@go-to-k/cdkd 0.102.3 → 0.102.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +122 -67
- package/dist/cli.js.map +1 -1
- package/dist/{deploy-engine-D4t--jpp.js → deploy-engine-DGKtcKF6.js} +38 -26
- package/dist/{deploy-engine-D4t--jpp.js.map → deploy-engine-DGKtcKF6.js.map} +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import { a as setAwsClients, i as resetAwsClients, r as getAwsClients, t as AwsClients } from "./aws-clients-CuHRHcyW.js";
|
|
3
|
-
import { A as resolveApp, B as CdkdError, C as AssetPublisher, D as Synthesizer, E as buildDockerImage, F as warnDeprecatedNoPrefixCliFlag, G as PartialFailureError, I as AssemblyReader, J as ResourceUpdateNotSupportedError, K as ProvisioningError, M as resolveSkipPrefix, N as resolveStateBucketWithDefault, O as getDefaultStateBucketName, P as resolveStateBucketWithDefaultAndSource, R as resolveBucketRegion, S as shouldRetainResource, T as WorkGraph, U as LocalInvokeBuildError, X as StackHasActiveImportsError, Y as RouteDiscoveryError, Z as StackTerminationProtectionError, _ as DiffCalculator, a as withRetry, at as getLogger, b as LockManager, c as collectInlinePolicyNamesManagedBySiblings, ct as getLiveRenderer, d as normalizeAwsTagsToCfn, dt as generateResourceName, f as resolveExplicitPhysicalId, ft as generateResourceNameWithFallback, g as IntrinsicFunctionResolver, h as assertRegionMatch, i as withResourceDeadline, j as resolveCaptureObservedState, k as getLegacyStateBucketName, l as CDK_PATH_TAG, lt as PATTERN_B_NAME_PROPERTIES, m as CloudControlProvider, mt as withStackName, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as normalizeAwsError, o as IMPLICIT_DELETE_DEPENDENCIES, p as ProviderRegistry, pt as withSkipPrefix, q as ResourceTimeoutError, r as DeployEngine, rt as withErrorHandling, s as IAMRoleProvider, st as runStackBuffered, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as matchesCdkPath, ut as PATTERN_B_RESOURCE_TYPES, v as DagBuilder, w as stringifyValue, x as S3StateBackend, y as TemplateParser } from "./deploy-engine-
|
|
3
|
+
import { A as resolveApp, B as CdkdError, C as AssetPublisher, D as Synthesizer, E as buildDockerImage, F as warnDeprecatedNoPrefixCliFlag, G as PartialFailureError, I as AssemblyReader, J as ResourceUpdateNotSupportedError, K as ProvisioningError, M as resolveSkipPrefix, N as resolveStateBucketWithDefault, O as getDefaultStateBucketName, P as resolveStateBucketWithDefaultAndSource, R as resolveBucketRegion, S as shouldRetainResource, T as WorkGraph, U as LocalInvokeBuildError, X as StackHasActiveImportsError, Y as RouteDiscoveryError, Z as StackTerminationProtectionError, _ as DiffCalculator, a as withRetry, at as getLogger, b as LockManager, c as collectInlinePolicyNamesManagedBySiblings, ct as getLiveRenderer, d as normalizeAwsTagsToCfn, dt as generateResourceName, f as resolveExplicitPhysicalId, ft as generateResourceNameWithFallback, g as IntrinsicFunctionResolver, h as assertRegionMatch, i as withResourceDeadline, j as resolveCaptureObservedState, k as getLegacyStateBucketName, l as CDK_PATH_TAG, lt as PATTERN_B_NAME_PROPERTIES, m as CloudControlProvider, mt as withStackName, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as normalizeAwsError, o as IMPLICIT_DELETE_DEPENDENCIES, p as ProviderRegistry, pt as withSkipPrefix, q as ResourceTimeoutError, r as DeployEngine, rt as withErrorHandling, s as IAMRoleProvider, st as runStackBuffered, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as matchesCdkPath, ut as PATTERN_B_RESOURCE_TYPES, v as DagBuilder, w as stringifyValue, x as S3StateBackend, y as TemplateParser } from "./deploy-engine-DGKtcKF6.js";
|
|
4
4
|
import { createHash, createPublicKey, createVerify, randomBytes, randomUUID } from "node:crypto";
|
|
5
5
|
import { CopyObjectCommand, CreateBucketCommand, DeleteBucketAnalyticsConfigurationCommand, DeleteBucketCommand, DeleteBucketCorsCommand, DeleteBucketIntelligentTieringConfigurationCommand, DeleteBucketInventoryConfigurationCommand, DeleteBucketLifecycleCommand, DeleteBucketMetricsConfigurationCommand, DeleteBucketPolicyCommand, DeleteBucketReplicationCommand, DeleteBucketTaggingCommand, DeleteBucketWebsiteCommand, DeleteObjectCommand, DeleteObjectsCommand, GetBucketAccelerateConfigurationCommand, GetBucketCorsCommand, GetBucketEncryptionCommand, GetBucketLifecycleConfigurationCommand, GetBucketLocationCommand, GetBucketLoggingCommand, GetBucketNotificationConfigurationCommand, GetBucketPolicyCommand, GetBucketReplicationCommand, GetBucketTaggingCommand, GetBucketVersioningCommand, GetBucketWebsiteCommand, GetObjectCommand, GetObjectLockConfigurationCommand, GetPublicAccessBlockCommand, HeadBucketCommand, ListBucketAnalyticsConfigurationsCommand, ListBucketIntelligentTieringConfigurationsCommand, ListBucketInventoryConfigurationsCommand, ListBucketMetricsConfigurationsCommand, ListBucketsCommand, ListDirectoryBucketsCommand, ListObjectVersionsCommand, ListObjectsV2Command, NoSuchBucket, PutBucketAccelerateConfigurationCommand, PutBucketAnalyticsConfigurationCommand, PutBucketCorsCommand, PutBucketEncryptionCommand, PutBucketIntelligentTieringConfigurationCommand, PutBucketInventoryConfigurationCommand, PutBucketLifecycleConfigurationCommand, PutBucketLoggingCommand, PutBucketMetricsConfigurationCommand, PutBucketNotificationConfigurationCommand, PutBucketOwnershipControlsCommand, PutBucketPolicyCommand, PutBucketReplicationCommand, PutBucketTaggingCommand, PutBucketVersioningCommand, PutBucketWebsiteCommand, PutObjectCommand, PutObjectLockConfigurationCommand, PutPublicAccessBlockCommand, S3Client, S3ServiceException } from "@aws-sdk/client-s3";
|
|
6
6
|
import { AddRoleToInstanceProfileCommand, AddUserToGroupCommand, AttachGroupPolicyCommand, AttachUserPolicyCommand, CreateGroupCommand, CreateInstanceProfileCommand, CreateLoginProfileCommand, CreateUserCommand, DeleteAccessKeyCommand, DeleteGroupCommand, DeleteGroupPolicyCommand, DeleteInstanceProfileCommand, DeleteLoginProfileCommand, DeleteRolePolicyCommand, DeleteUserCommand, DeleteUserPermissionsBoundaryCommand, DeleteUserPolicyCommand, DetachGroupPolicyCommand, DetachUserPolicyCommand, GetGroupCommand, GetGroupPolicyCommand, GetInstanceProfileCommand, GetRolePolicyCommand, GetUserCommand, GetUserPolicyCommand, IAMClient, ListAccessKeysCommand, ListAttachedGroupPoliciesCommand, ListAttachedUserPoliciesCommand, ListGroupPoliciesCommand, ListGroupsForUserCommand, ListInstanceProfilesCommand, ListUserPoliciesCommand, ListUserTagsCommand, ListUsersCommand, NoSuchEntityException, PutGroupPolicyCommand, PutRolePolicyCommand, PutUserPermissionsBoundaryCommand, PutUserPolicyCommand, RemoveRoleFromInstanceProfileCommand, RemoveUserFromGroupCommand, TagUserCommand, UntagUserCommand, UpdateLoginProfileCommand } from "@aws-sdk/client-iam";
|
|
@@ -1592,12 +1592,32 @@ var IAMInstanceProfileProvider = class {
|
|
|
1592
1592
|
Path: path
|
|
1593
1593
|
}));
|
|
1594
1594
|
this.logger.debug(`Created IAM instance profile: ${instanceProfileName}`);
|
|
1595
|
-
|
|
1596
|
-
|
|
1597
|
-
|
|
1598
|
-
|
|
1599
|
-
|
|
1600
|
-
|
|
1595
|
+
const attachedRoles = [];
|
|
1596
|
+
try {
|
|
1597
|
+
if (roles && Array.isArray(roles)) for (const roleName of roles) {
|
|
1598
|
+
await this.iamClient.send(new AddRoleToInstanceProfileCommand({
|
|
1599
|
+
InstanceProfileName: instanceProfileName,
|
|
1600
|
+
RoleName: roleName
|
|
1601
|
+
}));
|
|
1602
|
+
attachedRoles.push(roleName);
|
|
1603
|
+
this.logger.debug(`Added role ${roleName} to instance profile ${instanceProfileName}`);
|
|
1604
|
+
}
|
|
1605
|
+
} catch (innerError) {
|
|
1606
|
+
try {
|
|
1607
|
+
for (const roleName of attachedRoles) try {
|
|
1608
|
+
await this.iamClient.send(new RemoveRoleFromInstanceProfileCommand({
|
|
1609
|
+
InstanceProfileName: instanceProfileName,
|
|
1610
|
+
RoleName: roleName
|
|
1611
|
+
}));
|
|
1612
|
+
} catch (err) {
|
|
1613
|
+
if (!(err instanceof NoSuchEntityException)) throw err;
|
|
1614
|
+
}
|
|
1615
|
+
await this.iamClient.send(new DeleteInstanceProfileCommand({ InstanceProfileName: instanceProfileName }));
|
|
1616
|
+
this.logger.debug(`Cleaned up partially-created IAM instance profile ${logicalId} (${instanceProfileName}) after wiring failure`);
|
|
1617
|
+
} catch (cleanupError) {
|
|
1618
|
+
this.logger.warn(`Failed to clean up partially-created IAM instance profile ${logicalId} (${instanceProfileName}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: remove every role (aws iam remove-role-from-instance-profile --instance-profile-name ${instanceProfileName} --role-name <name>) then aws iam delete-instance-profile --instance-profile-name ${instanceProfileName}`);
|
|
1619
|
+
}
|
|
1620
|
+
throw innerError;
|
|
1601
1621
|
}
|
|
1602
1622
|
this.logger.debug(`Successfully created IAM instance profile ${logicalId}: ${instanceProfileName}`);
|
|
1603
1623
|
return {
|
|
@@ -1825,48 +1845,71 @@ var IAMUserGroupProvider = class {
|
|
|
1825
1845
|
const tags = properties["Tags"];
|
|
1826
1846
|
if (tags && Array.isArray(tags)) createParams.Tags = tags;
|
|
1827
1847
|
const response = await this.iamClient.send(new CreateUserCommand(createParams));
|
|
1828
|
-
|
|
1829
|
-
|
|
1830
|
-
|
|
1831
|
-
|
|
1832
|
-
|
|
1833
|
-
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
1847
|
-
|
|
1848
|
-
|
|
1849
|
-
|
|
1850
|
-
|
|
1851
|
-
|
|
1852
|
-
|
|
1853
|
-
|
|
1854
|
-
|
|
1855
|
-
|
|
1856
|
-
|
|
1857
|
-
|
|
1858
|
-
|
|
1859
|
-
|
|
1860
|
-
|
|
1861
|
-
|
|
1862
|
-
|
|
1863
|
-
|
|
1864
|
-
|
|
1865
|
-
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
|
|
1869
|
-
|
|
1848
|
+
try {
|
|
1849
|
+
const permissionsBoundary = properties["PermissionsBoundary"];
|
|
1850
|
+
if (permissionsBoundary) {
|
|
1851
|
+
await this.iamClient.send(new PutUserPermissionsBoundaryCommand({
|
|
1852
|
+
UserName: userName,
|
|
1853
|
+
PermissionsBoundary: permissionsBoundary
|
|
1854
|
+
}));
|
|
1855
|
+
this.logger.debug(`Set permissions boundary on user ${userName}`);
|
|
1856
|
+
}
|
|
1857
|
+
const loginProfile = properties["LoginProfile"];
|
|
1858
|
+
if (loginProfile) {
|
|
1859
|
+
await this.iamClient.send(new CreateLoginProfileCommand({
|
|
1860
|
+
UserName: userName,
|
|
1861
|
+
Password: loginProfile.Password,
|
|
1862
|
+
PasswordResetRequired: loginProfile.PasswordResetRequired ?? false
|
|
1863
|
+
}));
|
|
1864
|
+
this.logger.debug(`Created login profile for user ${userName}`);
|
|
1865
|
+
}
|
|
1866
|
+
const managedPolicyArns = properties["ManagedPolicyArns"];
|
|
1867
|
+
if (managedPolicyArns && Array.isArray(managedPolicyArns)) for (const policyArn of managedPolicyArns) {
|
|
1868
|
+
await this.iamClient.send(new AttachUserPolicyCommand({
|
|
1869
|
+
UserName: userName,
|
|
1870
|
+
PolicyArn: policyArn
|
|
1871
|
+
}));
|
|
1872
|
+
this.logger.debug(`Attached managed policy ${policyArn} to user ${userName}`);
|
|
1873
|
+
}
|
|
1874
|
+
const userGroups = properties["Groups"];
|
|
1875
|
+
if (userGroups && Array.isArray(userGroups)) for (const groupName of userGroups) {
|
|
1876
|
+
await this.iamClient.send(new AddUserToGroupCommand({
|
|
1877
|
+
UserName: userName,
|
|
1878
|
+
GroupName: groupName
|
|
1879
|
+
}));
|
|
1880
|
+
this.logger.debug(`Added user ${userName} to group ${groupName}`);
|
|
1881
|
+
}
|
|
1882
|
+
const policies = properties["Policies"];
|
|
1883
|
+
if (policies && Array.isArray(policies)) for (const policy of policies) {
|
|
1884
|
+
const policyDoc = typeof policy.PolicyDocument === "string" ? policy.PolicyDocument : JSON.stringify(policy.PolicyDocument);
|
|
1885
|
+
await this.iamClient.send(new PutUserPolicyCommand({
|
|
1886
|
+
UserName: userName,
|
|
1887
|
+
PolicyName: policy.PolicyName,
|
|
1888
|
+
PolicyDocument: policyDoc
|
|
1889
|
+
}));
|
|
1890
|
+
this.logger.debug(`Added inline policy ${policy.PolicyName} to user ${userName}`);
|
|
1891
|
+
}
|
|
1892
|
+
} catch (innerError) {
|
|
1893
|
+
try {
|
|
1894
|
+
await this.removeUserFromAllGroups(userName);
|
|
1895
|
+
await this.detachAllUserPolicies(userName);
|
|
1896
|
+
await this.deleteAllUserInlinePolicies(userName);
|
|
1897
|
+
try {
|
|
1898
|
+
await this.iamClient.send(new DeleteLoginProfileCommand({ UserName: userName }));
|
|
1899
|
+
} catch (err) {
|
|
1900
|
+
if (!(err instanceof NoSuchEntityException)) throw err;
|
|
1901
|
+
}
|
|
1902
|
+
try {
|
|
1903
|
+
await this.iamClient.send(new DeleteUserPermissionsBoundaryCommand({ UserName: userName }));
|
|
1904
|
+
} catch (err) {
|
|
1905
|
+
if (!(err instanceof NoSuchEntityException)) throw err;
|
|
1906
|
+
}
|
|
1907
|
+
await this.iamClient.send(new DeleteUserCommand({ UserName: userName }));
|
|
1908
|
+
this.logger.debug(`Cleaned up partially-created IAM user ${logicalId} (${userName}) after wiring failure`);
|
|
1909
|
+
} catch (cleanupError) {
|
|
1910
|
+
this.logger.warn(`Failed to clean up partially-created IAM user ${logicalId} (${userName}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: remove from groups, detach managed policies, delete inline policies, delete login profile (aws iam delete-login-profile --user-name ${userName}), remove permissions boundary (aws iam delete-user-permissions-boundary --user-name ${userName}), then aws iam delete-user --user-name ${userName}`);
|
|
1911
|
+
}
|
|
1912
|
+
throw innerError;
|
|
1870
1913
|
}
|
|
1871
1914
|
this.logger.debug(`Successfully created IAM user ${logicalId}: ${userName}`);
|
|
1872
1915
|
return {
|
|
@@ -2135,23 +2178,35 @@ var IAMUserGroupProvider = class {
|
|
|
2135
2178
|
const createParams = { GroupName: groupName };
|
|
2136
2179
|
if (properties["Path"]) createParams.Path = properties["Path"];
|
|
2137
2180
|
const response = await this.iamClient.send(new CreateGroupCommand(createParams));
|
|
2138
|
-
|
|
2139
|
-
|
|
2140
|
-
|
|
2141
|
-
|
|
2142
|
-
|
|
2143
|
-
|
|
2144
|
-
|
|
2145
|
-
|
|
2146
|
-
|
|
2147
|
-
|
|
2148
|
-
|
|
2149
|
-
|
|
2150
|
-
|
|
2151
|
-
|
|
2152
|
-
|
|
2153
|
-
|
|
2154
|
-
|
|
2181
|
+
try {
|
|
2182
|
+
const managedPolicyArns = properties["ManagedPolicyArns"];
|
|
2183
|
+
if (managedPolicyArns && Array.isArray(managedPolicyArns)) for (const policyArn of managedPolicyArns) {
|
|
2184
|
+
await this.iamClient.send(new AttachGroupPolicyCommand({
|
|
2185
|
+
GroupName: groupName,
|
|
2186
|
+
PolicyArn: policyArn
|
|
2187
|
+
}));
|
|
2188
|
+
this.logger.debug(`Attached managed policy ${policyArn} to group ${groupName}`);
|
|
2189
|
+
}
|
|
2190
|
+
const policies = properties["Policies"];
|
|
2191
|
+
if (policies && Array.isArray(policies)) for (const policy of policies) {
|
|
2192
|
+
const policyDoc = typeof policy.PolicyDocument === "string" ? policy.PolicyDocument : JSON.stringify(policy.PolicyDocument);
|
|
2193
|
+
await this.iamClient.send(new PutGroupPolicyCommand({
|
|
2194
|
+
GroupName: groupName,
|
|
2195
|
+
PolicyName: policy.PolicyName,
|
|
2196
|
+
PolicyDocument: policyDoc
|
|
2197
|
+
}));
|
|
2198
|
+
this.logger.debug(`Added inline policy ${policy.PolicyName} to group ${groupName}`);
|
|
2199
|
+
}
|
|
2200
|
+
} catch (innerError) {
|
|
2201
|
+
try {
|
|
2202
|
+
await this.detachAllGroupPolicies(groupName);
|
|
2203
|
+
await this.deleteAllGroupInlinePolicies(groupName);
|
|
2204
|
+
await this.iamClient.send(new DeleteGroupCommand({ GroupName: groupName }));
|
|
2205
|
+
this.logger.debug(`Cleaned up partially-created IAM group ${logicalId} (${groupName}) after wiring failure`);
|
|
2206
|
+
} catch (cleanupError) {
|
|
2207
|
+
this.logger.warn(`Failed to clean up partially-created IAM group ${logicalId} (${groupName}): ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}. Manual deletion may be required before the next deploy: detach managed policies + delete inline policies, then aws iam delete-group --group-name ${groupName}`);
|
|
2208
|
+
}
|
|
2209
|
+
throw innerError;
|
|
2155
2210
|
}
|
|
2156
2211
|
this.logger.debug(`Successfully created IAM group ${logicalId}: ${groupName}`);
|
|
2157
2212
|
return {
|
|
@@ -42770,7 +42825,7 @@ function reorderArgs(argv) {
|
|
|
42770
42825
|
*/
|
|
42771
42826
|
async function main() {
|
|
42772
42827
|
const program = new Command();
|
|
42773
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.102.
|
|
42828
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.102.4");
|
|
42774
42829
|
program.addCommand(createBootstrapCommand());
|
|
42775
42830
|
program.addCommand(createSynthCommand());
|
|
42776
42831
|
program.addCommand(createListCommand());
|