npm - @go-to-k/cdkd - Versions diffs - 0.30.0 → 0.30.2 - Mend

@go-to-k/cdkd 0.30.0 → 0.30.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js +113 -3
package/dist/cli.js.map +3 -3
package/dist/go-to-k-cdkd-0.30.2.tgz +0 -0
package/dist/index.js +50 -1
package/dist/index.js.map +2 -2
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.30.0.tgz +0 -0

package/dist/cli.js CHANGED Viewed

@@ -7506,7 +7506,11 @@ Error: ${err.message || "Unknown error"}`,
 };
 // src/provisioning/providers/custom-resource-provider.ts
-import { InvokeCommand } from "@aws-sdk/client-lambda";
+import {
+  InvokeCommand,
+  waitUntilFunctionActiveV2,
+  waitUntilFunctionUpdatedV2
+} from "@aws-sdk/client-lambda";
 import { PublishCommand } from "@aws-sdk/client-sns";
 import {
   S3Client as S3Client6,
@@ -7790,9 +7794,54 @@ var CustomResourceProvider = class _CustomResourceProvider {
       await this.publishToSns(serviceToken, request);
       return await this.pollS3Response(responseKey, logicalId, operation);
     }
+    await this.waitForBackingLambdaReady(serviceToken, logicalId);
     const response = await this.invokeLambda(serviceToken, request);
     return await this.getCustomResourceResponse(response, responseKey, logicalId, operation);
   }
+  /**
+   * Block until the backing Lambda function for a Custom Resource is in a
+   * state that accepts a synchronous Invoke.
+   *
+   * Two sequential waiters:
+   *   1. `waitUntilFunctionActiveV2` — handles the post-CreateFunction
+   *      `Pending` window (image pull, VPC ENI attachment, layer init).
+   *   2. `waitUntilFunctionUpdatedV2` — handles the post-Update
+   *      `InProgress` window (configuration / code swap settling).
+   * Together they cover the only two transient states that reject
+   * synchronous Invokes.
+   *
+   * In the common case (Lambda has been Active for a while, no in-flight
+   * Update), both waiters return on first poll → ~2 GetFunction calls →
+   * ~200ms overhead. That's the price for correctness; the alternative
+   * (whole-stack Active wait at Lambda CREATE) is ~5–10 minutes per
+   * VPC-attached function.
+   *
+   * `serviceToken` is the Lambda function ARN; the Lambda SDK accepts
+   * both name and ARN as `FunctionName`, so we pass the ARN through
+   * unchanged.
+   *
+   * `maxWaitTime` is set generously (10 min) because VPC ENI attachment
+   * has been observed to take 8+ minutes in pathological cases. The
+   * deploy engine's per-resource `--resource-timeout` (default 30 min)
+   * still bounds the outer Custom Resource provisioning attempt, so
+   * this waiter cap is layered defense, not the only timeout.
+   */
+  async waitForBackingLambdaReady(serviceToken, logicalId) {
+    try {
+      await waitUntilFunctionActiveV2(
+        { client: this.lambdaClient, maxWaitTime: 600 },
+        { FunctionName: serviceToken }
+      );
+      await waitUntilFunctionUpdatedV2(
+        { client: this.lambdaClient, maxWaitTime: 600 },
+        { FunctionName: serviceToken }
+      );
+    } catch (error) {
+      throw new Error(
+        `Lambda backing custom resource ${logicalId} (${serviceToken}) did not reach a ready state for Invoke: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
   /**
    * Publish custom resource request to an SNS topic
    */
@@ -12966,7 +13015,8 @@ import {
   GetFunctionCommand,
   ListFunctionsCommand,
   ListTagsCommand,
-  ResourceNotFoundException
+  ResourceNotFoundException,
+  waitUntilFunctionUpdatedV2 as waitUntilFunctionUpdatedV22
 } from "@aws-sdk/client-lambda";
 import {
   DescribeNetworkInterfacesCommand,
@@ -13009,6 +13059,20 @@ var LambdaFunctionProvider = class {
   eniWaitTimeoutMs = 10 * 60 * 1e3;
   eniWaitInitialDelayMs = 1e4;
   eniWaitMaxDelayMs = 3e4;
+  // Budget for the post-Update wait that blocks until LastUpdateStatus
+  // === 'Successful'. Required to prevent the SECOND in-flight call (e.g.
+  // UpdateFunctionCode immediately after UpdateFunctionConfiguration)
+  // from racing the first with "function is currently in the following
+  // state: InProgress". Update typically settles in seconds; the 10-min
+  // cap is generous slack for layer-update / VPC-detach edge cases.
+  // Seconds (the SDK waiter contract is seconds, not ms).
+  //
+  // The post-CreateFunction `State=Active` wait used to live here too
+  // (PR #121) but doubled deploy time on benchmark stacks because every
+  // Lambda paid the cost regardless of whether anything synchronously
+  // invoked it. The Active wait now lives in `CustomResourceProvider`
+  // (the only deploy-time consumer that breaks against Pending).
+  functionUpdateMaxWaitSeconds = 10 * 60;
   // delstack-style ENI cleanup tunables.
   // - initial sleep: gives AWS time to publish post-detach ENI state via
   //   DescribeNetworkInterfaces (right after the update, the API can return
@@ -13142,6 +13206,7 @@ var LambdaFunctionProvider = class {
         };
         await this.lambdaClient.send(new UpdateFunctionConfigurationCommand(configParams));
         this.logger.debug(`Updated configuration for Lambda function ${physicalId}`);
+        await this.waitForFunctionUpdated(logicalId, resourceType, physicalId);
       }
       const newCode = properties["Code"];
       const oldCode = previousProperties["Code"];
@@ -13157,6 +13222,7 @@ var LambdaFunctionProvider = class {
         };
         await this.lambdaClient.send(new UpdateFunctionCodeCommand(codeParams));
         this.logger.debug(`Updated code for Lambda function ${physicalId}`);
+        await this.waitForFunctionUpdated(logicalId, resourceType, physicalId);
       }
       const getResponse = await this.lambdaClient.send(
         new GetFunctionCommand({ FunctionName: physicalId })
@@ -13170,6 +13236,9 @@ var LambdaFunctionProvider = class {
         }
       };
     } catch (error) {
+      if (error instanceof ProvisioningError) {
+        throw error;
+      }
       const cause = error instanceof Error ? error : void 0;
       throw new ProvisioningError(
         `Failed to update Lambda function ${logicalId}: ${error instanceof Error ? error.message : String(error)}`,
@@ -13336,6 +13405,41 @@ var LambdaFunctionProvider = class {
    * Timeout is a soft warning — downstream Subnet/SG deletion has its own
    * retries.
    */
+  /**
+   * Block until the function's LastUpdateStatus === 'Successful'.
+   *
+   * Used after UpdateFunctionConfiguration / UpdateFunctionCode. Wraps the
+   * SDK's `waitUntilFunctionUpdatedV2` (acceptors: SUCCESS=Successful,
+   * FAILURE=Failed, RETRY=InProgress). Errors are surfaced as
+   * `ProvisioningError` so the deploy engine's per-resource error
+   * handling treats them identically to an Update API failure.
+   *
+   * NOTE: post-CreateFunction `State=Active` wait was deliberately moved
+   * out of this provider in favor of an on-demand wait inside
+   * `CustomResourceProvider.sendRequest` (the only deploy-time consumer
+   * that breaks against a Pending Lambda). Blocking the entire deploy
+   * DAG behind every Lambda's Active transition more than doubled
+   * deploy time on benchmark stacks; the on-demand wait scoped to the
+   * one resource type that actually needs it preserves the bug fix
+   * without paying the whole-stack tax.
+   */
+  async waitForFunctionUpdated(logicalId, resourceType, functionName) {
+    try {
+      await waitUntilFunctionUpdatedV22(
+        { client: this.lambdaClient, maxWaitTime: this.functionUpdateMaxWaitSeconds },
+        { FunctionName: functionName }
+      );
+    } catch (error) {
+      const cause = error instanceof Error ? error : void 0;
+      throw new ProvisioningError(
+        `Lambda function ${logicalId} update did not complete: ${error instanceof Error ? error.message : String(error)}`,
+        resourceType,
+        logicalId,
+        functionName,
+        cause
+      );
+    }
+  }
   /**
    * Poll GetFunction until LastUpdateStatus is no longer `InProgress`.
    *
@@ -13348,6 +13452,12 @@ var LambdaFunctionProvider = class {
    * Bounded by eniWaitTimeoutMs (10min) and treated as a soft warning on
    * timeout: the subsequent ENI cleanup loop and downstream retries cover
    * the residual edge case.
+   *
+   * NOTE: deliberately separate from `waitForFunctionUpdated` (which uses
+   * the SDK's `waitUntilFunctionUpdatedV2` and throws on FAILURE). The
+   * pre-delete path needs a more lenient acceptor: if a prior update
+   * failed, we still want to proceed with DeleteFunction rather than
+   * abort, because the function is going away anyway.
    */
   async waitForLambdaUpdateCompleted(functionName) {
     const start = Date.now();
@@ -36062,7 +36172,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command13();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.30.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.30.2");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());