@go-to-k/cdkd 0.51.10 → 0.52.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +113 -14
- package/dist/cli.js.map +3 -3
- package/dist/go-to-k-cdkd-0.52.0.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.51.10.tgz +0 -0
package/dist/cli.js
CHANGED
|
@@ -17059,11 +17059,15 @@ var DynamoDBTableProvider = class {
|
|
|
17059
17059
|
// src/provisioning/providers/logs-loggroup-provider.ts
|
|
17060
17060
|
import {
|
|
17061
17061
|
CreateLogGroupCommand,
|
|
17062
|
+
DeleteIndexPolicyCommand,
|
|
17062
17063
|
DeleteLogGroupCommand,
|
|
17063
17064
|
DescribeIndexPoliciesCommand,
|
|
17064
17065
|
DescribeLogGroupsCommand,
|
|
17065
17066
|
GetDataProtectionPolicyCommand,
|
|
17066
17067
|
ListTagsForResourceCommand as ListTagsForResourceCommand2,
|
|
17068
|
+
PutBearerTokenAuthenticationCommand,
|
|
17069
|
+
PutIndexPolicyCommand,
|
|
17070
|
+
PutLogGroupDeletionProtectionCommand,
|
|
17067
17071
|
PutRetentionPolicyCommand,
|
|
17068
17072
|
DeleteRetentionPolicyCommand,
|
|
17069
17073
|
TagResourceCommand as TagResourceCommand5,
|
|
@@ -17116,6 +17120,9 @@ var LogsLogGroupProvider = class {
|
|
|
17116
17120
|
if (properties["LogGroupClass"]) {
|
|
17117
17121
|
createParams.logGroupClass = properties["LogGroupClass"];
|
|
17118
17122
|
}
|
|
17123
|
+
if (properties["DeletionProtectionEnabled"] !== void 0) {
|
|
17124
|
+
createParams.deletionProtectionEnabled = properties["DeletionProtectionEnabled"];
|
|
17125
|
+
}
|
|
17119
17126
|
if (properties["Tags"]) {
|
|
17120
17127
|
const cfnTags = properties["Tags"];
|
|
17121
17128
|
createParams.tags = Object.fromEntries(cfnTags.map((t) => [t.Key, t.Value]));
|
|
@@ -17139,6 +17146,30 @@ var LogsLogGroupProvider = class {
|
|
|
17139
17146
|
})
|
|
17140
17147
|
);
|
|
17141
17148
|
}
|
|
17149
|
+
const fieldIndexPolicies = properties["FieldIndexPolicies"];
|
|
17150
|
+
if (fieldIndexPolicies && fieldIndexPolicies.length > 0) {
|
|
17151
|
+
if (fieldIndexPolicies.length > 1) {
|
|
17152
|
+
this.logger.debug(
|
|
17153
|
+
`Log group ${logicalId} declares ${fieldIndexPolicies.length} FieldIndexPolicies; AWS only supports one log-group-level field index policy. Applying the first.`
|
|
17154
|
+
);
|
|
17155
|
+
}
|
|
17156
|
+
const first = fieldIndexPolicies[0];
|
|
17157
|
+
const policyDocument = typeof first === "string" ? first : JSON.stringify(first);
|
|
17158
|
+
await this.logsClient.send(
|
|
17159
|
+
new PutIndexPolicyCommand({
|
|
17160
|
+
logGroupIdentifier: logGroupName,
|
|
17161
|
+
policyDocument
|
|
17162
|
+
})
|
|
17163
|
+
);
|
|
17164
|
+
}
|
|
17165
|
+
if (properties["BearerTokenAuthenticationEnabled"] !== void 0) {
|
|
17166
|
+
await this.logsClient.send(
|
|
17167
|
+
new PutBearerTokenAuthenticationCommand({
|
|
17168
|
+
logGroupIdentifier: logGroupName,
|
|
17169
|
+
bearerTokenAuthenticationEnabled: properties["BearerTokenAuthenticationEnabled"]
|
|
17170
|
+
})
|
|
17171
|
+
);
|
|
17172
|
+
}
|
|
17142
17173
|
this.logger.debug(`Successfully created log group ${logicalId}: ${logGroupName}`);
|
|
17143
17174
|
const arn = await this.buildArn(logGroupName);
|
|
17144
17175
|
return {
|
|
@@ -17171,7 +17202,10 @@ var LogsLogGroupProvider = class {
|
|
|
17171
17202
|
/**
|
|
17172
17203
|
* Update a CloudWatch Logs log group
|
|
17173
17204
|
*
|
|
17174
|
-
*
|
|
17205
|
+
* Mutable: `RetentionInDays`, `DataProtectionPolicy`, `Tags`,
|
|
17206
|
+
* `DeletionProtectionEnabled`, `BearerTokenAuthenticationEnabled`,
|
|
17207
|
+
* `FieldIndexPolicies`. `LogGroupName` / `KmsKeyId` / `LogGroupClass`
|
|
17208
|
+
* are immutable on AWS-side and require replacement.
|
|
17175
17209
|
*/
|
|
17176
17210
|
async update(logicalId, physicalId, _resourceType, properties, previousProperties) {
|
|
17177
17211
|
this.logger.debug(`Updating log group ${logicalId}: ${physicalId}`);
|
|
@@ -17210,6 +17244,70 @@ var LogsLogGroupProvider = class {
|
|
|
17210
17244
|
);
|
|
17211
17245
|
}
|
|
17212
17246
|
}
|
|
17247
|
+
if (properties["DeletionProtectionEnabled"] !== previousProperties["DeletionProtectionEnabled"]) {
|
|
17248
|
+
const next = properties["DeletionProtectionEnabled"];
|
|
17249
|
+
if (next !== void 0) {
|
|
17250
|
+
await this.logsClient.send(
|
|
17251
|
+
new PutLogGroupDeletionProtectionCommand({
|
|
17252
|
+
logGroupIdentifier: physicalId,
|
|
17253
|
+
deletionProtectionEnabled: next
|
|
17254
|
+
})
|
|
17255
|
+
);
|
|
17256
|
+
} else {
|
|
17257
|
+
await this.logsClient.send(
|
|
17258
|
+
new PutLogGroupDeletionProtectionCommand({
|
|
17259
|
+
logGroupIdentifier: physicalId,
|
|
17260
|
+
deletionProtectionEnabled: false
|
|
17261
|
+
})
|
|
17262
|
+
);
|
|
17263
|
+
}
|
|
17264
|
+
}
|
|
17265
|
+
if (properties["BearerTokenAuthenticationEnabled"] !== previousProperties["BearerTokenAuthenticationEnabled"]) {
|
|
17266
|
+
const next = properties["BearerTokenAuthenticationEnabled"];
|
|
17267
|
+
if (next !== void 0) {
|
|
17268
|
+
await this.logsClient.send(
|
|
17269
|
+
new PutBearerTokenAuthenticationCommand({
|
|
17270
|
+
logGroupIdentifier: physicalId,
|
|
17271
|
+
bearerTokenAuthenticationEnabled: next
|
|
17272
|
+
})
|
|
17273
|
+
);
|
|
17274
|
+
} else {
|
|
17275
|
+
await this.logsClient.send(
|
|
17276
|
+
new PutBearerTokenAuthenticationCommand({
|
|
17277
|
+
logGroupIdentifier: physicalId,
|
|
17278
|
+
bearerTokenAuthenticationEnabled: false
|
|
17279
|
+
})
|
|
17280
|
+
);
|
|
17281
|
+
}
|
|
17282
|
+
}
|
|
17283
|
+
const newFieldIndex = properties["FieldIndexPolicies"];
|
|
17284
|
+
const oldFieldIndex = previousProperties["FieldIndexPolicies"];
|
|
17285
|
+
if (JSON.stringify(newFieldIndex) !== JSON.stringify(oldFieldIndex)) {
|
|
17286
|
+
if (newFieldIndex && newFieldIndex.length > 0) {
|
|
17287
|
+
if (newFieldIndex.length > 1) {
|
|
17288
|
+
this.logger.debug(
|
|
17289
|
+
`Log group ${physicalId} declares ${newFieldIndex.length} FieldIndexPolicies; AWS only supports one log-group-level field index policy. Applying the first.`
|
|
17290
|
+
);
|
|
17291
|
+
}
|
|
17292
|
+
const first = newFieldIndex[0];
|
|
17293
|
+
const policyDocument = typeof first === "string" ? first : JSON.stringify(first);
|
|
17294
|
+
await this.logsClient.send(
|
|
17295
|
+
new PutIndexPolicyCommand({
|
|
17296
|
+
logGroupIdentifier: physicalId,
|
|
17297
|
+
policyDocument
|
|
17298
|
+
})
|
|
17299
|
+
);
|
|
17300
|
+
} else {
|
|
17301
|
+
try {
|
|
17302
|
+
await this.logsClient.send(
|
|
17303
|
+
new DeleteIndexPolicyCommand({ logGroupIdentifier: physicalId })
|
|
17304
|
+
);
|
|
17305
|
+
} catch (err) {
|
|
17306
|
+
if (!(err instanceof ResourceNotFoundException7))
|
|
17307
|
+
throw err;
|
|
17308
|
+
}
|
|
17309
|
+
}
|
|
17310
|
+
}
|
|
17213
17311
|
const newTags = properties["Tags"];
|
|
17214
17312
|
const oldTags = previousProperties["Tags"];
|
|
17215
17313
|
if (JSON.stringify(newTags) !== JSON.stringify(oldTags)) {
|
|
@@ -17326,14 +17424,15 @@ var LogsLogGroupProvider = class {
|
|
|
17326
17424
|
* `AWS::Logs::ResourcePolicy` resource type — account-wide, not
|
|
17327
17425
|
* per-log-group).
|
|
17328
17426
|
*
|
|
17329
|
-
*
|
|
17330
|
-
*
|
|
17331
|
-
*
|
|
17332
|
-
*
|
|
17333
|
-
* `
|
|
17334
|
-
*
|
|
17335
|
-
*
|
|
17336
|
-
*
|
|
17427
|
+
* Write-side coverage: `FieldIndexPolicies` is applied via
|
|
17428
|
+
* `PutIndexPolicy` (CloudWatch Logs allows at most one log-group-level
|
|
17429
|
+
* field index policy at a time, so the CFn array is effectively 0-or-1
|
|
17430
|
+
* — the first entry is applied and a debug log notes any additional
|
|
17431
|
+
* entries are ignored). `DeletionProtectionEnabled` is forwarded as
|
|
17432
|
+
* part of `CreateLogGroup` and updated via
|
|
17433
|
+
* `PutLogGroupDeletionProtection`. `BearerTokenAuthenticationEnabled`
|
|
17434
|
+
* is applied via `PutBearerTokenAuthentication` after the log group
|
|
17435
|
+
* exists (it is not part of `CreateLogGroupRequest`).
|
|
17337
17436
|
*
|
|
17338
17437
|
* Tags are read via `ListTagsForResource` (using the log-group ARN from
|
|
17339
17438
|
* the same `DescribeLogGroups` response). CDK's `aws:*` auto-tags are
|
|
@@ -33991,10 +34090,10 @@ var KMSProvider = class {
|
|
|
33991
34090
|
* Dispatches by resource type:
|
|
33992
34091
|
* - `AWS::KMS::Key` → `DescribeKey`. Surfaces `Description`, `KeySpec`,
|
|
33993
34092
|
* `KeyUsage`, `Enabled`, `MultiRegion`, `Origin`. `KeyPolicy` is
|
|
33994
|
-
*
|
|
33995
|
-
* and
|
|
33996
|
-
*
|
|
33997
|
-
*
|
|
34093
|
+
* additionally retrieved via `GetKeyPolicy` (URL-decoded JSON-parsed)
|
|
34094
|
+
* and `EnableKeyRotation` / `RotationPeriodInDays` via
|
|
34095
|
+
* `GetKeyRotationStatus` (Class 1 discriminator-gated on `KeySpec`
|
|
34096
|
+
* since asymmetric keys reject the call).
|
|
33998
34097
|
* - `AWS::KMS::Alias` → `ListAliases` filtered to the alias name.
|
|
33999
34098
|
* Surfaces `AliasName`, `TargetKeyId`. `ListAliases` is paginated
|
|
34000
34099
|
* since there's no direct "describe one alias" API.
|
|
@@ -45240,7 +45339,7 @@ function reorderArgs(argv) {
|
|
|
45240
45339
|
}
|
|
45241
45340
|
async function main() {
|
|
45242
45341
|
const program = new Command14();
|
|
45243
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.
|
|
45342
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.52.0");
|
|
45244
45343
|
program.addCommand(createBootstrapCommand());
|
|
45245
45344
|
program.addCommand(createSynthCommand());
|
|
45246
45345
|
program.addCommand(createListCommand());
|