@go-to-k/cdkd 0.50.11 → 0.50.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +218 -113
- package/dist/cli.js.map +2 -2
- package/dist/go-to-k-cdkd-0.50.12.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.50.11.tgz +0 -0
package/dist/cli.js
CHANGED
|
@@ -13838,7 +13838,7 @@ var SNSSubscriptionProvider = class {
|
|
|
13838
13838
|
try {
|
|
13839
13839
|
const attributes = {};
|
|
13840
13840
|
const filterPolicy = properties["FilterPolicy"];
|
|
13841
|
-
if (filterPolicy) {
|
|
13841
|
+
if (filterPolicy !== void 0) {
|
|
13842
13842
|
attributes["FilterPolicy"] = typeof filterPolicy === "string" ? filterPolicy : JSON.stringify(filterPolicy);
|
|
13843
13843
|
}
|
|
13844
13844
|
const response = await this.snsClient.send(
|
|
@@ -17107,6 +17107,19 @@ var LogsLogGroupProvider = class {
|
|
|
17107
17107
|
}
|
|
17108
17108
|
return this.buildArn(physicalId);
|
|
17109
17109
|
}
|
|
17110
|
+
/**
|
|
17111
|
+
* Drift comparator skip-list: properties readCurrentState deliberately
|
|
17112
|
+
* cannot round-trip from AWS yet. `DataProtectionPolicy` lives behind
|
|
17113
|
+
* its own `GetDataProtectionPolicy` API call (not in
|
|
17114
|
+
* `DescribeLogGroups` output) — declaring it here prevents
|
|
17115
|
+
* guaranteed false-positive drift on every clean run for log groups
|
|
17116
|
+
* deployed with a data-protection policy. Lifting this guard requires
|
|
17117
|
+
* a per-group `GetDataProtectionPolicy` round-trip in
|
|
17118
|
+
* `readCurrentState`.
|
|
17119
|
+
*/
|
|
17120
|
+
getDriftUnknownPaths() {
|
|
17121
|
+
return ["DataProtectionPolicy"];
|
|
17122
|
+
}
|
|
17110
17123
|
/**
|
|
17111
17124
|
* Read the AWS-current log group configuration in CFn-property shape.
|
|
17112
17125
|
*
|
|
@@ -17141,25 +17154,24 @@ var LogsLogGroupProvider = class {
|
|
|
17141
17154
|
if (found.logGroupName !== void 0)
|
|
17142
17155
|
result["LogGroupName"] = found.logGroupName;
|
|
17143
17156
|
result["KmsKeyId"] = found.kmsKeyId ?? "";
|
|
17144
|
-
|
|
17145
|
-
result["RetentionInDays"] = found.retentionInDays;
|
|
17146
|
-
}
|
|
17157
|
+
result["RetentionInDays"] = found.retentionInDays ?? 0;
|
|
17147
17158
|
if (found.logGroupClass !== void 0)
|
|
17148
17159
|
result["LogGroupClass"] = found.logGroupClass;
|
|
17160
|
+
let tags = [];
|
|
17149
17161
|
if (found.arn) {
|
|
17150
17162
|
const arnForTags = found.arn.replace(/:\*$/, "");
|
|
17151
17163
|
try {
|
|
17152
17164
|
const tagsResp = await this.logsClient.send(
|
|
17153
17165
|
new ListTagsForResourceCommand2({ resourceArn: arnForTags })
|
|
17154
17166
|
);
|
|
17155
|
-
|
|
17156
|
-
result["Tags"] = tags;
|
|
17167
|
+
tags = normalizeAwsTagsToCfn(tagsResp.tags);
|
|
17157
17168
|
} catch (err) {
|
|
17158
17169
|
if (err instanceof ResourceNotFoundException7)
|
|
17159
17170
|
return void 0;
|
|
17160
17171
|
throw err;
|
|
17161
17172
|
}
|
|
17162
17173
|
}
|
|
17174
|
+
result["Tags"] = tags;
|
|
17163
17175
|
return result;
|
|
17164
17176
|
} catch (err) {
|
|
17165
17177
|
if (err instanceof ResourceNotFoundException7)
|
|
@@ -17439,6 +17451,7 @@ var CloudWatchAlarmProvider = class {
|
|
|
17439
17451
|
* Build PutMetricAlarm parameters from CDK properties
|
|
17440
17452
|
*/
|
|
17441
17453
|
buildAlarmParams(alarmName, properties) {
|
|
17454
|
+
const emptyToUndefined = (v) => typeof v === "string" && v === "" ? void 0 : v;
|
|
17442
17455
|
const params = {
|
|
17443
17456
|
AlarmName: alarmName,
|
|
17444
17457
|
ComparisonOperator: properties["ComparisonOperator"],
|
|
@@ -17446,15 +17459,16 @@ var CloudWatchAlarmProvider = class {
|
|
|
17446
17459
|
Threshold: properties["Threshold"],
|
|
17447
17460
|
ActionsEnabled: properties["ActionsEnabled"],
|
|
17448
17461
|
AlarmActions: properties["AlarmActions"],
|
|
17449
|
-
AlarmDescription: properties["AlarmDescription"],
|
|
17462
|
+
AlarmDescription: emptyToUndefined(properties["AlarmDescription"]),
|
|
17450
17463
|
DatapointsToAlarm: properties["DatapointsToAlarm"],
|
|
17451
17464
|
InsufficientDataActions: properties["InsufficientDataActions"],
|
|
17452
17465
|
OKActions: properties["OKActions"],
|
|
17453
|
-
TreatMissingData: properties["TreatMissingData"],
|
|
17454
|
-
Unit: properties["Unit"]
|
|
17466
|
+
TreatMissingData: emptyToUndefined(properties["TreatMissingData"]),
|
|
17467
|
+
Unit: emptyToUndefined(properties["Unit"])
|
|
17455
17468
|
};
|
|
17456
|
-
|
|
17457
|
-
|
|
17469
|
+
const metricsValue = properties["Metrics"];
|
|
17470
|
+
if (Array.isArray(metricsValue) && metricsValue.length > 0) {
|
|
17471
|
+
const metrics = metricsValue;
|
|
17458
17472
|
params["Metrics"] = metrics.map((m) => {
|
|
17459
17473
|
const entry = {
|
|
17460
17474
|
Id: m["Id"]
|
|
@@ -17484,10 +17498,10 @@ var CloudWatchAlarmProvider = class {
|
|
|
17484
17498
|
return entry;
|
|
17485
17499
|
});
|
|
17486
17500
|
} else {
|
|
17487
|
-
params["MetricName"] = properties["MetricName"];
|
|
17488
|
-
params["Namespace"] = properties["Namespace"];
|
|
17501
|
+
params["MetricName"] = emptyToUndefined(properties["MetricName"]);
|
|
17502
|
+
params["Namespace"] = emptyToUndefined(properties["Namespace"]);
|
|
17489
17503
|
params["Period"] = properties["Period"];
|
|
17490
|
-
params["Statistic"] = properties["Statistic"];
|
|
17504
|
+
params["Statistic"] = emptyToUndefined(properties["Statistic"]);
|
|
17491
17505
|
params["Dimensions"] = properties["Dimensions"];
|
|
17492
17506
|
}
|
|
17493
17507
|
return params;
|
|
@@ -18123,19 +18137,21 @@ var SSMParameterProvider = class {
|
|
|
18123
18137
|
Name: physicalId,
|
|
18124
18138
|
Type: type,
|
|
18125
18139
|
Value: value,
|
|
18126
|
-
Description: properties["Description"],
|
|
18127
18140
|
Overwrite: true
|
|
18128
18141
|
};
|
|
18129
|
-
if (properties["
|
|
18142
|
+
if (properties["Description"] !== void 0) {
|
|
18143
|
+
putParams.Description = properties["Description"];
|
|
18144
|
+
}
|
|
18145
|
+
if (properties["AllowedPattern"] !== void 0) {
|
|
18130
18146
|
putParams.AllowedPattern = properties["AllowedPattern"];
|
|
18131
18147
|
}
|
|
18132
|
-
if (properties["Tier"]) {
|
|
18148
|
+
if (properties["Tier"] !== void 0) {
|
|
18133
18149
|
putParams.Tier = properties["Tier"];
|
|
18134
18150
|
}
|
|
18135
|
-
if (properties["Policies"]) {
|
|
18151
|
+
if (properties["Policies"] !== void 0) {
|
|
18136
18152
|
putParams.Policies = properties["Policies"];
|
|
18137
18153
|
}
|
|
18138
|
-
if (properties["DataType"]) {
|
|
18154
|
+
if (properties["DataType"] !== void 0) {
|
|
18139
18155
|
putParams.DataType = properties["DataType"];
|
|
18140
18156
|
}
|
|
18141
18157
|
await this.ssmClient.send(new PutParameterCommand(putParams));
|
|
@@ -18829,6 +18845,16 @@ import {
|
|
|
18829
18845
|
ResourceNotFoundException as ResourceNotFoundException10
|
|
18830
18846
|
} from "@aws-sdk/client-eventbridge";
|
|
18831
18847
|
init_aws_clients();
|
|
18848
|
+
function sanitizeDeadLetterConfig(value) {
|
|
18849
|
+
if (value === null || value === void 0)
|
|
18850
|
+
return void 0;
|
|
18851
|
+
if (typeof value !== "object")
|
|
18852
|
+
return void 0;
|
|
18853
|
+
const arn = value["Arn"];
|
|
18854
|
+
if (typeof arn !== "string" || arn.length === 0)
|
|
18855
|
+
return void 0;
|
|
18856
|
+
return { Arn: arn };
|
|
18857
|
+
}
|
|
18832
18858
|
var EventBridgeBusProvider = class {
|
|
18833
18859
|
eventBridgeClient;
|
|
18834
18860
|
logger = getLogger().child("EventBridgeBusProvider");
|
|
@@ -18875,11 +18901,9 @@ var EventBridgeBusProvider = class {
|
|
|
18875
18901
|
if (properties["Tags"]) {
|
|
18876
18902
|
createParams.Tags = properties["Tags"];
|
|
18877
18903
|
}
|
|
18878
|
-
|
|
18879
|
-
|
|
18880
|
-
createParams.DeadLetterConfig =
|
|
18881
|
-
Arn: dlcConfig["Arn"]
|
|
18882
|
-
};
|
|
18904
|
+
const dlcCreate = sanitizeDeadLetterConfig(properties["DeadLetterConfig"]);
|
|
18905
|
+
if (dlcCreate) {
|
|
18906
|
+
createParams.DeadLetterConfig = dlcCreate;
|
|
18883
18907
|
}
|
|
18884
18908
|
const response = await this.eventBridgeClient.send(new CreateEventBusCommand(createParams));
|
|
18885
18909
|
const eventBusArn = response.EventBusArn ?? "";
|
|
@@ -18918,11 +18942,11 @@ var EventBridgeBusProvider = class {
|
|
|
18918
18942
|
if (properties["KmsKeyIdentifier"] !== void 0) {
|
|
18919
18943
|
updateParams.KmsKeyIdentifier = properties["KmsKeyIdentifier"];
|
|
18920
18944
|
}
|
|
18921
|
-
if (properties["DeadLetterConfig"]) {
|
|
18922
|
-
const
|
|
18923
|
-
|
|
18924
|
-
|
|
18925
|
-
}
|
|
18945
|
+
if (properties["DeadLetterConfig"] !== void 0) {
|
|
18946
|
+
const dlcUpdate = sanitizeDeadLetterConfig(properties["DeadLetterConfig"]);
|
|
18947
|
+
if (dlcUpdate) {
|
|
18948
|
+
updateParams.DeadLetterConfig = dlcUpdate;
|
|
18949
|
+
}
|
|
18926
18950
|
}
|
|
18927
18951
|
await this.eventBridgeClient.send(new UpdateEventBusCommand(updateParams));
|
|
18928
18952
|
}
|
|
@@ -24889,22 +24913,18 @@ var StepFunctionsProvider = class {
|
|
|
24889
24913
|
const tagList = properties["Tags"];
|
|
24890
24914
|
tags = tagList.map((tag) => ({ key: tag.Key, value: tag.Value }));
|
|
24891
24915
|
}
|
|
24892
|
-
const
|
|
24893
|
-
|
|
24894
|
-
|
|
24895
|
-
|
|
24896
|
-
|
|
24897
|
-
kmsKeyId: cfnEncConfig["KmsKeyId"],
|
|
24898
|
-
kmsDataKeyReusePeriodSeconds: cfnEncConfig["KmsDataKeyReusePeriodSeconds"]
|
|
24899
|
-
};
|
|
24900
|
-
}
|
|
24916
|
+
const encryptionConfiguration = mapEncryptionConfiguration(
|
|
24917
|
+
properties["EncryptionConfiguration"]
|
|
24918
|
+
);
|
|
24919
|
+
const loggingConfiguration = mapLoggingConfiguration(properties["LoggingConfiguration"]);
|
|
24920
|
+
const tracingConfiguration = mapTracingConfiguration(properties["TracingConfiguration"]);
|
|
24901
24921
|
const createParams = {
|
|
24902
24922
|
name: stateMachineName,
|
|
24903
24923
|
definition: definitionString,
|
|
24904
24924
|
roleArn,
|
|
24905
24925
|
type: properties["StateMachineType"],
|
|
24906
|
-
loggingConfiguration
|
|
24907
|
-
tracingConfiguration
|
|
24926
|
+
loggingConfiguration,
|
|
24927
|
+
tracingConfiguration,
|
|
24908
24928
|
tags,
|
|
24909
24929
|
encryptionConfiguration
|
|
24910
24930
|
};
|
|
@@ -24945,22 +24965,18 @@ var StepFunctionsProvider = class {
|
|
|
24945
24965
|
this.logger.debug(`Updating Step Functions state machine ${logicalId}: ${physicalId}`);
|
|
24946
24966
|
try {
|
|
24947
24967
|
const definitionString = this.buildDefinitionString(properties);
|
|
24948
|
-
const
|
|
24949
|
-
|
|
24950
|
-
|
|
24951
|
-
|
|
24952
|
-
|
|
24953
|
-
kmsKeyId: cfnEncConfig["KmsKeyId"],
|
|
24954
|
-
kmsDataKeyReusePeriodSeconds: cfnEncConfig["KmsDataKeyReusePeriodSeconds"]
|
|
24955
|
-
};
|
|
24956
|
-
}
|
|
24968
|
+
const encryptionConfiguration = mapEncryptionConfiguration(
|
|
24969
|
+
properties["EncryptionConfiguration"]
|
|
24970
|
+
);
|
|
24971
|
+
const loggingConfiguration = mapLoggingConfiguration(properties["LoggingConfiguration"]);
|
|
24972
|
+
const tracingConfiguration = mapTracingConfiguration(properties["TracingConfiguration"]);
|
|
24957
24973
|
await this.getClient().send(
|
|
24958
24974
|
new UpdateStateMachineCommand({
|
|
24959
24975
|
stateMachineArn: physicalId,
|
|
24960
24976
|
definition: definitionString,
|
|
24961
24977
|
roleArn: properties["RoleArn"],
|
|
24962
|
-
loggingConfiguration
|
|
24963
|
-
tracingConfiguration
|
|
24978
|
+
loggingConfiguration,
|
|
24979
|
+
tracingConfiguration,
|
|
24964
24980
|
encryptionConfiguration
|
|
24965
24981
|
})
|
|
24966
24982
|
);
|
|
@@ -25248,6 +25264,57 @@ var StepFunctionsProvider = class {
|
|
|
25248
25264
|
return "{}";
|
|
25249
25265
|
}
|
|
25250
25266
|
};
|
|
25267
|
+
function mapEncryptionConfiguration(value) {
|
|
25268
|
+
if (value === null || value === void 0)
|
|
25269
|
+
return void 0;
|
|
25270
|
+
if (typeof value !== "object")
|
|
25271
|
+
return void 0;
|
|
25272
|
+
const cfg = value;
|
|
25273
|
+
if (cfg["Type"] === void 0)
|
|
25274
|
+
return void 0;
|
|
25275
|
+
return {
|
|
25276
|
+
type: cfg["Type"],
|
|
25277
|
+
kmsKeyId: cfg["KmsKeyId"],
|
|
25278
|
+
kmsDataKeyReusePeriodSeconds: cfg["KmsDataKeyReusePeriodSeconds"]
|
|
25279
|
+
};
|
|
25280
|
+
}
|
|
25281
|
+
function mapLoggingConfiguration(value) {
|
|
25282
|
+
if (value === null || value === void 0)
|
|
25283
|
+
return void 0;
|
|
25284
|
+
if (typeof value !== "object")
|
|
25285
|
+
return void 0;
|
|
25286
|
+
const cfg = value;
|
|
25287
|
+
if (cfg["Level"] === void 0)
|
|
25288
|
+
return void 0;
|
|
25289
|
+
const result = {
|
|
25290
|
+
level: cfg["Level"]
|
|
25291
|
+
};
|
|
25292
|
+
if (cfg["IncludeExecutionData"] !== void 0) {
|
|
25293
|
+
result.includeExecutionData = cfg["IncludeExecutionData"];
|
|
25294
|
+
}
|
|
25295
|
+
if (Array.isArray(cfg["Destinations"])) {
|
|
25296
|
+
result.destinations = cfg["Destinations"].map((d) => {
|
|
25297
|
+
const cwLogs = d["CloudWatchLogsLogGroup"];
|
|
25298
|
+
if (cwLogs?.["LogGroupArn"] !== void 0) {
|
|
25299
|
+
return {
|
|
25300
|
+
cloudWatchLogsLogGroup: { logGroupArn: cwLogs["LogGroupArn"] }
|
|
25301
|
+
};
|
|
25302
|
+
}
|
|
25303
|
+
return {};
|
|
25304
|
+
});
|
|
25305
|
+
}
|
|
25306
|
+
return result;
|
|
25307
|
+
}
|
|
25308
|
+
function mapTracingConfiguration(value) {
|
|
25309
|
+
if (value === null || value === void 0)
|
|
25310
|
+
return void 0;
|
|
25311
|
+
if (typeof value !== "object")
|
|
25312
|
+
return void 0;
|
|
25313
|
+
const cfg = value;
|
|
25314
|
+
if (cfg["Enabled"] === void 0)
|
|
25315
|
+
return void 0;
|
|
25316
|
+
return { enabled: cfg["Enabled"] };
|
|
25317
|
+
}
|
|
25251
25318
|
|
|
25252
25319
|
// src/provisioning/providers/ecs-provider.ts
|
|
25253
25320
|
import {
|
|
@@ -29043,6 +29110,13 @@ import {
|
|
|
29043
29110
|
UntagResourceCommand as UntagResourceCommand13,
|
|
29044
29111
|
WAFNonexistentItemException
|
|
29045
29112
|
} from "@aws-sdk/client-wafv2";
|
|
29113
|
+
function sanitizeDescription(value) {
|
|
29114
|
+
if (value === void 0 || value === null)
|
|
29115
|
+
return void 0;
|
|
29116
|
+
if (typeof value === "string" && value.length === 0)
|
|
29117
|
+
return void 0;
|
|
29118
|
+
return value;
|
|
29119
|
+
}
|
|
29046
29120
|
function parseWebACLArn(arn) {
|
|
29047
29121
|
const parts = arn.split(":");
|
|
29048
29122
|
const resourcePart = parts.slice(5).join(":");
|
|
@@ -29104,7 +29178,7 @@ var WAFv2WebACLProvider = class {
|
|
|
29104
29178
|
Name: name,
|
|
29105
29179
|
Scope: scope,
|
|
29106
29180
|
DefaultAction: properties["DefaultAction"],
|
|
29107
|
-
Description: properties["Description"],
|
|
29181
|
+
Description: sanitizeDescription(properties["Description"]),
|
|
29108
29182
|
Rules: properties["Rules"] || [],
|
|
29109
29183
|
VisibilityConfig: properties["VisibilityConfig"],
|
|
29110
29184
|
...tags.length > 0 && { Tags: tags },
|
|
@@ -29169,7 +29243,7 @@ var WAFv2WebACLProvider = class {
|
|
|
29169
29243
|
Id: id,
|
|
29170
29244
|
LockToken: lockToken,
|
|
29171
29245
|
DefaultAction: properties["DefaultAction"],
|
|
29172
|
-
Description: properties["Description"],
|
|
29246
|
+
Description: sanitizeDescription(properties["Description"]),
|
|
29173
29247
|
Rules: properties["Rules"] || [],
|
|
29174
29248
|
VisibilityConfig: properties["VisibilityConfig"],
|
|
29175
29249
|
CustomResponseBodies: properties["CustomResponseBodies"],
|
|
@@ -29431,6 +29505,9 @@ import {
|
|
|
29431
29505
|
ListTagsForResourceCommand as ListTagsForResourceCommand13,
|
|
29432
29506
|
ResourceNotFoundException as ResourceNotFoundException12
|
|
29433
29507
|
} from "@aws-sdk/client-cognito-identity-provider";
|
|
29508
|
+
function isEmptyObjectPlaceholder(value) {
|
|
29509
|
+
return value !== null && typeof value === "object" && !Array.isArray(value) && Object.keys(value).length === 0;
|
|
29510
|
+
}
|
|
29434
29511
|
var CognitoUserPoolProvider = class {
|
|
29435
29512
|
cognitoClient;
|
|
29436
29513
|
providerRegion = process.env["AWS_REGION"];
|
|
@@ -29632,7 +29709,7 @@ var CognitoUserPoolProvider = class {
|
|
|
29632
29709
|
if (properties["EmailConfiguration"]) {
|
|
29633
29710
|
updateParams.EmailConfiguration = properties["EmailConfiguration"];
|
|
29634
29711
|
}
|
|
29635
|
-
if (properties["SmsConfiguration"]) {
|
|
29712
|
+
if (properties["SmsConfiguration"] && !isEmptyObjectPlaceholder(properties["SmsConfiguration"])) {
|
|
29636
29713
|
updateParams.SmsConfiguration = properties["SmsConfiguration"];
|
|
29637
29714
|
}
|
|
29638
29715
|
if (properties["VerificationMessageTemplate"]) {
|
|
@@ -29641,19 +29718,19 @@ var CognitoUserPoolProvider = class {
|
|
|
29641
29718
|
if (properties["DeviceConfiguration"]) {
|
|
29642
29719
|
updateParams.DeviceConfiguration = properties["DeviceConfiguration"];
|
|
29643
29720
|
}
|
|
29644
|
-
if (properties["UserPoolAddOns"]) {
|
|
29721
|
+
if (properties["UserPoolAddOns"] && !isEmptyObjectPlaceholder(properties["UserPoolAddOns"])) {
|
|
29645
29722
|
updateParams.UserPoolAddOns = properties["UserPoolAddOns"];
|
|
29646
29723
|
}
|
|
29647
|
-
if (properties["EmailVerificationMessage"]) {
|
|
29724
|
+
if (properties["EmailVerificationMessage"] !== void 0) {
|
|
29648
29725
|
updateParams.EmailVerificationMessage = properties["EmailVerificationMessage"];
|
|
29649
29726
|
}
|
|
29650
|
-
if (properties["EmailVerificationSubject"]) {
|
|
29727
|
+
if (properties["EmailVerificationSubject"] !== void 0) {
|
|
29651
29728
|
updateParams.EmailVerificationSubject = properties["EmailVerificationSubject"];
|
|
29652
29729
|
}
|
|
29653
|
-
if (properties["SmsAuthenticationMessage"]) {
|
|
29730
|
+
if (properties["SmsAuthenticationMessage"] !== void 0) {
|
|
29654
29731
|
updateParams.SmsAuthenticationMessage = properties["SmsAuthenticationMessage"];
|
|
29655
29732
|
}
|
|
29656
|
-
if (properties["SmsVerificationMessage"]) {
|
|
29733
|
+
if (properties["SmsVerificationMessage"] !== void 0) {
|
|
29657
29734
|
updateParams.SmsVerificationMessage = properties["SmsVerificationMessage"];
|
|
29658
29735
|
}
|
|
29659
29736
|
await this.getClient().send(new UpdateUserPoolCommand(updateParams));
|
|
@@ -31016,6 +31093,24 @@ var ServiceDiscoveryProvider = class {
|
|
|
31016
31093
|
return void 0;
|
|
31017
31094
|
}
|
|
31018
31095
|
}
|
|
31096
|
+
/**
|
|
31097
|
+
* Declare drift-unreadable property paths.
|
|
31098
|
+
*
|
|
31099
|
+
* - `AWS::ServiceDiscovery::PrivateDnsNamespace.Vpc`: Cloud Map's
|
|
31100
|
+
* `GetNamespace` does NOT return the VPC ID — it is only consumed at
|
|
31101
|
+
* create time and surfaced in opaque form via
|
|
31102
|
+
* `Properties.DnsProperties.HostedZoneId`. Without this declaration
|
|
31103
|
+
* the comparator would walk into `Vpc` (state has it because cdkd
|
|
31104
|
+
* stored the user-supplied template value) and report a guaranteed
|
|
31105
|
+
* false-positive on every clean drift run, since `readCurrentState`
|
|
31106
|
+
* deliberately omits the key.
|
|
31107
|
+
*/
|
|
31108
|
+
getDriftUnknownPaths(resourceType) {
|
|
31109
|
+
if (resourceType === "AWS::ServiceDiscovery::PrivateDnsNamespace") {
|
|
31110
|
+
return ["Vpc"];
|
|
31111
|
+
}
|
|
31112
|
+
return [];
|
|
31113
|
+
}
|
|
31019
31114
|
async readNamespace(physicalId) {
|
|
31020
31115
|
let ns;
|
|
31021
31116
|
try {
|
|
@@ -33255,6 +33350,11 @@ import {
|
|
|
33255
33350
|
ListTagsForStreamCommand,
|
|
33256
33351
|
ResourceNotFoundException as ResourceNotFoundException13
|
|
33257
33352
|
} from "@aws-sdk/client-kinesis";
|
|
33353
|
+
function isKmsEncryption(value) {
|
|
33354
|
+
if (!value)
|
|
33355
|
+
return false;
|
|
33356
|
+
return value["EncryptionType"] === "KMS";
|
|
33357
|
+
}
|
|
33258
33358
|
var KinesisStreamProvider = class {
|
|
33259
33359
|
client;
|
|
33260
33360
|
providerRegion = process.env["AWS_REGION"];
|
|
@@ -33337,14 +33437,13 @@ var KinesisStreamProvider = class {
|
|
|
33337
33437
|
await this.waitForStreamActive(streamName);
|
|
33338
33438
|
}
|
|
33339
33439
|
const streamEncryption = properties["StreamEncryption"];
|
|
33340
|
-
if (streamEncryption) {
|
|
33341
|
-
const encryptionType = streamEncryption["EncryptionType"] ?? "KMS";
|
|
33440
|
+
if (isKmsEncryption(streamEncryption)) {
|
|
33342
33441
|
const keyId = streamEncryption["KeyId"];
|
|
33343
33442
|
this.logger.debug(`Enabling stream encryption for ${streamName}`);
|
|
33344
33443
|
await this.getClient().send(
|
|
33345
33444
|
new StartStreamEncryptionCommand({
|
|
33346
33445
|
StreamName: streamName,
|
|
33347
|
-
EncryptionType:
|
|
33446
|
+
EncryptionType: "KMS",
|
|
33348
33447
|
KeyId: keyId
|
|
33349
33448
|
})
|
|
33350
33449
|
);
|
|
@@ -33431,23 +33530,27 @@ var KinesisStreamProvider = class {
|
|
|
33431
33530
|
);
|
|
33432
33531
|
const newEncryption = properties["StreamEncryption"];
|
|
33433
33532
|
const oldEncryption = previousProperties["StreamEncryption"];
|
|
33434
|
-
|
|
33435
|
-
|
|
33533
|
+
const oldIsKms = isKmsEncryption(oldEncryption);
|
|
33534
|
+
const newIsKms = isKmsEncryption(newEncryption);
|
|
33535
|
+
const oldKeyId = oldIsKms ? oldEncryption["KeyId"] : void 0;
|
|
33536
|
+
const newKeyId = newIsKms ? newEncryption["KeyId"] : void 0;
|
|
33537
|
+
if (oldIsKms !== newIsKms || oldIsKms && newIsKms && oldKeyId !== newKeyId) {
|
|
33538
|
+
if (oldIsKms) {
|
|
33436
33539
|
await this.getClient().send(
|
|
33437
33540
|
new StopStreamEncryptionCommand({
|
|
33438
33541
|
StreamName: physicalId,
|
|
33439
|
-
EncryptionType:
|
|
33440
|
-
KeyId:
|
|
33542
|
+
EncryptionType: "KMS",
|
|
33543
|
+
KeyId: oldKeyId
|
|
33441
33544
|
})
|
|
33442
33545
|
);
|
|
33443
33546
|
await this.waitForStreamActive(physicalId);
|
|
33444
33547
|
}
|
|
33445
|
-
if (
|
|
33548
|
+
if (newIsKms) {
|
|
33446
33549
|
await this.getClient().send(
|
|
33447
33550
|
new StartStreamEncryptionCommand({
|
|
33448
33551
|
StreamName: physicalId,
|
|
33449
|
-
EncryptionType:
|
|
33450
|
-
KeyId:
|
|
33552
|
+
EncryptionType: "KMS",
|
|
33553
|
+
KeyId: newKeyId
|
|
33451
33554
|
})
|
|
33452
33555
|
);
|
|
33453
33556
|
await this.waitForStreamActive(physicalId);
|
|
@@ -33603,10 +33706,11 @@ var KinesisStreamProvider = class {
|
|
|
33603
33706
|
const result = {};
|
|
33604
33707
|
if (stream.StreamName !== void 0)
|
|
33605
33708
|
result["Name"] = stream.StreamName;
|
|
33606
|
-
|
|
33607
|
-
|
|
33709
|
+
const streamMode = stream.StreamModeDetails?.StreamMode;
|
|
33710
|
+
if (streamMode !== void 0) {
|
|
33711
|
+
result["StreamModeDetails"] = { StreamMode: streamMode };
|
|
33608
33712
|
}
|
|
33609
|
-
if (stream.Shards && stream.Shards.length > 0) {
|
|
33713
|
+
if (streamMode === "PROVISIONED" && stream.Shards && stream.Shards.length > 0) {
|
|
33610
33714
|
result["ShardCount"] = stream.Shards.length;
|
|
33611
33715
|
}
|
|
33612
33716
|
if (stream.RetentionPeriodHours !== void 0) {
|
|
@@ -34821,14 +34925,14 @@ var FirehoseProvider = class {
|
|
|
34821
34925
|
const tagsResp = await this.getClient().send(
|
|
34822
34926
|
new ListTagsForDeliveryStreamCommand({ DeliveryStreamName: physicalId })
|
|
34823
34927
|
);
|
|
34824
|
-
|
|
34825
|
-
result["Tags"] = tags;
|
|
34928
|
+
result["Tags"] = normalizeAwsTagsToCfn(tagsResp.Tags);
|
|
34826
34929
|
} catch (err) {
|
|
34827
34930
|
if (err instanceof ResourceNotFoundException14)
|
|
34828
34931
|
return void 0;
|
|
34829
34932
|
this.logger.debug(
|
|
34830
34933
|
`Firehose ListTagsForDeliveryStream(${physicalId}) failed: ${err instanceof Error ? err.message : String(err)}`
|
|
34831
34934
|
);
|
|
34935
|
+
result["Tags"] = [];
|
|
34832
34936
|
}
|
|
34833
34937
|
return result;
|
|
34834
34938
|
}
|
|
@@ -35033,16 +35137,21 @@ var CloudTrailProvider = class {
|
|
|
35033
35137
|
}
|
|
35034
35138
|
async update(logicalId, physicalId, resourceType, properties, previousProperties) {
|
|
35035
35139
|
this.logger.debug(`Updating CloudTrail Trail ${logicalId}: ${physicalId}`);
|
|
35140
|
+
const sanitizeArn = (v) => {
|
|
35141
|
+
if (v === void 0 || v === null || v === "")
|
|
35142
|
+
return void 0;
|
|
35143
|
+
return v;
|
|
35144
|
+
};
|
|
35036
35145
|
const s3BucketName = properties["S3BucketName"];
|
|
35037
35146
|
const s3KeyPrefix = properties["S3KeyPrefix"];
|
|
35038
35147
|
const isMultiRegionTrail = properties["IsMultiRegionTrail"];
|
|
35039
35148
|
const includeGlobalServiceEvents = properties["IncludeGlobalServiceEvents"];
|
|
35040
35149
|
const enableLogFileValidation = properties["EnableLogFileValidation"];
|
|
35041
35150
|
const isLogging = properties["IsLogging"];
|
|
35042
|
-
const cloudWatchLogsLogGroupArn = properties["CloudWatchLogsLogGroupArn"];
|
|
35043
|
-
const cloudWatchLogsRoleArn = properties["CloudWatchLogsRoleArn"];
|
|
35044
|
-
const kmsKeyId = properties["KMSKeyId"];
|
|
35045
|
-
const snsTopicName = properties["SnsTopicName"];
|
|
35151
|
+
const cloudWatchLogsLogGroupArn = sanitizeArn(properties["CloudWatchLogsLogGroupArn"]);
|
|
35152
|
+
const cloudWatchLogsRoleArn = sanitizeArn(properties["CloudWatchLogsRoleArn"]);
|
|
35153
|
+
const kmsKeyId = sanitizeArn(properties["KMSKeyId"]);
|
|
35154
|
+
const snsTopicName = sanitizeArn(properties["SnsTopicName"]);
|
|
35046
35155
|
const isOrganizationTrail = properties["IsOrganizationTrail"];
|
|
35047
35156
|
try {
|
|
35048
35157
|
await this.getClient().send(
|
|
@@ -35239,58 +35348,48 @@ var CloudTrailProvider = class {
|
|
|
35239
35348
|
result["TrailName"] = trail.Name;
|
|
35240
35349
|
if (trail.S3BucketName !== void 0)
|
|
35241
35350
|
result["S3BucketName"] = trail.S3BucketName;
|
|
35242
|
-
|
|
35243
|
-
|
|
35244
|
-
|
|
35245
|
-
|
|
35246
|
-
|
|
35247
|
-
if (trail.IncludeGlobalServiceEvents !== void 0) {
|
|
35248
|
-
result["IncludeGlobalServiceEvents"] = trail.IncludeGlobalServiceEvents;
|
|
35249
|
-
}
|
|
35250
|
-
if (trail.LogFileValidationEnabled !== void 0) {
|
|
35251
|
-
result["EnableLogFileValidation"] = trail.LogFileValidationEnabled;
|
|
35252
|
-
}
|
|
35253
|
-
if (trail.CloudWatchLogsLogGroupArn !== void 0) {
|
|
35351
|
+
result["S3KeyPrefix"] = trail.S3KeyPrefix ?? "";
|
|
35352
|
+
result["IsMultiRegionTrail"] = trail.IsMultiRegionTrail ?? false;
|
|
35353
|
+
result["IncludeGlobalServiceEvents"] = trail.IncludeGlobalServiceEvents ?? true;
|
|
35354
|
+
result["EnableLogFileValidation"] = trail.LogFileValidationEnabled ?? false;
|
|
35355
|
+
if (trail.CloudWatchLogsLogGroupArn && trail.CloudWatchLogsRoleArn) {
|
|
35254
35356
|
result["CloudWatchLogsLogGroupArn"] = trail.CloudWatchLogsLogGroupArn;
|
|
35255
|
-
}
|
|
35256
|
-
if (trail.CloudWatchLogsRoleArn !== void 0) {
|
|
35257
35357
|
result["CloudWatchLogsRoleArn"] = trail.CloudWatchLogsRoleArn;
|
|
35258
35358
|
}
|
|
35259
|
-
|
|
35260
|
-
|
|
35261
|
-
|
|
35262
|
-
result["SnsTopicName"] = trail.SnsTopicName;
|
|
35263
|
-
if (trail.IsOrganizationTrail !== void 0) {
|
|
35264
|
-
result["IsOrganizationTrail"] = trail.IsOrganizationTrail;
|
|
35265
|
-
}
|
|
35359
|
+
result["KMSKeyId"] = trail.KmsKeyId ?? "";
|
|
35360
|
+
result["SnsTopicName"] = trail.SnsTopicName ?? "";
|
|
35361
|
+
result["IsOrganizationTrail"] = trail.IsOrganizationTrail ?? false;
|
|
35266
35362
|
try {
|
|
35267
35363
|
const status = await this.getClient().send(new GetTrailStatusCommand({ Name: physicalId }));
|
|
35268
|
-
|
|
35269
|
-
result["IsLogging"] = status.IsLogging;
|
|
35364
|
+
result["IsLogging"] = status.IsLogging ?? false;
|
|
35270
35365
|
} catch {
|
|
35271
35366
|
}
|
|
35272
35367
|
try {
|
|
35273
35368
|
const sel = await this.getClient().send(
|
|
35274
35369
|
new GetEventSelectorsCommand({ TrailName: physicalId })
|
|
35275
35370
|
);
|
|
35276
|
-
|
|
35277
|
-
|
|
35278
|
-
|
|
35371
|
+
const hasAdvanced = Array.isArray(sel.AdvancedEventSelectors) && sel.AdvancedEventSelectors.length > 0;
|
|
35372
|
+
if (!hasAdvanced) {
|
|
35373
|
+
result["EventSelectors"] = (sel.EventSelectors ?? []).map(
|
|
35374
|
+
(es) => es
|
|
35375
|
+
);
|
|
35376
|
+
}
|
|
35279
35377
|
} catch {
|
|
35280
35378
|
}
|
|
35379
|
+
let tags = [];
|
|
35281
35380
|
if (trail.TrailARN) {
|
|
35282
35381
|
try {
|
|
35283
35382
|
const tagsResp = await this.getClient().send(
|
|
35284
35383
|
new ListTagsCommand3({ ResourceIdList: [trail.TrailARN] })
|
|
35285
35384
|
);
|
|
35286
|
-
|
|
35287
|
-
result["Tags"] = tags;
|
|
35385
|
+
tags = normalizeAwsTagsToCfn(tagsResp.ResourceTagList?.[0]?.TagsList);
|
|
35288
35386
|
} catch (err) {
|
|
35289
35387
|
this.logger.debug(
|
|
35290
35388
|
`CloudTrail ListTags(${trail.TrailARN}) failed: ${err instanceof Error ? err.message : String(err)}`
|
|
35291
35389
|
);
|
|
35292
35390
|
}
|
|
35293
35391
|
}
|
|
35392
|
+
result["Tags"] = tags;
|
|
35294
35393
|
return result;
|
|
35295
35394
|
}
|
|
35296
35395
|
async import(input) {
|
|
@@ -35421,7 +35520,12 @@ var CodeBuildProvider = class {
|
|
|
35421
35520
|
const name = properties["Name"] ?? logicalId;
|
|
35422
35521
|
const source = properties["Source"];
|
|
35423
35522
|
const environment = properties["Environment"];
|
|
35424
|
-
const
|
|
35523
|
+
const sanitizeOptionalString = (value) => {
|
|
35524
|
+
if (typeof value !== "string")
|
|
35525
|
+
return value;
|
|
35526
|
+
return value === "" ? void 0 : value;
|
|
35527
|
+
};
|
|
35528
|
+
const serviceRole = sanitizeOptionalString(properties["ServiceRole"]);
|
|
35425
35529
|
const artifacts = properties["Artifacts"];
|
|
35426
35530
|
const tags = properties["Tags"];
|
|
35427
35531
|
const envVars = environment?.["EnvironmentVariables"];
|
|
@@ -35512,7 +35616,7 @@ var CodeBuildProvider = class {
|
|
|
35512
35616
|
description: properties["Description"],
|
|
35513
35617
|
timeoutInMinutes: properties["TimeoutInMinutes"],
|
|
35514
35618
|
queuedTimeoutInMinutes: properties["QueuedTimeoutInMinutes"],
|
|
35515
|
-
encryptionKey: properties["EncryptionKey"],
|
|
35619
|
+
encryptionKey: sanitizeOptionalString(properties["EncryptionKey"]),
|
|
35516
35620
|
cache: cache2,
|
|
35517
35621
|
vpcConfig,
|
|
35518
35622
|
logsConfig,
|
|
@@ -35523,7 +35627,7 @@ var CodeBuildProvider = class {
|
|
|
35523
35627
|
fileSystemLocations,
|
|
35524
35628
|
buildBatchConfig,
|
|
35525
35629
|
badgeEnabled: properties["BadgeEnabled"],
|
|
35526
|
-
sourceVersion: properties["SourceVersion"]
|
|
35630
|
+
sourceVersion: sanitizeOptionalString(properties["SourceVersion"])
|
|
35527
35631
|
};
|
|
35528
35632
|
}
|
|
35529
35633
|
async create(logicalId, resourceType, properties) {
|
|
@@ -35977,10 +36081,11 @@ var S3VectorsProvider = class {
|
|
|
35977
36081
|
}
|
|
35978
36082
|
if (bucket?.encryptionConfiguration) {
|
|
35979
36083
|
const enc = {};
|
|
35980
|
-
|
|
35981
|
-
|
|
36084
|
+
const sseType = bucket.encryptionConfiguration.sseType;
|
|
36085
|
+
if (sseType !== void 0) {
|
|
36086
|
+
enc["SSEType"] = sseType;
|
|
35982
36087
|
}
|
|
35983
|
-
if (bucket.encryptionConfiguration.kmsKeyArn !== void 0) {
|
|
36088
|
+
if (sseType === "aws:kms" && bucket.encryptionConfiguration.kmsKeyArn !== void 0) {
|
|
35984
36089
|
enc["KMSKeyArn"] = bucket.encryptionConfiguration.kmsKeyArn;
|
|
35985
36090
|
}
|
|
35986
36091
|
if (Object.keys(enc).length > 0)
|
|
@@ -43784,7 +43889,7 @@ function reorderArgs(argv) {
|
|
|
43784
43889
|
}
|
|
43785
43890
|
async function main() {
|
|
43786
43891
|
const program = new Command14();
|
|
43787
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.50.
|
|
43892
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.50.12");
|
|
43788
43893
|
program.addCommand(createBootstrapCommand());
|
|
43789
43894
|
program.addCommand(createSynthCommand());
|
|
43790
43895
|
program.addCommand(createListCommand());
|