
1226
|
+
ctxCfg.treeShaking = false;
|
|
1227
|
+
}
|
|
1228
|
+
const ctx = await (0, import_esbuild.context)(ctxCfg);
|
|
1159
1229
|
if (reloader) {
|
|
1160
1230
|
await ctx.watch();
|
|
1161
1231
|
} else {
|
|
@@ -1173,7 +1243,6 @@ async function buildModule(reloader, entryPoint = peprTS2) {
|
|
|
1173
1243
|
}
|
|
1174
1244
|
|
|
1175
1245
|
// src/cli/deploy.ts
|
|
1176
|
-
var import_fs3 = require("fs");
|
|
1177
1246
|
var import_prompts = __toESM(require("prompts"));
|
|
1178
1247
|
function deploy_default(program2) {
|
|
1179
1248
|
program2.command("deploy").description("Deploy a Pepr Module").option("-i, --image [image]", "Override the image tag").option("--confirm", "Skip confirmation prompt").action(async (opts) => {
|
|
@@ -1188,7 +1257,6 @@ function deploy_default(program2) {
|
|
|
1188
1257
|
}
|
|
1189
1258
|
}
|
|
1190
1259
|
const { cfg, path } = await buildModule();
|
|
1191
|
-
const code = await import_fs3.promises.readFile(path);
|
|
1192
1260
|
const webhook = new Webhook({
|
|
1193
1261
|
...cfg.pepr,
|
|
1194
1262
|
description: cfg.description
|
|
@@ -1197,7 +1265,7 @@ function deploy_default(program2) {
|
|
|
1197
1265
|
webhook.image = opts.image;
|
|
1198
1266
|
}
|
|
1199
1267
|
try {
|
|
1200
|
-
await webhook.deploy(
|
|
1268
|
+
await webhook.deploy(path);
|
|
1201
1269
|
logger_default.info(`Module deployed successfully`);
|
|
1202
1270
|
} catch (e) {
|
|
1203
1271
|
logger_default.error(`Error deploying module: ${e}`);
|
|
@@ -1207,7 +1275,7 @@ function deploy_default(program2) {
|
|
|
1207
1275
|
}
|
|
1208
1276
|
|
|
1209
1277
|
// src/cli/dev.ts
|
|
1210
|
-
var
|
|
1278
|
+
var import_child_process3 = require("child_process");
|
|
1211
1279
|
var import_fs4 = require("fs");
|
|
1212
1280
|
var import_prompts2 = __toESM(require("prompts"));
|
|
1213
1281
|
function dev_default(program2) {
|
|
@@ -1233,15 +1301,11 @@ function dev_default(program2) {
|
|
|
1233
1301
|
await import_fs4.promises.writeFile("insecure-tls.crt", webhook.tls.pem.crt);
|
|
1234
1302
|
await import_fs4.promises.writeFile("insecure-tls.key", webhook.tls.pem.key);
|
|
1235
1303
|
try {
|
|
1236
|
-
await webhook.deploy(void 0, 30);
|
|
1237
|
-
logger_default.info(`Module deployed successfully`);
|
|
1238
1304
|
let program3;
|
|
1239
|
-
const runFork = () => {
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
}
|
|
1244
|
-
program3 = (0, import_child_process2.fork)(path, {
|
|
1305
|
+
const runFork = async () => {
|
|
1306
|
+
logger_default.info(`Running module ${path}`);
|
|
1307
|
+
await webhook.deploy(path, 30);
|
|
1308
|
+
program3 = (0, import_child_process3.fork)(path, {
|
|
1245
1309
|
env: {
|
|
1246
1310
|
...process.env,
|
|
1247
1311
|
LOG_LEVEL: "debug",
|
|
@@ -1250,17 +1314,16 @@ function dev_default(program2) {
|
|
|
1250
1314
|
}
|
|
1251
1315
|
});
|
|
1252
1316
|
};
|
|
1253
|
-
await buildModule((r) => {
|
|
1317
|
+
await buildModule(async (r) => {
|
|
1254
1318
|
if (r.errors.length > 0) {
|
|
1255
1319
|
logger_default.error(`Error compiling module: ${r.errors}`);
|
|
1256
1320
|
return;
|
|
1257
1321
|
}
|
|
1258
|
-
logger_default.info(`Running module ${path}`);
|
|
1259
1322
|
if (program3) {
|
|
1260
1323
|
program3.once("exit", runFork);
|
|
1261
|
-
program3.kill();
|
|
1324
|
+
program3.kill("SIGKILL");
|
|
1262
1325
|
} else {
|
|
1263
|
-
runFork();
|
|
1326
|
+
await runFork();
|
|
1264
1327
|
}
|
|
1265
1328
|
});
|
|
1266
1329
|
} catch (e) {
|
|
@@ -1320,23 +1383,13 @@ function format_default(program2) {
|
|
|
1320
1383
|
}
|
|
1321
1384
|
|
|
1322
1385
|
// src/cli/init/index.ts
|
|
1323
|
-
var
|
|
1386
|
+
var import_child_process4 = require("child_process");
|
|
1324
1387
|
var import_path2 = require("path");
|
|
1325
1388
|
var import_prompts4 = __toESM(require("prompts"));
|
|
1326
1389
|
|
|
1327
1390
|
// src/cli/init/walkthrough.ts
|
|
1328
1391
|
var import_fs6 = require("fs");
|
|
1329
1392
|
var import_prompts3 = __toESM(require("prompts"));
|
|
1330
|
-
|
|
1331
|
-
// src/lib/types.ts
|
|
1332
|
-
var ErrorBehavior = /* @__PURE__ */ ((ErrorBehavior2) => {
|
|
1333
|
-
ErrorBehavior2["ignore"] = "ignore";
|
|
1334
|
-
ErrorBehavior2["audit"] = "audit";
|
|
1335
|
-
ErrorBehavior2["reject"] = "reject";
|
|
1336
|
-
return ErrorBehavior2;
|
|
1337
|
-
})(ErrorBehavior || {});
|
|
1338
|
-
|
|
1339
|
-
// src/cli/init/walkthrough.ts
|
|
1340
1393
|
function walkthrough() {
|
|
1341
1394
|
const askName = {
|
|
1342
1395
|
type: "text",
|
|
@@ -1439,14 +1492,14 @@ function init_default(program2) {
|
|
|
1439
1492
|
await write((0, import_path2.resolve)(dirName, "capabilities", helloPepr.path), helloPepr.data);
|
|
1440
1493
|
if (!opts.skipPostInit) {
|
|
1441
1494
|
process.chdir(dirName);
|
|
1442
|
-
(0,
|
|
1495
|
+
(0, import_child_process4.execSync)("npm install", {
|
|
1443
1496
|
stdio: "inherit"
|
|
1444
1497
|
});
|
|
1445
|
-
(0,
|
|
1498
|
+
(0, import_child_process4.execSync)("git init", {
|
|
1446
1499
|
stdio: "inherit"
|
|
1447
1500
|
});
|
|
1448
1501
|
try {
|
|
1449
|
-
(0,
|
|
1502
|
+
(0, import_child_process4.execSync)("code .", {
|
|
1450
1503
|
stdio: "inherit"
|
|
1451
1504
|
});
|
|
1452
1505
|
} catch (e) {
|
|
@@ -1479,7 +1532,7 @@ var RootCmd = class extends import_commander.Command {
|
|
|
1479
1532
|
};
|
|
1480
1533
|
|
|
1481
1534
|
// src/cli/update.ts
|
|
1482
|
-
var
|
|
1535
|
+
var import_child_process5 = require("child_process");
|
|
1483
1536
|
var import_path3 = require("path");
|
|
1484
1537
|
var import_prompts5 = __toESM(require("prompts"));
|
|
1485
1538
|
function update_default(program2) {
|
|
@@ -1503,10 +1556,10 @@ function update_default(program2) {
|
|
|
1503
1556
|
await write((0, import_path3.resolve)("capabilities", samplesYaml.path), samplesYaml.data);
|
|
1504
1557
|
await write((0, import_path3.resolve)("capabilities", helloPepr.path), helloPepr.data);
|
|
1505
1558
|
}
|
|
1506
|
-
(0,
|
|
1559
|
+
(0, import_child_process5.execSync)("npm install pepr@latest", {
|
|
1507
1560
|
stdio: "inherit"
|
|
1508
1561
|
});
|
|
1509
|
-
(0,
|
|
1562
|
+
(0, import_child_process5.execSync)("npm install -g pepr@latest", {
|
|
1510
1563
|
stdio: "inherit"
|
|
1511
1564
|
});
|
|
1512
1565
|
console.log(`Module updated!`);
|
package/dist/controller.js
CHANGED
|
@@ -116,7 +116,7 @@ if (process.env.LOG_LEVEL) {
|
|
|
116
116
|
var logger_default = Log;
|
|
117
117
|
|
|
118
118
|
// src/cli/init/templates/data.json
|
|
119
|
-
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.
|
|
119
|
+
var packageJSON = { name: "pepr", description: "Kubernetes application engine", author: "Defense Unicorns", homepage: "https://github.com/defenseunicorns/pepr", license: "Apache-2.0", bin: "dist/cli.js", repository: "defenseunicorns/pepr", engines: { node: ">=18.0.0" }, version: "0.7.0", main: "dist/lib.js", types: "dist/lib.d.ts", scripts: { prebuild: "rm -fr dist/* && node hack/build-template-data.js", build: "tsc && node build.mjs", test: "npm run test:unit && npm run test:e2e", "test:unit": "npm run build && tsc -p tsconfig.tests.json && ava dist/**/*.test.js", "test:e2e": "npm run test:e2e:k3d && npm run test:e2e:build && npm run test:e2e:image && npm run test:e2e:run", "test:e2e:k3d": "k3d cluster delete pepr-dev && k3d cluster create pepr-dev --k3s-arg '--debug@server:0'", "test:e2e:build": "npm run build && npm pack && npm uninstall pepr -g && npm install -g pepr-0.0.0-development.tgz && pepr", "test:e2e:image": "docker buildx build --tag pepr:dev . && k3d image import pepr:dev -c pepr-dev", "test:e2e:run": "ava hack/e2e.test.mjs --sequential --timeout=2m", "format:check": "eslint src && prettier src --check", "format:fix": "eslint src --fix && prettier src --write" }, dependencies: { "@kubernetes/client-node": "0.18.1", express: "4.18.2", "fast-json-patch": "3.1.1", "http-status-codes": "2.2.0", "node-fetch": "2.6.11", ramda: "0.29.0" }, devDependencies: { "@types/eslint": "8.40.0", "@types/express": "4.17.17", "@types/node-fetch": "2.6.4", "@types/node-forge": "1.3.2", "@types/prettier": "2.7.3", "@types/prompts": "2.4.4", "@types/ramda": "0.29.2", "@types/uuid": "9.0.1", ava: "5.3.0", nock: "13.3.1" }, peerDependencies: { "@typescript-eslint/eslint-plugin": "5.59.7", "@typescript-eslint/parser": "5.59.7", commander: "10.0.1", esbuild: "0.17.19", eslint: "8.41.0", "node-forge": "1.3.1", prettier: "2.8.8", prompts: "2.4.2", typescript: "5.0.4", uuid: "9.0.0" }, ava: { failFast: true, verbose: true } };
|
|
120
120
|
|
|
121
121
|
// src/runtime/controller.ts
|
|
122
122
|
var { version } = packageJSON;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"capability.d.ts","sourceRoot":"","sources":["../../src/lib/capability.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAEL,OAAO,EAIP,aAAa,EAGb,YAAY,EACZ,SAAS,EACT,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,qBAAa,UAAW,YAAW,aAAa;IAC9C,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAC,CAAuB;IAG3C,OAAO,CAAC,iBAAiB,CAAoB;IAE7C,OAAO,CAAC,SAAS,CAAiB;IAElC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAExB;IAED,IAAI,IAAI,WAEP;IAED,IAAI,WAAW,WAEd;IAED,IAAI,UAAU,aAEb;IAED,IAAI,gBAAgB,cAEnB;gBAEW,GAAG,EAAE,aAAa;IAQ9B;;;;;;;;OAQG;IACH,IAAI,4CAA6C,gBAAgB,
|
|
1
|
+
{"version":3,"file":"capability.d.ts","sourceRoot":"","sources":["../../src/lib/capability.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAEL,OAAO,EAIP,aAAa,EAGb,YAAY,EACZ,SAAS,EACT,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,qBAAa,UAAW,YAAW,aAAa;IAC9C,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAC,CAAuB;IAG3C,OAAO,CAAC,iBAAiB,CAAoB;IAE7C,OAAO,CAAC,SAAS,CAAiB;IAElC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAExB;IAED,IAAI,IAAI,WAEP;IAED,IAAI,WAAW,WAEd;IAED,IAAI,UAAU,aAEb;IAED,IAAI,gBAAgB,cAEnB;gBAEW,GAAG,EAAE,aAAa;IAQ9B;;;;;;;;OAQG;IACH,IAAI,4CAA6C,gBAAgB,qBAwF/D;CACH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/lib/controller.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/lib/controller.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAGvC,qBAAa,UAAU;IAKnB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IAC5B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;IAP7B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAa;IACjC,OAAO,CAAC,OAAO,CAAS;gBAGL,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE,UAAU,EAAE,EAC1B,UAAU,CAAC,SAAQ,OAAO,KAAK,IAAI,aAAA,EACnC,SAAS,CAAC,SAAQ,QAAQ,KAAK,IAAI,aAAA;IAuBtD,+BAA+B;IACxB,WAAW,SAAU,MAAM,UA0ChC;IAEF,OAAO,CAAC,MAAM,CAYZ;IAEF,OAAO,CAAC,OAAO,CAOb;IAEF,OAAO,CAAC,MAAM,CAiCZ;CACH"}
|
package/dist/lib/filter.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../src/lib/filter.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,OAAO,EAAS,MAAM,SAAS,CAAC;AAEzC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,WAwE/D"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/kinds.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,
|
|
1
|
+
{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/kinds.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CA8cnD,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAErE;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,UAAW,YAAY,oBAAoB,gBAAgB,SAUnF,CAAC"}
|
package/dist/lib/k8s/types.d.ts
CHANGED
|
@@ -36,6 +36,8 @@ export interface GroupVersionKind {
|
|
|
36
36
|
readonly kind: string;
|
|
37
37
|
readonly group: string;
|
|
38
38
|
readonly version?: string;
|
|
39
|
+
/** Optional, override the plural name for use in Webhook rules generation */
|
|
40
|
+
readonly plural?: string;
|
|
39
41
|
}
|
|
40
42
|
/**
|
|
41
43
|
* GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEnE,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;CACzB;AACD,MAAM,WAAW,oBAAoB,CAAC,CAAC,SAAS,gBAAgB;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,KAAK,EAAE,CAAC,EAAE,CAAC;CACZ;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;IAExB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;;IAGI;AACJ,MAAM,WAAW,gBAAgB;IAC/B,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEnE,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;CACzB;AACD,MAAM,WAAW,oBAAoB,CAAC,CAAC,SAAS,gBAAgB;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,KAAK,EAAE,CAAC,EAAE,CAAC;CACZ;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,YAAY,CAAC;IAExB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;;IAGI;AACJ,MAAM,WAAW,gBAAgB;IAC/B,yCAAyC;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,6EAA6E;IAC7E,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,OAAO,CAAC,CAAC,GAAG,gBAAgB;IAC3C,gEAAgE;IAChE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB,+GAA+G;IAC/G,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAEhC,sFAAsF;IACtF,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IAExC,iGAAiG;IACjG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,yHAAyH;IACzH,QAAQ,CAAC,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAExC,0GAA0G;IAC1G,QAAQ,CAAC,eAAe,CAAC,EAAE,oBAAoB,CAAC;IAEhD,qHAAqH;IACrH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAErC;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,uEAAuE;IACvE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B,wDAAwD;IACxD,QAAQ,CAAC,QAAQ,EAAE;QACjB,0EAA0E;QAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB;;;WAGG;QACH,GAAG,CAAC,EAAE,MAAM,CAAC;QAEb,kDAAkD;QAClD,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAElB,gEAAgE;QAChE,KAAK,CAAC,EAAE;YACN,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;SACzB,CAAC;KACH,CAAC;IAEF,2FAA2F;IAC3F,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAEnB,4EAA4E;IAC5E,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAEvB,gHAAgH;IAChH,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAE1B;;;;;;OAMG;IAEH,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,kIAAkI;IAClI,GAAG,EAAE,MAAM,CAAC;IAEZ,4EAA4E;IAC5E,OAAO,EAAE,OAAO,CAAC;IAEjB,6IAA6I;IAC7I,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,uFAAuF;IACvF,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,8DAA8D;IAC9D,SAAS,CAAC,EAAE,WAAW,CAAC;IAExB,2HAA2H;IAC3H,gBAAgB,CAAC,EAAE;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;KACvB,CAAC;IAEF,qFAAqF;IACrF,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;CACnC,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { V1ClusterRole, V1ClusterRoleBinding, V1Deployment, V1MutatingWebhookConfiguration, V1Namespace, V1NetworkPolicy, V1Secret, V1Service, V1ServiceAccount } from "@kubernetes/client-node";
|
|
2
|
+
import { V1ClusterRole, V1ClusterRoleBinding, V1Deployment, V1MutatingWebhookConfiguration, V1Namespace, V1NetworkPolicy, V1RuleWithOperations, V1Secret, V1Service, V1ServiceAccount } from "@kubernetes/client-node";
|
|
3
3
|
import { ModuleConfig } from "../types";
|
|
4
4
|
import { TLSOut } from "./tls";
|
|
5
5
|
export declare class Webhook {
|
|
@@ -22,14 +22,15 @@ export declare class Webhook {
|
|
|
22
22
|
clusterRoleBinding(): V1ClusterRoleBinding;
|
|
23
23
|
serviceAccount(): V1ServiceAccount;
|
|
24
24
|
tlsSecret(): V1Secret;
|
|
25
|
-
|
|
25
|
+
generateWebhookRules(path: string): Promise<V1RuleWithOperations[]>;
|
|
26
|
+
mutatingWebhook(path: string, timeoutSeconds?: number): Promise<V1MutatingWebhookConfiguration>;
|
|
26
27
|
deployment(hash: string): V1Deployment;
|
|
27
28
|
/** Only permit the kube-system ns ingress access to the controller */
|
|
28
29
|
networkPolicy(): V1NetworkPolicy;
|
|
29
30
|
service(): V1Service;
|
|
30
31
|
moduleSecret(data: Buffer, hash: string): V1Secret;
|
|
31
32
|
zarfYaml(path: string): string;
|
|
32
|
-
allYaml(
|
|
33
|
-
deploy(
|
|
33
|
+
allYaml(path: string): Promise<string>;
|
|
34
|
+
deploy(path: string, webhookTimeout?: number): Promise<void>;
|
|
34
35
|
}
|
|
35
36
|
//# sourceMappingURL=webhook.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhook.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/webhook.ts"],"names":[],"mappings":";AAGA,OAAO,EASL,aAAa,EACb,oBAAoB,EACpB,YAAY,EAEZ,8BAA8B,EAC9B,WAAW,EACX,eAAe,EACf,QAAQ,EACR,SAAS,EACT,gBAAgB,EAEjB,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"webhook.d.ts","sourceRoot":"","sources":["../../../src/lib/k8s/webhook.ts"],"names":[],"mappings":";AAGA,OAAO,EASL,aAAa,EACb,oBAAoB,EACpB,YAAY,EAEZ,8BAA8B,EAC9B,WAAW,EACX,eAAe,EACf,oBAAoB,EACpB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAEjB,MAAM,yBAAyB,CAAC;AAQjC,OAAO,EAA6B,YAAY,EAAE,MAAM,UAAU,CAAC;AACnE,OAAO,EAAE,MAAM,EAAU,MAAM,OAAO,CAAC;AAQvC,qBAAa,OAAO;IAUN,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAgB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;IATzE,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,IAAI,CAAS;IAEd,KAAK,EAAE,MAAM,CAAC;IAErB,IAAW,GAAG,IAAI,MAAM,CAEvB;gBAE4B,MAAM,EAAE,YAAY,EAAmB,IAAI,CAAC,oBAAQ;IASjF,yCAAyC;IACzC,SAAS,IAAI,WAAW;IAQxB;;;;;OAKG;IACH,WAAW,IAAI,aAAa;IAgB5B,kBAAkB,IAAI,oBAAoB;IAqB1C,cAAc,IAAI,gBAAgB;IAWlC,SAAS,IAAI,QAAQ;IAgBrB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAwF7D,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,SAAK,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAyDjG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY;IAyFtC,sEAAsE;IACtE,aAAa,IAAI,eAAe;IAsChC,OAAO,IAAI,SAAS;IAsBpB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,QAAQ;IAkBlD,QAAQ,CAAC,IAAI,EAAE,MAAM;IA2Bf,OAAO,CAAC,IAAI,EAAE,MAAM;IAyBpB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,MAAM;CA6InD"}
|