fix(sub2api): add JD01 account local proxy

This commit is contained in:
Codex
2026-06-30 10:38:03 +00:00
parent b1fda2a479
commit b073a1c52c
9 changed files with 395 additions and 29 deletions
+41 -4
View File
@@ -14,7 +14,7 @@ import { capture, compactCapture, parseJsonOutput, prepareFrpcSecret, shQuote }
import { yamlBooleanField, yamlFieldLabel, yamlIntegerField } from "../platform-infra-ops-library";
import { fingerprintSecretValues, parseEnvFile, readEnvSourceFile, readTextFile, redactRepoPath, requiredEnvValue } from "../secrets";
import type { Sub2ApiEgressProxyConfig, Sub2ApiPublicExposureConfig } from "./entry";
import type { Sub2ApiAccountLocalProxyConfig, Sub2ApiEgressProxyConfig, Sub2ApiPublicExposureConfig } from "./entry";
import type { ApplyOptions, DisclosureOptions, TargetOptions } from "./options";
import { applyScript, dryRunScript } from "./apply-script";
import { readSub2ApiConfig } from "./config";
@@ -23,7 +23,7 @@ import { hostDockerApplyScript, hostDockerDryRunScript, hostDockerPlanSummary, h
import { imageRef, isExternalTarget, isHostDockerTarget, managedResourceCleanupPlan, manifest, resolveTarget, targetDatabase, targetDependencyImages, targetHasSentinel, targetImage } from "./manifest";
import { applyPk01PublicExposure } from "./pk01-public-exposure";
import { policyChecks } from "./policy";
import { prepareEgressProxySecret, prepareExternalActiveSecret, preparePublicExposureSecret } from "./secrets-and-egress";
import { prepareAccountLocalProxySecret, prepareEgressProxySecret, prepareExternalActiveSecret, preparePublicExposureSecret } from "./secrets-and-egress";
import { statusScript } from "./status-script";
import { boolField } from "./utils";
@@ -92,6 +92,24 @@ export function egressProxySummary(proxy: Sub2ApiEgressProxyConfig): Record<stri
};
}
export function accountLocalProxySummary(proxy: Sub2ApiAccountLocalProxyConfig): Record<string, unknown> {
return {
enabled: proxy.enabled,
mode: "sub2api-pod-loopback-account-proxy",
containerName: proxy.containerName,
secretName: proxy.secretName,
image: proxy.image,
imagePullPolicy: proxy.imagePullPolicy,
listen: `${proxy.listenHost}:${proxy.listenPort}`,
sourceConfigRef: proxy.sourceConfigRef,
sourceFingerprint: proxy.sourceFingerprint,
sourceRef: proxy.sourceRef,
sourceType: proxy.sourceType,
healthProbeUrl: proxy.healthProbeUrl,
valuesPrinted: false,
};
}
export function plan(options: TargetOptions): Record<string, unknown> {
const sub2api = readSub2ApiConfig();
const target = resolveTarget(sub2api, options.targetId);
@@ -131,6 +149,7 @@ export function plan(options: TargetOptions): Record<string, unknown> {
hostDocker,
publicExposure: target.publicExposure === null ? null : publicExposureSummary(target.publicExposure),
egressProxy: target.egressProxy === null ? null : egressProxySummary(target.egressProxy),
accountLocalProxy: target.accountLocalProxy === null ? null : accountLocalProxySummary(target.accountLocalProxy),
},
externalDatabase: isExternalTarget(target) ? {
status: target.databaseMode === "external-active" ? "external-db-active" : "pending-external-db",
@@ -189,6 +208,15 @@ export function plan(options: TargetOptions): Record<string, unknown> {
valuesPrinted: false,
}
: null,
accountLocalProxy: target.accountLocalProxy?.enabled
? {
mode: `${target.id} Sub2API pod loopback proxy for manually configured account proxy URLs`,
listen: `${target.accountLocalProxy.listenHost}:${target.accountLocalProxy.listenPort}`,
sourceRef: target.accountLocalProxy.sourceRef,
sourceType: target.accountLocalProxy.sourceType,
valuesPrinted: false,
}
: null,
dataStores: isExternalTarget(target)
? [
isHostDockerTarget(target) ? `PK01 local PostgreSQL through ${database.host}:${database.port}` : target.databaseMode === "external-active" ? "External PostgreSQL active from platform-db/PK01" : "External PostgreSQL pending from platform-db/Pika01",
@@ -263,7 +291,15 @@ export async function apply(config: UniDeskConfig, options: ApplyOptions): Promi
};
}
if (options.dryRun) {
const result = await capture(config, target.route, ["sh"], isHostDockerTarget(target) ? hostDockerDryRunScript(sub2api, target) : dryRunScript(yaml, target));
const accountLocalProxySecretMaterial = prepareAccountLocalProxySecret(sub2api, target);
const result = await capture(
config,
target.route,
["sh"],
isHostDockerTarget(target)
? hostDockerDryRunScript(sub2api, target)
: dryRunScript(yaml, target, accountLocalProxySecretMaterial),
);
const parsed = parseJsonOutput(result.stdout);
return {
ok: result.exitCode === 0 && boolField(parsed, "ok", false),
@@ -281,13 +317,14 @@ export async function apply(config: UniDeskConfig, options: ApplyOptions): Promi
const secretMaterial = target.databaseMode === "external-active" ? prepareExternalActiveSecret(sub2api) : null;
const publicExposureSecretMaterial = preparePublicExposureSecret(sub2api, target);
const egressProxySecretMaterial = prepareEgressProxySecret(sub2api, target);
const accountLocalProxySecretMaterial = prepareAccountLocalProxySecret(sub2api, target);
const result = await capture(
config,
target.route,
["sh"],
isHostDockerTarget(target)
? hostDockerApplyScript(sub2api, target, secretMaterial)
: applyScript(sub2api, yaml, target, secretMaterial, publicExposureSecretMaterial, egressProxySecretMaterial),
: applyScript(sub2api, yaml, target, secretMaterial, publicExposureSecretMaterial, egressProxySecretMaterial, accountLocalProxySecretMaterial),
);
const parsed = parseJsonOutput(result.stdout);
const pk01Exposure = target.publicExposure === null ? null : await applyPk01PublicExposure(config, target);