defenseunicorns · schaeferka · Oct 27, 2024 · Oct 27, 2024 · Oct 27, 2024 · Oct 28, 2024
@@ -34,12 +34,13 @@ jobs:
       - name: Circular Dependency Check
         run: |
           npx madge --circular --ts-config tsconfig.json --extensions ts,js src/ > tmp.log || true # Force exit 0 for post-processing
-          tail -n +4 tmp.log > circular-deps.log
-          if [ $(wc -l < circular-deps.log) -gt 11 ]; then
-            echo "circular-deps.log has more than 11 circular dependencies."
+          tail -n +6 tmp.log > circular-deps.log
+          if [ $(wc -l < circular-deps.log) -gt 6 ]; then
+            echo "circular-deps.log has more than 6 circular dependencies."
             wc -l circular-deps.log
             exit 1
           else
-            echo "circular-deps.log has 11 or fewer circular dependencies."
+            echo "circular-deps.log has 6 or fewer circular dependencies."
+
             exit 0
           fi
@@ -6,7 +6,8 @@
 import { promises as fs } from "fs";
 import { basename, dirname, extname, resolve } from "path";
 import { createDockerfile } from "../lib/included-files";
-import { Assets } from "../lib/assets";
+import { AssetsConfig } from "../lib/assets/assetsConfig";
+import { AssetsDeployer } from "../lib/assets/assetsDeployer";
 import { dependencies, version } from "./init/templates";
 import { RootCmd } from "./root";
 import { peprFormat } from "./format";
@@ -70,7 +71,7 @@
        ["admin", "scoped"],
      ),
    )
    .action(async opts => {
      // assign custom output directory if provided
      if (opts.outputDir) {
        outputDir = opts.outputDir;
@@ -128,7 +129,7 @@
       }
 
       // Generate a secret for the module
-      const assets = new Assets(
+      const assetsConfig = new AssetsConfig(
         {
           ...cfg.pepr,
           appVersion: cfg.version,
@@ -139,6 +140,8 @@
         path,
       );
 
+      const assets = new AssetsDeployer(assetsConfig);
+
       // If registry is set to Iron Bank, use Iron Bank image
       if (opts?.registry === "Iron Bank") {
         console.info(
@@ -149,7 +152,7 @@
 
       // if image is a custom image, use that instead of the default
       if (image !== "") {
-        assets.image = image;
+        assetsConfig.image = image;
       }
 
       // Ensure imagePullSecret is valid
@@ -170,7 +173,7 @@
 
       try {
         // wait for capabilities to be loaded and test names
-        validateCapabilityNames(assets.capabilities);
+        validateCapabilityNames(assetsConfig.capabilities);
       } catch (e) {
         console.error(`Error loading capability:`, e);
         process.exit(1);
@@ -243,7 +246,7 @@
  };
 }

 export async function buildModule(reloader?: Reloader, entryPoint = peprTS, embed = true) {
  try {
    const { cfg, modulePath, path, uuid } = await loadModule(entryPoint);

@@ -349,7 +352,7 @@
        const conflicts = [...out.matchAll(pgkErrMatch)];

        // If the regex didn't match, leave a generic error
        if (conflicts.length < 1) {
          console.info(
            `\n\tOne or more imported Pepr Capabilities seem to be using an incompatible version of Pepr.\n\tTry updating your Pepr Capabilities to their latest versions.`,
            "Version Conflict",

@@ -3,7 +3,8 @@
 
 import prompt from "prompts";
 
-import { Assets } from "../lib/assets";
+import { AssetsConfig } from "../lib/assets/assetsConfig";
+import { AssetsDeployer } from "../lib/assets/assetsDeployer";
 import { buildModule } from "./build";
 import { RootCmd } from "./root";
 import { validateCapabilityNames, namespaceDeploymentsReady } from "../lib/helpers";
@@ -23,7 +24,7 @@
    .option("--docker-email <email>", "Email for Docker registry")
    .option("--docker-password <password>", "Password for Docker registry")
    .option("--force", "Force deploy the module, override manager field")
    .action(async opts => {
      let imagePullSecret: ImagePullSecret | undefined;

      if (
@@ -73,27 +74,27 @@
 
       // Build the module
       const { cfg, path } = await buildModule();
-
-      // Generate a secret for the module
-      const webhook = new Assets(
+      // Initialize AssetsConfig and AssetsDeployer
+      const assetsConfig = new AssetsConfig(
         {
           ...cfg.pepr,
           description: cfg.description,
         },
         path,
       );
+      const assetsDeployer = new AssetsDeployer(assetsConfig);
 
       if (opts.image) {
-        webhook.image = opts.image;
+        assetsConfig.image = opts.image;
       }
 
       // Identify conf'd webhookTimeout to give to deploy call
       const timeout = cfg.pepr.webhookTimeout ? cfg.pepr.webhookTimeout : 10;
 
       try {
-        await webhook.deploy(opts.force, timeout);
+        await assetsDeployer.deploy(opts.force, timeout);
         // wait for capabilities to be loaded and test names
-        validateCapabilityNames(webhook.capabilities);
+        validateCapabilityNames(assetsConfig.capabilities);
         // Wait for the pepr-system resources to be fully up
         await namespaceDeploymentsReady();
         console.info(`✅ Module deployed successfully`);

@@ -5,7 +5,8 @@ import { ChildProcess, fork } from "child_process";
 import { promises as fs } from "fs";
 import prompt from "prompts";
 import { validateCapabilityNames } from "../lib/helpers";
-import { Assets } from "../lib/assets";
+import { AssetsConfig } from "../lib/assets/assetsConfig";
+import { AssetsDeployer } from "../lib/assets/assetsDeployer";
 import { buildModule, loadModule } from "./build";
 import { RootCmd } from "./root";
 import { K8s, kind } from "kubernetes-fluent-client";
@@ -34,8 +35,8 @@ export default function (program: RootCmd) {
       // Build the module
       const { cfg, path } = await loadModule();
 
-      // Generate a secret for the module
-      const webhook = new Assets(
+      // Initialize AssetsConfig with the configuration and path
+      const assetsConfig = new AssetsConfig(
         {
           ...cfg.pepr,
           description: cfg.description,
@@ -44,9 +45,12 @@ export default function (program: RootCmd) {
         opts.host,
       );
 
+      // Create an instance of AssetsDeployer
+      const assetsDeployer = new AssetsDeployer(assetsConfig);
+
       // Write the TLS cert and key to disk
-      await fs.writeFile("insecure-tls.crt", webhook.tls.pem.crt);
-      await fs.writeFile("insecure-tls.key", webhook.tls.pem.key);
+      await fs.writeFile("insecure-tls.crt", assetsConfig.tls.pem.crt);
+      await fs.writeFile("insecure-tls.key", assetsConfig.tls.pem.key);
 
       try {
         let program: ChildProcess;
@@ -59,11 +63,11 @@ export default function (program: RootCmd) {
           console.info(`Running module ${path}`);
 
           // Deploy the webhook with a 30 second timeout for debugging, don't force
-          await webhook.deploy(false, 30);
+          await assetsDeployer.deploy(false, 30);
 
           try {
             // wait for capabilities to be loaded and test names
-            validateCapabilityNames(webhook.capabilities);
+            validateCapabilityNames(assetsConfig.capabilities);
           } catch (e) {
             console.error(`Error validating capability names:`, e);
             process.exit(1);
@@ -74,7 +78,7 @@ export default function (program: RootCmd) {
               ...process.env,
               LOG_LEVEL: "debug",
               PEPR_MODE: "dev",
-              PEPR_API_TOKEN: webhook.apiToken,
+              PEPR_API_TOKEN: assetsConfig.apiToken,
               PEPR_PRETTY_LOGS: "true",
               SSL_KEY_PATH: "insecure-tls.key",
               SSL_CERT_PATH: "insecure-tls.crt",

@@ -0,0 +1,99 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-IdentifierText: 2023-Present The Pepr Authors
+
+import crypto from "crypto";
+import { genTLS, TLSOut } from "../tls";
+import { ModuleConfig } from "../module";
+import { CapabilityExport } from "../types";
+import { WebhookIgnore } from "../k8s";
+import { AssetsConfig } from "./assetsConfig";
+import { jest, describe, beforeEach, it, expect } from "@jest/globals";
+
+jest.mock("crypto");
+jest.mock("../tls");
+
+describe("AssetsConfig", () => {
+  const mockUUID = "test-uuid";
+  const mockAlwaysIgnore: WebhookIgnore = {};
+  const mockPeprVersion = "1.0.0";
+  const mockPath = "/path/to/module";
+  const mockHost = "example.com";
+  const mockConfig: ModuleConfig = {
+    uuid: mockUUID,
+    alwaysIgnore: mockAlwaysIgnore,
+    peprVersion: mockPeprVersion,
+  };
+
+  const mockTLS: TLSOut = {
+    crt: "mockCert",
+    key: "mockKey",
+    ca: "",
+    pem: {
+      ca: "",
+      crt: "",
+      key: "",
+    },
+  };
+
+  beforeEach(() => {
+    jest.resetAllMocks();
+    (genTLS as jest.Mock).mockReturnValue(mockTLS);
+    (crypto.randomBytes as jest.Mock).mockReturnValue({ toString: () => "mockApiToken" });
+  });
+
+  describe("Initialization", () => {
+    it("should initialize with correct values", () => {
+      const assetsConfig = new AssetsConfig(mockConfig, mockPath, mockHost);
+
+      expect(assetsConfig.name).toBe(`pepr-${mockUUID}`);
+      expect(assetsConfig.buildTimestamp).toMatch(/^\d+$/);
+      expect(assetsConfig.alwaysIgnore).toBe(mockAlwaysIgnore);
+      expect(assetsConfig.image).toBe(`ghcr.io/defenseunicorns/pepr/controller:v${mockPeprVersion}`);
+      expect(assetsConfig.tls).toEqual(mockTLS);
+      expect(assetsConfig.apiToken).toBe("mockApiToken");
+    });
+
+    it("should handle undefined host by defaulting to cluster internal URL", () => {
+      const assetsConfig = new AssetsConfig(mockConfig, mockPath);
+
+      expect(assetsConfig.tls).toEqual(mockTLS);
+      expect(genTLS).toHaveBeenCalledWith("pepr-test-uuid.pepr-system.svc");
+    });
+  });
+
+  describe("Setting Properties", () => {
+    it("should set hash correctly", () => {
+      const assetsConfig = new AssetsConfig(mockConfig, mockPath);
+      const testHash = "test-hash";
+
+      assetsConfig.setHash(testHash);
+
+      expect(assetsConfig.hash).toBe(testHash);
+    });
+
+    it("should allow setting capabilities", () => {
+      const assetsConfig = new AssetsConfig(mockConfig, mockPath);
+      const mockCapabilities: CapabilityExport[] = [
+        {
+          name: "test",
+          description: "test",
+          namespaces: [],
+          bindings: [],
+          hasSchedule: false,
+        },
+      ];
+
+      assetsConfig.capabilities = mockCapabilities;
+
+      expect(assetsConfig.capabilities).toBe(mockCapabilities);
+    });
+  });
+
+  describe("Capabilities", () => {
+    it("should have capabilities as undefined initially", () => {
+      const assetsConfig = new AssetsConfig(mockConfig, mockPath);
+
+      expect(assetsConfig.capabilities).toBeUndefined();
+    });
+  });
+});
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import crypto from "crypto";
+import { TLSOut, genTLS } from "../tls";
+import { ModuleConfig } from "../module";
+import { CapabilityExport } from "../types";
+import { WebhookIgnore } from "../k8s";
+
+export class AssetsConfig {
+  readonly name: string;
+  readonly tls: TLSOut;
+  readonly apiToken: string;
+  readonly alwaysIgnore!: WebhookIgnore;
+  capabilities!: CapabilityExport[];
+
+  image: string;
+  buildTimestamp: string;
+  hash: string;
+
+  constructor(
+    readonly config: ModuleConfig,
+    readonly path: string,
+    readonly host?: string,
+  ) {
+    this.name = `pepr-${config.uuid}`;
+    this.buildTimestamp = `${Date.now()}`;
+    this.alwaysIgnore = config.alwaysIgnore;
+    this.image = `ghcr.io/defenseunicorns/pepr/controller:v${config.peprVersion}`;
+    this.hash = "";
+    this.tls = genTLS(this.host || `${this.name}.pepr-system.svc`);
+    this.apiToken = crypto.randomBytes(32).toString("hex");
+  }
+
+  setHash = (hash: string) => {
+    this.hash = hash;
+  };
+}