forked from defenseunicorns/uds-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pepr.ts
65 lines (56 loc) · 1.99 KB
/
pepr.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/**
* Copyright 2024 Defense Unicorns
* SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
*/
import { PeprModule } from "pepr";
import cfg from "./package.json";
import { DataStore } from "pepr/dist/lib/storage";
import { istio } from "./src/pepr/istio";
import { Component, setupLogger } from "./src/pepr/logger";
import { operator } from "./src/pepr/operator";
import { setupAuthserviceSecret } from "./src/pepr/operator/controllers/keycloak/authservice/config";
import { Policy } from "./src/pepr/operator/crd";
import { registerCRDs } from "./src/pepr/operator/crd/register";
import { patches } from "./src/pepr/patches";
import { policies, startExemptionWatch } from "./src/pepr/policies";
import { prometheus } from "./src/pepr/prometheus";
const log = setupLogger(Component.STARTUP);
(async () => {
// Apply the CRDs to the cluster
await registerCRDs();
// KFC watch for exemptions and update in-memory map
await startExemptionWatch();
await setupAuthserviceSecret();
new PeprModule(cfg, [
// UDS Core Operator
operator,
// UDS Core Policies
policies,
// Istio service mesh
istio,
// Prometheus monitoring stack
prometheus,
// Patches for specific components
patches,
]);
// Remove legacy policy entries from the pepr store for the 0.5.0 upgrade
if (
process.env.PEPR_MODE === "dev" ||
(process.env.PEPR_WATCH_MODE === "true" && cfg.version === "0.5.0")
) {
log.debug("Clearing legacy pepr store exemption entries...");
policies.Store.onReady((data: DataStore) => {
const policiesList = Object.values(Policy);
for (const p of Object.keys(data)) {
// if p matches a Policy key, remove it
if (policiesList.includes(p as Policy)) {
log.debug(`Removing legacy storage of ${p} policy exemptions...`);
policies.Store.removeItem(p);
}
}
});
}
})().catch(err => {
log.error(err, "Critical error during startup. Exiting...");
process.exit(1);
});