npm - @go-to-k/cdkd - Versions diffs - 0.0.3 → 0.1.0 - Mend

@go-to-k/cdkd 0.0.3 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +5 -0
package/dist/cli.js +149 -10
package/dist/cli.js.map +3 -3
package/dist/go-to-k-cdkd-0.1.0.tgz +0 -0
package/dist/index.js +135 -4
package/dist/index.js.map +3 -3
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.0.3.tgz +0 -0

package/README.md CHANGED Viewed

@@ -99,6 +99,8 @@ Reproduce with `./tests/benchmark/run-benchmark.sh all`. See [tests/benchmark/RE
    └── Initialize AWS clients
 2. Synthesis (self-implemented, no CDK CLI dependency)
+   ├── Short-circuit: if --app is an existing directory, treat it as a
+   │   pre-synthesized cloud assembly and skip the steps below
    ├── Load context (merge order, later wins):
    │   ├── CDK defaults (path-metadata, asset-metadata, version-reporting, bundling-stacks)
    │   ├── ~/.cdk.json "context" field (user defaults)
@@ -364,6 +366,9 @@ cdkd bootstrap \
 # Synthesize only
 cdkd synth --app "npx ts-node app.ts"
+# Deploy from a pre-synthesized cloud assembly directory
+cdkd deploy --app cdk.out
 # Deploy (single stack auto-detected, reads --app from cdk.json)
 cdkd deploy

package/dist/cli.js CHANGED Viewed

@@ -477,12 +477,16 @@ function parseContextOptions(contextArgs) {
 var commonOptions = [
   new Option("--verbose", "Enable verbose logging").default(false),
   new Option("--region <region>", "AWS region"),
-  new Option("--profile <profile>", "AWS profile")
+  new Option("--profile <profile>", "AWS profile"),
+  new Option(
+    "-y, --yes",
+    "Automatically answer interactive prompts with the recommended response (e.g. confirm destroy)"
+  ).default(false)
 ];
 var appOptions = [
   new Option(
-    "--app <command>",
-    'CDK app command (e.g., "npx ts-node app.ts"). Falls back to cdk.json or CDKD_APP env'
+    "-a, --app <command>",
+    'CDK app command (e.g., "npx ts-node app.ts") or path to a pre-synthesized cloud assembly directory. Falls back to cdk.json or CDKD_APP env'
   ),
   new Option("--output <path>", "Output directory for synthesis").default("cdk.out")
 ];
@@ -517,7 +521,11 @@ var contextOptions = [
     "Set context values (can be specified multiple times)"
   )
 ];
-var destroyOptions = [new Option("--force", "Skip confirmation prompt").default(false)];
+var destroyOptions = [
+  new Option("-f, --force", "Do not ask for confirmation before destroying the stacks").default(
+    false
+  )
+];
 // src/utils/logger.ts
 var colors = {
@@ -950,7 +958,7 @@ import { writeFileSync as writeFileSync3 } from "fs";
 import { join as join4 } from "path";
 // src/synthesis/synthesizer.ts
-import { mkdirSync } from "node:fs";
+import { existsSync as existsSync3, mkdirSync, statSync } from "node:fs";
 import { resolve as resolve3 } from "node:path";
 import { GetCallerIdentityCommand as GetCallerIdentityCommand2, STSClient as STSClient2 } from "@aws-sdk/client-sts";
@@ -2118,6 +2126,14 @@ var Synthesizer = class {
    * 5. Return assembly with stacks
    */
   async synthesize(options) {
+    const appPath = resolve3(options.app);
+    if (existsSync3(appPath) && statSync(appPath).isDirectory()) {
+      this.logger.debug(`Using pre-synthesized cloud assembly at ${appPath}`);
+      const manifest = this.assemblyReader.readManifest(appPath);
+      const stacks = this.assemblyReader.getAllStacks(appPath, manifest);
+      this.logger.debug(`Loaded ${stacks.length} stack(s) from pre-synthesized assembly`);
+      return { manifest, assemblyDir: appPath, stacks };
+    }
     const outputDir = resolve3(options.output || "cdk.out");
     mkdirSync(outputDir, { recursive: true });
     const userCdkJson = loadUserCdkJson();
@@ -2318,7 +2334,7 @@ import { Command as Command3 } from "commander";
 import { readFileSync as readFileSync4 } from "node:fs";
 // src/assets/file-asset-publisher.ts
-import { createReadStream, statSync } from "node:fs";
+import { createReadStream, statSync as statSync2 } from "node:fs";
 import { join as join5, basename } from "node:path";
 import { S3Client as S3Client2, HeadObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
 var FileAssetPublisher = class {
@@ -2388,7 +2404,7 @@ var FileAssetPublisher = class {
    * Upload a single file to S3
    */
   async uploadFile(client, filePath, bucket, key) {
-    const stat = statSync(filePath);
+    const stat = statSync2(filePath);
     const stream = createReadStream(filePath);
     await client.send(
       new PutObjectCommand({
@@ -2410,7 +2426,7 @@ var FileAssetPublisher = class {
       archive.on("data", (chunk) => chunks.push(chunk));
       archive.on("end", () => resolve4(Buffer.concat(chunks)));
       archive.on("error", reject);
-      const stat = statSync(dirPath);
+      const stat = statSync2(dirPath);
       if (stat.isDirectory()) {
         archive.directory(dirPath, false);
       } else {
@@ -3519,6 +3535,11 @@ var TemplateParser = class {
 // src/analyzer/dag-builder.ts
 var { Graph, alg } = graphlib;
+var IAM_ROLE_POLICY_TYPES = /* @__PURE__ */ new Set([
+  "AWS::IAM::Policy",
+  "AWS::IAM::RolePolicy",
+  "AWS::IAM::ManagedPolicy"
+]);
 var DagBuilder = class {
   logger = getLogger().child("DagBuilder");
   parser = new TemplateParser();
@@ -3559,6 +3580,7 @@ var DagBuilder = class {
       }
     }
     this.logger.debug(`Dependency graph built: ${resourceIds.length} nodes, ${edgeCount} edges`);
+    edgeCount += this.addCustomResourcePolicyEdges(graph, template);
     if (!alg.isAcyclic(graph)) {
       const cycles = this.findCycles(graph);
       throw new DependencyError(
@@ -3701,6 +3723,123 @@ var DagBuilder = class {
     const deps = this.getAllDependencies(graph, resourceA);
     return deps.has(resourceB);
   }
+  /**
+   * Add implicit edges from IAM::Policy resources to Custom Resources whose
+   * ServiceToken Lambda's execution role those policies attach to.
+   *
+   * Returns the number of edges added.
+   */
+  addCustomResourcePolicyEdges(graph, template) {
+    const rolePolicies = this.buildRolePoliciesMap(template);
+    if (rolePolicies.size === 0) {
+      return 0;
+    }
+    let added = 0;
+    for (const logicalId of this.parser.getResourceIds(template)) {
+      const resource = this.parser.getResource(template, logicalId);
+      if (!resource || !this.isCustomResourceType(resource.Type)) {
+        continue;
+      }
+      const serviceToken = (resource.Properties ?? {})["ServiceToken"];
+      const lambdaId = this.extractLogicalIdFromReference(serviceToken);
+      if (!lambdaId)
+        continue;
+      const lambdaResource = this.parser.getResource(template, lambdaId);
+      if (!lambdaResource || lambdaResource.Type !== "AWS::Lambda::Function") {
+        continue;
+      }
+      const roleId = this.extractLogicalIdFromReference((lambdaResource.Properties ?? {})["Role"]);
+      if (!roleId)
+        continue;
+      const policies = rolePolicies.get(roleId);
+      if (!policies)
+        continue;
+      for (const policyId of policies) {
+        if (policyId === logicalId)
+          continue;
+        if (!graph.hasNode(policyId))
+          continue;
+        if (graph.hasEdge(policyId, logicalId))
+          continue;
+        graph.setEdge(policyId, logicalId);
+        added++;
+        this.logger.debug(
+          `Added implicit edge (custom resource policy): ${policyId} -> ${logicalId}`
+        );
+      }
+    }
+    if (added > 0) {
+      this.logger.debug(`Added ${added} implicit edges for custom resource policies`);
+    }
+    return added;
+  }
+  isCustomResourceType(type) {
+    return type === "AWS::CloudFormation::CustomResource" || type.startsWith("Custom::");
+  }
+  /**
+   * Build a map of roleLogicalId -> Set<policyLogicalId> by scanning the
+   * template for IAM::Policy / IAM::RolePolicy / IAM::ManagedPolicy resources
+   * that attach to a role by Ref/GetAtt.
+   */
+  buildRolePoliciesMap(template) {
+    const map = /* @__PURE__ */ new Map();
+    for (const [policyId, resource] of Object.entries(template.Resources)) {
+      if (!IAM_ROLE_POLICY_TYPES.has(resource.Type))
+        continue;
+      for (const roleId of this.extractAttachedRoleIds(resource)) {
+        let set = map.get(roleId);
+        if (!set) {
+          set = /* @__PURE__ */ new Set();
+          map.set(roleId, set);
+        }
+        set.add(policyId);
+      }
+    }
+    return map;
+  }
+  /**
+   * Extract the logical IDs of IAM::Role resources that a policy resource
+   * attaches to. Supports both `Roles: [Ref]` (IAM::Policy / IAM::ManagedPolicy)
+   * and `RoleName: Ref` (IAM::RolePolicy) shapes.
+   */
+  extractAttachedRoleIds(resource) {
+    const ids = [];
+    const props = resource.Properties ?? {};
+    const roles = props["Roles"];
+    if (Array.isArray(roles)) {
+      for (const entry of roles) {
+        const id = this.extractLogicalIdFromReference(entry);
+        if (id)
+          ids.push(id);
+      }
+    }
+    const roleName = props["RoleName"];
+    const roleNameId = this.extractLogicalIdFromReference(roleName);
+    if (roleNameId)
+      ids.push(roleNameId);
+    return ids;
+  }
+  /**
+   * Extract a resource logical ID from a direct Ref or Fn::GetAtt expression.
+   * Returns undefined for literals or intrinsics we can't statically resolve
+   * (Fn::Join, Fn::ImportValue, etc.) — callers should skip in that case.
+   */
+  extractLogicalIdFromReference(value) {
+    if (typeof value !== "object" || value === null)
+      return void 0;
+    const obj = value;
+    if ("Ref" in obj && typeof obj["Ref"] === "string") {
+      const ref = obj["Ref"];
+      return ref.startsWith("AWS::") ? void 0 : ref;
+    }
+    if ("Fn::GetAtt" in obj) {
+      const getAtt = obj["Fn::GetAtt"];
+      if (Array.isArray(getAtt) && typeof getAtt[0] === "string") {
+        return getAtt[0];
+      }
+    }
+    return void 0;
+  }
 };
 // src/analyzer/replacement-rules.ts
@@ -26588,7 +26727,7 @@ Resources to be deleted (${resourceCount}):`);
       for (const [logicalId, resource] of Object.entries(currentState.resources)) {
         logger.info(`  - ${logicalId} (${resource.resourceType})`);
       }
-      if (!options.force) {
+      if (!options.yes && !options.force) {
         const rl = readline.createInterface({
           input: process.stdin,
           output: process.stdout
@@ -26890,7 +27029,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command8();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.0.3");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.1.0");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createDeployCommand());