@geek-fun/serverlessinsight 0.6.7 → 0.6.9

package/dist/src/stack/aliyunStack/apigwResource.js

@@ -8,6 +8,7 @@ const common_1 = require("../../common");
 const certUtils_1 = require("../../common/certUtils");
 const logger_1 = require("../../common/logger");
 const lang_1 = require("../../lang");
+const domainUtils_1 = require("../../common/domainUtils");
 const buildApigwGroupInstanceFromProvider = (info, stage) => {
     return {
         type: 'ALIYUN_APIGW_GROUP',
@@ -130,13 +131,7 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
                 path: t.path,
                 backend: t.backend,
             })),
-            domain: event.domain
-                ? {
-                    domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
-                    protocol: event.domain.protocol ?? null,
-                }
-                : null,
+            domain: (0, apigwTypes_1.extractEventDomainDefinition)(event.domain),
         },
         instances,
         lastUpdated: new Date().toISOString(),
@@ -170,13 +165,7 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
                     path: t.path,
                     backend: t.backend,
                 })),
-                domain: event.domain
-                    ? {
-                        domainName: event.domain.domain_name,
-                        hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
-                        protocol: event.domain.protocol ?? null,
-                    }
-                    : null,
+                domain: (0, apigwTypes_1.extractEventDomainDefinition)(event.domain),
             },
             instances,
             lastUpdated: new Date().toISOString(),
@@ -185,8 +174,22 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
     }
     if (event.domain) {
         try {
+            const primaryDomain = event.domain.domain_name;
+            const wwwBindApex = event.domain.www_bind_apex === true;
             const domainConfig = await buildDomainBindingConfig(event.domain, groupId, serviceName, event.key, context.stage, client);
             state = await client.apigw.bindCustomDomain(domainConfig, state, logicalId);
+            const wwwDomain = wwwBindApex ? (0, domainUtils_1.deriveWwwDomain)(primaryDomain) : null;
+            if (wwwDomain) {
+                logger_1.logger.info(lang_1.lang.__('APIGW_BINDING_DOMAIN', { domain: wwwDomain }));
+                const wwwDomainConfig = {
+                    ...domainConfig,
+                    domainName: wwwDomain,
+                    certificateName: domainConfig.certificateName
+                        ? `${domainConfig.certificateName}-www`
+                        : undefined,
+                };
+                state = await client.apigw.bindCustomDomain(wwwDomainConfig, state, logicalId);
+            }
         }
         catch (error) {
             logger_1.logger.error(lang_1.lang.__('APIGW_DOMAIN_BINDING_FAILED', { error: String(error) }));
@@ -206,13 +209,7 @@ const createApigwResource = async (context, event, serviceName, roleArn, state)
                 path: t.path,
                 backend: t.backend,
             })),
-            domain: event.domain
-                ? {
-                    domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
-                    protocol: event.domain.protocol ?? null,
-                }
-                : null,
+            domain: (0, apigwTypes_1.extractEventDomainDefinition)(event.domain),
         },
         instances,
         lastUpdated: new Date().toISOString(),
@@ -301,8 +298,65 @@ const updateApigwResource = async (context, event, serviceName, roleArn, state)
         }
     }
     if (event.domain) {
+        const primaryDomain = event.domain.domain_name;
+        const wwwBindApex = event.domain.www_bind_apex === true;
+        const existingDomain = existingState.definition?.domain;
+        const previousWwwBindApex = existingDomain?.wwwBindApex === true;
+        const previousDomainName = existingDomain?.domainName;
         const domainConfig = await buildDomainBindingConfig(event.domain, groupId, serviceName, event.key, context.stage, client);
         state = await client.apigw.bindCustomDomain(domainConfig, state, logicalId);
+        const wwwDomain = wwwBindApex ? (0, domainUtils_1.deriveWwwDomain)(primaryDomain) : null;
+        if (wwwDomain) {
+            logger_1.logger.info(lang_1.lang.__('APIGW_BINDING_DOMAIN', { domain: wwwDomain }));
+            const wwwDomainConfig = {
+                ...domainConfig,
+                domainName: wwwDomain,
+                certificateName: domainConfig.certificateName
+                    ? `${domainConfig.certificateName}-www`
+                    : undefined,
+            };
+            state = await client.apigw.bindCustomDomain(wwwDomainConfig, state, logicalId);
+        }
+        if (previousWwwBindApex && previousDomainName) {
+            const previousWwwDomain = (0, domainUtils_1.deriveWwwDomain)(previousDomainName);
+            if (previousWwwDomain && previousWwwDomain !== wwwDomain) {
+                try {
+                    await client.apigw.unbindCustomDomain(groupId, previousWwwDomain);
+                }
+                catch (error) {
+                    logger_1.logger.warn(lang_1.lang.__('APIGW_WWW_DOMAIN_UNBIND_FAILED', {
+                        domain: previousWwwDomain,
+                        error: String(error),
+                    }));
+                }
+            }
+        }
+    }
+    else {
+        const existingDomain = existingState.definition?.domain;
+        if (existingDomain?.domainName) {
+            const previousDomain = existingDomain.domainName;
+            try {
+                await client.apigw.unbindCustomDomain(groupId, previousDomain);
+            }
+            catch (error) {
+                logger_1.logger.warn(lang_1.lang.__('APIGW_DOMAIN_UNBIND_FAILED', { domain: previousDomain, error: String(error) }));
+            }
+            if (existingDomain.wwwBindApex === true) {
+                const previousWwwDomain = (0, domainUtils_1.deriveWwwDomain)(previousDomain);
+                if (previousWwwDomain) {
+                    try {
+                        await client.apigw.unbindCustomDomain(groupId, previousWwwDomain);
+                    }
+                    catch (error) {
+                        logger_1.logger.warn(lang_1.lang.__('APIGW_WWW_DOMAIN_UNBIND_FAILED', {
+                            domain: previousWwwDomain,
+                            error: String(error),
+                        }));
+                    }
+                }
+            }
+        }
     }
     const groupDefinition = (0, apigwTypes_1.extractApigwGroupDefinition)(groupConfig);
     const resourceState = {
@@ -315,13 +369,7 @@ const updateApigwResource = async (context, event, serviceName, roleArn, state)
                 path: t.path,
                 backend: t.backend,
             })),
-            domain: event.domain
-                ? {
-                    domainName: event.domain.domain_name,
-                    hasCertificate: !!(event.domain.certificate_body || event.domain.certificate_id),
-                    protocol: event.domain.protocol ?? null,
-                }
-                : null,
+            domain: (0, apigwTypes_1.extractEventDomainDefinition)(event.domain),
         },
         instances,
         lastUpdated: new Date().toISOString(),
@@ -344,6 +392,30 @@ const deleteApigwResource = async (context, logicalId, state) => {
     }
     const groupId = groupInstance.id;
     state = await cleanupDnsRecords(context, logicalId, state);
+    const existingDomain = existingState.definition?.domain;
+    if (existingDomain?.domainName) {
+        const primaryDomain = existingDomain.domainName;
+        try {
+            await client.apigw.unbindCustomDomain(groupId, primaryDomain);
+        }
+        catch (error) {
+            logger_1.logger.warn(lang_1.lang.__('APIGW_DOMAIN_UNBIND_FAILED', { domain: primaryDomain, error: String(error) }));
+        }
+        if (existingDomain.wwwBindApex === true) {
+            const wwwDomain = (0, domainUtils_1.deriveWwwDomain)(primaryDomain);
+            if (wwwDomain) {
+                try {
+                    await client.apigw.unbindCustomDomain(groupId, wwwDomain);
+                }
+                catch (error) {
+                    logger_1.logger.warn(lang_1.lang.__('APIGW_WWW_DOMAIN_UNBIND_FAILED', {
+                        domain: wwwDomain,
+                        error: String(error),
+                    }));
+                }
+            }
+        }
+    }
     const deployments = existingInstances.filter((i) => i.type === 'ALIYUN_APIGW_DEPLOYMENT');
     for (const deployment of deployments) {
         try {

package/dist/src/stack/aliyunStack/apigwTypes.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.inferProtocolConfig = exports.extractApigwDeploymentDefinition = exports.extractApigwApiDefinition = exports.extractApigwGroupDefinition = exports.triggerToApigwApiConfig = exports.generateApiKey = exports.eventToApigwGroupConfig = void 0;
+exports.extractEventDomainDefinition = exports.inferProtocolConfig = exports.extractApigwDeploymentDefinition = exports.extractApigwApiDefinition = exports.extractApigwGroupDefinition = exports.triggerToApigwApiConfig = exports.generateApiKey = exports.eventToApigwGroupConfig = void 0;
 const common_1 = require("../../common");
 const lang_1 = require("../../lang");
 /**
@@ -155,3 +155,17 @@ const inferProtocolConfig = (protocol) => {
     return { requestProtocol: protocol };
 };
 exports.inferProtocolConfig = inferProtocolConfig;
+const extractEventDomainDefinition = (domain) => {
+    if (!domain) {
+        return null;
+    }
+    return {
+        domainName: domain.domain_name,
+        wwwBindApex: domain.www_bind_apex === true,
+        certificateId: domain.certificate_id ?? null,
+        certificateBody: domain.certificate_body ?? null,
+        certificatePrivateKey: domain.certificate_private_key ? '(managed)' : null,
+        protocol: domain.protocol ?? null,
+    };
+};
+exports.extractEventDomainDefinition = extractEventDomainDefinition;

package/dist/src/stack/aliyunStack/fc3Planner.js

@@ -4,6 +4,32 @@ exports.generateFunctionPlan = void 0;
 const common_1 = require("../../common");
 const aliyunClient_1 = require("../../common/aliyunClient");
 const fc3Types_1 = require("./fc3Types");
+const lang_1 = require("../../lang");
+const isSecurityGroupId = (value) => value.startsWith('sg-');
+const resolveSecurityGroupId = async (context, securityGroupName, vpcId) => {
+    if (isSecurityGroupId(securityGroupName)) {
+        return securityGroupName;
+    }
+    const client = (0, aliyunClient_1.createAliyunClient)(context);
+    const sg = await client.ecs.getSecurityGroupByName(securityGroupName, vpcId);
+    if (!sg) {
+        throw new Error(lang_1.lang.__('SECURITY_GROUP_NOT_FOUND', { sgName: securityGroupName, vpcId: vpcId ?? 'default' }));
+    }
+    return sg.securityGroupId;
+};
+const resolveVpcConfigSecurityGroup = async (context, config) => {
+    if (!config.vpcConfig?.securityGroupId) {
+        return config;
+    }
+    const securityGroupId = await resolveSecurityGroupId(context, config.vpcConfig.securityGroupId, config.vpcConfig.vpcId);
+    return {
+        ...config,
+        vpcConfig: {
+            ...config.vpcConfig,
+            securityGroupId,
+        },
+    };
+};
 const planFunctionDeletion = (logicalId, definition) => ({
     logicalId,
     action: 'delete',
@@ -22,7 +48,8 @@ const generateFunctionPlan = async (context, state, functions) => {
     const functionItems = await Promise.all(functions.map(async (fn) => {
         const logicalId = `functions.${fn.key}`;
         const currentState = (0, common_1.getResource)(state, logicalId);
-        const config = (0, fc3Types_1.functionToFc3Config)(fn);
+        const rawConfig = (0, fc3Types_1.functionToFc3Config)(fn);
+        const config = await resolveVpcConfigSecurityGroup(context, rawConfig);
         const codePath = fn.code.path;
         const desiredCodeHash = (0, common_1.computeFileHash)(codePath);
         const desiredDefinition = (0, fc3Types_1.extractFc3Definition)(config, desiredCodeHash);

package/dist/src/stack/aliyunStack/fc3Resource.js

@@ -247,13 +247,13 @@ const createDependentResources = async (context, fn, serviceName, existingInstan
                 const accessGroupName = `${fn.name}-${context.stage}-nas-access-${mountPath}`;
                 logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_GROUP', { accessGroupName }));
                 const accessGroup = await client.nas.createAccessGroup(accessGroupName);
+                logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_RULE', { accessGroupName }));
+                const accessRule = await client.nas.createAccessRule(accessGroupName, '10.0.0.0/8');
                 instances.push({
                     type: 'ALIYUN_NAS_ACCESS_GROUP',
                     id: accessGroupName,
-                    attributes: { ...accessGroup },
+                    attributes: { ...accessGroup, accessRules: [accessRule] },
                 });
-                logger_1.logger.info(lang_1.lang.__('CREATING_NAS_ACCESS_RULE', { accessGroupName }));
-                await client.nas.createAccessRule(accessGroupName, '10.0.0.0/8');
                 logger_1.logger.info(lang_1.lang.__('CREATING_NAS_FILE_SYSTEM', { name: fn.name }));
                 const fileSystem = await client.nas.createFileSystem(nasItem.storage_class, fn.name);
                 instances.push({

package/dist/src/stack/aliyunStack/fc3Types.js

@@ -50,6 +50,23 @@ const functionToFc3Config = (fn) => {
             securityGroupId: fn.network.security_group.name,
         };
     }
+    if (fn.storage?.nas && fn.storage.nas.length > 0) {
+        config.nasConfig = {
+            userId: 10003,
+            groupId: 10003,
+            mountPoints: fn.storage.nas.map((nas) => ({
+                serverAddr: nas.storage_class,
+                mountDir: nas.mount_path,
+                enableTls: false,
+            })),
+        };
+    }
+    if (fn.log !== undefined) {
+        config.logConfig = {
+            enableRequestMetrics: fn.log,
+            enableInstanceMetrics: fn.log,
+        };
+    }
     return config;
 };
 exports.functionToFc3Config = functionToFc3Config;
@@ -65,6 +82,8 @@ const extractFc3Definition = (config, codeHash) => {
         vpcConfig: config.vpcConfig ?? null,
         gpuConfig: config.gpuConfig ?? null,
         customContainerConfig: config.customContainerConfig ?? null,
+        nasConfig: config.nasConfig ?? null,
+        logConfig: config.logConfig ?? null,
         codeHash,
     };
 };

package/dist/src/stack/aliyunStack/ossResource.js

@@ -12,6 +12,7 @@ const ossTypes_1 = require("./ossTypes");
 const logger_1 = require("../../common/logger");
 const lang_1 = require("../../lang");
 const node_path_1 = __importDefault(require("node:path"));
+const domainUtils_1 = require("../../common/domainUtils");
 const buildOssInstanceFromProvider = (info, sid) => {
     return {
         type: types_1.ResourceTypeEnum.ALIYUN_OSS_BUCKET,
@@ -149,35 +150,59 @@ const createBucketResource = async (context, bucket, state) => {
     let cnameInfo;
     if (bucket.website?.domain) {
         const certificate = await resolveBucketDomainCertificate(bucket, client);
+        const primaryDomain = bucket.website.domain;
+        const wwwBindApex = bucket.website.www_bind_apex ?? false;
         logger_1.logger.info(lang_1.lang.__('BINDING_CUSTOM_DOMAIN_TO_BUCKET', {
-            domain: bucket.website.domain,
+            domain: primaryDomain,
             bucketName: config.bucketName,
         }));
         if (certificate) {
             logger_1.logger.info(lang_1.lang.__('OSS_BUCKET_CERT_BINDING', {
-                domain: bucket.website.domain,
+                domain: primaryDomain,
                 bucketName: config.bucketName,
             }));
         }
-        cnameInfo = await client.oss.bindCustomDomain(config.bucketName, bucket.website.domain, certificate);
+        cnameInfo = await client.oss.bindCustomDomain(config.bucketName, primaryDomain, certificate);
         if (cnameInfo) {
-            const instanceId = cnameInfo.dnsRecordId ?? bucket.website.domain;
+            const instanceId = cnameInfo.dnsRecordId ?? primaryDomain;
             const dnsInstance = {
                 sid: (0, common_1.buildSid)('aliyun', 'alidns', context.stage, instanceId),
                 id: instanceId,
                 type: types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME,
-                domain: bucket.website.domain,
+                domain: primaryDomain,
                 cname: cnameInfo.cname,
                 ...(cnameInfo.dnsRecordId ? { dnsRecordId: cnameInfo.dnsRecordId } : {}),
                 ...(cnameInfo.txtRecordId ? { txtRecordId: cnameInfo.txtRecordId } : {}),
             };
             instances.push(dnsInstance);
-            // Refresh bucket info to capture auto-added CORS rule
-            bucketInfo = await client.oss.getBucket(config.bucketName);
-            if (bucketInfo) {
-                instances[0] = buildOssInstanceFromProvider(bucketInfo, sid);
+        }
+        const wwwDomain = wwwBindApex ? (0, domainUtils_1.deriveWwwDomain)(primaryDomain) : null;
+        if (wwwDomain) {
+            logger_1.logger.info(lang_1.lang.__('BINDING_CUSTOM_DOMAIN_TO_BUCKET', {
+                domain: wwwDomain,
+                bucketName: config.bucketName,
+            }));
+            const wwwCnameInfo = await client.oss.bindCustomDomain(config.bucketName, wwwDomain, certificate);
+            if (wwwCnameInfo) {
+                const wwwInstanceId = wwwCnameInfo.dnsRecordId ?? wwwDomain;
+                const wwwDnsInstance = {
+                    sid: (0, common_1.buildSid)('aliyun', 'alidns', context.stage, wwwInstanceId),
+                    id: wwwInstanceId,
+                    type: types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME,
+                    domain: wwwDomain,
+                    cname: wwwCnameInfo.cname,
+                    isWwwVariant: true,
+                    ...(wwwCnameInfo.dnsRecordId ? { dnsRecordId: wwwCnameInfo.dnsRecordId } : {}),
+                    ...(wwwCnameInfo.txtRecordId ? { txtRecordId: wwwCnameInfo.txtRecordId } : {}),
+                };
+                instances.push(wwwDnsInstance);
             }
         }
+        // Refresh bucket info to capture auto-added CORS rule
+        bucketInfo = await client.oss.getBucket(config.bucketName);
+        if (bucketInfo) {
+            instances[0] = buildOssInstanceFromProvider(bucketInfo, sid);
+        }
     }
     // Upload static files if code path is specified
     if (bucket.website?.code) {
@@ -236,46 +261,78 @@ const updateBucketResource = async (context, bucket, state) => {
     const logicalId = `buckets.${bucket.key}`;
     const instances = [buildOssInstanceFromProvider(bucketInfo, sid)];
     const existingState = state.resources[logicalId];
-    const existingDnsInstance = existingState?.instances?.find((i) => i.type === types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME);
+    const existingDnsInstances = existingState?.instances?.filter((i) => i.type === types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME);
+    const existingPrimaryDnsInstance = existingDnsInstances?.find((i) => !i.isWwwVariant);
+    const existingWwwDnsInstance = existingDnsInstances?.find((i) => i.isWwwVariant);
     let cnameInfo;
     if (bucket.website?.domain) {
-        const domainChanged = existingDnsInstance?.domain !== bucket.website.domain;
-        if (domainChanged && existingDnsInstance) {
-            await client.oss.unbindCustomDomain(config.bucketName, existingDnsInstance.domain, existingDnsInstance.dnsRecordId, existingDnsInstance.txtRecordId);
+        const primaryDomain = bucket.website.domain;
+        const wwwBindApex = bucket.website.www_bind_apex ?? false;
+        const domainChanged = existingPrimaryDnsInstance?.domain !== primaryDomain;
+        if (domainChanged && existingDnsInstances) {
+            for (const instance of existingDnsInstances) {
+                await client.oss.unbindCustomDomain(config.bucketName, instance.domain, instance.dnsRecordId, instance.txtRecordId);
+            }
         }
         const certificate = await resolveBucketDomainCertificate(bucket, client);
         logger_1.logger.info(lang_1.lang.__('BINDING_CUSTOM_DOMAIN_TO_BUCKET', {
-            domain: bucket.website.domain,
+            domain: primaryDomain,
             bucketName: config.bucketName,
         }));
         if (certificate) {
             logger_1.logger.info(lang_1.lang.__('OSS_BUCKET_CERT_BINDING', {
-                domain: bucket.website.domain,
+                domain: primaryDomain,
                 bucketName: config.bucketName,
             }));
         }
-        cnameInfo = await client.oss.bindCustomDomain(config.bucketName, bucket.website.domain, certificate);
+        cnameInfo = await client.oss.bindCustomDomain(config.bucketName, primaryDomain, certificate);
         if (cnameInfo) {
-            const instanceId = cnameInfo.dnsRecordId ?? bucket.website.domain;
+            const instanceId = cnameInfo.dnsRecordId ?? primaryDomain;
             const dnsInstance = {
                 sid: (0, common_1.buildSid)('aliyun', 'alidns', context.stage, instanceId),
                 id: instanceId,
                 type: types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME,
-                domain: bucket.website.domain,
+                domain: primaryDomain,
                 cname: cnameInfo.cname,
                 ...(cnameInfo.dnsRecordId ? { dnsRecordId: cnameInfo.dnsRecordId } : {}),
                 ...(cnameInfo.txtRecordId ? { txtRecordId: cnameInfo.txtRecordId } : {}),
             };
             instances.push(dnsInstance);
-            // Refresh bucket info to capture auto-added CORS rule
-            const refreshedInfo = await client.oss.getBucket(config.bucketName);
-            if (refreshedInfo) {
-                instances[0] = buildOssInstanceFromProvider(refreshedInfo, sid);
+        }
+        const wwwDomain = wwwBindApex ? (0, domainUtils_1.deriveWwwDomain)(primaryDomain) : null;
+        if (wwwDomain) {
+            logger_1.logger.info(lang_1.lang.__('BINDING_CUSTOM_DOMAIN_TO_BUCKET', {
+                domain: wwwDomain,
+                bucketName: config.bucketName,
+            }));
+            const wwwCnameInfo = await client.oss.bindCustomDomain(config.bucketName, wwwDomain, certificate);
+            if (wwwCnameInfo) {
+                const wwwInstanceId = wwwCnameInfo.dnsRecordId ?? wwwDomain;
+                const wwwDnsInstance = {
+                    sid: (0, common_1.buildSid)('aliyun', 'alidns', context.stage, wwwInstanceId),
+                    id: wwwInstanceId,
+                    type: types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME,
+                    domain: wwwDomain,
+                    cname: wwwCnameInfo.cname,
+                    isWwwVariant: true,
+                    ...(wwwCnameInfo.dnsRecordId ? { dnsRecordId: wwwCnameInfo.dnsRecordId } : {}),
+                    ...(wwwCnameInfo.txtRecordId ? { txtRecordId: wwwCnameInfo.txtRecordId } : {}),
+                };
+                instances.push(wwwDnsInstance);
             }
         }
+        else if (existingWwwDnsInstance && !wwwBindApex) {
+            await client.oss.unbindCustomDomain(config.bucketName, existingWwwDnsInstance.domain, existingWwwDnsInstance.dnsRecordId, existingWwwDnsInstance.txtRecordId);
+        }
+        const refreshedInfo = await client.oss.getBucket(config.bucketName);
+        if (refreshedInfo) {
+            instances[0] = buildOssInstanceFromProvider(refreshedInfo, sid);
+        }
     }
-    else if (existingDnsInstance) {
-        await client.oss.unbindCustomDomain(config.bucketName, existingDnsInstance.domain, existingDnsInstance.dnsRecordId, existingDnsInstance.txtRecordId);
+    else if (existingDnsInstances) {
+        for (const instance of existingDnsInstances) {
+            await client.oss.unbindCustomDomain(config.bucketName, instance.domain, instance.dnsRecordId, instance.txtRecordId);
+        }
     }
     const resourceState = {
         mode: 'managed',
@@ -295,9 +352,11 @@ exports.updateBucketResource = updateBucketResource;
 const deleteBucketResource = async (context, bucketName, logicalId, state) => {
     const client = (0, aliyunClient_1.createAliyunClient)(context);
     const existingState = state.resources[logicalId];
-    const dnsInstance = existingState?.instances?.find((i) => i.type === types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME);
-    if (dnsInstance) {
-        await client.oss.unbindCustomDomain(bucketName, dnsInstance.domain, dnsInstance.dnsRecordId, dnsInstance.txtRecordId);
+    const dnsInstances = existingState?.instances?.filter((i) => i.type === types_1.ResourceTypeEnum.ALIYUN_OSS_DNS_CNAME);
+    if (dnsInstances) {
+        for (const dnsInstance of dnsInstances) {
+            await client.oss.unbindCustomDomain(bucketName, dnsInstance.domain, dnsInstance.dnsRecordId, dnsInstance.txtRecordId);
+        }
     }
     try {
         await client.oss.deleteBucket(bucketName);

package/dist/src/stack/aliyunStack/ossTypes.js

@@ -30,6 +30,30 @@ const bucketToOssBucketConfig = (bucket) => {
     if (bucket.website?.domain) {
         config.domain = bucket.website.domain;
     }
+    if (bucket.website?.www_bind_apex !== undefined) {
+        config.wwwBindApex = bucket.website.www_bind_apex;
+    }
+    if (bucket.website?.domain_certificate_id) {
+        config.domainCertificateId = bucket.website.domain_certificate_id;
+    }
+    if (bucket.website?.domain_certificate_body) {
+        config.domainCertificateBody = bucket.website.domain_certificate_body;
+    }
+    if (bucket.website?.domain_certificate_private_key) {
+        config.domainCertificatePrivateKey = bucket.website.domain_certificate_private_key;
+    }
+    if (bucket.website?.domain_protocol) {
+        config.domainProtocol = bucket.website.domain_protocol;
+    }
+    if (bucket.versioning?.status) {
+        config.versioningStatus = bucket.versioning.status;
+    }
+    if (bucket.security?.sse_algorithm) {
+        config.sseAlgorithm = bucket.security.sse_algorithm;
+    }
+    if (bucket.security?.sse_kms_master_key_id) {
+        config.sseKmsMasterKeyId = bucket.security.sse_kms_master_key_id;
+    }
     return config;
 };
 exports.bucketToOssBucketConfig = bucketToOssBucketConfig;
@@ -45,6 +69,14 @@ const extractOssBucketDefinition = (config) => {
             : {},
         storageClass: config.storageClass ?? null,
         domain: config.domain ?? null,
+        wwwBindApex: config.wwwBindApex ?? false,
+        domainCertificateId: config.domainCertificateId ?? null,
+        domainCertificateBody: config.domainCertificateBody ?? null,
+        domainCertificatePrivateKey: config.domainCertificatePrivateKey ? '(managed)' : null,
+        domainProtocol: config.domainProtocol ?? null,
+        versioningStatus: config.versioningStatus ?? null,
+        sseAlgorithm: config.sseAlgorithm ?? null,
+        sseKmsMasterKeyId: config.sseKmsMasterKeyId ?? null,
     };
 };
 exports.extractOssBucketDefinition = extractOssBucketDefinition;

package/dist/src/stack/aliyunStack/tablestoreTypes.js

@@ -43,7 +43,12 @@ const tableToTableStoreConfig = (table) => {
         instanceName: table.collection,
         tableName: table.name,
         clusterType,
+        description: table.desc,
         primaryKey,
+        attributes: table.attributes.map((attr) => ({
+            name: attr.name,
+            type: attr.type,
+        })),
         network: table.network,
     };
     // Add reserved throughput if specified
@@ -55,6 +60,12 @@ const tableToTableStoreConfig = (table) => {
             },
         };
     }
+    if (table.throughput?.onDemand) {
+        config.onDemandThroughput = {
+            read: table.throughput.onDemand.read,
+            write: table.throughput.onDemand.write,
+        };
+    }
     // Default table options
     config.tableOptions = {
         timeToLive: -1, // -1 means never expire
@@ -68,8 +79,11 @@ const extractTableStoreDefinition = (config) => {
         instanceName: config.instanceName,
         tableName: config.tableName,
         clusterType: config.clusterType,
+        description: config.description ?? null,
         primaryKey: config.primaryKey,
+        attributes: config.attributes,
         reservedThroughput: config.reservedThroughput ?? null,
+        onDemandThroughput: config.onDemandThroughput ?? null,
         tableOptions: config.tableOptions ?? null,
         network: config.network ?? null,
     };