npm - @go-to-k/cdkd - Versions diffs - 0.13.0 → 0.15.0 - Mend

@go-to-k/cdkd 0.13.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +10 -1
package/dist/cli.js +1339 -32
package/dist/cli.js.map +4 -4
package/dist/go-to-k-cdkd-0.15.0.tgz +0 -0
package/dist/index.js +80 -0
package/dist/index.js.map +3 -3
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.13.0.tgz +0 -0

package/dist/go-to-k-cdkd-0.15.0.tgz ADDED Viewed

Binary file

package/dist/index.js CHANGED Viewed

@@ -7063,6 +7063,8 @@ import {
   UntagRoleCommand,
   PutRolePermissionsBoundaryCommand,
   DeleteRolePermissionsBoundaryCommand,
+  ListRolesCommand,
+  ListRoleTagsCommand,
   NoSuchEntityException
 } from "@aws-sdk/client-iam";
 init_aws_clients();
@@ -7171,6 +7173,32 @@ function applyDefaultNameForFallback(logicalId, resourceType, properties) {
   };
 }
+// src/provisioning/import-helpers.ts
+function readNameProperty(input, propertyName) {
+  const value = input.properties?.[propertyName];
+  return typeof value === "string" && value.length > 0 ? value : void 0;
+}
+function resolveExplicitPhysicalId(input, nameProperty) {
+  if (input.knownPhysicalId)
+    return input.knownPhysicalId;
+  if (nameProperty) {
+    const name = readNameProperty(input, nameProperty);
+    if (name)
+      return name;
+  }
+  return void 0;
+}
+var CDK_PATH_TAG = "aws:cdk:path";
+function matchesCdkPath(tags, cdkPath) {
+  if (!tags || !cdkPath)
+    return false;
+  for (const t of tags) {
+    if (t.Key === CDK_PATH_TAG && t.Value === cdkPath)
+      return true;
+  }
+  return false;
+}
 // src/provisioning/providers/iam-role-provider.ts
 var IAMRoleProvider = class {
   iamClient;
@@ -7677,6 +7705,58 @@ var IAMRoleProvider = class {
       this.logger.debug(`Added/updated ${tagsToAdd.length} tags on role ${roleName}`);
     }
   }
+  /**
+   * Adopt an existing IAM role into cdkd state.
+   *
+   * Lookup order:
+   *  1. `--resource` override or `Properties.RoleName` → use directly,
+   *     verify via `GetRole`.
+   *  2. `ListRoles` + `ListRoleTags`, match `aws:cdk:path` tag.
+   *
+   * `ListRoles` is paginated and IAM is global (no region scoping), so this
+   * walks every role in the account once. Acceptable for the cardinalities
+   * we expect (typically <100 roles per account); larger accounts may want
+   * to provide `--resource` overrides instead.
+   */
+  async import(input) {
+    const explicit = resolveExplicitPhysicalId(input, "RoleName");
+    if (explicit) {
+      try {
+        await this.iamClient.send(new GetRoleCommand({ RoleName: explicit }));
+        return { physicalId: explicit, attributes: {} };
+      } catch (err) {
+        if (err instanceof NoSuchEntityException)
+          return null;
+        throw err;
+      }
+    }
+    if (!input.cdkPath)
+      return null;
+    let marker;
+    do {
+      const list = await this.iamClient.send(
+        new ListRolesCommand({ ...marker && { Marker: marker } })
+      );
+      for (const role of list.Roles ?? []) {
+        if (!role.RoleName)
+          continue;
+        try {
+          const tags = await this.iamClient.send(
+            new ListRoleTagsCommand({ RoleName: role.RoleName })
+          );
+          if (matchesCdkPath(tags.Tags, input.cdkPath)) {
+            return { physicalId: role.RoleName, attributes: {} };
+          }
+        } catch (err) {
+          if (err instanceof NoSuchEntityException)
+            continue;
+          throw err;
+        }
+      }
+      marker = list.IsTruncated ? list.Marker : void 0;
+    } while (marker);
+    return null;
+  }
 };
 // src/deployment/dag-executor.ts