@go-to-k/cdkd 0.94.1 → 0.94.3

package/dist/cli.js

@@ -17838,6 +17838,14 @@ var PATTERN_B_RESOURCE_TYPES = [
   "AWS::ElasticLoadBalancingV2::LoadBalancer",
   "AWS::ElasticLoadBalancingV2::TargetGroup"
 ];
+var PATTERN_B_NAME_PROPERTIES = {
+  "AWS::IAM::Role": "RoleName",
+  "AWS::IAM::User": "UserName",
+  "AWS::IAM::Group": "GroupName",
+  "AWS::IAM::InstanceProfile": "InstanceProfileName",
+  "AWS::ElasticLoadBalancingV2::LoadBalancer": "Name",
+  "AWS::ElasticLoadBalancingV2::TargetGroup": "Name"
+};
 function generateResourceName(name, options) {
   const {
     maxLength,
@@ -65532,6 +65540,12 @@ function findPendingPrefixRenames(stackName, state) {
       continue;
     if (!resource.physicalId.startsWith(prefix))
       continue;
+    const nameProperty = PATTERN_B_NAME_PROPERTIES[resource.resourceType];
+    if (!nameProperty)
+      continue;
+    const userSuppliedName = resource.properties?.[nameProperty];
+    if (typeof userSuppliedName !== "string" || userSuppliedName === "")
+      continue;
     const newPhysicalId = resource.physicalId.slice(prefix.length);
     if (newPhysicalId.length === 0)
       continue;
@@ -80130,6 +80144,29 @@ function readStringProperty(properties, key, resourceType) {
   }
   return v;
 }
+var IMPORT_UNSUPPORTED_RECREATABLE_TYPES = /* @__PURE__ */ new Set([
+  "AWS::ApiGatewayV2::Stage"
+]);
+var PRE_DELETE_HANDLERS = {
+  "AWS::ApiGatewayV2::Stage": async (entry) => {
+    const { ApiGatewayV2Client: ApiGatewayV2Client2, DeleteStageCommand: DeleteStageCommand3, NotFoundException: NotFoundException7 } = await import("@aws-sdk/client-apigatewayv2");
+    const apiId = entry.properties["ApiId"];
+    if (typeof apiId !== "string" || !apiId) {
+      throw new Error(
+        `cdkd state's properties for ${entry.logicalId} (${entry.resourceType}) is missing 'ApiId'`
+      );
+    }
+    const client = new ApiGatewayV2Client2({});
+    try {
+      await client.send(new DeleteStageCommand3({ ApiId: apiId, StageName: entry.physicalId }));
+    } catch (err) {
+      if (err instanceof NotFoundException7) {
+        return;
+      }
+      throw err;
+    }
+  }
+};
 async function exportCommand(stackArg, options) {
   const logger = getLogger();
   if (options.verbose) {
@@ -80243,10 +80280,13 @@ async function exportCommand(stackArg, options) {
       }
     }
     try {
-      const { phase1Imports, phase2Creates, blocked } = await buildImportPlan(
+      const { phase1Imports, phase2Creates, recreateBeforePhase2, blocked } = await buildImportPlan(
         state,
         template,
-        awsClients.cloudFormation
+        awsClients.cloudFormation,
+        {
+          recreateImportUnsupported: options.recreateImportUnsupported
+        }
       );
       if (blocked.length > 0) {
         logger.error("The following resources block migration:");
@@ -80266,7 +80306,7 @@ async function exportCommand(stackArg, options) {
           `${phase2Creates.length} non-importable resource(s) detected (Custom::*). Pass --include-non-importable to run a 2-phase migration: phase 1 imports the importable resources; phase 2 CFn-CREATEs the non-importable ones (re-invoking each Custom Resource's backing Lambda onCreate handler \u2014 make sure those are idempotent). Or destroy these resources first.`
         );
       }
-      if (phase1Imports.length === 0 && phase2Creates.length === 0) {
+      if (phase1Imports.length === 0 && phase2Creates.length === 0 && recreateBeforePhase2.length === 0) {
         logger.warn("No resources to migrate \u2014 cdkd state is empty.");
         return;
       }
@@ -80283,14 +80323,28 @@ async function exportCommand(stackArg, options) {
         }
         logger.info("");
       }
+      if (recreateBeforePhase2.length > 0) {
+        logger.info(
+          `Phase 2 will also re-CREATE ${recreateBeforePhase2.length} IMPORT-unsupported resource(s) after cdkd deletes the AWS-side resource:`
+        );
+        for (const r of recreateBeforePhase2) {
+          logger.info(`  ${r.logicalId} (${r.resourceType}) \u2014 physicalId: ${r.physicalId}`);
+        }
+        logger.info(
+          "  Brief unavailability window (~10s for Stage; HttpApi endpoint URL is unchanged because it embeds ApiId, not StageName). Pass --no-recreate-import-unsupported to block instead."
+        );
+        logger.info("");
+      }
       if (options.dryRun) {
         logger.info("--dry-run: no CloudFormation changeset will be created.");
         return;
       }
       if (!options.yes) {
         const phase2Note = phase2Creates.length > 0 ? ` Phase 2 will then CREATE ${phase2Creates.length} non-importable resource(s) (invoking each Custom Resource's onCreate handler).` : "";
+        const recreateNote = recreateBeforePhase2.length > 0 ? ` cdkd will also DELETE ${recreateBeforePhase2.length} AWS resource(s) between phases so CFn can re-CREATE them in phase 2 (brief unavailability window \u2014 see plan above for the affected resources).` : "";
+        const unchangedClaim = recreateBeforePhase2.length > 0 ? ` All other AWS resources are unchanged on import.` : ` AWS resources are unchanged on import.`;
         const ok = await confirmPrompt6(
-          `Create CloudFormation stack '${cfnStackName}' by importing ${phase1Imports.length} resource(s) from cdkd state '${resolvedStackName}' (${targetRegion})?` + phase2Note + ` AWS resources are unchanged on import. cdkd state for '${resolvedStackName}' will be deleted on success.`
+          `Create CloudFormation stack '${cfnStackName}' by importing ${phase1Imports.length} resource(s) from cdkd state '${resolvedStackName}' (${targetRegion})?` + phase2Note + recreateNote + unchangedClaim + ` cdkd state for '${resolvedStackName}' will be deleted on success.`
         );
         if (!ok) {
           logger.info("Migration cancelled. cdkd state and CloudFormation are unchanged.");
@@ -80344,7 +80398,42 @@ async function exportCommand(stackArg, options) {
       logger.info(
         `\u2713 Phase 1: CloudFormation stack '${cfnStackName}' created via IMPORT. ${phase1Imports.length} resource(s) imported.`
       );
-      if (phase2Creates.length > 0) {
+      if (recreateBeforePhase2.length > 0) {
+        for (const entry of recreateBeforePhase2) {
+          const handler = PRE_DELETE_HANDLERS[entry.resourceType];
+          if (!handler) {
+            throw new Error(
+              `No pre-delete handler registered for ${entry.resourceType} (${entry.logicalId}). This is a cdkd bug \u2014 the resource is in IMPORT_UNSUPPORTED_RECREATABLE_TYPES but lacks a PRE_DELETE_HANDLERS entry. Phase 1 IMPORT already succeeded; cdkd state is intact. To recover, delete the AWS resource manually and run the phase 2 UPDATE.`
+            );
+          }
+          logger.info(
+            `Pre-deleting AWS resource for ${entry.logicalId} (${entry.resourceType}) so CFn can re-CREATE in phase 2...`
+          );
+          try {
+            await handler(entry);
+            logger.info(`  \u2713 deleted ${entry.physicalId}`);
+          } catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(
+              `Phase 1 (IMPORT) succeeded; pre-delete of ${entry.logicalId} (${entry.resourceType}, physicalId: ${entry.physicalId}) failed: ${msg}
+
+The CloudFormation stack '${cfnStackName}' contains the phase-1 imports but the IMPORT-unsupported resources (${recreateBeforePhase2.length} total) still exist in AWS unmanaged. cdkd state is UNCHANGED. Re-running \`cdkd export\` does NOT work \u2014 the existing-stack check rejects it. To recover manually:
+  1. Fix the failure cause (typically IAM permissions for the underlying      AWS API \u2014 e.g. apigatewayv2:DeleteStage for AWS::ApiGatewayV2::Stage).
+  2. Delete the remaining AWS-side IMPORT-unsupported resources by hand:
+       aws apigatewayv2 delete-stage --api-id <ApiId> --stage-name <StageName>
+     (one per entry in the pre-delete list logged above).
+  3. Run the phase-2 UPDATE manually with the full synth template:
+       aws cloudformation create-change-set --stack-name ${cfnStackName} \\
+         --change-set-name cdkd-phase2-retry --change-set-type UPDATE \\
+         --template-body file://<full-template.json>
+  4. Once phase 2 succeeds, run: cdkd state orphan ${resolvedStackName}
+     to clean up cdkd's stale state record.`
+            );
+          }
+        }
+      }
+      const phase2Count = phase2Creates.length + recreateBeforePhase2.length;
+      if (phase2Count > 0) {
         try {
           await executeUpdateChangeSet(
             awsClients.cloudFormation,
@@ -80352,14 +80441,23 @@ async function exportCommand(stackArg, options) {
             template,
             cfnParameters
           );
-          logger.info(`\u2713 Phase 2: ${phase2Creates.length} non-importable resource(s) CREATEd.`);
+          const parts = [];
+          if (phase2Creates.length > 0) {
+            parts.push(`${phase2Creates.length} non-importable resource(s) CREATEd`);
+          }
+          if (recreateBeforePhase2.length > 0) {
+            parts.push(`${recreateBeforePhase2.length} IMPORT-unsupported resource(s) re-CREATEd`);
+          }
+          logger.info(`\u2713 Phase 2: ${parts.join("; ")}.`);
         } catch (err) {
           const msg = err instanceof Error ? err.message : String(err);
+          const recreateNote = recreateBeforePhase2.length > 0 ? `  - cdkd deleted ${recreateBeforePhase2.length} AWS resource(s) before phase 2 (Stage etc.). They are gone in AWS but absent from the CFn stack. Running phase 2 UPDATE manually will CFn-CREATE them fresh.
+` : "";
           throw new Error(
             `Phase 1 (IMPORT) succeeded; phase 2 (UPDATE) failed: ${msg}
 
-The CloudFormation stack '${cfnStackName}' now contains the imported resources but is missing the ${phase2Creates.length} non-importable resource(s). cdkd state is UNCHANGED so you can inspect what's in it, but DO NOT run \`cdkd deploy\` against this stack (the imported resources are now CFn-managed). To recover:
-  1. Fix the failure cause (typically an onCreate Lambda error).
+The CloudFormation stack '${cfnStackName}' now contains the imported resources but is missing ${phase2Count} resource(s) (${phase2Creates.length} Custom Resource(s) + ${recreateBeforePhase2.length} IMPORT-unsupported). cdkd state is UNCHANGED so you can inspect what's in it, but DO NOT run \`cdkd deploy\` against this stack (the imported resources are now CFn-managed). To recover:
+` + recreateNote + `  1. Fix the failure cause (typically an onCreate Lambda error).
   2. Re-run the phase 2 UPDATE manually with the full synth template:
        aws cloudformation create-change-set --stack-name ${cfnStackName} \\
          --change-set-name cdkd-phase2-retry --change-set-type UPDATE \\
@@ -80467,13 +80565,14 @@ async function assertCfnStackAbsent(cfnClient, stackName) {
 function isPhase2CreatableType(resourceType) {
   return isCustomResourceType(resourceType);
 }
-async function buildImportPlan(state, template, cfnClient) {
+async function buildImportPlan(state, template, cfnClient, options = { recreateImportUnsupported: true }) {
   const templateResources = template["Resources"];
   if (!templateResources || typeof templateResources !== "object" || Array.isArray(templateResources)) {
     throw new Error("Template has no Resources section.");
   }
   const phase1Imports = [];
   const phase2Creates = [];
+  const recreateBeforePhase2 = [];
   const blocked = [];
   const identifierCache = /* @__PURE__ */ new Map();
   for (const [logicalId, raw] of Object.entries(templateResources)) {
@@ -80507,6 +80606,23 @@ async function buildImportPlan(state, template, cfnClient) {
       });
       continue;
     }
+    if (IMPORT_UNSUPPORTED_RECREATABLE_TYPES.has(resourceType)) {
+      if (options.recreateImportUnsupported) {
+        recreateBeforePhase2.push({
+          logicalId,
+          resourceType,
+          physicalId: stateEntry.physicalId,
+          properties: stateEntry.properties ?? {}
+        });
+      } else {
+        blocked.push({
+          logicalId,
+          resourceType,
+          reason: `AWS CloudFormation does not support ${resourceType} in IMPORT changesets (${resourceType} has no IMPORT handler). Re-run without --no-recreate-import-unsupported to let cdkd delete the AWS-side resource before phase 2 (CFn will then CREATE it fresh; brief unavailability window).`
+        });
+      }
+      continue;
+    }
     let resolved;
     try {
       resolved = await resolveResourceIdentifier(
@@ -80532,7 +80648,7 @@ async function buildImportPlan(state, template, cfnClient) {
       propertiesOverlay: resolved.propertiesOverlay ?? resolved.resourceIdentifier
     });
   }
-  return { phase1Imports, phase2Creates, blocked };
+  return { phase1Imports, phase2Creates, recreateBeforePhase2, blocked };
 }
 async function resolveResourceIdentifier(resourceType, physicalId, properties, cfnClient, cache2) {
   let entry = cache2.get(resourceType);
@@ -81019,6 +81135,9 @@ function createExportCommand() {
     "--strict-cross-stack",
     "Refuse to export when sibling cdkd stacks in the same CDK app reference the exporting stack via Fn::GetStackOutput. Without the flag, cdkd warns but proceeds \u2014 the user is expected to migrate the consumer stacks in a follow-up.",
     false
+  ).option(
+    "--no-recreate-import-unsupported",
+    "Block instead of auto-handling resource types AWS does NOT support in IMPORT changesets (currently only AWS::ApiGatewayV2::Stage, emitted by CDK HttpApi). Default behavior: cdkd skips these from phase 1, deletes the AWS-side resource between phases, and lets CFn re-CREATE in phase 2 (brief unavailability window). With this flag, the export aborts with a clear error instead."
   ).action(withErrorHandling(exportCommand));
   [...commonOptions, ...appOptions, ...stateOptions, ...contextOptions].forEach(
     (opt) => cmd.addOption(opt)
@@ -81057,7 +81176,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command18();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.94.1");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.94.3");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createListCommand());