@go-to-k/cdkd 0.159.0 → 0.159.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +17 -2
- package/dist/cli.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -53022,6 +53022,11 @@ function buildOverlay(authorizer, result, routeApiVersion) {
|
|
|
53022
53022
|
}
|
|
53023
53023
|
/**
|
|
53024
53024
|
* Map the authorizer rejection to an HTTP status code and body.
|
|
53025
|
+
* - REST v1 with AWS_IAM (issue #625) → 403 for both deny kinds (the
|
|
53026
|
+
* deployed REST v1 SigV4 layer rejects unsigned requests with 403
|
|
53027
|
+
* `{"message":"Missing Authentication Token"}` and signature/policy
|
|
53028
|
+
* failures with 403 `{"message":"Forbidden"}` — lowercase `message`
|
|
53029
|
+
* distinguishes the REST v1 shape from the Function URL shape below).
|
|
53025
53030
|
* - REST v1, missing identity → 401 `{"message":"Unauthorized"}`
|
|
53026
53031
|
* (matches deployed behavior; the route reaches the Method but no
|
|
53027
53032
|
* identity source is present so the authorizer never runs).
|
|
@@ -53031,9 +53036,19 @@ function buildOverlay(authorizer, result, routeApiVersion) {
|
|
|
53031
53036
|
* collapses both into the same response).
|
|
53032
53037
|
* - Function URL with AWS_IAM (issue #621) → 403 `{"Message":"Forbidden"}`
|
|
53033
53038
|
* for both deny kinds (matches Lambda's deployed Function URL IAM
|
|
53034
|
-
* behavior — the AWS SigV4 layer rejects with 403, not 401).
|
|
53039
|
+
* behavior — the AWS SigV4 layer rejects with 403, not 401). Note the
|
|
53040
|
+
* capital `Message` — distinct from REST v1 AWS_IAM's lowercase
|
|
53041
|
+
* `message`.
|
|
53035
53042
|
*/
|
|
53036
53043
|
function writeAuthRejection(res, apiVersion, denyKind, authorizerKind) {
|
|
53044
|
+
if (apiVersion === "v1" && authorizerKind === "iam") {
|
|
53045
|
+
if (denyKind === "missing-identity") {
|
|
53046
|
+
writeError(res, 403, "{\"message\":\"Missing Authentication Token\"}");
|
|
53047
|
+
return;
|
|
53048
|
+
}
|
|
53049
|
+
writeError(res, 403, "{\"message\":\"Forbidden\"}");
|
|
53050
|
+
return;
|
|
53051
|
+
}
|
|
53037
53052
|
if (apiVersion === "v2" && authorizerKind === "iam") {
|
|
53038
53053
|
writeError(res, 403, "{\"Message\":\"Forbidden\"}");
|
|
53039
53054
|
return;
|
|
@@ -59473,7 +59488,7 @@ function reorderArgs(argv) {
|
|
|
59473
59488
|
*/
|
|
59474
59489
|
async function main() {
|
|
59475
59490
|
const program = new Command();
|
|
59476
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.159.
|
|
59491
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.159.1");
|
|
59477
59492
|
program.addCommand(createBootstrapCommand());
|
|
59478
59493
|
program.addCommand(createSynthCommand());
|
|
59479
59494
|
program.addCommand(createListCommand());
|