cdk-turso 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/AGENTS.md CHANGED
@@ -32,10 +32,13 @@ Most config files are **generated by projen** and must NOT be edited directly. T
32
32
  ```
33
33
  src/
34
34
  index.ts # Barrel exports — all public symbols re-exported here
35
- turso-database.ts # Main CDK construct
36
- handler/index.ts # Lambda handler for CloudFormation custom resource (bundled via esbuild)
35
+ turso-database.ts # Main CDK construct for Turso databases
36
+ turso-auth-token.ts # Auth token generation construct
37
+ turso-provider.ts # Shared CloudFormation custom resource provider
38
+ handler/index.ts # Lambda handler for custom resources (bundled via esbuild)
37
39
  test/
38
40
  turso-database.test.ts # Construct unit tests (CDK assertions)
41
+ turso-auth-token.test.ts # Auth token construct tests
39
42
  handler.test.ts # Handler unit tests (Jest mocks)
40
43
  lib/ # Compiled output (generated, gitignored)
41
44
  dist/ # Distribution packages (generated, gitignored)
@@ -109,13 +112,13 @@ Biome is the sole linter and formatter. ESLint is disabled.
109
112
  - Extend `Construct` from `constructs`, not from `aws-cdk-lib`
110
113
  - Constructor signature: `constructor(scope: Construct, id: string, props: XxxProps)`
111
114
  - Call `super(scope, id)` first
112
- - Validate inputs in constructor with `throw new Error(...)` for bad values
115
+ - Validate inputs in constructor with `throw new Error(...)` for bad values (regex checks, length limits)
113
116
  - Custom resource pattern: Lambda Function → Provider → CustomResource
114
117
  - Expose outputs as `public readonly` properties via `cr.getAttString("AttrName")`
115
118
 
116
119
  ## Error Handling
117
120
 
118
- - **Constructor validation**: throw `new Error(...)` with clear messages for invalid props (regex checks, length limits)
121
+ - **Constructor validation**: throw `new Error(...)` with clear messages for invalid props
119
122
  - **Handler errors**: include HTTP status and response text: `throw new Error(\`Failed to create: ${response.status} ${errorText}\`)`
120
123
  - **Environment checks**: throw early if required env vars are missing
121
124
  - **Idempotent deletes**: tolerate 404 on delete operations
package/API.md CHANGED
@@ -62,7 +62,7 @@ Returns a string representation of this construct.
62
62
 
63
63
  ---
64
64
 
65
- ##### ~~`isConstruct`~~ <a name="isConstruct" id="cdk-turso.TursoAuthToken.isConstruct"></a>
65
+ ##### `isConstruct` <a name="isConstruct" id="cdk-turso.TursoAuthToken.isConstruct"></a>
66
66
 
67
67
  ```typescript
68
68
  import { TursoAuthToken } from 'cdk-turso'
@@ -72,6 +72,20 @@ TursoAuthToken.isConstruct(x: any)
72
72
 
73
73
  Checks if `x` is a construct.
74
74
 
75
+ Use this method instead of `instanceof` to properly detect `Construct`
76
+ instances, even when the construct library is symlinked.
77
+
78
+ Explanation: in JavaScript, multiple copies of the `constructs` library on
79
+ disk are seen as independent, completely different libraries. As a
80
+ consequence, the class `Construct` in each copy of the `constructs` library
81
+ is seen as a different class, and an instance of one class will not test as
82
+ `instanceof` the other class. `npm install` will not create installations
83
+ like this, but users may manually symlink construct libraries together or
84
+ use a monorepo tool: in those cases, multiple copies of the `constructs`
85
+ library can be accidentally installed, and `instanceof` will behave
86
+ unpredictably. It is safest to avoid using `instanceof`, and using
87
+ this type-testing method instead.
88
+
75
89
  ###### `x`<sup>Required</sup> <a name="x" id="cdk-turso.TursoAuthToken.isConstruct.parameter.x"></a>
76
90
 
77
91
  - *Type:* any
@@ -174,7 +188,7 @@ Returns a string representation of this construct.
174
188
 
175
189
  ---
176
190
 
177
- ##### ~~`isConstruct`~~ <a name="isConstruct" id="cdk-turso.TursoDatabase.isConstruct"></a>
191
+ ##### `isConstruct` <a name="isConstruct" id="cdk-turso.TursoDatabase.isConstruct"></a>
178
192
 
179
193
  ```typescript
180
194
  import { TursoDatabase } from 'cdk-turso'
@@ -184,6 +198,20 @@ TursoDatabase.isConstruct(x: any)
184
198
 
185
199
  Checks if `x` is a construct.
186
200
 
201
+ Use this method instead of `instanceof` to properly detect `Construct`
202
+ instances, even when the construct library is symlinked.
203
+
204
+ Explanation: in JavaScript, multiple copies of the `constructs` library on
205
+ disk are seen as independent, completely different libraries. As a
206
+ consequence, the class `Construct` in each copy of the `constructs` library
207
+ is seen as a different class, and an instance of one class will not test as
208
+ `instanceof` the other class. `npm install` will not create installations
209
+ like this, but users may manually symlink construct libraries together or
210
+ use a monorepo tool: in those cases, multiple copies of the `constructs`
211
+ library can be accidentally installed, and `instanceof` will behave
212
+ unpredictably. It is safest to avoid using `instanceof`, and using
213
+ this type-testing method instead.
214
+
187
215
  ###### `x`<sup>Required</sup> <a name="x" id="cdk-turso.TursoDatabase.isConstruct.parameter.x"></a>
188
216
 
189
217
  - *Type:* any
@@ -197,11 +225,9 @@ Any object.
197
225
  | **Name** | **Type** | **Description** |
198
226
  | --- | --- | --- |
199
227
  | <code><a href="#cdk-turso.TursoDatabase.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
200
- | <code><a href="#cdk-turso.TursoDatabase.property.apiToken">apiToken</a></code> | <code>aws-cdk-lib.aws_ssm.IParameter</code> | *No description.* |
201
228
  | <code><a href="#cdk-turso.TursoDatabase.property.databaseName">databaseName</a></code> | <code>string</code> | *No description.* |
202
229
  | <code><a href="#cdk-turso.TursoDatabase.property.dbId">dbId</a></code> | <code>string</code> | *No description.* |
203
230
  | <code><a href="#cdk-turso.TursoDatabase.property.hostname">hostname</a></code> | <code>string</code> | DNS hostname for the database (e.g., `my-db-my-org.turso.io`). Use with libSQL or HTTP connections. |
204
- | <code><a href="#cdk-turso.TursoDatabase.property.organizationSlug">organizationSlug</a></code> | <code>string</code> | *No description.* |
205
231
 
206
232
  ---
207
233
 
@@ -217,16 +243,6 @@ The tree node.
217
243
 
218
244
  ---
219
245
 
220
- ##### `apiToken`<sup>Required</sup> <a name="apiToken" id="cdk-turso.TursoDatabase.property.apiToken"></a>
221
-
222
- ```typescript
223
- public readonly apiToken: IParameter;
224
- ```
225
-
226
- - *Type:* aws-cdk-lib.aws_ssm.IParameter
227
-
228
- ---
229
-
230
246
  ##### `databaseName`<sup>Required</sup> <a name="databaseName" id="cdk-turso.TursoDatabase.property.databaseName"></a>
231
247
 
232
248
  ```typescript
@@ -259,14 +275,151 @@ DNS hostname for the database (e.g., `my-db-my-org.turso.io`). Use with libSQL o
259
275
 
260
276
  ---
261
277
 
262
- ##### `organizationSlug`<sup>Required</sup> <a name="organizationSlug" id="cdk-turso.TursoDatabase.property.organizationSlug"></a>
278
+
279
+ ### TursoProvider <a name="TursoProvider" id="cdk-turso.TursoProvider"></a>
280
+
281
+ Shared Lambda + CloudFormation custom-resource provider for all Turso resources.
282
+
283
+ Create one per stack and pass it to every
284
+ `TursoDatabase`, `TursoAuthToken`, etc.
285
+
286
+ #### Initializers <a name="Initializers" id="cdk-turso.TursoProvider.Initializer"></a>
263
287
 
264
288
  ```typescript
265
- public readonly organizationSlug: string;
289
+ import { TursoProvider } from 'cdk-turso'
290
+
291
+ new TursoProvider(scope: Construct, id: string, props: TursoProviderProps)
292
+ ```
293
+
294
+ | **Name** | **Type** | **Description** |
295
+ | --- | --- | --- |
296
+ | <code><a href="#cdk-turso.TursoProvider.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
297
+ | <code><a href="#cdk-turso.TursoProvider.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
298
+ | <code><a href="#cdk-turso.TursoProvider.Initializer.parameter.props">props</a></code> | <code><a href="#cdk-turso.TursoProviderProps">TursoProviderProps</a></code> | *No description.* |
299
+
300
+ ---
301
+
302
+ ##### `scope`<sup>Required</sup> <a name="scope" id="cdk-turso.TursoProvider.Initializer.parameter.scope"></a>
303
+
304
+ - *Type:* constructs.Construct
305
+
306
+ ---
307
+
308
+ ##### `id`<sup>Required</sup> <a name="id" id="cdk-turso.TursoProvider.Initializer.parameter.id"></a>
309
+
310
+ - *Type:* string
311
+
312
+ ---
313
+
314
+ ##### `props`<sup>Required</sup> <a name="props" id="cdk-turso.TursoProvider.Initializer.parameter.props"></a>
315
+
316
+ - *Type:* <a href="#cdk-turso.TursoProviderProps">TursoProviderProps</a>
317
+
318
+ ---
319
+
320
+ #### Methods <a name="Methods" id="Methods"></a>
321
+
322
+ | **Name** | **Description** |
323
+ | --- | --- |
324
+ | <code><a href="#cdk-turso.TursoProvider.toString">toString</a></code> | Returns a string representation of this construct. |
325
+
326
+ ---
327
+
328
+ ##### `toString` <a name="toString" id="cdk-turso.TursoProvider.toString"></a>
329
+
330
+ ```typescript
331
+ public toString(): string
332
+ ```
333
+
334
+ Returns a string representation of this construct.
335
+
336
+ #### Static Functions <a name="Static Functions" id="Static Functions"></a>
337
+
338
+ | **Name** | **Description** |
339
+ | --- | --- |
340
+ | <code><a href="#cdk-turso.TursoProvider.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
341
+
342
+ ---
343
+
344
+ ##### `isConstruct` <a name="isConstruct" id="cdk-turso.TursoProvider.isConstruct"></a>
345
+
346
+ ```typescript
347
+ import { TursoProvider } from 'cdk-turso'
348
+
349
+ TursoProvider.isConstruct(x: any)
350
+ ```
351
+
352
+ Checks if `x` is a construct.
353
+
354
+ Use this method instead of `instanceof` to properly detect `Construct`
355
+ instances, even when the construct library is symlinked.
356
+
357
+ Explanation: in JavaScript, multiple copies of the `constructs` library on
358
+ disk are seen as independent, completely different libraries. As a
359
+ consequence, the class `Construct` in each copy of the `constructs` library
360
+ is seen as a different class, and an instance of one class will not test as
361
+ `instanceof` the other class. `npm install` will not create installations
362
+ like this, but users may manually symlink construct libraries together or
363
+ use a monorepo tool: in those cases, multiple copies of the `constructs`
364
+ library can be accidentally installed, and `instanceof` will behave
365
+ unpredictably. It is safest to avoid using `instanceof`, and using
366
+ this type-testing method instead.
367
+
368
+ ###### `x`<sup>Required</sup> <a name="x" id="cdk-turso.TursoProvider.isConstruct.parameter.x"></a>
369
+
370
+ - *Type:* any
371
+
372
+ Any object.
373
+
374
+ ---
375
+
376
+ #### Properties <a name="Properties" id="Properties"></a>
377
+
378
+ | **Name** | **Type** | **Description** |
379
+ | --- | --- | --- |
380
+ | <code><a href="#cdk-turso.TursoProvider.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
381
+ | <code><a href="#cdk-turso.TursoProvider.property.handler">handler</a></code> | <code>aws-cdk-lib.aws_lambda.Function</code> | The Lambda function backing all Turso custom resources. |
382
+ | <code><a href="#cdk-turso.TursoProvider.property.serviceToken">serviceToken</a></code> | <code>string</code> | The CDK custom-resource provider service token. |
383
+
384
+ ---
385
+
386
+ ##### `node`<sup>Required</sup> <a name="node" id="cdk-turso.TursoProvider.property.node"></a>
387
+
388
+ ```typescript
389
+ public readonly node: Node;
390
+ ```
391
+
392
+ - *Type:* constructs.Node
393
+
394
+ The tree node.
395
+
396
+ ---
397
+
398
+ ##### `handler`<sup>Required</sup> <a name="handler" id="cdk-turso.TursoProvider.property.handler"></a>
399
+
400
+ ```typescript
401
+ public readonly handler: Function;
402
+ ```
403
+
404
+ - *Type:* aws-cdk-lib.aws_lambda.Function
405
+
406
+ The Lambda function backing all Turso custom resources.
407
+
408
+ Use this to attach additional IAM permissions when a resource
409
+ type needs them (e.g. `ssm:PutParameter` for auth-token storage).
410
+
411
+ ---
412
+
413
+ ##### `serviceToken`<sup>Required</sup> <a name="serviceToken" id="cdk-turso.TursoProvider.property.serviceToken"></a>
414
+
415
+ ```typescript
416
+ public readonly serviceToken: string;
266
417
  ```
267
418
 
268
419
  - *Type:* string
269
420
 
421
+ The CDK custom-resource provider service token.
422
+
270
423
  ---
271
424
 
272
425
 
@@ -286,22 +439,36 @@ const tursoAuthTokenProps: TursoAuthTokenProps = { ... }
286
439
 
287
440
  | **Name** | **Type** | **Description** |
288
441
  | --- | --- | --- |
289
- | <code><a href="#cdk-turso.TursoAuthTokenProps.property.database">database</a></code> | <code><a href="#cdk-turso.TursoDatabase">TursoDatabase</a></code> | The Turso database to create an auth token for. |
442
+ | <code><a href="#cdk-turso.TursoAuthTokenProps.property.databaseName">databaseName</a></code> | <code>string</code> | The name of the Turso database to create an auth token for. |
443
+ | <code><a href="#cdk-turso.TursoAuthTokenProps.property.organizationSlug">organizationSlug</a></code> | <code>string</code> | The Turso organization slug that owns the database. |
290
444
  | <code><a href="#cdk-turso.TursoAuthTokenProps.property.parameterName">parameterName</a></code> | <code>string</code> | The SSM parameter name where the generated JWT will be stored as a SecureString. |
445
+ | <code><a href="#cdk-turso.TursoAuthTokenProps.property.provider">provider</a></code> | <code><a href="#cdk-turso.TursoProvider">TursoProvider</a></code> | *No description.* |
291
446
  | <code><a href="#cdk-turso.TursoAuthTokenProps.property.authorization">authorization</a></code> | <code>string</code> | Authorization level for the token. |
292
447
  | <code><a href="#cdk-turso.TursoAuthTokenProps.property.expiration">expiration</a></code> | <code>string</code> | Expiration time for the token (e.g., `"2w"`, `"1d30m"`). |
293
448
 
294
449
  ---
295
450
 
296
- ##### `database`<sup>Required</sup> <a name="database" id="cdk-turso.TursoAuthTokenProps.property.database"></a>
451
+ ##### `databaseName`<sup>Required</sup> <a name="databaseName" id="cdk-turso.TursoAuthTokenProps.property.databaseName"></a>
452
+
453
+ ```typescript
454
+ public readonly databaseName: string;
455
+ ```
456
+
457
+ - *Type:* string
458
+
459
+ The name of the Turso database to create an auth token for.
460
+
461
+ ---
462
+
463
+ ##### `organizationSlug`<sup>Required</sup> <a name="organizationSlug" id="cdk-turso.TursoAuthTokenProps.property.organizationSlug"></a>
297
464
 
298
465
  ```typescript
299
- public readonly database: TursoDatabase;
466
+ public readonly organizationSlug: string;
300
467
  ```
301
468
 
302
- - *Type:* <a href="#cdk-turso.TursoDatabase">TursoDatabase</a>
469
+ - *Type:* string
303
470
 
304
- The Turso database to create an auth token for.
471
+ The Turso organization slug that owns the database.
305
472
 
306
473
  ---
307
474
 
@@ -317,6 +484,16 @@ The SSM parameter name where the generated JWT will be stored as a SecureString.
317
484
 
318
485
  ---
319
486
 
487
+ ##### `provider`<sup>Required</sup> <a name="provider" id="cdk-turso.TursoAuthTokenProps.property.provider"></a>
488
+
489
+ ```typescript
490
+ public readonly provider: TursoProvider;
491
+ ```
492
+
493
+ - *Type:* <a href="#cdk-turso.TursoProvider">TursoProvider</a>
494
+
495
+ ---
496
+
320
497
  ##### `authorization`<sup>Optional</sup> <a name="authorization" id="cdk-turso.TursoAuthTokenProps.property.authorization"></a>
321
498
 
322
499
  ```typescript
@@ -396,26 +573,16 @@ const tursoDatabaseProps: TursoDatabaseProps = { ... }
396
573
 
397
574
  | **Name** | **Type** | **Description** |
398
575
  | --- | --- | --- |
399
- | <code><a href="#cdk-turso.TursoDatabaseProps.property.apiToken">apiToken</a></code> | <code>aws-cdk-lib.aws_ssm.IParameter</code> | *No description.* |
400
576
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.databaseName">databaseName</a></code> | <code>string</code> | *No description.* |
401
577
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.group">group</a></code> | <code>string</code> | *No description.* |
402
578
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.organizationSlug">organizationSlug</a></code> | <code>string</code> | *No description.* |
579
+ | <code><a href="#cdk-turso.TursoDatabaseProps.property.provider">provider</a></code> | <code><a href="#cdk-turso.TursoProvider">TursoProvider</a></code> | *No description.* |
403
580
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.encryption">encryption</a></code> | <code><a href="#cdk-turso.TursoDatabaseEncryption">TursoDatabaseEncryption</a></code> | *No description.* |
404
581
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.seed">seed</a></code> | <code><a href="#cdk-turso.TursoDatabaseSeed">TursoDatabaseSeed</a></code> | *No description.* |
405
582
  | <code><a href="#cdk-turso.TursoDatabaseProps.property.sizeLimit">sizeLimit</a></code> | <code>string</code> | *No description.* |
406
583
 
407
584
  ---
408
585
 
409
- ##### `apiToken`<sup>Required</sup> <a name="apiToken" id="cdk-turso.TursoDatabaseProps.property.apiToken"></a>
410
-
411
- ```typescript
412
- public readonly apiToken: IParameter;
413
- ```
414
-
415
- - *Type:* aws-cdk-lib.aws_ssm.IParameter
416
-
417
- ---
418
-
419
586
  ##### `databaseName`<sup>Required</sup> <a name="databaseName" id="cdk-turso.TursoDatabaseProps.property.databaseName"></a>
420
587
 
421
588
  ```typescript
@@ -446,6 +613,16 @@ public readonly organizationSlug: string;
446
613
 
447
614
  ---
448
615
 
616
+ ##### `provider`<sup>Required</sup> <a name="provider" id="cdk-turso.TursoDatabaseProps.property.provider"></a>
617
+
618
+ ```typescript
619
+ public readonly provider: TursoProvider;
620
+ ```
621
+
622
+ - *Type:* <a href="#cdk-turso.TursoProvider">TursoProvider</a>
623
+
624
+ ---
625
+
449
626
  ##### `encryption`<sup>Optional</sup> <a name="encryption" id="cdk-turso.TursoDatabaseProps.property.encryption"></a>
450
627
 
451
628
  ```typescript
@@ -526,5 +703,50 @@ public readonly timestamp: string;
526
703
 
527
704
  ---
528
705
 
706
+ ### TursoProviderProps <a name="TursoProviderProps" id="cdk-turso.TursoProviderProps"></a>
707
+
708
+ #### Initializer <a name="Initializer" id="cdk-turso.TursoProviderProps.Initializer"></a>
709
+
710
+ ```typescript
711
+ import { TursoProviderProps } from 'cdk-turso'
712
+
713
+ const tursoProviderProps: TursoProviderProps = { ... }
714
+ ```
715
+
716
+ #### Properties <a name="Properties" id="Properties"></a>
717
+
718
+ | **Name** | **Type** | **Description** |
719
+ | --- | --- | --- |
720
+ | <code><a href="#cdk-turso.TursoProviderProps.property.apiToken">apiToken</a></code> | <code>aws-cdk-lib.aws_ssm.IParameter</code> | SSM parameter that holds the Turso platform API token (stored as SecureString). |
721
+ | <code><a href="#cdk-turso.TursoProviderProps.property.logGroup">logGroup</a></code> | <code>aws-cdk-lib.aws_logs.ILogGroup</code> | Optional log group for the Lambda function. |
722
+
723
+ ---
724
+
725
+ ##### `apiToken`<sup>Required</sup> <a name="apiToken" id="cdk-turso.TursoProviderProps.property.apiToken"></a>
726
+
727
+ ```typescript
728
+ public readonly apiToken: IParameter;
729
+ ```
730
+
731
+ - *Type:* aws-cdk-lib.aws_ssm.IParameter
732
+
733
+ SSM parameter that holds the Turso platform API token (stored as SecureString).
734
+
735
+ ---
736
+
737
+ ##### `logGroup`<sup>Optional</sup> <a name="logGroup" id="cdk-turso.TursoProviderProps.property.logGroup"></a>
738
+
739
+ ```typescript
740
+ public readonly logGroup: ILogGroup;
741
+ ```
742
+
743
+ - *Type:* aws-cdk-lib.aws_logs.ILogGroup
744
+
745
+ Optional log group for the Lambda function.
746
+
747
+ If not provided, a log group will be automatically created.
748
+
749
+ ---
750
+
529
751
 
530
752
 
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # CDK Turso
2
2
 
3
- CDK construct to create a [Turso cloud](https://docs.turso.tech/turso-cloud) database.
3
+ CDK constructs to create [Turso cloud](https://docs.turso.tech/turso-cloud) databases and manage auth tokens.
4
4
 
5
5
  ## Installation
6
6
 
@@ -10,30 +10,38 @@ npm install cdk-turso
10
10
 
11
11
  ## Usage
12
12
 
13
+ First, create a `TursoProvider` with your API token:
14
+
13
15
  ```typescript
14
16
  import { Stack } from 'aws-cdk-lib';
15
17
  import { StringParameter } from 'aws-cdk-lib/aws-ssm';
16
- import { TursoDatabase } from 'cdk-turso';
18
+ import { TursoProvider, TursoDatabase, TursoAuthToken } from 'cdk-turso';
17
19
 
18
20
  const stack = new Stack();
19
21
 
20
- // SSM Parameter containing your Turso API token
22
+ // SSM Parameter containing your Turso API token (must be a SecureString)
21
23
  const apiToken = new StringParameter(stack, 'TursoApiToken', {
22
24
  parameterName: '/turso/api-token',
23
25
  stringValue: 'your-api-token',
26
+ type: ParameterType.SECURE_STRING,
27
+ });
28
+
29
+ // Create the provider (one per stack)
30
+ const provider = new TursoProvider(stack, 'TursoProvider', {
31
+ apiToken,
24
32
  });
25
33
 
26
34
  const database = new TursoDatabase(stack, 'Database', {
35
+ provider,
27
36
  databaseName: 'my-database',
28
37
  group: 'group-name',
29
38
  organizationSlug: 'my-org',
30
- apiToken,
31
39
  });
32
40
 
33
- // Use the database attributes
34
- database.dbId; // Database ID
35
- database.hostname; // Database hostname
36
- database.databaseName; // Database name
41
+ // Access database attributes
42
+ database.dbId; // Database ID
43
+ database.hostname; // Database hostname (e.g., my-database-my-org.turso.io)
44
+ database.databaseName; // Database name
37
45
  ```
38
46
 
39
47
  ### Auth Token
@@ -41,10 +49,10 @@ database.databaseName; // Database name
41
49
  Generate a database auth token and store it as a SecureString in SSM Parameter Store:
42
50
 
43
51
  ```typescript
44
- import { TursoAuthToken } from 'cdk-turso';
45
-
46
52
  const authToken = new TursoAuthToken(stack, 'AuthToken', {
47
- database,
53
+ provider,
54
+ databaseName: database.databaseName,
55
+ organizationSlug: 'my-org',
48
56
  parameterName: '/turso/db-token',
49
57
  expiration: '2w', // optional, default: 'never'
50
58
  authorization: 'read-only', // optional, default: 'full-access'
@@ -56,14 +64,28 @@ authToken.parameterName;
56
64
 
57
65
  ## API
58
66
 
67
+ ### TursoProviderProps
68
+
69
+ | Prop | Type | Required | Description |
70
+ |------|------|----------|-------------|
71
+ | `apiToken` | `ssm.IParameter` | Yes | SSM Parameter containing the Turso platform API token (must be SecureString) |
72
+ | `logGroup` | `ILogGroup` | No | Optional CloudWatch log group for the Lambda handler |
73
+
74
+ ### TursoProvider
75
+
76
+ | Attribute | Type | Description |
77
+ |-----------|------|-------------|
78
+ | `handler` | `Function` | The Lambda function backing all Turso custom resources (for attaching IAM permissions) |
79
+ | `serviceToken` | `string` | The CDK custom-resource provider service token |
80
+
59
81
  ### TursoDatabaseProps
60
82
 
61
83
  | Prop | Type | Required | Description |
62
84
  |------|------|----------|-------------|
85
+ | `provider` | `TursoProvider` | Yes | The Turso provider to use for this database |
63
86
  | `databaseName` | `string` | Yes | Database name (lowercase, numbers, dashes only, max 64 chars) |
64
87
  | `group` | `string` | Yes | Turso group name (must already exist) |
65
88
  | `organizationSlug` | `string` | Yes | Organization slug |
66
- | `apiToken` | `ssm.IParameter` | Yes | SSM Parameter containing the Turso API token |
67
89
  | `sizeLimit` | `string` | No | Size limit (e.g., '256mb') |
68
90
  | `seed` | `TursoDatabaseSeed` | No | Database seed configuration |
69
91
  | `encryption` | `TursoDatabaseEncryption` | No | Encryption configuration |
@@ -92,16 +114,16 @@ interface TursoDatabaseEncryption {
92
114
  | Attribute | Type | Description |
93
115
  |-----------|------|-------------|
94
116
  | `dbId` | `string` | Turso database ID |
95
- | `hostname` | `string` | DNS hostname (e.g., `my-db-my-org.turso.io`) for libSQL/HTTP connections |
117
+ | `hostname` | `string` | DNS hostname (e.g., `my-database-my-org.turso.io`) for libSQL/HTTP connections |
96
118
  | `databaseName` | `string` | Database name |
97
- | `organizationSlug` | `string` | Organization slug |
98
- | `apiToken` | `ssm.IParameter` | SSM Parameter containing the Turso API token |
99
119
 
100
120
  ### TursoAuthTokenProps
101
121
 
102
122
  | Prop | Type | Required | Description |
103
123
  |------|------|----------|-------------|
104
- | `database` | `TursoDatabase` | Yes | The Turso database to create an auth token for |
124
+ | `provider` | `TursoProvider` | Yes | The Turso provider to use for this auth token |
125
+ | `databaseName` | `string` | Yes | The name of the Turso database to create an auth token for |
126
+ | `organizationSlug` | `string` | Yes | The Turso organization slug that owns the database |
105
127
  | `parameterName` | `string` | Yes | SSM parameter name where the generated JWT will be stored as a SecureString |
106
128
  | `expiration` | `string` | No | Token expiry (e.g., `'2w'`, `'1d30m'`). Default: `'never'` |
107
129
  | `authorization` | `string` | No | `'full-access'` or `'read-only'`. Default: `'full-access'` |
@@ -3,31 +3,14 @@ export interface CloudFormationCustomResourceEvent {
3
3
  PhysicalResourceId?: string;
4
4
  ResourceProperties: {
5
5
  ServiceToken: string;
6
- DatabaseName: string;
7
- Group: string;
8
- OrganizationSlug: string;
9
- SizeLimit?: string;
10
- Seed?: {
11
- type: string;
12
- name: string;
13
- timestamp?: string;
14
- };
15
- Encryption?: {
16
- encryptionKey: string;
17
- encryptionCipher: string;
18
- };
6
+ ResourceType: "Database" | "AuthToken";
7
+ [key: string]: unknown;
19
8
  };
20
9
  OldResourceProperties?: {
21
- DatabaseName: string;
22
- Group: string;
23
- OrganizationSlug: string;
10
+ [key: string]: unknown;
24
11
  };
25
12
  }
26
13
  export declare function handler(event: CloudFormationCustomResourceEvent): Promise<{
27
14
  PhysicalResourceId: string;
28
- Data?: {
29
- DbId: string;
30
- Hostname: string;
31
- Name: string;
32
- };
15
+ Data?: Record<string, string>;
33
16
  }>;