@aws-cdk/cloud-assembly-api 0.0.1 → 2.0.1

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -1,45 +1,19 @@
-# @aws-cdk/cloud-assembly-api
+# Cloud Assembly API
 
-## ⚠️ IMPORTANT NOTICE ⚠️
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
 
-**This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.**
+It provides routines to save and load Cloud Assembly manifests, as defined in
+the `@aws-cdk/cloud-assembly-schema` package.
 
-This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration.
+A lot of this code used to live in the `@aws-cdk/cx-api` package, but has been
+extracted from it to its own package. That original package used to define the
+`Cloud Executable <--> CDK CLI` contract in both directions, but this
+responsibility has now been split:
 
-## Purpose
-
-This package exists to:
-1. Configure OIDC trusted publishing for the package name `@aws-cdk/cloud-assembly-api`
-2. Enable secure, token-less publishing from CI/CD workflows
-3. Establish provenance for packages published under this name
-
-## What is OIDC Trusted Publishing?
-
-OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm.
-
-## Setup Instructions
-
-To properly configure OIDC trusted publishing for this package:
-
-1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings
-2. Configure the trusted publisher (e.g., GitHub Actions)
-3. Specify the repository and workflow that should be allowed to publish
-4. Use the configured workflow to publish your actual package
-
-## DO NOT USE THIS PACKAGE
-
-This package is a placeholder for OIDC configuration only. It:
-- Contains no executable code
-- Provides no functionality
-- Should not be installed as a dependency
-- Exists only for administrative purposes
-
-## More Information
-
-For more details about npm's trusted publishing feature, see:
-- [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
-
----
-
-**Maintained for OIDC setup purposes only**
+```
+┌────────────────────────┐  @/cloud-assembly-api   ┌────────────────┐
+│                        │────────────────────────▶│                │
+│    Cloud Executable    │                         │    CDK CLI     │
+│                        │◀────────────────────────│                │
+└────────────────────────┘         @/cx-api        └────────────────┘
+```

package/design/NESTED_ASSEMBLIES.md

@@ -0,0 +1,93 @@
+# Nested Assemblies
+
+For the CI/CD project we need to be able to a final, authoritative, immutable
+rendition of part of the construct tree. This is a part of the application
+that we can ask the CI/CD system to deploy as a unit, and have it get a fighting
+chance of getting it right. This is because:
+
+- The stacks will be known.
+- Their interdependencies will be known, and won't change anymore.
+
+To that end, we're introducing the concept of an "nested cloud assembly".
+This is a part of the construct tree that is finalized independently of the
+rest, so that other constructs can reflect on it.
+
+Constructs of type `Stage` will produce nested cloud assemblies.
+
+## Restrictions
+
+### Assets
+
+Right now, if the same asset is used in multiple cloud assemblies, it will
+be staged independently in ever Cloud Assembly (making it take up more
+space than necessary).
+
+This is unfortunate. We can think about sharing the staging directories
+between Stages, should be an easy optimization that can be applied later.
+
+### Dependencies
+
+It seems that it might be desirable to have dependencies that reach outside
+a single `Stage`. Consider the case where we have shared resources that
+may be shared between Stages. A typical example would be a VPC:
+
+```
+                      ┌───────────────┐
+                      │               │
+                      │   VpcStack    │
+                      │               │
+                      └───────────────┘
+                              ▲
+                              │
+                              │
+                ┌─────────────┴─────────────┐
+                │                           │
+┌───────────────┼──────────┐     ┌──────────┼───────────────┐
+│Stage          │          │     │          │          Stage│
+│               │          │     │          │               │
+│       ┌───────────────┐  │     │  ┌───────────────┐       │
+│       │               │  │     │  │               │       │
+│       │   App1Stack   │  │     │  │   App2Stack   │       │
+│       │               │  │     │  │               │       │
+│       └───────────────┘  │     │  └───────────────┘       │
+│                          │     │                          │
+└──────────────────────────┘     └──────────────────────────┘
+```
+
+This seems like a reasonable thing to want to be able to do.
+
+
+Right now, for practical reasons we're disallowing dependencies outside
+nested assemblies. That is not to say that this can never be made to work,
+but as it's really rather a significant chunk of work it has not been
+implemented yet. Things to consider:
+
+- Do artifact identifiers need to be globally unique? (Does that destroy
+  local assumptions around naming that constructs can make?)
+- How are artifacts addressed across assembly boundaries? Are they just the
+  absolute name, wherever in the Cloud Assembly tree the artifact is? Do they
+  represent a path from the top-level cloud assembly
+  (`SubAsm/SubAsm/Artifact`)? Are they relative paths (`../SubAsm/Artifact`)?
+- Can there be cyclic dependencies between nested assemblies? Is it okay to
+  have both dependencies `AsmA/Stack1 -> AsmB/Stack1`, and `AsmB/Stack2 ->
+  AsmA/Stack2`? Why, or why not? How will we ensure that?
+
+Even if we can make the addressing work at the artifact level, at the
+construct tree level we'd be giving up the guarantees we are getting from
+having `Stage` constructs produce isolated Cloud Assemblies by having
+dependencies outside them. Consider having two stages, `StageA` with `StackA`
+and `StageB` with `StackB`. We must `synth()` them in some order, either A or
+B first. Let's say A goes first (but the same argument obviously holds in
+reverse). What if during the `synth()` of `StageB`, we discover `StackB`
+introduces a dependency on `StackA`? By that point, `StageA` has already
+synthesized and `StackA` has produced a (so-called "immutable") template.
+Obviously we can't change that anymore, so we can't introduce that dependency
+anymore.
+
+Seems like we should be calling `synth()` on multiple stages consumer-first!
+
+The problem is that we are generally building a Pipeline *producer*-first, since
+we are modeling and building it in deployment order, which is the reverse order
+the pipeline would `synth()` each of the stages in, in order to build itself.
+
+Since this is all very tricky, let's consider it out of scope for now.

package/lib/artifacts/asset-manifest-artifact.d.ts

@@ -0,0 +1,46 @@
+import type * as cxschema from '@aws-cdk/cloud-assembly-schema';
+import { CloudArtifact } from '../cloud-artifact';
+import type { CloudAssembly } from '../cloud-assembly';
+/**
+ * Asset manifest is a description of a set of assets which need to be built and published
+ */
+export declare class AssetManifestArtifact extends CloudArtifact {
+    /**
+     * Checks if `art` is an instance of this class.
+     *
+     * Use this method instead of `instanceof` to properly detect `AssetManifestArtifact`
+     * instances, even when the construct library is symlinked.
+     *
+     * Explanation: in JavaScript, multiple copies of the `cx-api` library on
+     * disk are seen as independent, completely different libraries. As a
+     * consequence, the class `AssetManifestArtifact` in each copy of the `cx-api` library
+     * is seen as a different class, and an instance of one class will not test as
+     * `instanceof` the other class. `npm install` will not create installations
+     * like this, but users may manually symlink construct libraries together or
+     * use a monorepo tool: in those cases, multiple copies of the `cx-api`
+     * library can be accidentally installed, and `instanceof` will behave
+     * unpredictably. It is safest to avoid using `instanceof`, and using
+     * this type-testing method instead.
+     */
+    static isAssetManifestArtifact(this: void, art: any): art is AssetManifestArtifact;
+    /**
+     * The file name of the asset manifest
+     */
+    readonly file: string;
+    /**
+     * Version of bootstrap stack required to deploy this stack
+     */
+    readonly requiresBootstrapStackVersion: number | undefined;
+    /**
+     * Name of SSM parameter with bootstrap stack version
+     *
+     * @default - Discover SSM parameter by reading stack
+     */
+    readonly bootstrapStackVersionSsmParameter?: string;
+    private _contents?;
+    constructor(assembly: CloudAssembly, name: string, artifact: cxschema.ArtifactManifest);
+    /**
+     * The Asset Manifest contents
+     */
+    get contents(): cxschema.AssetManifest;
+}

package/lib/artifacts/asset-manifest-artifact.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AssetManifestArtifact = void 0;
+const fs = require("fs");
+const path = require("path");
+const cloud_artifact_1 = require("../cloud-artifact");
+const error_1 = require("../private/error");
+const ASSET_MANIFEST_ARTIFACT_SYM = Symbol.for('@aws-cdk/cx-api.AssetManifestArtifact');
+/**
+ * Asset manifest is a description of a set of assets which need to be built and published
+ */
+class AssetManifestArtifact extends cloud_artifact_1.CloudArtifact {
+    /**
+     * Checks if `art` is an instance of this class.
+     *
+     * Use this method instead of `instanceof` to properly detect `AssetManifestArtifact`
+     * instances, even when the construct library is symlinked.
+     *
+     * Explanation: in JavaScript, multiple copies of the `cx-api` library on
+     * disk are seen as independent, completely different libraries. As a
+     * consequence, the class `AssetManifestArtifact` in each copy of the `cx-api` library
+     * is seen as a different class, and an instance of one class will not test as
+     * `instanceof` the other class. `npm install` will not create installations
+     * like this, but users may manually symlink construct libraries together or
+     * use a monorepo tool: in those cases, multiple copies of the `cx-api`
+     * library can be accidentally installed, and `instanceof` will behave
+     * unpredictably. It is safest to avoid using `instanceof`, and using
+     * this type-testing method instead.
+     */
+    static isAssetManifestArtifact(art) {
+        return art && typeof art === 'object' && art[ASSET_MANIFEST_ARTIFACT_SYM];
+    }
+    constructor(assembly, name, artifact) {
+        super(assembly, name, artifact);
+        const properties = (this.manifest.properties || {});
+        if (!properties.file) {
+            throw new error_1.CloudAssemblyError('Invalid AssetManifestArtifact. Missing "file" property');
+        }
+        this.file = path.resolve(this.assembly.directory, properties.file);
+        this.requiresBootstrapStackVersion = properties.requiresBootstrapStackVersion;
+        this.bootstrapStackVersionSsmParameter = properties.bootstrapStackVersionSsmParameter;
+    }
+    /**
+     * The Asset Manifest contents
+     */
+    get contents() {
+        if (this._contents !== undefined) {
+            return this._contents;
+        }
+        const contents = this._contents = JSON.parse(fs.readFileSync(this.file, 'utf-8'));
+        return contents;
+    }
+}
+exports.AssetManifestArtifact = AssetManifestArtifact;
+/**
+ * Mark all instances of 'AssetManifestArtifact'
+ *
+ * Why not put this in the constructor? Because this is a class property,
+ * not an instance property. It applies to all instances of the class.
+ */
+Object.defineProperty(AssetManifestArtifact.prototype, ASSET_MANIFEST_ARTIFACT_SYM, {
+    value: true,
+    enumerable: false,
+    writable: false,
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXQtbWFuaWZlc3QtYXJ0aWZhY3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJhc3NldC1tYW5pZmVzdC1hcnRpZmFjdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSx5QkFBeUI7QUFDekIsNkJBQTZCO0FBRTdCLHNEQUFrRDtBQUVsRCw0Q0FBc0Q7QUFFdEQsTUFBTSwyQkFBMkIsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDLHVDQUF1QyxDQUFDLENBQUM7QUFFeEY7O0dBRUc7QUFDSCxNQUFhLHFCQUFzQixTQUFRLDhCQUFhO0lBQ3REOzs7Ozs7Ozs7Ozs7Ozs7O09BZ0JHO0lBQ0ksTUFBTSxDQUFDLHVCQUF1QixDQUFhLEdBQVE7UUFDeEQsT0FBTyxHQUFHLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxJQUFJLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFxQkQsWUFBWSxRQUF1QixFQUFFLElBQVksRUFBRSxRQUFtQztRQUNwRixLQUFLLENBQUMsUUFBUSxFQUFFLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQztRQUVoQyxNQUFNLFVBQVUsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLEVBQUUsQ0FBcUMsQ0FBQztRQUN4RixJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3JCLE1BQU0sSUFBSSwwQkFBa0IsQ0FBQyx3REFBd0QsQ0FBQyxDQUFDO1FBQ3pGLENBQUM7UUFDRCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25FLElBQUksQ0FBQyw2QkFBNkIsR0FBRyxVQUFVLENBQUMsNkJBQTZCLENBQUM7UUFDOUUsSUFBSSxDQUFDLGlDQUFpQyxHQUFHLFVBQVUsQ0FBQyxpQ0FBaUMsQ0FBQztJQUN4RixDQUFDO0lBRUQ7O09BRUc7SUFDSCxJQUFXLFFBQVE7UUFDakIsSUFBSSxJQUFJLENBQUMsU0FBUyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2pDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUN4QixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBQ2xGLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7Q0FDRjtBQWhFRCxzREFnRUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxjQUFjLENBQUMscUJBQXFCLENBQUMsU0FBUyxFQUFFLDJCQUEyQixFQUFFO0lBQ2xGLEtBQUssRUFBRSxJQUFJO0lBQ1gsVUFBVSxFQUFFLEtBQUs7SUFDakIsUUFBUSxFQUFFLEtBQUs7Q0FDaEIsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgZnMgZnJvbSAnZnMnO1xuaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcbmltcG9ydCB0eXBlICogYXMgY3hzY2hlbWEgZnJvbSAnQGF3cy1jZGsvY2xvdWQtYXNzZW1ibHktc2NoZW1hJztcbmltcG9ydCB7IENsb3VkQXJ0aWZhY3QgfSBmcm9tICcuLi9jbG91ZC1hcnRpZmFjdCc7XG5pbXBvcnQgdHlwZSB7IENsb3VkQXNzZW1ibHkgfSBmcm9tICcuLi9jbG91ZC1hc3NlbWJseSc7XG5pbXBvcnQgeyBDbG91ZEFzc2VtYmx5RXJyb3IgfSBmcm9tICcuLi9wcml2YXRlL2Vycm9yJztcblxuY29uc3QgQVNTRVRfTUFOSUZFU1RfQVJUSUZBQ1RfU1lNID0gU3ltYm9sLmZvcignQGF3cy1jZGsvY3gtYXBpLkFzc2V0TWFuaWZlc3RBcnRpZmFjdCcpO1xuXG4vKipcbiAqIEFzc2V0IG1hbmlmZXN0IGlzIGEgZGVzY3JpcHRpb24gb2YgYSBzZXQgb2YgYXNzZXRzIHdoaWNoIG5lZWQgdG8gYmUgYnVpbHQgYW5kIHB1Ymxpc2hlZFxuICovXG5leHBvcnQgY2xhc3MgQXNzZXRNYW5pZmVzdEFydGlmYWN0IGV4dGVuZHMgQ2xvdWRBcnRpZmFjdCB7XG4gIC8qKlxuICAgKiBDaGVja3MgaWYgYGFydGAgaXMgYW4gaW5zdGFuY2Ugb2YgdGhpcyBjbGFzcy5cbiAgICpcbiAgICogVXNlIHRoaXMgbWV0aG9kIGluc3RlYWQgb2YgYGluc3RhbmNlb2ZgIHRvIHByb3Blcmx5IGRldGVjdCBgQXNzZXRNYW5pZmVzdEFydGlmYWN0YFxuICAgKiBpbnN0YW5jZXMsIGV2ZW4gd2hlbiB0aGUgY29uc3RydWN0IGxpYnJhcnkgaXMgc3ltbGlua2VkLlxuICAgKlxuICAgKiBFeHBsYW5hdGlvbjogaW4gSmF2YVNjcmlwdCwgbXVsdGlwbGUgY29waWVzIG9mIHRoZSBgY3gtYXBpYCBsaWJyYXJ5IG9uXG4gICAqIGRpc2sgYXJlIHNlZW4gYXMgaW5kZXBlbmRlbnQsIGNvbXBsZXRlbHkgZGlmZmVyZW50IGxpYnJhcmllcy4gQXMgYVxuICAgKiBjb25zZXF1ZW5jZSwgdGhlIGNsYXNzIGBBc3NldE1hbmlmZXN0QXJ0aWZhY3RgIGluIGVhY2ggY29weSBvZiB0aGUgYGN4LWFwaWAgbGlicmFyeVxuICAgKiBpcyBzZWVuIGFzIGEgZGlmZmVyZW50IGNsYXNzLCBhbmQgYW4gaW5zdGFuY2Ugb2Ygb25lIGNsYXNzIHdpbGwgbm90IHRlc3QgYXNcbiAgICogYGluc3RhbmNlb2ZgIHRoZSBvdGhlciBjbGFzcy4gYG5wbSBpbnN0YWxsYCB3aWxsIG5vdCBjcmVhdGUgaW5zdGFsbGF0aW9uc1xuICAgKiBsaWtlIHRoaXMsIGJ1dCB1c2VycyBtYXkgbWFudWFsbHkgc3ltbGluayBjb25zdHJ1Y3QgbGlicmFyaWVzIHRvZ2V0aGVyIG9yXG4gICAqIHVzZSBhIG1vbm9yZXBvIHRvb2w6IGluIHRob3NlIGNhc2VzLCBtdWx0aXBsZSBjb3BpZXMgb2YgdGhlIGBjeC1hcGlgXG4gICAqIGxpYnJhcnkgY2FuIGJlIGFjY2lkZW50YWxseSBpbnN0YWxsZWQsIGFuZCBgaW5zdGFuY2VvZmAgd2lsbCBiZWhhdmVcbiAgICogdW5wcmVkaWN0YWJseS4gSXQgaXMgc2FmZXN0IHRvIGF2b2lkIHVzaW5nIGBpbnN0YW5jZW9mYCwgYW5kIHVzaW5nXG4gICAqIHRoaXMgdHlwZS10ZXN0aW5nIG1ldGhvZCBpbnN0ZWFkLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBpc0Fzc2V0TWFuaWZlc3RBcnRpZmFjdCh0aGlzOiB2b2lkLCBhcnQ6IGFueSk6IGFydCBpcyBBc3NldE1hbmlmZXN0QXJ0aWZhY3Qge1xuICAgIHJldHVybiBhcnQgJiYgdHlwZW9mIGFydCA9PT0gJ29iamVjdCcgJiYgYXJ0W0FTU0VUX01BTklGRVNUX0FSVElGQUNUX1NZTV07XG4gIH1cblxuICAvKipcbiAgICogVGhlIGZpbGUgbmFtZSBvZiB0aGUgYXNzZXQgbWFuaWZlc3RcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBmaWxlOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFZlcnNpb24gb2YgYm9vdHN0cmFwIHN0YWNrIHJlcXVpcmVkIHRvIGRlcGxveSB0aGlzIHN0YWNrXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcmVxdWlyZXNCb290c3RyYXBTdGFja1ZlcnNpb246IG51bWJlciB8IHVuZGVmaW5lZDtcblxuICAvKipcbiAgICogTmFtZSBvZiBTU00gcGFyYW1ldGVyIHdpdGggYm9vdHN0cmFwIHN0YWNrIHZlcnNpb25cbiAgICpcbiAgICogQGRlZmF1bHQgLSBEaXNjb3ZlciBTU00gcGFyYW1ldGVyIGJ5IHJlYWRpbmcgc3RhY2tcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBib290c3RyYXBTdGFja1ZlcnNpb25Tc21QYXJhbWV0ZXI/OiBzdHJpbmc7XG5cbiAgcHJpdmF0ZSBfY29udGVudHM/OiBjeHNjaGVtYS5Bc3NldE1hbmlmZXN0O1xuXG4gIGNvbnN0cnVjdG9yKGFzc2VtYmx5OiBDbG91ZEFzc2VtYmx5LCBuYW1lOiBzdHJpbmcsIGFydGlmYWN0OiBjeHNjaGVtYS5BcnRpZmFjdE1hbmlmZXN0KSB7XG4gICAgc3VwZXIoYXNzZW1ibHksIG5hbWUsIGFydGlmYWN0KTtcblxuICAgIGNvbnN0IHByb3BlcnRpZXMgPSAodGhpcy5tYW5pZmVzdC5wcm9wZXJ0aWVzIHx8IHt9KSBhcyBjeHNjaGVtYS5Bc3NldE1hbmlmZXN0UHJvcGVydGllcztcbiAgICBpZiAoIXByb3BlcnRpZXMuZmlsZSkge1xuICAgICAgdGhyb3cgbmV3IENsb3VkQXNzZW1ibHlFcnJvcignSW52YWxpZCBBc3NldE1hbmlmZXN0QXJ0aWZhY3QuIE1pc3NpbmcgXCJmaWxlXCIgcHJvcGVydHknKTtcbiAgICB9XG4gICAgdGhpcy5maWxlID0gcGF0aC5yZXNvbHZlKHRoaXMuYXNzZW1ibHkuZGlyZWN0b3J5LCBwcm9wZXJ0aWVzLmZpbGUpO1xuICAgIHRoaXMucmVxdWlyZXNCb290c3RyYXBTdGFja1ZlcnNpb24gPSBwcm9wZXJ0aWVzLnJlcXVpcmVzQm9vdHN0cmFwU3RhY2tWZXJzaW9uO1xuICAgIHRoaXMuYm9vdHN0cmFwU3RhY2tWZXJzaW9uU3NtUGFyYW1ldGVyID0gcHJvcGVydGllcy5ib290c3RyYXBTdGFja1ZlcnNpb25Tc21QYXJhbWV0ZXI7XG4gIH1cblxuICAvKipcbiAgICogVGhlIEFzc2V0IE1hbmlmZXN0IGNvbnRlbnRzXG4gICAqL1xuICBwdWJsaWMgZ2V0IGNvbnRlbnRzKCk6IGN4c2NoZW1hLkFzc2V0TWFuaWZlc3Qge1xuICAgIGlmICh0aGlzLl9jb250ZW50cyAhPT0gdW5kZWZpbmVkKSB7XG4gICAgICByZXR1cm4gdGhpcy5fY29udGVudHM7XG4gICAgfVxuXG4gICAgY29uc3QgY29udGVudHMgPSB0aGlzLl9jb250ZW50cyA9IEpTT04ucGFyc2UoZnMucmVhZEZpbGVTeW5jKHRoaXMuZmlsZSwgJ3V0Zi04JykpO1xuICAgIHJldHVybiBjb250ZW50cztcbiAgfVxufVxuXG4vKipcbiAqIE1hcmsgYWxsIGluc3RhbmNlcyBvZiAnQXNzZXRNYW5pZmVzdEFydGlmYWN0J1xuICpcbiAqIFdoeSBub3QgcHV0IHRoaXMgaW4gdGhlIGNvbnN0cnVjdG9yPyBCZWNhdXNlIHRoaXMgaXMgYSBjbGFzcyBwcm9wZXJ0eSxcbiAqIG5vdCBhbiBpbnN0YW5jZSBwcm9wZXJ0eS4gSXQgYXBwbGllcyB0byBhbGwgaW5zdGFuY2VzIG9mIHRoZSBjbGFzcy5cbiAqL1xuT2JqZWN0LmRlZmluZVByb3BlcnR5KEFzc2V0TWFuaWZlc3RBcnRpZmFjdC5wcm90b3R5cGUsIEFTU0VUX01BTklGRVNUX0FSVElGQUNUX1NZTSwge1xuICB2YWx1ZTogdHJ1ZSxcbiAgZW51bWVyYWJsZTogZmFsc2UsXG4gIHdyaXRhYmxlOiBmYWxzZSxcbn0pO1xuIl19

package/lib/artifacts/cloudformation-artifact.d.ts

@@ -0,0 +1,147 @@
+import * as cxschema from '@aws-cdk/cloud-assembly-schema';
+import { CloudArtifact } from '../cloud-artifact';
+import type { CloudAssembly } from '../cloud-assembly';
+import type { Environment } from '../environment';
+export declare class CloudFormationStackArtifact extends CloudArtifact {
+    /**
+     * Checks if `art` is an instance of this class.
+     *
+     * Use this method instead of `instanceof` to properly detect `CloudFormationStackArtifact`
+     * instances, even when the construct library is symlinked.
+     *
+     * Explanation: in JavaScript, multiple copies of the `cx-api` library on
+     * disk are seen as independent, completely different libraries. As a
+     * consequence, the class `CloudFormationStackArtifact` in each copy of the `cx-api` library
+     * is seen as a different class, and an instance of one class will not test as
+     * `instanceof` the other class. `npm install` will not create installations
+     * like this, but users may manually symlink construct libraries together or
+     * use a monorepo tool: in those cases, multiple copies of the `cx-api`
+     * library can be accidentally installed, and `instanceof` will behave
+     * unpredictably. It is safest to avoid using `instanceof`, and using
+     * this type-testing method instead.
+     */
+    static isCloudFormationStackArtifact(art: any): art is CloudFormationStackArtifact;
+    /**
+     * The file name of the template.
+     */
+    readonly templateFile: string;
+    /**
+     * The original name as defined in the CDK app.
+     */
+    readonly originalName: string;
+    /**
+     * Any assets associated with this stack.
+     */
+    readonly assets: cxschema.AssetMetadataEntry[];
+    /**
+     * CloudFormation parameters to pass to the stack.
+     */
+    readonly parameters: {
+        [id: string]: string;
+    };
+    /**
+     * CloudFormation tags to pass to the stack.
+     */
+    readonly tags: {
+        [id: string]: string;
+    };
+    /**
+     * SNS Topics that will receive stack events.
+     */
+    readonly notificationArns?: string[];
+    /**
+     * The physical name of this stack.
+     */
+    readonly stackName: string;
+    /**
+     * A string that represents this stack. Should only be used in user
+     * interfaces. If the stackName has not been set explicitly, or has been set
+     * to artifactId, it will return the hierarchicalId of the stack. Otherwise,
+     * it will return something like "<hierarchicalId> (<stackName>)"
+     */
+    readonly displayName: string;
+    /**
+     * The physical name of this stack.
+     * @deprecated renamed to `stackName`
+     */
+    readonly name: string;
+    /**
+     * The environment into which to deploy this artifact.
+     */
+    readonly environment: Environment;
+    /**
+     * The role that needs to be assumed to deploy the stack
+     *
+     * @default - No role is assumed (current credentials are used)
+     */
+    readonly assumeRoleArn?: string;
+    /**
+     * External ID to use when assuming role for cloudformation deployments
+     *
+     * @default - No external ID
+     */
+    readonly assumeRoleExternalId?: string;
+    /**
+     * Additional options to pass to STS when assuming the role for cloudformation deployments.
+     *
+     * - `RoleArn` should not be used. Use the dedicated `assumeRoleArn` property instead.
+     * - `ExternalId` should not be used. Use the dedicated `assumeRoleExternalId` instead.
+     * - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default.
+     *
+     * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+     * @default - No additional options.
+     */
+    readonly assumeRoleAdditionalOptions?: {
+        [key: string]: any;
+    };
+    /**
+     * The role that is passed to CloudFormation to execute the change set
+     *
+     * @default - No role is passed (currently assumed role/credentials are used)
+     */
+    readonly cloudFormationExecutionRoleArn?: string;
+    /**
+     * The role to use to look up values from the target AWS account
+     *
+     * @default - No role is assumed (current credentials are used)
+     */
+    readonly lookupRole?: cxschema.BootstrapRole;
+    /**
+     * If the stack template has already been included in the asset manifest, its asset URL
+     *
+     * @default - Not uploaded yet, upload just before deploying
+     */
+    readonly stackTemplateAssetObjectUrl?: string;
+    /**
+     * Version of bootstrap stack required to deploy this stack
+     *
+     * @default - No bootstrap stack required
+     */
+    readonly requiresBootstrapStackVersion?: number;
+    /**
+     * Name of SSM parameter with bootstrap stack version
+     *
+     * @default - Discover SSM parameter by reading stack
+     */
+    readonly bootstrapStackVersionSsmParameter?: string;
+    /**
+     * Whether termination protection is enabled for this stack.
+     */
+    readonly terminationProtection?: boolean;
+    /**
+     * Whether this stack should be validated by the CLI after synthesis
+     *
+     * @default - false
+     */
+    readonly validateOnSynth?: boolean;
+    private _template;
+    constructor(assembly: CloudAssembly, artifactId: string, artifact: cxschema.ArtifactManifest);
+    /**
+     * Full path to the template file
+     */
+    get templateFullPath(): string;
+    /**
+     * The CloudFormation template for this stack.
+     */
+    get template(): any;
+}