puls-dev 0.3.6 → 0.3.7

package/dist/providers/firebase/auth.test.js

@@ -0,0 +1,145 @@
+import { test, describe, beforeEach, afterEach, mock } from 'node:test';
+import assert from 'node:assert';
+import { GoogleAuth } from 'google-auth-library';
+import { FirebaseAuthBuilder } from './auth.js';
+import { Config } from '../../core/config.js';
+describe('FirebaseAuthBuilder Unit Tests', () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    function matchResponse(method, url) {
+        const key = Object.keys(mockResponses)
+            .filter((k) => {
+            const [m, path] = k.split(' ');
+            return method === m && url.includes(path);
+        })
+            .sort((a, b) => b.split(' ')[1].length - a.split(' ')[1].length)[0];
+        return key ? mockResponses[key] : null;
+    }
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: { firebase: { projectId: 'my-project', serviceAccountPath: '/fake/sa.json' } },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? 'GET';
+            let body;
+            if (init?.body && typeof init.body === 'string') {
+                try {
+                    body = JSON.parse(init.body);
+                }
+                catch {
+                    body = init.body;
+                }
+            }
+            fetchCalls.push({ url, method, body });
+            const resp = matchResponse(method, url);
+            if (resp) {
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: true,
+                status: 200,
+                json: async () => ({}),
+                text: async () => '{}',
+            };
+        };
+        mock.method(GoogleAuth.prototype, 'getClient', async () => ({
+            getAccessToken: async () => ({ token: 'fake-token' }),
+        }));
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    test('performs dry-run without any API write calls', async () => {
+        Config.set({
+            dryRun: true,
+            providers: { firebase: { projectId: 'my-project', serviceAccountPath: '/fake/sa.json' } },
+        });
+        const builder = new FirebaseAuthBuilder();
+        builder.emailPassword().anonymous().phone();
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.project, 'my-project');
+        const writeCalls = fetchCalls.filter((c) => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test('configures email/password and anonymous sign-in via PATCH', async () => {
+        const builder = new FirebaseAuthBuilder();
+        builder.emailPassword({ passwordRequired: false }).anonymous();
+        await builder.deploy();
+        const patchCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('/config'));
+        assert.ok(patchCall);
+        assert.ok(patchCall.url.includes('signIn.email'));
+        assert.ok(patchCall.url.includes('signIn.anonymous'));
+        assert.strictEqual(patchCall.body.signIn.email.enabled, true);
+        assert.strictEqual(patchCall.body.signIn.email.passwordRequired, false);
+        assert.strictEqual(patchCall.body.signIn.anonymous.enabled, true);
+    });
+    test('enables phone sign-in via PATCH', async () => {
+        const builder = new FirebaseAuthBuilder();
+        builder.phone();
+        await builder.deploy();
+        const patchCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('/config'));
+        assert.ok(patchCall);
+        assert.ok(patchCall.url.includes('signIn.phoneNumber'));
+        assert.strictEqual(patchCall.body.signIn.phoneNumber.enabled, true);
+    });
+    test('configures OAuth provider via POST when IDP does not exist', async () => {
+        // getIdp returns 404 (not configured yet)
+        mockResponses['GET /defaultSupportedIdpConfigs/google.com'] = {
+            status: 404,
+            body: { error: { message: 'not found' } },
+        };
+        const builder = new FirebaseAuthBuilder();
+        builder.google({ clientId: 'client-id-123', clientSecret: 'secret-456' });
+        await builder.deploy();
+        const postCall = fetchCalls.find((c) => c.method === 'POST' && c.url.includes('defaultSupportedIdpConfigs'));
+        assert.ok(postCall);
+        assert.ok(postCall.url.includes('idpId=google.com'));
+        assert.strictEqual(postCall.body.clientId, 'client-id-123');
+        assert.strictEqual(postCall.body.clientSecret, 'secret-456');
+        assert.strictEqual(postCall.body.enabled, true);
+    });
+    test('updates OAuth provider via PATCH when IDP already exists', async () => {
+        mockResponses['GET /defaultSupportedIdpConfigs/github.com'] = {
+            status: 200,
+            body: { name: 'projects/my-project/defaultSupportedIdpConfigs/github.com', enabled: true },
+        };
+        const builder = new FirebaseAuthBuilder();
+        builder.github({ clientId: 'gh-id', clientSecret: 'gh-secret' });
+        await builder.deploy();
+        const patchCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('defaultSupportedIdpConfigs/github.com'));
+        assert.ok(patchCall);
+        assert.strictEqual(patchCall.body.clientId, 'gh-id');
+    });
+    test('sets authorized domains via PATCH', async () => {
+        const builder = new FirebaseAuthBuilder();
+        builder.authorizedDomains(['example.com', 'app.example.com', 'localhost']);
+        await builder.deploy();
+        const patchCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('/config'));
+        assert.ok(patchCall);
+        assert.ok(patchCall.url.includes('authorizedDomains'));
+        assert.deepStrictEqual(patchCall.body.authorizedDomains, [
+            'example.com',
+            'app.example.com',
+            'localhost',
+        ]);
+    });
+    test('destroy returns without making API calls', async () => {
+        const builder = new FirebaseAuthBuilder();
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: 'auth' });
+        assert.strictEqual(fetchCalls.filter((c) => c.method !== 'GET').length, 0);
+    });
+});

package/dist/providers/firebase/hosting.test.js

@@ -1,6 +1,8 @@
 import { test, describe, beforeEach, afterEach, mock } from 'node:test';
 import assert from 'node:assert';
 import fs from 'node:fs';
+import { createHash } from 'node:crypto';
+import { gzipSync } from 'node:zlib';
 import { GoogleAuth } from 'google-auth-library';
 import { FirebaseHostingBuilder } from './hosting.js';
 import { Config } from '../../core/config.js';
@@ -129,6 +131,7 @@ describe('FirebaseHostingBuilder Unit Tests', () => {
         assert.strictEqual(writeCalls.length, 0);
     });
     test('deploys new version and creates release when site exists', async () => {
+        const expectedHash = createHash('sha256').update(gzipSync(Buffer.from('hello from index.html'))).digest('hex');
         mockResponses['GET /projects/my-project/sites/my-site'] = {
             status: 200,
             body: { name: 'projects/my-project/sites/my-site' }
@@ -141,10 +144,10 @@ describe('FirebaseHostingBuilder Unit Tests', () => {
             status: 200,
             body: {
                 uploadUrl: 'https://upload-firebasehosting.googleapis.com/upload/v111',
-                uploadRequiredHashes: ['mock-hash-index']
+                uploadRequiredHashes: [expectedHash]
             }
         };
-        mockResponses['POST /upload/v111/mock-hash-index'] = {
+        mockResponses[`POST /upload/v111/${expectedHash}`] = {
             status: 200,
             body: {}
         };
@@ -166,10 +169,8 @@ describe('FirebaseHostingBuilder Unit Tests', () => {
         assert.ok(createVersionCall);
         const populateCall = fetchCalls.find(c => c.method === 'POST' && c.url.endsWith('/versions/v111:populateFiles'));
         assert.ok(populateCall);
-        assert.deepStrictEqual(populateCall.body.files, {
-            '/index.html': '8bde9ea78d892f46c76f95e789dfe2000427a3fb3abff9afd8f6b31456703c1d'
-        });
-        const uploadCall = fetchCalls.find(c => c.method === 'POST' && c.url.includes('/upload/v111/mock-hash-index'));
+        assert.deepStrictEqual(populateCall.body.files, { '/index.html': expectedHash });
+        const uploadCall = fetchCalls.find(c => c.method === 'POST' && c.url.includes(`/upload/v111/${expectedHash}`));
         assert.ok(uploadCall);
         assert.strictEqual(uploadCall.headers?.['Authorization'], 'Bearer fake-access-token');
         const patchVersionCall = fetchCalls.find(c => c.method === 'PATCH' && c.url.endsWith('/versions/v111'));

package/dist/providers/firebase/storage.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/firebase/storage.test.js

@@ -0,0 +1,148 @@
+import { test, describe, beforeEach, afterEach, mock } from 'node:test';
+import assert from 'node:assert';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { GoogleAuth } from 'google-auth-library';
+import { FirebaseStorageBuilder } from './storage.js';
+import { Config } from '../../core/config.js';
+describe('FirebaseStorageBuilder Unit Tests', () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    // Real temp file: storage.ts uses a named ESM import that bypasses mock.method on the fs object
+    const tmpRulesFile = path.join(os.tmpdir(), 'puls-storage-test.rules');
+    function matchResponse(method, url) {
+        const key = Object.keys(mockResponses)
+            .filter((k) => {
+            const [m, path] = k.split(' ');
+            return method === m && url.includes(path);
+        })
+            .sort((a, b) => b.split(' ')[1].length - a.split(' ')[1].length)[0];
+        return key ? mockResponses[key] : null;
+    }
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: { firebase: { projectId: 'my-project', serviceAccountPath: '/fake/sa.json' } },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? 'GET';
+            let body;
+            if (init?.body && typeof init.body === 'string') {
+                try {
+                    body = JSON.parse(init.body);
+                }
+                catch {
+                    body = init.body;
+                }
+            }
+            fetchCalls.push({ url, method, body });
+            const resp = matchResponse(method, url);
+            if (resp) {
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: true, status: 200, json: async () => ({}), text: async () => '{}',
+            };
+        };
+        mock.method(GoogleAuth.prototype, 'getClient', async () => ({
+            getAccessToken: async () => ({ token: 'fake-token' }),
+        }));
+        fs.writeFileSync(tmpRulesFile, 'service firebase.storage { match /b/{b}/o/{a=**} { allow read; } }');
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+        try {
+            fs.unlinkSync(tmpRulesFile);
+        }
+        catch { /* ignore */ }
+    });
+    test('deploys without writing anything when no rules, cors, or lifecycle configured', async () => {
+        const builder = new FirebaseStorageBuilder('my-project.appspot.com');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.bucket, 'my-project.appspot.com');
+        assert.strictEqual(result.project, 'my-project');
+        const writeCalls = fetchCalls.filter((c) => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test('deploys storage rules by creating a ruleset and updating the release', async () => {
+        mockResponses['POST /rulesets'] = {
+            status: 200,
+            body: { name: 'projects/my-project/rulesets/ruleset-abc' },
+        };
+        mockResponses['PUT /releases/firebase.storage/my-project.appspot.com'] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new FirebaseStorageBuilder('my-project.appspot.com');
+        builder.rules(tmpRulesFile);
+        await builder.deploy();
+        const rulesetCall = fetchCalls.find((c) => c.method === 'POST' && c.url.includes('/rulesets'));
+        assert.ok(rulesetCall);
+        assert.ok(rulesetCall.body.source.files[0].name === 'storage.rules');
+        const releaseCall = fetchCalls.find((c) => c.method === 'PUT' && c.url.includes('/releases/'));
+        assert.ok(releaseCall);
+        assert.ok(releaseCall.body.rulesetName.includes('ruleset-abc'));
+    });
+    test('deploys CORS configuration via PATCH to GCS API', async () => {
+        const builder = new FirebaseStorageBuilder('my-bucket');
+        builder.cors([
+            { origin: ['https://example.com'], method: ['GET', 'PUT'], maxAge: 7200 },
+        ]);
+        await builder.deploy();
+        const corsCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('/b/my-bucket'));
+        assert.ok(corsCall);
+        assert.ok(Array.isArray(corsCall.body.cors));
+        assert.strictEqual(corsCall.body.cors[0].maxAgeSeconds, 7200);
+        assert.deepStrictEqual(corsCall.body.cors[0].origin, ['https://example.com']);
+    });
+    test('deploys lifecycle policy via PATCH to GCS API', async () => {
+        const builder = new FirebaseStorageBuilder('my-bucket');
+        builder.lifecycle({ deleteAfterDays: 30, matchesPrefix: ['tmp/', 'cache/'] });
+        await builder.deploy();
+        const lcCall = fetchCalls.find((c) => c.method === 'PATCH' && c.url.includes('/b/my-bucket'));
+        assert.ok(lcCall);
+        const rule = lcCall.body.lifecycle.rule[0];
+        assert.strictEqual(rule.action.type, 'Delete');
+        assert.strictEqual(rule.condition.age, 30);
+        assert.deepStrictEqual(rule.condition.matchesPrefix, ['tmp/', 'cache/']);
+    });
+    test('performs dry-run without any write API calls', async () => {
+        Config.set({
+            dryRun: true,
+            providers: { firebase: { projectId: 'my-project', serviceAccountPath: '/fake/sa.json' } },
+        });
+        const builder = new FirebaseStorageBuilder('my-project.appspot.com');
+        builder
+            .cors([{ origin: ['*'], method: ['GET'] }])
+            .lifecycle({ deleteAfterDays: 90 });
+        await builder.deploy();
+        const writeCalls = fetchCalls.filter((c) => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test('uses project-derived default bucket name when none provided', async () => {
+        const builder = new FirebaseStorageBuilder();
+        const result = await builder.deploy();
+        // Default bucket is projectId.appspot.com
+        assert.strictEqual(result.bucket, 'my-project.appspot.com');
+    });
+    test('destroy returns without making write API calls', async () => {
+        const builder = new FirebaseStorageBuilder('my-project.appspot.com');
+        const result = await builder.destroy();
+        assert.ok(result.destroyed.includes('appspot.com'));
+        const writeCalls = fetchCalls.filter((c) => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "puls-dev",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "description": "Intent-driven infrastructure-as-code with eager discovery and no state files.",
   "type": "module",
   "main": "./dist/index.js",
@@ -30,6 +30,10 @@
     "./gcp": {
       "types": "./dist/providers/gcp/index.d.ts",
       "default": "./dist/providers/gcp/index.js"
+    },
+    "./cloudflare": {
+      "types": "./dist/providers/cloudflare/index.d.ts",
+      "default": "./dist/providers/cloudflare/index.js"
     }
   },
   "files": [
@@ -44,7 +48,7 @@
     "build": "tsc",
     "postbuild": "node -e \"const fs=require('fs'),f='dist/bin/puls.js',c=fs.readFileSync(f,'utf8');if(!c.startsWith('#!'))fs.writeFileSync(f,'#!/usr/bin/env node\\n'+c);\" && chmod +x dist/bin/puls.js",
     "prepublishOnly": "npm run build",
-    "test": "tsx --test \"src/**/*.test.ts\""
+    "test": "find src -name '*.test.ts' | xargs tsx --test --test-concurrency=1"
   },
   "keywords": [
     "iac",