@go-to-k/cdkd 0.51.8 → 0.51.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +52 -30
- package/dist/cli.js.map +2 -2
- package/dist/go-to-k-cdkd-0.51.9.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.51.8.tgz +0 -0
package/dist/cli.js
CHANGED
|
@@ -19471,7 +19471,8 @@ import {
|
|
|
19471
19471
|
DescribeNetworkAclsCommand,
|
|
19472
19472
|
DescribeNetworkInterfacesCommand as DescribeNetworkInterfacesCommand2,
|
|
19473
19473
|
DeleteNetworkInterfaceCommand as DeleteNetworkInterfaceCommand2,
|
|
19474
|
-
DescribeVolumesCommand
|
|
19474
|
+
DescribeVolumesCommand,
|
|
19475
|
+
DescribeInstanceAttributeCommand
|
|
19475
19476
|
} from "@aws-sdk/client-ec2";
|
|
19476
19477
|
init_aws_clients();
|
|
19477
19478
|
var EC2Provider = class {
|
|
@@ -21761,12 +21762,14 @@ var EC2Provider = class {
|
|
|
21761
21762
|
* `(DeviceName, Ebs.VolumeId, Ebs.DeleteOnTermination)`; cdkd
|
|
21762
21763
|
* additionally calls `DescribeVolumes` on the attached volume ids to
|
|
21763
21764
|
* surface `VolumeType` / `VolumeSize` / `Iops` / `Throughput` /
|
|
21764
|
-
* `Encrypted` / `KmsKeyId` / `SnapshotId`.
|
|
21765
|
-
* is
|
|
21766
|
-
*
|
|
21767
|
-
*
|
|
21768
|
-
*
|
|
21769
|
-
*
|
|
21765
|
+
* `Encrypted` / `KmsKeyId` / `SnapshotId`. `DisableApiTermination`
|
|
21766
|
+
* is recovered via a separate `DescribeInstanceAttribute` call (the
|
|
21767
|
+
* `DescribeInstances` response does not include it). Both extra
|
|
21768
|
+
* calls are best-effort — a permissions gap or other failure falls
|
|
21769
|
+
* back to omitting the key. All arrays / scalars that map to
|
|
21770
|
+
* user-controllable CFn properties are always emitted (even as `[]`
|
|
21771
|
+
* or default scalar) so the v3 `observedProperties` baseline
|
|
21772
|
+
* catches console-side ADDs.
|
|
21770
21773
|
* - **AWS::EC2::NetworkAcl**: `DescribeNetworkAcls` for `VpcId`.
|
|
21771
21774
|
*
|
|
21772
21775
|
* Skipped (return `undefined`, falls through to the comparator's
|
|
@@ -22037,6 +22040,21 @@ var EC2Provider = class {
|
|
|
22037
22040
|
}
|
|
22038
22041
|
result["BlockDeviceMappings"] = blockMappings;
|
|
22039
22042
|
result["Tags"] = normalizeAwsTagsToCfn(instance.Tags);
|
|
22043
|
+
try {
|
|
22044
|
+
const attrResp = await this.ec2Client.send(
|
|
22045
|
+
new DescribeInstanceAttributeCommand({
|
|
22046
|
+
InstanceId: physicalId,
|
|
22047
|
+
Attribute: "disableApiTermination"
|
|
22048
|
+
})
|
|
22049
|
+
);
|
|
22050
|
+
if (attrResp.DisableApiTermination?.Value !== void 0) {
|
|
22051
|
+
result["DisableApiTermination"] = attrResp.DisableApiTermination.Value;
|
|
22052
|
+
}
|
|
22053
|
+
} catch (err) {
|
|
22054
|
+
this.logger.debug(
|
|
22055
|
+
`DescribeInstanceAttribute(disableApiTermination, ${physicalId}) failed: ${err instanceof Error ? err.message : String(err)}`
|
|
22056
|
+
);
|
|
22057
|
+
}
|
|
22040
22058
|
return result;
|
|
22041
22059
|
}
|
|
22042
22060
|
async readNetworkAclCurrentState(physicalId) {
|
|
@@ -35737,10 +35755,14 @@ var FirehoseProvider = class {
|
|
|
35737
35755
|
* from `VpcConfigurationDescription`. Write-only fields AWS strips
|
|
35738
35756
|
* from descriptions (`RedshiftDestinationConfiguration.Password`,
|
|
35739
35757
|
* `HttpEndpointDestinationConfiguration.EndpointConfiguration.AccessKey`)
|
|
35740
|
-
* stay drift-unknown via `getDriftUnknownPaths
|
|
35741
|
-
*
|
|
35742
|
-
*
|
|
35743
|
-
* `DeliveryStreamEncryptionConfiguration`
|
|
35758
|
+
* stay drift-unknown via `getDriftUnknownPaths` — no AWS API recovers them.
|
|
35759
|
+
*
|
|
35760
|
+
* `DeliveryStreamEncryptionConfigurationInput` is also surfaced. AWS
|
|
35761
|
+
* returns the read-side shape `DeliveryStreamEncryptionConfiguration`
|
|
35762
|
+
* (with extra `Status` / `FailureDescription` fields); we reverse-map
|
|
35763
|
+
* to the CFn input shape (`KeyARN` + `KeyType`) and always emit a
|
|
35764
|
+
* `{}` placeholder so the v3 baseline catches console-side encryption
|
|
35765
|
+
* enables on a previously-default stream.
|
|
35744
35766
|
*
|
|
35745
35767
|
* Tags are surfaced via a follow-up `ListTagsForDeliveryStream` call
|
|
35746
35768
|
* with `aws:*` filtered out and always emitted as `[]` placeholder when
|
|
@@ -35814,6 +35836,13 @@ var FirehoseProvider = class {
|
|
|
35814
35836
|
dest.HttpEndpointDestinationDescription
|
|
35815
35837
|
);
|
|
35816
35838
|
}
|
|
35839
|
+
const enc = desc.DeliveryStreamEncryptionConfiguration;
|
|
35840
|
+
const encOut = {};
|
|
35841
|
+
if (enc?.KeyARN !== void 0)
|
|
35842
|
+
encOut["KeyARN"] = enc.KeyARN;
|
|
35843
|
+
if (enc?.KeyType !== void 0)
|
|
35844
|
+
encOut["KeyType"] = enc.KeyType;
|
|
35845
|
+
result["DeliveryStreamEncryptionConfigurationInput"] = encOut;
|
|
35817
35846
|
try {
|
|
35818
35847
|
const tagsResp = await this.getClient().send(
|
|
35819
35848
|
new ListTagsForDeliveryStreamCommand({ DeliveryStreamName: physicalId })
|
|
@@ -35836,30 +35865,23 @@ var FirehoseProvider = class {
|
|
|
35836
35865
|
* fire false-positive drift on every run. See the `readCurrentState`
|
|
35837
35866
|
* docstring for the full rationale per category.
|
|
35838
35867
|
*
|
|
35839
|
-
*
|
|
35840
|
-
*
|
|
35841
|
-
*
|
|
35842
|
-
*
|
|
35843
|
-
*
|
|
35844
|
-
* - `DeliveryStreamEncryptionConfigurationInput`: input-only shape
|
|
35845
|
-
* (`KeyARN` + `KeyType`) vs. read-side `DeliveryStreamEncryptionConfiguration`
|
|
35846
|
-
* (extra status / failure fields); not yet round-tripped.
|
|
35868
|
+
* Only write-only fields AWS strips from descriptions remain:
|
|
35869
|
+
* Redshift `Password`, HttpEndpoint `EndpointConfiguration.AccessKey`.
|
|
35870
|
+
* State that carries these would otherwise fire drift on every run —
|
|
35871
|
+
* declaring them as drift-unknown is the cleanest fix because there
|
|
35872
|
+
* is no AWS read API to recover their values.
|
|
35847
35873
|
*
|
|
35848
|
-
* S3 / ExtendedS3 inner nested fields
|
|
35874
|
+
* S3 / ExtendedS3 inner nested fields, non-S3 destination types
|
|
35849
35875
|
* (Redshift / Elasticsearch / Amazonopensearchservice / Splunk /
|
|
35850
|
-
* HttpEndpoint / AmazonOpenSearchServerless)
|
|
35851
|
-
*
|
|
35852
|
-
* `
|
|
35853
|
-
* `mapHttpEndpointDescriptionToCfn` and no longer drift-unknown at the
|
|
35854
|
-
* top level.
|
|
35876
|
+
* HttpEndpoint / AmazonOpenSearchServerless), and
|
|
35877
|
+
* `DeliveryStreamEncryptionConfigurationInput` are all reverse-mapped
|
|
35878
|
+
* by `readCurrentState` and no longer drift-unknown.
|
|
35855
35879
|
*/
|
|
35856
35880
|
getDriftUnknownPaths() {
|
|
35857
35881
|
return [
|
|
35858
|
-
// Write-only fields AWS does not return on read.
|
|
35882
|
+
// Write-only fields AWS does not return on read — no API workaround.
|
|
35859
35883
|
"RedshiftDestinationConfiguration.Password",
|
|
35860
|
-
"HttpEndpointDestinationConfiguration.EndpointConfiguration.AccessKey"
|
|
35861
|
-
// Encryption input shape (deferred — separate Get* call needed).
|
|
35862
|
-
"DeliveryStreamEncryptionConfigurationInput"
|
|
35884
|
+
"HttpEndpointDestinationConfiguration.EndpointConfiguration.AccessKey"
|
|
35863
35885
|
];
|
|
35864
35886
|
}
|
|
35865
35887
|
async import(input) {
|
|
@@ -45188,7 +45210,7 @@ function reorderArgs(argv) {
|
|
|
45188
45210
|
}
|
|
45189
45211
|
async function main() {
|
|
45190
45212
|
const program = new Command14();
|
|
45191
|
-
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.51.
|
|
45213
|
+
program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.51.9");
|
|
45192
45214
|
program.addCommand(createBootstrapCommand());
|
|
45193
45215
|
program.addCommand(createSynthCommand());
|
|
45194
45216
|
program.addCommand(createListCommand());
|