@go-to-k/cdkd 0.159.0 → 0.159.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +21 -3
- package/dist/cli.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -41666,7 +41666,10 @@ var CfnLocalStateProvider = class {
|
|
|
41666
41666
|
}
|
|
41667
41667
|
getClient() {
|
|
41668
41668
|
if (this.disposed) throw new Error("CfnLocalStateProvider used after dispose()");
|
|
41669
|
-
if (!this.client) this.client = new CloudFormationClient({
|
|
41669
|
+
if (!this.client) this.client = new CloudFormationClient({
|
|
41670
|
+
region: this.region,
|
|
41671
|
+
...this.clientOptions.profile !== void 0 && { profile: this.clientOptions.profile }
|
|
41672
|
+
});
|
|
41670
41673
|
return this.client;
|
|
41671
41674
|
}
|
|
41672
41675
|
/**
|
|
@@ -53022,6 +53025,11 @@ function buildOverlay(authorizer, result, routeApiVersion) {
|
|
|
53022
53025
|
}
|
|
53023
53026
|
/**
|
|
53024
53027
|
* Map the authorizer rejection to an HTTP status code and body.
|
|
53028
|
+
* - REST v1 with AWS_IAM (issue #625) → 403 for both deny kinds (the
|
|
53029
|
+
* deployed REST v1 SigV4 layer rejects unsigned requests with 403
|
|
53030
|
+
* `{"message":"Missing Authentication Token"}` and signature/policy
|
|
53031
|
+
* failures with 403 `{"message":"Forbidden"}` — lowercase `message`
|
|
53032
|
+
* distinguishes the REST v1 shape from the Function URL shape below).
|
|
53025
53033
|
* - REST v1, missing identity → 401 `{"message":"Unauthorized"}`
|
|
53026
53034
|
* (matches deployed behavior; the route reaches the Method but no
|
|
53027
53035
|
* identity source is present so the authorizer never runs).
|
|
@@ -53031,9 +53039,19 @@ function buildOverlay(authorizer, result, routeApiVersion) {
|
|
|
53031
53039
|
* collapses both into the same response).
|
|
53032
53040
|
* - Function URL with AWS_IAM (issue #621) → 403 `{"Message":"Forbidden"}`
|
|
53033
53041
|
* for both deny kinds (matches Lambda's deployed Function URL IAM
|
|
53034
|
-
* behavior — the AWS SigV4 layer rejects with 403, not 401).
|
|
53042
|
+
* behavior — the AWS SigV4 layer rejects with 403, not 401). Note the
|
|
53043
|
+
* capital `Message` — distinct from REST v1 AWS_IAM's lowercase
|
|
53044
|
+
* `message`.
|
|
53035
53045
|
*/
|
|
53036
53046
|
function writeAuthRejection(res, apiVersion, denyKind, authorizerKind) {
|
|
53047
|
+
if (apiVersion === "v1" && authorizerKind === "iam") {
|
|
53048
|
+
if (denyKind === "missing-identity") {
|
|
53049
|
+
writeError(res, 403, "{\"message\":\"Missing Authentication Token\"}");
|
|
53050
|
+
return;
|
|
53051
|
+
}
|
|
53052
|
+
writeError(res, 403, "{\"message\":\"Forbidden\"}");
|
|
53053
|
+
return;
|
|
53054
|
+
}
|
|
53037
53055
|
if (apiVersion === "v2" && authorizerKind === "iam") {
|
|
53038
53056
|
writeError(res, 403, "{\"Message\":\"Forbidden\"}");
|
|
53039
53057
|
return;
|
|
@@ -59473,7 +59491,7 @@ function reorderArgs(argv) {
|
|
|
59473
59491
|
*/
|
|
59474
59492
|
async function main() {
|
|
59475
59493
|
const program = new Command();
|
|
59476
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.159.
|
|
59494
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.159.2");
|
|
59477
59495
|
program.addCommand(createBootstrapCommand());
|
|
59478
59496
|
program.addCommand(createSynthCommand());
|
|
59479
59497
|
program.addCommand(createListCommand());
|