npm - @go-to-k/cdkd - Versions diffs - 0.9.0 → 0.10.0 - Mend

@go-to-k/cdkd 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js +186 -25
package/dist/cli.js.map +4 -4
package/dist/go-to-k-cdkd-0.10.0.tgz +0 -0
package/dist/index.js +163 -15
package/dist/index.js.map +4 -4
package/package.json +1 -1
package/dist/go-to-k-cdkd-0.9.0.tgz +0 -0

package/dist/go-to-k-cdkd-0.10.0.tgz ADDED Viewed

Binary file

package/dist/index.js CHANGED Viewed

@@ -783,10 +783,73 @@ Caused by: ${error.cause.message}`;
   }
   return String(error);
 }
+function normalizeAwsError(err, context = {}) {
+  if (!(err instanceof Error)) {
+    return new Error(String(err));
+  }
+  const isUnknown = err.name === "Unknown" || err.message === "UnknownError";
+  if (!isUnknown)
+    return err;
+  const meta = err.$metadata;
+  const status = meta?.httpStatusCode;
+  const bucket = context.bucket ?? "<unknown bucket>";
+  const operation = context.operation ?? "operation";
+  switch (status) {
+    case 301: {
+      const responseHeaders = err.$response?.headers;
+      const region = responseHeaders?.["x-amz-bucket-region"] ?? responseHeaders?.["X-Amz-Bucket-Region"];
+      const where = region ? ` (in ${region})` : "";
+      return new Error(
+        `Bucket '${bucket}'${where} is in a different region than the client. cdkd resolves this automatically; if you see this message, please report it.`
+      );
+    }
+    case 403:
+      return new Error(
+        `Access denied to bucket '${bucket}'. Verify credentials and bucket policy.`
+      );
+    case 404:
+      return new Error(`Bucket '${bucket}' does not exist.`);
+    default: {
+      const statusStr = status !== void 0 ? `HTTP ${status}` : "unknown HTTP status";
+      return new Error(
+        `S3 error during ${operation} on '${bucket}' (${statusStr}). See CloudTrail for details.`
+      );
+    }
+  }
+}
 // src/index.ts
 init_aws_clients();
+// src/utils/aws-region-resolver.ts
+import { GetBucketLocationCommand, S3Client as S3Client2 } from "@aws-sdk/client-s3";
+var cache = /* @__PURE__ */ new Map();
+async function resolveBucketRegion(bucketName, opts = {}) {
+  const cached = cache.get(bucketName);
+  if (cached)
+    return cached;
+  const promise = (async () => {
+    const client = new S3Client2({
+      region: "us-east-1",
+      ...opts.profile && { profile: opts.profile },
+      ...opts.credentials && { credentials: opts.credentials }
+    });
+    try {
+      const response = await client.send(new GetBucketLocationCommand({ Bucket: bucketName }));
+      return response.LocationConstraint || "us-east-1";
+    } catch {
+      return opts.fallbackRegion ?? "us-east-1";
+    } finally {
+      client.destroy();
+    }
+  })();
+  cache.set(bucketName, promise);
+  return promise;
+}
+function clearBucketRegionCache() {
+  cache.clear();
+}
 // src/synthesis/synthesizer.ts
 import { existsSync as existsSync3, mkdirSync, statSync } from "node:fs";
 import { resolve as resolve3 } from "node:path";
@@ -2083,7 +2146,7 @@ import { readFileSync as readFileSync4 } from "node:fs";
 // src/assets/file-asset-publisher.ts
 import { createReadStream, statSync as statSync2 } from "node:fs";
 import { join as join4, basename } from "node:path";
-import { S3Client as S3Client2, HeadObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
+import { S3Client as S3Client3, HeadObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
 var FileAssetPublisher = class {
   logger = getLogger().child("FileAssetPublisher");
   /**
@@ -2104,7 +2167,7 @@ var FileAssetPublisher = class {
       this.logger.debug(
         `Publishing file asset ${asset.displayName || assetHash} \u2192 s3://${bucketName}/${objectKey}`
       );
-      const client = new S3Client2({
+      const client = new S3Client3({
         region: destRegion
       });
       try {
@@ -2653,6 +2716,7 @@ var AssetPublisher = class {
 // src/state/s3-state-backend.ts
 import {
+  S3Client as S3Client4,
   GetObjectCommand,
   PutObjectCommand as PutObjectCommand2,
   DeleteObjectCommand,
@@ -2670,11 +2734,14 @@ var STATE_SCHEMA_VERSION_CURRENT = 2;
 var LEGACY_KEY_DEPTH = 2;
 var NEW_KEY_DEPTH = 3;
 var S3StateBackend = class {
-  constructor(s3Client, config) {
+  constructor(s3Client, config, clientOpts = {}) {
     this.s3Client = s3Client;
     this.config = config;
+    this.clientOpts = clientOpts;
   }
   logger = getLogger().child("S3StateBackend");
+  clientResolved = false;
+  resolveInFlight = null;
   /**
    * Get the new (region-scoped) S3 key for a stack's state file.
    */
@@ -2688,13 +2755,73 @@ var S3StateBackend = class {
   getLegacyStateKey(stackName) {
     return `${this.config.prefix}/${stackName}/state.json`;
   }
+  /**
+   * Resolve the state bucket's actual region and, if it differs from the
+   * client's currently-configured region, replace the S3Client with one
+   * pointed at the bucket's region.
+   *
+   * This is idempotent: subsequent calls return immediately. Concurrent
+   * callers (e.g. when several public methods race during a parallel deploy)
+   * share a single in-flight resolution promise so we never issue more than
+   * one `GetBucketLocation` per backend.
+   *
+   * Errors from `GetBucketLocation` are deliberately swallowed by
+   * `resolveBucketRegion` — the resolver returns `fallbackRegion` so the
+   * caller can surface the more actionable downstream error (e.g. the
+   * `HeadBucket` 404 routed via `normalizeAwsError`).
+   */
+  async ensureClientForBucket() {
+    if (this.clientResolved)
+      return;
+    if (this.resolveInFlight)
+      return this.resolveInFlight;
+    this.resolveInFlight = (async () => {
+      try {
+        const currentRegion = await this.s3Client.config.region();
+        const fallbackRegion = typeof currentRegion === "string" ? currentRegion : void 0;
+        const bucketRegion = await resolveBucketRegion(this.config.bucket, {
+          ...this.clientOpts.profile && { profile: this.clientOpts.profile },
+          ...this.clientOpts.credentials && { credentials: this.clientOpts.credentials },
+          ...fallbackRegion && { fallbackRegion }
+        });
+        if (bucketRegion !== currentRegion) {
+          this.logger.debug(
+            `State bucket '${this.config.bucket}' is in '${bucketRegion}' (client was '${currentRegion}'); rebuilding S3 client.`
+          );
+          const oldClient = this.s3Client;
+          this.s3Client = new S3Client4({
+            region: bucketRegion,
+            ...this.clientOpts.profile && { profile: this.clientOpts.profile },
+            ...this.clientOpts.credentials && { credentials: this.clientOpts.credentials },
+            // Suppress "Are you using a Stream of unknown length" warning,
+            // matching the suppression in AwsClients.
+            logger: { debug: () => {
+            }, info: () => {
+            }, warn: () => {
+            }, error: () => {
+            } }
+          });
+          oldClient.destroy();
+        }
+        this.clientResolved = true;
+      } finally {
+        this.resolveInFlight = null;
+      }
+    })();
+    return this.resolveInFlight;
+  }
   /**
    * Verify that the configured state bucket exists.
    *
    * Called early in deploy/destroy to fail fast before expensive work
    * (asset publishing, Docker builds) runs against a missing bucket.
+   *
+   * Errors are routed through {@link normalizeAwsError} so the AWS SDK v3
+   * synthetic `UnknownError` (e.g. cross-region HEAD) becomes a concrete
+   * "Bucket does not exist" / "Access denied" / "different region" message.
    */
   async verifyBucketExists() {
+    await this.ensureClientForBucket();
     try {
       await this.s3Client.send(new HeadBucketCommand({ Bucket: this.config.bucket }));
     } catch (error) {
@@ -2704,9 +2831,13 @@ var S3StateBackend = class {
           `State bucket '${this.config.bucket}' does not exist. Run 'cdkd bootstrap' to create it, or specify an existing bucket via --state-bucket, CDKD_STATE_BUCKET, or cdk.json context.cdkd.stateBucket.`
         );
       }
+      const normalized = normalizeAwsError(error, {
+        bucket: this.config.bucket,
+        operation: "HeadBucket"
+      });
       throw new StateError(
-        `Failed to verify state bucket '${this.config.bucket}': ${error instanceof Error ? error.message : String(error)}`,
-        error instanceof Error ? error : void 0
+        `Failed to verify state bucket '${this.config.bucket}': ${normalized.message}`,
+        normalized
       );
     }
   }
@@ -2719,6 +2850,7 @@ var S3StateBackend = class {
    * state without forcing a write-through migration first.
    */
   async stateExists(stackName, region) {
+    await this.ensureClientForBucket();
     const newKey = this.getStateKey(stackName, region);
     if (await this.headObject(newKey)) {
       return true;
@@ -2741,6 +2873,7 @@ var S3StateBackend = class {
    * preserve the quotes — they are required for `IfMatch` conditions.
    */
   async getState(stackName, region) {
+    await this.ensureClientForBucket();
     const newKey = this.getStateKey(stackName, region);
     try {
       this.logger.debug(`Getting state for stack: ${stackName} (${region})`);
@@ -2800,6 +2933,7 @@ var S3StateBackend = class {
    * @returns New ETag (with quotes, e.g., `"abc123"`)
    */
   async saveState(stackName, region, state, options = {}) {
+    await this.ensureClientForBucket();
     const newKey = this.getStateKey(stackName, region);
     const { expectedEtag, migrateLegacy } = options;
     const body = {
@@ -2855,9 +2989,13 @@ var S3StateBackend = class {
           `State has been modified by another process. Expected ETag: ${expectedEtag}, but state has changed.`
         );
       }
+      const normalized = normalizeAwsError(error, {
+        bucket: this.config.bucket,
+        operation: "PutObject"
+      });
       throw new StateError(
-        `Failed to save state for stack '${stackName}' (${region}): ${error instanceof Error ? error.message : String(error)}`,
-        error instanceof Error ? error : void 0
+        `Failed to save state for stack '${stackName}' (${region}): ${normalized.message}`,
+        normalized
       );
     }
   }
@@ -2869,6 +3007,7 @@ var S3StateBackend = class {
    * field is left alone.
    */
   async deleteState(stackName, region) {
+    await this.ensureClientForBucket();
     try {
       this.logger.debug(`Deleting state: ${stackName} (${region})`);
       await this.s3Client.send(
@@ -2888,9 +3027,13 @@ var S3StateBackend = class {
       }
       this.logger.debug(`State deleted: ${stackName} (${region})`);
     } catch (error) {
+      const normalized = normalizeAwsError(error, {
+        bucket: this.config.bucket,
+        operation: "DeleteObject"
+      });
       throw new StateError(
-        `Failed to delete state for stack '${stackName}' (${region}): ${error instanceof Error ? error.message : String(error)}`,
-        error instanceof Error ? error : void 0
+        `Failed to delete state for stack '${stackName}' (${region}): ${normalized.message}`,
+        normalized
       );
     }
   }
@@ -2909,6 +3052,7 @@ var S3StateBackend = class {
    * shows up exactly once.
    */
   async listStacks() {
+    await this.ensureClientForBucket();
     try {
       this.logger.debug("Listing all stacks");
       const prefix = `${this.config.prefix}/`;
@@ -2959,10 +3103,11 @@ var S3StateBackend = class {
       this.logger.debug(`Found ${refs.length} stack(s) across regions`);
       return refs;
     } catch (error) {
-      throw new StateError(
-        `Failed to list stacks: ${error instanceof Error ? error.message : String(error)}`,
-        error instanceof Error ? error : void 0
-      );
+      const normalized = normalizeAwsError(error, {
+        bucket: this.config.bucket,
+        operation: "ListObjectsV2"
+      });
+      throw new StateError(`Failed to list stacks: ${normalized.message}`, normalized);
     }
   }
   /**
@@ -6260,7 +6405,7 @@ Error: ${err.message || "Unknown error"}`,
 import { InvokeCommand } from "@aws-sdk/client-lambda";
 import { PublishCommand } from "@aws-sdk/client-sns";
 import {
-  S3Client as S3Client5,
+  S3Client as S3Client6,
   PutObjectCommand as PutObjectCommand4,
   GetObjectCommand as GetObjectCommand3,
   DeleteObjectCommand as DeleteObjectCommand3
@@ -6329,7 +6474,7 @@ var CustomResourceProvider = class _CustomResourceProvider {
   setResponseBucket(bucket, bucketRegion) {
     this.responseBucket = bucket;
     if (bucketRegion) {
-      this.s3Client = new S3Client5(bucketRegion ? { region: bucketRegion } : {});
+      this.s3Client = new S3Client6(bucketRegion ? { region: bucketRegion } : {});
     }
   }
   /**
@@ -8844,11 +8989,14 @@ export {
   SynthesisError,
   Synthesizer,
   TemplateParser,
+  clearBucketRegionCache,
   formatError,
   getAwsClients,
   getLogger,
   isCdkdError,
+  normalizeAwsError,
   resetAwsClients,
+  resolveBucketRegion,
   setAwsClients,
   setLogger
 };