@geek-fun/serverlessinsight 0.6.6 → 0.6.8

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@geek-fun/serverlessinsight",
-    "version": "0.6.6",
+    "version": "0.6.8",
     "description": "Full life cycle cross providers serverless application management for your fast-growing business.",
     "homepage": "https://serverlessinsight.geekfun.club",
     "main": "dist/src/index.js",

package/dist/src/commands/plan.js

@@ -23,7 +23,10 @@ const plan = async (options) => {
     const iac = (0, parser_1.revalYaml)(iacLocation, context);
     // Store IAC in context for access by all functions
     (0, common_1.setIac)(iac);
-    common_1.logger.info(lang_1.lang.__('GENERATING_PLAN_FOR_SCF'));
+    const providerDisplayName = iac.provider.name === common_1.ProviderEnum.ALIYUN
+        ? lang_1.lang.__('PROVIDER_ALIYUN')
+        : lang_1.lang.__('PROVIDER_TENCENT');
+    common_1.logger.info(lang_1.lang.__('GENERATING_PLAN_FOR_PROVIDER', { provider: providerDisplayName }));
     const backend = (0, stateBackend_1.createStateBackend)(iac.backend, context);
     let planResult;
     if (iac.provider.name === common_1.ProviderEnum.TENCENT) {

package/dist/src/common/aliyunClient/ecsOperations.js

@@ -78,115 +78,211 @@ const isDuplicateSecurityGroupRuleError = (error) => {
     ]);
     return duplicateCodes.has(error.code);
 };
-const createEcsOperations = (ecsClient, context) => ({
-    createSecurityGroup: async (securityGroupName, vpcId, ingressRules, egressRules, description) => {
-        const createRequest = new ecs.CreateSecurityGroupRequest({
-            regionId: context.region,
-            securityGroupName,
-            vpcId,
-            description: description ?? `ServerlessInsight security group for ${securityGroupName}`,
-        });
-        const response = await ecsClient.createSecurityGroup(createRequest);
-        const securityGroupId = response.body?.securityGroupId;
-        if (!securityGroupId) {
-            throw new Error('Failed to create security group');
-        }
-        // Add ingress rules
-        for (const rule of ingressRules) {
-            let parsedRule;
-            try {
-                parsedRule = (0, exports.parseSecurityGroupRule)(rule);
-            }
-            catch (error) {
-                logger_1.logger.warn(`Skipping invalid ingress rule: ${rule}. ${String(error)}`);
-                continue;
-            }
-            const ingressRequest = new ecs.AuthorizeSecurityGroupRequest({
+const createEcsOperations = (ecsClient, context) => {
+    const operations = {
+        createSecurityGroup: async (securityGroupName, vpcId, ingressRules, egressRules, description) => {
+            const createRequest = new ecs.CreateSecurityGroupRequest({
                 regionId: context.region,
-                securityGroupId,
-                ipProtocol: parsedRule.protocol.toLowerCase(),
-                sourceCidrIp: parsedRule.cidr,
-                portRange: transformPortRange(parsedRule.protocol, parsedRule.portRange),
+                securityGroupName,
+                vpcId,
+                description: description ?? `ServerlessInsight security group for ${securityGroupName}`,
             });
-            try {
-                await ecsClient.authorizeSecurityGroup(ingressRequest);
+            const response = await ecsClient.createSecurityGroup(createRequest);
+            const securityGroupId = response.body?.securityGroupId;
+            if (!securityGroupId) {
+                throw new Error('Failed to create security group');
             }
-            catch (error) {
-                if (isDuplicateSecurityGroupRuleError(error)) {
-                    logger_1.logger.debug(`Ingress rule already exists, skipping: ${rule}`);
+            // Add ingress rules
+            for (const rule of ingressRules) {
+                let parsedRule;
+                try {
+                    parsedRule = (0, exports.parseSecurityGroupRule)(rule);
+                }
+                catch (error) {
+                    logger_1.logger.warn(`Skipping invalid ingress rule: ${rule}. ${String(error)}`);
                     continue;
                 }
-                logger_1.logger.warn(`Failed to add ingress rule: ${rule}. ${String(error)}`);
+                const ingressRequest = new ecs.AuthorizeSecurityGroupRequest({
+                    regionId: context.region,
+                    securityGroupId,
+                    ipProtocol: parsedRule.protocol.toLowerCase(),
+                    sourceCidrIp: parsedRule.cidr,
+                    portRange: transformPortRange(parsedRule.protocol, parsedRule.portRange),
+                });
+                try {
+                    await ecsClient.authorizeSecurityGroup(ingressRequest);
+                }
+                catch (error) {
+                    if (isDuplicateSecurityGroupRuleError(error)) {
+                        logger_1.logger.debug(`Ingress rule already exists, skipping: ${rule}`);
+                        continue;
+                    }
+                    logger_1.logger.warn(`Failed to add ingress rule: ${rule}. ${String(error)}`);
+                }
             }
-        }
-        // Add egress rules
-        for (const rule of egressRules) {
-            let parsedRule;
+            // Add egress rules
+            for (const rule of egressRules) {
+                let parsedRule;
+                try {
+                    parsedRule = (0, exports.parseSecurityGroupRule)(rule);
+                }
+                catch (error) {
+                    logger_1.logger.warn(`Skipping invalid egress rule: ${rule}. ${String(error)}`);
+                    continue;
+                }
+                const egressRequest = new ecs.AuthorizeSecurityGroupEgressRequest({
+                    regionId: context.region,
+                    securityGroupId,
+                    ipProtocol: parsedRule.protocol.toLowerCase(),
+                    destCidrIp: parsedRule.cidr,
+                    portRange: transformPortRange(parsedRule.protocol, parsedRule.portRange),
+                });
+                try {
+                    await ecsClient.authorizeSecurityGroupEgress(egressRequest);
+                }
+                catch (error) {
+                    if (isDuplicateSecurityGroupRuleError(error)) {
+                        logger_1.logger.debug(`Egress rule already exists, skipping: ${rule}`);
+                        continue;
+                    }
+                    logger_1.logger.warn(`Failed to add egress rule: ${rule}. ${String(error)}`);
+                }
+            }
+            const sg = await operations.getSecurityGroup(securityGroupId);
+            if (!sg) {
+                return {
+                    securityGroupId,
+                    securityGroupName,
+                    vpcId,
+                    description,
+                };
+            }
+            return sg;
+        },
+        getSecurityGroupRules: async (securityGroupId) => {
+            const ingressRules = [];
+            const egressRules = [];
             try {
-                parsedRule = (0, exports.parseSecurityGroupRule)(rule);
+                const request = new ecs.DescribeSecurityGroupAttributeRequest({
+                    regionId: context.region,
+                    securityGroupId,
+                    direction: 'ingress',
+                });
+                const response = await ecsClient.describeSecurityGroupAttribute(request);
+                if (response?.body?.permissions?.permission) {
+                    for (const perm of response.body.permissions.permission) {
+                        ingressRules.push({
+                            direction: 'ingress',
+                            ipProtocol: perm.ipProtocol ?? '',
+                            portRange: perm.portRange ?? '',
+                            sourceCidrIp: perm.sourceCidrIp,
+                            priority: perm.priority,
+                            policy: perm.policy,
+                            description: perm.description,
+                            ruleId: perm.ruleId,
+                        });
+                    }
+                }
             }
             catch (error) {
-                logger_1.logger.warn(`Skipping invalid egress rule: ${rule}. ${String(error)}`);
-                continue;
+                logger_1.logger.debug(`Failed to get ingress rules: ${String(error)}`);
             }
-            const egressRequest = new ecs.AuthorizeSecurityGroupEgressRequest({
-                regionId: context.region,
-                securityGroupId,
-                ipProtocol: parsedRule.protocol.toLowerCase(),
-                destCidrIp: parsedRule.cidr,
-                portRange: transformPortRange(parsedRule.protocol, parsedRule.portRange),
-            });
             try {
-                await ecsClient.authorizeSecurityGroupEgress(egressRequest);
+                const request = new ecs.DescribeSecurityGroupAttributeRequest({
+                    regionId: context.region,
+                    securityGroupId,
+                    direction: 'egress',
+                });
+                const response = await ecsClient.describeSecurityGroupAttribute(request);
+                if (response?.body?.permissions?.permission) {
+                    for (const perm of response.body.permissions.permission) {
+                        egressRules.push({
+                            direction: 'egress',
+                            ipProtocol: perm.ipProtocol ?? '',
+                            portRange: perm.portRange ?? '',
+                            destCidrIp: perm.destCidrIp,
+                            priority: perm.priority,
+                            policy: perm.policy,
+                            description: perm.description,
+                            ruleId: perm.ruleId,
+                        });
+                    }
+                }
             }
             catch (error) {
-                if (isDuplicateSecurityGroupRuleError(error)) {
-                    logger_1.logger.debug(`Egress rule already exists, skipping: ${rule}`);
-                    continue;
+                logger_1.logger.debug(`Failed to get egress rules: ${String(error)}`);
+            }
+            return { ingressRules, egressRules };
+        },
+        getSecurityGroup: async (securityGroupId) => {
+            try {
+                const request = new ecs.DescribeSecurityGroupsRequest({
+                    regionId: context.region,
+                    securityGroupId,
+                });
+                const response = await ecsClient.describeSecurityGroups(request);
+                if (!response ||
+                    !response.body ||
+                    !response.body.securityGroups ||
+                    !response.body.securityGroups.securityGroup ||
+                    response.body.securityGroups.securityGroup.length === 0) {
+                    return null;
                 }
-                logger_1.logger.warn(`Failed to add egress rule: ${rule}. ${String(error)}`);
+                const sg = response.body.securityGroups.securityGroup[0];
+                const rules = await operations.getSecurityGroupRules(securityGroupId);
+                return {
+                    securityGroupId: sg.securityGroupId ?? securityGroupId,
+                    securityGroupName: sg.securityGroupName,
+                    vpcId: sg.vpcId,
+                    description: sg.description,
+                    createTime: sg.creationTime,
+                    ingressRules: rules.ingressRules,
+                    egressRules: rules.egressRules,
+                };
             }
-        }
-        return {
-            securityGroupId,
-            securityGroupName,
-            vpcId,
-            description,
-        };
-    },
-    getSecurityGroup: async (securityGroupId) => {
-        try {
-            const request = new ecs.DescribeSecurityGroupsRequest({
+            catch {
+                return null;
+            }
+        },
+        getSecurityGroupByName: async (securityGroupName, vpcId) => {
+            try {
+                const request = new ecs.DescribeSecurityGroupsRequest({
+                    regionId: context.region,
+                    securityGroupName,
+                    vpcId,
+                });
+                const response = await ecsClient.describeSecurityGroups(request);
+                if (!response ||
+                    !response.body ||
+                    !response.body.securityGroups ||
+                    !response.body.securityGroups.securityGroup ||
+                    response.body.securityGroups.securityGroup.length === 0) {
+                    return null;
+                }
+                const sg = response.body.securityGroups.securityGroup[0];
+                const rules = await operations.getSecurityGroupRules(sg.securityGroupId);
+                return {
+                    securityGroupId: sg.securityGroupId,
+                    securityGroupName: sg.securityGroupName,
+                    vpcId: sg.vpcId,
+                    description: sg.description,
+                    createTime: sg.creationTime,
+                    ingressRules: rules.ingressRules,
+                    egressRules: rules.egressRules,
+                };
+            }
+            catch {
+                return null;
+            }
+        },
+        deleteSecurityGroup: async (securityGroupId) => {
+            const request = new ecs.DeleteSecurityGroupRequest({
                 regionId: context.region,
                 securityGroupId,
             });
-            const response = await ecsClient.describeSecurityGroups(request);
-            if (!response ||
-                !response.body ||
-                !response.body.securityGroups ||
-                !response.body.securityGroups.securityGroup ||
-                response.body.securityGroups.securityGroup.length === 0) {
-                return null;
-            }
-            const sg = response.body.securityGroups.securityGroup[0];
-            return {
-                securityGroupId: sg.securityGroupId ?? securityGroupId,
-                securityGroupName: sg.securityGroupName,
-                vpcId: sg.vpcId,
-                description: sg.description,
-                createTime: sg.creationTime,
-            };
-        }
-        catch {
-            return null;
-        }
-    },
-    deleteSecurityGroup: async (securityGroupId) => {
-        const request = new ecs.DeleteSecurityGroupRequest({
-            regionId: context.region,
-            securityGroupId,
-        });
-        await ecsClient.deleteSecurityGroup(request);
-    },
-});
+            await ecsClient.deleteSecurityGroup(request);
+        },
+    };
+    return operations;
+};
 exports.createEcsOperations = createEcsOperations;

package/dist/src/common/aliyunClient/nasOperations.js

@@ -97,6 +97,13 @@ const createNasOperations = (nasClient) => {
                 priority: 1,
             });
             await nasClient.createAccessRule(request);
+            return {
+                accessGroupName,
+                sourceCidrIp,
+                rwAccessType: 'RDWR',
+                userAccessType: 'no_squash',
+                priority: 1,
+            };
         },
         createFileSystem: async (storageClass, functionName) => {
             const { fileSystemType, storageType } = storageClassMap[storageClass];
@@ -149,6 +156,11 @@ const createNasOperations = (nasClient) => {
                     protocolType: fs.protocolType,
                     status: fs.status,
                     createTime: fs.createTime,
+                    description: fs.description,
+                    zoneId: fs.zoneId,
+                    capacity: fs.capacity,
+                    encrypted: fs.encrypted,
+                    mountTargetCount: fs.mountTargetCount,
                 };
             }
             catch {

package/dist/src/common/aliyunClient/ramOperations.js

@@ -131,6 +131,7 @@ const createRamOperations = (ramClient) => {
                 throw error;
             }
         }
+        return policyName;
     };
     return {
         createRole: async (roleName, trustedServices, description) => {
@@ -148,9 +149,12 @@ const createRamOperations = (ramClient) => {
                     arn: response.body?.role?.arn,
                     description: response.body?.role?.description,
                     createDate: response.body?.role?.createDate,
+                    updateDate: response.body?.role?.updateDate,
+                    maxSessionDuration: response.body?.role?.maxSessionDuration,
+                    assumeRolePolicyDocument: assumeRolePolicy,
                 };
-                await attachRolePolicyForFc(roleName);
-                return roleInfo;
+                const policyName = await attachRolePolicyForFc(roleName);
+                return { ...roleInfo, policyName };
             }
             catch (error) {
                 if (error &&
@@ -166,13 +170,17 @@ const createRamOperations = (ramClient) => {
                             newAssumeRolePolicyDocument: assumeRolePolicy,
                         });
                         await ramClient.updateRole(updateRequest);
-                        await attachRolePolicyForFc(roleName);
+                        const policyName = await attachRolePolicyForFc(roleName);
                         return {
                             roleName,
                             roleId: getResponse.body?.role?.roleId,
                             arn: getResponse.body?.role?.arn,
                             description: getResponse.body?.role?.description,
                             createDate: getResponse.body?.role?.createDate,
+                            updateDate: getResponse.body?.role?.updateDate,
+                            maxSessionDuration: getResponse.body?.role?.maxSessionDuration,
+                            assumeRolePolicyDocument: assumeRolePolicy,
+                            policyName,
                         };
                     }
                     catch (recoveryError) {
@@ -197,6 +205,10 @@ const createRamOperations = (ramClient) => {
                     arn: getResponse.body?.role?.arn,
                     description: getResponse.body?.role?.description,
                     createDate: getResponse.body?.role?.createDate,
+                    updateDate: getResponse.body?.role?.updateDate,
+                    maxSessionDuration: getResponse.body?.role?.maxSessionDuration,
+                    assumeRolePolicyDocument: assumeRolePolicy,
+                    policyName: `${roleName}-policy`,
                 };
                 const updateRequest = new ram.UpdateRoleRequest({
                     roleName,
@@ -231,6 +243,10 @@ const createRamOperations = (ramClient) => {
                     arn: response.body.role.arn,
                     description: response.body.role.description,
                     createDate: response.body.role.createDate,
+                    updateDate: response.body.role.updateDate,
+                    maxSessionDuration: response.body.role.maxSessionDuration,
+                    assumeRolePolicyDocument: response.body.role.assumeRolePolicyDocument,
+                    policyName: `${roleName}-policy`,
                 };
             }
             catch (error) {

package/dist/src/common/imsClient.js

@@ -37,14 +37,18 @@ exports.getIamInfo = void 0;
 const ims20190815_1 = __importStar(require("@alicloud/ims20190815")), ims20190815 = ims20190815_1;
 const openApi = __importStar(require("@alicloud/openapi-client"));
 const providerEnum_1 = require("./providerEnum");
+const constants_1 = require("./constants");
 const getIamInfo = async (context) => {
     if (context.provider !== providerEnum_1.ProviderEnum.ALIYUN) {
         return undefined;
     }
-    const imsClient = new ims20190815_1.default(new openApi.Config({
+    const imsConfig = new openApi.Config({
         accessKeyId: context.accessKeyId,
         accessKeySecret: context.accessKeySecret,
-    }));
+    });
+    imsConfig.connectTimeout = constants_1.ALIYUN_FC3_CONNECT_TIMEOUT_MS;
+    imsConfig.readTimeout = constants_1.ALIYUN_FC3_READ_TIMEOUT_MS;
+    const imsClient = new ims20190815_1.default(imsConfig);
     const { body } = await imsClient.getUser(new ims20190815.GetUserRequest({ userAccessKeyId: context.accessKeyId }));
     return body?.user
         ? {

package/dist/src/lang/en.js

@@ -79,6 +79,9 @@ exports.en = {
     // Plan command messages
     PLAN_COMMAND_TENCENT_ONLY: 'Plan command is currently only supported for Tencent provider',
     GENERATING_PLAN_FOR_SCF: 'Generating plan for Tencent SCF resources...',
+    GENERATING_PLAN_FOR_PROVIDER: 'Generating plan for {{provider}} resources...',
+    PROVIDER_ALIYUN: 'Alibaba Cloud',
+    PROVIDER_TENCENT: 'Tencent Cloud',
     DEPLOYMENT_PLAN: 'DEPLOYMENT PLAN',
     NO_CHANGES_INFRASTRUCTURE_UP_TO_DATE: 'No changes. Infrastructure is up to date.',
     CREATE: 'CREATE',
@@ -365,6 +368,7 @@ exports.en = {
     CREATING_SLS_INDEX: 'Creating SLS index for: {{logstoreName}}',
     CREATING_RAM_ROLE: 'Creating RAM role: {{roleName}}',
     CREATING_SECURITY_GROUP: 'Creating security group: {{sgName}}',
+    SECURITY_GROUP_NOT_FOUND: 'Security group "{{sgName}}" not found in VPC "{{vpcId}}"',
     CREATING_NAS_ACCESS_GROUP: 'Creating NAS access group: {{accessGroupName}}',
     CREATING_NAS_ACCESS_RULE: 'Creating NAS access rule for: {{accessGroupName}}',
     CREATING_NAS_FILE_SYSTEM: 'Creating NAS file system for: {{name}}',

package/dist/src/lang/zh-CN.js

@@ -79,6 +79,9 @@ exports.zhCN = {
     // Plan command messages
     PLAN_COMMAND_TENCENT_ONLY: 'Plan 命令目前仅支持腾讯云提供商',
     GENERATING_PLAN_FOR_SCF: '正在为腾讯云 SCF 资源生成计划...',
+    GENERATING_PLAN_FOR_PROVIDER: '正在为{{provider}}资源生成计划...',
+    PROVIDER_ALIYUN: '阿里云',
+    PROVIDER_TENCENT: '腾讯云',
     DEPLOYMENT_PLAN: '部署计划',
     NO_CHANGES_INFRASTRUCTURE_UP_TO_DATE: '无变更。基础设施已是最新状态。',
     CREATE: '创建',
@@ -362,6 +365,7 @@ exports.zhCN = {
     CREATING_SLS_INDEX: '正在为 SLS 日志库创建索引: {{logstoreName}}',
     CREATING_RAM_ROLE: '正在创建 RAM 角色: {{roleName}}',
     CREATING_SECURITY_GROUP: '正在创建安全组: {{sgName}}',
+    SECURITY_GROUP_NOT_FOUND: '在 VPC "{{vpcId}}" 中未找到安全组 "{{sgName}}"',
     CREATING_NAS_ACCESS_GROUP: '正在创建 NAS 权限组: {{accessGroupName}}',
     CREATING_NAS_ACCESS_RULE: '正在为 NAS 权限组创建访问规则: {{accessGroupName}}',
     CREATING_NAS_FILE_SYSTEM: '正在为 {{name}} 创建 NAS 文件系统',

package/dist/src/stack/aliyunStack/apigwPlanner.js

@@ -43,7 +43,9 @@ const generateApigwPlan = async (context, state, events, serviceName) => {
             domain: event.domain
                 ? {
                     domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
+                    certificateId: event.domain.certificate_id ?? null,
+                    certificateBody: event.domain.certificate_body ?? null,
+                    certificatePrivateKey: event.domain.certificate_private_key ? '(managed)' : null,
                     protocol: event.domain.protocol ?? null,
                 }
                 : null,

package/dist/src/stack/aliyunStack/apigwResource.js

@@ -133,7 +133,9 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
             domain: event.domain
                 ? {
                     domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
+                    certificateId: event.domain.certificate_id ?? null,
+                    certificateBody: event.domain.certificate_body ?? null,
+                    certificatePrivateKey: event.domain.certificate_private_key ? '(managed)' : null,
                     protocol: event.domain.protocol ?? null,
                 }
                 : null,
@@ -173,7 +175,9 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
                 domain: event.domain
                     ? {
                         domainName: event.domain.domain_name,
-                        hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
+                        certificateId: event.domain.certificate_id ?? null,
+                        certificateBody: event.domain.certificate_body ?? null,
+                        certificatePrivateKey: event.domain.certificate_private_key ? '(managed)' : null,
                         protocol: event.domain.protocol ?? null,
                     }
                     : null,
@@ -209,7 +213,9 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
             domain: event.domain
                 ? {
                     domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
+                    certificateId: event.domain.certificate_id ?? null,
+                    certificateBody: event.domain.certificate_body ?? null,
+                    certificatePrivateKey: event.domain.certificate_private_key ? '(managed)' : null,
                     protocol: event.domain.protocol ?? null,
                 }
                 : null,
@@ -318,7 +324,9 @@ const updateApigwResource = async (context, event, serviceName, roleArn, state)
             domain: event.domain
                 ? {
                     domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
+                    certificateId: event.domain.certificate_id ?? null,
+                    certificateBody: event.domain.certificate_body ?? null,
+                    certificatePrivateKey: event.domain.certificate_private_key ? '(managed)' : null,
                     protocol: event.domain.protocol ?? null,
                 }
                 : null,

package/dist/src/stack/aliyunStack/fc3Planner.js

@@ -4,6 +4,32 @@ exports.generateFunctionPlan = void 0;
 const common_1 = require("../../common");
 const aliyunClient_1 = require("../../common/aliyunClient");
 const fc3Types_1 = require("./fc3Types");
+const lang_1 = require("../../lang");
+const isSecurityGroupId = (value) => value.startsWith('sg-');
+const resolveSecurityGroupId = async (context, securityGroupName, vpcId) => {
+    if (isSecurityGroupId(securityGroupName)) {
+        return securityGroupName;
+    }
+    const client = (0, aliyunClient_1.createAliyunClient)(context);
+    const sg = await client.ecs.getSecurityGroupByName(securityGroupName, vpcId);
+    if (!sg) {
+        throw new Error(lang_1.lang.__('SECURITY_GROUP_NOT_FOUND', { sgName: securityGroupName, vpcId: vpcId ?? 'default' }));
+    }
+    return sg.securityGroupId;
+};
+const resolveVpcConfigSecurityGroup = async (context, config) => {
+    if (!config.vpcConfig?.securityGroupId) {
+        return config;
+    }
+    const securityGroupId = await resolveSecurityGroupId(context, config.vpcConfig.securityGroupId, config.vpcConfig.vpcId);
+    return {
+        ...config,
+        vpcConfig: {
+            ...config.vpcConfig,
+            securityGroupId,
+        },
+    };
+};
 const planFunctionDeletion = (logicalId, definition) => ({
     logicalId,
     action: 'delete',
@@ -22,7 +48,8 @@ const generateFunctionPlan = async (context, state, functions) => {
     const functionItems = await Promise.all(functions.map(async (fn) => {
         const logicalId = `functions.${fn.key}`;
         const currentState = (0, common_1.getResource)(state, logicalId);
-        const config = (0, fc3Types_1.functionToFc3Config)(fn);
+        const rawConfig = (0, fc3Types_1.functionToFc3Config)(fn);
+        const config = await resolveVpcConfigSecurityGroup(context, rawConfig);
         const codePath = fn.code.path;
         const desiredCodeHash = (0, common_1.computeFileHash)(codePath);
         const desiredDefinition = (0, fc3Types_1.extractFc3Definition)(config, desiredCodeHash);

package/dist/src/stack/aliyunStack/fc3Resource.js

@@ -247,13 +247,13 @@ const createDependentResources = async (context, fn, serviceName, existingInstan
                 const accessGroupName = `${fn.name}-${context.stage}-nas-access-${mountPath}`;
                 logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_GROUP', { accessGroupName }));
                 const accessGroup = await client.nas.createAccessGroup(accessGroupName);
+                logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_RULE', { accessGroupName }));
+                const accessRule = await client.nas.createAccessRule(accessGroupName, '10.0.0.0/8');
                 instances.push({
                     type: 'ALIYUN_NAS_ACCESS_GROUP',
                     id: accessGroupName,
-                    attributes: { ...accessGroup },
+                    attributes: { ...accessGroup, accessRules: [accessRule] },
                 });
-                logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_RULE', { accessGroupName }));
-                await client.nas.createAccessRule(accessGroupName, '10.0.0.0/8');
                 logger_1.logger.info(lang_1.lang.__('CREATING_NAS_FILE_SYSTEM', { name: fn.name }));
                 const fileSystem = await client.nas.createFileSystem(nasItem.storage_class, fn.name);
                 instances.push({

package/dist/src/stack/aliyunStack/fc3Types.js

@@ -50,6 +50,23 @@ const functionToFc3Config = (fn) => {
             securityGroupId: fn.network.security_group.name,
         };
     }
+    if (fn.storage?.nas && fn.storage.nas.length > 0) {
+        config.nasConfig = {
+            userId: 10003,
+            groupId: 10003,
+            mountPoints: fn.storage.nas.map((nas) => ({
+                serverAddr: nas.storage_class,
+                mountDir: nas.mount_path,
+                enableTls: false,
+            })),
+        };
+    }
+    if (fn.log !== undefined) {
+        config.logConfig = {
+            enableRequestMetrics: fn.log,
+            enableInstanceMetrics: fn.log,
+        };
+    }
     return config;
 };
 exports.functionToFc3Config = functionToFc3Config;
@@ -65,6 +82,8 @@ const extractFc3Definition = (config, codeHash) => {
         vpcConfig: config.vpcConfig ?? null,
         gpuConfig: config.gpuConfig ?? null,
         customContainerConfig: config.customContainerConfig ?? null,
+        nasConfig: config.nasConfig ?? null,
+        logConfig: config.logConfig ?? null,
         codeHash,
     };
 };

package/dist/src/stack/aliyunStack/ossPlanner.js

@@ -46,14 +46,16 @@ const generateBucketPlan = async (context, state, buckets) => {
                 };
             }
             const currentDefinition = currentState.definition || {};
-            const definitionChanged = !(0, hashUtils_1.attributesEqual)(currentDefinition, desiredDefinition);
-            if (definitionChanged) {
+            const { domainBound, ...comparableDefinition } = currentDefinition;
+            const definitionChanged = !(0, hashUtils_1.attributesEqual)(comparableDefinition, desiredDefinition);
+            const domainBindingPending = domainBound === false;
+            if (definitionChanged || domainBindingPending) {
                 return {
                     logicalId,
                     action: 'update',
                     resourceType: 'ALIYUN_OSS_BUCKET',
                     changes: { before: currentDefinition, after: desiredDefinition },
-                    drifted: true,
+                    ...(definitionChanged ? { drifted: true } : {}),
                 };
             }
             return { logicalId, action: 'noop', resourceType: 'ALIYUN_OSS_BUCKET' };

package/dist/src/stack/aliyunStack/ossResource.js

@@ -132,14 +132,16 @@ const createBucketResource = async (context, bucket, state) => {
     if (!bucketInfo) {
         throw new Error(`Failed to refresh state for bucket: ${config.bucketName}`);
     }
-    const definition = (0, ossTypes_1.extractOssBucketDefinition)(config);
     const sid = (0, common_1.buildSid)('aliyun', 'oss', context.stage, config.bucketName);
     const logicalId = `buckets.${bucket.key}`;
     const instances = [buildOssInstanceFromProvider(bucketInfo, sid)];
     const partialResourceState = {
         mode: 'managed',
         region: context.region,
-        definition,
+        definition: {
+            ...(0, ossTypes_1.extractOssBucketDefinition)(config),
+            ...(bucket.website?.domain != null ? { domainBound: null } : {}),
+        },
         instances,
         lastUpdated: new Date().toISOString(),
     };
@@ -196,7 +198,12 @@ const createBucketResource = async (context, bucket, state) => {
     const finalResourceState = {
         mode: 'managed',
         region: context.region,
-        definition,
+        definition: {
+            ...(0, ossTypes_1.extractOssBucketDefinition)(config),
+            ...(bucket.website?.domain != null
+                ? { domainBound: cnameInfo?.bucketCnameBound ?? null }
+                : {}),
+        },
         instances,
         lastUpdated: new Date().toISOString(),
     };
@@ -225,12 +232,12 @@ const updateBucketResource = async (context, bucket, state) => {
     if (!bucketInfo) {
         throw new Error(`Failed to refresh state for bucket: ${config.bucketName}`);
     }
-    const definition = (0, ossTypes_1.extractOssBucketDefinition)(config);
     const sid = (0, common_1.buildSid)('aliyun', 'oss', context.stage, config.bucketName);
     const logicalId = `buckets.${bucket.key}`;
     const instances = [buildOssInstanceFromProvider(bucketInfo, sid)];
     const existingState = state.resources[logicalId];
     const existingDnsInstance = existingState?.instances?.find((i) => i.type === types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME);
+    let cnameInfo;
     if (bucket.website?.domain) {
         const domainChanged = existingDnsInstance?.domain !== bucket.website.domain;
         if (domainChanged && existingDnsInstance) {
@@ -247,7 +254,7 @@ const updateBucketResource = async (context, bucket, state) => {
                 bucketName: config.bucketName,
             }));
         }
-        const cnameInfo = await client.oss.bindCustomDomain(config.bucketName, bucket.website.domain, certificate);
+        cnameInfo = await client.oss.bindCustomDomain(config.bucketName, bucket.website.domain, certificate);
         if (cnameInfo) {
             const instanceId = cnameInfo.dnsRecordId ?? bucket.website.domain;
             const dnsInstance = {
@@ -273,7 +280,12 @@ const updateBucketResource = async (context, bucket, state) => {
     const resourceState = {
         mode: 'managed',
         region: context.region,
-        definition,
+        definition: {
+            ...(0, ossTypes_1.extractOssBucketDefinition)(config),
+            ...(bucket.website?.domain != null
+                ? { domainBound: cnameInfo?.bucketCnameBound ?? null }
+                : {}),
+        },
         instances,
         lastUpdated: new Date().toISOString(),
     };

package/dist/src/stack/aliyunStack/ossTypes.js

@@ -30,6 +30,27 @@ const bucketToOssBucketConfig = (bucket) => {
     if (bucket.website?.domain) {
         config.domain = bucket.website.domain;
     }
+    if (bucket.website?.domain_certificate_id) {
+        config.domainCertificateId = bucket.website.domain_certificate_id;
+    }
+    if (bucket.website?.domain_certificate_body) {
+        config.domainCertificateBody = bucket.website.domain_certificate_body;
+    }
+    if (bucket.website?.domain_certificate_private_key) {
+        config.domainCertificatePrivateKey = bucket.website.domain_certificate_private_key;
+    }
+    if (bucket.website?.domain_protocol) {
+        config.domainProtocol = bucket.website.domain_protocol;
+    }
+    if (bucket.versioning?.status) {
+        config.versioningStatus = bucket.versioning.status;
+    }
+    if (bucket.security?.sse_algorithm) {
+        config.sseAlgorithm = bucket.security.sse_algorithm;
+    }
+    if (bucket.security?.sse_kms_master_key_id) {
+        config.sseKmsMasterKeyId = bucket.security.sse_kms_master_key_id;
+    }
     return config;
 };
 exports.bucketToOssBucketConfig = bucketToOssBucketConfig;
@@ -45,6 +66,13 @@ const extractOssBucketDefinition = (config) => {
             : {},
         storageClass: config.storageClass ?? null,
         domain: config.domain ?? null,
+        domainCertificateId: config.domainCertificateId ?? null,
+        domainCertificateBody: config.domainCertificateBody ?? null,
+        domainCertificatePrivateKey: config.domainCertificatePrivateKey ? '(managed)' : null,
+        domainProtocol: config.domainProtocol ?? null,
+        versioningStatus: config.versioningStatus ?? null,
+        sseAlgorithm: config.sseAlgorithm ?? null,
+        sseKmsMasterKeyId: config.sseKmsMasterKeyId ?? null,
     };
 };
 exports.extractOssBucketDefinition = extractOssBucketDefinition;

package/dist/src/stack/aliyunStack/tablestoreTypes.js

@@ -43,7 +43,12 @@ const tableToTableStoreConfig = (table) => {
         instanceName: table.collection,
         tableName: table.name,
         clusterType,
+        description: table.desc,
         primaryKey,
+        attributes: table.attributes.map((attr) => ({
+            name: attr.name,
+            type: attr.type,
+        })),
         network: table.network,
     };
     // Add reserved throughput if specified
@@ -55,6 +60,12 @@ const tableToTableStoreConfig = (table) => {
             },
         };
     }
+    if (table.throughput?.onDemand) {
+        config.onDemandThroughput = {
+            read: table.throughput.onDemand.read,
+            write: table.throughput.onDemand.write,
+        };
+    }
     // Default table options
     config.tableOptions = {
         timeToLive: -1, // -1 means never expire
@@ -68,8 +79,11 @@ const extractTableStoreDefinition = (config) => {
         instanceName: config.instanceName,
         tableName: config.tableName,
         clusterType: config.clusterType,
+        description: config.description ?? null,
         primaryKey: config.primaryKey,
+        attributes: config.attributes,
         reservedThroughput: config.reservedThroughput ?? null,
+        onDemandThroughput: config.onDemandThroughput ?? null,
         tableOptions: config.tableOptions ?? null,
         network: config.network ?? null,
     };

package/dist/src/stack/scfStack/cosTypes.js

@@ -26,6 +26,30 @@ const bucketToCosBucketConfig = (bucket, region) => {
                 Key: bucket.website.error_page,
             };
         }
+        if (bucket.website.domain) {
+            config.Domain = bucket.website.domain;
+        }
+        if (bucket.website.domain_certificate_id) {
+            config.DomainCertificateId = bucket.website.domain_certificate_id;
+        }
+        if (bucket.website.domain_certificate_body) {
+            config.DomainCertificateBody = bucket.website.domain_certificate_body;
+        }
+        if (bucket.website.domain_certificate_private_key) {
+            config.DomainCertificatePrivateKey = bucket.website.domain_certificate_private_key;
+        }
+        if (bucket.website.domain_protocol) {
+            config.DomainProtocol = bucket.website.domain_protocol;
+        }
+    }
+    if (bucket.versioning?.status) {
+        config.VersioningStatus = bucket.versioning.status;
+    }
+    if (bucket.security?.sse_algorithm) {
+        config.SseAlgorithm = bucket.security.sse_algorithm;
+    }
+    if (bucket.security?.sse_kms_master_key_id) {
+        config.SseKmsMasterKeyId = bucket.security.sse_kms_master_key_id;
     }
     return config;
 };
@@ -41,6 +65,14 @@ const extractCosBucketDefinition = (config) => {
                 errorDocument: config.WebsiteConfiguration.ErrorDocument?.Key ?? null,
             }
             : {},
+        domain: config.Domain ?? null,
+        domainCertificateId: config.DomainCertificateId ?? null,
+        domainCertificateBody: config.DomainCertificateBody ?? null,
+        domainCertificatePrivateKey: config.DomainCertificatePrivateKey ? '(managed)' : null,
+        domainProtocol: config.DomainProtocol ?? null,
+        versioningStatus: config.VersioningStatus ?? null,
+        sseAlgorithm: config.SseAlgorithm ?? null,
+        sseKmsMasterKeyId: config.SseKmsMasterKeyId ?? null,
     };
 };
 exports.extractCosBucketDefinition = extractCosBucketDefinition;

package/dist/src/stack/scfStack/scfTypes.js

@@ -18,6 +18,31 @@ const functionToScfConfig = (fn) => {
             })),
         };
     }
+    if (fn.network) {
+        config.VpcConfig = {
+            VpcId: fn.network.vpc_id,
+            SubnetId: fn.network.subnet_ids[0],
+        };
+    }
+    if (fn.storage?.disk) {
+        config.DiskSize = fn.storage.disk;
+    }
+    if (fn.storage?.nas && fn.storage.nas.length > 0) {
+        config.CfsConfig = {
+            CfsInsList: fn.storage.nas.map((nas) => ({
+                LocalMountDir: nas.mount_path,
+                RemoteMountDir: '/',
+            })),
+        };
+    }
+    if (fn.gpu) {
+        config.UseGpu = 'TRUE';
+    }
+    if (fn.container) {
+        config.ImageConfig = {
+            ImageUri: fn.container.image,
+        };
+    }
     return config;
 };
 exports.functionToScfConfig = functionToScfConfig;
@@ -31,6 +56,11 @@ const extractScfDefinition = (config, codeHash) => {
         timeout: config.Timeout,
         environment: envMap,
         codeHash,
+        vpcConfig: config.VpcConfig ?? null,
+        diskSize: config.DiskSize ?? null,
+        cfsConfig: config.CfsConfig ?? null,
+        useGpu: config.UseGpu ?? null,
+        imageConfig: config.ImageConfig ?? null,
     };
 };
 exports.extractScfDefinition = extractScfDefinition;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geek-fun/serverlessinsight",
-  "version": "0.6.6",
+  "version": "0.6.8",
   "description": "Full life cycle cross providers serverless application management for your fast-growing business.",
   "homepage": "https://serverlessinsight.geekfun.club",
   "main": "dist/src/index.js",