puls-dev 0.2.0 → 0.2.2

package/dist/providers/gcp/pubsub.test.js

@@ -0,0 +1,244 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { GoogleAuth } from "google-auth-library";
+import { GCPPubSubTopicBuilder, GCPPubSubSubscriptionBuilder } from "./pubsub.js";
+import { Config } from "../../core/config.js";
+describe("GCPPubSub Unit Tests", () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                },
+            },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? "GET";
+            let body;
+            if (init?.body) {
+                if (typeof init.body === "string") {
+                    try {
+                        body = JSON.parse(init.body);
+                    }
+                    catch {
+                        body = init.body;
+                    }
+                }
+                else {
+                    body = "[Binary/Buffer Body]";
+                }
+            }
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses)
+                .filter((key) => {
+                const [mMethod, mPath] = key.split(" ");
+                return method === mMethod && url.includes(mPath);
+            })
+                .sort((a, b) => b.split(" ")[1].length - a.split(" ")[1].length)[0];
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ message: `Endpoint not mocked: ${method} ${url}` }),
+                text: async () => `Endpoint not mocked: ${method} ${url}`,
+            };
+        };
+        mock.method(GoogleAuth.prototype, "getClient", async () => {
+            return {
+                getAccessToken: async () => ({ token: "fake-gcp-token" }),
+            };
+        });
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    describe("GCPPubSubTopicBuilder", () => {
+        test("runs in dry-run mode safely and logs plans", async () => {
+            Config.set({
+                dryRun: true,
+            });
+            mockResponses["GET /topics/dryrun-topic"] = {
+                status: 404,
+                body: {},
+            };
+            const builder = new GCPPubSubTopicBuilder("dryrun-topic");
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "dryrun-topic");
+            assert.strictEqual(result.topicName, "projects/my-gcp-project/topics/dryrun-topic");
+            const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+            assert.strictEqual(writeCalls.length, 0);
+        });
+        test("creates a new topic when missing", async () => {
+            mockResponses["GET /topics/new-topic"] = {
+                status: 404,
+                body: {},
+            };
+            mockResponses["PUT /topics/new-topic"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/topics/new-topic" },
+            };
+            const builder = new GCPPubSubTopicBuilder("new-topic");
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "new-topic");
+            assert.strictEqual(result.topicName, "projects/my-gcp-project/topics/new-topic");
+            const putCall = fetchCalls.find((c) => c.method === "PUT" && c.url.includes("/topics/new-topic"));
+            assert.ok(putCall);
+        });
+        test("skips creation if topic already exists", async () => {
+            mockResponses["GET /topics/exist-topic"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/topics/exist-topic" },
+            };
+            const builder = new GCPPubSubTopicBuilder("exist-topic");
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "exist-topic");
+            assert.strictEqual(result.topicName, "projects/my-gcp-project/topics/exist-topic");
+            const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+            assert.strictEqual(writeCalls.length, 0);
+        });
+        test("destroys an existing topic successfully", async () => {
+            mockResponses["GET /topics/delete-topic"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/topics/delete-topic" },
+            };
+            mockResponses["DELETE /topics/delete-topic"] = {
+                status: 200,
+                body: {},
+            };
+            const builder = new GCPPubSubTopicBuilder("delete-topic");
+            const result = await builder.destroy();
+            assert.deepStrictEqual(result, { destroyed: "delete-topic" });
+            const deleteCall = fetchCalls.find((c) => c.method === "DELETE" && c.url.includes("/topics/delete-topic"));
+            assert.ok(deleteCall);
+        });
+    });
+    describe("GCPPubSubSubscriptionBuilder", () => {
+        test("fluent builder api sets properties and binds topic references", () => {
+            const topic = new GCPPubSubTopicBuilder("my-t");
+            topic.resolvedTopicName = "projects/my-gcp-project/topics/my-t";
+            const builder = new GCPPubSubSubscriptionBuilder("my-sub")
+                .topic(topic)
+                .pushEndpoint("https://my-endpoint.com/push")
+                .ackDeadline(30);
+            assert.strictEqual(builder._topic, topic);
+            assert.strictEqual(builder._pushEndpoint, "https://my-endpoint.com/push");
+            assert.strictEqual(builder._ackDeadlineSeconds, 30);
+        });
+        test("creates pull subscription when missing", async () => {
+            mockResponses["GET /subscriptions/new-pull-sub"] = {
+                status: 404,
+                body: {},
+            };
+            mockResponses["PUT /subscriptions/new-pull-sub"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/subscriptions/new-pull-sub" },
+            };
+            const builder = new GCPPubSubSubscriptionBuilder("new-pull-sub")
+                .topic("my-t")
+                .ackDeadline(20);
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "new-pull-sub");
+            assert.strictEqual(result.subscriptionName, "projects/my-gcp-project/subscriptions/new-pull-sub");
+            const putCall = fetchCalls.find((c) => c.method === "PUT" && c.url.includes("/subscriptions/new-pull-sub"));
+            assert.ok(putCall);
+            assert.strictEqual(putCall.body.topic, "projects/my-gcp-project/topics/my-t");
+            assert.deepStrictEqual(putCall.body.pushConfig, {});
+            assert.strictEqual(putCall.body.ackDeadlineSeconds, 20);
+        });
+        test("creates push subscription when missing", async () => {
+            mockResponses["GET /subscriptions/new-push-sub"] = {
+                status: 404,
+                body: {},
+            };
+            mockResponses["PUT /subscriptions/new-push-sub"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/subscriptions/new-push-sub" },
+            };
+            const builder = new GCPPubSubSubscriptionBuilder("new-push-sub")
+                .topic("my-t")
+                .pushEndpoint("https://my-app.run.app/push");
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "new-push-sub");
+            const putCall = fetchCalls.find((c) => c.method === "PUT" && c.url.includes("/subscriptions/new-push-sub"));
+            assert.ok(putCall);
+            assert.strictEqual(putCall.body.pushConfig.pushEndpoint, "https://my-app.run.app/push");
+        });
+        test("patches subscription if endpoints differ", async () => {
+            mockResponses["GET /subscriptions/existing-sub"] = {
+                status: 200,
+                body: {
+                    name: "projects/my-gcp-project/subscriptions/existing-sub",
+                    topic: "projects/my-gcp-project/topics/my-t",
+                    pushConfig: { pushEndpoint: "https://old-endpoint.com" },
+                    ackDeadlineSeconds: 10,
+                },
+            };
+            mockResponses["PATCH /subscriptions/existing-sub"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/subscriptions/existing-sub" },
+            };
+            const builder = new GCPPubSubSubscriptionBuilder("existing-sub")
+                .topic("my-t")
+                .pushEndpoint("https://new-endpoint.com"); // endpoint changed!
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "existing-sub");
+            const patchCall = fetchCalls.find((c) => c.method === "PATCH" && c.url.includes("/subscriptions/existing-sub"));
+            assert.ok(patchCall);
+            assert.strictEqual(patchCall.body.subscription.pushConfig.pushEndpoint, "https://new-endpoint.com");
+            assert.strictEqual(patchCall.body.updateMask, "topic,pushConfig,ackDeadlineSeconds");
+        });
+        test("skips patching if identical", async () => {
+            mockResponses["GET /subscriptions/ident-sub"] = {
+                status: 200,
+                body: {
+                    name: "projects/my-gcp-project/subscriptions/ident-sub",
+                    topic: "projects/my-gcp-project/topics/my-t",
+                    pushConfig: { pushEndpoint: "https://endpoint.com" },
+                    ackDeadlineSeconds: 20,
+                },
+            };
+            const builder = new GCPPubSubSubscriptionBuilder("ident-sub")
+                .topic("my-t")
+                .pushEndpoint("https://endpoint.com")
+                .ackDeadline(20);
+            const result = await builder.deploy();
+            assert.strictEqual(result.name, "ident-sub");
+            const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+            assert.strictEqual(writeCalls.length, 0);
+        });
+        test("destroys an existing subscription successfully", async () => {
+            mockResponses["GET /subscriptions/delete-sub"] = {
+                status: 200,
+                body: { name: "projects/my-gcp-project/subscriptions/delete-sub" },
+            };
+            mockResponses["DELETE /subscriptions/delete-sub"] = {
+                status: 200,
+                body: {},
+            };
+            const builder = new GCPPubSubSubscriptionBuilder("delete-sub");
+            const result = await builder.destroy();
+            assert.deepStrictEqual(result, { destroyed: "delete-sub" });
+            const deleteCall = fetchCalls.find((c) => c.method === "DELETE" && c.url.includes("/subscriptions/delete-sub"));
+            assert.ok(deleteCall);
+        });
+    });
+});

package/dist/providers/gcp/secrets.d.ts

@@ -0,0 +1,21 @@
+import { BaseBuilder } from "../../core/resource.js";
+export declare class GCPSecretBuilder extends BaseBuilder {
+    private _value?;
+    resolvedValue: string | null;
+    resolvedArn: string | null;
+    constructor(secretId: string);
+    private fetchSecret;
+    awaitValue(): Promise<string | null>;
+    plainText(v: string): this;
+    keyValue(obj: object): this;
+    deploy(): Promise<{
+        name: string;
+        arn: string | null;
+        value: string | null;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+    private discoverSecretMetadata;
+}
+export declare function resolveGCPEnvVars(env: Record<string, string | GCPSecretBuilder>, isDryRun?: boolean): Promise<Record<string, string>>;

package/dist/providers/gcp/secrets.js

@@ -0,0 +1,187 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { gcpFetch, getProjectId } from "./api.js";
+const SECRET_BASE = "https://secretmanager.googleapis.com";
+export class GCPSecretBuilder extends BaseBuilder {
+    _value;
+    resolvedValue = null;
+    resolvedArn = null;
+    constructor(secretId) {
+        super(secretId);
+        this.discoveryPromise = this.fetchSecret(secretId);
+    }
+    async fetchSecret(secretId) {
+        try {
+            const project = getProjectId();
+            // 1. Fetch metadata first to see if secret exists
+            const secret = await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${secretId}`);
+            this.resolvedArn = secret.name ?? null;
+            // 2. Fetch the latest secret value payload
+            try {
+                const payload = await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${secretId}/versions/latest:access`);
+                if (payload.payload?.data) {
+                    this.resolvedValue = Buffer.from(payload.payload.data, "base64").toString("utf8");
+                }
+            }
+            catch (err) {
+                // If version access fails (e.g. no versions created yet), keep resolvedValue as null
+            }
+            return secret;
+        }
+        catch (e) {
+            if (e.message?.includes("404") ||
+                e.message?.includes("403") ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async awaitValue() {
+        await this.discoveryPromise;
+        return this.resolvedValue;
+    }
+    plainText(v) {
+        this._value = v;
+        return this;
+    }
+    keyValue(obj) {
+        this._value = JSON.stringify(obj);
+        return this;
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const secretId = this.name;
+        const existing = await this.discoveryPromise;
+        console.log(`\n🔐 Finalizing GCP Secret "${secretId}"...`);
+        if (dryRun) {
+            if (existing) {
+                console.log(`   ✅ Secret "${secretId}" exists`);
+                if (this.resolvedValue !== null) {
+                    console.log(`   💬 Value: ${this.resolvedValue}`);
+                }
+                if (this._value) {
+                    console.log(`   📝 [PLAN] Update secret value`);
+                }
+            }
+            else {
+                console.log(`   📝 [PLAN] Create secret "${secretId}"`);
+            }
+            // Populate planned value for other builders to resolve during dry-run
+            this.resolvedValue = this._value ?? null;
+            return {
+                name: secretId,
+                arn: this.resolvedArn,
+                value: this.resolvedValue,
+            };
+        }
+        if (!existing) {
+            if (!this._value) {
+                console.log(`   ⚠️  Secret "${secretId}" does not exist - add .plainText() or .keyValue() to create it`);
+                return { name: secretId, arn: null, value: null };
+            }
+            // Create secret container
+            const secret = await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets?secretId=${secretId}`, {
+                method: "POST",
+                body: JSON.stringify({
+                    replication: {
+                        automatic: {},
+                    },
+                }),
+            });
+            this.resolvedArn = secret.name ?? null;
+            // Add secret version payload
+            const base64Data = Buffer.from(this._value, "utf8").toString("base64");
+            await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${secretId}:addVersion`, {
+                method: "POST",
+                body: JSON.stringify({
+                    payload: {
+                        data: base64Data,
+                    },
+                }),
+            });
+            this.resolvedValue = this._value;
+            console.log(`🚀 Created secret "${secretId}"`);
+        }
+        else {
+            console.log(`   ✅ Secret "${secretId}" exists`);
+            if (this.resolvedValue !== null) {
+                console.log(`   💬 Value: ${this.resolvedValue}`);
+            }
+            if (this._value && this._value !== this.resolvedValue) {
+                const base64Data = Buffer.from(this._value, "utf8").toString("base64");
+                await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${secretId}:addVersion`, {
+                    method: "POST",
+                    body: JSON.stringify({
+                        payload: {
+                            data: base64Data,
+                        },
+                    }),
+                });
+                this.resolvedValue = this._value;
+                console.log(`   ✅ Updated secret value`);
+            }
+        }
+        await this.deploySidecars();
+        return {
+            name: secretId,
+            arn: this.resolvedArn,
+            value: this.resolvedValue,
+        };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const secretId = this.name;
+        console.log(`\n🗑️  Destroying GCP Secret "${secretId}"...`);
+        const existing = await this.discoverSecretMetadata();
+        if (!existing) {
+            console.log(`   ✅ Secret "${secretId}" does not exist - nothing to do.`);
+            return { destroyed: secretId };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Delete secret "${secretId}"`);
+            return { destroyed: secretId };
+        }
+        await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${secretId}`, {
+            method: "DELETE",
+        });
+        console.log(`   ✅ Secret "${secretId}" deleted.`);
+        await this.destroySidecars();
+        return { destroyed: secretId };
+    }
+    async discoverSecretMetadata() {
+        try {
+            const project = getProjectId();
+            return await gcpFetch(SECRET_BASE, `/v1/projects/${project}/secrets/${this.name}`);
+        }
+        catch (e) {
+            if (e.message?.includes("404") ||
+                e.message?.includes("403") ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+}
+export async function resolveGCPEnvVars(env, isDryRun = false) {
+    const resolved = {};
+    for (const [k, v] of Object.entries(env)) {
+        if (v instanceof GCPSecretBuilder) {
+            await v.awaitValue();
+            let val = v.resolvedValue;
+            if (val === null && isDryRun) {
+                val = v._value ?? "DRYRUN_SECRET";
+            }
+            if (val === null) {
+                throw new Error(`Secret "${v.name}" has no value - create it first or call .plainText()/.keyValue() in the stack`);
+            }
+            resolved[k] = val;
+        }
+        else {
+            resolved[k] = v;
+        }
+    }
+    return resolved;
+}

package/dist/providers/gcp/secrets.test.d.ts

@@ -0,0 +1 @@
+export {};