@go-to-k/cdkd 0.201.1 → 0.202.0

package/dist/cli.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { a as setAwsClients, i as resetAwsClients, r as getAwsClients, t as AwsClients } from "./aws-clients-DWUnLza1.js";
-import { $ as uploadCfnTemplate, A as S3StateBackend, At as PATTERN_B_NAME_PROPERTIES, B as Synthesizer, C as assertRegionMatch, Ct as normalizeAwsError, D as DagBuilder, E as DiffCalculator, Et as getLogger, F as buildDockerImage, Ft as withStackName, G as resolveSkipPrefix, H as getLegacyStateBucketName, I as formatDockerLoginError, J as warnDeprecatedNoPrefixCliFlag, K as resolveStateBucketWithDefault, L as getDockerCmd, M as AssetPublisher, Mt as generateResourceName, N as stringifyValue, Nt as generateResourceNameWithFallback, O as TemplateParser, Ot as runStackBuffered, P as WorkGraph, Pt as withSkipPrefix, Q as findLargeInlineResources, R as runDockerForeground, S as CloudControlProvider, T as applyRoleArnIfSet, U as resolveApp, V as getDefaultStateBucketName, W as resolveCaptureObservedState, X as CFN_TEMPLATE_URL_LIMIT, Y as CFN_TEMPLATE_BODY_LIMIT, Z as MIGRATE_TMP_PREFIX, _ as matchesCdkPath, _t as StackHasActiveImportsError, a as withRetry, b as ProviderRegistry, c as bold, ct as LocalMigrateError, d as green, dt as MissingCdkCliError, et as AssemblyReader, f as red, ft as NestedStackChildDirectDestroyError, g as CDK_PATH_TAG, gt as ResourceUpdateNotSupportedError, h as collectInlinePolicyNamesManagedBySiblings, ht as ResourceTimeoutError, i as withResourceDeadline, it as CdkdError, j as shouldRetainResource, jt as PATTERN_B_RESOURCE_TYPES, k as LockManager, kt as getLiveRenderer, l as cyan, lt as LocalStartServiceError, m as IAMRoleProvider, mt as ProvisioningError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as resolveBucketRegion, o as IMPLICIT_DELETE_DEPENDENCIES, p as yellow, pt as PartialFailureError, q as resolveStateBucketWithDefaultAndSource, r as DeployEngine, s as formatResourceLine, st as LocalInvokeBuildError$1, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, v as normalizeAwsTagsToCfn, vt as StackTerminationProtectionError, w as IntrinsicFunctionResolver, wt as withErrorHandling, x as findActionableSilentDrops, y as resolveExplicitPhysicalId, z as runDockerStreaming } from "./deploy-engine-5CVA5VWR.js";
+import { $ as uploadCfnTemplate, A as S3StateBackend, At as PATTERN_B_NAME_PROPERTIES, B as Synthesizer, C as assertRegionMatch, Ct as normalizeAwsError, D as DagBuilder, E as DiffCalculator, Et as getLogger, F as buildDockerImage, Ft as withStackName, G as resolveSkipPrefix, H as getLegacyStateBucketName, I as formatDockerLoginError, J as warnDeprecatedNoPrefixCliFlag, K as resolveStateBucketWithDefault, L as getDockerCmd, M as AssetPublisher, Mt as generateResourceName, N as stringifyValue, Nt as generateResourceNameWithFallback, O as TemplateParser, Ot as runStackBuffered, P as WorkGraph, Pt as withSkipPrefix, Q as findLargeInlineResources, R as runDockerForeground, S as CloudControlProvider, T as applyRoleArnIfSet, U as resolveApp, V as getDefaultStateBucketName, W as resolveCaptureObservedState, X as CFN_TEMPLATE_URL_LIMIT, Y as CFN_TEMPLATE_BODY_LIMIT, Z as MIGRATE_TMP_PREFIX, _ as matchesCdkPath, _t as StackHasActiveImportsError, a as withRetry, b as ProviderRegistry, c as bold, ct as LocalMigrateError, d as green, dt as MissingCdkCliError, et as AssemblyReader, f as red, ft as NestedStackChildDirectDestroyError, g as CDK_PATH_TAG, gt as ResourceUpdateNotSupportedError, h as collectInlinePolicyNamesManagedBySiblings, ht as ResourceTimeoutError, i as withResourceDeadline, it as CdkdError, j as shouldRetainResource, jt as PATTERN_B_RESOURCE_TYPES, k as LockManager, kt as getLiveRenderer, l as cyan, lt as LocalStartServiceError, m as IAMRoleProvider, mt as ProvisioningError, n as DEFAULT_RESOURCE_WARN_AFTER_MS, nt as resolveBucketRegion, o as IMPLICIT_DELETE_DEPENDENCIES, p as yellow, pt as PartialFailureError, q as resolveStateBucketWithDefaultAndSource, r as DeployEngine, s as formatResourceLine, st as LocalInvokeBuildError$1, t as DEFAULT_RESOURCE_TIMEOUT_MS, u as gray, v as normalizeAwsTagsToCfn, vt as StackTerminationProtectionError, w as IntrinsicFunctionResolver, wt as withErrorHandling, x as findActionableSilentDrops, y as resolveExplicitPhysicalId, z as runDockerStreaming } from "./deploy-engine-CuJDHhTs.js";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { randomBytes, randomUUID } from "node:crypto";
 import { CopyObjectCommand, CreateBucketCommand, DeleteBucketAnalyticsConfigurationCommand, DeleteBucketCommand, DeleteBucketCorsCommand, DeleteBucketIntelligentTieringConfigurationCommand, DeleteBucketInventoryConfigurationCommand, DeleteBucketLifecycleCommand, DeleteBucketMetricsConfigurationCommand, DeleteBucketPolicyCommand, DeleteBucketReplicationCommand, DeleteBucketTaggingCommand, DeleteBucketWebsiteCommand, DeleteObjectsCommand, GetBucketAccelerateConfigurationCommand, GetBucketCorsCommand, GetBucketEncryptionCommand, GetBucketLifecycleConfigurationCommand, GetBucketLocationCommand, GetBucketLoggingCommand, GetBucketNotificationConfigurationCommand, GetBucketPolicyCommand, GetBucketReplicationCommand, GetBucketTaggingCommand, GetBucketVersioningCommand, GetBucketWebsiteCommand, GetObjectCommand, GetObjectLockConfigurationCommand, GetPublicAccessBlockCommand, HeadBucketCommand, ListBucketAnalyticsConfigurationsCommand, ListBucketIntelligentTieringConfigurationsCommand, ListBucketInventoryConfigurationsCommand, ListBucketMetricsConfigurationsCommand, ListBucketsCommand, ListDirectoryBucketsCommand, ListObjectVersionsCommand, ListObjectsV2Command, NoSuchBucket, PutBucketAccelerateConfigurationCommand, PutBucketAnalyticsConfigurationCommand, PutBucketCorsCommand, PutBucketEncryptionCommand, PutBucketIntelligentTieringConfigurationCommand, PutBucketInventoryConfigurationCommand, PutBucketLifecycleConfigurationCommand, PutBucketLoggingCommand, PutBucketMetricsConfigurationCommand, PutBucketNotificationConfigurationCommand, PutBucketOwnershipControlsCommand, PutBucketPolicyCommand, PutBucketReplicationCommand, PutBucketTaggingCommand, PutBucketVersioningCommand, PutBucketWebsiteCommand, PutObjectCommand, PutObjectLockConfigurationCommand, PutPublicAccessBlockCommand, S3Client, S3ServiceException } from "@aws-sdk/client-s3";
@@ -32011,7 +32011,7 @@ var S3TablesProvider = class {
 	providerRegion = process.env["AWS_REGION"];
 	logger = getLogger().child("S3TablesProvider");
 	handledProperties = new Map([
-		["AWS::S3Tables::TableBucket", new Set(["TableBucketName"])],
+		["AWS::S3Tables::TableBucket", new Set(["TableBucketName", "Tags"])],
 		["AWS::S3Tables::Namespace", new Set(["TableBucketARN", "Namespace"])],
 		["AWS::S3Tables::Table", new Set([
 			"TableBucketARN",
@@ -32037,6 +32037,7 @@ var S3TablesProvider = class {
 	}
 	async update(logicalId, physicalId, resourceType, properties, previousProperties) {
 		if (resourceType === "AWS::S3Tables::Table") await this.applyTableTagsDiff(logicalId, physicalId, resourceType, previousProperties["Tags"], properties["Tags"]);
+		else if (resourceType === "AWS::S3Tables::TableBucket") await this.applyTableBucketTagsDiff(logicalId, physicalId, resourceType, previousProperties["Tags"], properties["Tags"]);
 		else this.logger.debug(`Update is no-op for ${resourceType} ${logicalId}`);
 		return {
 			physicalId,
@@ -32055,8 +32056,12 @@ var S3TablesProvider = class {
 		this.logger.debug(`Creating S3 Table Bucket ${logicalId}`);
 		const tableBucketName = properties["TableBucketName"];
 		if (!tableBucketName) throw new ProvisioningError(`TableBucketName is required for S3 Table Bucket ${logicalId}`, resourceType, logicalId);
+		const tags = this.cfnTagsToSdkMap(properties["Tags"]);
 		try {
-			const tableBucketARN = (await this.getClient().send(new CreateTableBucketCommand({ name: tableBucketName }))).arn;
+			const tableBucketARN = (await this.getClient().send(new CreateTableBucketCommand({
+				name: tableBucketName,
+				...tags !== void 0 && { tags }
+			}))).arn;
 			this.logger.debug(`Successfully created S3 Table Bucket ${logicalId}: ${tableBucketARN}`);
 			return {
 				physicalId: tableBucketARN,
@@ -32248,6 +32253,7 @@ var S3TablesProvider = class {
 		}
 		const result = {};
 		if (bucket.name !== void 0) result["TableBucketName"] = bucket.name;
+		result["Tags"] = await this.readTagsBestEffort(physicalId);
 		return result;
 	}
 	async readNamespaceCurrentState(physicalId) {
@@ -32567,6 +32573,47 @@ var S3TablesProvider = class {
 			throw new ProvisioningError(`applyTableTagsDiff: TagResource failed for ${resourceArn} (keys: ${Object.keys(upserts).join(", ")}): ${err instanceof Error ? err.message : String(err)}. State has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
 		}
 	}
+	/**
+	* Apply a tag-diff against a TableBucket resource ARN. Mirrors
+	* `applyTableTagsDiff` for the Table case, but simpler: TableBucket's
+	* `physicalId` IS the bucket ARN, so no `GetTableBucket` lookup hop
+	* is needed (the Table version needs `GetTable` to recover the real
+	* ARN from the cdkd-compound `<bucketArn>|<namespace>|<name>` physical id).
+	*
+	* Same throw semantics as `applyTableTagsDiff` (per issue #740 / PR
+	* #741): tag-side failures THROW `ProvisioningError` so state is NOT
+	* written, and the next deploy retries against the still-old state.
+	* `update()` for AWS::S3Tables::TableBucket is otherwise a no-op (the
+	* bucket itself is immutable), so a tag-side throw cleanly turns the
+	* whole update into a clean retry with no side-effects.
+	*/
+	async applyTableBucketTagsDiff(logicalId, physicalId, resourceType, previousTags, newTags) {
+		const prev = this.cfnTagsToSdkMap(previousTags) ?? {};
+		const next = this.cfnTagsToSdkMap(newTags) ?? {};
+		const removedKeys = Object.keys(prev).filter((k) => !(k in next));
+		const upserts = {};
+		for (const [k, v] of Object.entries(next)) if (prev[k] !== v) upserts[k] = v;
+		if (removedKeys.length === 0 && Object.keys(upserts).length === 0) return;
+		const resourceArn = physicalId;
+		if (removedKeys.length > 0) try {
+			await this.getClient().send(new UntagResourceCommand$15({
+				resourceArn,
+				tagKeys: removedKeys
+			}));
+		} catch (err) {
+			const cause = err instanceof Error ? err : void 0;
+			throw new ProvisioningError(`applyTableBucketTagsDiff: UntagResource failed for ${resourceArn} (keys: ${removedKeys.join(", ")}): ${err instanceof Error ? err.message : String(err)}. State has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
+		}
+		if (Object.keys(upserts).length > 0) try {
+			await this.getClient().send(new TagResourceCommand$16({
+				resourceArn,
+				tags: upserts
+			}));
+		} catch (err) {
+			const cause = err instanceof Error ? err : void 0;
+			throw new ProvisioningError(`applyTableBucketTagsDiff: TagResource failed for ${resourceArn} (keys: ${Object.keys(upserts).join(", ")}): ${err instanceof Error ? err.message : String(err)}. State has NOT been updated so the next deploy will retry the tag-diff.`, resourceType, logicalId, physicalId, cause);
+		}
+	}
 };
 
 //#endregion
@@ -51877,7 +51924,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.201.1");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.202.0");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());