@go-to-k/cdkd 0.85.0 → 0.87.0

package/dist/cli.js

@@ -79270,7 +79270,8 @@ import {
   DescribeTypeCommand,
   DeleteChangeSetCommand,
   waitUntilChangeSetCreateComplete,
-  waitUntilStackImportComplete
+  waitUntilStackImportComplete,
+  waitUntilStackUpdateComplete as waitUntilStackUpdateComplete2
 } from "@aws-sdk/client-cloudformation";
 init_aws_clients();
 var NEVER_IMPORTABLE_TYPES = /* @__PURE__ */ new Set([
@@ -79317,6 +79318,38 @@ var PRIMARY_IDENTIFIER_FALLBACK = {
   "AWS::Cognito::UserPool": "UserPoolId",
   "AWS::ECR::Repository": "RepositoryName"
 };
+var COMPOSITE_ID_SPLITTERS = {
+  // cdkd stores `restApiId|resourceId|httpMethod` (apigateway-provider.ts);
+  // CFn primary identifier is [RestApiId, ResourceId, HttpMethod] — same order.
+  "AWS::ApiGateway::Method": (id) => {
+    const parts = id.split("|");
+    if (parts.length !== 3) {
+      throw new Error(
+        `expected 3 parts (restApiId|resourceId|httpMethod), got ${parts.length}: '${id}'`
+      );
+    }
+    return { RestApiId: parts[0], ResourceId: parts[1], HttpMethod: parts[2] };
+  },
+  // cdkd stores `restApiId|resourceId` (apigateway-provider.ts);
+  // CFn primary identifier is [RestApiId, ResourceId].
+  "AWS::ApiGateway::Resource": (id) => {
+    const parts = id.split("|");
+    if (parts.length !== 2) {
+      throw new Error(`expected 2 parts (restApiId|resourceId), got ${parts.length}: '${id}'`);
+    }
+    return { RestApiId: parts[0], ResourceId: parts[1] };
+  },
+  // cdkd stores `IGW|VpcId` (ec2-provider.ts);
+  // CFn primary identifier is [VpcId, InternetGatewayId] — DIFFERENT order
+  // from cdkd. Splitter reorders explicitly.
+  "AWS::EC2::VPCGatewayAttachment": (id) => {
+    const parts = id.split("|");
+    if (parts.length !== 2) {
+      throw new Error(`expected 2 parts (IGW|VpcId), got ${parts.length}: '${id}'`);
+    }
+    return { VpcId: parts[1], InternetGatewayId: parts[0] };
+  }
+};
 async function exportCommand(stackArg, options) {
   const logger = getLogger();
   if (options.verbose) {
@@ -79425,39 +79458,90 @@ async function exportCommand(stackArg, options) {
       }
     }
     try {
-      const { plan, skipped } = await buildImportPlan(state, template, awsClients.cloudFormation);
-      if (skipped.length > 0) {
+      const { phase1Imports, phase2Creates, blocked } = await buildImportPlan(
+        state,
+        template,
+        awsClients.cloudFormation
+      );
+      if (blocked.length > 0) {
+        logger.error("The following resources block migration:");
+        for (const b of blocked) {
+          logger.error(`  - ${b.logicalId} (${b.resourceType}): ${b.reason}`);
+        }
+        throw new Error(
+          `${blocked.length} resource(s) block migration. Either destroy them first (cdkd destroy / cdkd state destroy cherry-picked), or remove them from the CDK app and re-synthesize.`
+        );
+      }
+      if (phase2Creates.length > 0 && !options.includeNonImportable) {
         logger.error("The following resources cannot be imported into CloudFormation:");
-        for (const s of skipped) {
-          logger.error(`  - ${s.logicalId} (${s.resourceType}): ${s.reason}`);
+        for (const p of phase2Creates) {
+          logger.error(`  - ${p.logicalId} (${p.resourceType}): CFn cannot import this type`);
         }
         throw new Error(
-          `${skipped.length} resource(s) cannot be imported. CloudFormation IMPORT requires every template resource to map to an importable AWS resource. Either destroy these resources first (cdkd destroy / cdkd state destroy cherry-picked), or accept abandoning them by removing them from the CDK app and re-synthesizing.`
+          `${phase2Creates.length} non-importable resource(s) detected (Custom::*). Pass --include-non-importable to run a 2-phase migration: phase 1 imports the importable resources; phase 2 CFn-CREATEs the non-importable ones (re-invoking each Custom Resource's backing Lambda onCreate handler \u2014 make sure those are idempotent). Or destroy these resources first.`
         );
       }
-      if (plan.length === 0) {
-        logger.warn("No resources to import \u2014 cdkd state is empty.");
+      if (phase1Imports.length === 0 && phase2Creates.length === 0) {
+        logger.warn("No resources to migrate \u2014 cdkd state is empty.");
         return;
       }
-      printPlan(plan, cfnStackName);
+      if (phase1Imports.length === 0) {
+        throw new Error(
+          "No importable resources in the template. CloudFormation IMPORT changeset requires at least one importable resource for phase 1."
+        );
+      }
+      printPlan(phase1Imports, cfnStackName);
+      if (phase2Creates.length > 0) {
+        logger.info(`Phase 2 will CREATE ${phase2Creates.length} non-importable resource(s):`);
+        for (const p of phase2Creates) {
+          logger.info(`  ${p.logicalId} (${p.resourceType})`);
+        }
+        logger.info("");
+      }
       if (options.dryRun) {
         logger.info("--dry-run: no CloudFormation changeset will be created.");
         return;
       }
       if (!options.yes) {
+        const phase2Note = phase2Creates.length > 0 ? ` Phase 2 will then CREATE ${phase2Creates.length} non-importable resource(s) (invoking each Custom Resource's onCreate handler).` : "";
         const ok = await confirmPrompt6(
-          `Create CloudFormation stack '${cfnStackName}' by importing ${plan.length} resource(s) from cdkd state '${resolvedStackName}' (${targetRegion})? AWS resources are unchanged. cdkd state for '${resolvedStackName}' will be deleted on success.`
+          `Create CloudFormation stack '${cfnStackName}' by importing ${phase1Imports.length} resource(s) from cdkd state '${resolvedStackName}' (${targetRegion})?` + phase2Note + ` AWS resources are unchanged on import. cdkd state for '${resolvedStackName}' will be deleted on success.`
         );
         if (!ok) {
           logger.info("Migration cancelled. cdkd state and CloudFormation are unchanged.");
           return;
         }
       }
-      const filteredTemplate = filterTemplateForImport(template, plan);
-      await executeImportChangeSet(awsClients.cloudFormation, cfnStackName, filteredTemplate, plan);
+      const phase1Template = filterTemplateForImport(template, phase1Imports);
+      await executeImportChangeSet(
+        awsClients.cloudFormation,
+        cfnStackName,
+        phase1Template,
+        phase1Imports
+      );
       logger.info(
-        `\u2713 CloudFormation stack '${cfnStackName}' created via IMPORT. ${plan.length} resource(s) are now managed by CloudFormation.`
+        `\u2713 Phase 1: CloudFormation stack '${cfnStackName}' created via IMPORT. ${phase1Imports.length} resource(s) imported.`
       );
+      if (phase2Creates.length > 0) {
+        try {
+          await executeUpdateChangeSet(awsClients.cloudFormation, cfnStackName, template);
+          logger.info(`\u2713 Phase 2: ${phase2Creates.length} non-importable resource(s) CREATEd.`);
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          throw new Error(
+            `Phase 1 (IMPORT) succeeded; phase 2 (UPDATE) failed: ${msg}
+
+The CloudFormation stack '${cfnStackName}' now contains the imported resources but is missing the ${phase2Creates.length} non-importable resource(s). cdkd state is UNCHANGED so you can inspect what's in it, but DO NOT run \`cdkd deploy\` against this stack (the imported resources are now CFn-managed). To recover:
+  1. Fix the failure cause (typically an onCreate Lambda error).
+  2. Re-run the phase 2 UPDATE manually with the full synth template:
+       aws cloudformation create-change-set --stack-name ${cfnStackName} \\
+         --change-set-name cdkd-phase2-retry --change-set-type UPDATE \\
+         --template-body file://<full-template.json>
+  3. Once phase 2 succeeds, run: cdkd state orphan ${resolvedStackName}
+     to clean up cdkd's stale state record.`
+          );
+        }
+      }
       await stateBackend.deleteState(resolvedStackName, targetRegion);
       logger.info(
         `cdkd state for '${resolvedStackName}' (${targetRegion}) removed. Manage the stack with 'cdk deploy' or 'aws cloudformation' from here on.`
@@ -79553,13 +79637,17 @@ async function assertCfnStackAbsent(cfnClient, stackName) {
     throw err;
   }
 }
+function isPhase2CreatableType(resourceType) {
+  return resourceType.startsWith("Custom::");
+}
 async function buildImportPlan(state, template, cfnClient) {
   const templateResources = template["Resources"];
   if (!templateResources || typeof templateResources !== "object" || Array.isArray(templateResources)) {
     throw new Error("Template has no Resources section.");
   }
-  const plan = [];
-  const skipped = [];
+  const phase1Imports = [];
+  const phase2Creates = [];
+  const blocked = [];
   const identifierCache = /* @__PURE__ */ new Map();
   for (const [logicalId, raw] of Object.entries(templateResources)) {
     if (!raw || typeof raw !== "object" || Array.isArray(raw))
@@ -79568,49 +79656,88 @@ async function buildImportPlan(state, template, cfnClient) {
     const resourceType = resource.Type ?? "";
     if (!resourceType)
       continue;
+    if (resourceType === "AWS::CDK::Metadata") {
+      continue;
+    }
     if (isNeverImportableType(resourceType)) {
-      if (resourceType === "AWS::CDK::Metadata")
-        continue;
-      skipped.push({
-        logicalId,
-        resourceType,
-        reason: "CloudFormation IMPORT does not support this resource type"
-      });
+      if (isPhase2CreatableType(resourceType)) {
+        phase2Creates.push({ logicalId, resourceType });
+      } else {
+        blocked.push({
+          logicalId,
+          resourceType,
+          reason: "CloudFormation cannot import or recreate this resource type"
+        });
+      }
       continue;
     }
     const stateEntry = state.resources[logicalId];
     if (!stateEntry || !stateEntry.physicalId) {
-      skipped.push({
+      blocked.push({
         logicalId,
         resourceType,
         reason: "no entry in cdkd state (resource is in template but was not deployed by cdkd)"
       });
       continue;
     }
-    let identifierKey;
+    let resourceIdentifier;
     try {
-      identifierKey = await resolvePrimaryIdentifier(resourceType, cfnClient, identifierCache);
+      resourceIdentifier = await resolveResourceIdentifier(
+        resourceType,
+        stateEntry.physicalId,
+        cfnClient,
+        identifierCache
+      );
     } catch (err) {
-      skipped.push({
+      blocked.push({
         logicalId,
         resourceType,
-        reason: "could not resolve primary identifier: " + (err instanceof Error ? err.message : String(err))
+        reason: "could not resolve resource identifier: " + (err instanceof Error ? err.message : String(err))
       });
       continue;
     }
-    plan.push({
+    phase1Imports.push({
       logicalId,
       resourceType,
       physicalId: stateEntry.physicalId,
-      identifierKey
+      resourceIdentifier
     });
   }
-  return { plan, skipped };
+  return { phase1Imports, phase2Creates, blocked };
 }
-async function resolvePrimaryIdentifier(resourceType, cfnClient, cache2) {
-  const cached = cache2.get(resourceType);
-  if (cached !== void 0)
-    return cached;
+async function resolveResourceIdentifier(resourceType, physicalId, cfnClient, cache2) {
+  let entry = cache2.get(resourceType);
+  if (entry === void 0) {
+    entry = await fetchPrimaryIdentifier(resourceType, cfnClient);
+    cache2.set(resourceType, entry);
+  }
+  if (entry.fields.length === 1) {
+    return { [entry.fields[0]]: physicalId };
+  }
+  const splitter = COMPOSITE_ID_SPLITTERS[resourceType];
+  if (!splitter) {
+    throw new Error(
+      `resource type uses a composite primary identifier (${entry.fields.length} fields: ${entry.fields.join(", ")}); add an entry to COMPOSITE_ID_SPLITTERS in src/cli/commands/export.ts that parses cdkd's physicalId for this type, or destroy the resource first and let CFn create it fresh`
+    );
+  }
+  let split;
+  try {
+    split = splitter(physicalId);
+  } catch (err) {
+    throw new Error(
+      `composite-id splitter for ${resourceType} failed: ` + (err instanceof Error ? err.message : String(err))
+    );
+  }
+  for (const f of entry.fields) {
+    if (!(f in split)) {
+      throw new Error(
+        `composite-id splitter for ${resourceType} did not produce field '${f}' (produced: ${Object.keys(split).join(", ")})`
+      );
+    }
+  }
+  return split;
+}
+async function fetchPrimaryIdentifier(resourceType, cfnClient) {
   try {
     const resp = await cfnClient.send(
       new DescribeTypeCommand({ Type: "RESOURCE", TypeName: resourceType })
@@ -79618,15 +79745,9 @@ async function resolvePrimaryIdentifier(resourceType, cfnClient, cache2) {
     if (resp.Schema) {
       const parsed = JSON.parse(resp.Schema);
       const primary = parsed.primaryIdentifier;
-      if (Array.isArray(primary) && primary.length === 1 && typeof primary[0] === "string") {
-        const propName = primary[0].replace(/^\/properties\//, "");
-        cache2.set(resourceType, propName);
-        return propName;
-      }
-      if (Array.isArray(primary) && primary.length > 1) {
-        throw new Error(
-          `resource type uses a composite primary identifier (${primary.length} fields); cdkd does not yet support composite identifiers for cdkd export`
-        );
+      if (Array.isArray(primary) && primary.length > 0 && primary.every((p) => typeof p === "string")) {
+        const fields = primary.map((p) => p.replace(/^\/properties\//, ""));
+        return { fields };
       }
     }
   } catch (err) {
@@ -79635,8 +79756,7 @@ async function resolvePrimaryIdentifier(resourceType, cfnClient, cache2) {
   }
   const fallback = PRIMARY_IDENTIFIER_FALLBACK[resourceType];
   if (fallback) {
-    cache2.set(resourceType, fallback);
-    return fallback;
+    return { fields: [fallback] };
   }
   throw new Error(
     `primary identifier unknown (DescribeType returned no usable schema and no fallback is registered). Add ${resourceType} to PRIMARY_IDENTIFIER_FALLBACK in export.ts, or open an issue.`
@@ -79696,9 +79816,8 @@ function printPlan(plan, cfnStackName) {
   logger.info("");
   logger.info(`Import plan for CloudFormation stack '${cfnStackName}':`);
   for (const entry of plan) {
-    logger.info(
-      `  ${entry.logicalId} (${entry.resourceType}) \u2190 ${entry.identifierKey}=${entry.physicalId}`
-    );
+    const idStr = Object.entries(entry.resourceIdentifier).map(([k, v]) => `${k}=${v}`).join(", ");
+    logger.info(`  ${entry.logicalId} (${entry.resourceType}) \u2190 ${idStr}`);
   }
   logger.info("");
 }
@@ -79709,7 +79828,7 @@ async function executeImportChangeSet(cfnClient, stackName, template, plan) {
   const resourcesToImport = plan.map((entry) => ({
     ResourceType: entry.resourceType,
     LogicalResourceId: entry.logicalId,
-    ResourceIdentifier: { [entry.identifierKey]: entry.physicalId }
+    ResourceIdentifier: entry.resourceIdentifier
   }));
   logger.info(
     `Creating IMPORT changeset '${changeSetName}' for stack '${stackName}' (${plan.length} resource(s), ${templateBody.length} bytes)...`
@@ -79773,6 +79892,68 @@ async function executeImportChangeSet(cfnClient, stackName, template, plan) {
     throw err;
   }
 }
+async function executeUpdateChangeSet(cfnClient, stackName, template) {
+  const logger = getLogger();
+  const changeSetName = `cdkd-phase2-${Date.now()}`;
+  const templateBody = JSON.stringify(template, null, 2);
+  if (templateBody.length > 51200) {
+    throw new Error(
+      `Full template is ${templateBody.length} bytes, over the 51,200-byte inline TemplateBody limit for phase-2 UPDATE. TemplateURL upload is not yet implemented.`
+    );
+  }
+  logger.info(
+    `Creating UPDATE changeset '${changeSetName}' for phase 2 (${templateBody.length} bytes)...`
+  );
+  try {
+    await cfnClient.send(
+      new CreateChangeSetCommand({
+        StackName: stackName,
+        ChangeSetName: changeSetName,
+        ChangeSetType: "UPDATE",
+        TemplateBody: templateBody,
+        Capabilities: ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]
+      })
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new Error(`Failed to create UPDATE changeset: ${msg}`);
+  }
+  try {
+    await waitUntilChangeSetCreateComplete(
+      { client: cfnClient, maxWaitTime: 600 },
+      { StackName: stackName, ChangeSetName: changeSetName }
+    );
+  } catch (err) {
+    try {
+      const desc = await cfnClient.send(
+        new DescribeChangeSetCommand({ StackName: stackName, ChangeSetName: changeSetName })
+      );
+      const reason = desc.StatusReason ?? "unknown";
+      await cfnClient.send(new DeleteChangeSetCommand({ StackName: stackName, ChangeSetName: changeSetName })).catch(() => {
+      });
+      throw new Error(`UPDATE changeset FAILED: ${reason}`);
+    } catch (innerErr) {
+      if (innerErr instanceof Error && innerErr.message.startsWith("UPDATE changeset FAILED")) {
+        throw innerErr;
+      }
+      throw err;
+    }
+  }
+  logger.info(`Executing UPDATE changeset...`);
+  try {
+    await cfnClient.send(
+      new ExecuteChangeSetCommand({ StackName: stackName, ChangeSetName: changeSetName })
+    );
+    await waitUntilStackUpdateComplete2(
+      { client: cfnClient, maxWaitTime: 3600 },
+      { StackName: stackName }
+    );
+  } catch (err) {
+    await cfnClient.send(new DeleteChangeSetCommand({ StackName: stackName, ChangeSetName: changeSetName })).catch(() => {
+    });
+    throw err;
+  }
+}
 function refuseTransientContextIfUnsafe(options) {
   const overrides = options.context ?? [];
   if (overrides.length === 0)
@@ -79842,6 +80023,10 @@ function createExportCommand() {
     "--accept-transient-context",
     "Allow CLI -c key=value overrides at export time even though they are not persisted to cdk.json / cdk.context.json (default: refuse). When set, the user is responsible for passing the same -c flags to every future cdk deploy.",
     false
+  ).option(
+    "--include-non-importable",
+    "Run a 2-phase migration when the stack contains non-importable resources (Custom::*). Phase 1 imports the importable resources; phase 2 CFn-CREATEs the non-importable ones, which re-invokes each Custom Resource's onCreate handler. Make sure onCreate is idempotent before enabling.",
+    false
   ).action(withErrorHandling(exportCommand));
   [...commonOptions, ...appOptions, ...stateOptions, ...contextOptions].forEach(
     (opt) => cmd.addOption(opt)
@@ -79880,7 +80065,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command18();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.85.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.87.0");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());