@friggframework/devtools 2.0.0--canary.398.a314355.0 → 2.0.0--canary.397.4957a89.0

package/infrastructure/iam-generator.test.js

@@ -1,169 +0,0 @@
-const { generateIAMCloudFormation, getFeatureSummary } = require('./iam-generator');
-
-describe('IAM Generator', () => {
-    describe('getFeatureSummary', () => {
-        it('should detect all features when enabled', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: ['Integration1', 'Integration2'],
-                vpc: { enable: true },
-                encryption: { useDefaultKMSForFieldLevelEncryption: true },
-                ssm: { enable: true },
-                websockets: { enable: true }
-            };
-
-            const summary = getFeatureSummary(appDefinition);
-
-            expect(summary.appName).toBe('test-app');
-            expect(summary.integrationCount).toBe(2);
-            expect(summary.features.core).toBe(true);
-            expect(summary.features.vpc).toBe(true);
-            expect(summary.features.kms).toBe(true);
-            expect(summary.features.ssm).toBe(true);
-            expect(summary.features.websockets).toBe(true);
-        });
-
-        it('should detect minimal features when disabled', () => {
-            const appDefinition = {
-                integrations: []
-            };
-
-            const summary = getFeatureSummary(appDefinition);
-
-            expect(summary.appName).toBe('Unnamed Frigg App');
-            expect(summary.integrationCount).toBe(0);
-            expect(summary.features.core).toBe(true);
-            expect(summary.features.vpc).toBe(false);
-            expect(summary.features.kms).toBe(false);
-            expect(summary.features.ssm).toBe(false);
-            expect(summary.features.websockets).toBe(false);
-        });
-    });
-
-    describe('generateIAMCloudFormation', () => {
-        it('should generate valid CloudFormation YAML', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: [],
-                vpc: { enable: false },
-                encryption: { useDefaultKMSForFieldLevelEncryption: false },
-                ssm: { enable: false },
-                websockets: { enable: false }
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('AWSTemplateFormatVersion');
-            expect(yaml).toContain('FriggDeploymentUser');
-            expect(yaml).toContain('FriggCoreDeploymentPolicy');
-            expect(yaml).toContain('FriggDiscoveryPolicy');
-        });
-
-        it('should include VPC policy when VPC is enabled', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: [],
-                vpc: { enable: true }
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('FriggVPCPolicy');
-            expect(yaml).toContain('CreateVPCPermissions');
-            expect(yaml).toContain('EnableVPCSupport');
-        });
-
-        it('should include KMS policy when encryption is enabled', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: [],
-                encryption: { useDefaultKMSForFieldLevelEncryption: true }
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('FriggKMSPolicy');
-            expect(yaml).toContain('CreateKMSPermissions');
-            expect(yaml).toContain('EnableKMSSupport');
-        });
-
-        it('should include SSM policy when SSM is enabled', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: [],
-                ssm: { enable: true }
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('FriggSSMPolicy');
-            expect(yaml).toContain('CreateSSMPermissions');
-            expect(yaml).toContain('EnableSSMSupport');
-        });
-
-        it('should set correct default parameter values based on features', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: [],
-                vpc: { enable: true },
-                encryption: { useDefaultKMSForFieldLevelEncryption: false },
-                ssm: { enable: true }
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            // Check parameter defaults match the enabled features
-            expect(yaml).toContain('Default: true'); // VPC enabled
-            expect(yaml).toContain('Default: false'); // KMS disabled  
-            // SSM should be true
-        });
-
-        it('should include all core permissions', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: []
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            // Check for core permissions
-            expect(yaml).toContain('cloudformation:CreateStack');
-            expect(yaml).toContain('cloudformation:ListStackResources');
-            expect(yaml).toContain('lambda:CreateFunction');
-            expect(yaml).toContain('iam:CreateRole');
-            expect(yaml).toContain('s3:CreateBucket');
-            expect(yaml).toContain('sqs:CreateQueue');
-            expect(yaml).toContain('sns:CreateTopic');
-            expect(yaml).toContain('logs:CreateLogGroup');
-            expect(yaml).toContain('apigateway:POST');
-            expect(yaml).toContain('lambda:ListVersionsByFunction');
-            expect(yaml).toContain('iam:ListPolicyVersions');
-        });
-
-        it('should include internal-error-queue pattern in SQS resources', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: []
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('internal-error-queue-*');
-        });
-
-        it('should generate outputs section', () => {
-            const appDefinition = {
-                name: 'test-app',
-                integrations: []
-            };
-
-            const yaml = generateIAMCloudFormation(appDefinition);
-
-            expect(yaml).toContain('Outputs:');
-            expect(yaml).toContain('DeploymentUserArn:');
-            expect(yaml).toContain('AccessKeyId:');
-            expect(yaml).toContain('SecretAccessKeyCommand:');
-            expect(yaml).toContain('CredentialsSecretArn:');
-        });
-    });
-});

package/infrastructure/iam-policy-basic.json

@@ -1,196 +0,0 @@
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "AWSDiscoveryPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "sts:GetCallerIdentity",
-        "ec2:DescribeVpcs",
-        "ec2:DescribeSubnets",
-        "ec2:DescribeSecurityGroups",
-        "ec2:DescribeRouteTables",
-        "kms:ListKeys",
-        "kms:DescribeKey"
-      ],
-      "Resource": "*"
-    },
-    {
-      "Sid": "CloudFormationFriggStacks",
-      "Effect": "Allow",
-      "Action": [
-        "cloudformation:CreateStack",
-        "cloudformation:UpdateStack",
-        "cloudformation:DeleteStack",
-        "cloudformation:DescribeStacks",
-        "cloudformation:DescribeStackEvents",
-        "cloudformation:DescribeStackResources",
-        "cloudformation:DescribeStackResource",
-        "cloudformation:ListStackResources",
-        "cloudformation:GetTemplate",
-        "cloudformation:ValidateTemplate",
-        "cloudformation:DescribeChangeSet",
-        "cloudformation:CreateChangeSet",
-        "cloudformation:DeleteChangeSet",
-        "cloudformation:ExecuteChangeSet"
-      ],
-      "Resource": [
-        "arn:aws:cloudformation:*:*:stack/*frigg*/*"
-      ]
-    },
-    {
-      "Sid": "S3DeploymentBucket",
-      "Effect": "Allow",
-      "Action": [
-        "s3:CreateBucket",
-        "s3:PutObject",
-        "s3:GetObject",
-        "s3:DeleteObject",
-        "s3:PutBucketPolicy",
-        "s3:PutBucketVersioning",
-        "s3:PutBucketPublicAccessBlock",
-        "s3:GetBucketLocation",
-        "s3:ListBucket"
-      ],
-      "Resource": [
-        "arn:aws:s3:::*serverless*",
-        "arn:aws:s3:::*serverless*/*"
-      ]
-    },
-    {
-      "Sid": "LambdaFriggFunctions",
-      "Effect": "Allow",
-      "Action": [
-        "lambda:CreateFunction",
-        "lambda:UpdateFunctionCode",
-        "lambda:UpdateFunctionConfiguration",
-        "lambda:DeleteFunction",
-        "lambda:GetFunction",
-        "lambda:ListFunctions",
-        "lambda:PublishVersion",
-        "lambda:CreateAlias",
-        "lambda:UpdateAlias",
-        "lambda:DeleteAlias",
-        "lambda:GetAlias",
-        "lambda:AddPermission",
-        "lambda:RemovePermission",
-        "lambda:GetPolicy",
-        "lambda:PutProvisionedConcurrencyConfig",
-        "lambda:DeleteProvisionedConcurrencyConfig",
-        "lambda:PutConcurrency",
-        "lambda:DeleteConcurrency",
-        "lambda:TagResource",
-        "lambda:UntagResource",
-        "lambda:ListVersionsByFunction"
-      ],
-      "Resource": [
-        "arn:aws:lambda:*:*:function:*frigg*"
-      ]
-    },
-    {
-      "Sid": "IAMRolesForFriggLambda",
-      "Effect": "Allow",
-      "Action": [
-        "iam:CreateRole",
-        "iam:DeleteRole",
-        "iam:GetRole",
-        "iam:PassRole",
-        "iam:PutRolePolicy",
-        "iam:DeleteRolePolicy",
-        "iam:GetRolePolicy",
-        "iam:AttachRolePolicy",
-        "iam:DetachRolePolicy",
-        "iam:TagRole",
-        "iam:UntagRole"
-      ],
-      "Resource": [
-        "arn:aws:iam::*:role/*frigg*",
-        "arn:aws:iam::*:role/*frigg*LambdaRole*"
-      ]
-    },
-    {
-      "Sid": "IAMPolicyVersionPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "iam:ListPolicyVersions"
-      ],
-      "Resource": [
-        "arn:aws:iam::*:policy/*"
-      ]
-    },
-    {
-      "Sid": "FriggMessagingServices",
-      "Effect": "Allow",
-      "Action": [
-        "sqs:CreateQueue",
-        "sqs:DeleteQueue",
-        "sqs:GetQueueAttributes",
-        "sqs:SetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:TagQueue",
-        "sqs:UntagQueue"
-      ],
-      "Resource": [
-        "arn:aws:sqs:*:*:*frigg*",
-        "arn:aws:sqs:*:*:internal-error-queue-*"
-      ]
-    },
-    {
-      "Sid": "FriggSNSTopics",
-      "Effect": "Allow",
-      "Action": [
-        "sns:CreateTopic",
-        "sns:DeleteTopic",
-        "sns:GetTopicAttributes",
-        "sns:SetTopicAttributes",
-        "sns:Subscribe",
-        "sns:Unsubscribe",
-        "sns:ListSubscriptionsByTopic",
-        "sns:TagResource",
-        "sns:UntagResource"
-      ],
-      "Resource": [
-        "arn:aws:sns:*:*:*frigg*"
-      ]
-    },
-    {
-      "Sid": "FriggMonitoringAndLogs",
-      "Effect": "Allow",
-      "Action": [
-        "cloudwatch:PutMetricAlarm",
-        "cloudwatch:DeleteAlarms",
-        "cloudwatch:DescribeAlarms",
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:DeleteLogGroup",
-        "logs:DescribeLogGroups",
-        "logs:DescribeLogStreams",
-        "logs:FilterLogEvents",
-        "logs:PutLogEvents",
-        "logs:PutRetentionPolicy"
-      ],
-      "Resource": [
-        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
-        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*:*",
-        "arn:aws:cloudwatch:*:*:alarm:*frigg*"
-      ]
-    },
-    {
-      "Sid": "FriggAPIGateway",
-      "Effect": "Allow",
-      "Action": [
-        "apigateway:POST",
-        "apigateway:PUT",
-        "apigateway:DELETE",
-        "apigateway:GET",
-        "apigateway:PATCH"
-      ],
-      "Resource": [
-        "arn:aws:apigateway:*::/restapis",
-        "arn:aws:apigateway:*::/restapis/*",
-        "arn:aws:apigateway:*::/domainnames",
-        "arn:aws:apigateway:*::/domainnames/*"
-      ]
-    }
-  ]
-}

package/infrastructure/iam-policy-full.json

@@ -1,266 +0,0 @@
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "AWSDiscoveryPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "sts:GetCallerIdentity",
-        "ec2:DescribeVpcs",
-        "ec2:DescribeSubnets",
-        "ec2:DescribeSecurityGroups",
-        "ec2:DescribeRouteTables",
-        "kms:ListKeys",
-        "kms:DescribeKey"
-      ],
-      "Resource": "*"
-    },
-    {
-      "Sid": "CloudFormationFriggStacks",
-      "Effect": "Allow",
-      "Action": [
-        "cloudformation:CreateStack",
-        "cloudformation:UpdateStack",
-        "cloudformation:DeleteStack",
-        "cloudformation:DescribeStacks",
-        "cloudformation:DescribeStackEvents",
-        "cloudformation:DescribeStackResources",
-        "cloudformation:DescribeStackResource",
-        "cloudformation:ListStackResources",
-        "cloudformation:GetTemplate",
-        "cloudformation:ValidateTemplate",
-        "cloudformation:DescribeChangeSet",
-        "cloudformation:CreateChangeSet",
-        "cloudformation:DeleteChangeSet",
-        "cloudformation:ExecuteChangeSet"
-      ],
-      "Resource": [
-        "arn:aws:cloudformation:*:*:stack/*frigg*/*"
-      ]
-    },
-    {
-      "Sid": "S3DeploymentBucket",
-      "Effect": "Allow",
-      "Action": [
-        "s3:CreateBucket",
-        "s3:PutObject",
-        "s3:GetObject",
-        "s3:DeleteObject",
-        "s3:PutBucketPolicy",
-        "s3:PutBucketVersioning",
-        "s3:PutBucketPublicAccessBlock",
-        "s3:GetBucketLocation",
-        "s3:ListBucket"
-      ],
-      "Resource": [
-        "arn:aws:s3:::*serverless*",
-        "arn:aws:s3:::*serverless*/*"
-      ]
-    },
-    {
-      "Sid": "LambdaFriggFunctions",
-      "Effect": "Allow",
-      "Action": [
-        "lambda:CreateFunction",
-        "lambda:UpdateFunctionCode",
-        "lambda:UpdateFunctionConfiguration",
-        "lambda:DeleteFunction",
-        "lambda:GetFunction",
-        "lambda:ListFunctions",
-        "lambda:PublishVersion",
-        "lambda:CreateAlias",
-        "lambda:UpdateAlias",
-        "lambda:DeleteAlias",
-        "lambda:GetAlias",
-        "lambda:AddPermission",
-        "lambda:RemovePermission",
-        "lambda:GetPolicy",
-        "lambda:PutProvisionedConcurrencyConfig",
-        "lambda:DeleteProvisionedConcurrencyConfig",
-        "lambda:PutConcurrency",
-        "lambda:DeleteConcurrency",
-        "lambda:TagResource",
-        "lambda:UntagResource",
-        "lambda:ListVersionsByFunction"
-      ],
-      "Resource": [
-        "arn:aws:lambda:*:*:function:*frigg*"
-      ]
-    },
-    {
-      "Sid": "IAMRolesForFriggLambda",
-      "Effect": "Allow",
-      "Action": [
-        "iam:CreateRole",
-        "iam:DeleteRole",
-        "iam:GetRole",
-        "iam:PassRole",
-        "iam:PutRolePolicy",
-        "iam:DeleteRolePolicy",
-        "iam:GetRolePolicy",
-        "iam:AttachRolePolicy",
-        "iam:DetachRolePolicy",
-        "iam:TagRole",
-        "iam:UntagRole"
-      ],
-      "Resource": [
-        "arn:aws:iam::*:role/*frigg*",
-        "arn:aws:iam::*:role/*frigg*LambdaRole*"
-      ]
-    },
-    {
-      "Sid": "IAMPolicyVersionPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "iam:ListPolicyVersions"
-      ],
-      "Resource": [
-        "arn:aws:iam::*:policy/*"
-      ]
-    },
-    {
-      "Sid": "FriggMessagingServices",
-      "Effect": "Allow",
-      "Action": [
-        "sqs:CreateQueue",
-        "sqs:DeleteQueue",
-        "sqs:GetQueueAttributes",
-        "sqs:SetQueueAttributes",
-        "sqs:GetQueueUrl",
-        "sqs:TagQueue",
-        "sqs:UntagQueue"
-      ],
-      "Resource": [
-        "arn:aws:sqs:*:*:*frigg*",
-        "arn:aws:sqs:*:*:internal-error-queue-*"
-      ]
-    },
-    {
-      "Sid": "FriggSNSTopics",
-      "Effect": "Allow",
-      "Action": [
-        "sns:CreateTopic",
-        "sns:DeleteTopic",
-        "sns:GetTopicAttributes",
-        "sns:SetTopicAttributes",
-        "sns:Subscribe",
-        "sns:Unsubscribe",
-        "sns:ListSubscriptionsByTopic",
-        "sns:TagResource",
-        "sns:UntagResource"
-      ],
-      "Resource": [
-        "arn:aws:sns:*:*:*frigg*"
-      ]
-    },
-    {
-      "Sid": "FriggMonitoringAndLogs",
-      "Effect": "Allow",
-      "Action": [
-        "cloudwatch:PutMetricAlarm",
-        "cloudwatch:DeleteAlarms",
-        "cloudwatch:DescribeAlarms",
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:DeleteLogGroup",
-        "logs:DescribeLogGroups",
-        "logs:DescribeLogStreams",
-        "logs:FilterLogEvents",
-        "logs:PutLogEvents",
-        "logs:PutRetentionPolicy"
-      ],
-      "Resource": [
-        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
-        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*:*",
-        "arn:aws:cloudwatch:*:*:alarm:*frigg*"
-      ]
-    },
-    {
-      "Sid": "FriggAPIGateway",
-      "Effect": "Allow",
-      "Action": [
-        "apigateway:POST",
-        "apigateway:PUT",
-        "apigateway:DELETE",
-        "apigateway:GET",
-        "apigateway:PATCH"
-      ],
-      "Resource": [
-        "arn:aws:apigateway:*::/restapis",
-        "arn:aws:apigateway:*::/restapis/*",
-        "arn:aws:apigateway:*::/domainnames",
-        "arn:aws:apigateway:*::/domainnames/*"
-      ]
-    },
-    {
-      "Sid": "FriggVPCDeploymentPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "ec2:CreateVpcEndpoint",
-        "ec2:DeleteVpcEndpoint",
-        "ec2:DescribeVpcEndpoints",
-        "ec2:ModifyVpcEndpoint",
-        "ec2:CreateNatGateway",
-        "ec2:DeleteNatGateway",
-        "ec2:DescribeNatGateways",
-        "ec2:AllocateAddress",
-        "ec2:ReleaseAddress",
-        "ec2:DescribeAddresses",
-        "ec2:CreateRouteTable",
-        "ec2:DeleteRouteTable",
-        "ec2:DescribeRouteTables",
-        "ec2:CreateRoute",
-        "ec2:DeleteRoute",
-        "ec2:AssociateRouteTable",
-        "ec2:DisassociateRouteTable",
-        "ec2:CreateSecurityGroup",
-        "ec2:DeleteSecurityGroup",
-        "ec2:AuthorizeSecurityGroupEgress",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:RevokeSecurityGroupEgress",
-        "ec2:RevokeSecurityGroupIngress",
-        "ec2:CreateTags",
-        "ec2:DeleteTags",
-        "ec2:DescribeTags"
-      ],
-      "Resource": "*",
-      "Condition": {
-        "StringLike": {
-          "aws:RequestTag/Name": "*frigg*"
-        }
-      }
-    },
-    {
-      "Sid": "FriggKMSEncryptionPermissions",
-      "Effect": "Allow",
-      "Action": [
-        "kms:GenerateDataKey",
-        "kms:Decrypt"
-      ],
-      "Resource": [
-        "arn:aws:kms:*:*:key/*"
-      ],
-      "Condition": {
-        "StringEquals": {
-          "kms:ViaService": [
-            "lambda.*.amazonaws.com",
-            "s3.*.amazonaws.com"
-          ]
-        }
-      }
-    },
-    {
-      "Sid": "FriggSSMParameterAccess",
-      "Effect": "Allow",
-      "Action": [
-        "ssm:GetParameter",
-        "ssm:GetParameters",
-        "ssm:GetParametersByPath"
-      ],
-      "Resource": [
-        "arn:aws:ssm:*:*:parameter/*frigg*",
-        "arn:aws:ssm:*:*:parameter/*frigg*/*"
-      ]
-    }
-  ]
-}