@go-to-k/cdkd 0.53.0 → 0.54.0

package/dist/cli.js

@@ -22622,11 +22622,13 @@ import {
   DeleteStageCommand,
   GetStageCommand,
   PutMethodCommand,
+  UpdateMethodCommand,
   DeleteMethodCommand,
   GetMethodCommand,
   PutIntegrationCommand,
   PutMethodResponseCommand,
   CreateAuthorizerCommand,
+  UpdateAuthorizerCommand,
   DeleteAuthorizerCommand,
   GetAuthorizerCommand,
   TagResourceCommand as TagResourceCommand10,
@@ -22713,7 +22715,13 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
       case "AWS::ApiGateway::Account":
         return this.updateAccount(logicalId, physicalId, resourceType, properties);
       case "AWS::ApiGateway::Authorizer":
-        return this.updateAuthorizer(logicalId, physicalId, resourceType);
+        return this.updateAuthorizer(
+          logicalId,
+          physicalId,
+          resourceType,
+          properties,
+          previousProperties
+        );
       case "AWS::ApiGateway::Resource":
         return this.updateResource(
           logicalId,
@@ -22733,7 +22741,13 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
           previousProperties
         );
       case "AWS::ApiGateway::Method":
-        return this.updateMethod(logicalId, physicalId);
+        return this.updateMethod(
+          logicalId,
+          physicalId,
+          resourceType,
+          properties,
+          previousProperties
+        );
       default:
         throw new ProvisioningError(
           `Unsupported resource type: ${resourceType}`,
@@ -22963,22 +22977,94 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
     }
   }
   /**
-   * Update an API Gateway Authorizer.
+   * Update an API Gateway Authorizer via `UpdateAuthorizerCommand` (RFC 6902
+   * JSON Patch operations).
+   *
+   * Mutable fields (per AWS API Gateway PATCH operations docs):
+   *   `/name`, `/authType`, `/authorizerUri`, `/authorizerCredentials`,
+   *   `/identitySource`, `/identityValidationExpression`,
+   *   `/authorizerResultTtlInSeconds`, `/providerARNs`.
    *
-   * AWS exposes `UpdateAuthorizer` (PATCH) but cdkd does not yet plumb the
-   * patch-operations builder through. Authorizers are recreated by the
-   * deploy engine's immutable-property replacement path. `cdkd drift
-   * --revert` surfaces a clear "use --replace or re-deploy" message
-   * instead of silently no-op'ing the revert.
+   * `Type` and `RestApiId` are immutable (the deploy engine's replacement
+   * path handles those changes via DELETE + CREATE before this method is
+   * called).
+   *
+   * The `gate on !== undefined` pattern (NOT truthy) is load-bearing for
+   * `cdkd drift --revert`: an empty placeholder coming from
+   * `readCurrentStateAuthorizer` (e.g. `IdentitySource: ''` on a Cognito
+   * authorizer) MUST reach AWS as `replace /<field> ''` so a console-side
+   * change away from "" is actually cleared on revert. A truthy gate would
+   * silently drop the empty placeholder and the next drift run would
+   * re-detect the same divergence forever.
    */
-  updateAuthorizer(logicalId, _physicalId, _resourceType) {
-    return Promise.reject(
-      new ResourceUpdateNotSupportedError(
-        "AWS::ApiGateway::Authorizer",
+  async updateAuthorizer(logicalId, physicalId, resourceType, properties, previousProperties) {
+    this.logger.debug(`Updating API Gateway Authorizer ${logicalId}: ${physicalId}`);
+    const restApiId = properties["RestApiId"];
+    if (!restApiId) {
+      throw new ProvisioningError(
+        `RestApiId is required to update API Gateway Authorizer ${logicalId}`,
+        resourceType,
         logicalId,
-        "API Gateway Authorizer updates are not yet implemented in cdkd; re-deploy with cdkd deploy --replace, or destroy + redeploy the stack"
-      )
-    );
+        physicalId
+      );
+    }
+    const patchOperations = [];
+    const primitiveFields = [
+      { key: "Name", path: "/name" },
+      { key: "AuthType", path: "/authType" },
+      { key: "AuthorizerUri", path: "/authorizerUri" },
+      { key: "AuthorizerCredentials", path: "/authorizerCredentials" },
+      { key: "IdentitySource", path: "/identitySource" },
+      { key: "IdentityValidationExpression", path: "/identityValidationExpression" },
+      { key: "AuthorizerResultTtlInSeconds", path: "/authorizerResultTtlInSeconds" }
+    ];
+    for (const { key, path } of primitiveFields) {
+      const newVal = properties[key];
+      const prevVal = previousProperties[key];
+      if (newVal !== prevVal) {
+        patchOperations.push({
+          op: "replace",
+          path,
+          value: newVal !== void 0 ? String(newVal) : ""
+        });
+      }
+    }
+    const newArns = properties["ProviderARNs"];
+    const prevArns = previousProperties["ProviderARNs"];
+    const arnsChanged = (newArns?.length ?? 0) !== (prevArns?.length ?? 0) || (newArns ?? []).some((a, i) => a !== prevArns?.[i]);
+    if (arnsChanged) {
+      patchOperations.push({
+        op: "replace",
+        path: "/providerARNs",
+        value: (newArns ?? []).join(",")
+      });
+    }
+    if (patchOperations.length === 0) {
+      this.logger.debug(`No changes detected for API Gateway Authorizer ${logicalId}`);
+      return { physicalId, wasReplaced: false };
+    }
+    try {
+      await this.apiGatewayClient.send(
+        new UpdateAuthorizerCommand({
+          restApiId,
+          authorizerId: physicalId,
+          patchOperations
+        })
+      );
+      this.logger.debug(
+        `Successfully updated API Gateway Authorizer ${logicalId} (${patchOperations.length} patch ops)`
+      );
+      return { physicalId, wasReplaced: false };
+    } catch (error) {
+      const cause = error instanceof Error ? error : void 0;
+      throw new ProvisioningError(
+        `Failed to update API Gateway Authorizer ${logicalId}: ${error instanceof Error ? error.message : String(error)}`,
+        resourceType,
+        logicalId,
+        physicalId,
+        cause
+      );
+    }
   }
   /**
    * Delete an API Gateway Authorizer
@@ -23524,22 +23610,106 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
     }
   }
   /**
-   * Update an API Gateway Method.
+   * Update an API Gateway Method via `UpdateMethodCommand` (RFC 6902 JSON
+   * Patch operations).
+   *
+   * Mutable top-level fields:
+   *   `/authorizationType`, `/authorizerId`, `/apiKeyRequired`,
+   *   `/operationName`, `/requestValidatorId`.
+   *
+   * Map fields (`RequestParameters`, `RequestModels`) emit per-key
+   * `add` / `remove` / `replace` ops with paths like
+   *   `/requestParameters/method.request.querystring.foo`
+   *   `/requestModels/application~1json` (slashes escaped per RFC 6901).
    *
-   * AWS exposes `UpdateMethod` (PATCH) but cdkd does not yet plumb the
-   * patch-operations builder through. Methods are recreated by the deploy
-   * engine's immutable-property replacement path. `cdkd drift --revert`
-   * surfaces a clear "use --replace or re-deploy" message instead of
-   * silently no-op'ing the revert.
+   * `HttpMethod`, `ResourceId`, `RestApiId` are immutable (replacement
+   * layer handles them via DELETE + CREATE).
+   *
+   * `Integration` and `MethodResponses` are NOT touched here — they are
+   * separate API Gateway sub-resources (`UpdateIntegration` /
+   * `UpdateMethodResponse`) and the cdkd `create()` path treats them as
+   * inline children of the Method. Round-tripping their structurally-
+   * incomplete `{}` placeholders through `updateMethod` would require
+   * destroying / recreating the integration; that work is deferred and
+   * the empty placeholders are blocked from reaching AWS by the
+   * `!== undefined` gate plus the explicit "ignore Integration /
+   * MethodResponses" comment in this method body.
+   *
+   * The `gate on !== undefined` pattern (NOT truthy) is load-bearing for
+   * `cdkd drift --revert`: `ApiKeyRequired: false` and empty-string
+   * placeholders must reach AWS as a real `replace` op so a console-
+   * side toggle is actually cleared on revert.
    */
-  updateMethod(logicalId, _physicalId) {
-    return Promise.reject(
-      new ResourceUpdateNotSupportedError(
-        "AWS::ApiGateway::Method",
+  async updateMethod(logicalId, physicalId, resourceType, properties, previousProperties) {
+    this.logger.debug(`Updating API Gateway Method ${logicalId}: ${physicalId}`);
+    const parts = physicalId.split("|");
+    if (parts.length !== 3) {
+      throw new ProvisioningError(
+        `Invalid physicalId format for API Gateway Method ${logicalId}: expected "restApiId|resourceId|httpMethod", got "${physicalId}"`,
+        resourceType,
         logicalId,
-        "API Gateway Method updates are not yet implemented in cdkd; re-deploy with cdkd deploy --replace, or destroy + redeploy the stack"
-      )
+        physicalId
+      );
+    }
+    const [restApiId, resourceId, httpMethod] = parts;
+    const patchOperations = [];
+    const primitiveFields = [
+      { key: "AuthorizationType", path: "/authorizationType" },
+      { key: "AuthorizerId", path: "/authorizerId" },
+      { key: "ApiKeyRequired", path: "/apiKeyRequired" },
+      { key: "OperationName", path: "/operationName" },
+      { key: "RequestValidatorId", path: "/requestValidatorId" }
+    ];
+    for (const { key, path } of primitiveFields) {
+      const newVal = properties[key];
+      const prevVal = previousProperties[key];
+      if (newVal !== prevVal) {
+        patchOperations.push({
+          op: "replace",
+          path,
+          value: newVal !== void 0 ? String(newVal) : ""
+        });
+      }
+    }
+    appendMapPatchOps(
+      patchOperations,
+      "/requestParameters",
+      properties["RequestParameters"] ?? {},
+      previousProperties["RequestParameters"] ?? {}
+    );
+    appendMapPatchOps(
+      patchOperations,
+      "/requestModels",
+      properties["RequestModels"] ?? {},
+      previousProperties["RequestModels"] ?? {}
     );
+    if (patchOperations.length === 0) {
+      this.logger.debug(`No changes detected for API Gateway Method ${logicalId}`);
+      return { physicalId, wasReplaced: false };
+    }
+    try {
+      await this.apiGatewayClient.send(
+        new UpdateMethodCommand({
+          restApiId,
+          resourceId,
+          httpMethod,
+          patchOperations
+        })
+      );
+      this.logger.debug(
+        `Successfully updated API Gateway Method ${logicalId} (${patchOperations.length} patch ops)`
+      );
+      return { physicalId, wasReplaced: false };
+    } catch (error) {
+      const cause = error instanceof Error ? error : void 0;
+      throw new ProvisioningError(
+        `Failed to update API Gateway Method ${logicalId}: ${error instanceof Error ? error.message : String(error)}`,
+        resourceType,
+        logicalId,
+        physicalId,
+        cause
+      );
+    }
   }
   /**
    * Delete an API Gateway Method
@@ -23866,6 +24036,23 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
     return null;
   }
 };
+function appendMapPatchOps(ops, basePath, next, prev) {
+  const escape = (k) => k.replace(/~/g, "~0").replace(/\//g, "~1");
+  for (const [key, val] of Object.entries(next)) {
+    const path = `${basePath}/${escape(key)}`;
+    const stringValue = String(val);
+    if (!(key in prev)) {
+      ops.push({ op: "add", path, value: stringValue });
+    } else if (String(prev[key]) !== stringValue) {
+      ops.push({ op: "replace", path, value: stringValue });
+    }
+  }
+  for (const key of Object.keys(prev)) {
+    if (!(key in next)) {
+      ops.push({ op: "remove", path: `${basePath}/${escape(key)}` });
+    }
+  }
+}
 
 // src/provisioning/providers/apigatewayv2-provider.ts
 import {
@@ -45602,7 +45789,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command14();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.53.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.54.0");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());