npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.428.5c4220d.0 → 2.0.0--canary.428.1c210bc.0 - Mend

@friggframework/devtools 2.0.0--canary.428.5c4220d.0 → 2.0.0--canary.428.1c210bc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/infrastructure/serverless-template.js +27 -0
package/infrastructure/serverless-template.test.js +25 -1
package/package.json +6 -6

package/infrastructure/serverless-template.js CHANGED Viewed

@@ -1050,6 +1050,17 @@ const composeServerlessDefinition = async (AppDefinition) => {
                 `Using existing KMS key: ${discoveredResources.defaultKmsKeyId}`
             );
+            // Create a CloudFormation-managed alias to track the discovered key
+            // This ensures CloudFormation always has a resource to manage, preventing deletion
+            definition.resources.Resources.FriggKMSKeyAlias = {
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: discoveredResources.defaultKmsKeyId
+                }
+            };
             definition.provider.iamRoleStatements.push({
                 Effect: 'Allow',
                 Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
@@ -1065,6 +1076,8 @@ const composeServerlessDefinition = async (AppDefinition) => {
                 definition.resources.Resources.FriggKMSKey = {
                     Type: 'AWS::KMS::Key',
+                    DeletionPolicy: 'Retain',
+                    UpdateReplacePolicy: 'Retain',
                     Properties: {
                         EnableKeyRotation: true,
                         Description: 'Frigg KMS key for field-level encryption',
@@ -1110,6 +1123,10 @@ const composeServerlessDefinition = async (AppDefinition) => {
                                 Key: 'Name',
                                 Value: '${self:service}-${self:provider.stage}-frigg-kms-key',
                             },
+                            {
+                                Key: 'ManagedBy',
+                                Value: 'Frigg',
+                            },
                             {
                                 Key: 'Purpose',
                                 Value: 'Field-level encryption for Frigg application',
@@ -1118,6 +1135,16 @@ const composeServerlessDefinition = async (AppDefinition) => {
                     },
                 };
+                // Create an alias for the new KMS key for consistent discovery
+                definition.resources.Resources.FriggKMSKeyAlias = {
+                    Type: 'AWS::KMS::Alias',
+                    DeletionPolicy: 'Retain',
+                    Properties: {
+                        AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                        TargetKeyId: { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }
+                    }
+                };
                 definition.provider.iamRoleStatements.push({
                     Effect: 'Allow',
                     Action: ['kms:GenerateDataKey', 'kms:Decrypt'],

package/infrastructure/serverless-template.test.js CHANGED Viewed

@@ -398,6 +398,17 @@ describe('composeServerlessDefinition', () => {
             expect(result.custom.kmsGrants).toEqual({
                 kmsKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012'
             });
+            // Check KMS Alias resource is created for discovered key
+            expect(result.resources.Resources.FriggKMSKeyAlias).toBeDefined();
+            expect(result.resources.Resources.FriggKMSKeyAlias).toEqual({
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012'
+                }
+            });
         });
         it('should create new KMS key when encryption is enabled, no key found, and createResourceIfNoneFound is true', async () => {
@@ -426,9 +437,11 @@ describe('composeServerlessDefinition', () => {
             const result = await composeServerlessDefinition(appDefinition);
-            // Check that KMS key resource was created
+            // Check that KMS key resource was created with DeletionPolicy
             expect(result.resources.Resources.FriggKMSKey).toEqual({
                 Type: 'AWS::KMS::Key',
+                DeletionPolicy: 'Retain',
+                UpdateReplacePolicy: 'Retain',
                 Properties: {
                     EnableKeyRotation: true,
                     Description: 'Frigg KMS key for field-level encryption',
@@ -479,6 +492,17 @@ describe('composeServerlessDefinition', () => {
                 }
             });
+            // Check KMS Alias resource is created for the new key
+            expect(result.resources.Resources.FriggKMSKeyAlias).toBeDefined();
+            expect(result.resources.Resources.FriggKMSKeyAlias).toEqual({
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }
+                }
+            });
             // Check IAM permissions for the new key
             const kmsPermission = result.provider.iamRoleStatements.find(
                 statement => statement.Action.includes('kms:GenerateDataKey')

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.428.5c4220d.0",
+  "version": "2.0.0--canary.428.1c210bc.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -9,8 +9,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.428.5c4220d.0",
-    "@friggframework/test": "2.0.0--canary.428.5c4220d.0",
+    "@friggframework/schemas": "2.0.0--canary.428.1c210bc.0",
+    "@friggframework/test": "2.0.0--canary.428.1c210bc.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -32,8 +32,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.428.5c4220d.0",
-    "@friggframework/prettier-config": "2.0.0--canary.428.5c4220d.0",
+    "@friggframework/eslint-config": "2.0.0--canary.428.1c210bc.0",
+    "@friggframework/prettier-config": "2.0.0--canary.428.1c210bc.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -68,5 +68,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "5c4220d4f787825af8c020f319236956d8ee3b65"
+  "gitHead": "1c210bc49b0013c033077c703eaa7e388927d4bf"
 }