npm - @go-to-k/cdkd - Versions diffs - 0.102.1 → 0.102.3 - Mend

@go-to-k/cdkd 0.102.1 → 0.102.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -3435,15 +3435,27 @@ var S3BucketProvider = class {
 			const region = await this.getRegion();
 			if (region !== "us-east-1") createParams.CreateBucketConfiguration = { LocationConstraint: region };
 			if (properties["ObjectLockEnabled"] === true || properties["ObjectLockEnabled"] === "true") createParams.ObjectLockEnabledForBucket = true;
+			let createdNewBucket = false;
 			try {
 				await this.s3Client.send(new CreateBucketCommand(createParams));
+				createdNewBucket = true;
 				this.logger.debug(`Created S3 bucket: ${bucketName}`);
 			} catch (createError) {
 				if (createError instanceof Error && (createError.name === "BucketAlreadyOwnedByYou" || createError.message.includes("you already own it"))) this.logger.debug(`S3 bucket ${bucketName} already exists and is owned by you`);
 				else throw createError;
 			}
-			await this.applyConfiguration(bucketName, properties);
-			await this.applyAllSubConfigsForCreate(bucketName, properties);
+			try {
+				await this.applyConfiguration(bucketName, properties);
+				await this.applyAllSubConfigsForCreate(bucketName, properties);
+			} catch (innerError) {
+				if (createdNewBucket) try {
+					await this.s3Client.send(new DeleteBucketCommand({ Bucket: bucketName }));
+					this.logger.debug(`Cleaned up partially-created S3 bucket ${logicalId} (${bucketName}) after wiring failure`);
+				} catch (cleanupError) {
+					this.logger.warn(`Failed to clean up partially-created S3 bucket ${logicalId} (${bucketName}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: aws s3api delete-bucket --bucket '${bucketName}'`);
+				}
+				throw innerError;
+			}
 			const attributes = await this.buildAttributes(bucketName);
 			this.logger.debug(`Successfully created S3 bucket ${logicalId}: ${bucketName}`);
 			return {
@@ -7810,46 +7822,56 @@ var LogsLogGroupProvider = class {
 				const cfnTags = properties["Tags"];
 				createParams.tags = Object.fromEntries(cfnTags.map((t) => [t.Key, t.Value]));
 			}
-			await this.logsClient.send(new CreateLogGroupCommand(createParams));
-			const retentionInDays = properties["RetentionInDays"];
-			if (retentionInDays) await this.logsClient.send(new PutRetentionPolicyCommand({
-				logGroupName,
-				retentionInDays
-			}));
-			if (properties["DataProtectionPolicy"]) {
-				const policyDocument = typeof properties["DataProtectionPolicy"] === "string" ? properties["DataProtectionPolicy"] : JSON.stringify(properties["DataProtectionPolicy"]);
-				await this.logsClient.send(new PutDataProtectionPolicyCommand({
-					logGroupIdentifier: logGroupName,
-					policyDocument
-				}));
+			let createdNewLogGroup = false;
+			try {
+				await this.logsClient.send(new CreateLogGroupCommand(createParams));
+				createdNewLogGroup = true;
+			} catch (createError) {
+				if (createError instanceof ResourceAlreadyExistsException) this.logger.debug(`Log group ${logGroupName} already exists, using existing`);
+				else throw createError;
 			}
-			const fieldIndexPolicies = properties["FieldIndexPolicies"];
-			if (fieldIndexPolicies && fieldIndexPolicies.length > 0) {
-				if (fieldIndexPolicies.length > 1) this.logger.debug(`Log group ${logicalId} declares ${fieldIndexPolicies.length} FieldIndexPolicies; AWS only supports one log-group-level field index policy. Applying the first.`);
-				const first = fieldIndexPolicies[0];
-				const policyDocument = typeof first === "string" ? first : JSON.stringify(first);
-				await this.logsClient.send(new PutIndexPolicyCommand({
+			try {
+				const retentionInDays = properties["RetentionInDays"];
+				if (retentionInDays) await this.logsClient.send(new PutRetentionPolicyCommand({
+					logGroupName,
+					retentionInDays
+				}));
+				if (properties["DataProtectionPolicy"]) {
+					const policyDocument = typeof properties["DataProtectionPolicy"] === "string" ? properties["DataProtectionPolicy"] : JSON.stringify(properties["DataProtectionPolicy"]);
+					await this.logsClient.send(new PutDataProtectionPolicyCommand({
+						logGroupIdentifier: logGroupName,
+						policyDocument
+					}));
+				}
+				const fieldIndexPolicies = properties["FieldIndexPolicies"];
+				if (fieldIndexPolicies && fieldIndexPolicies.length > 0) {
+					if (fieldIndexPolicies.length > 1) this.logger.debug(`Log group ${logicalId} declares ${fieldIndexPolicies.length} FieldIndexPolicies; AWS only supports one log-group-level field index policy. Applying the first.`);
+					const first = fieldIndexPolicies[0];
+					const policyDocument = typeof first === "string" ? first : JSON.stringify(first);
+					await this.logsClient.send(new PutIndexPolicyCommand({
+						logGroupIdentifier: logGroupName,
+						policyDocument
+					}));
+				}
+				if (properties["BearerTokenAuthenticationEnabled"] !== void 0) await this.logsClient.send(new PutBearerTokenAuthenticationCommand({
 					logGroupIdentifier: logGroupName,
-					policyDocument
+					bearerTokenAuthenticationEnabled: properties["BearerTokenAuthenticationEnabled"]
 				}));
+			} catch (innerError) {
+				if (createdNewLogGroup) try {
+					await this.logsClient.send(new DeleteLogGroupCommand({ logGroupName }));
+					this.logger.debug(`Cleaned up partially-created log group ${logicalId} (${logGroupName}) after wiring failure`);
+				} catch (cleanupError) {
+					this.logger.warn(`Failed to clean up partially-created log group ${logicalId} (${logGroupName}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: aws logs delete-log-group --log-group-name '${logGroupName}'`);
+				}
+				throw innerError;
 			}
-			if (properties["BearerTokenAuthenticationEnabled"] !== void 0) await this.logsClient.send(new PutBearerTokenAuthenticationCommand({
-				logGroupIdentifier: logGroupName,
-				bearerTokenAuthenticationEnabled: properties["BearerTokenAuthenticationEnabled"]
-			}));
 			this.logger.debug(`Successfully created log group ${logicalId}: ${logGroupName}`);
 			return {
 				physicalId: logGroupName,
 				attributes: { Arn: await this.buildArn(logGroupName) }
 			};
 		} catch (error) {
-			if (error instanceof ResourceAlreadyExistsException) {
-				this.logger.debug(`Log group ${logGroupName} already exists, using existing`);
-				return {
-					physicalId: logGroupName,
-					attributes: { Arn: await this.buildArn(logGroupName) }
-				};
-			}
 			const cause = error instanceof Error ? error : void 0;
 			throw new ProvisioningError(`Failed to create log group ${logicalId}: ${error instanceof Error ? error.message : String(error)}`, resourceType, logicalId, logGroupName, cause);
 		}
@@ -8756,16 +8778,26 @@ var SSMParameterProvider = class {
 			if (properties["Policies"]) putParams.Policies = properties["Policies"];
 			if (properties["DataType"]) putParams.DataType = properties["DataType"];
 			await this.ssmClient.send(new PutParameterCommand(putParams));
-			if (properties["Tags"]) {
-				const ssmTags = properties["Tags"].map((t) => ({
-					Key: t.Key,
-					Value: t.Value
-				}));
-				await this.ssmClient.send(new AddTagsToResourceCommand({
-					ResourceType: "Parameter",
-					ResourceId: name,
-					Tags: ssmTags
-				}));
+			try {
+				if (properties["Tags"]) {
+					const ssmTags = properties["Tags"].map((t) => ({
+						Key: t.Key,
+						Value: t.Value
+					}));
+					await this.ssmClient.send(new AddTagsToResourceCommand({
+						ResourceType: "Parameter",
+						ResourceId: name,
+						Tags: ssmTags
+					}));
+				}
+			} catch (innerError) {
+				try {
+					await this.ssmClient.send(new DeleteParameterCommand({ Name: name }));
+					this.logger.debug(`Cleaned up partially-created SSM parameter ${logicalId} (${name}) after wiring failure`);
+				} catch (cleanupError) {
+					this.logger.warn(`Failed to clean up partially-created SSM parameter ${logicalId} (${name}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: aws ssm delete-parameter --name '${name}'`);
+				}
+				throw innerError;
 			}
 			this.logger.debug(`Successfully created SSM parameter ${logicalId}: ${name}`);
 			return {
@@ -12357,6 +12389,21 @@ var ApiGatewayProvider = class ApiGatewayProvider {
 	* `Invalid mapping expression specified: ... [No method response exists
 	* for method.]` — the canonical trigger is a CORS preflight OPTIONS
 	* method emitted by `RestApi({ defaultCorsPreflightOptions: ... })`.
+	*
+	* Partial-failure cleanup: if any AWS call AFTER `PutMethodCommand`
+	* fails, the method has already been created on AWS but cdkd state
+	* does NOT record it (the throw happens before the success return).
+	* A subsequent redeploy would then attempt CREATE again and AWS would
+	* reject with `Method already exists for this resource`. To prevent
+	* this orphan, the post-`PutMethod` block is wrapped in an inner
+	* try/catch that issues a best-effort `DeleteMethodCommand` before
+	* re-throwing the original error. Cleanup failures are logged at warn
+	* (the underlying create failure is what matters; we don't mask it by
+	* promoting a cleanup error). The class of bug — partial AWS-side
+	* commit on `createMethod` failure — was first seen via the
+	* `PutIntegrationResponse`-before-`PutMethodResponse` ordering bug
+	* fixed in PR #373; this cleanup makes any future shape of
+	* post-`PutMethod` failure self-healing on the next redeploy.
 	*/
 	async createMethod(logicalId, resourceType, properties) {
 		this.logger.debug(`Creating API Gateway Method ${logicalId}`);
@@ -12386,54 +12433,68 @@ var ApiGatewayProvider = class ApiGatewayProvider {
 				requestValidatorId,
 				authorizationScopes
 			}));
-			const integration = properties["Integration"];
-			if (integration) await this.apiGatewayClient.send(new PutIntegrationCommand({
-				restApiId,
-				resourceId,
-				httpMethod,
-				type: integration["Type"],
-				integrationHttpMethod: integration["IntegrationHttpMethod"],
-				uri: integration["Uri"],
-				connectionType: integration["ConnectionType"],
-				connectionId: integration["ConnectionId"],
-				credentials: integration["Credentials"],
-				requestParameters: integration["RequestParameters"],
-				requestTemplates: integration["RequestTemplates"],
-				passthroughBehavior: integration["PassthroughBehavior"],
-				contentHandling: integration["ContentHandling"],
-				timeoutInMillis: integration["TimeoutInMillis"],
-				cacheNamespace: integration["CacheNamespace"],
-				cacheKeyParameters: integration["CacheKeyParameters"],
-				tlsConfig: integration["TlsConfig"] ? { insecureSkipVerification: integration["TlsConfig"]["InsecureSkipVerification"] } : void 0,
-				responseTransferMode: integration["ResponseTransferMode"]
-			}));
-			const methodResponses = properties["MethodResponses"];
-			if (methodResponses) for (const resp of methodResponses) {
-				const statusCode = String(resp["StatusCode"]);
-				await this.apiGatewayClient.send(new PutMethodResponseCommand({
+			try {
+				const integration = properties["Integration"];
+				if (integration) await this.apiGatewayClient.send(new PutIntegrationCommand({
 					restApiId,
 					resourceId,
 					httpMethod,
-					statusCode,
-					responseModels: resp["ResponseModels"],
-					responseParameters: resp["ResponseParameters"]
+					type: integration["Type"],
+					integrationHttpMethod: integration["IntegrationHttpMethod"],
+					uri: integration["Uri"],
+					connectionType: integration["ConnectionType"],
+					connectionId: integration["ConnectionId"],
+					credentials: integration["Credentials"],
+					requestParameters: integration["RequestParameters"],
+					requestTemplates: integration["RequestTemplates"],
+					passthroughBehavior: integration["PassthroughBehavior"],
+					contentHandling: integration["ContentHandling"],
+					timeoutInMillis: integration["TimeoutInMillis"],
+					cacheNamespace: integration["CacheNamespace"],
+					cacheKeyParameters: integration["CacheKeyParameters"],
+					tlsConfig: integration["TlsConfig"] ? { insecureSkipVerification: integration["TlsConfig"]["InsecureSkipVerification"] } : void 0,
+					responseTransferMode: integration["ResponseTransferMode"]
 				}));
-			}
-			if (integration) {
-				const integrationResponses = integration["IntegrationResponses"];
-				if (integrationResponses) for (const ir of integrationResponses) {
-					const statusCode = String(ir["StatusCode"]);
-					await this.apiGatewayClient.send(new PutIntegrationResponseCommand({
+				const methodResponses = properties["MethodResponses"];
+				if (methodResponses) for (const resp of methodResponses) {
+					const statusCode = String(resp["StatusCode"]);
+					await this.apiGatewayClient.send(new PutMethodResponseCommand({
 						restApiId,
 						resourceId,
 						httpMethod,
 						statusCode,
-						selectionPattern: ir["SelectionPattern"],
-						responseParameters: ir["ResponseParameters"],
-						responseTemplates: ir["ResponseTemplates"],
-						contentHandling: ir["ContentHandling"]
+						responseModels: resp["ResponseModels"],
+						responseParameters: resp["ResponseParameters"]
+					}));
+				}
+				if (integration) {
+					const integrationResponses = integration["IntegrationResponses"];
+					if (integrationResponses) for (const ir of integrationResponses) {
+						const statusCode = String(ir["StatusCode"]);
+						await this.apiGatewayClient.send(new PutIntegrationResponseCommand({
+							restApiId,
+							resourceId,
+							httpMethod,
+							statusCode,
+							selectionPattern: ir["SelectionPattern"],
+							responseParameters: ir["ResponseParameters"],
+							responseTemplates: ir["ResponseTemplates"],
+							contentHandling: ir["ContentHandling"]
+						}));
+					}
+				}
+			} catch (innerError) {
+				try {
+					await this.apiGatewayClient.send(new DeleteMethodCommand({
+						restApiId,
+						resourceId,
+						httpMethod
 					}));
+					this.logger.debug(`Cleaned up partially-created API Gateway Method ${logicalId} (${restApiId}/${resourceId}/${httpMethod}) after wiring failure`);
+				} catch (cleanupError) {
+					this.logger.warn(`Failed to clean up partially-created API Gateway Method ${logicalId} (${restApiId}/${resourceId}/${httpMethod}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: aws apigateway delete-method --rest-api-id ${restApiId} --resource-id ${resourceId} --http-method ${httpMethod}`);
 				}
+				throw innerError;
 			}
 			const physicalId = `${restApiId}|${resourceId}|${httpMethod}`;
 			this.logger.debug(`Successfully created API Gateway Method ${logicalId}: ${physicalId}`);
@@ -42709,7 +42770,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.102.1");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.102.3");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());