npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.461.4116d1e.0 → 2.0.0--canary.461.77c8d12.0 - Mend

@friggframework/devtools 2.0.0--canary.461.4116d1e.0 → 2.0.0--canary.461.77c8d12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/infrastructure/domains/networking/vpc-builder.js CHANGED Viewed

@@ -989,7 +989,7 @@ class VpcBuilder extends InfrastructureBuilder {
         }
         // VPC Endpoint Security Group (only if KMS, Secrets Manager, or SQS are not stack-managed and missing)
-        const needsSecurityGroup =
+        const needsSecurityGroup =
             (!stackManagedEndpoints.kms && !existingEndpoints.kms && appDefinition.encryption?.fieldLevelEncryptionMethod === 'kms') ||
             (!stackManagedEndpoints.secretsManager && !existingEndpoints.secretsManager) ||
             (!stackManagedEndpoints.sqs && !existingEndpoints.sqs);

package/infrastructure/domains/shared/cloudformation-discovery.js CHANGED Viewed

@@ -14,8 +14,10 @@
  */
 class CloudFormationDiscovery {
-    constructor(provider) {
+    constructor(provider, config = {}) {
         this.provider = provider;
+        this.serviceName = config.serviceName;
+        this.stage = config.stage;
     }
     /**
@@ -41,9 +43,8 @@ class CloudFormationDiscovery {
             }
             // Extract from resources (now async to query AWS for details)
-            if (resources && resources.length > 0) {
-                await this._extractFromResources(resources, discovered);
-            }
+            // Always call this even if resources is empty, as it may query AWS for resources
+            await this._extractFromResources(resources || [], discovered);
             return discovered;
         } catch (error) {
@@ -200,6 +201,30 @@ class CloudFormationDiscovery {
                 }
             }
+            // KMS Key Alias - query to get the actual key ARN
+            if (LogicalResourceId === 'FriggKMSKeyAlias' && ResourceType === 'AWS::KMS::Alias') {
+                discovered.kmsKeyAlias = PhysicalResourceId;
+                console.log(`  ✓ Found KMS key alias in stack: ${PhysicalResourceId}`);
+                // Query KMS to get the key ARN that this alias points to
+                // Always query even if key is already set, to ensure consistency
+                if (this.provider && this.provider.describeKmsKey) {
+                    try {
+                        console.log(`  Querying KMS to get key ARN from alias...`);
+                        const keyMetadata = await this.provider.describeKmsKey(PhysicalResourceId);
+                        if (keyMetadata) {
+                            discovered.defaultKmsKeyId = keyMetadata.Arn;
+                            console.log(`  ✓ Extracted KMS key ARN from alias: ${discovered.defaultKmsKeyId}`);
+                        } else {
+                            console.warn(`  ⚠️  KMS key query returned no metadata`);
+                        }
+                    } catch (error) {
+                        console.warn(`  ⚠️  Could not get key ARN from alias: ${error.message}`);
+                    }
+                }
+            }
             // Subnets
             if (LogicalResourceId === 'FriggPrivateSubnet1' && ResourceType === 'AWS::EC2::Subnet') {
                 discovered.privateSubnetId1 = PhysicalResourceId;
@@ -243,7 +268,7 @@ class CloudFormationDiscovery {
         }
         // If we have a VPC ID but no subnet IDs, query EC2 for Frigg-managed subnets
-        if (discovered.defaultVpcId && this.provider &&
+        if (discovered.defaultVpcId && this.provider &&
             !discovered.privateSubnetId1 && !discovered.publicSubnetId1) {
             try {
                 console.log('  Querying EC2 for Frigg-managed subnets...');
@@ -266,7 +291,7 @@ class CloudFormationDiscovery {
                     }));
                     // Find private subnets
-                    const privateSubnets = subnets.filter(s => !s.isPublic).sort((a, b) =>
+                    const privateSubnets = subnets.filter(s => !s.isPublic).sort((a, b) =>
                         a.logicalId?.localeCompare(b.logicalId) || 0
                     );
                     if (privateSubnets.length >= 1) {
@@ -277,7 +302,7 @@ class CloudFormationDiscovery {
                     }
                     // Find public subnets
-                    const publicSubnets = subnets.filter(s => s.isPublic).sort((a, b) =>
+                    const publicSubnets = subnets.filter(s => s.isPublic).sort((a, b) =>
                         a.logicalId?.localeCompare(b.logicalId) || 0
                     );
                     if (publicSubnets.length >= 1) {
@@ -293,6 +318,27 @@ class CloudFormationDiscovery {
                 console.warn(`  ⚠️  Could not query EC2 for subnets: ${error.message}`);
             }
         }
+        // Check for KMS key alias via AWS API if not found in stack resources
+        // This handles cases where the alias was created outside CloudFormation
+        if (!discovered.defaultKmsKeyId && !discovered.kmsKeyAlias &&
+            this.provider && this.provider.describeKmsKey && this.serviceName && this.stage) {
+            try {
+                const aliasName = `alias/${this.serviceName}-${this.stage}-frigg-kms`;
+                console.log(`  Querying KMS for alias: ${aliasName}...`);
+                const keyMetadata = await this.provider.describeKmsKey(aliasName);
+                if (keyMetadata) {
+                    discovered.defaultKmsKeyId = keyMetadata.Arn;
+                    discovered.kmsKeyAlias = aliasName;
+                    console.log(`  ✓ Found KMS key via alias query: ${discovered.defaultKmsKeyId}`);
+                }
+            } catch (error) {
+                // Alias not found - this is expected if no KMS key exists yet
+                console.log(`  ℹ No KMS key alias found via AWS API`);
+            }
+        }
     }
 }

package/infrastructure/domains/shared/cloudformation-discovery.test.js CHANGED Viewed

@@ -399,6 +399,143 @@ describe('CloudFormationDiscovery', () => {
             expect(result.defaultVpcId).toBe('vpc-123');
             expect(result.privateSubnetId1).toBeUndefined();
         });
+        it('should extract KMS key alias from stack resources and query for key ARN', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggKMSKeyAlias',
+                    PhysicalResourceId: 'alias/test-service-dev-frigg-kms',
+                    ResourceType: 'AWS::KMS::Alias',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            mockProvider.describeKmsKey = jest.fn().mockResolvedValue({
+                KeyId: 'abc-123',
+                Arn: 'arn:aws:kms:us-east-1:123456789:key/abc-123',
+            });
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            expect(result.defaultKmsKeyId).toBe('arn:aws:kms:us-east-1:123456789:key/abc-123');
+            expect(result.kmsKeyAlias).toBe('alias/test-service-dev-frigg-kms');
+            expect(mockProvider.describeKmsKey).toHaveBeenCalledWith('alias/test-service-dev-frigg-kms');
+        });
+        it('should query AWS API for KMS alias when serviceName and stage are provided', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            mockProvider.region = 'us-east-1';
+            mockProvider.describeKmsKey = jest.fn().mockResolvedValue({
+                KeyId: 'abc-123',
+                Arn: 'arn:aws:kms:us-east-1:123456789:key/abc-123',
+            });
+            // Pass serviceName and stage to discover alias
+            cfDiscovery.serviceName = 'test-service';
+            cfDiscovery.stage = 'dev';
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            expect(result.defaultKmsKeyId).toBe('arn:aws:kms:us-east-1:123456789:key/abc-123');
+            expect(result.kmsKeyAlias).toBe('alias/test-service-dev-frigg-kms');
+            expect(mockProvider.describeKmsKey).toHaveBeenCalledWith('alias/test-service-dev-frigg-kms');
+        });
+        it('should handle KMS alias not found gracefully', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            mockProvider.region = 'us-east-1';
+            mockProvider.describeKmsKey = jest.fn().mockRejectedValue(
+                new Error('Alias/test-service-dev-frigg-kms is not found')
+            );
+            cfDiscovery.serviceName = 'test-service';
+            cfDiscovery.stage = 'dev';
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            expect(result.defaultKmsKeyId).toBeUndefined();
+            expect(result.kmsKeyAlias).toBeUndefined();
+        });
+        it('should prefer KMS key from stack resources over alias query', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggKMSKey',
+                    PhysicalResourceId: 'arn:aws:kms:us-east-1:123456789:key/xyz-789',
+                    ResourceType: 'AWS::KMS::Key',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            mockProvider.describeKmsKey = jest.fn();
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            // Should use the key from stack resources, not query for alias
+            expect(result.defaultKmsKeyId).toBe('arn:aws:kms:us-east-1:123456789:key/xyz-789');
+            expect(mockProvider.describeKmsKey).not.toHaveBeenCalled();
+        });
+        it('should use KMS alias from stack resources even if key is also present', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggKMSKey',
+                    PhysicalResourceId: 'arn:aws:kms:us-east-1:123456789:key/xyz-789',
+                    ResourceType: 'AWS::KMS::Key',
+                },
+                {
+                    LogicalResourceId: 'FriggKMSKeyAlias',
+                    PhysicalResourceId: 'alias/test-service-dev-frigg-kms',
+                    ResourceType: 'AWS::KMS::Alias',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            mockProvider.describeKmsKey = jest.fn().mockResolvedValue({
+                KeyId: 'xyz-789',
+                Arn: 'arn:aws:kms:us-east-1:123456789:key/xyz-789',
+            });
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            expect(result.defaultKmsKeyId).toBe('arn:aws:kms:us-east-1:123456789:key/xyz-789');
+            expect(result.kmsKeyAlias).toBe('alias/test-service-dev-frigg-kms');
+            expect(mockProvider.describeKmsKey).toHaveBeenCalledWith('alias/test-service-dev-frigg-kms');
+        });
     });
 });

package/infrastructure/domains/shared/providers/aws-provider-adapter.js CHANGED Viewed

@@ -469,9 +469,29 @@ class AWSProviderAdapter extends CloudProviderAdapter {
         return result;
     }
+    /**
+     * Describe KMS key by key ID or alias
+     *
+     * @param {string} keyIdOrAlias - Key ID or alias name
+     * @returns {Promise<Object>} Key metadata
+     */
+    async describeKmsKey(keyIdOrAlias) {
+        const kms = this.getKMSClient();
+        try {
+            const response = await kms.send(new DescribeKeyCommand({
+                KeyId: keyIdOrAlias,
+            }));
+            return response.KeyMetadata;
+        } catch (error) {
+            throw new Error(`Failed to describe KMS key ${keyIdOrAlias}: ${error.message}`);
+        }
+    }
     /**
      * Describe CloudFormation stack
-     *
+     *
      * @param {string} stackName - Name of the CloudFormation stack
      * @returns {Promise<Object>} Stack details including outputs
      */

package/infrastructure/domains/shared/resource-discovery.js CHANGED Viewed

@@ -73,9 +73,10 @@ async function gatherDiscoveredResources(appDefinition) {
         // Build discovery configuration
         const stage = process.env.SLS_STAGE || 'dev';
         const stackName = `${appDefinition.name || 'create-frigg-app'}-${stage}`;
+        const serviceName = appDefinition.name || 'create-frigg-app';
         // Try CloudFormation-first discovery
-        const cfDiscovery = new CloudFormationDiscovery(provider);
+        const cfDiscovery = new CloudFormationDiscovery(provider, { serviceName, stage });
         const stackResources = await cfDiscovery.discoverFromStack(stackName);
         // Validate CF discovery results - only use if contains useful data

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.461.4116d1e.0",
+  "version": "2.0.0--canary.461.77c8d12.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.461.4116d1e.0",
-    "@friggframework/test": "2.0.0--canary.461.4116d1e.0",
+    "@friggframework/schemas": "2.0.0--canary.461.77c8d12.0",
+    "@friggframework/test": "2.0.0--canary.461.77c8d12.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -34,8 +34,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.461.4116d1e.0",
-    "@friggframework/prettier-config": "2.0.0--canary.461.4116d1e.0",
+    "@friggframework/eslint-config": "2.0.0--canary.461.77c8d12.0",
+    "@friggframework/prettier-config": "2.0.0--canary.461.77c8d12.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -70,5 +70,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "4116d1e999b2ef801f8433755d107b34a12ad817"
+  "gitHead": "77c8d12f6a33bb2d66e19b43b6d96ee27d6f5e06"
 }