npm - @go-to-k/cdkd - Versions diffs - 0.3.0 → 0.3.2 - Mend

@go-to-k/cdkd 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +86 -35
package/dist/cli.js.map +2 -2
package/dist/go-to-k-cdkd-0.3.2.tgz +0 -0
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.3.0.tgz +0 -0

package/dist/cli.js CHANGED Viewed

@@ -10987,7 +10987,10 @@ import {
   GetFunctionCommand,
   ResourceNotFoundException
 } from "@aws-sdk/client-lambda";
-import { DescribeNetworkInterfacesCommand } from "@aws-sdk/client-ec2";
+import {
+  DescribeNetworkInterfacesCommand,
+  DeleteNetworkInterfaceCommand
+} from "@aws-sdk/client-ec2";
 init_aws_clients();
 var LambdaFunctionProvider = class {
   lambdaClient;
@@ -11196,6 +11199,24 @@ var LambdaFunctionProvider = class {
   async delete(logicalId, physicalId, resourceType, properties) {
     this.logger.debug(`Deleting Lambda function ${logicalId}: ${physicalId}`);
     const hasVpcConfig = this.hasVpcConfig(properties?.["VpcConfig"]);
+    if (hasVpcConfig) {
+      try {
+        await this.lambdaClient.send(
+          new UpdateFunctionConfigurationCommand({
+            FunctionName: physicalId,
+            VpcConfig: { SubnetIds: [], SecurityGroupIds: [] }
+          })
+        );
+        this.logger.debug(`Detached VPC config from Lambda ${physicalId} before deletion`);
+      } catch (error) {
+        if (error instanceof ResourceNotFoundException) {
+          return;
+        }
+        this.logger.warn(
+          `Pre-delete VPC detach failed for ${physicalId}: ${error instanceof Error ? error.message : String(error)} \u2014 continuing with delete`
+        );
+      }
+    }
     try {
       await this.lambdaClient.send(new DeleteFunctionCommand({ FunctionName: physicalId }));
       this.logger.debug(`Successfully deleted Lambda function ${logicalId}`);
@@ -11214,7 +11235,7 @@ var LambdaFunctionProvider = class {
       );
     }
     if (hasVpcConfig) {
-      await this.waitForLambdaEnisDetached(physicalId);
+      await this.cleanupLambdaEnis(physicalId);
     }
   }
   /**
@@ -11275,50 +11296,78 @@ var LambdaFunctionProvider = class {
     return Array.isArray(subnets) && subnets.length > 0;
   }
   /**
-   * Poll DescribeNetworkInterfaces until the Lambda-managed ENIs for the
-   * given function are gone, or the configured timeout elapses.
+   * Clean up Lambda-managed ENIs for the given function: list, then attempt
+   * DeleteNetworkInterface on each. Repeat until no matching ENIs remain
+   * or the configured timeout elapses.
+   *
+   * Why direct delete (not just wait): an `available` ENI still counts as a
+   * Subnet / SecurityGroup dependency, so DeleteSubnet / DeleteSecurityGroup
+   * fail until the ENI itself is gone. AWS's eventual cleanup of unused
+   * Lambda hyperplane ENIs can take well over an hour, which is far longer
+   * than any reasonable destroy budget. Calling DeleteNetworkInterface
+   * ourselves (best-effort) clears `available` ENIs in seconds.
    *
-   * Lambda VPC ENIs carry a Description like:
-   *   "AWS Lambda VPC ENI-<functionName>-<uuid>"
-   * We match on a substring to be tolerant of format drift.
+   * In-use ENIs (e.g. immediately after the pre-delete VPC detach) cannot
+   * be deleted yet — we swallow that error and retry on the next iteration
+   * once they transition to `available`.
+   *
+   * Lambda VPC ENI Descriptions follow the pattern
+   *   "AWS Lambda VPC ENI-<functionName>"
+   * (and historically "AWS Lambda VPC ENI-<functionName>-<uuid>"). We
+   * narrow the query with a `requester-id` filter and then match the
+   * function name as a hyphen-bounded token to avoid false positives like
+   * "myfn" matching for function "fn".
    *
    * Polling: starts at eniWaitInitialDelayMs (10s), exponential backoff up
    * to eniWaitMaxDelayMs (30s), bounded by eniWaitTimeoutMs (10min).
-   *
-   * Timeout is treated as a soft warning: detach can legitimately take 20-40
-   * minutes in degraded conditions, and downstream Subnet/SG deletion has
-   * its own retries to handle the residual window.
+   * Timeout is a soft warning — downstream Subnet/SG deletion has its own
+   * retries.
    */
-  async waitForLambdaEnisDetached(functionName) {
+  async cleanupLambdaEnis(functionName) {
     const start = Date.now();
     let delay = this.eniWaitInitialDelayMs;
     let attempt = 0;
     this.logger.debug(
-      `Waiting for Lambda VPC ENIs to detach for function ${functionName} (timeout ${this.eniWaitTimeoutMs}ms)`
+      `Cleaning up Lambda VPC ENIs for function ${functionName} (timeout ${this.eniWaitTimeoutMs}ms)`
     );
-    const descriptionNeedle = `AWS Lambda VPC ENI`;
-    const functionNamePattern = new RegExp(`(^|-)${escapeRegExp(functionName)}(-|$)`);
     for (; ; ) {
       attempt++;
-      let count;
+      let enis = [];
+      let listFailed = false;
       try {
-        count = await this.countLambdaEnis(descriptionNeedle, functionNamePattern);
+        enis = await this.listLambdaEnis(functionName);
       } catch (error) {
         this.logger.warn(
-          `DescribeNetworkInterfaces failed while waiting for Lambda ENIs of ${functionName}: ${error instanceof Error ? error.message : String(error)}`
+          `DescribeNetworkInterfaces failed while cleaning up Lambda ENIs of ${functionName}: ${error instanceof Error ? error.message : String(error)}`
         );
-        count = -1;
+        listFailed = true;
       }
-      if (count === 0) {
+      if (!listFailed && enis.length === 0) {
         this.logger.debug(
-          `Lambda ENIs for ${functionName} fully detached after ${attempt} poll(s) / ${Date.now() - start}ms`
+          `Lambda ENIs for ${functionName} fully cleaned up after ${attempt} attempt(s) / ${Date.now() - start}ms`
         );
         return;
       }
+      if (enis.length > 0) {
+        await Promise.all(
+          enis.map(async (eni) => {
+            try {
+              await this.ec2Client.send(
+                new DeleteNetworkInterfaceCommand({ NetworkInterfaceId: eni.id })
+              );
+              this.logger.debug(`Deleted Lambda ENI ${eni.id} for ${functionName}`);
+            } catch (error) {
+              this.logger.debug(
+                `ENI ${eni.id} (status=${eni.status}) not yet deletable: ${error instanceof Error ? error.message : String(error)}`
+              );
+            }
+          })
+        );
+      }
       const elapsed = Date.now() - start;
       if (elapsed >= this.eniWaitTimeoutMs) {
         this.logger.warn(
-          `Timeout (${this.eniWaitTimeoutMs}ms) waiting for Lambda VPC ENIs of ${functionName} to detach (remaining: ${count >= 0 ? count : "unknown"}). Continuing \u2014 downstream Subnet/SG deletion will retry as needed.`
+          `Timeout (${this.eniWaitTimeoutMs}ms) cleaning up Lambda VPC ENIs of ${functionName} (${enis.length} remaining). Continuing \u2014 downstream Subnet/SG deletion will retry as needed.`
         );
         return;
       }
@@ -11329,15 +11378,16 @@ var LambdaFunctionProvider = class {
     }
   }
   /**
-   * Count remaining Lambda-managed ENIs for the given function, paginating
-   * through DescribeNetworkInterfaces and filtering on Description substring.
+   * List Lambda-managed ENIs for the given function, paginating through
+   * DescribeNetworkInterfaces and filtering on Description substring.
    *
-   * Server-side filter (`description`) does not support wildcards in EC2's API,
-   * so we filter client-side after narrowing on `requester-id` + `status`.
+   * Server-side filter (`description`) does not support wildcards on this
+   * API, so we narrow with `requester-id` + match Description client-side.
    */
-  async countLambdaEnis(descriptionNeedle, functionNamePattern) {
+  async listLambdaEnis(functionName) {
+    const enis = [];
+    const descriptionPrefix = "AWS Lambda VPC ENI-";
     let nextToken;
-    let count = 0;
     do {
       const resp = await this.ec2Client.send(
         new DescribeNetworkInterfacesCommand({
@@ -11350,13 +11400,17 @@ var LambdaFunctionProvider = class {
       );
       for (const ni of resp.NetworkInterfaces ?? []) {
         const desc = ni.Description ?? "";
-        if (desc.includes(descriptionNeedle) && functionNamePattern.test(desc)) {
-          count++;
+        if (!ni.NetworkInterfaceId || !desc.startsWith(descriptionPrefix)) {
+          continue;
+        }
+        const token = desc.slice(descriptionPrefix.length);
+        if (functionName === token || functionName.startsWith(`${token}-`)) {
+          enis.push({ id: ni.NetworkInterfaceId, status: ni.Status ?? "unknown" });
         }
       }
       nextToken = resp.NextToken;
     } while (nextToken);
-    return count;
+    return enis;
   }
   sleep(ms) {
     return new Promise((resolve4) => setTimeout(resolve4, ms));
@@ -11446,9 +11500,6 @@ var LambdaFunctionProvider = class {
     return (crc ^ 4294967295) >>> 0;
   }
 };
-function escapeRegExp(input) {
-  return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
 // src/provisioning/providers/lambda-permission-provider.ts
 import {
@@ -27554,7 +27605,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command8();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.3.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.3.2");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createDeployCommand());