defenseunicorns · schaeferka · Oct 23, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -2,7 +2,7 @@
 #
 # This Action will scan dependency manifest files that change as part of a Pull Request,
 # surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required, 
+# Once installed, if the workflow run is marked as required,
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
@@ -35,11 +35,12 @@ jobs:
         run: |
           npx madge --circular --ts-config tsconfig.json --extensions ts,js src/ > tmp.log || true # Force exit 0 for post-processing
           tail -n +4 tmp.log > circular-deps.log
-          if [ $(wc -l < circular-deps.log) -gt 17 ]; then
-            echo "circular-deps.log has more than 17 circular dependencies."
+          if [ $(wc -l < circular-deps.log) -gt 16 ]; then
+            echo "circular-deps.log has more than 16 circular dependencies."
             wc -l circular-deps.log
             exit 1
           else
-            echo "circular-deps.log has 17 or fewer circular dependencies."
+            echo "circular-deps.log has 16 or fewer circular dependencies."
+
             exit 0
           fi
@@ -1,6 +1,6 @@
 import { kind } from "kubernetes-fluent-client";
 
-import { AdmissionRequest } from "../lib/types";
+import { AdmissionRequest } from "../lib/validate-types";
 import createPod from "./data/create-pod.json";
 import deletePod from "./data/delete-pod.json";
 

@@ -4,7 +4,8 @@
 import { expect, describe, it } from "@jest/globals";
 import * as sut from "./adjudicators";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import { AdmissionRequest, Binding, Event } from "./types";
+import { Binding, Event } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { DeepPartial, Operation } from "./mutate-types";
 
 describe("definesDeletionTimestamp", () => {

@@ -7,7 +7,7 @@ import { expect, describe, jest, beforeEach, it } from "@jest/globals";
 import { Operation } from "./mutate-types";
 import { PeprMutateRequest } from "./mutate-request";
 import { PeprValidateRequest } from "./validate-request";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
 import { Event } from "./types";
 import { GenericClass } from "kubernetes-fluent-client";

@@ -13,7 +13,6 @@ import {
   BindingWithName,
   CapabilityCfg,
   CapabilityExport,
-  Event,
   MutateAction,
   MutateActionChain,
   ValidateAction,
@@ -23,6 +22,7 @@ import {
   FinalizeActionChain,
   WhenSelector,
 } from "./types";
+import { Event } from "./types";
 import { addFinalizer } from "./finalizer";
 
 const registerAdmission = isBuildMode() || !isWatchMode();

@@ -13,7 +13,8 @@ import { ModuleConfig, isWatchMode } from "../module";
 import { mutateProcessor } from "../mutate-processor";
 import { validateProcessor } from "../validate-processor";
 import { PeprControllerStore } from "./store";
-import { ResponseItem, AdmissionRequest } from "../types";
+import { ResponseItem } from "../types";
+import { AdmissionRequest } from "../validate-types";
 
 if (!process.env.PEPR_NODE_WARNINGS) {
   process.removeAllListeners("warning");

@@ -6,7 +6,9 @@ import { kind, modelToGroupVersionKind } from "kubernetes-fluent-client";
 import * as fc from "fast-check";
 import { CreatePod, DeletePod } from "../fixtures/loader";
 import { shouldSkipRequest } from "./filter";
-import { AdmissionRequest, Binding, Event } from "./types";
+import { Binding } from "./types";
+import { Event } from "./types";
+import { AdmissionRequest } from "./validate-types";
 
 export const callback = () => undefined;
 

@@ -1,7 +1,8 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { AdmissionRequest, Binding } from "./types";
+import { Binding } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { Operation } from "./mutate-types";
 import {
   carriesIgnoredNamespace,

@@ -5,7 +5,7 @@ import { beforeEach, describe, expect, it, jest } from "@jest/globals";
 import { addFinalizer, removeFinalizer } from "./finalizer";
 import { KubernetesObject, K8s, GenericClass, RegisterKind } from "kubernetes-fluent-client";
 import { K8sInit } from "kubernetes-fluent-client/dist/fluent/types";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { Operation } from "./mutate-types";
 import { PeprMutateRequest } from "./mutate-request";
 import { Binding } from "./types";

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { Binding, CapabilityExport, Event } from "./types";
+import { Binding, CapabilityExport } from "./types";
 import {
   addVerbIfNotExists,
   bindingAndCapabilityNSConflict,
@@ -31,6 +31,7 @@ import { promises as fs } from "fs";
 import { SpiedFunction } from "jest-mock";
 import { K8s, GenericClass, KubernetesObject, kind } from "kubernetes-fluent-client";
 import { K8sInit } from "kubernetes-fluent-client/dist/fluent/types";
+import { Event } from "./types";
 
 export const callback = () => undefined;
 

@@ -5,7 +5,8 @@ import { Capability } from "./capability";
 import { Controller } from "./controller";
 import { ValidateError } from "./errors";
 import { MutateResponse, ValidateResponse, WebhookIgnore } from "./k8s";
-import { CapabilityExport, AdmissionRequest } from "./types";
+import { CapabilityExport } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { setupWatch } from "./watch-processor";
 import { Log } from "../lib";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";

@@ -8,7 +8,7 @@ import { Capability } from "./capability";
 import { Errors } from "./errors";
 import { shouldSkipRequest } from "./filter";
 import { MutateResponse } from "./k8s";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import Log from "./logger";
 import { ModuleConfig } from "./module";
 import { PeprMutateRequest } from "./mutate-request";

@@ -3,7 +3,7 @@
 
 import { beforeEach, describe, expect, it } from "@jest/globals";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import { Operation } from "./mutate-types";
 import { PeprMutateRequest } from "./mutate-request";
 

@@ -1,8 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { KubernetesObject } from "kubernetes-fluent-client";
-import { GroupVersionKind } from "kubernetes-fluent-client";
+import { GroupVersionKind, KubernetesObject } from "kubernetes-fluent-client";
 
 // Operation type for mutation operations
 export enum Operation {

@@ -2,11 +2,11 @@
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
 import { GenericClass, GroupVersionKind, KubernetesObject } from "kubernetes-fluent-client";
-import { Operation } from "./mutate-types";
 import { WatchPhase } from "kubernetes-fluent-client/dist/fluent/types";
 import { Logger } from "pino";
 import { PeprMutateRequest } from "./mutate-request";
 import { PeprValidateRequest } from "./validate-request";
+import { ValidateActionResponse } from "./validate-types";
 import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
 
 /**
@@ -246,12 +246,6 @@ export type WatchLogAction<T extends GenericClass, K extends KubernetesObject =
   logger?: Logger,
 ) => Promise<void> | void;
 
-export type ValidateActionResponse = {
-  allowed: boolean;
-  statusCode?: number;
-  statusMessage?: string;
-};
-
 export type FinalizeAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (
   update: K,
   logger?: Logger,
@@ -271,93 +265,3 @@ export type FinalizeActionChain<T extends GenericClass> = {
    */
   Finalize: (action: FinalizeAction<T, InstanceType<T>>) => void;
 };
-
-/**
- * A Kubernetes admission request to be processed by a capability.
- */
-export interface AdmissionRequest<T = KubernetesObject> {
-  /** UID is an identifier for the individual request/response. */
-  readonly uid: string;
-
-  /** Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) */
-  readonly kind: GroupVersionKind;
-
-  /** Resource is the fully-qualified resource being requested (for example, v1.pods) */
-  readonly resource: GroupVersionResource;
-
-  /** SubResource is the sub-resource being requested, if any (for example, "status" or "scale") */
-  readonly subResource?: string;
-
-  /** RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). */
-  readonly requestKind?: GroupVersionKind;
-
-  /** RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). */
-  readonly requestResource?: GroupVersionResource;
-
-  /** RequestSubResource is the sub-resource of the original API request, if any (for example, "status" or "scale"). */
-  readonly requestSubResource?: string;
-
-  /**
-   * Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
-   * rely on the server to generate the name. If that is the case, this method will return the empty string.
-   */
-  readonly name: string;
-
-  /** Namespace is the namespace associated with the request (if any). */
-  readonly namespace?: string;
-
-  /**
-   * Operation is the operation being performed. This may be different than the operation
-   * requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
-   */
-  readonly operation: Operation;
-
-  /** UserInfo is information about the requesting user */
-  readonly userInfo: {
-    /** The name that uniquely identifies this user among all active users. */
-    username?: string;
-
-    /**
-     * A unique value that identifies this user across time. If this user is deleted
-     * and another user by the same name is added, they will have different UIDs.
-     */
-    uid?: string;
-
-    /** The names of groups this user is a part of. */
-    groups?: string[];
-
-    /** Any additional information provided by the authenticator. */
-    extra?: {
-      [key: string]: string[];
-    };
-  };
-
-  /** Object is the object from the incoming request prior to default values being applied */
-  readonly object: T;
-
-  /** OldObject is the existing object. Only populated for UPDATE or DELETE requests. */
-  readonly oldObject?: T;
-
-  /** DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. */
-  readonly dryRun?: boolean;
-
-  /**
-   * Options contains the options for the operation being performed.
-   * e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
-   * different than the options the caller provided. e.g. for a patch request the performed
-   * Operation might be a CREATE, in which case the Options will a
-   * `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
-   */
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  readonly options?: any;
-}
-
-/**
- * GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
- * to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
- */
-export interface GroupVersionResource {
-  readonly group: string;
-  readonly version: string;
-  readonly resource: string;
-}
@@ -6,7 +6,7 @@ import { kind } from "kubernetes-fluent-client";
 import { Capability } from "./capability";
 import { shouldSkipRequest } from "./filter";
 import { ValidateResponse } from "./k8s";
-import { AdmissionRequest } from "./types";
+import { AdmissionRequest } from "./validate-types";
 import Log from "./logger";
 import { convertFromBase64Map } from "./utils";
 import { PeprValidateRequest } from "./validate-request";

@@ -3,7 +3,7 @@
 
 import { beforeEach, describe, expect, it } from "@jest/globals";
 import { KubernetesObject } from "kubernetes-fluent-client";
-import { ValidateActionResponse, AdmissionRequest } from "./types";
+import { ValidateActionResponse, AdmissionRequest } from "./validate-types";
 import { Operation } from "./mutate-types";
 import { PeprValidateRequest } from "./validate-request";
 describe("PeprValidateRequest", () => {

@@ -4,10 +4,8 @@
 /* eslint-disable class-methods-use-this */
 
 import { KubernetesObject } from "kubernetes-fluent-client";
-
 import { clone } from "ramda";
-import { AdmissionRequest } from "./types";
-import { ValidateActionResponse } from "./types";
+import { AdmissionRequest, ValidateActionResponse } from "./validate-types";
 import { Operation } from "./mutate-types";
 
 /**