npm - @go-to-k/cdkd - Versions diffs - 0.171.0 → 0.172.0 - Mend

@go-to-k/cdkd 0.171.0 → 0.172.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js +129 -4
package/dist/cli.js.map +1 -1
package/dist/{deploy-engine-BqNTKqFf.js → deploy-engine-ZV67Rszk.js} +4 -4
package/dist/{deploy-engine-BqNTKqFf.js.map → deploy-engine-ZV67Rszk.js.map} +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { _ as withSkipPrefix, a as runDockerStreaming, c as getLogger, d as getLiveRenderer, f as PATTERN_B_NAME_PROPERTIES, g as generateResourceNameWithFallback, h as generateResourceName, i as runDockerForeground, n as formatDockerLoginError, p as PATTERN_B_RESOURCE_TYPES, r as getDockerCmd, u as runStackBuffered, v as withStackName } from "./docker-cmd-iDMcWcre.js";
-import { A as S3StateBackend, B as resolveCaptureObservedState, C as assertRegionMatch, D as DagBuilder, E as DiffCalculator, F as buildDockerImage, G as CFN_TEMPLATE_BODY_LIMIT, H as resolveStateBucketWithDefault, I as Synthesizer, J as findLargeInlineResources, K as CFN_TEMPLATE_URL_LIMIT, L as getDefaultStateBucketName, M as AssetPublisher, N as stringifyValue, O as TemplateParser, P as WorkGraph, Q as resolveBucketRegion, R as getLegacyStateBucketName, S as CloudControlProvider, T as applyRoleArnIfSet, U as resolveStateBucketWithDefaultAndSource, V as resolveSkipPrefix, W as warnDeprecatedNoPrefixCliFlag, X as AssemblyReader, Y as uploadCfnTemplate, _ as matchesCdkPath, a as withRetry, at as LocalStartServiceError, b as ProviderRegistry, bt as withErrorHandling, c as bold, ct as NestedStackChildDirectDestroyError, d as green, dt as ResourceTimeoutError, et as CdkdError, f as red, ft as ResourceUpdateNotSupportedError, g as CDK_PATH_TAG, h as collectInlinePolicyNamesManagedBySiblings, i as withResourceDeadline, it as LocalMigrateError, j as shouldRetainResource, k as LockManager, l as cyan, lt as PartialFailureError, m as IAMRoleProvider, mt as StackTerminationProtectionError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, o as IMPLICIT_DELETE_DEPENDENCIES, p as yellow, pt as StackHasActiveImportsError, q as MIGRATE_TMP_PREFIX, r as DeployEngine, rt as LocalInvokeBuildError$1, s as formatResourceLine, st as MissingCdkCliError, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, ut as ProvisioningError, v as normalizeAwsTagsToCfn, w as IntrinsicFunctionResolver, x as findActionableSilentDrops, y as resolveExplicitPhysicalId, yt as normalizeAwsError, z as resolveApp } from "./deploy-engine-BqNTKqFf.js";
+import { A as S3StateBackend, B as resolveCaptureObservedState, C as assertRegionMatch, D as DagBuilder, E as DiffCalculator, F as buildDockerImage, G as CFN_TEMPLATE_BODY_LIMIT, H as resolveStateBucketWithDefault, I as Synthesizer, J as findLargeInlineResources, K as CFN_TEMPLATE_URL_LIMIT, L as getDefaultStateBucketName, M as AssetPublisher, N as stringifyValue, O as TemplateParser, P as WorkGraph, Q as resolveBucketRegion, R as getLegacyStateBucketName, S as CloudControlProvider, T as applyRoleArnIfSet, U as resolveStateBucketWithDefaultAndSource, V as resolveSkipPrefix, W as warnDeprecatedNoPrefixCliFlag, X as AssemblyReader, Y as uploadCfnTemplate, _ as matchesCdkPath, a as withRetry, at as LocalStartServiceError, b as ProviderRegistry, bt as withErrorHandling, c as bold, ct as NestedStackChildDirectDestroyError, d as green, dt as ResourceTimeoutError, et as CdkdError, f as red, ft as ResourceUpdateNotSupportedError, g as CDK_PATH_TAG, h as collectInlinePolicyNamesManagedBySiblings, i as withResourceDeadline, it as LocalMigrateError, j as shouldRetainResource, k as LockManager, l as cyan, lt as PartialFailureError, m as IAMRoleProvider, mt as StackTerminationProtectionError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, o as IMPLICIT_DELETE_DEPENDENCIES, p as yellow, pt as StackHasActiveImportsError, q as MIGRATE_TMP_PREFIX, r as DeployEngine, rt as LocalInvokeBuildError$1, s as formatResourceLine, st as MissingCdkCliError, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, ut as ProvisioningError, v as normalizeAwsTagsToCfn, w as IntrinsicFunctionResolver, x as findActionableSilentDrops, y as resolveExplicitPhysicalId, yt as normalizeAwsError, z as resolveApp } from "./deploy-engine-ZV67Rszk.js";
 import { a as setAwsClients, i as resetAwsClients, r as getAwsClients, t as AwsClients } from "./aws-clients-B15NAPbL.js";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { randomBytes, randomUUID } from "node:crypto";
@@ -11,7 +11,7 @@ import { CreateTopicCommand, DeleteTopicCommand, GetSubscriptionAttributesComman
 import { AddPermissionCommand, CreateEventSourceMappingCommand, CreateFunctionCommand, CreateFunctionUrlConfigCommand, DeleteEventSourceMappingCommand, DeleteFunctionCommand, DeleteFunctionUrlConfigCommand, DeleteLayerVersionCommand, GetEventSourceMappingCommand, GetFunctionCommand, GetFunctionUrlConfigCommand, GetLayerVersionByArnCommand, GetPolicyCommand as GetPolicyCommand$1, LambdaClient, ListFunctionsCommand, ListLayersCommand, ListTagsCommand, PublishLayerVersionCommand, RemovePermissionCommand, ResourceNotFoundException, TagResourceCommand as TagResourceCommand$1, UntagResourceCommand as UntagResourceCommand$1, UpdateEventSourceMappingCommand, UpdateFunctionCodeCommand, UpdateFunctionConfigurationCommand, UpdateFunctionUrlConfigCommand, waitUntilFunctionUpdatedV2 } from "@aws-sdk/client-lambda";
 import { AssumeRoleCommand, GetCallerIdentityCommand, STSClient } from "@aws-sdk/client-sts";
 import { AssociateRouteTableCommand, AttachInternetGatewayCommand, AuthorizeSecurityGroupEgressCommand, AuthorizeSecurityGroupIngressCommand, CreateInternetGatewayCommand, CreateNatGatewayCommand, CreateNetworkAclCommand, CreateNetworkAclEntryCommand, CreateRouteCommand, CreateRouteTableCommand, CreateSecurityGroupCommand, CreateSubnetCommand, CreateTagsCommand, CreateVpcCommand, DeleteInternetGatewayCommand, DeleteNatGatewayCommand, DeleteNetworkAclCommand, DeleteNetworkAclEntryCommand, DeleteNetworkInterfaceCommand, DeleteRouteCommand, DeleteRouteTableCommand, DeleteSecurityGroupCommand, DeleteSubnetCommand, DeleteTagsCommand, DeleteVpcCommand, DescribeAvailabilityZonesCommand, DescribeInstanceAttributeCommand, DescribeInstancesCommand, DescribeInternetGatewaysCommand, DescribeNatGatewaysCommand, DescribeNetworkAclsCommand, DescribeNetworkInterfacesCommand, DescribeRouteTablesCommand, DescribeSecurityGroupsCommand, DescribeSubnetsCommand, DescribeVolumesCommand, DescribeVpcAttributeCommand, DescribeVpcsCommand, DetachInternetGatewayCommand, DisassociateRouteTableCommand, EC2Client, ModifyInstanceAttributeCommand, ModifySubnetAttributeCommand, ModifyVpcAttributeCommand, ReplaceNetworkAclAssociationCommand, RevokeSecurityGroupEgressCommand, RevokeSecurityGroupIngressCommand, RunInstancesCommand, TerminateInstancesCommand, waitUntilInstanceRunning, waitUntilInstanceTerminated, waitUntilNatGatewayAvailable, waitUntilNatGatewayDeleted } from "@aws-sdk/client-ec2";
-import { CreateTableCommand, DeleteTableCommand, DescribeContinuousBackupsCommand, DescribeContributorInsightsCommand, DescribeKinesisStreamingDestinationCommand, DescribeTableCommand, DescribeTimeToLiveCommand, DynamoDBClient, ListTablesCommand, ListTagsOfResourceCommand, ResourceNotFoundException as ResourceNotFoundException$1, TagResourceCommand as TagResourceCommand$2, UntagResourceCommand as UntagResourceCommand$2, UpdateTableCommand, UpdateTimeToLiveCommand } from "@aws-sdk/client-dynamodb";
+import { CreateTableCommand, DeleteTableCommand, DescribeContinuousBackupsCommand, DescribeContributorInsightsCommand, DescribeKinesisStreamingDestinationCommand, DescribeTableCommand, DescribeTimeToLiveCommand, DynamoDBClient, ListTablesCommand, ListTagsOfResourceCommand, ResourceNotFoundException as ResourceNotFoundException$1, TagResourceCommand as TagResourceCommand$2, UntagResourceCommand as UntagResourceCommand$2, UpdateContinuousBackupsCommand, UpdateTableCommand, UpdateTimeToLiveCommand } from "@aws-sdk/client-dynamodb";
 import { CloudFormationClient, CreateChangeSetCommand, DeleteChangeSetCommand, DeleteStackCommand, DescribeChangeSetCommand, DescribeStackEventsCommand, DescribeStackResourcesCommand, DescribeStacksCommand, DescribeTypeCommand, ExecuteChangeSetCommand, GetTemplateCommand, UpdateStackCommand, waitUntilChangeSetCreateComplete, waitUntilStackDeleteComplete, waitUntilStackImportComplete, waitUntilStackUpdateComplete } from "@aws-sdk/client-cloudformation";
 import { APIGatewayClient, CreateAuthorizerCommand, CreateDeploymentCommand, CreateResourceCommand, CreateStageCommand, DeleteAuthorizerCommand, DeleteDeploymentCommand, DeleteMethodCommand, DeleteResourceCommand, DeleteStageCommand, GetAccountCommand, GetAuthorizerCommand, GetDeploymentCommand, GetMethodCommand, GetResourceCommand, GetStageCommand, NotFoundException as NotFoundException$1, PutIntegrationCommand, PutIntegrationResponseCommand, PutMethodCommand, PutMethodResponseCommand, TagResourceCommand as TagResourceCommand$3, UntagResourceCommand as UntagResourceCommand$3, UpdateAccountCommand, UpdateAuthorizerCommand, UpdateMethodCommand, UpdateStageCommand } from "@aws-sdk/client-api-gateway";
 import { CreateEventBusCommand, DeleteEventBusCommand, DeleteRuleCommand, DescribeEventBusCommand, DescribeRuleCommand, EventBridgeClient, ListEventBusesCommand, ListRulesCommand, ListTagsForResourceCommand as ListTagsForResourceCommand$1, ListTargetsByRuleCommand, PutRuleCommand, PutTargetsCommand, RemoveTargetsCommand, ResourceNotFoundException as ResourceNotFoundException$2, TagResourceCommand as TagResourceCommand$4, UntagResourceCommand as UntagResourceCommand$4, UpdateEventBusCommand } from "@aws-sdk/client-eventbridge";
@@ -8697,7 +8697,9 @@ var DynamoDBTableProvider = class {
 		"SSESpecification",
 		"Tags",
 		"DeletionProtectionEnabled",
-		"TableClass"
+		"TableClass",
+		"PointInTimeRecoverySpecification",
+		"TimeToLiveSpecification"
 	])]]);
 	constructor() {
 		const awsClients = getAwsClients();
@@ -8713,6 +8715,7 @@ var DynamoDBTableProvider = class {
 		const attributeDefinitions = properties["AttributeDefinitions"];
 		if (!keySchema) throw new ProvisioningError(`KeySchema is required for DynamoDB table ${logicalId}`, resourceType, logicalId);
 		if (!attributeDefinitions) throw new ProvisioningError(`AttributeDefinitions is required for DynamoDB table ${logicalId}`, resourceType, logicalId);
+		let tableCreated = false;
 		try {
 			const billingMode = properties["BillingMode"] || "PROVISIONED";
 			const createParams = {
@@ -8739,8 +8742,11 @@ var DynamoDBTableProvider = class {
 			if (properties["DeletionProtectionEnabled"] !== void 0) createParams.DeletionProtectionEnabled = properties["DeletionProtectionEnabled"];
 			if (properties["TableClass"]) createParams.TableClass = properties["TableClass"];
 			await this.dynamoDBClient.send(new CreateTableCommand(createParams));
+			tableCreated = true;
 			this.logger.debug(`CreateTable initiated for ${tableName}, waiting for ACTIVE status`);
 			const tableInfo = await this.waitForTableActive(tableName);
+			await this.applyPointInTimeRecovery(tableName, properties["PointInTimeRecoverySpecification"]);
+			await this.applyTimeToLive(tableName, properties["TimeToLiveSpecification"]);
 			this.logger.debug(`Successfully created DynamoDB table ${logicalId}: ${tableName}`);
 			return {
 				physicalId: tableName,
@@ -8752,6 +8758,12 @@ var DynamoDBTableProvider = class {
 				}
 			};
 		} catch (error) {
+			if (tableCreated) try {
+				await this.dynamoDBClient.send(new DeleteTableCommand({ TableName: tableName }));
+				this.logger.debug(`Rolled back partially-created DynamoDB table ${tableName}`);
+			} catch (cleanupError) {
+				this.logger.warn(`Failed to roll back partially-created DynamoDB table ${tableName}: ${cleanupError instanceof Error ? cleanupError.message : String(cleanupError)}`);
+			}
 			if (error instanceof ProvisioningError) throw error;
 			const cause = error instanceof Error ? error : void 0;
 			throw new ProvisioningError(`Failed to create DynamoDB table ${logicalId}: ${error instanceof Error ? error.message : String(error)}`, resourceType, logicalId, tableName, cause);
@@ -8769,6 +8781,8 @@ var DynamoDBTableProvider = class {
 		try {
 			const table = (await this.dynamoDBClient.send(new DescribeTableCommand({ TableName: physicalId }))).Table;
 			if (table?.TableArn) await this.applyTagDiff(table.TableArn, previousProperties["Tags"], properties["Tags"]);
+			if (JSON.stringify(properties["PointInTimeRecoverySpecification"]) !== JSON.stringify(previousProperties["PointInTimeRecoverySpecification"])) await this.applyPointInTimeRecovery(physicalId, properties["PointInTimeRecoverySpecification"], previousProperties["PointInTimeRecoverySpecification"]);
+			if (JSON.stringify(properties["TimeToLiveSpecification"]) !== JSON.stringify(previousProperties["TimeToLiveSpecification"])) await this.applyTimeToLive(physicalId, properties["TimeToLiveSpecification"], previousProperties["TimeToLiveSpecification"]);
 			return {
 				physicalId,
 				wasReplaced: false,
@@ -8852,6 +8866,97 @@ var DynamoDBTableProvider = class {
 		}
 	}
 	/**
+	* Apply the table's `PointInTimeRecoverySpecification` via the separate
+	* `UpdateContinuousBackups` API (PITR does NOT ride on CreateTable).
+	*
+	* CFn shape is `{ PointInTimeRecoveryEnabled: boolean, RecoveryPeriodInDays?: number }`.
+	* Called from both `create()` (after the table is ACTIVE) and `update()`
+	* (only when the value changed). On `update()`-side removal — when the
+	* template drops the block but it was present before — we explicitly
+	* disable PITR (`UpdateContinuousBackups` treats an absent spec as "no
+	* change", so a dropped block must be turned into an explicit
+	* `PointInTimeRecoveryEnabled: false`).
+	*/
+	async applyPointInTimeRecovery(tableName, spec, previousSpec) {
+		let enabled;
+		let recoveryPeriodInDays;
+		if (spec !== void 0 && spec !== null) {
+			const s = spec;
+			enabled = Boolean(s["PointInTimeRecoveryEnabled"]);
+			if (enabled && s["RecoveryPeriodInDays"] !== void 0) recoveryPeriodInDays = Number(s["RecoveryPeriodInDays"]);
+		} else if (previousSpec !== void 0 && previousSpec !== null) enabled = false;
+		if (enabled === void 0) return;
+		const pitrSpec = { PointInTimeRecoveryEnabled: enabled };
+		if (recoveryPeriodInDays !== void 0) pitrSpec.RecoveryPeriodInDays = recoveryPeriodInDays;
+		await this.retryOnTransientControlPlane(() => this.dynamoDBClient.send(new UpdateContinuousBackupsCommand({
+			TableName: tableName,
+			PointInTimeRecoverySpecification: pitrSpec
+		})), `enable PITR on ${tableName}`);
+		this.logger.debug(`Set PointInTimeRecoveryEnabled=${enabled}${recoveryPeriodInDays !== void 0 ? ` RecoveryPeriodInDays=${recoveryPeriodInDays}` : ""} on DynamoDB table ${tableName}`);
+	}
+	/**
+	* Retry a DynamoDB control-plane call on the transient "settling" errors AWS
+	* returns when two table-modifying operations land back-to-back. Enabling
+	* PITR (`UpdateContinuousBackups`) puts the table in a transient state, and a
+	* subsequent `UpdateTimeToLive` is then rejected with "Backups are being
+	* enabled for the table ... Please retry later". `ResourceInUseException`
+	* ("table is being updated") and `LimitExceededException` are the same class.
+	* Backoff: ~2s,4s,8s,16s,30s,30s... bounded to ~2min total, which comfortably
+	* covers the few-second PITR-enable window.
+	*/
+	async retryOnTransientControlPlane(op, label, maxAttempts = 8) {
+		let delayMs = 2e3;
+		for (let attempt = 1;; attempt++) try {
+			return await op();
+		} catch (error) {
+			const msg = error instanceof Error ? error.message : String(error);
+			const name = error instanceof Error ? error.name : "";
+			if (!(/being enabled|being updated|please retry later|backups are being/i.test(msg) || name === "ResourceInUseException" || name === "LimitExceededException") || attempt >= maxAttempts) throw error;
+			this.logger.debug(`Transient error on "${label}" (attempt ${attempt}/${maxAttempts}): ${msg} — retrying in ${delayMs}ms`);
+			await new Promise((resolve) => setTimeout(resolve, delayMs));
+			delayMs = Math.min(delayMs * 2, 3e4);
+		}
+	}
+	/**
+	* Apply the table's `TimeToLiveSpecification` via the separate
+	* `UpdateTimeToLive` API (TTL does NOT ride on CreateTable).
+	*
+	* CFn shape is `{ AttributeName: string, Enabled: boolean }`. Called from
+	* both `create()` (after the table is ACTIVE) and `update()` (only when the
+	* value changed). On `update()`-side removal — when the template drops the
+	* block but it was present before — we disable TTL using the PREVIOUS
+	* `AttributeName` (AWS requires the attribute name even to disable TTL).
+	*/
+	async applyTimeToLive(tableName, spec, previousSpec) {
+		if (spec !== void 0 && spec !== null) {
+			const s = spec;
+			const attributeName = s["AttributeName"];
+			if (!attributeName) return;
+			const enabled = s["Enabled"] !== void 0 ? Boolean(s["Enabled"]) : true;
+			await this.retryOnTransientControlPlane(() => this.dynamoDBClient.send(new UpdateTimeToLiveCommand({
+				TableName: tableName,
+				TimeToLiveSpecification: {
+					Enabled: enabled,
+					AttributeName: attributeName
+				}
+			})), `set TTL on ${tableName}`);
+			this.logger.debug(`Set TimeToLive Enabled=${enabled} AttributeName=${attributeName} on DynamoDB table ${tableName}`);
+			return;
+		}
+		if (previousSpec !== void 0 && previousSpec !== null) {
+			const prevAttributeName = previousSpec["AttributeName"];
+			if (!prevAttributeName) return;
+			await this.retryOnTransientControlPlane(() => this.dynamoDBClient.send(new UpdateTimeToLiveCommand({
+				TableName: tableName,
+				TimeToLiveSpecification: {
+					Enabled: false,
+					AttributeName: prevAttributeName
+				}
+			})), `disable TTL on ${tableName}`);
+			this.logger.debug(`Disabled TimeToLive (AttributeName=${prevAttributeName}) on DynamoDB table ${tableName}`);
+		}
+	}
+	/**
 	* Poll DescribeTable until the table reaches ACTIVE status
 	*
 	* Uses a tight polling loop (1s intervals) instead of CC API's exponential
@@ -8970,6 +9075,26 @@ var DynamoDBTableProvider = class {
 				if (err instanceof ResourceNotFoundException$1) return void 0;
 				throw err;
 			}
+			try {
+				const pitrDesc = (await this.dynamoDBClient.send(new DescribeContinuousBackupsCommand({ TableName: physicalId }))).ContinuousBackupsDescription?.PointInTimeRecoveryDescription;
+				const pitrStatus = pitrDesc?.PointInTimeRecoveryStatus;
+				if (pitrStatus) {
+					const pitr = { PointInTimeRecoveryEnabled: pitrStatus === "ENABLED" };
+					if (pitrStatus === "ENABLED" && pitrDesc?.RecoveryPeriodInDays !== void 0) pitr["RecoveryPeriodInDays"] = pitrDesc.RecoveryPeriodInDays;
+					result["PointInTimeRecoverySpecification"] = pitr;
+				}
+			} catch (err) {
+				this.logger.debug(`Could not read PointInTimeRecovery for ${physicalId}: ${err instanceof Error ? err.message : String(err)}`);
+			}
+			try {
+				const ttlDesc = (await this.dynamoDBClient.send(new DescribeTimeToLiveCommand({ TableName: physicalId }))).TimeToLiveDescription;
+				if (ttlDesc?.TimeToLiveStatus === "ENABLED" && ttlDesc.AttributeName) result["TimeToLiveSpecification"] = {
+					AttributeName: ttlDesc.AttributeName,
+					Enabled: true
+				};
+			} catch (err) {
+				this.logger.debug(`Could not read TimeToLive for ${physicalId}: ${err instanceof Error ? err.message : String(err)}`);
+			}
 			return result;
 		} catch (err) {
 			if (err instanceof ResourceNotFoundException$1) return void 0;
@@ -51125,7 +51250,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.171.0");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.172.0");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());