@go-to-k/cdkd 0.115.0 → 0.115.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +44 -4
- package/dist/cli.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -39987,19 +39987,52 @@ function resolveHttpApiAuthorizer(authorizerLogicalId, routeAuthorizationScopes,
|
|
|
39987
39987
|
throw new RouteDiscoveryError(`${stackName}/${authorizerLogicalId}: AWS::ApiGatewayV2::Authorizer.AuthorizerType '${String(authType)}' is not supported by cdkd local start-api (only REQUEST / JWT).`);
|
|
39988
39988
|
}
|
|
39989
39989
|
/**
|
|
39990
|
+
* Thrown by {@link resolveLambdaArn} when the authorizer's
|
|
39991
|
+
* `AuthorizerUri` intrinsic does not resolve to a same-template Lambda
|
|
39992
|
+
* (cross-stack reference, imported Lambda, hand-rolled `Fn::Sub` outside
|
|
39993
|
+
* the invoke-ARN wrapper).
|
|
39994
|
+
*
|
|
39995
|
+
* Caught by {@link attachAuthorizers} and converted into a per-route
|
|
39996
|
+
* `unsupported` flag — symmetric with how `route-discovery.ts` handles
|
|
39997
|
+
* an unresolvable `IntegrationUri`. The route appears in the route
|
|
39998
|
+
* table as `[501 Not Implemented]` and returns HTTP 501 + the
|
|
39999
|
+
* `reason` at request time. The alternative ("attach no authorizer,
|
|
40000
|
+
* leave route normal") would be **unsafe** — it would let a request
|
|
40001
|
+
* hit a user-protected route without any auth check just because the
|
|
40002
|
+
* authorizer Lambda lives in another stack.
|
|
40003
|
+
*
|
|
40004
|
+
* Private to this module: `attachAuthorizers` is the only legitimate
|
|
40005
|
+
* consumer.
|
|
40006
|
+
*/
|
|
40007
|
+
var AuthorizerLambdaUnresolvableError = class AuthorizerLambdaUnresolvableError extends RouteDiscoveryError {
|
|
40008
|
+
reason;
|
|
40009
|
+
constructor(reason) {
|
|
40010
|
+
super(reason);
|
|
40011
|
+
this.reason = reason;
|
|
40012
|
+
this.name = "AuthorizerLambdaUnresolvableError";
|
|
40013
|
+
Object.setPrototypeOf(this, AuthorizerLambdaUnresolvableError.prototype);
|
|
40014
|
+
}
|
|
40015
|
+
};
|
|
40016
|
+
/**
|
|
39990
40017
|
* Resolve a Lambda ARN intrinsic to its logical ID. Delegates to the
|
|
39991
40018
|
* shared `resolveLambdaArnIntrinsic` in `intrinsic-lambda-arn.ts`
|
|
39992
40019
|
* (extracted in issue #286 Gaps 3 / 4); accepts `Ref` /
|
|
39993
40020
|
* `Fn::GetAtt: [..., 'Arn']` / the REST v1 invoke-ARN `Fn::Join` wrapper
|
|
39994
40021
|
* (now also used by CDK 2.x's `HttpLambdaAuthorizer` for HTTP API v2 —
|
|
39995
40022
|
* verified via real `cdk synth` 2026-05-12) / the `Fn::Sub` invoke-ARN
|
|
39996
|
-
* wrapper (both 1-arg and 2-arg forms).
|
|
39997
|
-
*
|
|
40023
|
+
* wrapper (both 1-arg and 2-arg forms).
|
|
40024
|
+
*
|
|
40025
|
+
* On an unresolvable intrinsic throws {@link AuthorizerLambdaUnresolvableError}
|
|
40026
|
+
* (caught by `attachAuthorizers` and converted into a per-route
|
|
40027
|
+
* deferred-501) instead of the generic `RouteDiscoveryError`, so
|
|
40028
|
+
* `cdkd local start-api` can boot against an app with a cross-stack
|
|
40029
|
+
* authorizer Lambda — symmetric with the route-level `IntegrationUri`
|
|
40030
|
+
* unresolvable case (issue #431).
|
|
39998
40031
|
*/
|
|
39999
40032
|
function resolveLambdaArn(value, location) {
|
|
40000
40033
|
const outcome = resolveLambdaArnIntrinsic(value);
|
|
40001
40034
|
if (outcome.kind === "resolved") return outcome.logicalId;
|
|
40002
|
-
throw new
|
|
40035
|
+
throw new AuthorizerLambdaUnresolvableError(`${location}: ${outcome.detail} (got ${shortJson(value)}). Only { Ref }, { Fn::GetAtt: [..., 'Arn'] }, the REST v1 invoke-ARN Fn::Join wrapper, and the Fn::Sub invoke-ARN wrapper are supported.`);
|
|
40003
40036
|
}
|
|
40004
40037
|
/**
|
|
40005
40038
|
* REST v1 IdentitySource for TOKEN authorizers must be exactly one
|
|
@@ -40187,6 +40220,13 @@ function attachAuthorizers(stacks, routes) {
|
|
|
40187
40220
|
...authorizer && { authorizer }
|
|
40188
40221
|
});
|
|
40189
40222
|
} catch (err) {
|
|
40223
|
+
if (err instanceof AuthorizerLambdaUnresolvableError) {
|
|
40224
|
+
out.push({ route: {
|
|
40225
|
+
...route,
|
|
40226
|
+
unsupported: { reason: `${route.declaredAt}: authorizer Lambda Arn unresolvable — ${err.reason}` }
|
|
40227
|
+
} });
|
|
40228
|
+
continue;
|
|
40229
|
+
}
|
|
40190
40230
|
errors.push(err instanceof Error ? err.message : String(err));
|
|
40191
40231
|
}
|
|
40192
40232
|
}
|
|
@@ -45520,7 +45560,7 @@ function reorderArgs(argv) {
|
|
|
45520
45560
|
*/
|
|
45521
45561
|
async function main() {
|
|
45522
45562
|
const program = new Command();
|
|
45523
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.115.
|
|
45563
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.115.1");
|
|
45524
45564
|
program.addCommand(createBootstrapCommand());
|
|
45525
45565
|
program.addCommand(createSynthCommand());
|
|
45526
45566
|
program.addCommand(createListCommand());
|