@go-to-k/cdkd 0.155.0 → 0.156.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +31 -2
- package/dist/cli.js.map +1 -1
- package/dist/{deploy-engine-DWLTHfXj.js → deploy-engine-YQwoPaCE.js} +2045 -1
- package/dist/deploy-engine-YQwoPaCE.js.map +1 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/dist/deploy-engine-DWLTHfXj.js.map +0 -1
package/dist/cli.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import { _ as withSkipPrefix, a as runDockerStreaming, c as getLogger, d as getLiveRenderer, f as PATTERN_B_NAME_PROPERTIES, g as generateResourceNameWithFallback, h as generateResourceName, i as runDockerForeground, n as formatDockerLoginError, p as PATTERN_B_RESOURCE_TYPES, r as getDockerCmd, u as runStackBuffered, v as withStackName } from "./docker-cmd-iDMcWcre.js";
|
|
3
|
-
import { $ as CdkdError, A as shouldRetainResource, B as resolveSkipPrefix, C as IntrinsicFunctionResolver, D as TemplateParser, E as DagBuilder, F as Synthesizer, G as CFN_TEMPLATE_URL_LIMIT, H as resolveStateBucketWithDefaultAndSource, I as getDefaultStateBucketName, J as uploadCfnTemplate, K as MIGRATE_TMP_PREFIX, L as getLegacyStateBucketName, M as stringifyValue, N as WorkGraph, O as LockManager, P as buildDockerImage, R as resolveApp, S as assertRegionMatch, T as DiffCalculator, U as warnDeprecatedNoPrefixCliFlag, V as resolveStateBucketWithDefault, W as CFN_TEMPLATE_BODY_LIMIT, Y as AssemblyReader, Z as resolveBucketRegion, _ as matchesCdkPath, a as withRetry, b as ProviderRegistry, bt as withErrorHandling, c as bold, ct as PartialFailureError, d as green, dt as ResourceUpdateNotSupportedError, f as red, ft as RouteDiscoveryError, g as CDK_PATH_TAG, h as collectInlinePolicyNamesManagedBySiblings, i as withResourceDeadline, it as LocalStartServiceError, j as AssetPublisher, k as S3StateBackend, l as cyan, lt as ProvisioningError, m as IAMRoleProvider, mt as StackTerminationProtectionError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as LocalInvokeBuildError, o as IMPLICIT_DELETE_DEPENDENCIES, ot as MissingCdkCliError, p as yellow, pt as StackHasActiveImportsError, q as findLargeInlineResources, r as DeployEngine, rt as LocalMigrateError, s as formatResourceLine, st as NestedStackChildDirectDestroyError, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, ut as ResourceTimeoutError, v as normalizeAwsTagsToCfn, w as applyRoleArnIfSet, x as CloudControlProvider, y as resolveExplicitPhysicalId, yt as normalizeAwsError, z as resolveCaptureObservedState } from "./deploy-engine-
|
|
3
|
+
import { $ as CdkdError, A as shouldRetainResource, B as resolveSkipPrefix, C as IntrinsicFunctionResolver, D as TemplateParser, E as DagBuilder, F as Synthesizer, G as CFN_TEMPLATE_URL_LIMIT, H as resolveStateBucketWithDefaultAndSource, I as getDefaultStateBucketName, J as uploadCfnTemplate, K as MIGRATE_TMP_PREFIX, L as getLegacyStateBucketName, M as stringifyValue, N as WorkGraph, O as LockManager, P as buildDockerImage, R as resolveApp, S as assertRegionMatch, T as DiffCalculator, U as warnDeprecatedNoPrefixCliFlag, V as resolveStateBucketWithDefault, W as CFN_TEMPLATE_BODY_LIMIT, Y as AssemblyReader, Z as resolveBucketRegion, _ as matchesCdkPath, a as withRetry, b as ProviderRegistry, bt as withErrorHandling, c as bold, ct as PartialFailureError, d as green, dt as ResourceUpdateNotSupportedError, f as red, ft as RouteDiscoveryError, g as CDK_PATH_TAG, h as collectInlinePolicyNamesManagedBySiblings, i as withResourceDeadline, it as LocalStartServiceError, j as AssetPublisher, k as S3StateBackend, l as cyan, lt as ProvisioningError, m as IAMRoleProvider, mt as StackTerminationProtectionError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as LocalInvokeBuildError, o as IMPLICIT_DELETE_DEPENDENCIES, ot as MissingCdkCliError, p as yellow, pt as StackHasActiveImportsError, q as findLargeInlineResources, r as DeployEngine, rt as LocalMigrateError, s as formatResourceLine, st as NestedStackChildDirectDestroyError, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, ut as ResourceTimeoutError, v as normalizeAwsTagsToCfn, w as applyRoleArnIfSet, x as CloudControlProvider, y as resolveExplicitPhysicalId, yt as normalizeAwsError, z as resolveCaptureObservedState } from "./deploy-engine-YQwoPaCE.js";
|
|
4
4
|
import { a as setAwsClients, i as resetAwsClients, r as getAwsClients, t as AwsClients } from "./aws-clients-BF03Alpe.js";
|
|
5
5
|
import { AsyncLocalStorage } from "node:async_hooks";
|
|
6
6
|
import { createHash, createHmac, createPublicKey, createVerify, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
|
|
@@ -395,6 +395,33 @@ function parseAllowUnsupportedTypesToken(value, previous) {
|
|
|
395
395
|
return [...previous ?? [], ...parsed];
|
|
396
396
|
}
|
|
397
397
|
const allowUnsupportedTypesOption = new Option("--allow-unsupported-types <types>", "Comma-separated resource types to attempt via Cloud Control even though cdkd reports them unsupported (AWS NON_PROVISIONABLE). Escape hatch — Cloud Control will likely still fail. Example: --allow-unsupported-types AWS::Foo::Bar,AWS::Baz::Qux").argParser(parseAllowUnsupportedTypesToken);
|
|
398
|
+
/**
|
|
399
|
+
* Escape hatch for the property-level silent-drop pre-flight reject.
|
|
400
|
+
* Comma-separated (and repeatable) `<ResourceType>:<PropertyName>` tokens
|
|
401
|
+
* the user explicitly accepts as silently dropped at deploy time. Per
|
|
402
|
+
* type+property pair (not blanket) so each silent drop is acknowledged
|
|
403
|
+
* by name.
|
|
404
|
+
*
|
|
405
|
+
* Format-checks each token against `<Namespace>::<Service>::<Type>:<Prop>`
|
|
406
|
+
* with both halves PascalCase, so a typo aborts at parse time instead of
|
|
407
|
+
* being silently added to the allowlist with no effect.
|
|
408
|
+
*
|
|
409
|
+
* The check is Tier-1-only by design (Cloud Control forwards every property
|
|
410
|
+
* to AWS, so there is no write-side silent drop for Tier 2 / Custom). A
|
|
411
|
+
* `Custom::Foo:Bar` token is therefore always a user mistake — it would be
|
|
412
|
+
* added to the allowlist but never consulted at runtime. Reject it at parse
|
|
413
|
+
* time so the user sees the error immediately.
|
|
414
|
+
*/
|
|
415
|
+
const RESOURCE_PROPERTY_FORMAT = /^[A-Z][A-Za-z0-9]+(::[A-Z][A-Za-z0-9]+)+:[A-Z][A-Za-z0-9]*$/;
|
|
416
|
+
function parseAllowUnsupportedPropertiesToken(value, previous) {
|
|
417
|
+
const parsed = value.split(",").map((s) => s.trim()).filter(Boolean);
|
|
418
|
+
for (const token of parsed) {
|
|
419
|
+
if (!RESOURCE_PROPERTY_FORMAT.test(token)) throw new Error(`Invalid --allow-unsupported-properties value "${token}": expected <ResourceType>:<PropertyName> with PascalCase on both halves (e.g. AWS::Lambda::Function:LoggingConfig).`);
|
|
420
|
+
if (token.startsWith("Custom::")) throw new Error(`Invalid --allow-unsupported-properties value "${token}": Custom:: resources are routed through cfn-response and have no write-side silent drop at cdkd, so the flag would have no effect. Use --allow-unsupported-types for type-level escape hatches instead.`);
|
|
421
|
+
}
|
|
422
|
+
return [...previous ?? [], ...parsed];
|
|
423
|
+
}
|
|
424
|
+
const allowUnsupportedPropertiesOption = new Option("--allow-unsupported-properties <entries>", "Comma-separated <ResourceType>:<PropertyName> tokens to accept as silently dropped at deploy time. Escape hatch — the property will NOT be written to AWS, the deployed resource will be missing the field. Example: --allow-unsupported-properties AWS::Lambda::Function:LoggingConfig,AWS::RDS::DBInstance:CACertificateIdentifier").argParser(parseAllowUnsupportedPropertiesToken);
|
|
398
425
|
const deployOptions = [
|
|
399
426
|
new Option("--concurrency <number>", "Maximum concurrent resource operations").default(10).argParser((value) => parseInt(value, 10)),
|
|
400
427
|
new Option("--stack-concurrency <number>", "Maximum concurrent stack deployments").default(4).argParser((value) => parseInt(value, 10)),
|
|
@@ -409,6 +436,7 @@ const deployOptions = [
|
|
|
409
436
|
aggressiveVpcParallelOption,
|
|
410
437
|
new Option("-e, --exclusively", "Only deploy requested stacks, do not include dependencies").default(false),
|
|
411
438
|
allowUnsupportedTypesOption,
|
|
439
|
+
allowUnsupportedPropertiesOption,
|
|
412
440
|
...resourceTimeoutOptions
|
|
413
441
|
];
|
|
414
442
|
/**
|
|
@@ -32904,6 +32932,7 @@ async function deployCommand(stacks, options) {
|
|
|
32904
32932
|
registerAllProviders(stackProviderRegistry);
|
|
32905
32933
|
stackProviderRegistry.setCustomResourceResponseBucket(stateBucket, baseRegion);
|
|
32906
32934
|
if (options.allowUnsupportedTypes?.length) stackProviderRegistry.allowUnsupportedTypes(options.allowUnsupportedTypes);
|
|
32935
|
+
if (options.allowUnsupportedProperties?.length) stackProviderRegistry.allowUnsupportedProperties(options.allowUnsupportedProperties);
|
|
32907
32936
|
try {
|
|
32908
32937
|
if (skipPrefix) {
|
|
32909
32938
|
const existing = await stackStateBackend.getState(stackInfo.stackName, stackRegion);
|
|
@@ -58580,7 +58609,7 @@ function reorderArgs(argv) {
|
|
|
58580
58609
|
*/
|
|
58581
58610
|
async function main() {
|
|
58582
58611
|
const program = new Command();
|
|
58583
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.
|
|
58612
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.156.0");
|
|
58584
58613
|
program.addCommand(createBootstrapCommand());
|
|
58585
58614
|
program.addCommand(createSynthCommand());
|
|
58586
58615
|
program.addCommand(createListCommand());
|