@go-to-k/cdkd 0.38.0 → 0.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +2617 -54
- package/dist/cli.js.map +3 -3
- package/dist/go-to-k-cdkd-0.40.0.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.38.0.tgz +0 -0
package/dist/cli.js
CHANGED
|
@@ -13207,6 +13207,7 @@ var SNSTopicProvider = class {
|
|
|
13207
13207
|
import {
|
|
13208
13208
|
SubscribeCommand,
|
|
13209
13209
|
UnsubscribeCommand,
|
|
13210
|
+
GetSubscriptionAttributesCommand,
|
|
13210
13211
|
NotFoundException as NotFoundException2
|
|
13211
13212
|
} from "@aws-sdk/client-sns";
|
|
13212
13213
|
init_aws_clients();
|
|
@@ -13338,6 +13339,52 @@ var SNSSubscriptionProvider = class {
|
|
|
13338
13339
|
);
|
|
13339
13340
|
}
|
|
13340
13341
|
}
|
|
13342
|
+
/**
|
|
13343
|
+
* Read the AWS-current SNS Subscription configuration in CFn-property shape.
|
|
13344
|
+
*
|
|
13345
|
+
* Issues `GetSubscriptionAttributes`. AWS returns ALL attribute values
|
|
13346
|
+
* as strings; we type-coerce `RawMessageDelivery` to a boolean and
|
|
13347
|
+
* JSON-parse `FilterPolicy` so the comparator matches cdkd state's
|
|
13348
|
+
* already-typed values. `TopicArn`, `Protocol`, `Endpoint` pass through
|
|
13349
|
+
* as strings.
|
|
13350
|
+
*
|
|
13351
|
+
* Returns `undefined` when the subscription is gone (`NotFoundException`),
|
|
13352
|
+
* including the special "PendingConfirmation" case where the
|
|
13353
|
+
* `SubscriptionArn` has not yet been confirmed and `Attributes` is null.
|
|
13354
|
+
*/
|
|
13355
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
13356
|
+
let attributes;
|
|
13357
|
+
try {
|
|
13358
|
+
const resp = await this.snsClient.send(
|
|
13359
|
+
new GetSubscriptionAttributesCommand({ SubscriptionArn: physicalId })
|
|
13360
|
+
);
|
|
13361
|
+
attributes = resp.Attributes;
|
|
13362
|
+
} catch (err) {
|
|
13363
|
+
if (err instanceof NotFoundException2)
|
|
13364
|
+
return void 0;
|
|
13365
|
+
throw err;
|
|
13366
|
+
}
|
|
13367
|
+
if (!attributes)
|
|
13368
|
+
return void 0;
|
|
13369
|
+
const result = {};
|
|
13370
|
+
if (attributes["TopicArn"] !== void 0)
|
|
13371
|
+
result["TopicArn"] = attributes["TopicArn"];
|
|
13372
|
+
if (attributes["Protocol"] !== void 0)
|
|
13373
|
+
result["Protocol"] = attributes["Protocol"];
|
|
13374
|
+
if (attributes["Endpoint"] !== void 0)
|
|
13375
|
+
result["Endpoint"] = attributes["Endpoint"];
|
|
13376
|
+
if (attributes["RawMessageDelivery"] !== void 0) {
|
|
13377
|
+
result["RawMessageDelivery"] = attributes["RawMessageDelivery"] === "true";
|
|
13378
|
+
}
|
|
13379
|
+
if (attributes["FilterPolicy"]) {
|
|
13380
|
+
try {
|
|
13381
|
+
result["FilterPolicy"] = JSON.parse(attributes["FilterPolicy"]);
|
|
13382
|
+
} catch {
|
|
13383
|
+
result["FilterPolicy"] = attributes["FilterPolicy"];
|
|
13384
|
+
}
|
|
13385
|
+
}
|
|
13386
|
+
return result;
|
|
13387
|
+
}
|
|
13341
13388
|
/**
|
|
13342
13389
|
* Adopt an existing SNS subscription into cdkd state.
|
|
13343
13390
|
*
|
|
@@ -16209,6 +16256,82 @@ var CloudWatchAlarmProvider = class {
|
|
|
16209
16256
|
* 2. `DescribeAlarms` paginated, then `ListTagsForResource(AlarmArn)` per
|
|
16210
16257
|
* alarm to match `aws:cdk:path`.
|
|
16211
16258
|
*/
|
|
16259
|
+
/**
|
|
16260
|
+
* Read the AWS-current CloudWatch Alarm configuration in CFn-property shape.
|
|
16261
|
+
*
|
|
16262
|
+
* Issues `DescribeAlarms` filtered by `AlarmNames=[physicalId]` and
|
|
16263
|
+
* surfaces the keys cdkd's `create()` accepts (`AlarmName`,
|
|
16264
|
+
* `AlarmDescription`, `MetricName`, `Namespace`, `Statistic`,
|
|
16265
|
+
* `ComparisonOperator`, `Threshold`, `EvaluationPeriods`, `Period`,
|
|
16266
|
+
* `DatapointsToAlarm`, `ActionsEnabled`, `AlarmActions`,
|
|
16267
|
+
* `OKActions`, `InsufficientDataActions`, `TreatMissingData`, `Unit`,
|
|
16268
|
+
* `Dimensions`, `Metrics`).
|
|
16269
|
+
*
|
|
16270
|
+
* `DescribeAlarms` returns the result via either `MetricAlarms` (single-
|
|
16271
|
+
* metric form) or `CompositeAlarms` (composite form). cdkd's provider
|
|
16272
|
+
* only handles the single-metric form, so we look at `MetricAlarms` only.
|
|
16273
|
+
*
|
|
16274
|
+
* Returns `undefined` when the alarm is gone (no matching `MetricAlarms`).
|
|
16275
|
+
*/
|
|
16276
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
16277
|
+
const resp = await this.cloudWatchClient.send(
|
|
16278
|
+
new DescribeAlarmsCommand({ AlarmNames: [physicalId], AlarmTypes: ["MetricAlarm"] })
|
|
16279
|
+
);
|
|
16280
|
+
const alarm = resp.MetricAlarms?.[0];
|
|
16281
|
+
if (!alarm)
|
|
16282
|
+
return void 0;
|
|
16283
|
+
const result = {};
|
|
16284
|
+
if (alarm.AlarmName !== void 0)
|
|
16285
|
+
result["AlarmName"] = alarm.AlarmName;
|
|
16286
|
+
if (alarm.AlarmDescription !== void 0 && alarm.AlarmDescription !== "") {
|
|
16287
|
+
result["AlarmDescription"] = alarm.AlarmDescription;
|
|
16288
|
+
}
|
|
16289
|
+
if (alarm.MetricName !== void 0)
|
|
16290
|
+
result["MetricName"] = alarm.MetricName;
|
|
16291
|
+
if (alarm.Namespace !== void 0)
|
|
16292
|
+
result["Namespace"] = alarm.Namespace;
|
|
16293
|
+
if (alarm.Statistic !== void 0)
|
|
16294
|
+
result["Statistic"] = alarm.Statistic;
|
|
16295
|
+
if (alarm.ComparisonOperator !== void 0) {
|
|
16296
|
+
result["ComparisonOperator"] = alarm.ComparisonOperator;
|
|
16297
|
+
}
|
|
16298
|
+
if (alarm.Threshold !== void 0)
|
|
16299
|
+
result["Threshold"] = alarm.Threshold;
|
|
16300
|
+
if (alarm.EvaluationPeriods !== void 0) {
|
|
16301
|
+
result["EvaluationPeriods"] = alarm.EvaluationPeriods;
|
|
16302
|
+
}
|
|
16303
|
+
if (alarm.Period !== void 0)
|
|
16304
|
+
result["Period"] = alarm.Period;
|
|
16305
|
+
if (alarm.DatapointsToAlarm !== void 0) {
|
|
16306
|
+
result["DatapointsToAlarm"] = alarm.DatapointsToAlarm;
|
|
16307
|
+
}
|
|
16308
|
+
if (alarm.ActionsEnabled !== void 0)
|
|
16309
|
+
result["ActionsEnabled"] = alarm.ActionsEnabled;
|
|
16310
|
+
if (alarm.AlarmActions && alarm.AlarmActions.length > 0) {
|
|
16311
|
+
result["AlarmActions"] = [...alarm.AlarmActions];
|
|
16312
|
+
}
|
|
16313
|
+
if (alarm.OKActions && alarm.OKActions.length > 0) {
|
|
16314
|
+
result["OKActions"] = [...alarm.OKActions];
|
|
16315
|
+
}
|
|
16316
|
+
if (alarm.InsufficientDataActions && alarm.InsufficientDataActions.length > 0) {
|
|
16317
|
+
result["InsufficientDataActions"] = [...alarm.InsufficientDataActions];
|
|
16318
|
+
}
|
|
16319
|
+
if (alarm.TreatMissingData !== void 0) {
|
|
16320
|
+
result["TreatMissingData"] = alarm.TreatMissingData;
|
|
16321
|
+
}
|
|
16322
|
+
if (alarm.Unit !== void 0)
|
|
16323
|
+
result["Unit"] = alarm.Unit;
|
|
16324
|
+
if (alarm.Dimensions && alarm.Dimensions.length > 0) {
|
|
16325
|
+
result["Dimensions"] = alarm.Dimensions.map((d) => ({
|
|
16326
|
+
...d.Name !== void 0 ? { Name: d.Name } : {},
|
|
16327
|
+
...d.Value !== void 0 ? { Value: d.Value } : {}
|
|
16328
|
+
}));
|
|
16329
|
+
}
|
|
16330
|
+
if (alarm.Metrics && alarm.Metrics.length > 0) {
|
|
16331
|
+
result["Metrics"] = alarm.Metrics.map((m) => m);
|
|
16332
|
+
}
|
|
16333
|
+
return result;
|
|
16334
|
+
}
|
|
16212
16335
|
async import(input) {
|
|
16213
16336
|
const explicit = resolveExplicitPhysicalId(input, "AlarmName");
|
|
16214
16337
|
if (explicit) {
|
|
@@ -16532,6 +16655,52 @@ var SecretsManagerSecretProvider = class {
|
|
|
16532
16655
|
}
|
|
16533
16656
|
return password;
|
|
16534
16657
|
}
|
|
16658
|
+
/**
|
|
16659
|
+
* Read the AWS-current secret configuration in CFn-property shape.
|
|
16660
|
+
*
|
|
16661
|
+
* Issues `DescribeSecret` and surfaces `Name`, `Description`, `KmsKeyId`,
|
|
16662
|
+
* and `ReplicaRegions` (re-shaping `ReplicationStatus[]` to CFn's
|
|
16663
|
+
* `[{Region, KmsKeyId}]`).
|
|
16664
|
+
*
|
|
16665
|
+
* Intentionally omitted:
|
|
16666
|
+
* - `SecretString` / `GenerateSecretString`: `DescribeSecret` does not
|
|
16667
|
+
* return the secret value (that's `GetSecretValue`, which we never
|
|
16668
|
+
* call to avoid surfacing plaintext through drift). Cdkd state holds
|
|
16669
|
+
* the user-supplied string verbatim; comparing against AWS would
|
|
16670
|
+
* require pulling the value, so this is deliberately deferred.
|
|
16671
|
+
* - `Tags`: `DescribeSecret` returns Tags, but the auto-injected
|
|
16672
|
+
* `aws:cdk:path` tag-shape question is out of scope here.
|
|
16673
|
+
*
|
|
16674
|
+
* Returns `undefined` when the secret is gone (`ResourceNotFoundException`).
|
|
16675
|
+
*/
|
|
16676
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
16677
|
+
try {
|
|
16678
|
+
const resp = await this.smClient.send(new DescribeSecretCommand({ SecretId: physicalId }));
|
|
16679
|
+
const result = {};
|
|
16680
|
+
if (resp.Name !== void 0)
|
|
16681
|
+
result["Name"] = resp.Name;
|
|
16682
|
+
if (resp.Description !== void 0 && resp.Description !== "") {
|
|
16683
|
+
result["Description"] = resp.Description;
|
|
16684
|
+
}
|
|
16685
|
+
if (resp.KmsKeyId !== void 0)
|
|
16686
|
+
result["KmsKeyId"] = resp.KmsKeyId;
|
|
16687
|
+
if (resp.ReplicationStatus && resp.ReplicationStatus.length > 0) {
|
|
16688
|
+
result["ReplicaRegions"] = resp.ReplicationStatus.map((r) => {
|
|
16689
|
+
const out = {};
|
|
16690
|
+
if (r.Region)
|
|
16691
|
+
out["Region"] = r.Region;
|
|
16692
|
+
if (r.KmsKeyId)
|
|
16693
|
+
out["KmsKeyId"] = r.KmsKeyId;
|
|
16694
|
+
return out;
|
|
16695
|
+
});
|
|
16696
|
+
}
|
|
16697
|
+
return result;
|
|
16698
|
+
} catch (err) {
|
|
16699
|
+
if (err instanceof ResourceNotFoundException8)
|
|
16700
|
+
return void 0;
|
|
16701
|
+
throw err;
|
|
16702
|
+
}
|
|
16703
|
+
}
|
|
16535
16704
|
/**
|
|
16536
16705
|
* Adopt an existing Secrets Manager secret into cdkd state.
|
|
16537
16706
|
*
|
|
@@ -16802,6 +16971,74 @@ var SSMParameterProvider = class {
|
|
|
16802
16971
|
);
|
|
16803
16972
|
}
|
|
16804
16973
|
}
|
|
16974
|
+
/**
|
|
16975
|
+
* Read the AWS-current SSM parameter configuration in CFn-property shape.
|
|
16976
|
+
*
|
|
16977
|
+
* Issues `GetParameter` (with `WithDecryption: false` so SecureString
|
|
16978
|
+
* values stay encrypted on the wire) for `Type` / `Value` / `DataType`,
|
|
16979
|
+
* then `DescribeParameters` filtered on the parameter name to fetch
|
|
16980
|
+
* metadata (`Description`, `AllowedPattern`, `Tier`) that `GetParameter`
|
|
16981
|
+
* does not return.
|
|
16982
|
+
*
|
|
16983
|
+
* `Name` is set to the physical id. `Tags` and `Policies` are intentionally
|
|
16984
|
+
* out of scope (`Tags` requires a separate `ListTagsForResource` round-trip
|
|
16985
|
+
* and the auto-injected `aws:cdk:path` tag-shape question is unresolved;
|
|
16986
|
+
* `Policies` is returned by `DescribeParameters.Policies` as a structured
|
|
16987
|
+
* array but cdkd state holds the raw JSON string the user typed — comparing
|
|
16988
|
+
* the two accurately needs more work).
|
|
16989
|
+
*
|
|
16990
|
+
* **Note**: For `SecureString` parameters, AWS returns the encrypted
|
|
16991
|
+
* blob in `Value` (we pass `WithDecryption: false`). cdkd state usually
|
|
16992
|
+
* holds the plaintext value the user typed in their CDK app, so a
|
|
16993
|
+
* SecureString parameter will surface as `Value` drift on every run.
|
|
16994
|
+
* That's the correct conservative behavior — surfacing the discrepancy
|
|
16995
|
+
* is more useful than silently masking it.
|
|
16996
|
+
*
|
|
16997
|
+
* Returns `undefined` when the parameter is gone (`ParameterNotFound`).
|
|
16998
|
+
*/
|
|
16999
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
17000
|
+
let getResp;
|
|
17001
|
+
try {
|
|
17002
|
+
getResp = await this.ssmClient.send(
|
|
17003
|
+
new GetParameterCommand3({ Name: physicalId, WithDecryption: false })
|
|
17004
|
+
);
|
|
17005
|
+
} catch (err) {
|
|
17006
|
+
if (err instanceof ParameterNotFound)
|
|
17007
|
+
return void 0;
|
|
17008
|
+
throw err;
|
|
17009
|
+
}
|
|
17010
|
+
const param = getResp.Parameter;
|
|
17011
|
+
if (!param)
|
|
17012
|
+
return void 0;
|
|
17013
|
+
const result = { Name: physicalId };
|
|
17014
|
+
if (param.Type !== void 0)
|
|
17015
|
+
result["Type"] = param.Type;
|
|
17016
|
+
if (param.Value !== void 0)
|
|
17017
|
+
result["Value"] = param.Value;
|
|
17018
|
+
if (param.DataType !== void 0)
|
|
17019
|
+
result["DataType"] = param.DataType;
|
|
17020
|
+
try {
|
|
17021
|
+
const desc = await this.ssmClient.send(
|
|
17022
|
+
new DescribeParametersCommand({
|
|
17023
|
+
ParameterFilters: [{ Key: "Name", Values: [physicalId] }]
|
|
17024
|
+
})
|
|
17025
|
+
);
|
|
17026
|
+
const meta = desc.Parameters?.[0];
|
|
17027
|
+
if (meta) {
|
|
17028
|
+
if (meta.Description !== void 0 && meta.Description !== "") {
|
|
17029
|
+
result["Description"] = meta.Description;
|
|
17030
|
+
}
|
|
17031
|
+
if (meta.AllowedPattern !== void 0 && meta.AllowedPattern !== "") {
|
|
17032
|
+
result["AllowedPattern"] = meta.AllowedPattern;
|
|
17033
|
+
}
|
|
17034
|
+
if (meta.Tier !== void 0) {
|
|
17035
|
+
result["Tier"] = meta.Tier;
|
|
17036
|
+
}
|
|
17037
|
+
}
|
|
17038
|
+
} catch {
|
|
17039
|
+
}
|
|
17040
|
+
return result;
|
|
17041
|
+
}
|
|
16805
17042
|
/**
|
|
16806
17043
|
* Adopt an existing SSM parameter into cdkd state.
|
|
16807
17044
|
*
|
|
@@ -17132,6 +17369,78 @@ var EventBridgeRuleProvider = class {
|
|
|
17132
17369
|
}
|
|
17133
17370
|
throw new Error(`Unsupported attribute: ${attributeName} for AWS::Events::Rule`);
|
|
17134
17371
|
}
|
|
17372
|
+
/**
|
|
17373
|
+
* Read the AWS-current EventBridge rule configuration in CFn-property shape.
|
|
17374
|
+
*
|
|
17375
|
+
* Issues `DescribeRule` for the rule's main config, then a separate
|
|
17376
|
+
* `ListTargetsByRule` for `Targets`.
|
|
17377
|
+
*
|
|
17378
|
+
* Surfaced keys (when present): `Name`, `Description`, `EventBusName`,
|
|
17379
|
+
* `EventPattern` (parsed from JSON string back to object — cdkd state holds
|
|
17380
|
+
* it as the user typed it, typically an object), `ScheduleExpression`,
|
|
17381
|
+
* `State`, `RoleArn`, `Targets` (CFn shape `[{Id, Arn, ...}]`).
|
|
17382
|
+
*
|
|
17383
|
+
* `Tags` is omitted (separate `ListTagsForResource` round-trip; auto-injected
|
|
17384
|
+
* `aws:cdk:path` tag-shape question is out of scope here).
|
|
17385
|
+
*
|
|
17386
|
+
* Returns `undefined` when the rule is gone (`ResourceNotFoundException`).
|
|
17387
|
+
*/
|
|
17388
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
17389
|
+
const ruleName = this.extractRuleNameFromArn(physicalId);
|
|
17390
|
+
const eventBusName = this.extractBusNameFromArn(physicalId);
|
|
17391
|
+
let resp;
|
|
17392
|
+
try {
|
|
17393
|
+
resp = await this.eventBridgeClient.send(
|
|
17394
|
+
new DescribeRuleCommand({
|
|
17395
|
+
Name: ruleName,
|
|
17396
|
+
...eventBusName && eventBusName !== "default" ? { EventBusName: eventBusName } : {}
|
|
17397
|
+
})
|
|
17398
|
+
);
|
|
17399
|
+
} catch (err) {
|
|
17400
|
+
if (err instanceof ResourceNotFoundException9)
|
|
17401
|
+
return void 0;
|
|
17402
|
+
throw err;
|
|
17403
|
+
}
|
|
17404
|
+
const result = {};
|
|
17405
|
+
if (resp.Name !== void 0)
|
|
17406
|
+
result["Name"] = resp.Name;
|
|
17407
|
+
if (resp.Description !== void 0 && resp.Description !== "") {
|
|
17408
|
+
result["Description"] = resp.Description;
|
|
17409
|
+
}
|
|
17410
|
+
if (resp.EventBusName !== void 0 && resp.EventBusName !== "default") {
|
|
17411
|
+
result["EventBusName"] = resp.EventBusName;
|
|
17412
|
+
}
|
|
17413
|
+
if (resp.EventPattern !== void 0) {
|
|
17414
|
+
try {
|
|
17415
|
+
result["EventPattern"] = JSON.parse(resp.EventPattern);
|
|
17416
|
+
} catch {
|
|
17417
|
+
result["EventPattern"] = resp.EventPattern;
|
|
17418
|
+
}
|
|
17419
|
+
}
|
|
17420
|
+
if (resp.ScheduleExpression !== void 0) {
|
|
17421
|
+
result["ScheduleExpression"] = resp.ScheduleExpression;
|
|
17422
|
+
}
|
|
17423
|
+
if (resp.State !== void 0)
|
|
17424
|
+
result["State"] = resp.State;
|
|
17425
|
+
if (resp.RoleArn !== void 0)
|
|
17426
|
+
result["RoleArn"] = resp.RoleArn;
|
|
17427
|
+
try {
|
|
17428
|
+
const targetsResp = await this.eventBridgeClient.send(
|
|
17429
|
+
new ListTargetsByRuleCommand({
|
|
17430
|
+
Rule: ruleName,
|
|
17431
|
+
...eventBusName && eventBusName !== "default" ? { EventBusName: eventBusName } : {}
|
|
17432
|
+
})
|
|
17433
|
+
);
|
|
17434
|
+
if (targetsResp.Targets && targetsResp.Targets.length > 0) {
|
|
17435
|
+
result["Targets"] = targetsResp.Targets;
|
|
17436
|
+
}
|
|
17437
|
+
} catch (err) {
|
|
17438
|
+
if (!(err instanceof ResourceNotFoundException9)) {
|
|
17439
|
+
throw err;
|
|
17440
|
+
}
|
|
17441
|
+
}
|
|
17442
|
+
return result;
|
|
17443
|
+
}
|
|
17135
17444
|
/**
|
|
17136
17445
|
* Adopt an existing EventBridge rule into cdkd state.
|
|
17137
17446
|
*
|
|
@@ -17224,6 +17533,22 @@ var EventBridgeRuleProvider = class {
|
|
|
17224
17533
|
const parts = arn.split("/");
|
|
17225
17534
|
return parts[parts.length - 1] ?? arn;
|
|
17226
17535
|
}
|
|
17536
|
+
/**
|
|
17537
|
+
* Extract the event bus name from a rule ARN.
|
|
17538
|
+
*
|
|
17539
|
+
* ARN format: `arn:aws:events:region:account:rule/rule-name` (default bus, returns 'default')
|
|
17540
|
+
* or `arn:aws:events:region:account:rule/bus-name/rule-name` (custom bus).
|
|
17541
|
+
*
|
|
17542
|
+
* Returns `undefined` when the input is not an ARN (we can't tell which bus).
|
|
17543
|
+
*/
|
|
17544
|
+
extractBusNameFromArn(arn) {
|
|
17545
|
+
if (!arn.startsWith("arn:"))
|
|
17546
|
+
return void 0;
|
|
17547
|
+
const parts = arn.split("/");
|
|
17548
|
+
if (parts.length === 3)
|
|
17549
|
+
return parts[1];
|
|
17550
|
+
return "default";
|
|
17551
|
+
}
|
|
17227
17552
|
};
|
|
17228
17553
|
|
|
17229
17554
|
// src/provisioning/providers/eventbridge-bus-provider.ts
|
|
@@ -17475,6 +17800,53 @@ var EventBridgeBusProvider = class {
|
|
|
17475
17800
|
);
|
|
17476
17801
|
}
|
|
17477
17802
|
}
|
|
17803
|
+
/**
|
|
17804
|
+
* Read the AWS-current EventBus configuration in CFn-property shape.
|
|
17805
|
+
*
|
|
17806
|
+
* Issues `DescribeEventBus` and surfaces `Name`, `Description`,
|
|
17807
|
+
* `KmsKeyIdentifier`, `DeadLetterConfig`, and `Policy` (the latter is a
|
|
17808
|
+
* JSON string in `DescribeEventBus.Policy`; cdkd state holds it the way
|
|
17809
|
+
* the user typed it, which may be either an object or a string — the
|
|
17810
|
+
* comparator handles either side).
|
|
17811
|
+
*
|
|
17812
|
+
* `Tags` and `EventSourceName` are intentionally omitted: tags require a
|
|
17813
|
+
* separate `ListTagsForResource` round-trip and the auto-injected
|
|
17814
|
+
* `aws:cdk:path` tag-shape question is out of scope; `EventSourceName`
|
|
17815
|
+
* is set at create time only and not surfaced by `DescribeEventBus`.
|
|
17816
|
+
*
|
|
17817
|
+
* Returns `undefined` when the bus is gone (`ResourceNotFoundException`).
|
|
17818
|
+
*/
|
|
17819
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
17820
|
+
try {
|
|
17821
|
+
const resp = await this.eventBridgeClient.send(
|
|
17822
|
+
new DescribeEventBusCommand({ Name: physicalId })
|
|
17823
|
+
);
|
|
17824
|
+
const result = {};
|
|
17825
|
+
if (resp.Name !== void 0)
|
|
17826
|
+
result["Name"] = resp.Name;
|
|
17827
|
+
if (resp.Description !== void 0 && resp.Description !== "") {
|
|
17828
|
+
result["Description"] = resp.Description;
|
|
17829
|
+
}
|
|
17830
|
+
if (resp.KmsKeyIdentifier !== void 0) {
|
|
17831
|
+
result["KmsKeyIdentifier"] = resp.KmsKeyIdentifier;
|
|
17832
|
+
}
|
|
17833
|
+
if (resp.DeadLetterConfig?.Arn) {
|
|
17834
|
+
result["DeadLetterConfig"] = { Arn: resp.DeadLetterConfig.Arn };
|
|
17835
|
+
}
|
|
17836
|
+
if (resp.Policy) {
|
|
17837
|
+
try {
|
|
17838
|
+
result["Policy"] = JSON.parse(resp.Policy);
|
|
17839
|
+
} catch {
|
|
17840
|
+
result["Policy"] = resp.Policy;
|
|
17841
|
+
}
|
|
17842
|
+
}
|
|
17843
|
+
return result;
|
|
17844
|
+
} catch (err) {
|
|
17845
|
+
if (err instanceof ResourceNotFoundException10)
|
|
17846
|
+
return void 0;
|
|
17847
|
+
throw err;
|
|
17848
|
+
}
|
|
17849
|
+
}
|
|
17478
17850
|
/**
|
|
17479
17851
|
* Adopt an existing EventBridge event bus into cdkd state.
|
|
17480
17852
|
*
|
|
@@ -19728,6 +20100,7 @@ var EC2Provider = class {
|
|
|
19728
20100
|
// src/provisioning/providers/apigateway-provider.ts
|
|
19729
20101
|
import {
|
|
19730
20102
|
UpdateAccountCommand,
|
|
20103
|
+
GetAccountCommand,
|
|
19731
20104
|
CreateResourceCommand as CreateResourceCommand2,
|
|
19732
20105
|
DeleteResourceCommand as DeleteResourceCommand2,
|
|
19733
20106
|
CreateDeploymentCommand,
|
|
@@ -19737,6 +20110,7 @@ import {
|
|
|
19737
20110
|
DeleteStageCommand,
|
|
19738
20111
|
PutMethodCommand,
|
|
19739
20112
|
DeleteMethodCommand,
|
|
20113
|
+
GetMethodCommand,
|
|
19740
20114
|
PutIntegrationCommand,
|
|
19741
20115
|
PutMethodResponseCommand,
|
|
19742
20116
|
CreateAuthorizerCommand,
|
|
@@ -20727,6 +21101,81 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
|
|
|
20727
21101
|
}
|
|
20728
21102
|
return result;
|
|
20729
21103
|
}
|
|
21104
|
+
/**
|
|
21105
|
+
* Read the AWS-current API Gateway resource configuration in CFn-property
|
|
21106
|
+
* shape.
|
|
21107
|
+
*
|
|
21108
|
+
* **Coverage**:
|
|
21109
|
+
* - `AWS::ApiGateway::Account` → `GetAccount` for `CloudWatchRoleArn`.
|
|
21110
|
+
* - `AWS::ApiGateway::Method` → `GetMethod`. PhysicalId is the composite
|
|
21111
|
+
* `restApiId|resourceId|httpMethod`, so we have everything needed
|
|
21112
|
+
* without `Properties`.
|
|
21113
|
+
*
|
|
21114
|
+
* **Out of scope** (returns `undefined`, falls back to "drift unknown"):
|
|
21115
|
+
* - `AWS::ApiGateway::Authorizer` / `Resource` / `Deployment` / `Stage`:
|
|
21116
|
+
* each needs the parent `RestApiId` to issue a `Get*` call, but cdkd's
|
|
21117
|
+
* `readCurrentState` interface does not pass `Properties` (only the
|
|
21118
|
+
* physicalId, which for these types is just the sub-resource id).
|
|
21119
|
+
* CC API drift detection picks up `AWS::ApiGateway::RestApi` itself
|
|
21120
|
+
* once the user works through the SDK provider boundary; per-sub
|
|
21121
|
+
* drift detection here would need a contract change.
|
|
21122
|
+
*/
|
|
21123
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
21124
|
+
switch (resourceType) {
|
|
21125
|
+
case "AWS::ApiGateway::Account":
|
|
21126
|
+
return this.readCurrentStateAccount();
|
|
21127
|
+
case "AWS::ApiGateway::Method":
|
|
21128
|
+
return this.readCurrentStateMethod(physicalId);
|
|
21129
|
+
default:
|
|
21130
|
+
return void 0;
|
|
21131
|
+
}
|
|
21132
|
+
}
|
|
21133
|
+
async readCurrentStateAccount() {
|
|
21134
|
+
try {
|
|
21135
|
+
const resp = await this.apiGatewayClient.send(new GetAccountCommand({}));
|
|
21136
|
+
const result = {};
|
|
21137
|
+
if (resp.cloudwatchRoleArn !== void 0) {
|
|
21138
|
+
result["CloudWatchRoleArn"] = resp.cloudwatchRoleArn;
|
|
21139
|
+
}
|
|
21140
|
+
return result;
|
|
21141
|
+
} catch (err) {
|
|
21142
|
+
if (err instanceof NotFoundException3)
|
|
21143
|
+
return void 0;
|
|
21144
|
+
throw err;
|
|
21145
|
+
}
|
|
21146
|
+
}
|
|
21147
|
+
async readCurrentStateMethod(physicalId) {
|
|
21148
|
+
const parts = physicalId.split("|");
|
|
21149
|
+
if (parts.length !== 3)
|
|
21150
|
+
return void 0;
|
|
21151
|
+
const [restApiId, resourceId, httpMethod] = parts;
|
|
21152
|
+
try {
|
|
21153
|
+
const resp = await this.apiGatewayClient.send(
|
|
21154
|
+
new GetMethodCommand({ restApiId, resourceId, httpMethod })
|
|
21155
|
+
);
|
|
21156
|
+
const result = {};
|
|
21157
|
+
if (restApiId !== void 0)
|
|
21158
|
+
result["RestApiId"] = restApiId;
|
|
21159
|
+
if (resourceId !== void 0)
|
|
21160
|
+
result["ResourceId"] = resourceId;
|
|
21161
|
+
if (resp.httpMethod !== void 0)
|
|
21162
|
+
result["HttpMethod"] = resp.httpMethod;
|
|
21163
|
+
if (resp.authorizationType !== void 0) {
|
|
21164
|
+
result["AuthorizationType"] = resp.authorizationType;
|
|
21165
|
+
}
|
|
21166
|
+
if (resp.authorizerId !== void 0)
|
|
21167
|
+
result["AuthorizerId"] = resp.authorizerId;
|
|
21168
|
+
if (resp.methodIntegration)
|
|
21169
|
+
result["Integration"] = resp.methodIntegration;
|
|
21170
|
+
if (resp.methodResponses)
|
|
21171
|
+
result["MethodResponses"] = resp.methodResponses;
|
|
21172
|
+
return result;
|
|
21173
|
+
} catch (err) {
|
|
21174
|
+
if (err instanceof NotFoundException3)
|
|
21175
|
+
return void 0;
|
|
21176
|
+
throw err;
|
|
21177
|
+
}
|
|
21178
|
+
}
|
|
20730
21179
|
/**
|
|
20731
21180
|
* Adopt an existing API Gateway sub-resource into cdkd state.
|
|
20732
21181
|
*
|
|
@@ -21303,6 +21752,45 @@ var ApiGatewayV2Provider = class {
|
|
|
21303
21752
|
);
|
|
21304
21753
|
}
|
|
21305
21754
|
}
|
|
21755
|
+
// ─── Drift detection ──────────────────────────────────────────────
|
|
21756
|
+
/**
|
|
21757
|
+
* Read the AWS-current API Gateway V2 resource configuration in
|
|
21758
|
+
* CFn-property shape.
|
|
21759
|
+
*
|
|
21760
|
+
* **Coverage**:
|
|
21761
|
+
* - `AWS::ApiGatewayV2::Api` → `GetApi`. PhysicalId is the apiId,
|
|
21762
|
+
* self-sufficient.
|
|
21763
|
+
*
|
|
21764
|
+
* **Out of scope** (returns `undefined`, falls back to "drift unknown"):
|
|
21765
|
+
* - `AWS::ApiGatewayV2::Stage` / `Integration` / `Route` / `Authorizer`:
|
|
21766
|
+
* each needs the parent `ApiId` to issue a `Get*` call, but cdkd's
|
|
21767
|
+
* `readCurrentState` interface does not pass `Properties` (only the
|
|
21768
|
+
* physicalId, which for these types is just the sub-resource id).
|
|
21769
|
+
* Per-sub drift detection here would need a contract change.
|
|
21770
|
+
*/
|
|
21771
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
21772
|
+
if (resourceType !== "AWS::ApiGatewayV2::Api") {
|
|
21773
|
+
return void 0;
|
|
21774
|
+
}
|
|
21775
|
+
try {
|
|
21776
|
+
const resp = await this.getClient().send(new GetApiCommand({ ApiId: physicalId }));
|
|
21777
|
+
const result = {};
|
|
21778
|
+
if (resp.Name !== void 0)
|
|
21779
|
+
result["Name"] = resp.Name;
|
|
21780
|
+
if (resp.ProtocolType !== void 0)
|
|
21781
|
+
result["ProtocolType"] = resp.ProtocolType;
|
|
21782
|
+
if (resp.Description !== void 0 && resp.Description !== "") {
|
|
21783
|
+
result["Description"] = resp.Description;
|
|
21784
|
+
}
|
|
21785
|
+
if (resp.CorsConfiguration)
|
|
21786
|
+
result["CorsConfiguration"] = resp.CorsConfiguration;
|
|
21787
|
+
return result;
|
|
21788
|
+
} catch (err) {
|
|
21789
|
+
if (err instanceof NotFoundException4)
|
|
21790
|
+
return void 0;
|
|
21791
|
+
throw err;
|
|
21792
|
+
}
|
|
21793
|
+
}
|
|
21306
21794
|
// ─── Import ───────────────────────────────────────────────────────
|
|
21307
21795
|
/**
|
|
21308
21796
|
* Adopt an existing API Gateway V2 resource into cdkd state.
|
|
@@ -21516,6 +22004,36 @@ var CloudFrontOAIProvider = class {
|
|
|
21516
22004
|
`Unsupported attribute: ${attributeName} for AWS::CloudFront::CloudFrontOriginAccessIdentity`
|
|
21517
22005
|
);
|
|
21518
22006
|
}
|
|
22007
|
+
/**
|
|
22008
|
+
* Read the AWS-current OAI configuration in CFn-property shape.
|
|
22009
|
+
*
|
|
22010
|
+
* Issues a single `GetCloudFrontOriginAccessIdentity` and surfaces the
|
|
22011
|
+
* `CloudFrontOriginAccessIdentityConfig.Comment` key — the only
|
|
22012
|
+
* cdkd-managed property (CallerReference is set by cdkd itself and is
|
|
22013
|
+
* not part of the user-configurable surface).
|
|
22014
|
+
*
|
|
22015
|
+
* Returns `undefined` when the OAI is gone (`NoSuchCloudFrontOriginAccessIdentity`).
|
|
22016
|
+
*/
|
|
22017
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
22018
|
+
try {
|
|
22019
|
+
const resp = await this.cloudFrontClient.send(
|
|
22020
|
+
new GetCloudFrontOriginAccessIdentityCommand2({ Id: physicalId })
|
|
22021
|
+
);
|
|
22022
|
+
const config = resp.CloudFrontOriginAccessIdentity?.CloudFrontOriginAccessIdentityConfig;
|
|
22023
|
+
if (!config)
|
|
22024
|
+
return void 0;
|
|
22025
|
+
const inner = {};
|
|
22026
|
+
if (config.Comment !== void 0)
|
|
22027
|
+
inner["Comment"] = config.Comment;
|
|
22028
|
+
return {
|
|
22029
|
+
CloudFrontOriginAccessIdentityConfig: inner
|
|
22030
|
+
};
|
|
22031
|
+
} catch (err) {
|
|
22032
|
+
if (err instanceof NoSuchCloudFrontOriginAccessIdentity)
|
|
22033
|
+
return void 0;
|
|
22034
|
+
throw err;
|
|
22035
|
+
}
|
|
22036
|
+
}
|
|
21519
22037
|
/**
|
|
21520
22038
|
* Adopt an existing CloudFront Origin Access Identity into cdkd state.
|
|
21521
22039
|
*
|
|
@@ -22472,6 +22990,95 @@ var StepFunctionsProvider = class {
|
|
|
22472
22990
|
);
|
|
22473
22991
|
}
|
|
22474
22992
|
}
|
|
22993
|
+
/**
|
|
22994
|
+
* Read the AWS-current Step Functions state machine config in CFn-property
|
|
22995
|
+
* shape.
|
|
22996
|
+
*
|
|
22997
|
+
* Issues a single `DescribeStateMachine` and surfaces:
|
|
22998
|
+
* - `StateMachineName` (`name`)
|
|
22999
|
+
* - `RoleArn` (`roleArn`)
|
|
23000
|
+
* - `StateMachineType` (`type`)
|
|
23001
|
+
* - `LoggingConfiguration` / `TracingConfiguration` / `EncryptionConfiguration`
|
|
23002
|
+
* (re-mapped to CFn PascalCase)
|
|
23003
|
+
* - `Definition` (parsed from JSON; cdkd state may hold either the
|
|
23004
|
+
* stringified `DefinitionString` or the object `Definition`, so we
|
|
23005
|
+
* surface as the object form — the comparator handles either side).
|
|
23006
|
+
*
|
|
23007
|
+
* `DefinitionSubstitutions` is omitted because they are applied at create
|
|
23008
|
+
* time and not surfaced by `DescribeStateMachine` (the response carries
|
|
23009
|
+
* the already-substituted definition).
|
|
23010
|
+
*
|
|
23011
|
+
* `Tags` is omitted (separate `ListTagsForResource` round-trip; auto-injected
|
|
23012
|
+
* `aws:cdk:path` tag-shape question is out of scope here).
|
|
23013
|
+
*
|
|
23014
|
+
* Returns `undefined` when the state machine is gone (`StateMachineDoesNotExist`).
|
|
23015
|
+
*/
|
|
23016
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
23017
|
+
let resp;
|
|
23018
|
+
try {
|
|
23019
|
+
resp = await this.getClient().send(
|
|
23020
|
+
new DescribeStateMachineCommand({ stateMachineArn: physicalId })
|
|
23021
|
+
);
|
|
23022
|
+
} catch (err) {
|
|
23023
|
+
if (err instanceof StateMachineDoesNotExist)
|
|
23024
|
+
return void 0;
|
|
23025
|
+
throw err;
|
|
23026
|
+
}
|
|
23027
|
+
const result = {};
|
|
23028
|
+
if (resp.name !== void 0)
|
|
23029
|
+
result["StateMachineName"] = resp.name;
|
|
23030
|
+
if (resp.roleArn !== void 0)
|
|
23031
|
+
result["RoleArn"] = resp.roleArn;
|
|
23032
|
+
if (resp.type !== void 0)
|
|
23033
|
+
result["StateMachineType"] = resp.type;
|
|
23034
|
+
if (resp.definition !== void 0) {
|
|
23035
|
+
try {
|
|
23036
|
+
result["Definition"] = JSON.parse(resp.definition);
|
|
23037
|
+
} catch {
|
|
23038
|
+
result["Definition"] = resp.definition;
|
|
23039
|
+
}
|
|
23040
|
+
}
|
|
23041
|
+
if (resp.loggingConfiguration) {
|
|
23042
|
+
const lc = {};
|
|
23043
|
+
if (resp.loggingConfiguration.level !== void 0) {
|
|
23044
|
+
lc["Level"] = resp.loggingConfiguration.level;
|
|
23045
|
+
}
|
|
23046
|
+
if (resp.loggingConfiguration.includeExecutionData !== void 0) {
|
|
23047
|
+
lc["IncludeExecutionData"] = resp.loggingConfiguration.includeExecutionData;
|
|
23048
|
+
}
|
|
23049
|
+
if (resp.loggingConfiguration.destinations) {
|
|
23050
|
+
lc["Destinations"] = resp.loggingConfiguration.destinations.map((d) => {
|
|
23051
|
+
const inner = {};
|
|
23052
|
+
if (d.cloudWatchLogsLogGroup?.logGroupArn) {
|
|
23053
|
+
inner["CloudWatchLogsLogGroup"] = {
|
|
23054
|
+
LogGroupArn: d.cloudWatchLogsLogGroup.logGroupArn
|
|
23055
|
+
};
|
|
23056
|
+
}
|
|
23057
|
+
return inner;
|
|
23058
|
+
});
|
|
23059
|
+
}
|
|
23060
|
+
if (Object.keys(lc).length > 0)
|
|
23061
|
+
result["LoggingConfiguration"] = lc;
|
|
23062
|
+
}
|
|
23063
|
+
if (resp.tracingConfiguration?.enabled !== void 0) {
|
|
23064
|
+
result["TracingConfiguration"] = { Enabled: resp.tracingConfiguration.enabled };
|
|
23065
|
+
}
|
|
23066
|
+
if (resp.encryptionConfiguration) {
|
|
23067
|
+
const ec = {};
|
|
23068
|
+
if (resp.encryptionConfiguration.type !== void 0) {
|
|
23069
|
+
ec["Type"] = resp.encryptionConfiguration.type;
|
|
23070
|
+
}
|
|
23071
|
+
if (resp.encryptionConfiguration.kmsKeyId !== void 0) {
|
|
23072
|
+
ec["KmsKeyId"] = resp.encryptionConfiguration.kmsKeyId;
|
|
23073
|
+
}
|
|
23074
|
+
if (resp.encryptionConfiguration.kmsDataKeyReusePeriodSeconds !== void 0) {
|
|
23075
|
+
ec["KmsDataKeyReusePeriodSeconds"] = resp.encryptionConfiguration.kmsDataKeyReusePeriodSeconds;
|
|
23076
|
+
}
|
|
23077
|
+
if (Object.keys(ec).length > 0)
|
|
23078
|
+
result["EncryptionConfiguration"] = ec;
|
|
23079
|
+
}
|
|
23080
|
+
return result;
|
|
23081
|
+
}
|
|
22475
23082
|
/**
|
|
22476
23083
|
* Adopt an existing Step Functions state machine into cdkd state.
|
|
22477
23084
|
*
|
|
@@ -23302,31 +23909,198 @@ var ECSProvider = class {
|
|
|
23302
23909
|
return false;
|
|
23303
23910
|
}
|
|
23304
23911
|
/**
|
|
23305
|
-
*
|
|
23912
|
+
* Read the AWS-current ECS resource configuration in CFn-property shape.
|
|
23306
23913
|
*
|
|
23307
|
-
*
|
|
23308
|
-
* `AWS::ECS::
|
|
23309
|
-
*
|
|
23310
|
-
*
|
|
23914
|
+
* Dispatches by resource type:
|
|
23915
|
+
* - `AWS::ECS::Cluster` → `DescribeClusters`
|
|
23916
|
+
* - `AWS::ECS::Service` → `DescribeServices`. Service physicalIds use
|
|
23917
|
+
* the composite form `<clusterArn>|<serviceName>`; we split on `|`.
|
|
23918
|
+
* - `AWS::ECS::TaskDefinition` → `DescribeTaskDefinition`
|
|
23311
23919
|
*
|
|
23312
|
-
*
|
|
23313
|
-
*
|
|
23314
|
-
*
|
|
23315
|
-
* supplied.
|
|
23920
|
+
* Each branch surfaces only the keys cdkd's `create()` accepts, mapping
|
|
23921
|
+
* the SDK's camelCase to CFn PascalCase. Tags are intentionally omitted
|
|
23922
|
+
* (separate `ListTagsForResource` round-trip).
|
|
23316
23923
|
*/
|
|
23317
|
-
async
|
|
23318
|
-
switch (
|
|
23924
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
23925
|
+
switch (resourceType) {
|
|
23319
23926
|
case "AWS::ECS::Cluster":
|
|
23320
|
-
return this.
|
|
23927
|
+
return this.readCurrentStateCluster(physicalId);
|
|
23321
23928
|
case "AWS::ECS::Service":
|
|
23322
|
-
return this.
|
|
23929
|
+
return this.readCurrentStateService(physicalId);
|
|
23323
23930
|
case "AWS::ECS::TaskDefinition":
|
|
23324
|
-
return this.
|
|
23931
|
+
return this.readCurrentStateTaskDefinition(physicalId);
|
|
23325
23932
|
default:
|
|
23326
|
-
return
|
|
23933
|
+
return void 0;
|
|
23327
23934
|
}
|
|
23328
23935
|
}
|
|
23329
|
-
async
|
|
23936
|
+
async readCurrentStateCluster(physicalId) {
|
|
23937
|
+
let resp;
|
|
23938
|
+
try {
|
|
23939
|
+
resp = await this.getClient().send(
|
|
23940
|
+
new DescribeClustersCommand({ clusters: [physicalId] })
|
|
23941
|
+
);
|
|
23942
|
+
} catch {
|
|
23943
|
+
return void 0;
|
|
23944
|
+
}
|
|
23945
|
+
const c = resp.clusters?.[0];
|
|
23946
|
+
if (!c || !c.clusterName)
|
|
23947
|
+
return void 0;
|
|
23948
|
+
const result = { ClusterName: c.clusterName };
|
|
23949
|
+
if (c.capacityProviders && c.capacityProviders.length > 0) {
|
|
23950
|
+
result["CapacityProviders"] = [...c.capacityProviders];
|
|
23951
|
+
}
|
|
23952
|
+
if (c.defaultCapacityProviderStrategy && c.defaultCapacityProviderStrategy.length > 0) {
|
|
23953
|
+
result["DefaultCapacityProviderStrategy"] = c.defaultCapacityProviderStrategy;
|
|
23954
|
+
}
|
|
23955
|
+
if (c.configuration)
|
|
23956
|
+
result["Configuration"] = c.configuration;
|
|
23957
|
+
if (c.settings && c.settings.length > 0) {
|
|
23958
|
+
result["ClusterSettings"] = c.settings.map((s) => ({
|
|
23959
|
+
Name: s.name,
|
|
23960
|
+
Value: s.value
|
|
23961
|
+
}));
|
|
23962
|
+
}
|
|
23963
|
+
return result;
|
|
23964
|
+
}
|
|
23965
|
+
async readCurrentStateService(physicalId) {
|
|
23966
|
+
const sep = physicalId.indexOf("|");
|
|
23967
|
+
if (sep < 0)
|
|
23968
|
+
return void 0;
|
|
23969
|
+
const clusterArn = physicalId.substring(0, sep);
|
|
23970
|
+
const serviceName = physicalId.substring(sep + 1);
|
|
23971
|
+
let resp;
|
|
23972
|
+
try {
|
|
23973
|
+
resp = await this.getClient().send(
|
|
23974
|
+
new DescribeServicesCommand({ cluster: clusterArn, services: [serviceName] })
|
|
23975
|
+
);
|
|
23976
|
+
} catch {
|
|
23977
|
+
return void 0;
|
|
23978
|
+
}
|
|
23979
|
+
const s = resp.services?.[0];
|
|
23980
|
+
if (!s || !s.serviceName)
|
|
23981
|
+
return void 0;
|
|
23982
|
+
const result = {};
|
|
23983
|
+
if (s.serviceName !== void 0)
|
|
23984
|
+
result["ServiceName"] = s.serviceName;
|
|
23985
|
+
if (s.clusterArn !== void 0)
|
|
23986
|
+
result["Cluster"] = s.clusterArn;
|
|
23987
|
+
if (s.taskDefinition !== void 0)
|
|
23988
|
+
result["TaskDefinition"] = s.taskDefinition;
|
|
23989
|
+
if (s.desiredCount !== void 0)
|
|
23990
|
+
result["DesiredCount"] = s.desiredCount;
|
|
23991
|
+
if (s.launchType !== void 0)
|
|
23992
|
+
result["LaunchType"] = s.launchType;
|
|
23993
|
+
if (s.platformVersion !== void 0)
|
|
23994
|
+
result["PlatformVersion"] = s.platformVersion;
|
|
23995
|
+
if (s.schedulingStrategy !== void 0)
|
|
23996
|
+
result["SchedulingStrategy"] = s.schedulingStrategy;
|
|
23997
|
+
if (s.propagateTags !== void 0)
|
|
23998
|
+
result["PropagateTags"] = s.propagateTags;
|
|
23999
|
+
if (s.enableECSManagedTags !== void 0) {
|
|
24000
|
+
result["EnableECSManagedTags"] = s.enableECSManagedTags;
|
|
24001
|
+
}
|
|
24002
|
+
if (s.enableExecuteCommand !== void 0) {
|
|
24003
|
+
result["EnableExecuteCommand"] = s.enableExecuteCommand;
|
|
24004
|
+
}
|
|
24005
|
+
if (s.healthCheckGracePeriodSeconds !== void 0) {
|
|
24006
|
+
result["HealthCheckGracePeriodSeconds"] = s.healthCheckGracePeriodSeconds;
|
|
24007
|
+
}
|
|
24008
|
+
if (s.networkConfiguration)
|
|
24009
|
+
result["NetworkConfiguration"] = s.networkConfiguration;
|
|
24010
|
+
if (s.loadBalancers && s.loadBalancers.length > 0) {
|
|
24011
|
+
result["LoadBalancers"] = s.loadBalancers;
|
|
24012
|
+
}
|
|
24013
|
+
if (s.capacityProviderStrategy && s.capacityProviderStrategy.length > 0) {
|
|
24014
|
+
result["CapacityProviderStrategy"] = s.capacityProviderStrategy;
|
|
24015
|
+
}
|
|
24016
|
+
if (s.deploymentConfiguration)
|
|
24017
|
+
result["DeploymentConfiguration"] = s.deploymentConfiguration;
|
|
24018
|
+
if (s.placementConstraints && s.placementConstraints.length > 0) {
|
|
24019
|
+
result["PlacementConstraints"] = s.placementConstraints;
|
|
24020
|
+
}
|
|
24021
|
+
if (s.placementStrategy && s.placementStrategy.length > 0) {
|
|
24022
|
+
result["PlacementStrategy"] = s.placementStrategy;
|
|
24023
|
+
}
|
|
24024
|
+
if (s.serviceRegistries && s.serviceRegistries.length > 0) {
|
|
24025
|
+
result["ServiceRegistries"] = s.serviceRegistries;
|
|
24026
|
+
}
|
|
24027
|
+
return result;
|
|
24028
|
+
}
|
|
24029
|
+
async readCurrentStateTaskDefinition(physicalId) {
|
|
24030
|
+
let resp;
|
|
24031
|
+
try {
|
|
24032
|
+
resp = await this.getClient().send(
|
|
24033
|
+
new DescribeTaskDefinitionCommand({ taskDefinition: physicalId })
|
|
24034
|
+
);
|
|
24035
|
+
} catch {
|
|
24036
|
+
return void 0;
|
|
24037
|
+
}
|
|
24038
|
+
const td = resp.taskDefinition;
|
|
24039
|
+
if (!td)
|
|
24040
|
+
return void 0;
|
|
24041
|
+
const result = {};
|
|
24042
|
+
if (td.family !== void 0)
|
|
24043
|
+
result["Family"] = td.family;
|
|
24044
|
+
if (td.cpu !== void 0)
|
|
24045
|
+
result["Cpu"] = td.cpu;
|
|
24046
|
+
if (td.memory !== void 0)
|
|
24047
|
+
result["Memory"] = td.memory;
|
|
24048
|
+
if (td.networkMode !== void 0)
|
|
24049
|
+
result["NetworkMode"] = td.networkMode;
|
|
24050
|
+
if (td.requiresCompatibilities && td.requiresCompatibilities.length > 0) {
|
|
24051
|
+
result["RequiresCompatibilities"] = [...td.requiresCompatibilities];
|
|
24052
|
+
}
|
|
24053
|
+
if (td.executionRoleArn !== void 0)
|
|
24054
|
+
result["ExecutionRoleArn"] = td.executionRoleArn;
|
|
24055
|
+
if (td.taskRoleArn !== void 0)
|
|
24056
|
+
result["TaskRoleArn"] = td.taskRoleArn;
|
|
24057
|
+
if (td.volumes && td.volumes.length > 0)
|
|
24058
|
+
result["Volumes"] = td.volumes;
|
|
24059
|
+
if (td.placementConstraints && td.placementConstraints.length > 0) {
|
|
24060
|
+
result["PlacementConstraints"] = td.placementConstraints;
|
|
24061
|
+
}
|
|
24062
|
+
if (td.runtimePlatform)
|
|
24063
|
+
result["RuntimePlatform"] = td.runtimePlatform;
|
|
24064
|
+
if (td.proxyConfiguration)
|
|
24065
|
+
result["ProxyConfiguration"] = td.proxyConfiguration;
|
|
24066
|
+
if (td.pidMode !== void 0)
|
|
24067
|
+
result["PidMode"] = td.pidMode;
|
|
24068
|
+
if (td.ipcMode !== void 0)
|
|
24069
|
+
result["IpcMode"] = td.ipcMode;
|
|
24070
|
+
if (td.ephemeralStorage?.sizeInGiB !== void 0) {
|
|
24071
|
+
result["EphemeralStorage"] = { SizeInGiB: td.ephemeralStorage.sizeInGiB };
|
|
24072
|
+
}
|
|
24073
|
+
if (td.containerDefinitions && td.containerDefinitions.length > 0) {
|
|
24074
|
+
result["ContainerDefinitions"] = td.containerDefinitions;
|
|
24075
|
+
}
|
|
24076
|
+
return result;
|
|
24077
|
+
}
|
|
24078
|
+
/**
|
|
24079
|
+
* Adopt an existing ECS resource into cdkd state.
|
|
24080
|
+
*
|
|
24081
|
+
* Supported types: `AWS::ECS::Cluster`, `AWS::ECS::Service`,
|
|
24082
|
+
* `AWS::ECS::TaskDefinition`. ECS uses lowercase `key`/`value` tags
|
|
24083
|
+
* (vs the standard CFn `Key`/`Value`), so the standard
|
|
24084
|
+
* `matchesCdkPath` helper doesn't apply — match the tag manually.
|
|
24085
|
+
*
|
|
24086
|
+
* Service has a composite physical id of `<clusterArn>|<serviceName>`
|
|
24087
|
+
* (the form ECSProvider uses internally for mutation operations),
|
|
24088
|
+
* so the explicit-override path takes that composite form when
|
|
24089
|
+
* supplied.
|
|
24090
|
+
*/
|
|
24091
|
+
async import(input) {
|
|
24092
|
+
switch (input.resourceType) {
|
|
24093
|
+
case "AWS::ECS::Cluster":
|
|
24094
|
+
return this.importCluster(input);
|
|
24095
|
+
case "AWS::ECS::Service":
|
|
24096
|
+
return this.importService(input);
|
|
24097
|
+
case "AWS::ECS::TaskDefinition":
|
|
24098
|
+
return this.importTaskDefinition(input);
|
|
24099
|
+
default:
|
|
24100
|
+
return null;
|
|
24101
|
+
}
|
|
24102
|
+
}
|
|
24103
|
+
async importCluster(input) {
|
|
23330
24104
|
const explicit = resolveExplicitPhysicalId(input, "ClusterName");
|
|
23331
24105
|
if (explicit) {
|
|
23332
24106
|
try {
|
|
@@ -23438,7 +24212,8 @@ import {
|
|
|
23438
24212
|
DescribeTagsCommand,
|
|
23439
24213
|
CreateListenerCommand,
|
|
23440
24214
|
DeleteListenerCommand,
|
|
23441
|
-
ModifyListenerCommand
|
|
24215
|
+
ModifyListenerCommand,
|
|
24216
|
+
DescribeListenersCommand as DescribeListenersCommand2
|
|
23442
24217
|
} from "@aws-sdk/client-elastic-load-balancing-v2";
|
|
23443
24218
|
var ELBv2Provider = class {
|
|
23444
24219
|
elbv2Client;
|
|
@@ -23931,6 +24706,170 @@ var ELBv2Provider = class {
|
|
|
23931
24706
|
return void 0;
|
|
23932
24707
|
return certificates;
|
|
23933
24708
|
}
|
|
24709
|
+
/**
|
|
24710
|
+
* Read the AWS-current ELBv2 resource configuration in CFn-property shape.
|
|
24711
|
+
*
|
|
24712
|
+
* Dispatch per resource type:
|
|
24713
|
+
* - `LoadBalancer` → `DescribeLoadBalancers` (Name, Subnets via
|
|
24714
|
+
* `AvailabilityZones[].SubnetId`, SecurityGroups, Scheme, Type,
|
|
24715
|
+
* IpAddressType). LoadBalancerAttributes is omitted for v1 — it
|
|
24716
|
+
* requires a separate `DescribeLoadBalancerAttributes` call and the
|
|
24717
|
+
* drift comparator only descends into keys present in state, so an
|
|
24718
|
+
* absent key cannot fire false drift.
|
|
24719
|
+
* - `TargetGroup` → `DescribeTargetGroups` (Protocol, Port, VpcId,
|
|
24720
|
+
* TargetType, ProtocolVersion, HealthCheck*, Matcher, Name).
|
|
24721
|
+
* - `Listener` → `DescribeListeners` (LoadBalancerArn, Certificates,
|
|
24722
|
+
* DefaultActions, Port, Protocol, SslPolicy).
|
|
24723
|
+
*
|
|
24724
|
+
* Tags are skipped (CDK auto-tag handling deferred). Returns `undefined`
|
|
24725
|
+
* when the resource is gone (`*NotFoundException`).
|
|
24726
|
+
*/
|
|
24727
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
24728
|
+
switch (resourceType) {
|
|
24729
|
+
case "AWS::ElasticLoadBalancingV2::LoadBalancer":
|
|
24730
|
+
return this.readLoadBalancer(physicalId);
|
|
24731
|
+
case "AWS::ElasticLoadBalancingV2::TargetGroup":
|
|
24732
|
+
return this.readTargetGroup(physicalId);
|
|
24733
|
+
case "AWS::ElasticLoadBalancingV2::Listener":
|
|
24734
|
+
return this.readListener(physicalId);
|
|
24735
|
+
default:
|
|
24736
|
+
return void 0;
|
|
24737
|
+
}
|
|
24738
|
+
}
|
|
24739
|
+
async readLoadBalancer(physicalId) {
|
|
24740
|
+
let lb;
|
|
24741
|
+
try {
|
|
24742
|
+
const resp = await this.getClient().send(
|
|
24743
|
+
new DescribeLoadBalancersCommand2({ LoadBalancerArns: [physicalId] })
|
|
24744
|
+
);
|
|
24745
|
+
lb = resp.LoadBalancers?.[0];
|
|
24746
|
+
} catch (err) {
|
|
24747
|
+
if (this.isNotFoundError(err))
|
|
24748
|
+
return void 0;
|
|
24749
|
+
throw err;
|
|
24750
|
+
}
|
|
24751
|
+
if (!lb)
|
|
24752
|
+
return void 0;
|
|
24753
|
+
const result = {};
|
|
24754
|
+
if (lb.LoadBalancerName !== void 0)
|
|
24755
|
+
result["Name"] = lb.LoadBalancerName;
|
|
24756
|
+
if (lb.AvailabilityZones && lb.AvailabilityZones.length > 0) {
|
|
24757
|
+
const subnets = lb.AvailabilityZones.map((az) => az.SubnetId).filter(
|
|
24758
|
+
(id) => !!id
|
|
24759
|
+
);
|
|
24760
|
+
if (subnets.length > 0)
|
|
24761
|
+
result["Subnets"] = subnets;
|
|
24762
|
+
}
|
|
24763
|
+
if (lb.SecurityGroups && lb.SecurityGroups.length > 0) {
|
|
24764
|
+
result["SecurityGroups"] = [...lb.SecurityGroups];
|
|
24765
|
+
}
|
|
24766
|
+
if (lb.Scheme !== void 0)
|
|
24767
|
+
result["Scheme"] = lb.Scheme;
|
|
24768
|
+
if (lb.Type !== void 0)
|
|
24769
|
+
result["Type"] = lb.Type;
|
|
24770
|
+
if (lb.IpAddressType !== void 0)
|
|
24771
|
+
result["IpAddressType"] = lb.IpAddressType;
|
|
24772
|
+
return result;
|
|
24773
|
+
}
|
|
24774
|
+
async readTargetGroup(physicalId) {
|
|
24775
|
+
let tg;
|
|
24776
|
+
try {
|
|
24777
|
+
const resp = await this.getClient().send(
|
|
24778
|
+
new DescribeTargetGroupsCommand({ TargetGroupArns: [physicalId] })
|
|
24779
|
+
);
|
|
24780
|
+
tg = resp.TargetGroups?.[0];
|
|
24781
|
+
} catch (err) {
|
|
24782
|
+
if (this.isNotFoundError(err))
|
|
24783
|
+
return void 0;
|
|
24784
|
+
throw err;
|
|
24785
|
+
}
|
|
24786
|
+
if (!tg)
|
|
24787
|
+
return void 0;
|
|
24788
|
+
const result = {};
|
|
24789
|
+
if (tg.TargetGroupName !== void 0)
|
|
24790
|
+
result["Name"] = tg.TargetGroupName;
|
|
24791
|
+
if (tg.Protocol !== void 0)
|
|
24792
|
+
result["Protocol"] = tg.Protocol;
|
|
24793
|
+
if (tg.Port !== void 0)
|
|
24794
|
+
result["Port"] = tg.Port;
|
|
24795
|
+
if (tg.VpcId !== void 0)
|
|
24796
|
+
result["VpcId"] = tg.VpcId;
|
|
24797
|
+
if (tg.TargetType !== void 0)
|
|
24798
|
+
result["TargetType"] = tg.TargetType;
|
|
24799
|
+
if (tg.ProtocolVersion !== void 0)
|
|
24800
|
+
result["ProtocolVersion"] = tg.ProtocolVersion;
|
|
24801
|
+
if (tg.HealthCheckProtocol !== void 0)
|
|
24802
|
+
result["HealthCheckProtocol"] = tg.HealthCheckProtocol;
|
|
24803
|
+
if (tg.HealthCheckPort !== void 0)
|
|
24804
|
+
result["HealthCheckPort"] = tg.HealthCheckPort;
|
|
24805
|
+
if (tg.HealthCheckPath !== void 0)
|
|
24806
|
+
result["HealthCheckPath"] = tg.HealthCheckPath;
|
|
24807
|
+
if (tg.HealthCheckEnabled !== void 0)
|
|
24808
|
+
result["HealthCheckEnabled"] = tg.HealthCheckEnabled;
|
|
24809
|
+
if (tg.HealthCheckIntervalSeconds !== void 0) {
|
|
24810
|
+
result["HealthCheckIntervalSeconds"] = tg.HealthCheckIntervalSeconds;
|
|
24811
|
+
}
|
|
24812
|
+
if (tg.HealthCheckTimeoutSeconds !== void 0) {
|
|
24813
|
+
result["HealthCheckTimeoutSeconds"] = tg.HealthCheckTimeoutSeconds;
|
|
24814
|
+
}
|
|
24815
|
+
if (tg.HealthyThresholdCount !== void 0) {
|
|
24816
|
+
result["HealthyThresholdCount"] = tg.HealthyThresholdCount;
|
|
24817
|
+
}
|
|
24818
|
+
if (tg.UnhealthyThresholdCount !== void 0) {
|
|
24819
|
+
result["UnhealthyThresholdCount"] = tg.UnhealthyThresholdCount;
|
|
24820
|
+
}
|
|
24821
|
+
if (tg.Matcher) {
|
|
24822
|
+
const matcher = {};
|
|
24823
|
+
if (tg.Matcher.HttpCode !== void 0)
|
|
24824
|
+
matcher["HttpCode"] = tg.Matcher.HttpCode;
|
|
24825
|
+
if (tg.Matcher.GrpcCode !== void 0)
|
|
24826
|
+
matcher["GrpcCode"] = tg.Matcher.GrpcCode;
|
|
24827
|
+
if (Object.keys(matcher).length > 0)
|
|
24828
|
+
result["Matcher"] = matcher;
|
|
24829
|
+
}
|
|
24830
|
+
return result;
|
|
24831
|
+
}
|
|
24832
|
+
async readListener(physicalId) {
|
|
24833
|
+
let listener;
|
|
24834
|
+
try {
|
|
24835
|
+
const resp = await this.getClient().send(
|
|
24836
|
+
new DescribeListenersCommand2({ ListenerArns: [physicalId] })
|
|
24837
|
+
);
|
|
24838
|
+
listener = resp.Listeners?.[0];
|
|
24839
|
+
} catch (err) {
|
|
24840
|
+
if (this.isNotFoundError(err))
|
|
24841
|
+
return void 0;
|
|
24842
|
+
throw err;
|
|
24843
|
+
}
|
|
24844
|
+
if (!listener)
|
|
24845
|
+
return void 0;
|
|
24846
|
+
const result = {};
|
|
24847
|
+
if (listener.LoadBalancerArn !== void 0) {
|
|
24848
|
+
result["LoadBalancerArn"] = listener.LoadBalancerArn;
|
|
24849
|
+
}
|
|
24850
|
+
if (listener.Port !== void 0)
|
|
24851
|
+
result["Port"] = listener.Port;
|
|
24852
|
+
if (listener.Protocol !== void 0)
|
|
24853
|
+
result["Protocol"] = listener.Protocol;
|
|
24854
|
+
if (listener.SslPolicy !== void 0)
|
|
24855
|
+
result["SslPolicy"] = listener.SslPolicy;
|
|
24856
|
+
if (listener.Certificates && listener.Certificates.length > 0) {
|
|
24857
|
+
result["Certificates"] = listener.Certificates.map((c) => {
|
|
24858
|
+
const out = {};
|
|
24859
|
+
if (c.CertificateArn !== void 0)
|
|
24860
|
+
out["CertificateArn"] = c.CertificateArn;
|
|
24861
|
+
if (c.IsDefault !== void 0)
|
|
24862
|
+
out["IsDefault"] = c.IsDefault;
|
|
24863
|
+
return out;
|
|
24864
|
+
});
|
|
24865
|
+
}
|
|
24866
|
+
if (listener.DefaultActions && listener.DefaultActions.length > 0) {
|
|
24867
|
+
result["DefaultActions"] = listener.DefaultActions.map(
|
|
24868
|
+
(a) => a
|
|
24869
|
+
);
|
|
24870
|
+
}
|
|
24871
|
+
return result;
|
|
24872
|
+
}
|
|
23934
24873
|
/**
|
|
23935
24874
|
* Adopt an existing ELBv2 LoadBalancer or TargetGroup into cdkd state.
|
|
23936
24875
|
*
|
|
@@ -24675,6 +25614,146 @@ var RDSProvider = class {
|
|
|
24675
25614
|
return null;
|
|
24676
25615
|
}
|
|
24677
25616
|
}
|
|
25617
|
+
/**
|
|
25618
|
+
* Read the AWS-current RDS resource configuration in CFn-property shape.
|
|
25619
|
+
*
|
|
25620
|
+
* Dispatches by resource type:
|
|
25621
|
+
* - `AWS::RDS::DBInstance` → `DescribeDBInstances`
|
|
25622
|
+
* - `AWS::RDS::DBCluster` → `DescribeDBClusters`
|
|
25623
|
+
* - `AWS::RDS::DBSubnetGroup` → `DescribeDBSubnetGroups`
|
|
25624
|
+
*
|
|
25625
|
+
* Each branch surfaces only the keys cdkd's `create()` accepts. Sensitive
|
|
25626
|
+
* fields like `MasterUserPassword` are NEVER surfaced (RDS does not return
|
|
25627
|
+
* them in the Describe responses). `Tags` are intentionally omitted
|
|
25628
|
+
* (separate `ListTagsForResource` round-trip).
|
|
25629
|
+
*
|
|
25630
|
+
* Returns `undefined` when the resource is gone (`*NotFoundFault`).
|
|
25631
|
+
*/
|
|
25632
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
25633
|
+
switch (resourceType) {
|
|
25634
|
+
case "AWS::RDS::DBInstance":
|
|
25635
|
+
return this.readCurrentStateDBInstance(physicalId);
|
|
25636
|
+
case "AWS::RDS::DBCluster":
|
|
25637
|
+
return this.readCurrentStateDBCluster(physicalId);
|
|
25638
|
+
case "AWS::RDS::DBSubnetGroup":
|
|
25639
|
+
return this.readCurrentStateDBSubnetGroup(physicalId);
|
|
25640
|
+
default:
|
|
25641
|
+
return void 0;
|
|
25642
|
+
}
|
|
25643
|
+
}
|
|
25644
|
+
async readCurrentStateDBInstance(physicalId) {
|
|
25645
|
+
let inst;
|
|
25646
|
+
try {
|
|
25647
|
+
inst = await this.describeDBInstance(physicalId);
|
|
25648
|
+
} catch (err) {
|
|
25649
|
+
if (this.isNotFoundError(err, "DBInstanceNotFoundFault"))
|
|
25650
|
+
return void 0;
|
|
25651
|
+
throw err;
|
|
25652
|
+
}
|
|
25653
|
+
if (!inst)
|
|
25654
|
+
return void 0;
|
|
25655
|
+
const result = {};
|
|
25656
|
+
if (inst.DBInstanceIdentifier !== void 0) {
|
|
25657
|
+
result["DBInstanceIdentifier"] = inst.DBInstanceIdentifier;
|
|
25658
|
+
}
|
|
25659
|
+
if (inst.DBInstanceClass !== void 0)
|
|
25660
|
+
result["DBInstanceClass"] = inst.DBInstanceClass;
|
|
25661
|
+
if (inst.Engine !== void 0)
|
|
25662
|
+
result["Engine"] = inst.Engine;
|
|
25663
|
+
if (inst.DBClusterIdentifier !== void 0) {
|
|
25664
|
+
result["DBClusterIdentifier"] = inst.DBClusterIdentifier;
|
|
25665
|
+
}
|
|
25666
|
+
if (inst.DBSubnetGroup?.DBSubnetGroupName !== void 0) {
|
|
25667
|
+
result["DBSubnetGroupName"] = inst.DBSubnetGroup.DBSubnetGroupName;
|
|
25668
|
+
}
|
|
25669
|
+
if (inst.PubliclyAccessible !== void 0) {
|
|
25670
|
+
result["PubliclyAccessible"] = inst.PubliclyAccessible;
|
|
25671
|
+
}
|
|
25672
|
+
return result;
|
|
25673
|
+
}
|
|
25674
|
+
async readCurrentStateDBCluster(physicalId) {
|
|
25675
|
+
let cluster;
|
|
25676
|
+
try {
|
|
25677
|
+
cluster = await this.describeDBCluster(physicalId);
|
|
25678
|
+
} catch (err) {
|
|
25679
|
+
if (this.isNotFoundError(err, "DBClusterNotFoundFault"))
|
|
25680
|
+
return void 0;
|
|
25681
|
+
throw err;
|
|
25682
|
+
}
|
|
25683
|
+
if (!cluster)
|
|
25684
|
+
return void 0;
|
|
25685
|
+
const result = {};
|
|
25686
|
+
if (cluster.DBClusterIdentifier !== void 0) {
|
|
25687
|
+
result["DBClusterIdentifier"] = cluster.DBClusterIdentifier;
|
|
25688
|
+
}
|
|
25689
|
+
if (cluster.Engine !== void 0)
|
|
25690
|
+
result["Engine"] = cluster.Engine;
|
|
25691
|
+
if (cluster.EngineVersion !== void 0)
|
|
25692
|
+
result["EngineVersion"] = cluster.EngineVersion;
|
|
25693
|
+
if (cluster.MasterUsername !== void 0)
|
|
25694
|
+
result["MasterUsername"] = cluster.MasterUsername;
|
|
25695
|
+
if (cluster.DatabaseName !== void 0)
|
|
25696
|
+
result["DatabaseName"] = cluster.DatabaseName;
|
|
25697
|
+
if (cluster.Port !== void 0)
|
|
25698
|
+
result["Port"] = cluster.Port;
|
|
25699
|
+
if (cluster.VpcSecurityGroups && cluster.VpcSecurityGroups.length > 0) {
|
|
25700
|
+
result["VpcSecurityGroupIds"] = cluster.VpcSecurityGroups.map(
|
|
25701
|
+
(sg) => sg.VpcSecurityGroupId
|
|
25702
|
+
).filter((id) => !!id);
|
|
25703
|
+
}
|
|
25704
|
+
if (cluster.DBSubnetGroup !== void 0)
|
|
25705
|
+
result["DBSubnetGroupName"] = cluster.DBSubnetGroup;
|
|
25706
|
+
if (cluster.StorageEncrypted !== void 0) {
|
|
25707
|
+
result["StorageEncrypted"] = cluster.StorageEncrypted;
|
|
25708
|
+
}
|
|
25709
|
+
if (cluster.KmsKeyId !== void 0)
|
|
25710
|
+
result["KmsKeyId"] = cluster.KmsKeyId;
|
|
25711
|
+
if (cluster.BackupRetentionPeriod !== void 0) {
|
|
25712
|
+
result["BackupRetentionPeriod"] = cluster.BackupRetentionPeriod;
|
|
25713
|
+
}
|
|
25714
|
+
if (cluster.DeletionProtection !== void 0) {
|
|
25715
|
+
result["DeletionProtection"] = cluster.DeletionProtection;
|
|
25716
|
+
}
|
|
25717
|
+
if (cluster.ServerlessV2ScalingConfiguration) {
|
|
25718
|
+
const sc = {};
|
|
25719
|
+
if (cluster.ServerlessV2ScalingConfiguration.MinCapacity !== void 0) {
|
|
25720
|
+
sc["MinCapacity"] = cluster.ServerlessV2ScalingConfiguration.MinCapacity;
|
|
25721
|
+
}
|
|
25722
|
+
if (cluster.ServerlessV2ScalingConfiguration.MaxCapacity !== void 0) {
|
|
25723
|
+
sc["MaxCapacity"] = cluster.ServerlessV2ScalingConfiguration.MaxCapacity;
|
|
25724
|
+
}
|
|
25725
|
+
if (Object.keys(sc).length > 0)
|
|
25726
|
+
result["ServerlessV2ScalingConfiguration"] = sc;
|
|
25727
|
+
}
|
|
25728
|
+
return result;
|
|
25729
|
+
}
|
|
25730
|
+
async readCurrentStateDBSubnetGroup(physicalId) {
|
|
25731
|
+
let resp;
|
|
25732
|
+
try {
|
|
25733
|
+
resp = await this.getClient().send(
|
|
25734
|
+
new DescribeDBSubnetGroupsCommand({ DBSubnetGroupName: physicalId })
|
|
25735
|
+
);
|
|
25736
|
+
} catch (err) {
|
|
25737
|
+
if (this.isNotFoundError(err, "DBSubnetGroupNotFoundFault"))
|
|
25738
|
+
return void 0;
|
|
25739
|
+
throw err;
|
|
25740
|
+
}
|
|
25741
|
+
const sg = resp.DBSubnetGroups?.[0];
|
|
25742
|
+
if (!sg)
|
|
25743
|
+
return void 0;
|
|
25744
|
+
const result = {};
|
|
25745
|
+
if (sg.DBSubnetGroupName !== void 0)
|
|
25746
|
+
result["DBSubnetGroupName"] = sg.DBSubnetGroupName;
|
|
25747
|
+
if (sg.DBSubnetGroupDescription !== void 0) {
|
|
25748
|
+
result["DBSubnetGroupDescription"] = sg.DBSubnetGroupDescription;
|
|
25749
|
+
}
|
|
25750
|
+
if (sg.Subnets && sg.Subnets.length > 0) {
|
|
25751
|
+
result["SubnetIds"] = sg.Subnets.map((s) => s.SubnetIdentifier).filter(
|
|
25752
|
+
(id) => !!id
|
|
25753
|
+
);
|
|
25754
|
+
}
|
|
25755
|
+
return result;
|
|
25756
|
+
}
|
|
24678
25757
|
async importDBInstance(input) {
|
|
24679
25758
|
const explicit = resolveExplicitPhysicalId(input, "DBInstanceIdentifier");
|
|
24680
25759
|
if (explicit) {
|
|
@@ -24798,6 +25877,7 @@ import {
|
|
|
24798
25877
|
ListQueryLoggingConfigsCommand,
|
|
24799
25878
|
ListHostedZonesByNameCommand as ListHostedZonesByNameCommand2,
|
|
24800
25879
|
ListHostedZonesCommand,
|
|
25880
|
+
ListResourceRecordSetsCommand,
|
|
24801
25881
|
ListTagsForResourceCommand as ListTagsForResourceCommand11
|
|
24802
25882
|
} from "@aws-sdk/client-route-53";
|
|
24803
25883
|
var Route53Provider = class {
|
|
@@ -25445,6 +26525,150 @@ var Route53Provider = class {
|
|
|
25445
26525
|
physicalId
|
|
25446
26526
|
);
|
|
25447
26527
|
}
|
|
26528
|
+
/**
|
|
26529
|
+
* Read the AWS-current Route 53 resource configuration in CFn-property shape.
|
|
26530
|
+
*
|
|
26531
|
+
* Dispatch per resource type:
|
|
26532
|
+
* - `HostedZone` → `GetHostedZone` (Name, HostedZoneConfig{Comment,
|
|
26533
|
+
* PrivateZone}, VPCs from `VPCs[]`). Tags are skipped (CDK auto-tag
|
|
26534
|
+
* handling deferred); QueryLoggingConfig is skipped because it's a
|
|
26535
|
+
* separate `ListQueryLoggingConfigs` call and the v1 surface does
|
|
26536
|
+
* not surface it.
|
|
26537
|
+
* - `RecordSet` → `ListResourceRecordSets` filtered to the exact
|
|
26538
|
+
* `(name, type)` pair from the composite physicalId
|
|
26539
|
+
* (`{zoneId}|{name}|{type}`). Surfaces TTL, ResourceRecords (with
|
|
26540
|
+
* `[{Value}]` -> string[] re-shape to match cdkd state), AliasTarget,
|
|
26541
|
+
* Weight, Region, Failover, MultiValueAnswer, HealthCheckId,
|
|
26542
|
+
* GeoLocation, SetIdentifier.
|
|
26543
|
+
*
|
|
26544
|
+
* Returns `undefined` when the parent zone is gone (`NoSuchHostedZone`).
|
|
26545
|
+
*/
|
|
26546
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
26547
|
+
switch (resourceType) {
|
|
26548
|
+
case "AWS::Route53::HostedZone":
|
|
26549
|
+
return this.readHostedZone(physicalId);
|
|
26550
|
+
case "AWS::Route53::RecordSet":
|
|
26551
|
+
return this.readRecordSet(physicalId);
|
|
26552
|
+
default:
|
|
26553
|
+
return void 0;
|
|
26554
|
+
}
|
|
26555
|
+
}
|
|
26556
|
+
async readHostedZone(physicalId) {
|
|
26557
|
+
let resp;
|
|
26558
|
+
try {
|
|
26559
|
+
resp = await this.getClient().send(new GetHostedZoneCommand2({ Id: physicalId }));
|
|
26560
|
+
} catch (err) {
|
|
26561
|
+
if (err instanceof Error && err.name === "NoSuchHostedZone")
|
|
26562
|
+
return void 0;
|
|
26563
|
+
throw err;
|
|
26564
|
+
}
|
|
26565
|
+
if (!resp.HostedZone)
|
|
26566
|
+
return void 0;
|
|
26567
|
+
const result = {};
|
|
26568
|
+
if (resp.HostedZone.Name !== void 0)
|
|
26569
|
+
result["Name"] = resp.HostedZone.Name;
|
|
26570
|
+
if (resp.HostedZone.Config) {
|
|
26571
|
+
const cfg = {};
|
|
26572
|
+
if (resp.HostedZone.Config.Comment !== void 0) {
|
|
26573
|
+
cfg["Comment"] = resp.HostedZone.Config.Comment;
|
|
26574
|
+
}
|
|
26575
|
+
if (resp.HostedZone.Config.PrivateZone !== void 0) {
|
|
26576
|
+
cfg["PrivateZone"] = resp.HostedZone.Config.PrivateZone;
|
|
26577
|
+
}
|
|
26578
|
+
if (Object.keys(cfg).length > 0)
|
|
26579
|
+
result["HostedZoneConfig"] = cfg;
|
|
26580
|
+
}
|
|
26581
|
+
if (resp.VPCs && resp.VPCs.length > 0) {
|
|
26582
|
+
result["VPCs"] = resp.VPCs.map((v) => {
|
|
26583
|
+
const out = {};
|
|
26584
|
+
if (v.VPCId !== void 0)
|
|
26585
|
+
out["VPCId"] = v.VPCId;
|
|
26586
|
+
if (v.VPCRegion !== void 0)
|
|
26587
|
+
out["VPCRegion"] = v.VPCRegion;
|
|
26588
|
+
return out;
|
|
26589
|
+
});
|
|
26590
|
+
}
|
|
26591
|
+
return result;
|
|
26592
|
+
}
|
|
26593
|
+
async readRecordSet(physicalId) {
|
|
26594
|
+
const parts = physicalId.split("|");
|
|
26595
|
+
if (parts.length < 3)
|
|
26596
|
+
return void 0;
|
|
26597
|
+
const [hostedZoneId, name, type] = parts;
|
|
26598
|
+
if (!hostedZoneId || !name || !type)
|
|
26599
|
+
return void 0;
|
|
26600
|
+
let resp;
|
|
26601
|
+
try {
|
|
26602
|
+
resp = await this.getClient().send(
|
|
26603
|
+
new ListResourceRecordSetsCommand({
|
|
26604
|
+
HostedZoneId: hostedZoneId,
|
|
26605
|
+
StartRecordName: name,
|
|
26606
|
+
StartRecordType: type,
|
|
26607
|
+
MaxItems: 1
|
|
26608
|
+
})
|
|
26609
|
+
);
|
|
26610
|
+
} catch (err) {
|
|
26611
|
+
if (err instanceof Error && err.name === "NoSuchHostedZone")
|
|
26612
|
+
return void 0;
|
|
26613
|
+
throw err;
|
|
26614
|
+
}
|
|
26615
|
+
const recordSet = resp.ResourceRecordSets?.find((r) => r.Name === name && r.Type === type);
|
|
26616
|
+
if (!recordSet)
|
|
26617
|
+
return void 0;
|
|
26618
|
+
const result = {
|
|
26619
|
+
HostedZoneId: hostedZoneId,
|
|
26620
|
+
Name: name,
|
|
26621
|
+
Type: type
|
|
26622
|
+
};
|
|
26623
|
+
if (recordSet.TTL !== void 0)
|
|
26624
|
+
result["TTL"] = recordSet.TTL;
|
|
26625
|
+
if (recordSet.ResourceRecords && recordSet.ResourceRecords.length > 0) {
|
|
26626
|
+
result["ResourceRecords"] = recordSet.ResourceRecords.map((r) => r.Value).filter(
|
|
26627
|
+
(v) => typeof v === "string"
|
|
26628
|
+
);
|
|
26629
|
+
}
|
|
26630
|
+
if (recordSet.AliasTarget) {
|
|
26631
|
+
const at = {};
|
|
26632
|
+
if (recordSet.AliasTarget.HostedZoneId !== void 0) {
|
|
26633
|
+
at["HostedZoneId"] = recordSet.AliasTarget.HostedZoneId;
|
|
26634
|
+
}
|
|
26635
|
+
if (recordSet.AliasTarget.DNSName !== void 0) {
|
|
26636
|
+
at["DNSName"] = recordSet.AliasTarget.DNSName;
|
|
26637
|
+
}
|
|
26638
|
+
if (recordSet.AliasTarget.EvaluateTargetHealth !== void 0) {
|
|
26639
|
+
at["EvaluateTargetHealth"] = recordSet.AliasTarget.EvaluateTargetHealth;
|
|
26640
|
+
}
|
|
26641
|
+
result["AliasTarget"] = at;
|
|
26642
|
+
}
|
|
26643
|
+
if (recordSet.SetIdentifier !== void 0)
|
|
26644
|
+
result["SetIdentifier"] = recordSet.SetIdentifier;
|
|
26645
|
+
if (recordSet.Weight !== void 0)
|
|
26646
|
+
result["Weight"] = recordSet.Weight;
|
|
26647
|
+
if (recordSet.Region !== void 0)
|
|
26648
|
+
result["Region"] = recordSet.Region;
|
|
26649
|
+
if (recordSet.Failover !== void 0)
|
|
26650
|
+
result["Failover"] = recordSet.Failover;
|
|
26651
|
+
if (recordSet.MultiValueAnswer !== void 0) {
|
|
26652
|
+
result["MultiValueAnswer"] = recordSet.MultiValueAnswer;
|
|
26653
|
+
}
|
|
26654
|
+
if (recordSet.HealthCheckId !== void 0)
|
|
26655
|
+
result["HealthCheckId"] = recordSet.HealthCheckId;
|
|
26656
|
+
if (recordSet.GeoLocation) {
|
|
26657
|
+
const geo = {};
|
|
26658
|
+
if (recordSet.GeoLocation.ContinentCode !== void 0) {
|
|
26659
|
+
geo["ContinentCode"] = recordSet.GeoLocation.ContinentCode;
|
|
26660
|
+
}
|
|
26661
|
+
if (recordSet.GeoLocation.CountryCode !== void 0) {
|
|
26662
|
+
geo["CountryCode"] = recordSet.GeoLocation.CountryCode;
|
|
26663
|
+
}
|
|
26664
|
+
if (recordSet.GeoLocation.SubdivisionCode !== void 0) {
|
|
26665
|
+
geo["SubdivisionCode"] = recordSet.GeoLocation.SubdivisionCode;
|
|
26666
|
+
}
|
|
26667
|
+
if (Object.keys(geo).length > 0)
|
|
26668
|
+
result["GeoLocation"] = geo;
|
|
26669
|
+
}
|
|
26670
|
+
return result;
|
|
26671
|
+
}
|
|
25448
26672
|
/**
|
|
25449
26673
|
* Adopt an existing Route 53 resource into cdkd state.
|
|
25450
26674
|
*
|
|
@@ -25733,6 +26957,75 @@ var WAFv2WebACLProvider = class {
|
|
|
25733
26957
|
);
|
|
25734
26958
|
}
|
|
25735
26959
|
}
|
|
26960
|
+
/**
|
|
26961
|
+
* Read the AWS-current WAFv2 WebACL configuration in CFn-property shape.
|
|
26962
|
+
*
|
|
26963
|
+
* The cdkd physicalId is the WebACL ARN; we parse it back to
|
|
26964
|
+
* `(id, name, scope)` and call `GetWebACL`. The response holds Name,
|
|
26965
|
+
* Description, DefaultAction, Rules, VisibilityConfig,
|
|
26966
|
+
* CustomResponseBodies, CaptchaConfig, ChallengeConfig, TokenDomains,
|
|
26967
|
+
* and AssociationConfig — every key cdkd state declares as
|
|
26968
|
+
* `handledProperties`. `Scope` is recovered from the ARN parse.
|
|
26969
|
+
*
|
|
26970
|
+
* Tags are skipped (CDK auto-tag handling deferred). Returns `undefined`
|
|
26971
|
+
* when the ARN can't be parsed or the WebACL is gone
|
|
26972
|
+
* (`WAFNonexistentItemException`).
|
|
26973
|
+
*/
|
|
26974
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
26975
|
+
let id;
|
|
26976
|
+
let name;
|
|
26977
|
+
let scope;
|
|
26978
|
+
try {
|
|
26979
|
+
({ id, name, scope } = parseWebACLArn(physicalId));
|
|
26980
|
+
} catch {
|
|
26981
|
+
return void 0;
|
|
26982
|
+
}
|
|
26983
|
+
let webACL;
|
|
26984
|
+
try {
|
|
26985
|
+
const resp = await this.getClient().send(
|
|
26986
|
+
new GetWebACLCommand({ Id: id, Name: name, Scope: scope })
|
|
26987
|
+
);
|
|
26988
|
+
webACL = resp.WebACL;
|
|
26989
|
+
} catch (err) {
|
|
26990
|
+
if (err instanceof WAFNonexistentItemException)
|
|
26991
|
+
return void 0;
|
|
26992
|
+
throw err;
|
|
26993
|
+
}
|
|
26994
|
+
if (!webACL)
|
|
26995
|
+
return void 0;
|
|
26996
|
+
const result = {};
|
|
26997
|
+
if (webACL.Name !== void 0)
|
|
26998
|
+
result["Name"] = webACL.Name;
|
|
26999
|
+
result["Scope"] = scope;
|
|
27000
|
+
if (webACL.Description !== void 0 && webACL.Description !== "") {
|
|
27001
|
+
result["Description"] = webACL.Description;
|
|
27002
|
+
}
|
|
27003
|
+
if (webACL.DefaultAction) {
|
|
27004
|
+
result["DefaultAction"] = webACL.DefaultAction;
|
|
27005
|
+
}
|
|
27006
|
+
if (webACL.Rules && webACL.Rules.length > 0) {
|
|
27007
|
+
result["Rules"] = webACL.Rules.map((r) => r);
|
|
27008
|
+
}
|
|
27009
|
+
if (webACL.VisibilityConfig) {
|
|
27010
|
+
result["VisibilityConfig"] = webACL.VisibilityConfig;
|
|
27011
|
+
}
|
|
27012
|
+
if (webACL.CustomResponseBodies && Object.keys(webACL.CustomResponseBodies).length > 0) {
|
|
27013
|
+
result["CustomResponseBodies"] = webACL.CustomResponseBodies;
|
|
27014
|
+
}
|
|
27015
|
+
if (webACL.CaptchaConfig) {
|
|
27016
|
+
result["CaptchaConfig"] = webACL.CaptchaConfig;
|
|
27017
|
+
}
|
|
27018
|
+
if (webACL.ChallengeConfig) {
|
|
27019
|
+
result["ChallengeConfig"] = webACL.ChallengeConfig;
|
|
27020
|
+
}
|
|
27021
|
+
if (webACL.TokenDomains && webACL.TokenDomains.length > 0) {
|
|
27022
|
+
result["TokenDomains"] = [...webACL.TokenDomains];
|
|
27023
|
+
}
|
|
27024
|
+
if (webACL.AssociationConfig) {
|
|
27025
|
+
result["AssociationConfig"] = webACL.AssociationConfig;
|
|
27026
|
+
}
|
|
27027
|
+
return result;
|
|
27028
|
+
}
|
|
25736
27029
|
/**
|
|
25737
27030
|
* Adopt an existing WAFv2 WebACL into cdkd state.
|
|
25738
27031
|
*
|
|
@@ -26127,6 +27420,98 @@ var CognitoUserPoolProvider = class {
|
|
|
26127
27420
|
);
|
|
26128
27421
|
}
|
|
26129
27422
|
}
|
|
27423
|
+
/**
|
|
27424
|
+
* Read the AWS-current Cognito User Pool configuration in CFn-property shape.
|
|
27425
|
+
*
|
|
27426
|
+
* Issues `DescribeUserPool` and surfaces the keys cdkd's `create()` accepts.
|
|
27427
|
+
* AWS-managed fields (Arn, Id, CreationDate, LastModifiedDate, EstimatedNumberOfUsers,
|
|
27428
|
+
* etc.) are filtered at the wire layer.
|
|
27429
|
+
*
|
|
27430
|
+
* **Note**: Cognito only supports `AWS::Cognito::UserPool` in this provider;
|
|
27431
|
+
* `UserPoolClient`, `UserPoolGroup`, and other Cognito sub-resources go
|
|
27432
|
+
* through the CC API fallback (which has its own `readCurrentState`).
|
|
27433
|
+
*
|
|
27434
|
+
* `UserPoolTags` is intentionally omitted (Cognito returns tags via a
|
|
27435
|
+
* separate `ListTagsForResource` round-trip; auto-injected `aws:cdk:path`
|
|
27436
|
+
* tag-shape question is out of scope here).
|
|
27437
|
+
*
|
|
27438
|
+
* Returns `undefined` when the pool is gone (`ResourceNotFoundException`).
|
|
27439
|
+
*/
|
|
27440
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
27441
|
+
if (resourceType !== "AWS::Cognito::UserPool")
|
|
27442
|
+
return void 0;
|
|
27443
|
+
let resp;
|
|
27444
|
+
try {
|
|
27445
|
+
resp = await this.getClient().send(new DescribeUserPoolCommand({ UserPoolId: physicalId }));
|
|
27446
|
+
} catch (err) {
|
|
27447
|
+
if (err instanceof ResourceNotFoundException12)
|
|
27448
|
+
return void 0;
|
|
27449
|
+
throw err;
|
|
27450
|
+
}
|
|
27451
|
+
const pool = resp.UserPool;
|
|
27452
|
+
if (!pool)
|
|
27453
|
+
return void 0;
|
|
27454
|
+
const result = {};
|
|
27455
|
+
if (pool.Name !== void 0)
|
|
27456
|
+
result["UserPoolName"] = pool.Name;
|
|
27457
|
+
if (pool.AutoVerifiedAttributes && pool.AutoVerifiedAttributes.length > 0) {
|
|
27458
|
+
result["AutoVerifiedAttributes"] = [...pool.AutoVerifiedAttributes];
|
|
27459
|
+
}
|
|
27460
|
+
if (pool.UsernameAttributes && pool.UsernameAttributes.length > 0) {
|
|
27461
|
+
result["UsernameAttributes"] = [...pool.UsernameAttributes];
|
|
27462
|
+
}
|
|
27463
|
+
if (pool.AliasAttributes && pool.AliasAttributes.length > 0) {
|
|
27464
|
+
result["AliasAttributes"] = [...pool.AliasAttributes];
|
|
27465
|
+
}
|
|
27466
|
+
if (pool.Policies)
|
|
27467
|
+
result["Policies"] = pool.Policies;
|
|
27468
|
+
if (pool.SchemaAttributes && pool.SchemaAttributes.length > 0) {
|
|
27469
|
+
result["Schema"] = pool.SchemaAttributes;
|
|
27470
|
+
}
|
|
27471
|
+
if (pool.LambdaConfig && Object.keys(pool.LambdaConfig).length > 0) {
|
|
27472
|
+
result["LambdaConfig"] = pool.LambdaConfig;
|
|
27473
|
+
}
|
|
27474
|
+
if (pool.MfaConfiguration !== void 0)
|
|
27475
|
+
result["MfaConfiguration"] = pool.MfaConfiguration;
|
|
27476
|
+
if (pool.AdminCreateUserConfig)
|
|
27477
|
+
result["AdminCreateUserConfig"] = pool.AdminCreateUserConfig;
|
|
27478
|
+
if (pool.AccountRecoverySetting) {
|
|
27479
|
+
result["AccountRecoverySetting"] = pool.AccountRecoverySetting;
|
|
27480
|
+
}
|
|
27481
|
+
if (pool.UserAttributeUpdateSettings) {
|
|
27482
|
+
result["UserAttributeUpdateSettings"] = pool.UserAttributeUpdateSettings;
|
|
27483
|
+
}
|
|
27484
|
+
if (pool.DeletionProtection !== void 0) {
|
|
27485
|
+
result["DeletionProtection"] = pool.DeletionProtection;
|
|
27486
|
+
}
|
|
27487
|
+
if (pool.EmailConfiguration)
|
|
27488
|
+
result["EmailConfiguration"] = pool.EmailConfiguration;
|
|
27489
|
+
if (pool.SmsConfiguration)
|
|
27490
|
+
result["SmsConfiguration"] = pool.SmsConfiguration;
|
|
27491
|
+
if (pool.VerificationMessageTemplate) {
|
|
27492
|
+
result["VerificationMessageTemplate"] = pool.VerificationMessageTemplate;
|
|
27493
|
+
}
|
|
27494
|
+
if (pool.UsernameConfiguration) {
|
|
27495
|
+
result["UsernameConfiguration"] = pool.UsernameConfiguration;
|
|
27496
|
+
}
|
|
27497
|
+
if (pool.DeviceConfiguration)
|
|
27498
|
+
result["DeviceConfiguration"] = pool.DeviceConfiguration;
|
|
27499
|
+
if (pool.UserPoolAddOns)
|
|
27500
|
+
result["UserPoolAddOns"] = pool.UserPoolAddOns;
|
|
27501
|
+
if (pool.EmailVerificationMessage !== void 0) {
|
|
27502
|
+
result["EmailVerificationMessage"] = pool.EmailVerificationMessage;
|
|
27503
|
+
}
|
|
27504
|
+
if (pool.EmailVerificationSubject !== void 0) {
|
|
27505
|
+
result["EmailVerificationSubject"] = pool.EmailVerificationSubject;
|
|
27506
|
+
}
|
|
27507
|
+
if (pool.SmsAuthenticationMessage !== void 0) {
|
|
27508
|
+
result["SmsAuthenticationMessage"] = pool.SmsAuthenticationMessage;
|
|
27509
|
+
}
|
|
27510
|
+
if (pool.SmsVerificationMessage !== void 0) {
|
|
27511
|
+
result["SmsVerificationMessage"] = pool.SmsVerificationMessage;
|
|
27512
|
+
}
|
|
27513
|
+
return result;
|
|
27514
|
+
}
|
|
26130
27515
|
/**
|
|
26131
27516
|
* Adopt an existing Cognito User Pool into cdkd state.
|
|
26132
27517
|
*
|
|
@@ -26613,6 +27998,133 @@ var ElastiCacheProvider = class {
|
|
|
26613
27998
|
sleep(ms) {
|
|
26614
27999
|
return new Promise((resolve4) => setTimeout(resolve4, ms));
|
|
26615
28000
|
}
|
|
28001
|
+
/**
|
|
28002
|
+
* Read the AWS-current ElastiCache resource configuration in CFn-property shape.
|
|
28003
|
+
*
|
|
28004
|
+
* Dispatch per resource type:
|
|
28005
|
+
* - `CacheCluster` → `DescribeCacheClusters` filtered by `CacheClusterId`,
|
|
28006
|
+
* surfacing `Engine`, `CacheNodeType`, `NumCacheNodes`,
|
|
28007
|
+
* `CacheSubnetGroupName`, `Port`, `EngineVersion`,
|
|
28008
|
+
* `CacheParameterGroupName`, `PreferredMaintenanceWindow`,
|
|
28009
|
+
* `PreferredAvailabilityZone`, `SnapshotRetentionLimit`,
|
|
28010
|
+
* `SnapshotWindow`, `AutoMinorVersionUpgrade`, `NotificationTopicArn`,
|
|
28011
|
+
* `IpDiscovery`, `NetworkType`, `TransitEncryptionEnabled`, plus
|
|
28012
|
+
* `VpcSecurityGroupIds` derived from the cluster's `SecurityGroups[]`.
|
|
28013
|
+
* - `SubnetGroup` → `DescribeCacheSubnetGroups` filtered by name,
|
|
28014
|
+
* surfacing `CacheSubnetGroupName`, `CacheSubnetGroupDescription`,
|
|
28015
|
+
* and `SubnetIds` derived from `Subnets[].SubnetIdentifier`.
|
|
28016
|
+
*
|
|
28017
|
+
* Tags are skipped (CDK auto-tag handling deferred). Returns `undefined`
|
|
28018
|
+
* when the resource is gone (`*NotFoundFault`).
|
|
28019
|
+
*/
|
|
28020
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
28021
|
+
switch (resourceType) {
|
|
28022
|
+
case "AWS::ElastiCache::CacheCluster":
|
|
28023
|
+
return this.readCacheCluster(physicalId);
|
|
28024
|
+
case "AWS::ElastiCache::SubnetGroup":
|
|
28025
|
+
return this.readSubnetGroup(physicalId);
|
|
28026
|
+
default:
|
|
28027
|
+
return void 0;
|
|
28028
|
+
}
|
|
28029
|
+
}
|
|
28030
|
+
async readCacheCluster(physicalId) {
|
|
28031
|
+
let cluster;
|
|
28032
|
+
try {
|
|
28033
|
+
const resp = await this.getClient().send(
|
|
28034
|
+
new DescribeCacheClustersCommand({
|
|
28035
|
+
CacheClusterId: physicalId,
|
|
28036
|
+
ShowCacheNodeInfo: true
|
|
28037
|
+
})
|
|
28038
|
+
);
|
|
28039
|
+
cluster = resp.CacheClusters?.[0];
|
|
28040
|
+
} catch (err) {
|
|
28041
|
+
if (this.isNotFoundError(err, "CacheClusterNotFoundFault"))
|
|
28042
|
+
return void 0;
|
|
28043
|
+
throw err;
|
|
28044
|
+
}
|
|
28045
|
+
if (!cluster)
|
|
28046
|
+
return void 0;
|
|
28047
|
+
const result = {};
|
|
28048
|
+
if (cluster.CacheClusterId !== void 0)
|
|
28049
|
+
result["ClusterName"] = cluster.CacheClusterId;
|
|
28050
|
+
if (cluster.Engine !== void 0)
|
|
28051
|
+
result["Engine"] = cluster.Engine;
|
|
28052
|
+
if (cluster.CacheNodeType !== void 0)
|
|
28053
|
+
result["CacheNodeType"] = cluster.CacheNodeType;
|
|
28054
|
+
if (cluster.NumCacheNodes !== void 0)
|
|
28055
|
+
result["NumCacheNodes"] = cluster.NumCacheNodes;
|
|
28056
|
+
if (cluster.CacheSubnetGroupName !== void 0) {
|
|
28057
|
+
result["CacheSubnetGroupName"] = cluster.CacheSubnetGroupName;
|
|
28058
|
+
}
|
|
28059
|
+
if (cluster.EngineVersion !== void 0)
|
|
28060
|
+
result["EngineVersion"] = cluster.EngineVersion;
|
|
28061
|
+
if (cluster.CacheParameterGroup?.CacheParameterGroupName !== void 0) {
|
|
28062
|
+
result["CacheParameterGroupName"] = cluster.CacheParameterGroup.CacheParameterGroupName;
|
|
28063
|
+
}
|
|
28064
|
+
if (cluster.PreferredMaintenanceWindow !== void 0) {
|
|
28065
|
+
result["PreferredMaintenanceWindow"] = cluster.PreferredMaintenanceWindow;
|
|
28066
|
+
}
|
|
28067
|
+
if (cluster.PreferredAvailabilityZone !== void 0) {
|
|
28068
|
+
result["PreferredAvailabilityZone"] = cluster.PreferredAvailabilityZone;
|
|
28069
|
+
}
|
|
28070
|
+
if (cluster.SnapshotRetentionLimit !== void 0) {
|
|
28071
|
+
result["SnapshotRetentionLimit"] = cluster.SnapshotRetentionLimit;
|
|
28072
|
+
}
|
|
28073
|
+
if (cluster.SnapshotWindow !== void 0)
|
|
28074
|
+
result["SnapshotWindow"] = cluster.SnapshotWindow;
|
|
28075
|
+
if (cluster.AutoMinorVersionUpgrade !== void 0) {
|
|
28076
|
+
result["AutoMinorVersionUpgrade"] = cluster.AutoMinorVersionUpgrade;
|
|
28077
|
+
}
|
|
28078
|
+
if (cluster.NotificationConfiguration?.TopicArn !== void 0) {
|
|
28079
|
+
result["NotificationTopicArn"] = cluster.NotificationConfiguration.TopicArn;
|
|
28080
|
+
}
|
|
28081
|
+
if (cluster.IpDiscovery !== void 0)
|
|
28082
|
+
result["IpDiscovery"] = cluster.IpDiscovery;
|
|
28083
|
+
if (cluster.NetworkType !== void 0)
|
|
28084
|
+
result["NetworkType"] = cluster.NetworkType;
|
|
28085
|
+
if (cluster.TransitEncryptionEnabled !== void 0) {
|
|
28086
|
+
result["TransitEncryptionEnabled"] = cluster.TransitEncryptionEnabled;
|
|
28087
|
+
}
|
|
28088
|
+
if (cluster.CacheNodes?.[0]?.Endpoint?.Port !== void 0) {
|
|
28089
|
+
result["Port"] = cluster.CacheNodes[0].Endpoint.Port;
|
|
28090
|
+
}
|
|
28091
|
+
if (cluster.SecurityGroups && cluster.SecurityGroups.length > 0) {
|
|
28092
|
+
const ids = cluster.SecurityGroups.map((sg) => sg.SecurityGroupId).filter(
|
|
28093
|
+
(id) => !!id
|
|
28094
|
+
);
|
|
28095
|
+
if (ids.length > 0)
|
|
28096
|
+
result["VpcSecurityGroupIds"] = ids;
|
|
28097
|
+
}
|
|
28098
|
+
return result;
|
|
28099
|
+
}
|
|
28100
|
+
async readSubnetGroup(physicalId) {
|
|
28101
|
+
let group;
|
|
28102
|
+
try {
|
|
28103
|
+
const resp = await this.getClient().send(
|
|
28104
|
+
new DescribeCacheSubnetGroupsCommand({ CacheSubnetGroupName: physicalId })
|
|
28105
|
+
);
|
|
28106
|
+
group = resp.CacheSubnetGroups?.[0];
|
|
28107
|
+
} catch (err) {
|
|
28108
|
+
if (this.isNotFoundError(err, "CacheSubnetGroupNotFoundFault"))
|
|
28109
|
+
return void 0;
|
|
28110
|
+
throw err;
|
|
28111
|
+
}
|
|
28112
|
+
if (!group)
|
|
28113
|
+
return void 0;
|
|
28114
|
+
const result = {};
|
|
28115
|
+
if (group.CacheSubnetGroupName !== void 0) {
|
|
28116
|
+
result["CacheSubnetGroupName"] = group.CacheSubnetGroupName;
|
|
28117
|
+
}
|
|
28118
|
+
if (group.CacheSubnetGroupDescription !== void 0) {
|
|
28119
|
+
result["CacheSubnetGroupDescription"] = group.CacheSubnetGroupDescription;
|
|
28120
|
+
}
|
|
28121
|
+
if (group.Subnets && group.Subnets.length > 0) {
|
|
28122
|
+
const ids = group.Subnets.map((s) => s.SubnetIdentifier).filter((id) => !!id);
|
|
28123
|
+
if (ids.length > 0)
|
|
28124
|
+
result["SubnetIds"] = ids;
|
|
28125
|
+
}
|
|
28126
|
+
return result;
|
|
28127
|
+
}
|
|
26616
28128
|
/**
|
|
26617
28129
|
* Adopt an existing ElastiCache resource into cdkd state.
|
|
26618
28130
|
*
|
|
@@ -27085,6 +28597,87 @@ var ServiceDiscoveryProvider = class {
|
|
|
27085
28597
|
* - **AWS::ServiceDiscovery::Service**: same shape — `ListServices` +
|
|
27086
28598
|
* `ListTagsForResource`. Both use `Tag[]` arrays.
|
|
27087
28599
|
*/
|
|
28600
|
+
/**
|
|
28601
|
+
* Read the AWS-current ServiceDiscovery resource configuration in CFn-property shape.
|
|
28602
|
+
*
|
|
28603
|
+
* Dispatch per resource type:
|
|
28604
|
+
* - `PrivateDnsNamespace` → `GetNamespace` (Name, Description). `Vpc`
|
|
28605
|
+
* is NOT returned by `GetNamespace` — Cloud Map exposes the VPC only
|
|
28606
|
+
* at create time and via `ListNamespaces`-side `Properties.DnsProperties.HostedZoneId`,
|
|
28607
|
+
* not as a directly comparable VPC ID. We skip it; the comparator
|
|
28608
|
+
* only descends into keys present in cdkd state, so an absent key
|
|
28609
|
+
* cannot fire false drift, but a `Vpc` change will not be detected
|
|
28610
|
+
* via this provider's drift surface (use the CFn-side `aws cloudmap`
|
|
28611
|
+
* CLI for that edge case).
|
|
28612
|
+
* - `Service` → `GetService` (Name, NamespaceId, Description, Type,
|
|
28613
|
+
* DnsConfig, HealthCheckConfig, HealthCheckCustomConfig).
|
|
28614
|
+
*
|
|
28615
|
+
* Tags are skipped (CDK auto-tag handling deferred). Returns `undefined`
|
|
28616
|
+
* when the resource is gone (`NamespaceNotFound` / `ServiceNotFound`).
|
|
28617
|
+
*/
|
|
28618
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
28619
|
+
switch (resourceType) {
|
|
28620
|
+
case "AWS::ServiceDiscovery::PrivateDnsNamespace":
|
|
28621
|
+
return this.readNamespace(physicalId);
|
|
28622
|
+
case "AWS::ServiceDiscovery::Service":
|
|
28623
|
+
return this.readService(physicalId);
|
|
28624
|
+
default:
|
|
28625
|
+
return void 0;
|
|
28626
|
+
}
|
|
28627
|
+
}
|
|
28628
|
+
async readNamespace(physicalId) {
|
|
28629
|
+
let ns;
|
|
28630
|
+
try {
|
|
28631
|
+
const resp = await this.getClient().send(new GetNamespaceCommand({ Id: physicalId }));
|
|
28632
|
+
ns = resp.Namespace;
|
|
28633
|
+
} catch (err) {
|
|
28634
|
+
if (err instanceof NamespaceNotFound)
|
|
28635
|
+
return void 0;
|
|
28636
|
+
throw err;
|
|
28637
|
+
}
|
|
28638
|
+
if (!ns)
|
|
28639
|
+
return void 0;
|
|
28640
|
+
const result = {};
|
|
28641
|
+
if (ns.Name !== void 0)
|
|
28642
|
+
result["Name"] = ns.Name;
|
|
28643
|
+
if (ns.Description !== void 0 && ns.Description !== "") {
|
|
28644
|
+
result["Description"] = ns.Description;
|
|
28645
|
+
}
|
|
28646
|
+
return result;
|
|
28647
|
+
}
|
|
28648
|
+
async readService(physicalId) {
|
|
28649
|
+
let svc;
|
|
28650
|
+
try {
|
|
28651
|
+
const resp = await this.getClient().send(new GetServiceCommand({ Id: physicalId }));
|
|
28652
|
+
svc = resp.Service;
|
|
28653
|
+
} catch (err) {
|
|
28654
|
+
if (err instanceof ServiceNotFound)
|
|
28655
|
+
return void 0;
|
|
28656
|
+
throw err;
|
|
28657
|
+
}
|
|
28658
|
+
if (!svc)
|
|
28659
|
+
return void 0;
|
|
28660
|
+
const result = {};
|
|
28661
|
+
if (svc.Name !== void 0)
|
|
28662
|
+
result["Name"] = svc.Name;
|
|
28663
|
+
if (svc.NamespaceId !== void 0)
|
|
28664
|
+
result["NamespaceId"] = svc.NamespaceId;
|
|
28665
|
+
if (svc.Description !== void 0 && svc.Description !== "") {
|
|
28666
|
+
result["Description"] = svc.Description;
|
|
28667
|
+
}
|
|
28668
|
+
if (svc.Type !== void 0)
|
|
28669
|
+
result["Type"] = svc.Type;
|
|
28670
|
+
if (svc.DnsConfig) {
|
|
28671
|
+
result["DnsConfig"] = svc.DnsConfig;
|
|
28672
|
+
}
|
|
28673
|
+
if (svc.HealthCheckConfig) {
|
|
28674
|
+
result["HealthCheckConfig"] = svc.HealthCheckConfig;
|
|
28675
|
+
}
|
|
28676
|
+
if (svc.HealthCheckCustomConfig) {
|
|
28677
|
+
result["HealthCheckCustomConfig"] = svc.HealthCheckCustomConfig;
|
|
28678
|
+
}
|
|
28679
|
+
return result;
|
|
28680
|
+
}
|
|
27088
28681
|
async import(input) {
|
|
27089
28682
|
switch (input.resourceType) {
|
|
27090
28683
|
case "AWS::ServiceDiscovery::PrivateDnsNamespace":
|
|
@@ -27201,6 +28794,9 @@ import {
|
|
|
27201
28794
|
DeleteApiKeyCommand,
|
|
27202
28795
|
StartSchemaCreationCommand,
|
|
27203
28796
|
GetGraphqlApiCommand,
|
|
28797
|
+
GetDataSourceCommand,
|
|
28798
|
+
GetResolverCommand,
|
|
28799
|
+
ListApiKeysCommand,
|
|
27204
28800
|
ListGraphqlApisCommand,
|
|
27205
28801
|
NotFoundException as AppSyncNotFoundException
|
|
27206
28802
|
} from "@aws-sdk/client-appsync";
|
|
@@ -27710,6 +29306,209 @@ var AppSyncProvider = class {
|
|
|
27710
29306
|
const name = error.name ?? "";
|
|
27711
29307
|
return message.includes("not found") || message.includes("does not exist") || name === "NotFoundException";
|
|
27712
29308
|
}
|
|
29309
|
+
/**
|
|
29310
|
+
* Read the AWS-current AppSync resource configuration in CFn-property shape.
|
|
29311
|
+
*
|
|
29312
|
+
* Dispatches per resource type:
|
|
29313
|
+
* - `GraphQLApi` → `GetGraphqlApi` (Name, AuthenticationType, XrayEnabled,
|
|
29314
|
+
* LogConfig). Tags are skipped (CDK auto-tag handling deferred).
|
|
29315
|
+
* - `DataSource` → `GetDataSource` (Name, Type, Description,
|
|
29316
|
+
* ServiceRoleArn, DynamoDBConfig, LambdaConfig, HttpConfig). The
|
|
29317
|
+
* `ApiId` cdkd holds is recovered from the `apiId|name` physicalId.
|
|
29318
|
+
* - `Resolver` → `GetResolver` (TypeName, FieldName, DataSourceName,
|
|
29319
|
+
* request/response templates, Kind, PipelineConfig, Runtime, Code).
|
|
29320
|
+
* - `ApiKey` → `ListApiKeys` filtered by id (no `GetApiKey` SDK call;
|
|
29321
|
+
* AppSync only exposes list-based access). Surfaces Description and
|
|
29322
|
+
* Expires.
|
|
29323
|
+
* - `GraphQLSchema` → `GetSchemaCreationStatus` is the closest live
|
|
29324
|
+
* state, but it returns a status string only (not the full schema
|
|
29325
|
+
* body). Schema bodies live in cdkd state's `Definition` and would
|
|
29326
|
+
* need `GetIntrospectionSchema` + reverse-mapping to compare; that's
|
|
29327
|
+
* a separate task. Returns `undefined` so the comparator marks it
|
|
29328
|
+
* as "drift unknown" rather than firing a false positive.
|
|
29329
|
+
*
|
|
29330
|
+
* Returns `undefined` when the parent resource is gone (`NotFoundException`).
|
|
29331
|
+
*/
|
|
29332
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
29333
|
+
switch (resourceType) {
|
|
29334
|
+
case "AWS::AppSync::GraphQLApi":
|
|
29335
|
+
return this.readGraphQLApi(physicalId);
|
|
29336
|
+
case "AWS::AppSync::DataSource":
|
|
29337
|
+
return this.readDataSource(physicalId);
|
|
29338
|
+
case "AWS::AppSync::Resolver":
|
|
29339
|
+
return this.readResolver(physicalId);
|
|
29340
|
+
case "AWS::AppSync::ApiKey":
|
|
29341
|
+
return this.readApiKey(physicalId);
|
|
29342
|
+
case "AWS::AppSync::GraphQLSchema":
|
|
29343
|
+
return void 0;
|
|
29344
|
+
default:
|
|
29345
|
+
return void 0;
|
|
29346
|
+
}
|
|
29347
|
+
}
|
|
29348
|
+
async readGraphQLApi(physicalId) {
|
|
29349
|
+
let api;
|
|
29350
|
+
try {
|
|
29351
|
+
const resp = await this.getClient().send(new GetGraphqlApiCommand({ apiId: physicalId }));
|
|
29352
|
+
api = resp.graphqlApi;
|
|
29353
|
+
} catch (err) {
|
|
29354
|
+
if (err instanceof AppSyncNotFoundException)
|
|
29355
|
+
return void 0;
|
|
29356
|
+
throw err;
|
|
29357
|
+
}
|
|
29358
|
+
if (!api)
|
|
29359
|
+
return void 0;
|
|
29360
|
+
const result = {};
|
|
29361
|
+
if (api.name !== void 0)
|
|
29362
|
+
result["Name"] = api.name;
|
|
29363
|
+
if (api.authenticationType !== void 0) {
|
|
29364
|
+
result["AuthenticationType"] = api.authenticationType;
|
|
29365
|
+
}
|
|
29366
|
+
if (api.xrayEnabled !== void 0)
|
|
29367
|
+
result["XrayEnabled"] = api.xrayEnabled;
|
|
29368
|
+
if (api.logConfig) {
|
|
29369
|
+
const log = {};
|
|
29370
|
+
if (api.logConfig.cloudWatchLogsRoleArn !== void 0) {
|
|
29371
|
+
log["CloudWatchLogsRoleArn"] = api.logConfig.cloudWatchLogsRoleArn;
|
|
29372
|
+
}
|
|
29373
|
+
if (api.logConfig.fieldLogLevel !== void 0) {
|
|
29374
|
+
log["FieldLogLevel"] = api.logConfig.fieldLogLevel;
|
|
29375
|
+
}
|
|
29376
|
+
if (api.logConfig.excludeVerboseContent !== void 0) {
|
|
29377
|
+
log["ExcludeVerboseContent"] = api.logConfig.excludeVerboseContent;
|
|
29378
|
+
}
|
|
29379
|
+
if (Object.keys(log).length > 0)
|
|
29380
|
+
result["LogConfig"] = log;
|
|
29381
|
+
}
|
|
29382
|
+
return result;
|
|
29383
|
+
}
|
|
29384
|
+
async readDataSource(physicalId) {
|
|
29385
|
+
const [apiId, name] = physicalId.split("|");
|
|
29386
|
+
if (!apiId || !name)
|
|
29387
|
+
return void 0;
|
|
29388
|
+
let ds;
|
|
29389
|
+
try {
|
|
29390
|
+
const resp = await this.getClient().send(new GetDataSourceCommand({ apiId, name }));
|
|
29391
|
+
ds = resp.dataSource;
|
|
29392
|
+
} catch (err) {
|
|
29393
|
+
if (err instanceof AppSyncNotFoundException)
|
|
29394
|
+
return void 0;
|
|
29395
|
+
throw err;
|
|
29396
|
+
}
|
|
29397
|
+
if (!ds)
|
|
29398
|
+
return void 0;
|
|
29399
|
+
const result = { ApiId: apiId };
|
|
29400
|
+
if (ds.name !== void 0)
|
|
29401
|
+
result["Name"] = ds.name;
|
|
29402
|
+
if (ds.type !== void 0)
|
|
29403
|
+
result["Type"] = ds.type;
|
|
29404
|
+
if (ds.description !== void 0 && ds.description !== "") {
|
|
29405
|
+
result["Description"] = ds.description;
|
|
29406
|
+
}
|
|
29407
|
+
if (ds.serviceRoleArn !== void 0)
|
|
29408
|
+
result["ServiceRoleArn"] = ds.serviceRoleArn;
|
|
29409
|
+
if (ds.dynamodbConfig) {
|
|
29410
|
+
const dynamo = {};
|
|
29411
|
+
if (ds.dynamodbConfig.tableName !== void 0)
|
|
29412
|
+
dynamo["TableName"] = ds.dynamodbConfig.tableName;
|
|
29413
|
+
if (ds.dynamodbConfig.awsRegion !== void 0)
|
|
29414
|
+
dynamo["AwsRegion"] = ds.dynamodbConfig.awsRegion;
|
|
29415
|
+
if (ds.dynamodbConfig.useCallerCredentials !== void 0) {
|
|
29416
|
+
dynamo["UseCallerCredentials"] = ds.dynamodbConfig.useCallerCredentials;
|
|
29417
|
+
}
|
|
29418
|
+
if (Object.keys(dynamo).length > 0)
|
|
29419
|
+
result["DynamoDBConfig"] = dynamo;
|
|
29420
|
+
}
|
|
29421
|
+
if (ds.lambdaConfig?.lambdaFunctionArn !== void 0) {
|
|
29422
|
+
result["LambdaConfig"] = { LambdaFunctionArn: ds.lambdaConfig.lambdaFunctionArn };
|
|
29423
|
+
}
|
|
29424
|
+
if (ds.httpConfig?.endpoint !== void 0) {
|
|
29425
|
+
result["HttpConfig"] = { Endpoint: ds.httpConfig.endpoint };
|
|
29426
|
+
}
|
|
29427
|
+
return result;
|
|
29428
|
+
}
|
|
29429
|
+
async readResolver(physicalId) {
|
|
29430
|
+
const parts = physicalId.split("|");
|
|
29431
|
+
if (parts.length < 3)
|
|
29432
|
+
return void 0;
|
|
29433
|
+
const [apiId, typeName, fieldName] = parts;
|
|
29434
|
+
if (!apiId || !typeName || !fieldName)
|
|
29435
|
+
return void 0;
|
|
29436
|
+
let resolver;
|
|
29437
|
+
try {
|
|
29438
|
+
const resp = await this.getClient().send(
|
|
29439
|
+
new GetResolverCommand({ apiId, typeName, fieldName })
|
|
29440
|
+
);
|
|
29441
|
+
resolver = resp.resolver;
|
|
29442
|
+
} catch (err) {
|
|
29443
|
+
if (err instanceof AppSyncNotFoundException)
|
|
29444
|
+
return void 0;
|
|
29445
|
+
throw err;
|
|
29446
|
+
}
|
|
29447
|
+
if (!resolver)
|
|
29448
|
+
return void 0;
|
|
29449
|
+
const result = { ApiId: apiId };
|
|
29450
|
+
if (resolver.typeName !== void 0)
|
|
29451
|
+
result["TypeName"] = resolver.typeName;
|
|
29452
|
+
if (resolver.fieldName !== void 0)
|
|
29453
|
+
result["FieldName"] = resolver.fieldName;
|
|
29454
|
+
if (resolver.dataSourceName !== void 0)
|
|
29455
|
+
result["DataSourceName"] = resolver.dataSourceName;
|
|
29456
|
+
if (resolver.requestMappingTemplate !== void 0) {
|
|
29457
|
+
result["RequestMappingTemplate"] = resolver.requestMappingTemplate;
|
|
29458
|
+
}
|
|
29459
|
+
if (resolver.responseMappingTemplate !== void 0) {
|
|
29460
|
+
result["ResponseMappingTemplate"] = resolver.responseMappingTemplate;
|
|
29461
|
+
}
|
|
29462
|
+
if (resolver.kind !== void 0)
|
|
29463
|
+
result["Kind"] = resolver.kind;
|
|
29464
|
+
if (resolver.pipelineConfig?.functions && resolver.pipelineConfig.functions.length > 0) {
|
|
29465
|
+
result["PipelineConfig"] = { Functions: [...resolver.pipelineConfig.functions] };
|
|
29466
|
+
}
|
|
29467
|
+
if (resolver.runtime) {
|
|
29468
|
+
const runtime = {};
|
|
29469
|
+
if (resolver.runtime.name !== void 0)
|
|
29470
|
+
runtime["Name"] = resolver.runtime.name;
|
|
29471
|
+
if (resolver.runtime.runtimeVersion !== void 0) {
|
|
29472
|
+
runtime["RuntimeVersion"] = resolver.runtime.runtimeVersion;
|
|
29473
|
+
}
|
|
29474
|
+
if (Object.keys(runtime).length > 0)
|
|
29475
|
+
result["Runtime"] = runtime;
|
|
29476
|
+
}
|
|
29477
|
+
if (resolver.code !== void 0)
|
|
29478
|
+
result["Code"] = resolver.code;
|
|
29479
|
+
return result;
|
|
29480
|
+
}
|
|
29481
|
+
async readApiKey(physicalId) {
|
|
29482
|
+
const [apiId, apiKeyId] = physicalId.split("|");
|
|
29483
|
+
if (!apiId || !apiKeyId)
|
|
29484
|
+
return void 0;
|
|
29485
|
+
let nextToken;
|
|
29486
|
+
do {
|
|
29487
|
+
let resp;
|
|
29488
|
+
try {
|
|
29489
|
+
resp = await this.getClient().send(
|
|
29490
|
+
new ListApiKeysCommand({ apiId, ...nextToken && { nextToken } })
|
|
29491
|
+
);
|
|
29492
|
+
} catch (err) {
|
|
29493
|
+
if (err instanceof AppSyncNotFoundException)
|
|
29494
|
+
return void 0;
|
|
29495
|
+
throw err;
|
|
29496
|
+
}
|
|
29497
|
+
for (const key of resp.apiKeys ?? []) {
|
|
29498
|
+
if (key.id === apiKeyId) {
|
|
29499
|
+
const result = { ApiId: apiId };
|
|
29500
|
+
if (key.description !== void 0 && key.description !== "") {
|
|
29501
|
+
result["Description"] = key.description;
|
|
29502
|
+
}
|
|
29503
|
+
if (key.expires !== void 0)
|
|
29504
|
+
result["Expires"] = key.expires;
|
|
29505
|
+
return result;
|
|
29506
|
+
}
|
|
29507
|
+
}
|
|
29508
|
+
nextToken = resp.nextToken;
|
|
29509
|
+
} while (nextToken);
|
|
29510
|
+
return void 0;
|
|
29511
|
+
}
|
|
27713
29512
|
/**
|
|
27714
29513
|
* Adopt an existing AppSync resource into cdkd state.
|
|
27715
29514
|
*
|
|
@@ -28118,49 +29917,159 @@ var GlueProvider = class {
|
|
|
28118
29917
|
if (sd["Compressed"] !== void 0) {
|
|
28119
29918
|
result.Compressed = sd["Compressed"];
|
|
28120
29919
|
}
|
|
28121
|
-
if (sd["NumberOfBuckets"] !== void 0) {
|
|
28122
|
-
result.NumberOfBuckets = sd["NumberOfBuckets"];
|
|
29920
|
+
if (sd["NumberOfBuckets"] !== void 0) {
|
|
29921
|
+
result.NumberOfBuckets = sd["NumberOfBuckets"];
|
|
29922
|
+
}
|
|
29923
|
+
if (sd["SerdeInfo"] !== void 0) {
|
|
29924
|
+
const serde = sd["SerdeInfo"];
|
|
29925
|
+
if (serde["Parameters"]) {
|
|
29926
|
+
const params = serde["Parameters"];
|
|
29927
|
+
const converted = {};
|
|
29928
|
+
for (const [k, v] of Object.entries(params)) {
|
|
29929
|
+
converted[k] = String(v);
|
|
29930
|
+
}
|
|
29931
|
+
serde["Parameters"] = converted;
|
|
29932
|
+
}
|
|
29933
|
+
result.SerdeInfo = serde;
|
|
29934
|
+
}
|
|
29935
|
+
if (sd["BucketColumns"] !== void 0) {
|
|
29936
|
+
result.BucketColumns = sd["BucketColumns"];
|
|
29937
|
+
}
|
|
29938
|
+
if (sd["SortColumns"] !== void 0) {
|
|
29939
|
+
result.SortColumns = sd["SortColumns"];
|
|
29940
|
+
}
|
|
29941
|
+
if (sd["Parameters"] !== void 0) {
|
|
29942
|
+
result.Parameters = sd["Parameters"];
|
|
29943
|
+
}
|
|
29944
|
+
if (sd["StoredAsSubDirectories"] !== void 0) {
|
|
29945
|
+
result.StoredAsSubDirectories = sd["StoredAsSubDirectories"];
|
|
29946
|
+
}
|
|
29947
|
+
return result;
|
|
29948
|
+
}
|
|
29949
|
+
/**
|
|
29950
|
+
* Adopt an existing Glue Database or Table into cdkd state.
|
|
29951
|
+
*
|
|
29952
|
+
* Lookup order (per type):
|
|
29953
|
+
* 1. Explicit override / template name → verify with `GetDatabase`
|
|
29954
|
+
* or `GetTable`.
|
|
29955
|
+
* 2. Walk `GetDatabases` / `GetTables` paginators and match the
|
|
29956
|
+
* `aws:cdk:path` tag via `GetTags(ResourceArn)`. Glue tags are
|
|
29957
|
+
* a `Record<string,string>` map (not a `Tag[]` array), so the
|
|
29958
|
+
* match is `tags?.[CDK_PATH_TAG] === input.cdkPath`.
|
|
29959
|
+
*
|
|
29960
|
+
* Glue list APIs return only names — ARNs are constructed locally
|
|
29961
|
+
* for the per-item GetTags call.
|
|
29962
|
+
*/
|
|
29963
|
+
/**
|
|
29964
|
+
* Read the AWS-current Glue resource configuration in CFn-property shape.
|
|
29965
|
+
*
|
|
29966
|
+
* Dispatch per resource type:
|
|
29967
|
+
* - `Database` → `GetDatabase` returning DatabaseInput-shape
|
|
29968
|
+
* (`Name`, `Description`, `LocationUri`, `Parameters`).
|
|
29969
|
+
* - `Table` → `GetTable` returning the same-named TableInput-shape
|
|
29970
|
+
* fields (`Name`, `Description`, `Owner`, `Retention`, `TableType`,
|
|
29971
|
+
* `PartitionKeys`, `Parameters`, `StorageDescriptor`, `ViewOriginalText`,
|
|
29972
|
+
* `ViewExpandedText`, `TargetTable`). The table physicalId is
|
|
29973
|
+
* `databaseName|tableName`; we recover both from the split.
|
|
29974
|
+
*
|
|
29975
|
+
* `CatalogId` is intentionally not surfaced — `GetDatabase` /
|
|
29976
|
+
* `GetTable` do not echo it back, and cdkd state's `CatalogId` is
|
|
29977
|
+
* usually the AWS account id (defaulted by the API). Comparator only
|
|
29978
|
+
* descends into keys present in state, so an absent surface key cannot
|
|
29979
|
+
* fire false drift here.
|
|
29980
|
+
*
|
|
29981
|
+
* Returns `undefined` when the resource is gone (`EntityNotFoundException`).
|
|
29982
|
+
* Other Glue resource types (`Job`, `Crawler`, `Connection`, `Trigger`,
|
|
29983
|
+
* `Workflow`, `SecurityConfiguration`, etc.) are out of scope for v1 —
|
|
29984
|
+
* the provider's `create()` only handles Database/Table; CC API picks
|
|
29985
|
+
* up drift detection for the rest.
|
|
29986
|
+
*/
|
|
29987
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
29988
|
+
switch (resourceType) {
|
|
29989
|
+
case "AWS::Glue::Database":
|
|
29990
|
+
return this.readDatabase(physicalId);
|
|
29991
|
+
case "AWS::Glue::Table":
|
|
29992
|
+
return this.readTable(physicalId);
|
|
29993
|
+
default:
|
|
29994
|
+
return void 0;
|
|
29995
|
+
}
|
|
29996
|
+
}
|
|
29997
|
+
async readDatabase(physicalId) {
|
|
29998
|
+
let db;
|
|
29999
|
+
try {
|
|
30000
|
+
const resp = await this.getClient().send(new GetDatabaseCommand({ Name: physicalId }));
|
|
30001
|
+
db = resp.Database;
|
|
30002
|
+
} catch (err) {
|
|
30003
|
+
if (err instanceof EntityNotFoundException)
|
|
30004
|
+
return void 0;
|
|
30005
|
+
throw err;
|
|
30006
|
+
}
|
|
30007
|
+
if (!db)
|
|
30008
|
+
return void 0;
|
|
30009
|
+
const dbInput = {};
|
|
30010
|
+
if (db.Name !== void 0)
|
|
30011
|
+
dbInput["Name"] = db.Name;
|
|
30012
|
+
if (db.Description !== void 0 && db.Description !== "") {
|
|
30013
|
+
dbInput["Description"] = db.Description;
|
|
30014
|
+
}
|
|
30015
|
+
if (db.LocationUri !== void 0)
|
|
30016
|
+
dbInput["LocationUri"] = db.LocationUri;
|
|
30017
|
+
if (db.Parameters && Object.keys(db.Parameters).length > 0) {
|
|
30018
|
+
dbInput["Parameters"] = db.Parameters;
|
|
30019
|
+
}
|
|
30020
|
+
return { DatabaseInput: dbInput };
|
|
30021
|
+
}
|
|
30022
|
+
async readTable(physicalId) {
|
|
30023
|
+
const [databaseName, tableName] = physicalId.split("|");
|
|
30024
|
+
if (!databaseName || !tableName)
|
|
30025
|
+
return void 0;
|
|
30026
|
+
let table;
|
|
30027
|
+
try {
|
|
30028
|
+
const resp = await this.getClient().send(
|
|
30029
|
+
new GetTableCommand({ DatabaseName: databaseName, Name: tableName })
|
|
30030
|
+
);
|
|
30031
|
+
table = resp.Table;
|
|
30032
|
+
} catch (err) {
|
|
30033
|
+
if (err instanceof EntityNotFoundException)
|
|
30034
|
+
return void 0;
|
|
30035
|
+
throw err;
|
|
30036
|
+
}
|
|
30037
|
+
if (!table)
|
|
30038
|
+
return void 0;
|
|
30039
|
+
const tableInput = {};
|
|
30040
|
+
if (table.Name !== void 0)
|
|
30041
|
+
tableInput["Name"] = table.Name;
|
|
30042
|
+
if (table.Description !== void 0 && table.Description !== "") {
|
|
30043
|
+
tableInput["Description"] = table.Description;
|
|
30044
|
+
}
|
|
30045
|
+
if (table.Owner !== void 0)
|
|
30046
|
+
tableInput["Owner"] = table.Owner;
|
|
30047
|
+
if (table.Retention !== void 0)
|
|
30048
|
+
tableInput["Retention"] = table.Retention;
|
|
30049
|
+
if (table.TableType !== void 0)
|
|
30050
|
+
tableInput["TableType"] = table.TableType;
|
|
30051
|
+
if (table.PartitionKeys && table.PartitionKeys.length > 0) {
|
|
30052
|
+
tableInput["PartitionKeys"] = table.PartitionKeys.map(
|
|
30053
|
+
(k) => k
|
|
30054
|
+
);
|
|
28123
30055
|
}
|
|
28124
|
-
if (
|
|
28125
|
-
|
|
28126
|
-
if (serde["Parameters"]) {
|
|
28127
|
-
const params = serde["Parameters"];
|
|
28128
|
-
const converted = {};
|
|
28129
|
-
for (const [k, v] of Object.entries(params)) {
|
|
28130
|
-
converted[k] = String(v);
|
|
28131
|
-
}
|
|
28132
|
-
serde["Parameters"] = converted;
|
|
28133
|
-
}
|
|
28134
|
-
result.SerdeInfo = serde;
|
|
30056
|
+
if (table.Parameters && Object.keys(table.Parameters).length > 0) {
|
|
30057
|
+
tableInput["Parameters"] = table.Parameters;
|
|
28135
30058
|
}
|
|
28136
|
-
if (
|
|
28137
|
-
|
|
30059
|
+
if (table.StorageDescriptor) {
|
|
30060
|
+
tableInput["StorageDescriptor"] = table.StorageDescriptor;
|
|
28138
30061
|
}
|
|
28139
|
-
if (
|
|
28140
|
-
|
|
30062
|
+
if (table.ViewOriginalText !== void 0) {
|
|
30063
|
+
tableInput["ViewOriginalText"] = table.ViewOriginalText;
|
|
28141
30064
|
}
|
|
28142
|
-
if (
|
|
28143
|
-
|
|
30065
|
+
if (table.ViewExpandedText !== void 0) {
|
|
30066
|
+
tableInput["ViewExpandedText"] = table.ViewExpandedText;
|
|
28144
30067
|
}
|
|
28145
|
-
if (
|
|
28146
|
-
|
|
30068
|
+
if (table.TargetTable) {
|
|
30069
|
+
tableInput["TargetTable"] = table.TargetTable;
|
|
28147
30070
|
}
|
|
28148
|
-
return
|
|
30071
|
+
return { DatabaseName: databaseName, TableInput: tableInput };
|
|
28149
30072
|
}
|
|
28150
|
-
/**
|
|
28151
|
-
* Adopt an existing Glue Database or Table into cdkd state.
|
|
28152
|
-
*
|
|
28153
|
-
* Lookup order (per type):
|
|
28154
|
-
* 1. Explicit override / template name → verify with `GetDatabase`
|
|
28155
|
-
* or `GetTable`.
|
|
28156
|
-
* 2. Walk `GetDatabases` / `GetTables` paginators and match the
|
|
28157
|
-
* `aws:cdk:path` tag via `GetTags(ResourceArn)`. Glue tags are
|
|
28158
|
-
* a `Record<string,string>` map (not a `Tag[]` array), so the
|
|
28159
|
-
* match is `tags?.[CDK_PATH_TAG] === input.cdkPath`.
|
|
28160
|
-
*
|
|
28161
|
-
* Glue list APIs return only names — ARNs are constructed locally
|
|
28162
|
-
* for the per-item GetTags call.
|
|
28163
|
-
*/
|
|
28164
30073
|
async import(input) {
|
|
28165
30074
|
switch (input.resourceType) {
|
|
28166
30075
|
case "AWS::Glue::Database":
|
|
@@ -28700,6 +30609,88 @@ var KMSProvider = class {
|
|
|
28700
30609
|
);
|
|
28701
30610
|
}
|
|
28702
30611
|
}
|
|
30612
|
+
/**
|
|
30613
|
+
* Read the AWS-current KMS resource configuration in CFn-property shape.
|
|
30614
|
+
*
|
|
30615
|
+
* Dispatches by resource type:
|
|
30616
|
+
* - `AWS::KMS::Key` → `DescribeKey`. Surfaces `Description`, `KeySpec`,
|
|
30617
|
+
* `KeyUsage`, `Enabled`, `MultiRegion`, `Origin`. `KeyPolicy` is
|
|
30618
|
+
* intentionally NOT retrieved — `GetKeyPolicy` is a separate call
|
|
30619
|
+
* and the policy body needs JSON parsing for comparison; deferred
|
|
30620
|
+
* to a follow-up. `EnableKeyRotation` / `RotationPeriodInDays`
|
|
30621
|
+
* would require `GetKeyRotationStatus`; also deferred.
|
|
30622
|
+
* - `AWS::KMS::Alias` → `ListAliases` filtered to the alias name.
|
|
30623
|
+
* Surfaces `AliasName`, `TargetKeyId`. `ListAliases` is paginated
|
|
30624
|
+
* since there's no direct "describe one alias" API.
|
|
30625
|
+
*
|
|
30626
|
+
* `Tags` is intentionally omitted (separate `ListResourceTags` round-trip
|
|
30627
|
+
* for keys; auto-injected `aws:cdk:path` tag-shape question is out of
|
|
30628
|
+
* scope here). `BypassPolicyLockoutSafetyCheck` and `PendingWindowInDays`
|
|
30629
|
+
* are not part of the persisted AWS state visible via `DescribeKey`.
|
|
30630
|
+
*
|
|
30631
|
+
* Returns `undefined` when the resource is gone (`NotFoundException`).
|
|
30632
|
+
*/
|
|
30633
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
30634
|
+
switch (resourceType) {
|
|
30635
|
+
case "AWS::KMS::Key":
|
|
30636
|
+
return this.readCurrentStateKey(physicalId);
|
|
30637
|
+
case "AWS::KMS::Alias":
|
|
30638
|
+
return this.readCurrentStateAlias(physicalId);
|
|
30639
|
+
default:
|
|
30640
|
+
return void 0;
|
|
30641
|
+
}
|
|
30642
|
+
}
|
|
30643
|
+
async readCurrentStateKey(physicalId) {
|
|
30644
|
+
let resp;
|
|
30645
|
+
try {
|
|
30646
|
+
resp = await this.getClient().send(
|
|
30647
|
+
new DescribeKeyCommand({ KeyId: physicalId })
|
|
30648
|
+
);
|
|
30649
|
+
} catch (err) {
|
|
30650
|
+
if (err instanceof NotFoundException5)
|
|
30651
|
+
return void 0;
|
|
30652
|
+
throw err;
|
|
30653
|
+
}
|
|
30654
|
+
const md = resp.KeyMetadata;
|
|
30655
|
+
if (!md)
|
|
30656
|
+
return void 0;
|
|
30657
|
+
const result = {};
|
|
30658
|
+
if (md.Description !== void 0 && md.Description !== "") {
|
|
30659
|
+
result["Description"] = md.Description;
|
|
30660
|
+
}
|
|
30661
|
+
if (md.KeySpec !== void 0)
|
|
30662
|
+
result["KeySpec"] = md.KeySpec;
|
|
30663
|
+
if (md.KeyUsage !== void 0)
|
|
30664
|
+
result["KeyUsage"] = md.KeyUsage;
|
|
30665
|
+
if (md.Enabled !== void 0)
|
|
30666
|
+
result["Enabled"] = md.Enabled;
|
|
30667
|
+
if (md.MultiRegion !== void 0)
|
|
30668
|
+
result["MultiRegion"] = md.MultiRegion;
|
|
30669
|
+
if (md.Origin !== void 0)
|
|
30670
|
+
result["Origin"] = md.Origin;
|
|
30671
|
+
return result;
|
|
30672
|
+
}
|
|
30673
|
+
async readCurrentStateAlias(physicalId) {
|
|
30674
|
+
let marker;
|
|
30675
|
+
do {
|
|
30676
|
+
const list = await this.getClient().send(
|
|
30677
|
+
new ListAliasesCommand2({ ...marker && { Marker: marker } })
|
|
30678
|
+
);
|
|
30679
|
+
const found = list.Aliases?.find(
|
|
30680
|
+
(a) => a.AliasName === physicalId
|
|
30681
|
+
);
|
|
30682
|
+
if (found) {
|
|
30683
|
+
const result = {};
|
|
30684
|
+
if (found.AliasName)
|
|
30685
|
+
result["AliasName"] = found.AliasName;
|
|
30686
|
+
if (found.TargetKeyId)
|
|
30687
|
+
result["TargetKeyId"] = found.TargetKeyId;
|
|
30688
|
+
return result;
|
|
30689
|
+
}
|
|
30690
|
+
marker = list.NextMarker;
|
|
30691
|
+
} while (marker);
|
|
30692
|
+
return void 0;
|
|
30693
|
+
}
|
|
28703
30694
|
/**
|
|
28704
30695
|
* Adopt an existing KMS key or alias into cdkd state.
|
|
28705
30696
|
*
|
|
@@ -29055,6 +31046,57 @@ var KinesisStreamProvider = class {
|
|
|
29055
31046
|
* Kinesis tags use the standard `Tag[]` array shape (`Key`/`Value`),
|
|
29056
31047
|
* so `matchesCdkPath` from import-helpers applies directly.
|
|
29057
31048
|
*/
|
|
31049
|
+
/**
|
|
31050
|
+
* Read the AWS-current Kinesis stream configuration in CFn-property shape.
|
|
31051
|
+
*
|
|
31052
|
+
* Issues `DescribeStream` and surfaces the keys cdkd's `create()`
|
|
31053
|
+
* accepts: `Name`, `StreamModeDetails`, `ShardCount`, `RetentionPeriodHours`,
|
|
31054
|
+
* and `StreamEncryption`. Tags are skipped (CDK auto-tag handling deferred).
|
|
31055
|
+
*
|
|
31056
|
+
* `ShardCount` is reported as the count of `Shards[]` in the stream
|
|
31057
|
+
* description (only present for PROVISIONED-mode streams; ON_DEMAND
|
|
31058
|
+
* mode reports an empty list).
|
|
31059
|
+
*
|
|
31060
|
+
* Returns `undefined` when the stream is gone (`ResourceNotFoundException`).
|
|
31061
|
+
* Only `AWS::Kinesis::Stream` is supported (the provider does not handle
|
|
31062
|
+
* `AWS::Kinesis::StreamConsumer`).
|
|
31063
|
+
*/
|
|
31064
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
31065
|
+
if (resourceType !== "AWS::Kinesis::Stream")
|
|
31066
|
+
return void 0;
|
|
31067
|
+
let stream;
|
|
31068
|
+
try {
|
|
31069
|
+
const resp = await this.getClient().send(
|
|
31070
|
+
new DescribeStreamCommand({ StreamName: physicalId })
|
|
31071
|
+
);
|
|
31072
|
+
stream = resp.StreamDescription;
|
|
31073
|
+
} catch (err) {
|
|
31074
|
+
if (err instanceof ResourceNotFoundException13)
|
|
31075
|
+
return void 0;
|
|
31076
|
+
throw err;
|
|
31077
|
+
}
|
|
31078
|
+
if (!stream)
|
|
31079
|
+
return void 0;
|
|
31080
|
+
const result = {};
|
|
31081
|
+
if (stream.StreamName !== void 0)
|
|
31082
|
+
result["Name"] = stream.StreamName;
|
|
31083
|
+
if (stream.StreamModeDetails?.StreamMode !== void 0) {
|
|
31084
|
+
result["StreamModeDetails"] = { StreamMode: stream.StreamModeDetails.StreamMode };
|
|
31085
|
+
}
|
|
31086
|
+
if (stream.Shards && stream.Shards.length > 0) {
|
|
31087
|
+
result["ShardCount"] = stream.Shards.length;
|
|
31088
|
+
}
|
|
31089
|
+
if (stream.RetentionPeriodHours !== void 0) {
|
|
31090
|
+
result["RetentionPeriodHours"] = stream.RetentionPeriodHours;
|
|
31091
|
+
}
|
|
31092
|
+
if (stream.EncryptionType !== void 0 && stream.EncryptionType !== "NONE") {
|
|
31093
|
+
const encryption = { EncryptionType: stream.EncryptionType };
|
|
31094
|
+
if (stream.KeyId !== void 0)
|
|
31095
|
+
encryption["KeyId"] = stream.KeyId;
|
|
31096
|
+
result["StreamEncryption"] = encryption;
|
|
31097
|
+
}
|
|
31098
|
+
return result;
|
|
31099
|
+
}
|
|
29058
31100
|
async import(input) {
|
|
29059
31101
|
const explicit = resolveExplicitPhysicalId(input, "Name");
|
|
29060
31102
|
if (explicit) {
|
|
@@ -29134,6 +31176,8 @@ import {
|
|
|
29134
31176
|
DeleteAccessPointCommand,
|
|
29135
31177
|
DescribeFileSystemsCommand,
|
|
29136
31178
|
DescribeAccessPointsCommand,
|
|
31179
|
+
DescribeLifecycleConfigurationCommand,
|
|
31180
|
+
DescribeBackupPolicyCommand,
|
|
29137
31181
|
FileSystemNotFound,
|
|
29138
31182
|
MountTargetNotFound,
|
|
29139
31183
|
AccessPointNotFound
|
|
@@ -29535,6 +31579,173 @@ var EFSProvider = class {
|
|
|
29535
31579
|
);
|
|
29536
31580
|
}
|
|
29537
31581
|
}
|
|
31582
|
+
/**
|
|
31583
|
+
* Read the AWS-current EFS resource configuration in CFn-property shape.
|
|
31584
|
+
*
|
|
31585
|
+
* Dispatch per resource type:
|
|
31586
|
+
* - `FileSystem` → `DescribeFileSystems` filtered by id (PerformanceMode,
|
|
31587
|
+
* ThroughputMode, Encrypted, KmsKeyId, ProvisionedThroughputInMibps),
|
|
31588
|
+
* plus optional `DescribeLifecycleConfiguration` and
|
|
31589
|
+
* `DescribeBackupPolicy` enrichment. Each enrichment call is wrapped
|
|
31590
|
+
* in its own try/catch so a "not configured" error on either omits
|
|
31591
|
+
* the corresponding key without failing the whole snapshot.
|
|
31592
|
+
* - `AccessPoint` → `DescribeAccessPoints` filtered by id (PosixUser,
|
|
31593
|
+
* RootDirectory).
|
|
31594
|
+
* - `MountTarget` → `DescribeMountTargets` (FileSystemId, SubnetId).
|
|
31595
|
+
* SecurityGroups requires a separate call and is omitted for v1.
|
|
31596
|
+
*
|
|
31597
|
+
* Tags are skipped across all three (CDK auto-tag handling deferred).
|
|
31598
|
+
* Returns `undefined` when the resource is gone (`*NotFound`).
|
|
31599
|
+
*/
|
|
31600
|
+
async readCurrentState(physicalId, _logicalId, resourceType) {
|
|
31601
|
+
switch (resourceType) {
|
|
31602
|
+
case "AWS::EFS::FileSystem":
|
|
31603
|
+
return this.readFileSystem(physicalId);
|
|
31604
|
+
case "AWS::EFS::AccessPoint":
|
|
31605
|
+
return this.readAccessPoint(physicalId);
|
|
31606
|
+
case "AWS::EFS::MountTarget":
|
|
31607
|
+
return this.readMountTarget(physicalId);
|
|
31608
|
+
default:
|
|
31609
|
+
return void 0;
|
|
31610
|
+
}
|
|
31611
|
+
}
|
|
31612
|
+
async readFileSystem(physicalId) {
|
|
31613
|
+
let fs;
|
|
31614
|
+
try {
|
|
31615
|
+
const resp = await this.getClient().send(
|
|
31616
|
+
new DescribeFileSystemsCommand({ FileSystemId: physicalId })
|
|
31617
|
+
);
|
|
31618
|
+
fs = resp.FileSystems?.[0];
|
|
31619
|
+
} catch (err) {
|
|
31620
|
+
if (err instanceof FileSystemNotFound)
|
|
31621
|
+
return void 0;
|
|
31622
|
+
throw err;
|
|
31623
|
+
}
|
|
31624
|
+
if (!fs)
|
|
31625
|
+
return void 0;
|
|
31626
|
+
const result = {};
|
|
31627
|
+
if (fs.PerformanceMode !== void 0)
|
|
31628
|
+
result["PerformanceMode"] = fs.PerformanceMode;
|
|
31629
|
+
if (fs.ThroughputMode !== void 0)
|
|
31630
|
+
result["ThroughputMode"] = fs.ThroughputMode;
|
|
31631
|
+
if (fs.Encrypted !== void 0)
|
|
31632
|
+
result["Encrypted"] = fs.Encrypted;
|
|
31633
|
+
if (fs.KmsKeyId !== void 0)
|
|
31634
|
+
result["KmsKeyId"] = fs.KmsKeyId;
|
|
31635
|
+
if (fs.ProvisionedThroughputInMibps !== void 0) {
|
|
31636
|
+
result["ProvisionedThroughputInMibps"] = fs.ProvisionedThroughputInMibps;
|
|
31637
|
+
}
|
|
31638
|
+
try {
|
|
31639
|
+
const resp = await this.getClient().send(
|
|
31640
|
+
new DescribeLifecycleConfigurationCommand({ FileSystemId: physicalId })
|
|
31641
|
+
);
|
|
31642
|
+
const policies = resp.LifecyclePolicies;
|
|
31643
|
+
if (policies && policies.length > 0) {
|
|
31644
|
+
result["LifecyclePolicies"] = policies.map((p) => {
|
|
31645
|
+
const out = {};
|
|
31646
|
+
if (p.TransitionToIA !== void 0)
|
|
31647
|
+
out["TransitionToIA"] = p.TransitionToIA;
|
|
31648
|
+
if (p.TransitionToPrimaryStorageClass !== void 0) {
|
|
31649
|
+
out["TransitionToPrimaryStorageClass"] = p.TransitionToPrimaryStorageClass;
|
|
31650
|
+
}
|
|
31651
|
+
if (p.TransitionToArchive !== void 0)
|
|
31652
|
+
out["TransitionToArchive"] = p.TransitionToArchive;
|
|
31653
|
+
return out;
|
|
31654
|
+
});
|
|
31655
|
+
}
|
|
31656
|
+
} catch (err) {
|
|
31657
|
+
if (err instanceof FileSystemNotFound)
|
|
31658
|
+
return void 0;
|
|
31659
|
+
const e = err;
|
|
31660
|
+
if (e.name !== "PolicyNotFound") {
|
|
31661
|
+
}
|
|
31662
|
+
}
|
|
31663
|
+
try {
|
|
31664
|
+
const resp = await this.getClient().send(
|
|
31665
|
+
new DescribeBackupPolicyCommand({ FileSystemId: physicalId })
|
|
31666
|
+
);
|
|
31667
|
+
if (resp.BackupPolicy?.Status !== void 0) {
|
|
31668
|
+
result["BackupPolicy"] = { Status: resp.BackupPolicy.Status };
|
|
31669
|
+
}
|
|
31670
|
+
} catch (err) {
|
|
31671
|
+
if (err instanceof FileSystemNotFound)
|
|
31672
|
+
return void 0;
|
|
31673
|
+
}
|
|
31674
|
+
return result;
|
|
31675
|
+
}
|
|
31676
|
+
async readAccessPoint(physicalId) {
|
|
31677
|
+
let ap;
|
|
31678
|
+
try {
|
|
31679
|
+
const resp = await this.getClient().send(
|
|
31680
|
+
new DescribeAccessPointsCommand({ AccessPointId: physicalId })
|
|
31681
|
+
);
|
|
31682
|
+
ap = resp.AccessPoints?.[0];
|
|
31683
|
+
} catch (err) {
|
|
31684
|
+
if (err instanceof AccessPointNotFound)
|
|
31685
|
+
return void 0;
|
|
31686
|
+
throw err;
|
|
31687
|
+
}
|
|
31688
|
+
if (!ap)
|
|
31689
|
+
return void 0;
|
|
31690
|
+
const result = {};
|
|
31691
|
+
if (ap.FileSystemId !== void 0)
|
|
31692
|
+
result["FileSystemId"] = ap.FileSystemId;
|
|
31693
|
+
if (ap.PosixUser) {
|
|
31694
|
+
const posix = {};
|
|
31695
|
+
if (ap.PosixUser.Uid !== void 0)
|
|
31696
|
+
posix["Uid"] = ap.PosixUser.Uid;
|
|
31697
|
+
if (ap.PosixUser.Gid !== void 0)
|
|
31698
|
+
posix["Gid"] = ap.PosixUser.Gid;
|
|
31699
|
+
if (ap.PosixUser.SecondaryGids && ap.PosixUser.SecondaryGids.length > 0) {
|
|
31700
|
+
posix["SecondaryGids"] = [...ap.PosixUser.SecondaryGids];
|
|
31701
|
+
}
|
|
31702
|
+
if (Object.keys(posix).length > 0)
|
|
31703
|
+
result["PosixUser"] = posix;
|
|
31704
|
+
}
|
|
31705
|
+
if (ap.RootDirectory) {
|
|
31706
|
+
const root = {};
|
|
31707
|
+
if (ap.RootDirectory.Path !== void 0)
|
|
31708
|
+
root["Path"] = ap.RootDirectory.Path;
|
|
31709
|
+
if (ap.RootDirectory.CreationInfo) {
|
|
31710
|
+
const ci = {};
|
|
31711
|
+
if (ap.RootDirectory.CreationInfo.OwnerUid !== void 0) {
|
|
31712
|
+
ci["OwnerUid"] = ap.RootDirectory.CreationInfo.OwnerUid;
|
|
31713
|
+
}
|
|
31714
|
+
if (ap.RootDirectory.CreationInfo.OwnerGid !== void 0) {
|
|
31715
|
+
ci["OwnerGid"] = ap.RootDirectory.CreationInfo.OwnerGid;
|
|
31716
|
+
}
|
|
31717
|
+
if (ap.RootDirectory.CreationInfo.Permissions !== void 0) {
|
|
31718
|
+
ci["Permissions"] = ap.RootDirectory.CreationInfo.Permissions;
|
|
31719
|
+
}
|
|
31720
|
+
if (Object.keys(ci).length > 0)
|
|
31721
|
+
root["CreationInfo"] = ci;
|
|
31722
|
+
}
|
|
31723
|
+
if (Object.keys(root).length > 0)
|
|
31724
|
+
result["RootDirectory"] = root;
|
|
31725
|
+
}
|
|
31726
|
+
return result;
|
|
31727
|
+
}
|
|
31728
|
+
async readMountTarget(physicalId) {
|
|
31729
|
+
let mt;
|
|
31730
|
+
try {
|
|
31731
|
+
const resp = await this.getClient().send(
|
|
31732
|
+
new DescribeMountTargetsCommand({ MountTargetId: physicalId })
|
|
31733
|
+
);
|
|
31734
|
+
mt = resp.MountTargets?.[0];
|
|
31735
|
+
} catch (err) {
|
|
31736
|
+
if (err instanceof MountTargetNotFound)
|
|
31737
|
+
return void 0;
|
|
31738
|
+
throw err;
|
|
31739
|
+
}
|
|
31740
|
+
if (!mt)
|
|
31741
|
+
return void 0;
|
|
31742
|
+
const result = {};
|
|
31743
|
+
if (mt.FileSystemId !== void 0)
|
|
31744
|
+
result["FileSystemId"] = mt.FileSystemId;
|
|
31745
|
+
if (mt.SubnetId !== void 0)
|
|
31746
|
+
result["SubnetId"] = mt.SubnetId;
|
|
31747
|
+
return result;
|
|
31748
|
+
}
|
|
29538
31749
|
/**
|
|
29539
31750
|
* Adopt an existing EFS resource into cdkd state.
|
|
29540
31751
|
*
|
|
@@ -29987,6 +32198,63 @@ var FirehoseProvider = class {
|
|
|
29987
32198
|
*
|
|
29988
32199
|
* Firehose tags use the standard `Tag[]` array shape (`Key`/`Value`).
|
|
29989
32200
|
*/
|
|
32201
|
+
/**
|
|
32202
|
+
* Read the AWS-current Firehose delivery stream configuration in CFn-property shape.
|
|
32203
|
+
*
|
|
32204
|
+
* Surfaces top-level configuration that has a clean 1:1 mapping back to
|
|
32205
|
+
* cdkd state — `DeliveryStreamName`, `DeliveryStreamType`, and the
|
|
32206
|
+
* `KinesisStreamSourceConfiguration` parent fields when present (the
|
|
32207
|
+
* `DescribeDeliveryStream` response splits source under `Source.KinesisStreamSourceDescription`).
|
|
32208
|
+
*
|
|
32209
|
+
* Destination configurations (`*DestinationConfiguration` in CFn vs.
|
|
32210
|
+
* `*DestinationDescription` in `DescribeDeliveryStream`) are intentionally
|
|
32211
|
+
* not re-shaped here. Their nested fields are large and the description
|
|
32212
|
+
* vs. configuration shape divergence (extra metadata, write-only fields
|
|
32213
|
+
* like `Password` redacted) makes a clean comparator surface impossible
|
|
32214
|
+
* for v1. We do surface the destination *kind* under a stable key so
|
|
32215
|
+
* users at least see destination drift across types, but not the inner
|
|
32216
|
+
* fields. Drift on destination contents is best chased manually via
|
|
32217
|
+
* `aws firehose describe-delivery-stream` for now.
|
|
32218
|
+
*
|
|
32219
|
+
* Tags + DeliveryStreamEncryptionConfigurationInput are skipped (they
|
|
32220
|
+
* each need separate calls / shape decisions).
|
|
32221
|
+
*
|
|
32222
|
+
* Returns `undefined` when the stream is gone (`ResourceNotFoundException`).
|
|
32223
|
+
*/
|
|
32224
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
32225
|
+
let desc;
|
|
32226
|
+
try {
|
|
32227
|
+
const resp = await this.getClient().send(
|
|
32228
|
+
new DescribeDeliveryStreamCommand({ DeliveryStreamName: physicalId })
|
|
32229
|
+
);
|
|
32230
|
+
desc = resp.DeliveryStreamDescription;
|
|
32231
|
+
} catch (err) {
|
|
32232
|
+
if (err instanceof ResourceNotFoundException14)
|
|
32233
|
+
return void 0;
|
|
32234
|
+
throw err;
|
|
32235
|
+
}
|
|
32236
|
+
if (!desc)
|
|
32237
|
+
return void 0;
|
|
32238
|
+
const result = {};
|
|
32239
|
+
if (desc.DeliveryStreamName !== void 0) {
|
|
32240
|
+
result["DeliveryStreamName"] = desc.DeliveryStreamName;
|
|
32241
|
+
}
|
|
32242
|
+
if (desc.DeliveryStreamType !== void 0) {
|
|
32243
|
+
result["DeliveryStreamType"] = desc.DeliveryStreamType;
|
|
32244
|
+
}
|
|
32245
|
+
if (desc.Source?.KinesisStreamSourceDescription) {
|
|
32246
|
+
const src = desc.Source.KinesisStreamSourceDescription;
|
|
32247
|
+
const srcOut = {};
|
|
32248
|
+
if (src.KinesisStreamARN !== void 0)
|
|
32249
|
+
srcOut["KinesisStreamARN"] = src.KinesisStreamARN;
|
|
32250
|
+
if (src.RoleARN !== void 0)
|
|
32251
|
+
srcOut["RoleARN"] = src.RoleARN;
|
|
32252
|
+
if (Object.keys(srcOut).length > 0) {
|
|
32253
|
+
result["KinesisStreamSourceConfiguration"] = srcOut;
|
|
32254
|
+
}
|
|
32255
|
+
}
|
|
32256
|
+
return result;
|
|
32257
|
+
}
|
|
29990
32258
|
async import(input) {
|
|
29991
32259
|
const explicit = resolveExplicitPhysicalId(input, "DeliveryStreamName");
|
|
29992
32260
|
if (explicit) {
|
|
@@ -30062,6 +32330,8 @@ import {
|
|
|
30062
32330
|
PutEventSelectorsCommand,
|
|
30063
32331
|
PutInsightSelectorsCommand,
|
|
30064
32332
|
GetTrailCommand,
|
|
32333
|
+
GetTrailStatusCommand,
|
|
32334
|
+
GetEventSelectorsCommand,
|
|
30065
32335
|
ListTrailsCommand,
|
|
30066
32336
|
ListTagsCommand as ListTagsCommand3,
|
|
30067
32337
|
TrailNotFoundException
|
|
@@ -30303,6 +32573,86 @@ var CloudTrailProvider = class {
|
|
|
30303
32573
|
* 2. `ListTrails` + `ListTags` (CloudTrail uses `Tag[]` arrays per ARN),
|
|
30304
32574
|
* match `aws:cdk:path` tag.
|
|
30305
32575
|
*/
|
|
32576
|
+
/**
|
|
32577
|
+
* Read the AWS-current CloudTrail Trail configuration in CFn-property shape.
|
|
32578
|
+
*
|
|
32579
|
+
* Issues `GetTrail`, plus best-effort `GetTrailStatus` (for `IsLogging`)
|
|
32580
|
+
* and `GetEventSelectors` (for `EventSelectors`). Each enrichment call is
|
|
32581
|
+
* wrapped in its own try/catch so an "AccessDenied" or other transient
|
|
32582
|
+
* error on the secondary calls omits that key without failing the
|
|
32583
|
+
* whole snapshot — the comparator only descends into keys present in
|
|
32584
|
+
* state.
|
|
32585
|
+
*
|
|
32586
|
+
* Mapping: AWS `GetTrail` returns `KmsKeyId` (lowercase `s`) while CFn
|
|
32587
|
+
* uses `KMSKeyId`; we re-shape the key. SnsTopicARN is the Trail's
|
|
32588
|
+
* derived field; the cdkd state property is `SnsTopicName` so we
|
|
32589
|
+
* surface `SnsTopicName` directly from `GetTrail.SnsTopicName`.
|
|
32590
|
+
*
|
|
32591
|
+
* Tags + InsightSelectors are skipped for v1 (each needs its own
|
|
32592
|
+
* separate call + shape mapping).
|
|
32593
|
+
*
|
|
32594
|
+
* Returns `undefined` when the trail is gone (`TrailNotFoundException`).
|
|
32595
|
+
*/
|
|
32596
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
32597
|
+
let trail;
|
|
32598
|
+
try {
|
|
32599
|
+
const resp = await this.getClient().send(new GetTrailCommand({ Name: physicalId }));
|
|
32600
|
+
trail = resp.Trail;
|
|
32601
|
+
} catch (err) {
|
|
32602
|
+
if (err instanceof TrailNotFoundException)
|
|
32603
|
+
return void 0;
|
|
32604
|
+
throw err;
|
|
32605
|
+
}
|
|
32606
|
+
if (!trail)
|
|
32607
|
+
return void 0;
|
|
32608
|
+
const result = {};
|
|
32609
|
+
if (trail.Name !== void 0)
|
|
32610
|
+
result["TrailName"] = trail.Name;
|
|
32611
|
+
if (trail.S3BucketName !== void 0)
|
|
32612
|
+
result["S3BucketName"] = trail.S3BucketName;
|
|
32613
|
+
if (trail.S3KeyPrefix !== void 0)
|
|
32614
|
+
result["S3KeyPrefix"] = trail.S3KeyPrefix;
|
|
32615
|
+
if (trail.IsMultiRegionTrail !== void 0) {
|
|
32616
|
+
result["IsMultiRegionTrail"] = trail.IsMultiRegionTrail;
|
|
32617
|
+
}
|
|
32618
|
+
if (trail.IncludeGlobalServiceEvents !== void 0) {
|
|
32619
|
+
result["IncludeGlobalServiceEvents"] = trail.IncludeGlobalServiceEvents;
|
|
32620
|
+
}
|
|
32621
|
+
if (trail.LogFileValidationEnabled !== void 0) {
|
|
32622
|
+
result["EnableLogFileValidation"] = trail.LogFileValidationEnabled;
|
|
32623
|
+
}
|
|
32624
|
+
if (trail.CloudWatchLogsLogGroupArn !== void 0) {
|
|
32625
|
+
result["CloudWatchLogsLogGroupArn"] = trail.CloudWatchLogsLogGroupArn;
|
|
32626
|
+
}
|
|
32627
|
+
if (trail.CloudWatchLogsRoleArn !== void 0) {
|
|
32628
|
+
result["CloudWatchLogsRoleArn"] = trail.CloudWatchLogsRoleArn;
|
|
32629
|
+
}
|
|
32630
|
+
if (trail.KmsKeyId !== void 0)
|
|
32631
|
+
result["KMSKeyId"] = trail.KmsKeyId;
|
|
32632
|
+
if (trail.SnsTopicName !== void 0)
|
|
32633
|
+
result["SnsTopicName"] = trail.SnsTopicName;
|
|
32634
|
+
if (trail.IsOrganizationTrail !== void 0) {
|
|
32635
|
+
result["IsOrganizationTrail"] = trail.IsOrganizationTrail;
|
|
32636
|
+
}
|
|
32637
|
+
try {
|
|
32638
|
+
const status = await this.getClient().send(new GetTrailStatusCommand({ Name: physicalId }));
|
|
32639
|
+
if (status.IsLogging !== void 0)
|
|
32640
|
+
result["IsLogging"] = status.IsLogging;
|
|
32641
|
+
} catch {
|
|
32642
|
+
}
|
|
32643
|
+
try {
|
|
32644
|
+
const sel = await this.getClient().send(
|
|
32645
|
+
new GetEventSelectorsCommand({ TrailName: physicalId })
|
|
32646
|
+
);
|
|
32647
|
+
if (sel.EventSelectors && sel.EventSelectors.length > 0) {
|
|
32648
|
+
result["EventSelectors"] = sel.EventSelectors.map(
|
|
32649
|
+
(es) => es
|
|
32650
|
+
);
|
|
32651
|
+
}
|
|
32652
|
+
} catch {
|
|
32653
|
+
}
|
|
32654
|
+
return result;
|
|
32655
|
+
}
|
|
30306
32656
|
async import(input) {
|
|
30307
32657
|
const explicit = resolveExplicitPhysicalId(input, "TrailName");
|
|
30308
32658
|
if (explicit) {
|
|
@@ -30620,6 +32970,141 @@ var CodeBuildProvider = class {
|
|
|
30620
32970
|
* `key`/`value` tags, not the standard `Key`/`Value`), match
|
|
30621
32971
|
* `aws:cdk:path` tag.
|
|
30622
32972
|
*/
|
|
32973
|
+
/**
|
|
32974
|
+
* Read the AWS-current CodeBuild Project configuration in CFn-property shape.
|
|
32975
|
+
*
|
|
32976
|
+
* Issues `BatchGetProjects` and re-shapes the SDK's camelCase response back
|
|
32977
|
+
* to CFn's PascalCase shape (the `mapProperties` helper above goes the
|
|
32978
|
+
* other way at create time). The drift comparator only descends into
|
|
32979
|
+
* keys present in cdkd state, so we focus on the high-value top-level
|
|
32980
|
+
* fields and the most commonly-set `Source` / `Artifacts` /
|
|
32981
|
+
* `Environment` sub-fields. Less common nested config (full
|
|
32982
|
+
* `LogsConfig`, `VpcConfig` rebuild, secondary sources/artifacts, etc.)
|
|
32983
|
+
* is left to a follow-up — surfacing them with a partial shape would
|
|
32984
|
+
* fire false drift on every project that uses them.
|
|
32985
|
+
*
|
|
32986
|
+
* Tags are skipped (CDK auto-tag handling deferred). Returns `undefined`
|
|
32987
|
+
* when the project is gone (`projects` array empty / `projectsNotFound` set).
|
|
32988
|
+
*/
|
|
32989
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
32990
|
+
let project;
|
|
32991
|
+
try {
|
|
32992
|
+
const resp = await this.getClient().send(
|
|
32993
|
+
new BatchGetProjectsCommand({ names: [physicalId] })
|
|
32994
|
+
);
|
|
32995
|
+
project = resp.projects?.[0];
|
|
32996
|
+
} catch (err) {
|
|
32997
|
+
if (err instanceof ResourceNotFoundException15)
|
|
32998
|
+
return void 0;
|
|
32999
|
+
throw err;
|
|
33000
|
+
}
|
|
33001
|
+
if (!project)
|
|
33002
|
+
return void 0;
|
|
33003
|
+
const result = {};
|
|
33004
|
+
if (project.name !== void 0)
|
|
33005
|
+
result["Name"] = project.name;
|
|
33006
|
+
if (project.description !== void 0 && project.description !== "") {
|
|
33007
|
+
result["Description"] = project.description;
|
|
33008
|
+
}
|
|
33009
|
+
if (project.serviceRole !== void 0)
|
|
33010
|
+
result["ServiceRole"] = project.serviceRole;
|
|
33011
|
+
if (project.timeoutInMinutes !== void 0) {
|
|
33012
|
+
result["TimeoutInMinutes"] = project.timeoutInMinutes;
|
|
33013
|
+
}
|
|
33014
|
+
if (project.queuedTimeoutInMinutes !== void 0) {
|
|
33015
|
+
result["QueuedTimeoutInMinutes"] = project.queuedTimeoutInMinutes;
|
|
33016
|
+
}
|
|
33017
|
+
if (project.encryptionKey !== void 0)
|
|
33018
|
+
result["EncryptionKey"] = project.encryptionKey;
|
|
33019
|
+
if (project.concurrentBuildLimit !== void 0) {
|
|
33020
|
+
result["ConcurrentBuildLimit"] = project.concurrentBuildLimit;
|
|
33021
|
+
}
|
|
33022
|
+
if (project.badge?.badgeEnabled !== void 0) {
|
|
33023
|
+
result["BadgeEnabled"] = project.badge.badgeEnabled;
|
|
33024
|
+
}
|
|
33025
|
+
if (project.sourceVersion !== void 0)
|
|
33026
|
+
result["SourceVersion"] = project.sourceVersion;
|
|
33027
|
+
if (project.source) {
|
|
33028
|
+
const src = {};
|
|
33029
|
+
if (project.source.type !== void 0)
|
|
33030
|
+
src["Type"] = project.source.type;
|
|
33031
|
+
if (project.source.location !== void 0)
|
|
33032
|
+
src["Location"] = project.source.location;
|
|
33033
|
+
if (project.source.buildspec !== void 0)
|
|
33034
|
+
src["BuildSpec"] = project.source.buildspec;
|
|
33035
|
+
if (project.source.gitCloneDepth !== void 0) {
|
|
33036
|
+
src["GitCloneDepth"] = project.source.gitCloneDepth;
|
|
33037
|
+
}
|
|
33038
|
+
if (project.source.insecureSsl !== void 0)
|
|
33039
|
+
src["InsecureSsl"] = project.source.insecureSsl;
|
|
33040
|
+
if (project.source.reportBuildStatus !== void 0) {
|
|
33041
|
+
src["ReportBuildStatus"] = project.source.reportBuildStatus;
|
|
33042
|
+
}
|
|
33043
|
+
if (Object.keys(src).length > 0)
|
|
33044
|
+
result["Source"] = src;
|
|
33045
|
+
}
|
|
33046
|
+
if (project.artifacts) {
|
|
33047
|
+
const art = {};
|
|
33048
|
+
if (project.artifacts.type !== void 0)
|
|
33049
|
+
art["Type"] = project.artifacts.type;
|
|
33050
|
+
if (project.artifacts.location !== void 0)
|
|
33051
|
+
art["Location"] = project.artifacts.location;
|
|
33052
|
+
if (project.artifacts.path !== void 0)
|
|
33053
|
+
art["Path"] = project.artifacts.path;
|
|
33054
|
+
if (project.artifacts.name !== void 0)
|
|
33055
|
+
art["Name"] = project.artifacts.name;
|
|
33056
|
+
if (project.artifacts.namespaceType !== void 0) {
|
|
33057
|
+
art["NamespaceType"] = project.artifacts.namespaceType;
|
|
33058
|
+
}
|
|
33059
|
+
if (project.artifacts.packaging !== void 0)
|
|
33060
|
+
art["Packaging"] = project.artifacts.packaging;
|
|
33061
|
+
if (project.artifacts.encryptionDisabled !== void 0) {
|
|
33062
|
+
art["EncryptionDisabled"] = project.artifacts.encryptionDisabled;
|
|
33063
|
+
}
|
|
33064
|
+
if (project.artifacts.overrideArtifactName !== void 0) {
|
|
33065
|
+
art["OverrideArtifactName"] = project.artifacts.overrideArtifactName;
|
|
33066
|
+
}
|
|
33067
|
+
if (project.artifacts.artifactIdentifier !== void 0) {
|
|
33068
|
+
art["ArtifactIdentifier"] = project.artifacts.artifactIdentifier;
|
|
33069
|
+
}
|
|
33070
|
+
if (Object.keys(art).length > 0)
|
|
33071
|
+
result["Artifacts"] = art;
|
|
33072
|
+
}
|
|
33073
|
+
if (project.environment) {
|
|
33074
|
+
const env = {};
|
|
33075
|
+
if (project.environment.type !== void 0)
|
|
33076
|
+
env["Type"] = project.environment.type;
|
|
33077
|
+
if (project.environment.image !== void 0)
|
|
33078
|
+
env["Image"] = project.environment.image;
|
|
33079
|
+
if (project.environment.computeType !== void 0) {
|
|
33080
|
+
env["ComputeType"] = project.environment.computeType;
|
|
33081
|
+
}
|
|
33082
|
+
if (project.environment.privilegedMode !== void 0) {
|
|
33083
|
+
env["PrivilegedMode"] = project.environment.privilegedMode;
|
|
33084
|
+
}
|
|
33085
|
+
if (project.environment.imagePullCredentialsType !== void 0) {
|
|
33086
|
+
env["ImagePullCredentialsType"] = project.environment.imagePullCredentialsType;
|
|
33087
|
+
}
|
|
33088
|
+
if (project.environment.certificate !== void 0) {
|
|
33089
|
+
env["Certificate"] = project.environment.certificate;
|
|
33090
|
+
}
|
|
33091
|
+
if (project.environment.environmentVariables && project.environment.environmentVariables.length > 0) {
|
|
33092
|
+
env["EnvironmentVariables"] = project.environment.environmentVariables.map((ev) => {
|
|
33093
|
+
const out = {};
|
|
33094
|
+
if (ev.name !== void 0)
|
|
33095
|
+
out["Name"] = ev.name;
|
|
33096
|
+
if (ev.value !== void 0)
|
|
33097
|
+
out["Value"] = ev.value;
|
|
33098
|
+
if (ev.type !== void 0)
|
|
33099
|
+
out["Type"] = ev.type;
|
|
33100
|
+
return out;
|
|
33101
|
+
});
|
|
33102
|
+
}
|
|
33103
|
+
if (Object.keys(env).length > 0)
|
|
33104
|
+
result["Environment"] = env;
|
|
33105
|
+
}
|
|
33106
|
+
return result;
|
|
33107
|
+
}
|
|
30623
33108
|
async import(input) {
|
|
30624
33109
|
const explicit = resolveExplicitPhysicalId(input, "Name");
|
|
30625
33110
|
if (explicit) {
|
|
@@ -31712,12 +34197,14 @@ import {
|
|
|
31712
34197
|
CreateRepositoryCommand,
|
|
31713
34198
|
DeleteRepositoryCommand,
|
|
31714
34199
|
DescribeRepositoriesCommand,
|
|
34200
|
+
GetLifecyclePolicyCommand,
|
|
31715
34201
|
PutLifecyclePolicyCommand,
|
|
31716
34202
|
SetRepositoryPolicyCommand,
|
|
31717
34203
|
PutImageScanningConfigurationCommand,
|
|
31718
34204
|
PutImageTagMutabilityCommand,
|
|
31719
34205
|
TagResourceCommand as TagResourceCommand7,
|
|
31720
34206
|
ListTagsForResourceCommand as ListTagsForResourceCommand18,
|
|
34207
|
+
LifecyclePolicyNotFoundException,
|
|
31721
34208
|
RepositoryNotFoundException
|
|
31722
34209
|
} from "@aws-sdk/client-ecr";
|
|
31723
34210
|
var ECRProvider = class {
|
|
@@ -31951,6 +34438,82 @@ var ECRProvider = class {
|
|
|
31951
34438
|
);
|
|
31952
34439
|
}
|
|
31953
34440
|
}
|
|
34441
|
+
/**
|
|
34442
|
+
* Read the AWS-current ECR repository configuration in CFn-property shape.
|
|
34443
|
+
*
|
|
34444
|
+
* Issues `DescribeRepositories(filtered=[name])` for the repository's
|
|
34445
|
+
* configuration, then a separate `GetLifecyclePolicy` for `LifecyclePolicy`
|
|
34446
|
+
* (which `DescribeRepositories` doesn't return).
|
|
34447
|
+
*
|
|
34448
|
+
* Surfaced keys: `RepositoryName`, `ImageTagMutability`,
|
|
34449
|
+
* `ImageScanningConfiguration`, `EncryptionConfiguration`, `LifecyclePolicy`
|
|
34450
|
+
* (when configured — `LifecyclePolicyNotFoundException` is caught and the
|
|
34451
|
+
* key omitted, NOT propagated as repo-gone).
|
|
34452
|
+
*
|
|
34453
|
+
* Intentionally omitted:
|
|
34454
|
+
* - `RepositoryPolicyText`: requires a separate `GetRepositoryPolicy`
|
|
34455
|
+
* round-trip; cdkd state holds the policy as either a string or an
|
|
34456
|
+
* object (depending on user input), and the comparator round-trip
|
|
34457
|
+
* is not yet handled here.
|
|
34458
|
+
* - `Tags`: requires `ListTagsForResource`; auto-injected
|
|
34459
|
+
* `aws:cdk:path` tag-shape question is out of scope.
|
|
34460
|
+
* - `EmptyOnDelete` / `ImageTagMutabilityExclusionFilters`: not part
|
|
34461
|
+
* of the persisted AWS state visible via standard Describe.
|
|
34462
|
+
*
|
|
34463
|
+
* Returns `undefined` when the repository is gone (`RepositoryNotFoundException`).
|
|
34464
|
+
*/
|
|
34465
|
+
async readCurrentState(physicalId, _logicalId, _resourceType) {
|
|
34466
|
+
let repo;
|
|
34467
|
+
try {
|
|
34468
|
+
repo = await this.getClient().send(
|
|
34469
|
+
new DescribeRepositoriesCommand({ repositoryNames: [physicalId] })
|
|
34470
|
+
);
|
|
34471
|
+
} catch (err) {
|
|
34472
|
+
if (err instanceof RepositoryNotFoundException)
|
|
34473
|
+
return void 0;
|
|
34474
|
+
throw err;
|
|
34475
|
+
}
|
|
34476
|
+
const r = repo.repositories?.[0];
|
|
34477
|
+
if (!r)
|
|
34478
|
+
return void 0;
|
|
34479
|
+
const result = {};
|
|
34480
|
+
if (r.repositoryName !== void 0)
|
|
34481
|
+
result["RepositoryName"] = r.repositoryName;
|
|
34482
|
+
if (r.imageTagMutability !== void 0)
|
|
34483
|
+
result["ImageTagMutability"] = r.imageTagMutability;
|
|
34484
|
+
if (r.imageScanningConfiguration) {
|
|
34485
|
+
const inner = {};
|
|
34486
|
+
if (r.imageScanningConfiguration.scanOnPush !== void 0) {
|
|
34487
|
+
inner["ScanOnPush"] = r.imageScanningConfiguration.scanOnPush;
|
|
34488
|
+
}
|
|
34489
|
+
if (Object.keys(inner).length > 0)
|
|
34490
|
+
result["ImageScanningConfiguration"] = inner;
|
|
34491
|
+
}
|
|
34492
|
+
if (r.encryptionConfiguration) {
|
|
34493
|
+
const inner = {};
|
|
34494
|
+
if (r.encryptionConfiguration.encryptionType !== void 0) {
|
|
34495
|
+
inner["EncryptionType"] = r.encryptionConfiguration.encryptionType;
|
|
34496
|
+
}
|
|
34497
|
+
if (r.encryptionConfiguration.kmsKey !== void 0) {
|
|
34498
|
+
inner["KmsKey"] = r.encryptionConfiguration.kmsKey;
|
|
34499
|
+
}
|
|
34500
|
+
if (Object.keys(inner).length > 0)
|
|
34501
|
+
result["EncryptionConfiguration"] = inner;
|
|
34502
|
+
}
|
|
34503
|
+
try {
|
|
34504
|
+
const lp = await this.getClient().send(
|
|
34505
|
+
new GetLifecyclePolicyCommand({ repositoryName: physicalId })
|
|
34506
|
+
);
|
|
34507
|
+
if (lp.lifecyclePolicyText) {
|
|
34508
|
+
result["LifecyclePolicy"] = { LifecyclePolicyText: lp.lifecyclePolicyText };
|
|
34509
|
+
}
|
|
34510
|
+
} catch (err) {
|
|
34511
|
+
if (!(err instanceof LifecyclePolicyNotFoundException)) {
|
|
34512
|
+
throw err;
|
|
34513
|
+
}
|
|
34514
|
+
}
|
|
34515
|
+
return result;
|
|
34516
|
+
}
|
|
31954
34517
|
/**
|
|
31955
34518
|
* Adopt an existing ECR repository into cdkd state.
|
|
31956
34519
|
*
|
|
@@ -37826,7 +40389,7 @@ function reorderArgs(argv) {
|
|
|
37826
40389
|
}
|
|
37827
40390
|
async function main() {
|
|
37828
40391
|
const program = new Command14();
|
|
37829
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.
|
|
40392
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.40.0");
|
|
37830
40393
|
program.addCommand(createBootstrapCommand());
|
|
37831
40394
|
program.addCommand(createSynthCommand());
|
|
37832
40395
|
program.addCommand(createListCommand());
|