npm - @go-to-k/cdkd - Versions diffs - 0.46.0 → 0.46.1 - Mend

@go-to-k/cdkd 0.46.0 → 0.46.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js +92 -9
package/dist/cli.js.map +2 -2
package/dist/go-to-k-cdkd-0.46.1.tgz +0 -0
package/dist/index.js +12 -0
package/dist/index.js.map +2 -2
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.46.0.tgz +0 -0

package/dist/cli.js CHANGED Viewed

@@ -9175,6 +9175,18 @@ var IAMRoleProvider = class {
     }
     return result;
   }
+  /**
+   * `Policies` (inline policy bodies) are intentionally omitted from
+   * `readCurrentState`: surfacing the names without bodies would
+   * guarantee a `PolicyDocument`-shaped drift on every role, and
+   * fetching every body costs one extra `GetRolePolicy` per inline
+   * policy. Tell the drift comparator to skip the whole subtree until a
+   * dedicated PR adds proper inline-policy drift via per-name
+   * `GetRolePolicy`.
+   */
+  getDriftUnknownPaths() {
+    return ["Policies"];
+  }
   /**
    * Adopt an existing IAM role into cdkd state.
    *
@@ -13568,6 +13580,18 @@ var SNSTopicProvider = class {
     }
     return result;
   }
+  /**
+   * `DeliveryStatusLogging` fans out to per-protocol attributes
+   * (`{Protocol}SuccessFeedbackRoleArn` etc.) whose round-trip back to the
+   * CFn array shape is not yet implemented; `Subscription` is managed via
+   * separate `AWS::SNS::Subscription` resources rather than the Topic
+   * itself. Both are absent from `readCurrentState`, so tell the drift
+   * comparator to skip them and avoid the guaranteed false-positive that
+   * would fire on every clean run when the user did template either.
+   */
+  getDriftUnknownPaths() {
+    return ["DeliveryStatusLogging", "Subscription"];
+  }
   /**
    * Adopt an existing SNS topic into cdkd state.
    *
@@ -14843,6 +14867,17 @@ var LambdaFunctionProvider = class {
       throw err;
     }
   }
+  /**
+   * `Code: { S3Bucket, S3Key }` is set on create / update but `GetFunction`
+   * only returns a pre-signed URL for the deployed code, never the original
+   * asset key — so a state-recorded `Code` value can never match an
+   * AWS-current snapshot. Tell the drift comparator to skip the whole
+   * `Code` subtree to avoid the guaranteed false-positive that would fire
+   * on every clean run.
+   */
+  getDriftUnknownPaths() {
+    return ["Code"];
+  }
   /**
    * Adopt an existing Lambda function into cdkd state.
    *
@@ -15986,6 +16021,16 @@ var LambdaLayerVersionProvider = class {
     }
     return result;
   }
+  /**
+   * `Content: { S3Bucket, S3Key }` is set on create but
+   * `GetLayerVersionByArn` only returns a pre-signed URL for the deployed
+   * content — the original asset key is unrecoverable. Tell the drift
+   * comparator to skip the whole `Content` subtree to avoid the guaranteed
+   * false-positive that would fire on every clean run.
+   */
+  getDriftUnknownPaths() {
+    return ["Content"];
+  }
   /**
    * Adopt an existing Lambda layer version into cdkd state.
    *
@@ -17519,6 +17564,16 @@ var SecretsManagerSecretProvider = class {
       throw err;
     }
   }
+  /**
+   * `SecretString` and `GenerateSecretString` are set on create but
+   * `DescribeSecret` does not return the secret value (that lives behind
+   * `GetSecretValue`, which we deliberately never call to avoid surfacing
+   * plaintext through drift). Tell the drift comparator to skip both keys
+   * so they don't fire guaranteed false-positive drift on every clean run.
+   */
+  getDriftUnknownPaths() {
+    return ["SecretString", "GenerateSecretString"];
+  }
   /**
    * Adopt an existing Secrets Manager secret into cdkd state.
    *
@@ -38531,19 +38586,34 @@ import { Command as Command6, Option as Option3 } from "commander";
 init_aws_clients();
 // src/analyzer/drift-calculator.ts
-function calculateResourceDrift(stateProperties, awsProperties) {
+function calculateResourceDrift(stateProperties, awsProperties, options) {
   const drifts = [];
+  const ignore = options?.ignorePaths ?? [];
   for (const key of Object.keys(stateProperties)) {
-    diffAt(key, stateProperties[key], awsProperties[key], drifts);
+    if (isIgnoredPath(key, ignore))
+      continue;
+    diffAt(key, stateProperties[key], awsProperties[key], drifts, ignore);
   }
   return drifts;
 }
-function diffAt(path, stateValue, awsValue, out) {
+function isIgnoredPath(path, ignorePaths) {
+  for (const entry of ignorePaths) {
+    if (path === entry)
+      return true;
+    if (path.startsWith(`${entry}.`))
+      return true;
+  }
+  return false;
+}
+function diffAt(path, stateValue, awsValue, out, ignorePaths) {
   if (deepEqual(stateValue, awsValue))
     return;
   if (isPlainObject(stateValue) && isPlainObject(awsValue) && !Array.isArray(stateValue) && !Array.isArray(awsValue)) {
     for (const key of Object.keys(stateValue)) {
-      diffAt(`${path}.${key}`, stateValue[key], awsValue[key], out);
+      const childPath = `${path}.${key}`;
+      if (isIgnoredPath(childPath, ignorePaths))
+        continue;
+      diffAt(childPath, stateValue[key], awsValue[key], out, ignorePaths);
     }
     return;
   }
@@ -38721,9 +38791,6 @@ async function driftCommand(stacks, options) {
     logger.setLevel("debug");
   }
   warnIfDeprecatedRegion(options);
-  if (!options.all && stacks.length === 0) {
-    throw new Error("Stack name is required. Usage: cdkd drift <stack> [<stack>...] | --all");
-  }
   if (options.accept && options.revert) {
     throw new Error(
       "--accept and --revert are mutually exclusive. Use --accept to update cdkd state from AWS, or --revert to push cdkd state values back into AWS."
@@ -38804,6 +38871,21 @@ function resolveTargetRefs(stacks, stateRefs, options) {
     }
     return stateRefs;
   }
+  if (stacks.length === 0) {
+    const candidates = options.stackRegion ? stateRefs.filter((r) => r.region === options.stackRegion) : stateRefs;
+    if (candidates.length === 0) {
+      throw new Error(
+        "No stacks found in state bucket. Run `cdkd deploy` first, or pass --all explicitly."
+      );
+    }
+    if (candidates.length === 1) {
+      return [candidates[0]];
+    }
+    const listing = candidates.map((r) => `${r.stackName}${r.region ? ` (${r.region})` : ""}`).join(", ");
+    throw new Error(
+      `Multiple stacks found in state: ${listing}. Specify stack name(s) or use --all.`
+    );
+  }
   const out = [];
   for (const stackName of stacks) {
     const matches = stateRefs.filter((r) => r.stackName === stackName);
@@ -38901,7 +38983,8 @@ async function runDriftForStack(stackName, region, stateBackend, providerRegistr
         });
         continue;
       }
-      const changes = calculateResourceDrift(resource.properties ?? {}, aws);
+      const ignorePaths = provider.getDriftUnknownPaths ? provider.getDriftUnknownPaths(resource.resourceType) : [];
+      const changes = calculateResourceDrift(resource.properties ?? {}, aws, { ignorePaths });
       if (changes.length === 0) {
         outcomes.push({ kind: "clean", logicalId, resourceType: resource.resourceType });
       } else {
@@ -42448,7 +42531,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command14();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.46.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.46.1");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());