fix(kubernetes): allow optional checks for ConfigMap and Secret access

- Updated the `createKubernetesClient` function to allow optional checks for ConfigMap and Secret access by introducing `checkConfigMapAccess` and `checkSecretAccess` options.
- Adjusted the `compile-genesis` and `download-abi` commands to utilize the new client options for improved flexibility in Kubernetes interactions.

Author: roderik

src/cli/commands/compile-genesis/compile-genesis.command.ts

@@ -194,7 +194,9 @@ const compileGenesis = async ({
   genesisConfigMapName,
   outputPath,
 }: CompileGenesisOptions): Promise<void> => {
-  const context = await createKubernetesClient();
+  const context = await createKubernetesClient({
+    checkSecretAccess: false,
+  });
   const { namespace } = context;
 
   const genesisConfig = await waitForGenesisConfig(

src/cli/commands/download-abi/download-abi.command.ts

@@ -149,7 +149,10 @@ const fetchAbiConfigMaps = async (
 };
 
 const defaultDependencies: DownloadAbiDependencies = {
-  createContext: createKubernetesClient,
+  createContext: () =>
+    createKubernetesClient({
+      checkSecretAccess: false,
+    }),
 };
 
 const downloadAbi = async (

src/cli/integrations/kubernetes/kubernetes.client.ts

@@ -18,6 +18,11 @@ type KubernetesClient = {
   namespace: string;
 };
 
+type KubernetesClientOptions = {
+  checkConfigMapAccess?: boolean;
+  checkSecretAccess?: boolean;
+};
+
 type ConfigMapEntrySpec = {
   key: string;
   name: string;
@@ -127,7 +132,10 @@ const getStatusCode = (error: unknown): number | undefined => {
   return;
 };
 
-const createKubernetesClient = async (): Promise<KubernetesClient> => {
+const createKubernetesClient = async (
+  options: KubernetesClientOptions = {}
+): Promise<KubernetesClient> => {
+  const { checkConfigMapAccess = true, checkSecretAccess = true } = options;
   Bun.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
   const kubeConfig = new KubeConfig();
   try {
@@ -153,16 +161,25 @@ const createKubernetesClient = async (): Promise<KubernetesClient> => {
   }
 
   const client = kubeConfig.makeApiClient(CoreV1Api);
-  try {
-    await Promise.all([
-      client.listNamespacedConfigMap({ namespace, limit: 1 }),
-      client.listNamespacedSecret({ namespace, limit: 1 }),
-    ]);
-  } catch (error) {
-    throw new Error(
-      `Kubernetes permissions check failed: ${extractKubernetesError(error)}`
+  const readinessChecks: Promise<unknown>[] = [];
+  if (checkConfigMapAccess) {
+    readinessChecks.push(
+      client.listNamespacedConfigMap({ namespace, limit: 1 })
     );
   }
+  if (checkSecretAccess) {
+    readinessChecks.push(client.listNamespacedSecret({ namespace, limit: 1 }));
+  }
+
+  if (readinessChecks.length > 0) {
+    try {
+      await Promise.all(readinessChecks);
+    } catch (error) {
+      throw new Error(
+        `Kubernetes permissions check failed: ${extractKubernetesError(error)}`
+      );
+    }
+  }
 
   return { client, namespace };
 };
@@ -287,7 +304,12 @@ const readConfigMap = async (
   }
 };
 
-export type { ConfigMapEntrySpec, KubernetesClient, SecretEntrySpec };
+export type {
+  ConfigMapEntrySpec,
+  KubernetesClient,
+  KubernetesClientOptions,
+  SecretEntrySpec,
+};
 export {
   createConfigMap,
   createKubernetesClient,