puls-dev 0.2.8 → 0.3.0

package/dist/providers/aws/ec2.js

@@ -4,6 +4,7 @@ import { Output } from "../../core/output.js";
 import { getEC2Client } from "./api.js";
 import { checkPort, runProvisioner } from "../../core/provisioner.js";
 import { getFileHash } from "../proxmox/hash.js";
+import { resourceContextStorage } from "../../core/context.js";
 export class EC2VMBuilder extends BaseBuilder {
     out = {
         ip: new Output(),
@@ -11,6 +12,7 @@ export class EC2VMBuilder extends BaseBuilder {
     };
     _instanceType = "t3.micro";
     _ami = "ami-0c55b159cbfafe1f0"; // Default standard Ubuntu 22.04 LTS in us-east-1
+    _templateSource;
     _keyName;
     _subnetId;
     _securityGroupIds;
@@ -32,6 +34,11 @@ export class EC2VMBuilder extends BaseBuilder {
         this._ami = amiId;
         return this;
     }
+    fromTemplate(template) {
+        this._templateSource = template;
+        this.dependsOn(template);
+        return this;
+    }
     keyName(name) {
         this._keyName = name;
         return this;
@@ -126,9 +133,19 @@ export class EC2VMBuilder extends BaseBuilder {
         if (dryRun) {
             console.log(`\n🔍 [DRY RUN] AWS EC2 VM "${this.name}"...`);
             if (!existing) {
-                console.log(`   📝 Plan: Create EC2 Instance "${this.name}" (${this._instanceType} from AMI ${this._ami})`);
+                const sourceLabel = this._templateSource ? `Template: ${this._templateSource.name}` : `AMI ${this._ami}`;
+                console.log(`   📝 Plan: Create AWS EC2 Instance`);
+                const details = [
+                    `Name:          ${this.name}`,
+                    `Instance Type: ${this._instanceType}`,
+                    `Source:        ${sourceLabel}`,
+                ];
                 if (this._provision.length > 0) {
-                    console.log(`      └─ Provision: ${this._provision.join(", ")}`);
+                    details.push(`Provision:     ${this._provision.join(", ")}`);
+                }
+                for (let i = 0; i < details.length; i++) {
+                    const prefix = i === details.length - 1 ? "      └─ " : "      ├─ ";
+                    console.log(`${prefix}${details[i]}`);
                 }
                 this.out.id.resolve("PENDING");
                 this.out.ip.resolve("0.0.0.0");
@@ -156,9 +173,13 @@ export class EC2VMBuilder extends BaseBuilder {
                 initialHashes[p.slug] = p.hash;
             }
             const initialMetadataVal = mergeAwsTagsForProvision(initialHashes);
+            let activeAmi = this._ami;
+            if (this._templateSource) {
+                activeAmi = await this._templateSource.out.amiId.get();
+            }
             console.log(`🚀 Creating AWS EC2 VM Instance "${this.name}"...`);
             const result = await client.send(new RunInstancesCommand({
-                ImageId: this._ami,
+                ImageId: activeAmi,
                 InstanceType: this._instanceType,
                 MinCount: 1,
                 MaxCount: 1,
@@ -246,6 +267,19 @@ export class EC2VMBuilder extends BaseBuilder {
                 console.log(`   ✅ AWS EC2 VM "${this.name}" is up to date.`);
             }
         }
+        const context = resourceContextStorage.getStore();
+        if (context && context.hosts) {
+            const activeIp = this.resolvedIp ?? "0.0.0.0";
+            if (!context.hosts.some(h => h.name === this.name)) {
+                context.hosts.push({
+                    name: this.name,
+                    ip: activeIp,
+                    user: "ubuntu",
+                    sshKey: this._sshPrivateKeyPath,
+                    provider: "aws"
+                });
+            }
+        }
         await this.deploySidecars();
         return {
             name: this.name,

package/dist/providers/aws/ec2.test.js

@@ -92,9 +92,11 @@ describe("EC2VMBuilder Unit Tests", () => {
             assert.strictEqual(await vm.out.id.get(), "PENDING");
             assert.strictEqual(await vm.out.ip.get(), "0.0.0.0");
             assert.ok(logOutput.includes("🔍 [DRY RUN]"));
-            assert.ok(logOutput.includes("Plan: Create EC2 Instance \"dryrun-vm\""));
-            assert.ok(logOutput.includes("t3.medium from AMI ami-test123"));
-            assert.ok(logOutput.includes("playbooks/nginx.yaml"));
+            assert.ok(logOutput.includes("Plan: Create AWS EC2 Instance"));
+            assert.ok(logOutput.includes("Name:          dryrun-vm"));
+            assert.ok(logOutput.includes("Instance Type: t3.medium"));
+            assert.ok(logOutput.includes("Source:        AMI ami-test123"));
+            assert.ok(logOutput.includes("Provision:     playbooks/nginx.yaml"));
         }
         finally {
             console.log = originalLog;

package/dist/providers/aws/index.d.ts

@@ -11,6 +11,7 @@ import { IAMRoleBuilder, IAMPolicyBuilder } from "./iam.js";
 import { SNSTopicBuilder } from "./sns.js";
 import { CloudWatchAlarmBuilder } from "./cloudwatch.js";
 import { EC2VMBuilder } from "./ec2.js";
+import { EC2TemplateBuilder } from "./template.js";
 export declare const AWS: {
     init: (opts: {
         region: string;
@@ -29,5 +30,6 @@ export declare const AWS: {
     SNS: (name: string) => SNSTopicBuilder;
     Alarm: (name: string) => CloudWatchAlarmBuilder;
     EC2: (name: string) => EC2VMBuilder;
+    Template: (name: string) => EC2TemplateBuilder;
 };
 export * from "../../types/aws.js";

package/dist/providers/aws/index.js

@@ -12,6 +12,7 @@ import { IAMRoleBuilder, IAMPolicyBuilder } from "./iam.js";
 import { SNSTopicBuilder } from "./sns.js";
 import { CloudWatchAlarmBuilder } from "./cloudwatch.js";
 import { EC2VMBuilder } from "./ec2.js";
+import { EC2TemplateBuilder } from "./template.js";
 export const AWS = {
     init: (opts) => {
         Config.set({
@@ -35,5 +36,6 @@ export const AWS = {
     SNS: (name) => new SNSTopicBuilder(name),
     Alarm: (name) => new CloudWatchAlarmBuilder(name),
     EC2: (name) => new EC2VMBuilder(name),
+    Template: (name) => new EC2TemplateBuilder(name),
 };
 export * from "../../types/aws.js";

package/dist/providers/aws/secrets.js

@@ -1,6 +1,7 @@
 import { GetSecretValueCommand, CreateSecretCommand, PutSecretValueCommand, DeleteSecretCommand, } from "@aws-sdk/client-secrets-manager";
 import { BaseBuilder } from "../../core/resource.js";
 import { getSecretsClient } from "./api.js";
+import { resolvedSecrets } from "../../core/secret.js";
 export class SecretsBuilder extends BaseBuilder {
     _value;
     _description;
@@ -16,6 +17,9 @@ export class SecretsBuilder extends BaseBuilder {
         try {
             const result = await getSecretsClient().send(new GetSecretValueCommand({ SecretId: secretId }));
             this.resolvedValue = result.SecretString ?? null;
+            if (this.resolvedValue && this.resolvedValue.length >= 3) {
+                resolvedSecrets.add(this.resolvedValue);
+            }
             this.resolvedArn = result.ARN ?? null;
             return result;
         }
@@ -38,10 +42,17 @@ export class SecretsBuilder extends BaseBuilder {
     }
     plainText(v) {
         this._value = v;
+        if (v && v.length >= 3) {
+            resolvedSecrets.add(v);
+        }
         return this;
     }
     keyValue(obj) {
-        this._value = JSON.stringify(obj);
+        const v = JSON.stringify(obj);
+        this._value = v;
+        if (v && v.length >= 3) {
+            resolvedSecrets.add(v);
+        }
         return this;
     }
     description(d) {
@@ -61,7 +72,7 @@ export class SecretsBuilder extends BaseBuilder {
             if (existing) {
                 console.log(`   ✅ Secret "${this.name}" exists`);
                 if (this.resolvedValue !== null)
-                    console.log(`   💬 Value: ${this.resolvedValue}`);
+                    console.log(`   💬 Value: ********`);
                 if (this._value)
                     console.log(`   📝 [PLAN] Update secret value`);
             }
@@ -88,18 +99,24 @@ export class SecretsBuilder extends BaseBuilder {
             }));
             this.resolvedArn = result.ARN ?? null;
             this.resolvedValue = this._value;
+            if (this._value && this._value.length >= 3) {
+                resolvedSecrets.add(this._value);
+            }
             console.log(`🚀 Created secret "${this.name}"`);
         }
         else {
             console.log(`   ✅ Secret "${this.name}" exists`);
             if (this.resolvedValue !== null)
-                console.log(`   💬 Value: ${this.resolvedValue}`);
+                console.log(`   💬 Value: ********`);
             if (this._value && this._value !== this.resolvedValue) {
                 await client.send(new PutSecretValueCommand({
                     SecretId: this.name,
                     SecretString: this._value,
                 }));
                 this.resolvedValue = this._value;
+                if (this._value && this._value.length >= 3) {
+                    resolvedSecrets.add(this._value);
+                }
                 console.log(`   ✅ Updated secret value`);
             }
         }

package/dist/providers/aws/template.d.ts

@@ -0,0 +1,34 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+export declare class EC2TemplateBuilder extends BaseBuilder {
+    readonly out: {
+        amiId: Output<string>;
+    };
+    private _baseImage;
+    private _instanceType;
+    private _subnetId?;
+    private _securityGroupIds?;
+    private _sshPrivateKeyPath?;
+    private _keyName?;
+    private _provision;
+    constructor(name: string);
+    baseImage(amiId: string): this;
+    instanceType(type: string): this;
+    subnetId(id: string): this;
+    securityGroupIds(ids: string[]): this;
+    sshPrivateKey(path: string): this;
+    keyName(name: string): this;
+    provision(...playbookPaths: (string | string[])[]): this;
+    private discoverAMI;
+    protected checkPort(ip: string, port: number): Promise<boolean>;
+    protected runProvisioner(ip: string, script: string): Promise<void>;
+    deploy(): Promise<{
+        name: string;
+        amiId: any;
+    }>;
+    destroy(): Promise<{
+        destroyed: boolean;
+    } | {
+        destroyed: string;
+    }>;
+}

package/dist/providers/aws/template.js

@@ -0,0 +1,252 @@
+import { DescribeImagesCommand, DeregisterImageCommand, DeleteSnapshotCommand, RunInstancesCommand, DescribeInstancesCommand, StopInstancesCommand, CreateImageCommand, CreateTagsCommand, TerminateInstancesCommand, } from "@aws-sdk/client-ec2";
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+import { getEC2Client } from "./api.js";
+import { checkPort, runProvisioner } from "../../core/provisioner.js";
+import { getFileHash } from "../proxmox/hash.js";
+import { parseAwsTagsForProvision, mergeAwsTagsForProvision } from "./ec2.js";
+export class EC2TemplateBuilder extends BaseBuilder {
+    out = {
+        amiId: new Output(),
+    };
+    _baseImage = "ami-0c55b159cbfafe1f0"; // Default standard Ubuntu 22.04 LTS
+    _instanceType = "t3.micro";
+    _subnetId;
+    _securityGroupIds;
+    _sshPrivateKeyPath;
+    _keyName;
+    _provision = [];
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverAMI();
+    }
+    baseImage(amiId) {
+        this._baseImage = amiId;
+        return this;
+    }
+    instanceType(type) {
+        this._instanceType = type;
+        return this;
+    }
+    subnetId(id) {
+        this._subnetId = id;
+        return this;
+    }
+    securityGroupIds(ids) {
+        this._securityGroupIds = ids;
+        return this;
+    }
+    sshPrivateKey(path) {
+        this._sshPrivateKeyPath = path;
+        return this;
+    }
+    keyName(name) {
+        this._keyName = name;
+        return this;
+    }
+    provision(...playbookPaths) {
+        this._provision.push(...playbookPaths.flat());
+        return this;
+    }
+    async discoverAMI() {
+        try {
+            const client = getEC2Client();
+            const res = await client.send(new DescribeImagesCommand({
+                Filters: [
+                    { Name: "name", Values: [this.name] },
+                    { Name: "state", Values: ["available", "pending"] },
+                ],
+                Owners: ["self"],
+            }));
+            return res.Images?.[0] ?? null;
+        }
+        catch (e) {
+            if (e.name === "CredentialsProviderError" ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async checkPort(ip, port) {
+        return checkPort(ip, port);
+    }
+    async runProvisioner(ip, script) {
+        if (!this._sshPrivateKeyPath) {
+            throw new Error(`[EC2TemplateBuilder:${this.name}] sshPrivateKey(path) is required to run playbook provisioning.`);
+        }
+        return runProvisioner(ip, "ubuntu", this._sshPrivateKeyPath, script);
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        const declaredPlaybooksWithHashes = this._provision.map((p) => {
+            const baseName = p.split("/").pop() ?? p;
+            const slug = baseName.toLowerCase().replace(/[^a-z0-9_-]/g, "-");
+            return { path: p, slug, hash: getFileHash(p) };
+        });
+        if (existing) {
+            this.out.amiId.resolve(existing.ImageId);
+            // Check if playbooks differ
+            const appliedHashes = parseAwsTagsForProvision(existing.Tags);
+            const hasChanges = declaredPlaybooksWithHashes.some((p) => {
+                const appliedHash = appliedHashes[p.slug];
+                return !appliedHash || appliedHash !== p.hash;
+            });
+            if (!hasChanges) {
+                console.log(`\n🔍 AWS AMI Template "${this.name}"...`);
+                console.log(`   ✅ Custom AMI "${this.name}" already exists and matches defined state.`);
+                return { name: this.name, amiId: existing.ImageId };
+            }
+            console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+            console.log(`   🔄 Template playbook hashes changed. Deregistering old custom AMI...`);
+            if (dryRun) {
+                console.log(`   📝 [PLAN] Would deregister AMI "${this.name}" (${existing.ImageId}) and rebuild.`);
+                return { name: this.name, amiId: "PENDING" };
+            }
+            else {
+                await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+                const mappings = existing.BlockDeviceMappings ?? [];
+                for (const mapping of mappings) {
+                    const snapshotId = mapping.Ebs?.SnapshotId;
+                    if (snapshotId) {
+                        try {
+                            await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                        }
+                        catch (err) {
+                            console.warn(`   ⚠️  Could not delete snapshot ${snapshotId}: ${err.message}`);
+                        }
+                    }
+                }
+            }
+        }
+        console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+        const initialHashes = {};
+        for (const p of declaredPlaybooksWithHashes) {
+            initialHashes[p.slug] = p.hash;
+        }
+        const initialMetadataVal = mergeAwsTagsForProvision(initialHashes);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Bake AWS AMI Template "${this.name}"`);
+            console.log(`      └─ Base Image: ${this._baseImage}  Instance Type: ${this._instanceType}`);
+            if (this._provision.length > 0) {
+                console.log(`      └─ Provision: ${this._provision.join(", ")}`);
+            }
+            this.out.amiId.resolve("PENDING");
+            return { name: this.name, amiId: "PENDING" };
+        }
+        // Spawn temporary instance to bake
+        console.log(`🚀 Spawning temporary VM "puls-bake-temp-${this.name}" to bake custom AMI...`);
+        const runRes = await client.send(new RunInstancesCommand({
+            ImageId: this._baseImage,
+            InstanceType: this._instanceType,
+            MinCount: 1,
+            MaxCount: 1,
+            KeyName: this._keyName,
+            SubnetId: this._subnetId,
+            SecurityGroupIds: this._securityGroupIds,
+            TagSpecifications: [
+                {
+                    ResourceType: "instance",
+                    Tags: [
+                        { Key: "Name", Value: `puls-bake-temp-${this.name}` },
+                    ],
+                },
+            ],
+        }));
+        const instanceId = runRes.Instances?.[0]?.InstanceId;
+        if (!instanceId)
+            throw new Error("Failed to retrieve instance ID from RunInstancesCommand");
+        // Wait until running and IP is resolved
+        let resolvedIp;
+        await this.waitFor(`temporary instance "${instanceId}" to start running`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            if (inst && inst.State?.Name === "running") {
+                resolvedIp = inst.PublicIpAddress ?? inst.PrivateIpAddress ?? undefined;
+                return !!resolvedIp;
+            }
+            return false;
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        if (!resolvedIp) {
+            throw new Error(`Failed to resolve IP for temporary instance "${instanceId}"`);
+        }
+        // Provision the instance
+        if (this._provision.length > 0) {
+            await this.waitFor(`SSH on ${resolvedIp} to be ready`, () => this.checkPort(resolvedIp, 22), { intervalMs: 10_000, timeoutMs: 300_000 });
+            for (const playbook of this._provision) {
+                await this.runProvisioner(resolvedIp, playbook);
+            }
+        }
+        // Stop temporary instance
+        console.log(`   🛑 Stopping temporary instance "${instanceId}"...`);
+        await client.send(new StopInstancesCommand({ InstanceIds: [instanceId] }));
+        await this.waitFor(`temporary instance to stop`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            return inst?.State?.Name === "stopped";
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        // Bake AMI
+        console.log(`   💾 Baking custom AMI "${this.name}" from instance "${instanceId}"...`);
+        const amiRes = await client.send(new CreateImageCommand({
+            InstanceId: instanceId,
+            Name: this.name,
+            Description: `Puls Golden Image Template - ${this.name}`,
+            NoReboot: true,
+        }));
+        const newAmiId = amiRes.ImageId;
+        if (!newAmiId)
+            throw new Error("Failed to bake custom AMI from instance");
+        // Wait until AMI is available
+        await this.waitFor(`custom AMI "${newAmiId}" to become available`, async () => {
+            const result = await client.send(new DescribeImagesCommand({ ImageIds: [newAmiId] }));
+            const img = result.Images?.[0];
+            return img?.State === "available";
+        }, { intervalMs: 15_000, timeoutMs: 600_000 });
+        // Tag the AMI
+        await client.send(new CreateTagsCommand({
+            Resources: [newAmiId],
+            Tags: [
+                { Key: "Name", Value: this.name },
+                ...(initialMetadataVal ? [{ Key: "puls-provision", Value: initialMetadataVal }] : []),
+            ],
+        }));
+        console.log(`   ✅ Custom AMI "${this.name}" (${newAmiId}) baked successfully.`);
+        // Clean up temporary instance
+        console.log(`   🧹 Terminating temporary provisioning instance "${instanceId}"...`);
+        await client.send(new TerminateInstancesCommand({ InstanceIds: [instanceId] }));
+        this.out.amiId.resolve(newAmiId);
+        return { name: this.name, amiId: newAmiId };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        console.log(`\n🗑️  Destroying AWS AMI Template "${this.name}"...`);
+        if (!existing) {
+            console.log(`   ─  AWS AMI Template "${this.name}" not found`);
+            return { destroyed: false };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Deregister AWS AMI "${this.name}" (id=${existing.ImageId})`);
+            return { destroyed: this.name };
+        }
+        console.log(`   🔄 Deregistering AWS AMI "${this.name}" (id=${existing.ImageId})...`);
+        await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+        const mappings = existing.BlockDeviceMappings ?? [];
+        for (const mapping of mappings) {
+            const snapshotId = mapping.Ebs?.SnapshotId;
+            if (snapshotId) {
+                try {
+                    await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                }
+                catch {
+                    // Ignore safely
+                }
+            }
+        }
+        console.log(`   🗑️  Removed AWS AMI Template "${this.name}"`);
+        return { destroyed: this.name };
+    }
+}

package/dist/providers/aws/template.test.d.ts

@@ -0,0 +1 @@
+export {};