@go-to-k/cdkd 0.72.0 → 0.74.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -5
- package/dist/cli.js +1639 -262
- package/dist/cli.js.map +4 -4
- package/dist/go-to-k-cdkd-0.74.0.tgz +0 -0
- package/package.json +1 -1
- package/dist/go-to-k-cdkd-0.72.0.tgz +0 -0
package/README.md
CHANGED
|
@@ -634,6 +634,19 @@ cdkd local invoke MyStack/Handler --debug-port 9229
|
|
|
634
634
|
cdkd local invoke MyStack/Handler --from-state
|
|
635
635
|
```
|
|
636
636
|
|
|
637
|
+
**Lambda Layers (PR 6 of #224, issue #232)** — same-stack
|
|
638
|
+
`AWS::Lambda::LayerVersion` references in `Properties.Layers` are
|
|
639
|
+
resolved automatically and bind-mounted at `/opt` (read-only) inside
|
|
640
|
+
the container. Each layer's unzipped asset directory under `cdk.out/`
|
|
641
|
+
becomes one `-v <layerAssetPath>:/opt:ro` mount; multiple layers
|
|
642
|
+
stack via Docker overlay layering, and AWS's "last layer wins on
|
|
643
|
+
file collision" rule is preserved by keeping the template's input
|
|
644
|
+
order. Cross-stack / cross-account / cross-region layer ARNs (literal
|
|
645
|
+
ARN strings in `Properties.Layers`) are out of scope for v1 — cdkd
|
|
646
|
+
hard-errors with a clear pointer at the offending entry. Container
|
|
647
|
+
Lambdas (`Code.ImageUri`) silently ignore `Layers` (matches AWS:
|
|
648
|
+
container images bake layers at build time).
|
|
649
|
+
|
|
637
650
|
See [docs/cli-reference.md](docs/cli-reference.md#local-invoke-run-lambda-functions-locally)
|
|
638
651
|
for the full surface, target-resolution rules, and v1 scope notes.
|
|
639
652
|
|
|
@@ -662,13 +675,30 @@ cdkd local start-api --env-vars env.json
|
|
|
662
675
|
cdkd local start-api --assume-role MyApiHandler=arn:aws:iam::123:role/handler-role
|
|
663
676
|
```
|
|
664
677
|
|
|
665
|
-
v1 scope
|
|
666
|
-
|
|
667
|
-
|
|
678
|
+
v1 scope: REST v1 + HTTP API + Function URL with AWS_PROXY integrations.
|
|
679
|
+
Authorizers (PR 8b — Lambda TOKEN/REQUEST + Cognito User Pool + HTTP v2
|
|
680
|
+
JWT) and VPC-config Lambda warnings (PR 8b) are supported. CORS
|
|
681
|
+
preflight, hot reload, stage variables, and WebSocket APIs are still
|
|
682
|
+
deferred to follow-up PRs.
|
|
683
|
+
|
|
684
|
+
**Authorizers (PR 8b)**: `Authorization: Bearer <token>`-protected
|
|
685
|
+
routes are gated on the authorizer Lambda's response (TOKEN / REQUEST
|
|
686
|
+
authorizers, IAM-policy or HTTP v2 simple shape) or on a JWKS-based JWT
|
|
687
|
+
verification (Cognito User Pool authorizers, HTTP v2 JWT authorizers).
|
|
688
|
+
When the JWKS endpoint is unreachable from the dev machine, cdkd falls
|
|
689
|
+
back to **pass-through mode** (every JWT accepted, with a warn line at
|
|
690
|
+
startup) — local-dev-only fallback so a corporate proxy doesn't block
|
|
691
|
+
iteration. **Do NOT rely on this in any shared environment.**
|
|
692
|
+
|
|
693
|
+
**VPC-config Lambdas (PR 8b)**: handlers with `Properties.VpcConfig`
|
|
694
|
+
still run locally, but the local container is NOT attached to the
|
|
695
|
+
deployed VPC's subnets — calls to private RDS / ElastiCache will fail.
|
|
696
|
+
cdkd warns at startup naming each affected Lambda; AWS SDK calls still
|
|
697
|
+
reach public AWS endpoints via the dev's network as usual.
|
|
668
698
|
|
|
669
699
|
See [docs/cli-reference.md](docs/cli-reference.md#local-start-api-long-running-local-api-server)
|
|
670
|
-
for the full route-discovery rules, container-pool semantics,
|
|
671
|
-
codes.
|
|
700
|
+
for the full route-discovery rules, container-pool semantics, exit
|
|
701
|
+
codes, and per-authorizer-kind detection / response-shape details.
|
|
672
702
|
|
|
673
703
|
## State Management
|
|
674
704
|
|