defenseunicorns · schaeferka · Oct 23, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -2,7 +2,7 @@
 #
 # This Action will scan dependency manifest files that change as part of a Pull Request,
 # surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required, 
+# Once installed, if the workflow run is marked as required,
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
@@ -35,11 +35,12 @@ jobs:
         run: |
           npx madge --circular --ts-config tsconfig.json --extensions ts,js src/ > tmp.log || true # Force exit 0 for post-processing
           tail -n +4 tmp.log > circular-deps.log
-          if [ $(wc -l < circular-deps.log) -gt 17 ]; then
-            echo "circular-deps.log has more than 17 circular dependencies."
+          if [ $(wc -l < circular-deps.log) -gt 16 ]; then
+            echo "circular-deps.log has more than 16 circular dependencies."
             wc -l circular-deps.log
             exit 1
           else
-            echo "circular-deps.log has 17 or fewer circular dependencies."
+            echo "circular-deps.log has 16 or fewer circular dependencies."
+
             exit 0
           fi
@@ -1,6 +1,6 @@
 import { kind } from "kubernetes-fluent-client";
 
-import { AdmissionRequest } from "../lib/types";
+import { AdmissionRequest } from "../lib/common";
 import createPod from "./data/create-pod.json";
 import deletePod from "./data/delete-pod.json";
 

@@ -4,8 +4,9 @@
 import { expect, describe, it } from "@jest/globals";
 import * as sut from "./adjudicators";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import { AdmissionRequest, Binding, Event } from "./types";
-import { DeepPartial, Operation } from "./mutate-types";
+import { Binding, Event } from "./types";
+import { AdmissionRequest } from "./common";
+import { DeepPartial, Operation } from "./common";
 
 describe("definesDeletionTimestamp", () => {
   //[ Binding, result ]

@@ -2,7 +2,7 @@
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
 import { Event } from "./types";
-import { Operation } from "./mutate-types";
+import { Operation } from "./common";
 import {
   __,
   allPass,

@@ -4,10 +4,10 @@ import { CapabilityCfg, FinalizeAction, MutateAction, ValidateAction, WatchLogAc
 import { a } from "../lib";
 import { V1Pod } from "@kubernetes/client-node";
 import { expect, describe, jest, beforeEach, it } from "@jest/globals";
-import { Operation } from "./mutate-types";
+import { Operation } from "./common";
 import { PeprMutateRequest } from "./mutate-request";
 import { PeprValidateRequest } from "./validate-request";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./common";
 import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
 import { Event } from "./types";
 import { GenericClass } from "kubernetes-fluent-client";

@@ -13,7 +13,6 @@ import {
   BindingWithName,
   CapabilityCfg,
   CapabilityExport,
-  Event,
   MutateAction,
   MutateActionChain,
   ValidateAction,
@@ -23,6 +22,7 @@ import {
   FinalizeActionChain,
   WhenSelector,
 } from "./types";
+import { Event } from "./types";
 import { addFinalizer } from "./finalizer";
 
 const registerAdmission = isBuildMode() || !isWatchMode();

@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+import { GroupVersionKind, KubernetesObject } from "kubernetes-fluent-client";
+
+export type ValidateActionResponse = {
+  allowed: boolean;
+  statusCode?: number;
+  statusMessage?: string;
+};
+
+/**
+ * A Kubernetes admission request to be processed by a capability.
+ */
+export interface AdmissionRequest<T = KubernetesObject> {
+  /** UID is an identifier for the individual request/response. */
+  readonly uid: string;
+
+  /** Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) */
+  readonly kind: GroupVersionKind;
+
+  /** Resource is the fully-qualified resource being requested (for example, v1.pods) */
+  readonly resource: GroupVersionResource;
+
+  /** SubResource is the sub-resource being requested, if any (for example, "status" or "scale") */
+  readonly subResource?: string;
+
+  /** RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). */
+  readonly requestKind?: GroupVersionKind;
+
+  /** RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). */
+  readonly requestResource?: GroupVersionResource;
+
+  /** RequestSubResource is the sub-resource of the original API request, if any (for example, "status" or "scale"). */
+  readonly requestSubResource?: string;
+
+  /**
+   * Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
+   * rely on the server to generate the name. If that is the case, this method will return the empty string.
+   */
+  readonly name: string;
+
+  /** Namespace is the namespace associated with the request (if any). */
+  readonly namespace?: string;
+
+  /**
+   * Operation is the operation being performed. This may be different than the operation
+   * requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
+   */
+  readonly operation: Operation;
+
+  /** UserInfo is information about the requesting user */
+  readonly userInfo: {
+    /** The name that uniquely identifies this user among all active users. */
+    username?: string;
+
+    /**
+     * A unique value that identifies this user across time. If this user is deleted
+     * and another user by the same name is added, they will have different UIDs.
+     */
+    uid?: string;
+
+    /** The names of groups this user is a part of. */
+    groups?: string[];
+
+    /** Any additional information provided by the authenticator. */
+    extra?: {
+      [key: string]: string[];
+    };
+  };
+
+  /** Object is the object from the incoming request prior to default values being applied */
+  readonly object: T;
+
+  /** OldObject is the existing object. Only populated for UPDATE or DELETE requests. */
+  readonly oldObject?: T;
+
+  /** DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. */
+  readonly dryRun?: boolean;
+
+  /**
+   * Options contains the options for the operation being performed.
+   * e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
+   * different than the options the caller provided. e.g. for a patch request the performed
+   * Operation might be a CREATE, in which case the Options will a
+   * `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
+   */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  readonly options?: any;
+}
+
+// GroupVersionResource interface for resource identification
+export interface GroupVersionResource {
+  readonly group: string;
+  readonly version: string;
+  readonly resource: string;
+}
+
+// Operation type for mutation operations
+export enum Operation {
+  CREATE = "CREATE",
+  UPDATE = "UPDATE",
+  DELETE = "DELETE",
+  CONNECT = "CONNECT",
+}
+
+// AdmissionRequest interface for handling admission requests in mutation context
+/* export interface AdmissionRequest<T = KubernetesObject> {
+  readonly uid: string;
+  readonly kind: GroupVersionKind;
+  readonly resource: GroupVersionResource;
+  readonly subResource?: string;
+  readonly requestKind?: GroupVersionKind;
+  readonly requestResource?: GroupVersionResource;
+  readonly requestSubResource?: string;
+  readonly name: string;
+  readonly namespace?: string;
+  readonly operation: Operation;
+  readonly userInfo: {
+    username?: string;
+    uid?: string;
+    groups?: string[];
+    extra?: { [key: string]: string[] };
+  };
+  readonly object: T;
+  readonly oldObject?: T;
+  readonly dryRun?: boolean;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  readonly options?: any;
+} */
+
+// DeepPartial utility type for deep optional properties
+export type DeepPartial<T> = {
+  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
+};
@@ -13,7 +13,8 @@ import { ModuleConfig, isWatchMode } from "../module";
 import { mutateProcessor } from "../mutate-processor";
 import { validateProcessor } from "../validate-processor";
 import { PeprControllerStore } from "./store";
-import { ResponseItem, AdmissionRequest } from "../types";
+import { ResponseItem } from "../types";
+import { AdmissionRequest } from "../common";
 
 if (!process.env.PEPR_NODE_WARNINGS) {
   process.removeAllListeners("warning");

@@ -6,7 +6,9 @@ import { kind, modelToGroupVersionKind } from "kubernetes-fluent-client";
 import * as fc from "fast-check";
 import { CreatePod, DeletePod } from "../fixtures/loader";
 import { shouldSkipRequest } from "./filter";
-import { AdmissionRequest, Binding, Event } from "./types";
+import { Binding } from "./types";
+import { Event } from "./types";
+import { AdmissionRequest } from "./common";
 
 export const callback = () => undefined;
 

@@ -1,8 +1,9 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { AdmissionRequest, Binding } from "./types";
-import { Operation } from "./mutate-types";
+import { Binding } from "./types";
+import { AdmissionRequest } from "./common";
+import { Operation } from "./common";
 import {
   carriesIgnoredNamespace,
   carriedName,

@@ -5,8 +5,8 @@ import { beforeEach, describe, expect, it, jest } from "@jest/globals";
 import { addFinalizer, removeFinalizer } from "./finalizer";
 import { KubernetesObject, K8s, GenericClass, RegisterKind } from "kubernetes-fluent-client";
 import { K8sInit } from "kubernetes-fluent-client/dist/fluent/types";
-import { AdmissionRequest } from "./types";
-import { Operation } from "./mutate-types";
+import { AdmissionRequest } from "./common";
+import { Operation } from "./common";
 import { PeprMutateRequest } from "./mutate-request";
 import { Binding } from "./types";
 

@@ -4,7 +4,7 @@
 import { K8s, KubernetesObject, RegisterKind } from "kubernetes-fluent-client";
 import Log from "./logger";
 import { Binding } from "./types";
-import { Operation, DeepPartial } from "./mutate-types";
+import { Operation, DeepPartial } from "./common";
 import { PeprMutateRequest } from "./mutate-request";
 
 export function addFinalizer<K extends KubernetesObject>(request: PeprMutateRequest<K>) {

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { Binding, CapabilityExport, Event } from "./types";
+import { Binding, CapabilityExport } from "./types";
 import {
   addVerbIfNotExists,
   bindingAndCapabilityNSConflict,
@@ -31,6 +31,7 @@ import { promises as fs } from "fs";
 import { SpiedFunction } from "jest-mock";
 import { K8s, GenericClass, KubernetesObject, kind } from "kubernetes-fluent-client";
 import { K8sInit } from "kubernetes-fluent-client/dist/fluent/types";
+import { Event } from "./types";
 
 export const callback = () => undefined;
 

@@ -5,7 +5,8 @@ import { Capability } from "./capability";
 import { Controller } from "./controller";
 import { ValidateError } from "./errors";
 import { MutateResponse, ValidateResponse, WebhookIgnore } from "./k8s";
-import { CapabilityExport, AdmissionRequest } from "./types";
+import { CapabilityExport } from "./types";
+import { AdmissionRequest } from "./common";
 import { setupWatch } from "./watch-processor";
 import { Log } from "../lib";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";

@@ -8,7 +8,7 @@ import { Capability } from "./capability";
 import { Errors } from "./errors";
 import { shouldSkipRequest } from "./filter";
 import { MutateResponse } from "./k8s";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./common";
 import Log from "./logger";
 import { ModuleConfig } from "./module";
 import { PeprMutateRequest } from "./mutate-request";

@@ -3,8 +3,8 @@
 
 import { beforeEach, describe, expect, it } from "@jest/globals";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import { AdmissionRequest } from "./types";
-import { Operation } from "./mutate-types";
+import { AdmissionRequest } from "./common";
+import { Operation } from "./common";
 import { PeprMutateRequest } from "./mutate-request";
 
 describe("PeprMutateRequest", () => {

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { Operation, AdmissionRequest, DeepPartial } from "./mutate-types";
+import { Operation, AdmissionRequest, DeepPartial } from "./common";
 import { KubernetesObject } from "kubernetes-fluent-client";
 import { clone, mergeDeepRight } from "ramda";
 import { Logger } from "pino";