puls-dev 0.2.1 → 0.2.3

package/dist/providers/gcp/clouddns.js

@@ -0,0 +1,284 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+import { gcpFetch, getProjectId } from "./api.js";
+const DNS_BASE = "https://dns.googleapis.com";
+function cleanZoneId(domain) {
+    return domain
+        .toLowerCase()
+        .replace(/[^a-z0-9]/g, "-")
+        .replace(/-+/g, "-")
+        .replace(/^-|-$/g, "");
+}
+function formatRecordName(name, zoneDnsName) {
+    const cleanZone = zoneDnsName.endsWith(".") ? zoneDnsName : `${zoneDnsName}.`;
+    if (!name || name === "@") {
+        return cleanZone;
+    }
+    if (name.endsWith(cleanZone)) {
+        return name;
+    }
+    if (name.endsWith(cleanZone.slice(0, -1))) {
+        return `${name}.`;
+    }
+    const cleanName = name.endsWith(".") ? name.slice(0, -1) : name;
+    return `${cleanName}.${cleanZone}`;
+}
+export class GCPCloudDNSZoneBuilder extends BaseBuilder {
+    zoneName;
+    out = {
+        zone: new Output(),
+    };
+    cleanZoneName;
+    zoneId;
+    records = [];
+    constructor(zoneName) {
+        super(zoneName);
+        this.zoneName = zoneName;
+        const clean = zoneName.toLowerCase();
+        this.cleanZoneName = clean.endsWith(".") ? clean : `${clean}.`;
+        this.zoneId = cleanZoneId(zoneName);
+        this.discoveryPromise = this.discoverZone();
+    }
+    async discoverZone() {
+        try {
+            const project = getProjectId();
+            const zone = await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${this.zoneId}`);
+            if (zone) {
+                this.out.zone.resolve({ name: this.zoneName, id: this.zoneId });
+            }
+            return zone;
+        }
+        catch (e) {
+            if (e.message?.includes("404") ||
+                e.message?.includes("403") ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    record(name, type, value, ttl = 300) {
+        this.records.push({ name, type, value, ttl });
+        return this;
+    }
+    pointer(name, target) {
+        this.records.push({ name, type: "A", value: target, ttl: 300 });
+        return this;
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const existing = await this.discoveryPromise;
+        console.log(`\n🗺️  Finalizing GCP Cloud DNS Zone "${this.zoneId}"...`);
+        if (!existing) {
+            if (dryRun) {
+                console.log(`   📝 [PLAN] Create managed zone "${this.zoneId}" (dnsName: ${this.cleanZoneName})`);
+            }
+            else {
+                await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones`, {
+                    method: "POST",
+                    body: JSON.stringify({
+                        name: this.zoneId,
+                        dnsName: this.cleanZoneName,
+                        description: "Managed by Puls",
+                        visibility: "public",
+                    }),
+                });
+                console.log(`🚀 Created managed zone "${this.zoneId}" (dnsName: ${this.cleanZoneName})`);
+            }
+        }
+        else {
+            console.log(`   ✅ Managed zone "${this.zoneId}" exists`);
+        }
+        this.out.zone.resolve({ name: this.zoneName, id: this.zoneId });
+        // 1. Resolve values of all records
+        const resolvedRecords = [];
+        for (const r of this.records) {
+            let data;
+            let type = r.type;
+            if (r.value instanceof Output) {
+                data = await r.value.get();
+            }
+            else if (typeof r.value === "object" && r.value !== null) {
+                const targetObj = r.value;
+                let targetVal = null;
+                if ("url" in targetObj && typeof targetObj.url === "string") {
+                    targetVal = targetObj.url;
+                }
+                else if ("resolvedUrl" in targetObj && typeof targetObj.resolvedUrl === "string") {
+                    targetVal = targetObj.resolvedUrl;
+                }
+                else if (typeof targetObj.getPublicIp === "function") {
+                    targetVal = await targetObj.getPublicIp();
+                }
+                else if ("resolvedIp" in targetObj && typeof targetObj.resolvedIp === "string") {
+                    targetVal = targetObj.resolvedIp;
+                }
+                else if ("ip" in targetObj && typeof targetObj.ip === "string") {
+                    targetVal = targetObj.ip;
+                }
+                else if (typeof targetObj.deploy === "function") {
+                    const deployRes = await targetObj.deploy();
+                    if (deployRes && typeof deployRes === "object") {
+                        targetVal = deployRes.url ?? deployRes.ip ?? deployRes.publicIp ?? null;
+                    }
+                }
+                data = targetVal ?? `[alias: ${targetObj.name ?? "unknown"}]`;
+            }
+            else {
+                data = r.value;
+            }
+            // Convert HTTP/HTTPS target urls for CNAME conversion
+            if (data.startsWith("http://") || data.startsWith("https://")) {
+                data = data.replace(/^https?:\/\//, "").split("/")[0].split(":")[0];
+                if (type === "A") {
+                    type = "CNAME";
+                }
+            }
+            // Automatically append trailing dot to CNAME, MX, NS targets if they don't have one and are not IPs
+            const isIp = /^[0-9.]+$/.test(data) || data.includes(":");
+            if ((type === "CNAME" || type === "MX" || type === "NS") && !isIp && !data.endsWith(".")) {
+                data = `${data}.`;
+            }
+            // Auto-quote TXT/SPF values
+            if ((type === "TXT" || type === "SPF") && !data.startsWith('"')) {
+                data = `"${data}"`;
+            }
+            resolvedRecords.push({
+                name: formatRecordName(r.name, this.cleanZoneName),
+                type,
+                value: data,
+                ttl: r.ttl ?? 300,
+            });
+        }
+        // 2. Group resolved records by name:type to form ResourceRecordSets
+        const declaredRrsetsMap = new Map();
+        for (const r of resolvedRecords) {
+            const key = `${r.name}:${r.type}`;
+            const existingRrset = declaredRrsetsMap.get(key);
+            if (existingRrset) {
+                if (!existingRrset.rrdatas.includes(r.value)) {
+                    existingRrset.rrdatas.push(r.value);
+                }
+                // Keep the minimum TTL or default
+                existingRrset.ttl = Math.min(existingRrset.ttl, r.ttl);
+            }
+            else {
+                declaredRrsetsMap.set(key, {
+                    name: r.name,
+                    type: r.type,
+                    ttl: r.ttl,
+                    rrdatas: [r.value],
+                });
+            }
+        }
+        // Sort rrdatas of declared sets to enable stable comparison
+        for (const rrset of declaredRrsetsMap.values()) {
+            rrset.rrdatas.sort();
+        }
+        // 3. Fetch existing rrsets from the zone
+        let existingRrsets = [];
+        if (existing) {
+            try {
+                const res = await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${this.zoneId}/rrsets`);
+                existingRrsets = res.rrsets ?? [];
+            }
+            catch (err) {
+                existingRrsets = [];
+            }
+        }
+        const existingRrsetsMap = new Map();
+        for (const r of existingRrsets) {
+            existingRrsetsMap.set(`${r.name}:${r.type}`, r);
+        }
+        const additions = [];
+        const deletions = [];
+        // 4. Compute additions and deletions transactionally
+        for (const [key, dec] of declaredRrsetsMap.entries()) {
+            const ext = existingRrsetsMap.get(key);
+            if (!ext) {
+                // Brand new record set
+                additions.push(dec);
+                console.log(`   📝 [PLAN] Create ${dec.type} record: ${dec.name} → ${JSON.stringify(dec.rrdatas)} (TTL: ${dec.ttl})`);
+            }
+            else {
+                const sortedExtRrdatas = [...(ext.rrdatas ?? [])].sort();
+                const rrdatasMatch = JSON.stringify(sortedExtRrdatas) === JSON.stringify(dec.rrdatas);
+                const ttlMatch = ext.ttl === dec.ttl;
+                if (rrdatasMatch && ttlMatch) {
+                    console.log(`   ✅ ${dec.type} record ${dec.name} is up to date`);
+                }
+                else {
+                    // Transactional modification: delete old and add new
+                    deletions.push(ext);
+                    additions.push(dec);
+                    console.log(`   📝 [PLAN] Update ${dec.type} record: ${dec.name} → ${JSON.stringify(dec.rrdatas)} (was ${JSON.stringify(ext.rrdatas)})`);
+                }
+            }
+        }
+        // 5. Submit transactional change if any additions or deletions
+        if ((additions.length > 0 || deletions.length > 0) && !dryRun) {
+            await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${this.zoneId}/changes`, {
+                method: "POST",
+                body: JSON.stringify({
+                    additions,
+                    deletions,
+                }),
+            });
+            console.log(`   🔄 Submitted transactional record updates to zone "${this.zoneId}"`);
+        }
+        await this.deploySidecars();
+        return {
+            zone: this.zoneName,
+            id: this.zoneId,
+            records: Array.from(declaredRrsetsMap.values()),
+        };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const zoneId = this.zoneId;
+        console.log(`\n🗑️  Destroying GCP Cloud DNS Zone "${zoneId}"...`);
+        const existing = await this.discoverZone();
+        if (!existing) {
+            console.log(`   ✅ Zone "${zoneId}" does not exist - nothing to do.`);
+            return { destroyed: zoneId };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Delete managed zone "${zoneId}"`);
+            return { destroyed: zoneId };
+        }
+        // 1. Fetch existing rrsets to clear non-default records
+        let existingRrsets = [];
+        try {
+            const res = await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${zoneId}/rrsets`);
+            existingRrsets = res.rrsets ?? [];
+        }
+        catch {
+            // If fetching fails, we'll try to delete anyway
+        }
+        // 2. Filter out default apex NS and SOA records
+        const deletableRrsets = existingRrsets.filter((r) => {
+            const isApex = r.name === this.cleanZoneName;
+            const isDefaultType = r.type === "NS" || r.type === "SOA";
+            return !(isApex && isDefaultType);
+        });
+        // 3. Delete non-default records transactionally
+        if (deletableRrsets.length > 0) {
+            console.log(`   🔄 Deleting ${deletableRrsets.length} non-default records...`);
+            await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${zoneId}/changes`, {
+                method: "POST",
+                body: JSON.stringify({
+                    deletions: deletableRrsets,
+                }),
+            });
+        }
+        // 4. Delete the managed zone
+        await gcpFetch(DNS_BASE, `/dns/v1/projects/${project}/managedZones/${zoneId}`, {
+            method: "DELETE",
+        });
+        console.log(`   ✅ Managed zone "${zoneId}" deleted.`);
+        await this.destroySidecars();
+        return { destroyed: zoneId };
+    }
+}

package/dist/providers/gcp/clouddns.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/gcp/clouddns.test.js

@@ -0,0 +1,259 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { GoogleAuth } from "google-auth-library";
+import { GCPCloudDNSZoneBuilder } from "./clouddns.js";
+import { Config } from "../../core/config.js";
+import { Output } from "../../core/output.js";
+describe("GCPCloudDNSZoneBuilder Unit Tests", () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-central1",
+                },
+            },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? "GET";
+            let body;
+            if (init?.body) {
+                if (typeof init.body === "string") {
+                    try {
+                        body = JSON.parse(init.body);
+                    }
+                    catch {
+                        body = init.body;
+                    }
+                }
+                else {
+                    body = "[Binary/Buffer Body]";
+                }
+            }
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses)
+                .filter((key) => {
+                const [mMethod, mPath] = key.split(" ");
+                return method === mMethod && url.includes(mPath);
+            })
+                .sort((a, b) => b.split(" ")[1].length - a.split(" ")[1].length)[0];
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ error: { message: `Endpoint not mocked: ${method} ${url}` } }),
+                text: async () => `Endpoint not mocked: ${method} ${url}`,
+            };
+        };
+        mock.method(GoogleAuth.prototype, "getClient", async () => {
+            return {
+                getAccessToken: async () => ({ token: "fake-gcp-token" }),
+            };
+        });
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    test("initializes names and normalizes zone ID correctly", () => {
+        const builder = new GCPCloudDNSZoneBuilder("My-Awesome-Domain.com.");
+        assert.strictEqual(builder.cleanZoneName, "my-awesome-domain.com.");
+        assert.strictEqual(builder.zoneId, "my-awesome-domain-com");
+    });
+    test("runs in dry-run mode safely and logs plans without modifying resources", async () => {
+        Config.set({
+            dryRun: true,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                },
+            },
+        });
+        mockResponses["GET /managedZones/dryrun-com"] = {
+            status: 404,
+            body: { error: { message: "Not found" } },
+        };
+        const builder = new GCPCloudDNSZoneBuilder("dryrun.com")
+            .record("www", "A", "1.2.3.4")
+            .record("api", "CNAME", "api-backend.com")
+            .record("@", "TXT", "v=spf1 include:_spf.google.com ~all");
+        const result = await builder.deploy();
+        assert.strictEqual(result.zone, "dryrun.com");
+        assert.strictEqual(result.id, "dryrun-com");
+        assert.strictEqual(result.records.length, 3);
+        // Verify dry-run outputs are correct and no write calls are sent
+        const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+        assert.strictEqual(writeCalls.length, 0);
+        const wwwRec = result.records.find((r) => r.name === "www.dryrun.com.");
+        assert.ok(wwwRec);
+        assert.strictEqual(wwwRec.type, "A");
+        assert.deepStrictEqual(wwwRec.rrdatas, ["1.2.3.4"]);
+        const txtRec = result.records.find((r) => r.name === "dryrun.com.");
+        assert.ok(txtRec);
+        assert.strictEqual(txtRec.type, "TXT");
+        assert.deepStrictEqual(txtRec.rrdatas, ['"v=spf1 include:_spf.google.com ~all"']); // Auto-quoted!
+    });
+    test("creates a new managed zone when missing and submits records", async () => {
+        // 1. Zone doesn't exist yet
+        mockResponses["GET /managedZones/new-zone-com"] = {
+            status: 404,
+            body: { error: { message: "Not found" } },
+        };
+        // 2. Mock Managed Zone Creation POST
+        mockResponses["POST /managedZones"] = {
+            status: 200,
+            body: { name: "new-zone-com", dnsName: "new-zone.com." },
+        };
+        // 3. rrsets GET returns empty
+        mockResponses["GET /managedZones/new-zone-com/rrsets"] = {
+            status: 200,
+            body: { rrsets: [] },
+        };
+        // 4. changes POST
+        mockResponses["POST /managedZones/new-zone-com/changes"] = {
+            status: 200,
+            body: { status: "pending" },
+        };
+        const builder = new GCPCloudDNSZoneBuilder("new-zone.com")
+            .record("www", "CNAME", "lb.google.com")
+            .record("db", "A", "10.0.0.5", 60);
+        const result = await builder.deploy();
+        assert.strictEqual(result.id, "new-zone-com");
+        // Verify Managed Zone creation POST
+        const createZoneCall = fetchCalls.find((c) => c.method === "POST" && c.url.endsWith("/managedZones"));
+        assert.ok(createZoneCall);
+        assert.strictEqual(createZoneCall.body.name, "new-zone-com");
+        assert.strictEqual(createZoneCall.body.dnsName, "new-zone.com.");
+        // Verify record changes POST
+        const changeCall = fetchCalls.find((c) => c.method === "POST" && c.url.endsWith("/changes"));
+        assert.ok(changeCall);
+        assert.strictEqual(changeCall.body.additions.length, 2);
+        assert.strictEqual(changeCall.body.deletions.length, 0);
+        const cnameAdd = changeCall.body.additions.find((a) => a.type === "CNAME");
+        assert.ok(cnameAdd);
+        assert.strictEqual(cnameAdd.name, "www.new-zone.com.");
+        assert.deepStrictEqual(cnameAdd.rrdatas, ["lb.google.com."]); // Trailing dot auto-appended!
+    });
+    test("skips identical record sets, and transactionally updates out-of-date records", async () => {
+        // 1. Zone exists
+        mockResponses["GET /managedZones/sync-zone-com"] = {
+            status: 200,
+            body: { name: "sync-zone-com" },
+        };
+        // 2. rrsets GET returns existing records
+        mockResponses["GET /managedZones/sync-zone-com/rrsets"] = {
+            status: 200,
+            body: {
+                rrsets: [
+                    // Identical
+                    { name: "www.sync-zone.com.", type: "CNAME", ttl: 300, rrdatas: ["lb.google.com."] },
+                    // Differing TTL
+                    { name: "db.sync-zone.com.", type: "A", ttl: 300, rrdatas: ["10.0.0.5"] },
+                    // Differing Value
+                    { name: "mail.sync-zone.com.", type: "A", ttl: 300, rrdatas: ["1.1.1.1"] },
+                ],
+            },
+        };
+        mockResponses["POST /managedZones/sync-zone-com/changes"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPCloudDNSZoneBuilder("sync-zone.com")
+            .record("www", "CNAME", "lb.google.com", 300) // Identical
+            .record("db", "A", "10.0.0.5", 60) // Changed TTL (300 -> 60)
+            .record("mail", "A", "2.2.2.2", 300); // Changed Value (1.1.1.1 -> 2.2.2.2)
+        await builder.deploy();
+        const changeCall = fetchCalls.find((c) => c.method === "POST" && c.url.endsWith("/changes"));
+        assert.ok(changeCall);
+        // additions should have db (new TTL) and mail (new value)
+        assert.strictEqual(changeCall.body.additions.length, 2);
+        // deletions should have old db and old mail
+        assert.strictEqual(changeCall.body.deletions.length, 2);
+        const oldMail = changeCall.body.deletions.find((d) => d.name === "mail.sync-zone.com.");
+        assert.ok(oldMail);
+        assert.deepStrictEqual(oldMail.rrdatas, ["1.1.1.1"]);
+        const newMail = changeCall.body.additions.find((a) => a.name === "mail.sync-zone.com.");
+        assert.ok(newMail);
+        assert.deepStrictEqual(newMail.rrdatas, ["2.2.2.2"]);
+    });
+    test("resolves pointers to other builders, converting to CNAME and stripping protocols", async () => {
+        mockResponses["GET /managedZones/pointers-com"] = {
+            status: 200,
+            body: { name: "pointers-com" },
+        };
+        mockResponses["GET /managedZones/pointers-com/rrsets"] = { status: 200, body: { rrsets: [] } };
+        mockResponses["POST /managedZones/pointers-com/changes"] = { status: 200, body: {} };
+        // Let's mock a target builder that resolves to a URL (e.g. Cloud Run microservice)
+        const mockCloudRun = {
+            name: "frontend-srv",
+            url: "https://frontend-srv-xyz.a.run.app",
+        };
+        // Let's mock another target that is an Output resolving to an IP
+        const ipOutput = new Output();
+        ipOutput.resolve("123.45.67.89");
+        const builder = new GCPCloudDNSZoneBuilder("pointers.com")
+            .pointer("app", mockCloudRun)
+            .pointer("api", ipOutput);
+        const result = await builder.deploy();
+        const appRec = result.records.find((r) => r.name === "app.pointers.com.");
+        assert.ok(appRec);
+        // Dynamic CNAME conversion from HTTP URL target!
+        assert.strictEqual(appRec.type, "CNAME");
+        assert.deepStrictEqual(appRec.rrdatas, ["frontend-srv-xyz.a.run.app."]); // Stripped https://, appended trailing dot!
+        const apiRec = result.records.find((r) => r.name === "api.pointers.com.");
+        assert.ok(apiRec);
+        // Standard A record for plain IP output!
+        assert.strictEqual(apiRec.type, "A");
+        assert.deepStrictEqual(apiRec.rrdatas, ["123.45.67.89"]);
+    });
+    test("destroys zone successfully, removing non-default records first", async () => {
+        mockResponses["GET /managedZones/to-delete-com"] = {
+            status: 200,
+            body: { name: "to-delete-com" },
+        };
+        mockResponses["GET /managedZones/to-delete-com/rrsets"] = {
+            status: 200,
+            body: {
+                rrsets: [
+                    { name: "to-delete.com.", type: "NS", rrdatas: ["ns-cloud-a1.google.com."] }, // apex NS (default)
+                    { name: "to-delete.com.", type: "SOA", rrdatas: ["ns-cloud-a1.google.com. host.google.com."] }, // apex SOA (default)
+                    { name: "www.to-delete.com.", type: "A", rrdatas: ["1.2.3.4"] }, // non-default
+                    { name: "api.to-delete.com.", type: "CNAME", rrdatas: ["lb.google.com."] }, // non-default
+                ],
+            },
+        };
+        mockResponses["POST /managedZones/to-delete-com/changes"] = { status: 200, body: {} };
+        mockResponses["DELETE /managedZones/to-delete-com"] = { status: 200, body: {} };
+        const builder = new GCPCloudDNSZoneBuilder("to-delete.com");
+        await builder.destroy();
+        // Verify non-default records deletion POST
+        const changeCall = fetchCalls.find((c) => c.method === "POST" && c.url.endsWith("/changes"));
+        assert.ok(changeCall);
+        assert.strictEqual(changeCall.body.deletions.length, 2); // only www and api
+        const deletedNames = changeCall.body.deletions.map((d) => d.name);
+        assert.ok(deletedNames.includes("www.to-delete.com."));
+        assert.ok(deletedNames.includes("api.to-delete.com."));
+        // Verify Zone DELETE
+        const deleteCall = fetchCalls.find((c) => c.method === "DELETE" && c.url.endsWith("/managedZones/to-delete-com"));
+        assert.ok(deleteCall);
+    });
+});

package/dist/providers/gcp/cloudrun.d.ts

@@ -0,0 +1,31 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { GCPSecretBuilder } from "./secrets.js";
+export declare class GCPCloudRunBuilder extends BaseBuilder {
+    private _image?;
+    private _port;
+    private _cpu;
+    private _memory;
+    private _minInstances?;
+    private _maxInstances?;
+    private _env;
+    private _region?;
+    private _public;
+    constructor(serviceId: string);
+    image(img: string): this;
+    port(p: number): this;
+    cpu(c: string | number): this;
+    memory(m: string | number): this;
+    minInstances(n: number): this;
+    maxInstances(n: number): this;
+    env(vars: Record<string, string | GCPSecretBuilder>): this;
+    region(reg: string): this;
+    public(enabled?: boolean): this;
+    private discoverService;
+    deploy(): Promise<{
+        serviceId: string;
+        url: any;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}