npm - @go-to-k/cdkd - Versions diffs - 0.50.8 → 0.50.9 - Mend

@go-to-k/cdkd 0.50.8 → 0.50.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +68 -27
package/dist/cli.js.map +2 -2
package/dist/go-to-k-cdkd-0.50.9.tgz +0 -0
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.50.8.tgz +0 -0

package/dist/cli.js CHANGED Viewed

@@ -16755,23 +16755,28 @@ var DynamoDBTableProvider = class {
           WriteCapacityUnits: table.ProvisionedThroughput.WriteCapacityUnits
         };
       }
-      if (table.StreamSpecification) {
+      if (table.StreamSpecification?.StreamEnabled && table.StreamSpecification.StreamViewType) {
         result["StreamSpecification"] = {
-          StreamEnabled: table.StreamSpecification.StreamEnabled,
+          StreamEnabled: true,
           StreamViewType: table.StreamSpecification.StreamViewType
         };
       }
-      result["GlobalSecondaryIndexes"] = table.GlobalSecondaryIndexes ?? [];
-      result["LocalSecondaryIndexes"] = table.LocalSecondaryIndexes ?? [];
-      const sse = {
-        SSEEnabled: table.SSEDescription?.Status === "ENABLED"
-      };
-      if (table.SSEDescription?.KMSMasterKeyArn !== void 0) {
-        sse["KMSMasterKeyId"] = table.SSEDescription.KMSMasterKeyArn;
+      if (table.GlobalSecondaryIndexes && table.GlobalSecondaryIndexes.length > 0) {
+        result["GlobalSecondaryIndexes"] = table.GlobalSecondaryIndexes;
+      }
+      if (table.LocalSecondaryIndexes && table.LocalSecondaryIndexes.length > 0) {
+        result["LocalSecondaryIndexes"] = table.LocalSecondaryIndexes;
+      }
+      if (table.SSEDescription?.Status === "ENABLED") {
+        const sse = { SSEEnabled: true };
+        if (table.SSEDescription.KMSMasterKeyArn !== void 0) {
+          sse["KMSMasterKeyId"] = table.SSEDescription.KMSMasterKeyArn;
+        }
+        if (table.SSEDescription.SSEType !== void 0) {
+          sse["SSEType"] = table.SSEDescription.SSEType;
+        }
+        result["SSESpecification"] = sse;
       }
-      if (table.SSEDescription?.SSEType !== void 0)
-        sse["SSEType"] = table.SSEDescription.SSEType;
-      result["SSESpecification"] = sse;
       if (table.DeletionProtectionEnabled !== void 0) {
         result["DeletionProtectionEnabled"] = table.DeletionProtectionEnabled;
       }
@@ -17724,9 +17729,9 @@ var SecretsManagerSecretProvider = class {
       };
       if (secretString)
         updateParams.SecretString = secretString;
-      if (properties["Description"])
+      if (properties["Description"] !== void 0)
         updateParams.Description = properties["Description"];
-      if (properties["KmsKeyId"])
+      if (properties["KmsKeyId"] !== void 0 && properties["KmsKeyId"] !== "")
         updateParams.KmsKeyId = properties["KmsKeyId"];
       await this.smClient.send(new UpdateSecretCommand(updateParams));
       const newTags = properties["Tags"];
@@ -27250,13 +27255,14 @@ var RDSProvider = class {
   async updateDBSubnetGroup(logicalId, physicalId, resourceType, properties, previousProperties) {
     this.logger.debug(`Updating DBSubnetGroup ${logicalId}: ${physicalId}`);
     try {
-      await this.getClient().send(
-        new ModifyDBSubnetGroupCommand({
-          DBSubnetGroupName: physicalId,
-          DBSubnetGroupDescription: properties["DBSubnetGroupDescription"],
-          SubnetIds: properties["SubnetIds"]
-        })
-      );
+      const subnetIds = properties["SubnetIds"];
+      const sendSubnetIds = subnetIds !== void 0 && subnetIds.length > 0;
+      const modifyInput = {
+        DBSubnetGroupName: physicalId,
+        DBSubnetGroupDescription: properties["DBSubnetGroupDescription"],
+        ...sendSubnetIds && { SubnetIds: subnetIds }
+      };
+      await this.getClient().send(new ModifyDBSubnetGroupCommand(modifyInput));
       const desc = await this.getClient().send(
         new DescribeDBSubnetGroupsCommand({ DBSubnetGroupName: physicalId })
       );
@@ -27386,16 +27392,19 @@ var RDSProvider = class {
     this.logger.debug(`Updating DBCluster ${logicalId}: ${physicalId}`);
     try {
       const serverlessV2Config = properties["ServerlessV2ScalingConfiguration"];
+      const hasServerlessV2 = serverlessV2Config !== void 0 && (serverlessV2Config.MinCapacity !== void 0 || serverlessV2Config.MaxCapacity !== void 0);
+      const vpcSgIds = properties["VpcSecurityGroupIds"];
+      const sendVpcSgIds = vpcSgIds !== void 0 && vpcSgIds.length > 0;
       await this.getClient().send(
         new ModifyDBClusterCommand({
           DBClusterIdentifier: physicalId,
           EngineVersion: properties["EngineVersion"],
           DeletionProtection: properties["DeletionProtection"],
           BackupRetentionPeriod: properties["BackupRetentionPeriod"] != null ? Number(properties["BackupRetentionPeriod"]) : void 0,
-          VpcSecurityGroupIds: properties["VpcSecurityGroupIds"],
+          ...sendVpcSgIds && { VpcSecurityGroupIds: vpcSgIds },
           MasterUserPassword: properties["MasterUserPassword"],
           Port: properties["Port"] != null ? Number(properties["Port"]) : void 0,
-          ...serverlessV2Config && {
+          ...hasServerlessV2 && {
             ServerlessV2ScalingConfiguration: {
               MinCapacity: serverlessV2Config.MinCapacity,
               MaxCapacity: serverlessV2Config.MaxCapacity
@@ -27894,7 +27903,7 @@ var RDSProvider = class {
     if (cluster.DeletionProtection !== void 0) {
       result["DeletionProtection"] = cluster.DeletionProtection;
     }
-    {
+    if (cluster.ServerlessV2ScalingConfiguration?.MinCapacity !== void 0 || cluster.ServerlessV2ScalingConfiguration?.MaxCapacity !== void 0) {
       const sc = {};
       if (cluster.ServerlessV2ScalingConfiguration?.MinCapacity !== void 0) {
         sc["MinCapacity"] = cluster.ServerlessV2ScalingConfiguration.MinCapacity;
@@ -30084,11 +30093,13 @@ var ElastiCacheProvider = class {
   async updateCacheCluster(logicalId, physicalId, resourceType, properties, previousProperties) {
     this.logger.debug(`Updating CacheCluster ${logicalId}: ${physicalId}`);
     try {
+      const rawSgIds = properties["VpcSecurityGroupIds"];
+      const sgIds = rawSgIds && rawSgIds.length > 0 ? rawSgIds : void 0;
       await this.getClient().send(
         new ModifyCacheClusterCommand({
           CacheClusterId: physicalId,
           NumCacheNodes: properties["NumCacheNodes"] != null ? Number(properties["NumCacheNodes"]) : void 0,
-          SecurityGroupIds: properties["VpcSecurityGroupIds"],
+          SecurityGroupIds: sgIds,
           CacheParameterGroupName: properties["CacheParameterGroupName"],
           EngineVersion: properties["EngineVersion"],
           PreferredMaintenanceWindow: properties["PreferredMaintenanceWindow"],
@@ -30366,7 +30377,7 @@ var ElastiCacheProvider = class {
       result["IpDiscovery"] = cluster.IpDiscovery;
     if (cluster.NetworkType !== void 0)
       result["NetworkType"] = cluster.NetworkType;
-    if (cluster.TransitEncryptionEnabled !== void 0) {
+    if (cluster.Engine === "redis" && cluster.TransitEncryptionEnabled !== void 0) {
       result["TransitEncryptionEnabled"] = cluster.TransitEncryptionEnabled;
     }
     if (cluster.CacheNodes?.[0]?.Endpoint?.Port !== void 0) {
@@ -33008,6 +33019,36 @@ var KMSProvider = class {
     }
     return result;
   }
+  /**
+   * Declare state property paths cdkd cannot round-trip from AWS, so the
+   * drift comparator skips them instead of firing guaranteed false-
+   * positive drift on every clean run.
+   *
+   *  - `KeyPolicy`: cdkd does NOT call `GetKeyPolicy` in `readCurrentState`.
+   *    The policy body needs JSON parsing for comparison and a separate
+   *    SDK call; deferred to a follow-up. Until then, any user who
+   *    templates `KeyPolicy` would see guaranteed drift.
+   *  - `EnableKeyRotation` / `RotationPeriodInDays`: cdkd does NOT call
+   *    `GetKeyRotationStatus`. Same reason — deferred to a follow-up.
+   *    `EnableKeyRotation` is also a Class 1 candidate (only valid for
+   *    `KeySpec=SYMMETRIC_DEFAULT`); when we lift this gap the read side
+   *    must gate the emit on the discriminator.
+   *  - `BypassPolicyLockoutSafetyCheck` / `PendingWindowInDays`: not part
+   *    of the persisted AWS state visible via `DescribeKey` — both are
+   *    create / delete-time-only inputs.
+   */
+  getDriftUnknownPaths(resourceType) {
+    if (resourceType === "AWS::KMS::Key") {
+      return [
+        "KeyPolicy",
+        "EnableKeyRotation",
+        "RotationPeriodInDays",
+        "BypassPolicyLockoutSafetyCheck",
+        "PendingWindowInDays"
+      ];
+    }
+    return [];
+  }
   async readCurrentStateAlias(physicalId) {
     let marker;
     do {
@@ -43628,7 +43669,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command14();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.50.8");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.50.9");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());