@go-to-k/cdkd 0.26.0 → 0.27.0

package/dist/cli.js

@@ -8638,6 +8638,33 @@ var IAMRoleProvider = class {
       this.logger.debug(`Added/updated ${tagsToAdd.length} tags on role ${roleName}`);
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing IAM role.
+   *
+   * CloudFormation's `AWS::IAM::Role` exposes `Arn` and `RoleId`; both are
+   * available from the `GetRole` response. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    try {
+      const resp = await this.iamClient.send(new GetRoleCommand({ RoleName: physicalId }));
+      switch (attributeName) {
+        case "Arn":
+          return resp.Role?.Arn;
+        case "RoleId":
+          return resp.Role?.RoleId;
+        default:
+          return void 0;
+      }
+    } catch (err) {
+      if (err instanceof NoSuchEntityException)
+        return void 0;
+      throw err;
+    }
+  }
   /**
    * Adopt an existing IAM role into cdkd state.
    *
@@ -10488,17 +10515,35 @@ var S3BucketProvider = class {
     return region || "us-east-1";
   }
   /**
-   * Build attributes for an S3 bucket
+   * Build attributes for an S3 bucket.
+   *
+   * Covers every CloudFormation `Fn::GetAtt` return value for
+   * `AWS::S3::Bucket`. All fields are derivable from `bucketName` + region —
+   * no extra AWS API call is needed. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#aws-properties-s3-bucket-return-values
    */
   async buildAttributes(bucketName) {
     const region = await this.getRegion();
     return {
       Arn: `arn:aws:s3:::${bucketName}`,
       DomainName: `${bucketName}.s3.amazonaws.com`,
+      DualStackDomainName: `${bucketName}.s3.dualstack.${region}.amazonaws.com`,
       RegionalDomainName: `${bucketName}.s3.${region}.amazonaws.com`,
       WebsiteURL: `http://${bucketName}.s3-website-${region}.amazonaws.com`
     };
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing bucket.
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references. All S3 Bucket attributes are
+   * derivable from bucket name + region, so this avoids the round trip and
+   * reuses the same templating as `buildAttributes`.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    const attrs = await this.buildAttributes(physicalId);
+    return attrs[attributeName];
+  }
   /**
    * Apply versioning configuration if specified
    */
@@ -11793,6 +11838,43 @@ var SQSQueueProvider = class {
       return `arn:aws:sqs:unknown:unknown:${queueName}`;
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing SQS queue.
+   *
+   * CloudFormation's `AWS::SQS::Queue` exposes `Arn`, `QueueName` and
+   * `QueueUrl`. The cdkd physicalId is the queue URL; `QueueUrl` and
+   * `QueueName` are derivable from it without an AWS call, while `Arn`
+   * requires `GetQueueAttributes`. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-properties-sqs-queues-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    switch (attributeName) {
+      case "QueueUrl":
+        return physicalId;
+      case "QueueName":
+        return physicalId.substring(physicalId.lastIndexOf("/") + 1);
+      case "Arn": {
+        try {
+          const resp = await this.sqsClient.send(
+            new GetQueueAttributesCommand({
+              QueueUrl: physicalId,
+              AttributeNames: ["QueueArn"]
+            })
+          );
+          return resp.Attributes?.["QueueArn"];
+        } catch (err) {
+          if (err instanceof QueueDoesNotExist)
+            return void 0;
+          throw err;
+        }
+      }
+      default:
+        return void 0;
+    }
+  }
   /**
    * Adopt an existing SQS queue into cdkd state.
    *
@@ -12328,6 +12410,28 @@ var SNSTopicProvider = class {
       );
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing SNS topic.
+   *
+   * CloudFormation's `AWS::SNS::Topic` exposes `TopicName` and `TopicArn`.
+   * The cdkd physicalId is the topic ARN, so both are derivable without
+   * an AWS call. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html#aws-properties-sns-topic-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  // eslint-disable-next-line @typescript-eslint/require-await -- consistent async signature with other providers
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    switch (attributeName) {
+      case "TopicArn":
+        return physicalId;
+      case "TopicName":
+        return physicalId.split(":").pop();
+      default:
+        return void 0;
+    }
+  }
   /**
    * Adopt an existing SNS topic into cdkd state.
    *
@@ -13309,6 +13413,43 @@ var LambdaFunctionProvider = class {
     }
     return (crc ^ 4294967295) >>> 0;
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing Lambda function.
+   *
+   * CloudFormation's `AWS::Lambda::Function` exposes `Arn`,
+   * `SnapStartResponse.ApplyOn`, and `SnapStartResponse.OptimizationStatus`
+   * as documented at
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#aws-resource-lambda-function-return-values.
+   *
+   * All three live in the same `GetFunction` response (`Configuration.FunctionArn`
+   * and `Configuration.SnapStart.{ApplyOn,OptimizationStatus}`), so a single API
+   * call covers every supported attr. Used by `cdkd orphan` to live-fetch
+   * attribute values that need to be substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    if (attributeName !== "Arn" && attributeName !== "SnapStartResponse.ApplyOn" && attributeName !== "SnapStartResponse.OptimizationStatus") {
+      return void 0;
+    }
+    try {
+      const resp = await this.lambdaClient.send(
+        new GetFunctionCommand({ FunctionName: physicalId })
+      );
+      switch (attributeName) {
+        case "Arn":
+          return resp.Configuration?.FunctionArn;
+        case "SnapStartResponse.ApplyOn":
+          return resp.Configuration?.SnapStart?.ApplyOn;
+        case "SnapStartResponse.OptimizationStatus":
+          return resp.Configuration?.SnapStart?.OptimizationStatus;
+        default:
+          return void 0;
+      }
+    } catch (err) {
+      if (err instanceof ResourceNotFoundException)
+        return void 0;
+      throw err;
+    }
+  }
   /**
    * Adopt an existing Lambda function into cdkd state.
    *
@@ -13581,6 +13722,7 @@ var LambdaPermissionProvider = class {
 import {
   CreateFunctionUrlConfigCommand,
   DeleteFunctionUrlConfigCommand,
+  GetFunctionUrlConfigCommand as GetFunctionUrlConfigCommand2,
   UpdateFunctionUrlConfigCommand,
   ResourceNotFoundException as ResourceNotFoundException3
 } from "@aws-sdk/client-lambda";
@@ -13708,6 +13850,36 @@ var LambdaUrlProvider = class {
       );
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing Lambda Function
+   * URL.
+   *
+   * CloudFormation's `AWS::Lambda::Url` exposes `FunctionArn` and
+   * `FunctionUrl`. Both come from `GetFunctionUrlConfig`. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#aws-resource-lambda-url-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    try {
+      const resp = await this.lambdaClient.send(
+        new GetFunctionUrlConfigCommand2({ FunctionName: physicalId })
+      );
+      switch (attributeName) {
+        case "FunctionArn":
+          return resp.FunctionArn;
+        case "FunctionUrl":
+          return resp.FunctionUrl;
+        default:
+          return void 0;
+      }
+    } catch (err) {
+      if (err instanceof ResourceNotFoundException3)
+        return void 0;
+      throw err;
+    }
+  }
   /**
    * Adopt an existing Lambda Function URL into cdkd state.
    *
@@ -14419,6 +14591,40 @@ var DynamoDBTableProvider = class {
     }
     throw new Error(`Table ${tableName} did not reach ACTIVE status within ${maxAttempts} seconds`);
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing DynamoDB table.
+   *
+   * CloudFormation's `AWS::DynamoDB::Table` exposes `Arn`, `StreamArn`
+   * (a.k.a. `LatestStreamArn` in the SDK; CFn returns the latest enabled
+   * stream's ARN), and `LatestStreamLabel`. All three are sibling fields on
+   * the same `DescribeTable` response, so a single API call covers every
+   * supported attr. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    try {
+      const resp = await this.dynamoDBClient.send(
+        new DescribeTableCommand2({ TableName: physicalId })
+      );
+      switch (attributeName) {
+        case "Arn":
+          return resp.Table?.TableArn;
+        case "StreamArn":
+          return resp.Table?.LatestStreamArn;
+        case "LatestStreamLabel":
+          return resp.Table?.LatestStreamLabel;
+        default:
+          return void 0;
+      }
+    } catch (err) {
+      if (err instanceof ResourceNotFoundException6)
+        return void 0;
+      throw err;
+    }
+  }
   /**
    * Adopt an existing DynamoDB table into cdkd state.
    *
@@ -14706,6 +14912,23 @@ var LogsLogGroupProvider = class {
       return `arn:aws:logs:unknown:unknown:log-group:${logGroupName}:*`;
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an existing log group.
+   *
+   * CloudFormation's `AWS::Logs::LogGroup` exposes only `Arn`. The ARN is
+   * derivable from the log group name + account + region via the existing
+   * `buildArn` helper. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#aws-resource-logs-loggroup-return-values
+   *
+   * Used by `cdkd orphan` to live-fetch attribute values that need to be
+   * substituted into sibling references.
+   */
+  async getAttribute(physicalId, _resourceType, attributeName) {
+    if (attributeName !== "Arn") {
+      return void 0;
+    }
+    return this.buildArn(physicalId);
+  }
   /**
    * Adopt an existing CloudWatch Logs log group into cdkd state.
    *
@@ -16743,29 +16966,63 @@ var EC2Provider = class {
       }
     }
   }
+  /**
+   * Resolve a single `Fn::GetAtt` attribute for an `AWS::EC2::VPC`.
+   *
+   * CloudFormation returns `CidrBlock`, `CidrBlockAssociations`,
+   * `DefaultNetworkAcl`, `DefaultSecurityGroup`, and `Ipv6CidrBlocks`. See:
+   * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html#aws-resource-ec2-vpc-return-values
+   *
+   * `DefaultNetworkAcl` and `DefaultSecurityGroup` previously returned wrong
+   * values (DHCP options id and `undefined` respectively); the AWS console
+   * surfaces these the same way as CFn — by filtering the relevant
+   * `Describe*` API on `vpc-id` + the `default` flag.
+   */
   async getVpcAttribute(physicalId, attributeName) {
-    if (attributeName === "VpcId")
-      return physicalId;
     try {
-      const response = await this.ec2Client.send(new DescribeVpcsCommand2({ VpcIds: [physicalId] }));
-      const vpc = response.Vpcs?.[0];
-      if (!vpc)
-        return void 0;
       switch (attributeName) {
-        case "CidrBlock":
-          return vpc.CidrBlock;
-        case "Ipv6CidrBlocks":
-          return vpc.Ipv6CidrBlockAssociationSet?.filter(
-            (a) => a.Ipv6CidrBlockState?.State === "associated"
-          ).map((a) => a.Ipv6CidrBlock) || [];
-        case "CidrBlockAssociations":
-          return vpc.CidrBlockAssociationSet?.map((a) => a.AssociationId) || [];
-        case "DefaultNetworkAcl":
-          return vpc.DhcpOptionsId;
-        case "DefaultSecurityGroup":
-          return void 0;
-        default:
-          return void 0;
+        case "DefaultNetworkAcl": {
+          const resp = await this.ec2Client.send(
+            new DescribeNetworkAclsCommand({
+              Filters: [
+                { Name: "vpc-id", Values: [physicalId] },
+                { Name: "default", Values: ["true"] }
+              ]
+            })
+          );
+          return resp.NetworkAcls?.[0]?.NetworkAclId;
+        }
+        case "DefaultSecurityGroup": {
+          const resp = await this.ec2Client.send(
+            new DescribeSecurityGroupsCommand2({
+              Filters: [
+                { Name: "vpc-id", Values: [physicalId] },
+                { Name: "group-name", Values: ["default"] }
+              ]
+            })
+          );
+          return resp.SecurityGroups?.[0]?.GroupId;
+        }
+        default: {
+          const response = await this.ec2Client.send(
+            new DescribeVpcsCommand2({ VpcIds: [physicalId] })
+          );
+          const vpc = response.Vpcs?.[0];
+          if (!vpc)
+            return void 0;
+          switch (attributeName) {
+            case "CidrBlock":
+              return vpc.CidrBlock;
+            case "Ipv6CidrBlocks":
+              return vpc.Ipv6CidrBlockAssociationSet?.filter(
+                (a) => a.Ipv6CidrBlockState?.State === "associated"
+              ).map((a) => a.Ipv6CidrBlock) || [];
+            case "CidrBlockAssociations":
+              return vpc.CidrBlockAssociationSet?.map((a) => a.AssociationId) || [];
+            default:
+              return void 0;
+          }
+        }
       }
     } catch {
       return void 0;
@@ -35316,7 +35573,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command13();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.26.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.27.0");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());