npm - @go-to-k/cdkd - Versions diffs - 0.201.0 → 0.201.1 - Mend

@go-to-k/cdkd 0.201.0 → 0.201.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -17236,7 +17236,7 @@ var CloudFrontDistributionProvider = class {
 			const getResponse = await this.cloudFrontClient.send(new GetDistributionCommand({ Id: physicalId }));
 			const domainName = getResponse.Distribution?.DomainName ?? "";
 			const arn = getResponse.Distribution?.ARN;
-			await this.tryApplyTagDiff(arn, previousProperties["Tags"], properties["Tags"], physicalId);
+			await this.applyTagDiff(arn, previousProperties["Tags"], properties["Tags"], physicalId, logicalId, resourceType);
 			this.logger.debug(`Updated CloudFront Distribution ${physicalId}`);
 			return {
 				physicalId,
@@ -17489,32 +17489,44 @@ var CloudFrontDistributionProvider = class {
 		};
 	}
 	/**
-	* Apply a tag diff to a distribution, best-effort.
+	* Apply a tag diff to a distribution.
 	*
 	* CloudFront has no atomic overlay API for tags — `TagResource` adds /
 	* overwrites and `UntagResource` removes. Run the removal first, then
 	* the upsert, so a same-key value rewrite (which lands in `upserts`)
 	* is not accidentally cleared by a stale Untag.
 	*
-	* Errors are logged but not rethrown — `update()` already succeeded
-	* the `UpdateDistribution` call before this is invoked, so propagating
-	* a tag-side error would flip a successful config update into a deploy
-	* failure that triggers an idempotent retry. A `warn` surfaces the
-	* unapplied delta to the operator without breaking the deploy.
+	* Errors are RETHROWN as `ProvisioningError` (issue #740 fix) so the
+	* deploy engine sees a failed update() and (a) does NOT write the new
+	* properties.Tags into state — the next deploy retries the tag-diff
+	* against the still-old state, (b) surfaces the failure to the user
+	* via the standard error path. The deploy engine's `withRetry` MAY
+	* pick up some transient AWS errors via the cause-message-pattern
+	* match (`retryable-errors.ts`'s `RETRYABLE_ERROR_MESSAGE_PATTERNS`),
+	* but bare HTTP 429 throttles wrapped by update()'s outer catch reach
+	* the classifier two levels deep and slip past its single-level
+	* `.cause` walk — so the **load-bearing retry guarantee is the
+	* next-deploy retry**, not in-deploy retry. This is acceptable: the
+	* user sees the failure, can react, and the next `cdkd deploy`
+	* re-fires the tag-diff against the still-old state cleanly.
+	*
+	* Trade-off: a tag-side failure flips an otherwise-successful
+	* `UpdateDistribution` into a deploy failure, and the retry will
+	* re-issue UpdateDistribution against the (now-current) config —
+	* AWS accepts the no-op idempotently. The cost of that secondary
+	* noise is much lower than the cost of silent tag drift the pre-#740
+	* swallow caused.
 	*
 	* The ARN is unexpectedly absent only on a hypothetical SDK regression
 	* (`GetDistribution` returns ARN as a required string in every SDK
 	* shape verified so far). When that happens AND a tag delta exists,
-	* log a warn so the silent-drop this PR is closing does not silently
-	* resurface; when no delta exists, return without needing ARN.
+	* THROW so the silent-drop does not silently resurface; when no delta
+	* exists, return without needing ARN.
 	*/
-	async tryApplyTagDiff(arn, previousTags, newTags, physicalId) {
+	async applyTagDiff(arn, previousTags, newTags, physicalId, logicalId, resourceType) {
 		const { removed, upserts } = this.computeTagDiff(previousTags, newTags);
 		if (removed.length === 0 && upserts.length === 0) return;
-		if (!arn) {
-			this.logger.warn(`CloudFront Distribution ${physicalId}: GetDistribution returned no ARN; skipping tag diff (removed=${removed.length}, upserts=${upserts.length}). Tags on AWS may drift from the template.`);
-			return;
-		}
+		if (!arn) throw new ProvisioningError(`CloudFront Distribution ${physicalId}: GetDistribution returned no ARN; cannot apply tag diff (removed=${removed.length}, upserts=${upserts.length}). Refusing to silently drop the tag update — retry on next deploy or check SDK version.`, resourceType, logicalId, physicalId);
 		try {
 			if (removed.length > 0) {
 				this.logger.debug(`Untagging CloudFront Distribution ${arn}: ${removed.join(", ")}`);
@@ -17531,7 +17543,8 @@ var CloudFrontDistributionProvider = class {
 				}));
 			}
 		} catch (err) {
-			this.logger.warn(`CloudFront Distribution ${physicalId}: tag diff failed (removed=${removed.length}, upserts=${upserts.length}): ${err instanceof Error ? err.message : String(err)}. UpdateDistribution itself succeeded; tags on AWS may drift from the template until the next deploy.`);
+			const cause = err instanceof Error ? err : void 0;
+			throw new ProvisioningError(`CloudFront Distribution ${physicalId}: tag diff failed (removed=${removed.length}, upserts=${upserts.length}): ${err instanceof Error ? err.message : String(err)}. UpdateDistribution succeeded but TagResource/UntagResource did not — state has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
 		}
 	}
 	/**
@@ -32023,7 +32036,7 @@ var S3TablesProvider = class {
 		}
 	}
 	async update(logicalId, physicalId, resourceType, properties, previousProperties) {
-		if (resourceType === "AWS::S3Tables::Table") await this.applyTableTagsDiff(physicalId, previousProperties["Tags"], properties["Tags"]);
+		if (resourceType === "AWS::S3Tables::Table") await this.applyTableTagsDiff(logicalId, physicalId, resourceType, previousProperties["Tags"], properties["Tags"]);
 		else this.logger.debug(`Update is no-op for ${resourceType} ${logicalId}`);
 		return {
 			physicalId,
@@ -32502,40 +32515,47 @@ var S3TablesProvider = class {
 	* value-only rewrite on key K isn't accidentally cleared by a stale
 	* UntagResource pass (matches the CloudFront / S3Vectors pattern).
 	*
-	* Tag ops are best-effort post-step in update(): a tag-side failure
-	* MUST NOT flip the deploy engine into a retry that would re-issue
-	* the no-op `update()` body. Log at warn instead so the user sees
-	* the unapplied delta but the deploy still progresses.
-	*/
-	async applyTableTagsDiff(physicalId, previousTags, newTags) {
-		const parts = physicalId.split("|");
-		if (parts.length < 3) {
-			this.logger.warn(`applyTableTagsDiff: cannot derive table ARN from physicalId '${physicalId}' — skipping tag-diff`);
-			return;
-		}
-		const [tableBucketARN, namespace, name] = parts;
-		if (!tableBucketARN || !namespace || !name) {
-			this.logger.warn(`applyTableTagsDiff: cannot derive table ARN from malformed physicalId '${physicalId}' (empty part after split) — skipping tag-diff`);
-			return;
-		}
+	* Tag-side failures THROW `ProvisioningError` (issue #740 fix): a
+	* silent swallow would let the deploy engine write the new properties.Tags
+	* to state as if applied, and the next deploy's diff (template Tags
+	* vs new state Tags) sees no change → tag-diff never re-fires → AWS
+	* tags stay stale forever. Throwing means: (a) state is NOT written,
+	* (b) the next deploy retries the tag-diff against the still-old
+	* state. The deploy engine's `withRetry` MAY pick up transient AWS
+	* errors via the cause-message-pattern match in `retryable-errors.ts`,
+	* but bare HTTP 429 throttles can slip past the classifier's
+	* single-level `.cause` walk depending on wrapping — so the
+	* **load-bearing retry guarantee is the next-deploy retry**, not
+	* in-deploy retry. For the S3Tables Table case `update()` is
+	* otherwise a no-op (the Table itself is immutable), so a tag-side
+	* throw cleanly turns the whole update into a retry without
+	* side-effects.
+	*
+	* The malformed-physicalId / GetTable-NotFound branches throw too
+	* — both indicate a state-vs-AWS divergence the user needs to see,
+	* not silently skip past.
+	*/
+	async applyTableTagsDiff(logicalId, physicalId, resourceType, previousTags, newTags) {
 		const prev = this.cfnTagsToSdkMap(previousTags) ?? {};
 		const next = this.cfnTagsToSdkMap(newTags) ?? {};
 		const removedKeys = Object.keys(prev).filter((k) => !(k in next));
 		const upserts = {};
 		for (const [k, v] of Object.entries(next)) if (prev[k] !== v) upserts[k] = v;
 		if (removedKeys.length === 0 && Object.keys(upserts).length === 0) return;
+		const parts = physicalId.split("|");
+		if (parts.length < 3) throw new ProvisioningError(`applyTableTagsDiff: cannot derive table ARN from physicalId '${physicalId}' (expected '<bucketArn>|<namespace>|<name>') — refusing to silently drop the tag update`, resourceType, logicalId, physicalId);
+		const [tableBucketARN, namespace, name] = parts;
+		if (!tableBucketARN || !namespace || !name) throw new ProvisioningError(`applyTableTagsDiff: cannot derive table ARN from malformed physicalId '${physicalId}' (empty part after split) — refusing to silently drop the tag update`, resourceType, logicalId, physicalId);
 		const resourceArn = await this.lookupTableArn(tableBucketARN, namespace, name);
-		if (!resourceArn) {
-			this.logger.warn(`applyTableTagsDiff: GetTable returned no tableARN for ${physicalId} — skipping tag-diff (table gone? state out-of-sync?)`);
-			return;
-		}
+		if (!resourceArn) throw new ProvisioningError(`applyTableTagsDiff: GetTable returned no tableARN for ${physicalId} — table is gone or state is out-of-sync. Refusing to silently drop the tag update (run 'cdkd state orphan ${logicalId}' to clean up if the table was deleted out-of-band).`, resourceType, logicalId, physicalId);
 		if (removedKeys.length > 0) try {
 			await this.getClient().send(new UntagResourceCommand$15({
 				resourceArn,
 				tagKeys: removedKeys
 			}));
 		} catch (err) {
-			this.logger.warn(`applyTableTagsDiff: UntagResource failed for ${resourceArn} (keys: ${removedKeys.join(", ")}): ${err instanceof Error ? err.message : String(err)}`);
+			const cause = err instanceof Error ? err : void 0;
+			throw new ProvisioningError(`applyTableTagsDiff: UntagResource failed for ${resourceArn} (keys: ${removedKeys.join(", ")}): ${err instanceof Error ? err.message : String(err)}. State has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
 		}
 		if (Object.keys(upserts).length > 0) try {
 			await this.getClient().send(new TagResourceCommand$16({
@@ -32543,7 +32563,8 @@ var S3TablesProvider = class {
 				tags: upserts
 			}));
 		} catch (err) {
-			this.logger.warn(`applyTableTagsDiff: TagResource failed for ${resourceArn} (keys: ${Object.keys(upserts).join(", ")}): ${err instanceof Error ? err.message : String(err)}`);
+			const cause = err instanceof Error ? err : void 0;
+			throw new ProvisioningError(`applyTableTagsDiff: TagResource failed for ${resourceArn} (keys: ${Object.keys(upserts).join(", ")}): ${err instanceof Error ? err.message : String(err)}. State has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
 		}
 	}
 };
@@ -51856,7 +51877,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.201.0");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.201.1");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());