@go-to-k/cdkd 0.71.0 → 0.73.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -5
- package/dist/cli.js +1409 -167
- package/dist/cli.js.map +4 -4
- package/dist/go-to-k-cdkd-0.73.0.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.71.0.tgz +0 -0
package/README.md
CHANGED
|
@@ -613,6 +613,11 @@ cdkd local invoke MyStack/Handler --env-vars env.json
|
|
|
613
613
|
# Skip docker pull when iterating
|
|
614
614
|
cdkd local invoke MyStack/Handler --no-pull
|
|
615
615
|
|
|
616
|
+
# Skip the local docker build for container Lambdas (Code.ImageUri).
|
|
617
|
+
# Reuses the deterministic cdkd-local-invoke-<hash> tag from a prior
|
|
618
|
+
# build. Errors clearly when the tag is missing.
|
|
619
|
+
cdkd local invoke MyStack/ContainerHandler --no-build
|
|
620
|
+
|
|
616
621
|
# Run with the deployed function's narrow execution role (otherwise the
|
|
617
622
|
# developer's shell credentials are forwarded — SAM-compatible default)
|
|
618
623
|
cdkd local invoke MyStack/Handler --assume-role arn:aws:iam::123456789012:role/MyApi-handler-role
|
|
@@ -657,13 +662,30 @@ cdkd local start-api --env-vars env.json
|
|
|
657
662
|
cdkd local start-api --assume-role MyApiHandler=arn:aws:iam::123:role/handler-role
|
|
658
663
|
```
|
|
659
664
|
|
|
660
|
-
v1 scope
|
|
661
|
-
|
|
662
|
-
|
|
665
|
+
v1 scope: REST v1 + HTTP API + Function URL with AWS_PROXY integrations.
|
|
666
|
+
Authorizers (PR 8b — Lambda TOKEN/REQUEST + Cognito User Pool + HTTP v2
|
|
667
|
+
JWT) and VPC-config Lambda warnings (PR 8b) are supported. CORS
|
|
668
|
+
preflight, hot reload, stage variables, and WebSocket APIs are still
|
|
669
|
+
deferred to follow-up PRs.
|
|
670
|
+
|
|
671
|
+
**Authorizers (PR 8b)**: `Authorization: Bearer <token>`-protected
|
|
672
|
+
routes are gated on the authorizer Lambda's response (TOKEN / REQUEST
|
|
673
|
+
authorizers, IAM-policy or HTTP v2 simple shape) or on a JWKS-based JWT
|
|
674
|
+
verification (Cognito User Pool authorizers, HTTP v2 JWT authorizers).
|
|
675
|
+
When the JWKS endpoint is unreachable from the dev machine, cdkd falls
|
|
676
|
+
back to **pass-through mode** (every JWT accepted, with a warn line at
|
|
677
|
+
startup) — local-dev-only fallback so a corporate proxy doesn't block
|
|
678
|
+
iteration. **Do NOT rely on this in any shared environment.**
|
|
679
|
+
|
|
680
|
+
**VPC-config Lambdas (PR 8b)**: handlers with `Properties.VpcConfig`
|
|
681
|
+
still run locally, but the local container is NOT attached to the
|
|
682
|
+
deployed VPC's subnets — calls to private RDS / ElastiCache will fail.
|
|
683
|
+
cdkd warns at startup naming each affected Lambda; AWS SDK calls still
|
|
684
|
+
reach public AWS endpoints via the dev's network as usual.
|
|
663
685
|
|
|
664
686
|
See [docs/cli-reference.md](docs/cli-reference.md#local-start-api-long-running-local-api-server)
|
|
665
|
-
for the full route-discovery rules, container-pool semantics,
|
|
666
|
-
codes.
|
|
687
|
+
for the full route-discovery rules, container-pool semantics, exit
|
|
688
|
+
codes, and per-authorizer-kind detection / response-shape details.
|
|
667
689
|
|
|
668
690
|
## State Management
|
|
669
691
|
|